This chapter provides a detailed explanation of the Switching commands. It includes the following configuration types:
System Information and Statistics Commands
This section provides a detailed explanation of the FASTPATH software platform commands. The commands are divided into four functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
- Copy commands transfer or save configuration and informational files to and from the switch.
- Clear commands clear some or all of the settings to factory defaults.
show arp switch
This command displays connectivity between the switch and other devices. The Address Resolution Protocol (ARP) cache identifies the MAC addresses of the IP stations communicating with the switch.
- Format - show arp switch
- Mode - Privileged EXEC
TABLE 5-1 Entry Definitions for show arp switch
Entry
|
Definition
|
MAC Address
|
A unicast MAC address for which the switch has forwarding and/or filtering information. The format is six two-digit hexadecimal numbers that are separated by colons--for example, 01:23:45:67:89:AB
|
IP Address
|
The IP address assigned to each interface.
|
slot/port
|
Valid slot and port number separated by forward slashes.
|
show eventlog
This command displays the event log, which contains error messages from the system. The event log is not cleared on a system reset.
- Format - show eventlog
- Mode - Privileged EXEC
TABLE 5-2 Entry Definitions for show eventlog
Entry
|
Definition
|
File
|
The file in which the event originated.
|
Line
|
The line number of the event
|
Task Id
|
The task ID of the event
|
Code
|
The event code
|
Time
|
The time this event occurred
|
Note - Event log information is retained across a switch reset.
|
show hardware
This command displays inventory information for the switch.
- Format - show hardware
- Mode - Privileged EXEC
TABLE 5-3 Entry Definitions for show hardware
Entry
|
Definition
|
Switch Description
|
Text used to identify the product name of this switch
|
Machine Type
|
The machine model as defined by the Vital Product Data
|
Machine Model
|
The machine model as defined by the Vital Product Data
|
Serial Number
|
The unique box serial number for this switch
|
FRU Number
|
The field-replaceable unit number
|
Part Number
|
Manufacturing part number
|
Maintenance Level
|
Indicates hardware changes that are significant to software
|
Manufacturer
|
Manufacturer descriptor field
|
Burned in MAC Address
|
Universally assigned network address
|
Software Version
|
The release.version.revision number of the code currently running on the switch
|
Operating System
|
The operating system currently running on the switch
|
Network Processing Element
|
The type of the processor microcode
|
Additional Packages
|
This displays the additional packages that are incorporated into this system, such as FASTPATH BGP-4, or FASTPATH Multicast
|
show interface
This command displays a summary of statistics for a specific port or a count of all CPU traffic based upon the argument.
- Format - show interface {<slot/port> | switchport}
- Mode - Privileged EXEC
The display parameters, when the argument is <slot/port>, are as follows.
TABLE 5-4 Entry Definitions for show interface for slot/port Argument
Entry
|
Definition
|
Packets Received Without Error
|
The total number of packets (including broadcast packets and multicast packets) received by the processor.
|
Packets Received With Error
|
The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
|
Broadcast Packets Received
|
The total number of packets received that were directed to the broadcast address. This does not include multicast packets.
|
Packets Transmitted Without Error
|
The total number of packets transmitted out of the interface.
|
Transmit Packets Errors
|
The number of outbound packets that could not be transmitted because of errors.
|
Collisions Frames
|
The best estimate of the total number of collisions on this Ethernet segment.
|
Time Since Counters Last Cleared
|
The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were last cleared.
|
The display parameters, when the argument is switchport, are as follows.
TABLE 5-5 Entry Definitions for show interface for switchport Argument
Entry
|
Definition
|
Packets Received Without Error
|
The total number of packets (including broadcast packets and multicast packets) received by the processor.
|
Broadcast Packets Received
|
The total number of packets received that were directed to the broadcast address. This does not include multicast packets.
|
Packets Received With Error
|
The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
|
Packets Transmitted Without Error
|
The total number of packets transmitted out of the interface.
|
Broadcast Packets Transmitted
|
The total number of packets that higher-level protocols requested to be transmitted to the broadcast address, including those that were discarded or not sent.
|
Transmit Packet Errors
|
The number of outbound packets that could not be transmitted because of errors.
|
Address Entries Currently In Use
|
The total number of Forwarding Database Address Table entries now active on the switch, including learned and static entries.
|
VLAN Entries Currently In Use
|
The number of VLAN entries presently occupying the VLAN table.
|
Time Since Counters Last Cleared
|
The elapsed time, in days, hours, minutes, and seconds, since the statistics for this switch were last cleared.
|
show interface ethernet
This command displays detailed statistics for a specific port or for all CPU traffic based upon the argument.
- Format - show interface ethernet {<slot/port> | switchport}
- Mode - Privileged EXEC
The display parameters, when the argument is '<slot/port>', are as follows.
TABLE 5-6 Entry Definitions for show interface ethernet for slot/port Argument
First-Level Entry
|
Second-Level Entry
|
Definition
|
Packets Received
|
Octets Received
|
The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including Frame Check Sequence (FCS) octets). This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval. The result of this equation is the value Utilization which is the percent utilization of the Ethernet segment on a scale of 0 to 100 percent.
|
|
Packets Received < 64 Octets
|
The total number of packets (including bad packets) received that were < 64 octets in length (excluding framing bits but including FCS octets).
|
|
Packets Received 64 Octets
|
The total number of packets (including bad packets) received that were 64 octets in length (excluding framing bits but including FCS octets).
|
|
Packets Received 65-127 Octets
|
The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Received 128-255 Octets
|
The total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Received 256-511 Octets
|
The total number of packets (including bad packets) received that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Received 512-1023 Octets
|
The total number of packets (including bad packets) received that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Received 1024-1518 Octets
|
The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Received 1519-1522 Octets
|
The total number of packets (including bad packets) received that were between 1519 and 1522 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Received > 1522 Octets
|
The total number of packets received that were longer than 1522 octets (excluding framing bits, but including FCS octets) and were otherwise well formed.
|
Packets Received Successfully
|
Total
|
The total number of packets received that were without errors.
|
|
Unicast Packets Received
|
The number of subnetwork-unicast packets delivered to a higher-layer protocol.
|
|
Multicast Packets Received
|
The total number of good packets received that were directed to a multicast address. This number does not include packets directed to the broadcast address.
|
|
Broadcast Packets Received
|
The total number of good packets received that were directed to the broadcast address. This does not include multicast packets.
|
Packets Received with MAC Errors
|
Total
|
The total number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
|
|
Jabbers Received
|
The total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). This definition of jabber is different than the definition in IEEE-802.3 section 8.2.1.5 (10BASE5) and section 10.3.1.4 (10BASE2). These documents define jabber as the condition where any packet exceeds 20 ms. The allowed range to detect jabber is between 20 ms and 150 ms.
|
|
Fragments/Undersize Received
|
The total number of packets received that were less than 64 octets in length (excluding framing bits but including FCS octets).
|
|
Alignment Errors
|
The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with a non-integral number of octets.
|
|
Rx FCS Errors
|
The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with an integral number of octets.
|
|
Overruns
|
The total number of frames discarded as this port was overloaded with incoming packets, and could not keep up with the inflow.
|
Received Packets not forwarded
|
Total
|
A count of valid frames received which were discarded (that is, filtered) by the forwarding process.
|
|
Local Traffic Frames
|
The total number of frames dropped in the forwarding process because the destination address was located off of this port.
|
|
802.3x Pause Frames Received
|
A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation. This counter does not increment when the interface is operating in half-duplex mode.
|
|
Unacceptable Frame Type
|
The number of frames discarded from this port due to being an unacceptable frame type.
|
|
VLAN Membership Mismatch
|
The number of frames discarded on this port due to ingress filtering.
|
|
VLAN Viable Discards
|
The number of frames discarded on this port when a lookup on a particular VLAN occurs while that entry in the VLAN table is being modified, or if the VLAN has not been configured.
|
|
Multicast Tree Viable Discards
|
The number of frames discarded when a lookup in the multicast tree for a VLAN occurs while that tree is being modified.
|
|
Reserved Address Discards
|
The number of frames discarded that are destined to an IEEE 802.1 reserved address and are not supported by the system.
|
|
Broadcast Storm Recovery
|
The number of frames discarded that are destined for FF:FF:FF:FF:FF:FF when Broadcast Storm Recovery is enabled.
|
|
CFI Discards
|
The number of frames discarded that have CFI bit set and the addresses in RIF are in non-canonical format.
|
|
Upstream Threshold
|
The number of frames discarded due to lack of cell descriptors available for that packet’s priority level.
|
Packets Transmitted Octets
|
Total Bytes
|
The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
|
|
Packets Transmitted 64 Octets
|
The total number of packets (including bad packets) received that were 64 octets in length (excluding framing bits but including FCS octets).
|
|
Packets Transmitted 65-127 Octets
|
The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Transmitted 128-255 Octets
|
The total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Transmitted 256-511 Octets
|
The total number of packets (including bad packets) received that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Transmitted 512-1023 Octets
|
The total number of packets (including bad packets) received that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Transmitted 1024-1518 Octets
|
The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Packets Transmitted 1519-1522 Octets
|
The total number of packets (including bad packets) received that were between 1519 and 1522 octets in length inclusive (excluding framing bits but including FCS octets).
|
|
Max Info
|
The maximum size of the Info (non-MAC) field that this port will receive or transmit.
|
Packets Transmitted Successfully
|
Total
|
The number of frames that have been transmitted by this port to its segment.
|
|
Unicast Packets Transmitted
|
The total number of packets that higher-level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent.
|
|
Multicast Packets Transmitted
|
The total number of packets that higher-level protocols requested be transmitted to a Multicast address, including those that were discarded or not sent.
|
|
Broadcast Packets Transmitted
|
The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent.
|
Transmit Errors
|
Total Errors
|
The sum of Single, Multiple, and Excessive Collisions.
|
|
Tx FCS Errors
|
The total number of packets transmitted that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with an integral number of octets
|
|
Oversized
|
The total number of frames that exceeded the max permitted frame size. This counter has a max increment rate of 815 counts per sec. at 10 Mbit/sec.
|
|
Underrun Errors
|
The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission.
|
Transmit Discards
|
Total Discards
|
The sum of single-collision frames discarded, multiple-collision frames discarded, and excessive frames discarded.
|
|
Single Collision Frames
|
A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
|
|
Multiple Collision Frames
|
A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision.
|
|
Excessive Collisions
|
A count of frames for which transmission on a particular interface fails due to excessive collisions.
|
|
Port Membership
|
The number of frames discarded on egress for this port due to egress filtering being enabled.
|
|
VLAN Viable Discards
|
The number of frames discarded on this port when a lookup on a particular VLAN occurs while that entry in the VLAN table is being modified, or if the VLAN has not been configured.
|
Protocol Statistics
|
BPDU’s received
|
The count of BPDU's (Bridge Protocol Data Units) received in the spanning tree layer.
|
|
BPDU's Transmitted
|
The count of BPDU's (Bridge Protocol Data Units) transmitted from the spanning tree layer.
|
|
802.3x Pause Frames Received
|
A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation. This counter does not increment when the interface is operating in half-duplex mode.
|
|
GVRP PDU's Received
|
The count of GVRP PDU's received in the GARP layer.
|
|
GVRP PDU's Transmitted
|
The count of GVRP PDU's transmitted from the GARP layer.
|
|
GVRP Failed Registrations
|
The number of times attempted GVRP registrations could not be completed.
|
|
GMRP PDU's received
|
The count of GMRP PDU's received in the GARP layer.
|
|
GMRP PDU's Transmitted
|
The count of GMRP PDU's transmitted from the GARP layer.
|
|
GMRP Failed Registrations
|
The number of times attempted GMRP registrations could not be completed.
|
|
STP BPDUs Transmitted
|
Spanning Tree Protocol Bridge Protocol Data Units sent
|
|
STP BPDUs Received
|
Spanning Tree Protocol Bridge Protocol Data Units received
|
|
RST BPDUs Transmitted
|
Rapid Spanning Tree Protocol (RSTP) Bridge Protocol Data Units sent
|
|
RSTP BPDUs Received
|
Rapid Spanning Tree Protocol Bridge Protocol Data Units received
|
|
MSTP BPDUs Transmitted
|
Multiple Spanning Tree Protocol (MSTP) Bridge Protocol Data Units sent
|
|
MSTP BPDUs Received
|
Multiple Spanning Tree Protocol Bridge Protocol Data Units received
|
Dot1x Statistics
|
EAPOL Frames Received
|
The number of valid EAPOL frames of any type that have been received by this authenticator.
|
|
EAPOL Frames Transmitted
|
The number of EAPOL frames of any type that have been transmitted by this authenticator.
|
Time Since Counters Last Cleared
|
|
The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were last cleared.
|
The display parameters, when the argument is ‘switchport’, are as follows.
TABLE 5-7 Entry Definitions for show interface ethernet for switchport Argument
Entry
|
Definition
|
Octets Received
|
The total number of octets of data received by the processor (excluding framing bits but including FCS octets).
|
Total Packets Received Without Error
|
The total number of packets (including broadcast packets and multicast packets) received by the processor.
|
Unicast Packets Received
|
The number of subnetwork-unicast packets delivered to a higher-layer protocol.
|
Multicast Packets Received
|
The total number of packets received that were directed to a multicast address. This number does not include packets directed to the broadcast address.
|
Broadcast Packets Received
|
The total number of packets received that were directed to the broadcast address. This does not include multicast packets.
|
Receive Packets Discarded
|
The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. A possible reason for discarding a packet could be to free up buffer space.
|
Octets Transmitted
|
The total number of octets transmitted out of the interface, including framing characters.
|
Packets Transmitted without Errors
|
The total number of packets transmitted out of the interface.
|
Unicast Packets Transmitted
|
The total number of packets that higher-level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent.
|
Multicast Packets Transmitted
|
The total number of packets that higher-level protocols requested be transmitted to a Multicast address, including those that were discarded or not sent.
|
Broadcast Packets Transmitted
|
The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent.
|
Transmit Packets Discarded
|
The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. A possible reason for discarding a packet could be to free up buffer space.
|
Most Address Entries Ever Used
|
The highest number of Forwarding Database Address Table entries that have been learned by this switch since the most recent reboot.
|
Address Entries in Use
|
The number of Learned and static entries in the Forwarding Database Address Table for this switch.
|
Maximum VLAN Entries
|
The maximum number of Virtual LANs (VLANs) allowed on this switch.
|
Most VLAN Entries Ever Used
|
The largest number of VLANs that have been active on this switch since the last reboot.
|
Static VLAN Entries
|
The number of presently active VLAN entries on this switch that have been created statically.
|
Dynamic VLAN Entries
|
The number of presently active VLAN entries on this switch that have been created by GVRP registration.
|
VLAN Deletes
|
The number of VLANs on this switch that have been created and then deleted since the last reboot.
|
Time Since Counters Last Cleared
|
The elapsed time, in days, hours, minutes, and seconds, since the statistics for this switch were last cleared.
|
show logging
This command displays the trap log maintained by the switch. The trap log contains a maximum of 256 entries that wrap.
- Format - show logging
- Mode - Privileged EXEC
TABLE 5-8 Entry Definitions for show logging
Entry
|
Definition
|
Number of Traps since last reset
|
The number of traps that have occurred since the last reset of this device.
|
Number of Traps since log last displayed
|
The number of traps that have occurred since the traps were last displayed. Getting the traps by any method (terminal interface display, Web display, upload file from switch etc.) will result in this counter being cleared to 0.
|
Log
|
The sequence number of this trap.
|
System Up Time
|
The relative time since the last reboot of the switch at which this trap occurred.
|
Trap
|
The relevant information of this trap.
|
Note - Trap log information is not retained across a switch reset.
|
show mac-addr-table
This command displays the forwarding database entries. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the optional all parameter. Alternatively, the administrator can enter a MAC Address to display the table entry for the requested MAC address and all entries following the requested MAC address.
- Format - show mac-addr-table [<macaddr> | all]
- Mode - Privileged EXEC
TABLE 5-9 Entry Definitions for show mac-addr-table
Entry
|
Definition
|
Mac Address
|
A unicast MAC address for which the switch has forwarding and or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes.
|
Slot/Port
|
The port which this address was learned.
|
if Index
|
This object indicates the ifIndex of the interface table entry associated with this port.
|
Status
|
The status of this entry. The meanings of the values are:
- Static - The value of the corresponding instance was added by the system or a user when a static MAC filter was defined. It cannot be relearned.
- Learned - The value of the corresponding instance was learned by observing the source MAC addresses of incoming traffic, and is currently in use.
- Management - The value of the corresponding instance (system MAC address) is also the value of an existing instance of dot1dStaticAddress. It is identified with interface 0/1 and is currently used when enabling VLANs for routing.
- Self - The value of the corresponding instance is the address of one of the switch’s physical interfaces (the system’s own MAC address).
- GMRP Learned - The value of the corresponding was learned via GMRP and applies to Multicast.
- Other - The value of the corresponding instance does not fall into one of the other categories.
|
show msglog
This command displays the message log maintained by the switch. The message log contains system trace information.
The trap log contains a maximum of 256 entries that wrap.
- Format - show msglog
- Mode - Privileged EXEC
TABLE 5-10 Entry Definitions for show msglog
Entry
|
Definition
|
Message
|
The message that has been logged.
|
Note - Message log information is not retained across a switch reset.
|
show running-config
This command is used to display the current setting of different protocol packages supported on the switch. This command displays only those parameters with values of that from default value. The output is displayed in the script format, which can be used to configure another switch with same configuration.
- Format - show running-config
- Mode - Privileged EXEC
show sysinfo
This command displays switch information.
- Format - show sysinfo
- Mode - Privileged EXEC
TABLE 5-11 Entry Definitions for show sysinfo
Entry
|
Definition
|
Switch Description
|
Text used to identify this switch.
|
System Name
|
Name used to identify the switch.
|
System Location
|
Text used to identify the location of the switch. May be up to 31 alphanumeric characters. The factory default is blank.
|
System Contact
|
Text used to identify a contact person for this switch. May be up to 31 alphanumeric characters. The factory default is blank.
|
System ObjectID
|
The base object ID for the switch’s enterprise MIB.
|
System Up Time
|
The time in days, hours, and minutes since the last switch reboot.
|
MIBs Supported
|
A list of MIBs supported by this agent.
|
snmp-server
This command sets the name and the physical location of the switch, and the organization responsible for the network.The range for name, location and contact is from 1 to 31 alphanumeric characters.
- Default - none
- Format - snmp-server {sysname <name> | location <loc> | contact <con>}
- Mode - Global Config
System Management Commands
These commands manage the switch and show current management settings. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
bridge aging-time
This command configures the forwarding database address aging timeout in seconds. In an IVL system, the [fdbid | all] parameter is required.
- Default - 300
- Format - bridge aging-time <10-1,000,000> [fdbid | all]
- Mode - Global Config
TABLE 5-12 Entry Definitions for bridge aging-time
Entry
|
Definition
|
Seconds
|
The <seconds> parameter must be within the range of 10 to 1,000,000 seconds.
|
Forwarding Database ID
|
Fdbid (Forwarding database ID) indicates which forwarding database's aging timeout is being configured. The All option is used to configure all forwarding database's agetime.
|
no bridge aging-time
This command sets the forwarding database address aging timeout to 300 seconds. In an IVL system, the [fdbid | all] parameter is required.
- Format - no bridge aging-time [fdbid | all]
- Mode - Global Config
TABLE 5-13 Entry Definitions for no bridge aging-time
Entry
|
Definition
|
Forwarding Database ID
|
Fdbid (Forwarding database ID) indicates which forwarding database's aging timeout is being configured. All is used to configure all forwarding database's agetime.
|
mtu
This command sets the maximum transmission unit (MTU) size (in bytes) for physical and port-channel (LAG) interfaces. For the standard implementation, the range of <mtusize> is a valid integer between 1522-9216.
- Default - 1522
- Format - mtu <1522-9216>
- Mode - Interface Config
no mtu
This command sets the default maximum transmission unit (MTU) size (in bytes) for the interface.
- Format - no mtu
- Mode - Interface Config
network javamode
This command specifies whether or not the switch should allow access to the Java applet in the header frame of the Web interface. When access is enabled, the Java applet can be viewed from the Web interface. When access is disabled, the user cannot view the Java applet.
- Default - enabled
- Format - network javamode
- Mode - Privileged EXEC
no network javamode
This command disallows access to the Java applet in the header frame of the Web interface. When access is disabled, the user cannot view the Java applet.
- Format - no network javamode
- Mode - Privileged EXEC
network mac-address
This command sets locally administered MAC addresses. The following rules apply:
- Bit 6 of byte 0 (called the U/L bit) indicates whether the address is universally administered (b'0') or locally administered (b'1').
- Bit 7 of byte 0 (called the I/G bit) indicates whether the destination address is an individual address (b'0') or a group address (b'1').
The second character, of the twelve character macaddr, must be 2, 6, A or E.
A locally administered address must have bit 6 On (b'1') and bit 7 Off (b'0').
- Format - network mac-address <macaddr>
- Mode - Privileged EXEC
network mac-type
This command specifies whether the burned in MAC address or the locally-administered MAC address is used.
- Default - burnedin
- Format - network mac-type {local | burnedin}
- Mode - Privileged EXEC
no network mac-type
This command resets the value of MAC address to its default.
- Format - no network mac-type
- Mode - Privileged EXEC
network parms
This command sets the IP Address, subnet mask and gateway of the router. The IP Address and the gateway must be on the same subnet.
- Format - network parms <ipaddr> <netmask> [<gateway>]
- Mode - Privileged EXEC
network protocol
This command specifies the network configuration protocol to be used. If you modify this value change is effective immediately. The parameter bootp indicates that the switch periodically sends requests to a Bootstrap Protocol (BootP) server or a dhcp server until a response is received. none indicates that the switch should be manually configured with IP information.
- Default - none
- Format - network protocol {none | bootp | dhcp}
- Mode - Privileged EXEC
remotecon maxsessions
This command specifies the maximum number of remote connection sessions that can be established. A value of 0 indicates that no remote connection can be established. The range is 0 to 5.
- Default - 5
- Format - remotecon maxsessions <0-5>
- Mode - Privileged EXEC
no remotecon maxsessions
This command sets the maximum number of remote connection sessions that can be established to the default value.
- Format - no remotecon maxsessions
- Mode - Privileged EXEC
remotecon timeout
This command sets the remote connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. A value of 0 indicates that a session remains active indefinitely. The time is a decimal value from 0 to 160.
Note - Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration.
|
- Default - 5
- Format - remotecon timeout <0-160>
- Mode - Privileged EXEC
no remotecon timeout
This command sets the remote connection session timeout value, in minutes, to the default.
Note - Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration.
|
- Format - no remotecon timeout
- Mode - Privileged EXEC
serial baudrate
This command specifies the communication rate of the terminal interface. The supported rates are 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200.
- Default - 9600
- Format - serial baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200}
- Mode - Line Config
no serial baudrate
This command sets the communication rate of the terminal interface.
- Format - no serial baudrate
- Mode - Line Config
serial timeout
This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected indefinitely. The time range is 0 to 160.
- Default - 5
- Format - serial timeout <0-160>
- Mode - Line Config
no serial timeout
This command sets the maximum connect time (in minutes) without console activity.
- Format - no serial timeout
- Mode - Line Config
set prompt
This command changes the name of the prompt. The length of name may be up to 64 alphanumeric characters.
- Format - set prompt <prompt string>
- Mode - Privileged EXEC
serviceport ip
This command sets the IP address, the netmask and the gateway of the router.
- Format - serviceport ip <ipaddr> <netmask> [gateway]
- Mode - Privileged EXEC
serviceport protocol
This command specifies the servicePort configuration protocol. If you modify this value, the change takes effect immediately.
- Format - serviceport protocol {none | bootp | dhcp}
- Mode - Privileged EXEC
show forwardingdb agetime
This command displays the timeout for address aging. In an IVL system, the [fdbid | all] parameter is required.
- Default - all
- Format - show forwardingdb agetime [fdbid | all]
- Mode - Privileged EXEC
TABLE 5-14 Entry Definitions for show forwardingdb agetime
Entry
|
Definition
|
Forwarding DB ID
|
Fdbid (Forwarding database ID) indicates the forwarding database whose aging timeout is to be shown. The all option is used to display the aging timeouts associated with all forwarding databases. This field displays the forwarding database ID in an IVL system.
|
Agetime
|
In an IVL system, this parameter displays the address aging timeout for the associated forwarding database.
|
show network
This command displays configuration settings associated with the switch's network interface. The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
- Format - show network
- Mode - Privileged EXEC and User EXEC
TABLE 5-15 Entry Definitions for show network
Entry
|
Definition
|
IP Address
|
The IP address of the interface. The factory default value is 0.0.0.0
|
Subnet Mask
|
The IP subnet mask for this interface. The factory default value is 0.0.0.0
|
Default Gateway
|
The default gateway for this IP interface. The factory default value is 0.0.0.0
|
Burned In MAC Address
|
The burned in MAC address used for in-band connectivity.
|
Locally Administered MAC Address
|
If desired, a locally administered MAC address can be configured for in-band connectivity. To take effect, 'MAC Address Type' must be set to 'Locally Administered'. Enter the address as twelve hexadecimal digits (6 bytes) with a colon between each byte. Bit 1 of byte 0 must be set to a 1 and bit 0 to a 0; that is, byte 0 should have the following mask 'xxxx xx10'. The MAC address used by this bridge when it must be referred to in a unique fashion. It is recommended that this be the numerically smallest MAC address of all ports that belong to this bridge. However it is only required to be unique. When concatenated with dot1dStpPriority a unique BridgeIdentifier is formed which is used in the Spanning Tree Protocol.
|
MAC Address Type
|
Specifies which MAC address should be used for in-band connectivity. The choices are the burned in or the Locally Administered address. The factory default is to use the burned in MAC address.
|
Network Configuration Protocol Current
|
Indicates which network protocol is being used. The options are:
|
Java Mode
|
Specifies if the switch should allow access to the Java applet in the header frame. Enabled means the applet can be viewed. The factory default is disabled.
|
Management VLAN ID
|
Specifies the management VLAN ID.
|
show remotecon
This command displays telnet settings.
- Format - show remotecon
- Mode - Privileged EXEC and User EXEC
TABLE 5-16 Entry Definitions for show remotecon
Entry
|
Definition
|
Remote Connection Login Timeout (minutes)
|
This object indicates the number of minutes a remote connection session is allowed to remain inactive before being logged off. A zero means there will be no timeout. May be specified as a number from 0 to 160. The factory default is 5.
|
Maximum Number of Remote Connection Sessions
|
This object indicates the number of simultaneous remote connection sessions allowed. The factory default is 5.
|
Allow New Telnet Sessions
|
Indicates that new telnet sessions will not be allowed when set to no. The factory default value is yes.
|
show serial
This command displays serial communication settings for the switch.
- Format - show serial
- Mode - Privileged EXEC and User EXEC
TABLE 5-17 Entry Definitions for show serial
Entry
|
Definition
|
Serial Port Login Timeout (minutes)
|
Specifies the time, in minutes, of inactivity on a Serial port connection, after which the Switch will close the connection. Any numeric value between 0 and 160 is allowed, the factory default is 5. A value of 0 disables the timeout.
|
Baud Rate
|
The default baud rate at which the serial port will try to connect. The available values are 1200, 2400, 4800, 9600, 19200, 38400,57600, and 115200 baud. The factory Default is 9600 baud.
|
Character Size
|
The number of bits in a character. The number of bits is always 8.
|
Flow Control
|
Whether Hardware Flow-Control is enabled or disabled. Hardware Flow Control is always disabled.
|
Stop Bits
|
The number of Stop bits per character. The number of Stop bits is always 1.
|
Parity Type
|
The Parity Method used on the Serial Port. The Parity Method is always None.
|
show serviceport
This command displays service port configuration information.
- Format - show serviceport
- Mode - Privileged EXEC
TABLE 5-18 Entry Definitions for show serviceport
Entry
|
Definition
|
IP Address
|
The IP address of the interface. The factory default value is 0.0.0.0
|
Subnet Mask
|
The IP subnet mask for this interface. The factory default value is 0.0.0.0
|
Default Gateway
|
The default gateway for this IP interface. The factory default value is 0.0.0.0
|
ServPort Configuration Protocol Current
|
Indicates what network protocol was used on the last, or current power-up cycle, if any.
|
Burned in MAC Address
|
The burned in MAC address used for in-band connectivity.
|
SNMP Community Commandsshow snmpcommunity
This command displays SNMP community information. Six communities are supported. You can add, change, or delete communities. The switch does not have to be reset for changes to take effect.
The SNMP agent of the switch complies with SNMP Version 1 (for more about the SNMP specification, see the SNMP RFCs). The SNMP agent sends traps through TCP/IP to an external SNMP manager based on the SNMP configuration (the trap receiver and other SNMP community parameters).
- Format - show snmpcommunity
- Mode - Privileged EXEC
TABLE 5-19 Entry Definitions for show snmpcommunity
Entry
|
Definition
|
SNMP Community Name
|
The community string to which this entry grants access. A valid entry is a case-sensitive alphanumeric string of up to 16 characters. Each row of this table must contain a unique community name.
|
Client IP Address
|
An IP address (or portion thereof) from which this device will accept SNMP packets with the associated community. The requesting entity's IP address is ANDed with the Subnet Mask before being compared to the IP Address. Note that if the Subnet Mask is set to 0.0.0.0, an IP Address of 0.0.0.0 matches all IP addresses. The default value is 0.0.0.0
|
Client IP Mask
|
A mask to be ANDed with the requesting entity's IP address before comparison with IP Address. If the result matches with IP Address then the address is an authenticated IP address. For example, if the IP Address = 9.47.128.0 and the corresponding Subnet Mask = 255.255.255.0 a range of incoming IP addresses would match; that is, the incoming IP Address could equal 9.47.128.0 - 9.47.128.255. The default value is 0.0.0.0
|
Access Mode
|
The access level for this community string.
|
Status
|
The status of this community access entry.
|
show snmptrap
This command displays SNMP trap receivers. Trap messages are sent across a network to an SNMP Network Manager. These messages alert the manager to events occurring within the switch or on the network. Six trap receivers are simultaneously supported.
- Format - show snmptrap
- Mode - Privileged EXEC
TABLE 5-20 Entry Definitions for show snmptrap
Entry
|
Definition
|
SNMP Trap Name
|
The community string of the SNMP trap packet sent to the trap manager. This may be up to 16 alphanumeric characters. This string is case sensitive.
|
IP Address
|
The IP address to receive SNMP traps from this device. Enter four numbers between 0 and 255 separated by periods.
|
Status
|
A pull down menu that indicates the receiver's status (enabled or disabled) and allows the administrator/user to perform actions on this user entry:
- Enable - send traps to the receiver.
- Disable - do not send traps to the receiver.
- Delete - remove the table entry.
|
show trapflags
This command displays trap conditions. Configure which traps the switch should generate by enabling or disabling the trap condition. If a trap condition is enabled and the condition is detected, the switch's SNMP agent sends the trap to all enabled trap receivers. The switch does not have to be reset to implement the changes. Cold and warm start traps are always generated and cannot be disabled.
- Format - show trapflags
- Mode - Privileged EXEC
TABLE 5-21 Entry Definitions for show trapflags
Entry
|
Definition
|
Authentication Flag
|
May be enabled or disabled. The factory default is enabled. Indicates whether authentication failure traps will be sent.
|
Link Up/Down Flag
|
May be enabled or disabled. The factory default is enabled. Indicates whether link status traps will be sent.
|
Multiple Users Flag
|
May be enabled or disabled. The factory default is enabled. Indicates whether a trap will be sent when the same user ID is logged into the switch more than once at the same time (either via telnet or serial port).
|
Spanning Tree Flag
|
May be enabled or disabled. The factory default is enabled. Indicates whether spanning tree traps will be sent.
|
Broadcast Storm Flag
|
May be enabled or disabled. The factory default is enabled. Indicates whether broadcast storm traps will be sent.
|
DVMRP Traps
|
May be enabled or disabled. The factory default is disabled. Indicates whether DVMRP traps will be sent.
|
OSPF Traps
|
May be enabled or disabled. The factory default is disabled. Indicates whether OSPF traps will be sent.
|
PIM Traps
|
May be enabled or disabled. The factory default is disabled. Indicates whether PIM traps will be sent.
|
snmp-server community
This command adds (and names) a new SNMP community. A community name is a name associated with the switch and with a set of SNMP managers that manage it with a specified privileged level. The length of name can be up to 16 case-sensitive characters.
Note - Community names in the SNMP community table must be unique. When making multiple entries using the same community name, the first entry is kept and processed and all duplicate entries are ignored.
|
- Default - Two default community names: Public and Private. You can replace these default community names with unique identifiers for each community. The default values for the remaining four community names are blank.
- Format - snmp-server community <name>
- Mode - Global Config
no snmp-server community
This command removes this community name from the table. The name is the community name to be deleted.
- Format - no snmp-server community <name>
- Mode - Global Config
snmp-server community ipaddr
This command sets a client IP address for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device. A value of 0.0.0.0 allows access from any IP address. Otherwise, this value is ANDed with the mask to determine the range of allowed client IP addresses. The name is the applicable community name.
- Default - 0.0.0.0
- Format - snmp-server community ipaddr <ipaddr> <name>
- Mode - Global Config
no snmp-server community ipaddr
This command sets a client IP address for an SNMP community to 0.0.0.0. The name is the applicable community name.
- Format - no snmp-server community ipaddr <name>
- Mode - Global Config
snmp-server community ipmask
This command sets a client IP mask for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP address value to denote a range of IP addresses from which SNMP clients may use that community to access the device. A value of 255.255.255.255 will allow access from only one station, and will use that machine's IP address for the client IP Address. A value of 0.0.0.0 will allow access from any IP address. The name is the applicable community name.
- Default - 0.0.0.0
- Format - snmp-server community ipmask <ipmask> <name>
- Mode - Global Config
no snmp-server community ipmask
This command sets a client IP mask for an SNMP community to 0.0.0.0. The name is the applicable community name. The community name may be up to 16 alphanumeric characters.
- Format - no snmp-server community ipmask <name>
- Mode - Global Config
snmp-server community mode
This command activates an SNMP community. If a community is enabled, an SNMP manager associated with this community manages the switch according to its access right. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable.
- Default - The default private and public communities are enabled by default. The four undefined communities are disabled by default.
- Format - snmp-server community mode <name>
- Mode - Global Config
no snmp-server community mode
This command deactivates an SNMP community. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable.
- Format - no snmp-server community mode <name>
- Mode - Global Config
snmp-server community ro
This command restricts access to switch information. The access mode is read-only (also called public).
- Format - snmp-server community ro <name>
- Mode - Global Config
snmp-server community rw
This command restricts access to switch information. The access mode is read/write (also called private).
- Format - snmp-server community rw <name>
- Mode - Global Config
snmp-server enable traps
This command enables the Authentication Flag.
- Default - enabled
- Format - snmp-server enable traps
- Mode - Global Config
no snmp-server enable traps
This command disables the Authentication Flag.
- Format - no snmp-server enable traps
- Mode - Global Config
snmp-server enable traps bcaststorm
This command enables the broadcast storm trap. When enabled, broadcast storm traps are sent only if the broadcast storm recovery mode setting associated with the port is enabled .
- Default - enabled
- Format - snmp-server enable traps bcaststorm
- Mode - Global Config
no snmp-server enable traps bcaststorm
This command disables the broadcast storm trap. When enabled, broadcast storm traps are sent only if the broadcast storm recovery mode setting associated with the port is enabled .
- Format - no snmp-server enable traps bcaststorm
- Mode - Global Config
snmp-server enable traps linkmode
This command enables Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled (see snmp trap link-status).
- Default - enabled
- Format - snmp-server enable traps linkmode
- Mode - Global Config
no snmp-server enable traps linkmode
This command disables Link Up/Down traps for the entire switch.
- Format - no snmp-server enable traps linkmode
- Mode - Global Config
snmp-server enable traps multiusers
This command enables Multiple User traps. When the traps are enabled, a Multiple User Trap is sent when a user logs in to the terminal interface (EIA 232 or telnet) and there is an existing terminal interface session.
- Default - enabled
- Format - snmp-server enable traps multiusers
- Mode - Global Config
no snmp-server enable traps multiusers
This command disables Multiple User traps.
- Format - no snmp-server enable traps multiusers
- Mode - Global Config
snmp-server enable traps stpmode
This command enables the sending of new root traps and topology change notification traps.
- Default - enabled
- Format - snmp-server enable traps stpmode
- Mode - Global Config
no snmp-server enable traps stpmode
This command disables the sending of new root traps and topology change notification traps.
- Format - no snmp-server enable traps stpmode
- Mode - Global Config
snmptrap
This command adds an SNMP trap name. The maximum length of name is 16 case-sensitive alphanumeric characters.
- Default - The default name for the six undefined community names is Delete.
- Format - snmptrap <name> <ipaddr>
- Mode - Global Config
no snmptrap
This command deletes trap receivers for a community.
- Format - no snmptrap <name> <ipaddr>
- Mode - Global Config
snmptrap ipaddr
This command assigns an IP address to a specified community name. The maximum length of name is 16 case-sensitive alphanumeric characters.
Note - IP addresses in the SNMP trap receiver table must be unique. If you make multiple entries using the same IP address, the first entry is retained and processed. All duplicate entries are ignored.
|
- Format - snmptrap ipaddr <name> <ipaddrold> <ipaddrnew>
- Mode - Global Config
snmptrap mode
This command activates or deactivates an SNMP trap. Enabled trap receivers are active (able to receive traps). Disabled trap receivers are inactive (not able to receive traps).
- Format - snmptrap mode <name> <ipaddr>
- Mode - Global Config
no snmptrap mode
This command deactivates an SNMP trap. Disabled trap receivers are inactive (not able to receive traps).
- Format - no snmptrap mode <name> <ipaddr>
- Mode - Global Config
telnet
This command regulates new telnet sessions. If sessions are enabled, new telnet sessions can be established until there are no more sessions available. If sessions are disabled, no new telnet sessions are established. An established session remains active until the session is ended or an abnormal network error ends it.
- Default - enabled
- Format - telnet
- Mode - Privileged EXEC
no telnet
This command disables telnet sessions. If sessions are disabled, no new telnet sessions are established.
- Format - no telnet
- Mode - Privileged EXEC
snmp trap link-status
This command enables link status traps by interface.
- Format - snmp trap link-status
- Mode - Interface Config
no snmp trap link-status
This command disables link status traps by interface.
- Format - no snmp trap link-status
- Mode - Interface Config
snmp trap link-status all
This command enables link status traps for all interfaces.
- Format - snmp trap link-status all
- Mode - Global Config
no snmp trap link-status all
This command disables link status traps for all interfaces.
- Format - no snmp trap link-status all
- Mode - Global Config
Management VLAN Command
This command is used to set the Management VLAN.
network mgmt_vlan
This command configures the Management VLAN ID.
- Default - 1
- Format - network mgmt_vlan <1-4021>
- Mode - Privileged EXEC
System Configuration Commands
This chapter provides a detailed explanation of the System configuration commands. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
addport
This command adds one port to the port-channel (LAG). The first interface is a logical unit, slot and port slot and port number of a configured port-channel.
Note - Before adding a port to a port-channel, set the physical mode of the port (see speed).
|
- Format - addport <logical slot/port>
- Mode - Interface Config
cablestatus
This command tests the status of the cable attached to an interface.
- Format - cablestatus <slot/port>
- Mode - Privileged EXEC
auto-negotiate
This command enables automatic negotiation on a port. The default value is enable.
- Format - auto-negotiate
- Mode - Interface Config
no auto-negotiate
This command disables automatic negotiation on a port.
Note - Automatic sensing is disabled when automatic negotiation is disabled.
|
- Format - no auto-negotiate
- Mode - Interface Config
auto-negotiate all
This command enables automatic negotiation on all ports. The default value is enable.
- Format - auto-negotiate all
- Mode - Global Config
no auto-negotiate all
This command disables automatic negotiation on all ports.
- Format - no auto-negotiate all
- Mode - Global Config
deleteport (Interface Config)
This command deletes the port from the port-channel (LAG). The interface is a logical unit, slot and port slot and port number of a configured port-channel.
- Format - deleteport <logical slot/port>
- Mode - Interface Config
deleteport (Global Config)
This command deletes all configured ports from the port-channel (LAG). The interface is a logical unit, slot and port slot and port number of a configured port-channel.
- Format - deleteport {<logical slot/port> | all}
- Mode - Global Config
monitor session
This command configures a probe port and a monitored port for monitor session (port monitoring). The first slot/port is the source monitored port and the second slot/port is the destination probe port. If this command is executed while port monitoring is enabled, it will have the effect of changing the probe and monitored port values.
- Format - monitor session source <slot/port> <destination> <slot/port>
- Mode - Global Config
no monitor session
This command removes the monitor session (port monitoring) designation from both the source probe port and the destination monitored port and removes the probe port from all VLANs. The port must be manually re-added to any desired VLANs.
- Format - no monitor session
- Mode - Global Config
monitor session mode
This command configures the monitor session (port monitoring) mode to enable. The probe and monitored ports must be configured before monitor session (port monitoring) can be enabled. If enabled, the probe port will monitor all traffic received and transmitted on the physical monitored port. It is not necessary to disable port monitoring before modifying the probe and monitored ports.
- Default - disabled
- Format - monitor session mode
- Mode - Global Config
no monitor session mode
This command sets the monitor session (port monitoring) mode to disable.
- Format - no monitor session mode
- Mode - Global Config
shutdown
This command disables a port.
- Default - enabled
- Format - shutdown
- Mode - Interface Config
no shutdown
This command enables a port.
- Format - no shutdown
- Mode - Interface Config
shutdown all
This command disables all ports.
- Default - enabled
- Format - shutdown all
- Mode - Global Config
no shutdown all
This command enables all ports.
- Format - no shutdown all
- Mode - Global Config
speed
This command sets the speed and duplex setting for the interface.
- Format - speed {<100 | 10> <half-duplex | full-duplex>}
- Mode - Interface Config
Acceptable values for the speed command are as follows.
TABLE 5-22 Entry Definitions for speed
Entry
|
Definition
|
100h
|
100BASE-T half duplex
|
100f
|
100BASE-T full duplex
|
10h
|
10BASE-T half duplex
|
10f
|
10BASE-T full duplex
|
speed all
This command sets the speed and duplex setting for all interfaces.
- Format - speed all {<100 | 10> <half-duplex | full-duplex>}
- Mode - Global Config
Acceptable values for the speed all command are as follows.
TABLE 5-23 Entry Definitions for speed all
Entry
|
Definition
|
100h
|
100BASE-T half-duplex
|
100f
|
100BASE-T full duplex
|
10h
|
10BASE-T half duplex
|
10f
|
10BASE-T full duplex
|
storm-control broadcast
This command enables broadcast storm recovery mode. If the mode is enabled, broadcast storm recovery with high and low thresholds is implemented.
The threshold implementation follows a percentage pattern. If the broadcast traffic on any Ethernet port exceeds the high threshold percentage (as shown in TABLE 5-24) of the link speed, the switch discards the broadcasts traffic until the broadcast traffic returns to the low threshold percentage or less. The full implementation is depicted in the following table.
TABLE 5-24 Broadcast Storm Recovery Thresholds
Link Speed
|
High
|
Low
|
10M
|
20
|
10
|
100M
|
5
|
2
|
1000M
|
5
|
2
|
- Format - storm-control broadcast
- Mode - Global Config
no storm-control broadcast
This command disables broadcast storm recovery mode.
The threshold implementation follows a percentage pattern. If the broadcast traffic on any Ethernet port exceeds the high threshold percentage (as shown in TABLE 5-25) of the link speed, the switch discards the broadcasts traffic until the broadcast traffic returns to the low threshold percentage or less. The full implementation is depicted in the following table.
TABLE 5-25 Broadcast Storm Recovery Thresholds
Link Speed
|
High
|
Low
|
10M
|
20
|
10
|
100M
|
5
|
2
|
1000M
|
5
|
2
|
- Format - no storm-control broadcast
- Mode - Global Config
storm-control flowcontrol
This command enables 802.3x flow control for the switch.
Note - This command only applies to full-duplex mode ports.
|
- Default - disabled
- Format - storm-control flowcontrol
- Mode - Global Config
no storm-control flowcontrol
This command disables 802.3x flow control for the switch.
Note - This command only applies to full-duplex mode ports.
|
- Format - no storm-control flowcontrol
- Mode - Global Config
show mac-address-table multicast
This command displays the Multicast Forwarding Database (MFDB) information. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the optional all parameter. The user can display the table entry for one MAC Address by specifying the MAC address as an optional parameter.
- Format - show mac-address-table multicast <macaddr | all>
- Mode - Privileged EXEC
TABLE 5-26 Entry Definitions for show mac-address-table multicast
Entry
|
Definition
|
Mac Address
|
A multicast MAC address for which the switch has forwarding and or filtering information. The format is two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as a MAC address and VLAN ID combination of 8 bytes.
|
Type
|
This displays the type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol.
|
Component
|
The component that is responsible for this entry in the Multicast Forwarding Database. Possible values are IGMP Snooping, GMRP, and Static Filtering.
|
Description
|
The text description of this multicast table entry.
|
Interfaces
|
The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
|
Forwarding Interfaces
|
The resultant forwarding list is derived from combining all the component’s forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces.
|
show mac-address-table static
This command displays the Static MAC Filtering information for all Static MAC Filters. If <all> is selected, all the Static MAC Filters in the system are displayed. If a macaddr is entered, a vlan must also be entered and the Static MAC Filter information will be displayed only for that MAC address and VLAN.
- Format - show mac-address-table static {<macaddr> <vlanid> | all}
- Mode - Privileged EXEC
TABLE 5-27 Entry Definitions for show mac-address-table static
Entry
|
Definition
|
MAC Address
|
The MAC Address of the static MAC filter entry.
|
VLAN ID
|
The VLAN ID of the static MAC filter entry.
|
Source Port(s)
|
Indicates the source port filter set's slot and port(s).
|
Destination Port(s)
|
Indicates the destination port filter set's slot and port(s).
|
show mac-address-table staticfiltering
This command displays the Static Filtering entries in the Multicast Forwarding Database (MFDB) table.
- Format - show mac-address-table staticfiltering
- Mode - Privileged EXEC
TABLE 5-28 Entry Definitions for show mac-address-table staticfiltering
Entry
|
Definition
|
Mac Address
|
A unicast MAC address for which the switch has forwarding and or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes.
|
Type
|
This displays the type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol.
|
Description
|
The text description of this multicast table entry.
|
Interfaces
|
The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
|
show mac-address-table stats
This command displays the Multicast Forwarding Database (MFDB) statistics.
- Format - show mac-address-table stats
- Mode - Privileged EXEC
TABLE 5-29 Entry Definitions for show mac-address-table stats
Entry
|
Definition
|
Total Entries
|
This displays the total number of entries that can possibly be in the Multicast Forwarding Database table.
|
Most MFDB Entries Ever Used
|
This displays the largest number of entries that have been present in the Multicast Forwarding Database table. This value is also known as the MFDB high-water mark.
|
Current Entries
|
This displays the current number of entries in the Multicast Forwarding Database table.
|
show monitor
This command displays the Port monitoring information for the system.
- Format - show monitor
- Mode - Privileged EXEC
TABLE 5-30 Entry Definitions for show monitor
Entry
|
Definition
|
Port Monitor Mode
|
Indicates whether the Port Monitoring feature is enabled or disabled. The possible values are enable and disable.
|
Probe Port slot/port
|
The slot/port configured as the probe port. If this value has not been configured, 'Not Configured' will be displayed.
|
Monitored Port slot/port
|
The slot/port configured as the monitored port. If this value has not been configured, 'Not Configured' will be displayed.
|
show port
This command displays port information.
- Format - show port {<slot/port> | all}
- Mode - Privileged EXEC
TABLE 5-31 Entry Definitions for show port
Entry
|
Definition
|
Slot/Port
|
Valid slot and port number separated by forward slashes.
|
Type
|
If not blank, this field indicates that this port is a special type of port. The possible values are:
- Mon - This port is a monitoring port. Look at the Port Monitoring screens to find out more information.
- Lag - This port is a member of a port-channel (LAG).
- Probe - This port is a probe port.
|
Admin Mode
|
Selects the Port control administration state. The port must be enabled in order for it to be allowed into the network. May be enabled or disabled. The factory default is enabled.
|
Physical Mode
|
Selects the desired port speed and duplex mode. If auto-negotiation support is selected, then the duplex mode and speed will be set from the auto-negotiation process. Note that the port's maximum capability (full duplex -100M) will be advertised. Otherwise, this object will determine the port's duplex mode and transmission rate. The factory default is Auto.
|
Physical Status
|
Indicates the port speed and duplex mode.
|
Link Status
|
Indicates whether the Link is up or down.
|
Link Trap
|
This object determines whether or not to send a trap when link status changes. The factory default is enabled.
|
LACP Mode
|
Displays whether LACP is enabled or disabled on this port.
|
show port protocol
This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated Group.
- Format - show port protocol <groupid | all>
- Mode - Privileged EXEC
TABLE 5-32 Entry Definitions for show port protocol
Entry
|
Definition
|
Group Name
|
This field displays the group name of an entry in the Protocol-based VLAN table.
|
Group ID
|
This field displays the group identifier of the protocol group.
|
Protocol(s)
|
This field indicates the type of protocol(s) for this group.
|
VLAN
|
This field indicates the VLAN associated with this Protocol Group.
|
Interface(s)
|
This field lists the slot/port interface(s) that are associated with this Protocol Group.
|
show storm-control
This command displays switch configuration information.
- Format - show storm-control
- Mode - Privileged EXEC
TABLE 5-33 Entry Definitions for show storm-control
Entry
|
Definition
|
Broadcast Storm Recovery Mode
|
May be enabled or disabled. The factory default is disabled.
|
802.3x Flow Control Mode
|
May be enabled or disabled. The factory default is disabled.
|
Virtual LAN (VLAN) Commandsvlan
This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is
2-4021.
- Format - vlan <2-4021>
- Mode - VLAN database
no vlan
This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-4021.
- Format - no vlan <2-4021>
- Mode - VLAN database
vlan acceptframe
This command sets the frame acceptance mode per interface. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
- Default - admit all
- Format - vlan acceptframe <vlanonly | all>
- Mode - Interface Config
no vlan acceptframe
This command sets the frame acceptance mode per interface to Admit All. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
- Format - vlan acceptframe <vlanonly | all>
- Mode - Interface Config
vlan ingressfilter
This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
- Default - disabled
- Format - vlan ingressfilter
- Mode - Interface Config
no vlan ingressfilter
This command disables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
- Format - no vlan ingressfilter
- Mode - Interface Config
vlan makestatic
This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-4021.
- Format - vlan makestatic <2-4021>
- Mode - VLAN database
vlan name
This command changes the name of a VLAN. The name is an alphanumeric string of up to 32 characters, and the ID is a valid VLAN identification number. ID range is 1-4021.
- Default - The name for VLAN ID 1 is always Default. The name for other VLANs is defaulted to a blank string.
- Format - vlan name <2-4021> <name>
- Mode - VLAN database
no vlan name
This command sets the name of a VLAN to a blank string. The VLAN ID is a vailid VLAN identification number. ID range is 1-4021.
- Format - no vlan name <2-4021>
- Mode - VLAN database
vlan participation
This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number.
- Format - vlan participation <exclude | include | auto> <1-4021>
- Mode - Interface Config
Participation options are as follows.
TABLE 5-34 Entry Definitions for vlan participation
Entry
|
Definition
|
include
|
The interface is always a member of this VLAN. This is equivalent to registration fixed.
|
exclude
|
The interface is never a member of this VLAN. This is equivalent to registration forbidden.
|
auto
|
The interface is dynamically registered in this VLAN by GVRP. The interface will not participate in this VLAN unless a join request is received on this interface. This is equivalent to registration normal.
|
vlan participation all
This command configures the degree of participation for all interfaces in a VLAN. The ID is a valid VLAN identification number.
- Format - vlan participation all <exclude | include | auto> <1-4021>
- Mode - Global Config
Participation options are as follows.
TABLE 5-35 Entry Definitions for vlan participation all
Entry
|
Definition
|
include
|
The interface is always a member of this VLAN. This is equivalent to registration fixed.
|
exclude
|
The interface is never a member of this VLAN. This is equivalent to registration forbidden.
|
auto
|
The interface is dynamically registered in this VLAN by GVRP. The interface will not participate in this VLAN unless a join request is received on this interface. This is equivalent to registration normal.
|
vlan port acceptframe all
This command sets the frame acceptance mode for all interfaces. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
- Default - admit all
- Format - vlan port acceptframe all <vlanonly | all>
- Mode - Global Config
no vlan port acceptframe all
This command sets the frame acceptance mode for all interfaces to Admit All. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
- Format - no vlan port acceptframe all <vlanonly | all>
- Mode - Global Config
vlan port ingressfilter all
This command enables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
- Default - disabled
- Format - vlan port ingressfilter all
- Mode - Global Config
no vlan port ingressfilter all
This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
- Format - no vlan port ingressfilter all
- Mode - Global Config
vlan port pvid all
This command changes the VLAN ID for all interfaces.
- Default - 1
- Format - vlan port pvid all <1-4021>
- Mode - Global Config
no vlan port pvid all
This command sets the VLAN ID for all interfaces to 1.
- Format - no vlan port pvid all <1-4021>
- Mode - Global Config
vlan port tagging all
This command configures the tagging behavior for all interfaces in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
- Format - vlan port tagging all <1-4021>
- Mode - Global Config
no vlan port tagging all
This command configures the tagging behavior for all interfaces in a VLAN to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
- Format - no vlan port tagging all <1-4021>
- Mode - Global Config
vlan protocol group
This command adds protocol-based VLAN group to the system. The <groupName> is a character string of 1 to 16 characters. When it is created, the protocol group will be assigned a unique number that will be used to identify the group in subsequent commands.
- Format - vlan protocol group <groupname>
- Mode - Global Config
vlan protocol group add protocol
This command adds the <protocol> to the protocol-based VLAN identified by <groupid>. A group may have more than one protocol associated with it. Each interface and protocol combination can only be associated with one group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this command will fail and the protocol will not be added to the group. The possible values for protocol are ip, arp, and ipx.
- Default - none
- Format - vlan protocol group add protocol <groupid> <protocol>
- Mode - Global Config
no vlan protocol group add protocol
This command removes the <protocol> from this protocol-based VLAN group that is identified by this <groupid>. The possible values for protocol are ip, arp, and ipx.
- Format - no vlan protocol group add protocol <groupid> <protocol>
- Mode - Global Config
vlan protocol group remove
This command removes the protocol-based VLAN group that is identified by this <groupid>.
- Format - vlan protocol group remove <groupid>
- Mode - Global Config
protocol group
This command attaches a <vlanid> to the protocol-based VLAN identified by <groupid>. A group may only be associated with one VLAN at a time, however the VLAN association can be changed.
The referenced VLAN should be created prior to the creation of the protocol-based VLAN except when GVRP is expected to create the VLAN.
- Default - none
- Format - protocol group <groupid> <vlanid>
- Mode - VLAN database
no protocol group
This command removes the <vlanid> from this protocol-based VLAN group that is identified by this <groupid>.
- Format - no protocol group <groupid> <vlanid>
- Mode - VLAN database
protocol vlan group
This command adds the physical <slot/port> interface to the protocol-based VLAN identified by <groupid>. A group may have more than one interface associated with it. Each interface and protocol combination can only be associated with one group. If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command will fail and the interface(s) will not be added to the group.
The referenced VLAN should be created prior to the creation of the protocol-based VLAN except when GVRP is expected to create the VLAN.
- Default - none
- Format - protocol vlan group <groupid>
- Mode - Interface Config
no protocol vlan group
This command removes the <interface> from this protocol-based VLAN group that is identified by this <groupid>. If <all> is selected, all ports will be removed from this protocol group.
- Format - no protocol vlan group <groupid>
- Mode - Interface Config
protocol vlan group all
This command adds all physical interfaces to the protocol-based VLAN identified by <groupid>. A group may have more than one interface associated with it. Each interface and protocol combination can only be associated with one group. If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command will fail and the interface(s) will not be added to the group.
The referenced VLAN should be created prior to the creation of the protocol-based VLAN except when GVRP is expected to create the VLAN.
- Default - none
- Format - protocol vlan group all <groupid>
- Mode - Global Config
no protocol vlan group all
This command removes all interfaces from this protocol-based VLAN group that is identified by this <groupid>.
- Format - no protocol vlan group all <groupid>
- Mode - Global Config
vlan pvid
This command changes the VLAN ID per interface.
- Default - 1
- Format - vlan pvid <1-4021>
- Mode - Interface Config
no vlan pvid
This command sets the VLAN ID per interface to 1.
- Format - no vlan pvid <1-4021>
- Mode - Interface Config
vlan tagging
This command configures the tagging behavior for a specific interface in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
- Format - vlan tagging <1-4021>
- Mode - Interface Config
no vlan tagging
This command configures the tagging behavior for a specific interface in a VLAN to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
- Format - no vlan tagging <1-4021>
- Mode - Interface Config
show vlan
This command displays detailed information, including interface information, for a specific VLAN. The ID is a valid VLAN identification number.
- Format - show vlan <vlanid>
- Mode - Privileged EXEC and User EXEC
TABLE 5-36 Entry Definitions for show vlan
Entry
|
Definition
|
VLAN ID
|
There is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID is 1 to 4021.
|
VLAN Name
|
A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. VLAN ID 1 always has a name of `Default`. This field is optional.
|
VLAN Type
|
Type of VLAN, which can be Default, (VLAN ID = 1), a static (one that is configured and permanently defined), or Dynamic (one that is created by GVRP registration).
|
Slot/Port
|
Valid slot and port number separated by forward slashes. It is possible to set the parameters for all ports by using the selectors on the top line.
|
Current
|
Determines the degree of participation of this port in this VLAN. The permissible values are:
- Include - This port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE 802.1Q standard.
- Exclude - This port is never a member of this VLAN. This is equivalent to registration forbidden in the IEEE 802.1Q standard.
- Autodetect - Specifies to allow the port to be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard.
|
Configured
|
Determines the configured degree of participation of this port in this VLAN. The permissible values are:
- Include - This port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE 802.1Q standard.
- Exclude - This port is never a member of this VLAN. This is equivalent to registration forbidden in the IEEE 802.1Q standard.
- Autodetect - Specifies to allow the port to be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard.
|
Tagging
|
Select the tagging behavior for this port in this VLAN.
- Tagged - Specifies to transmit traffic for this VLAN as tagged frames.
- Untagged - Specifies to transmit traffic for this VLAN as untagged frames.
|
show vlan brief
This command displays a list of all configured VLANs.
- Format - show vlan brief
- Mode - Privileged EXEC and User EXEC
TABLE 5-37 Entry Definitions for show vlan brief
Entry
|
Definition
|
VLAN ID
|
There is a VLAN Identifier (vlanid )associated with each VLAN. The range of the VLAN ID is 1 to 4021.
|
VLAN Name
|
A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. VLAN ID 1 always has a name of `Default`. This field is optional.
|
VLAN Type
|
Type of VLAN, which can be Default, (VLAN ID = 1), a static (one that is configured and permanently defined), or a Dynamic (one that is created by GVRP registration).
|
show vlan port
This command displays VLAN port information.
- Format - show vlan port {<slot/port> | all}
- Mode - Privileged EXEC and User EXEC
TABLE 5-38 Entry Definitions for show vlan port
Entry
|
Definition
|
Slot/Port
|
Valid slot and port number separated by forward slashes. It is possible to set the parameters for all ports by using the selectors on the top line.
|
Port VLAN ID
|
The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. The value must be for an existing VLAN. The factory default is 1.
|
Acceptable Frame Types
|
Specifies the types of frames that may be received on this port. The options are 'VLAN only' and 'Admit All'. When set to 'VLAN only', untagged frames or priority tagged frames received on this port are discarded. When set to 'Admit All', untagged frames or priority tagged frames received on this port are accepted and assigned the value of the Port VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance to the 802.1Q VLAN specification.
|
Ingress Filtering
|
May be enabled or disabled. When enabled, the frame is discarded if this port is not a member of the VLAN with which this frame is associated. In a tagged frame, the VLAN is identified by the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID specified for the port that received this frame. When disabled, all frames are forwarded in accordance with the 802.1Q VLAN bridge specification. The factory default is disabled.
|
GVRP
|
May be enabled or disabled.
|
Default Priority
|
The 802.1p priority assigned to tagged packets arriving on the port.
|
System Utility Commands
This section describes system utilities. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
clear config
This command resets the configuration to the factory defaults without powering off the switch. The switch is automatically reset when this command is processed. You are prompted to confirm that the reset should proceed.
- Format - clear config
- Mode - Privileged EXEC
clear counters
This command clears the stats for a specified <slot/port>or for all the ports or for the entire switch based upon the argument.
- Format - clear counters {<slot/port> | all}
- Mode - Privileged EXEC
clear igmpsnooping
This command clears the tables managed by the IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database.
- Format - clear igmpsnooping
- Mode - Privileged EXEC
clear pass
This command resets all user passwords to the factory defaults without powering off the switch. You are prompted to confirm that the password reset should proceed.
- Format - clear pass
- Mode - Privileged EXEC
enable passwd
This command changes the Privileged EXEC password. First type the command then hit the enter or the return key.
- Format - enable passwd
- Mode - Privileged EXEC
clear port-channel
This command clears all port-channels (LAGs).
- Format - clear port-channel
- Mode - Privileged EXEC
clear traplog
This command clears the trap log.
- Format - clear traplog
- Mode - Privileged EXEC
clear vlan
This command resets VLAN configuration parameters to the factory defaults.
- Format - clear vlan
- Mode - Privileged EXEC
logout
This command closes the current telnet connection or resets the current serial connection.
Note - Save configuration changes before logging out.
|
- Format - logout
- Mode - Privileged EXEC
ping
This command checks if another computer is on the network and listens for connections. To use this command, configure the switch for network (in-band) connection. The source and target devices must have the ping utility enabled and running on top of TCP/IP. The switch can be pinged from any IP workstation with which the switch is connected through the default VLAN (VLAN 1), as long as there is a physical path between the switch and the workstation. The terminal interface sends, three pings to the target station.
- Format - ping <ipaddr>
- Mode - Privileged EXEC and User EXEC
reload
This command resets the switch without powering it off. Reset means that all network connections are terminated and the boot code executes. The switch uses the stored configuration to initialize the switch. You are prompted to confirm that the reset should proceed. A successful reset is indicated by the LEDs on the switch.
- Format - reload
- Mode - Privileged EXEC
copy
This command uploads and downloads to/from the switch. Local URLs can be specified using tftp or xmodem. The following can be specified as the source file for uploading from the switch: startup configuration (nvram:startup-config), error log (nvram:errorlog), message log (nvram:msglog) and trap log (nvram:traplog). A URL is specified for the destination.
The command can also be used to download the startup configuration or code image by specifying the source as a URL and destination as nvram:startup-config or .system:image respectively.
The command can be used to the save the running configuration to nvram by specifying the source as system:running-config and the destination as nvram:startup-config. The command can also be used to download SSH key files as nvram:sshkey-rsa, nvram:sshkey-rsa2, and nvram:sshkey-dsa and http secure-server certificates as nvram:sslpem-root, nvram:sslpem-server, nvram:sslpem-dhweak, and nvram:sslpem-dhstrong.
- Default - none
- Format:
- copy nvram:startup-config <url>
- copy nvram:errorlog <url>
- copy nvram:msglog <url>
- copy nvram:traplog <url>
- copy <url> nvram:startup-config
- copy <url> system:image
- copy system:running-config nvram:startup-config
- copy <url> nvram:sslpem-root
- copy <url> nvram:sslpem-server
- copy <url> nvram:sslpem-dhweak
- copy <url> nvram:sslpem-dhstrong
- copy <url> nvram:sshkey-rsa1
- copy <url> nvram:sshkey-rsa2
- copy <url> nvram:sshkey-dsa
- Mode - Privileged EXEC
User Account Commands
These commands manage user accounts. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
disconnect
This command closes a telnet session.
- Format - disconnect {<sessionID> | all}
- Mode - Privileged EXEC
show loginsession
This command displays current telnet and serial port connections to the switch.
- Format - show loginsession
- Mode - Privileged EXEC
TABLE 5-39 Entry Definitions for show loginsession
Entry
|
Definition
|
ID
|
Login Session ID
|
User Name
|
The name the user will use to login using the serial port or Telnet. A new user may be added to the switch by entering a name in a blank entry. The user name may be up to 8 characters, and is not case sensitive. Two users are included as the factory default, ‘admin’ and ‘guest’.
|
Connection From
|
IP address of the telnet client machine or EIA-232 for the serial port connection.
|
Idle Time
|
Time this session has been idle.
|
Session Time
|
Total time this session has been connected.
|
show users
This command displays the configured user names and their settings. This command is only available for users with Read/Write privileges. The SNMPv3 fields will only be displayed if SNMP is available on the system.
- Format - show users
- Mode - Privileged EXEC
TABLE 5-40 Entry Definitions for show users
Entry
|
Description
|
User Name
|
The name the user will use to login using the serial port, Telnet or Web. A new user may be added to the switch by entering a name in a blank entry. The user name may be up to eight characters, and is not case sensitive. Two users are included as the factory default, ‘admin’ and ‘guest’
|
Access Mode
|
Shows whether the operator is able to change parameters on the switch (Read/Write) or is only able to view them (Read Only). As a factory default, the ‘admin’ user has Read/Write access and the ‘guest’ has Read Only access. There can only be one Read/ Write user and up to five Read Only users.
|
SNMPv3 Access Mode
|
This field displays the SNMPv3 Access Mode. If the value is set to Read-Write, the SNMPv3 user will be able to set and retrieve parameters on the system. If the value is set to ReadOnly, the SNMPv3 user will only be able to retrieve parameter information. The SNMPv3 access mode may be different than the CLI and Web access mode.
|
SNMPv3 Authentication
|
This field displays the authentication protocol to be used for the specified login user.
|
SNMPv3 Encryption
|
This field displays the encryption protocol to be used for the specified login user.
|
users name
This command adds a new user (account) if space permits. The account <username> can be up to eight characters in length. The name may be comprised of alphanumeric characters as well as the dash (‘-’) and underscore (‘_’). The <username> is not case-sensitive.
Six user names can be defined.
- Format - users name <username>
- Mode - Global Config
no users name
This command removes an operator.
- Format - no users name <username>
- Mode - Global Config
Note - The ‘admin’ user account cannot be deleted.
|
users passwd
This command is used to change a password. The password should not be more than eight alphanumeric characters in length. If a user is authorized for authentication or encryption is enabled, the password must be at least eight alphanumeric characters in length. The username and password are not case-sensitive. When a password is changed, a prompt will ask for the former password. If none, press enter.
- Default - no password
- Format - users passwd <username>
- Mode - Global Config
no users passwd
This command sets the password of an existing operator to blank. When a password is changed, a prompt will ask for the operator's former password. If none, press enter.
- Format - no users passwd <username>
- Mode - Global Config
users snmpv3 accessmode
This command specifies the snmpv3 access privileges for the specified login user. The valid accessmode values are readonly or readwrite. The <username> is the login user name for which the specified access mode applies. The default is readwrite for ‘admin’ user; readonly for all other users
- Default:
- admin - readwrite
- other - readonly
- Format - users snmpv3 accessmode <username> <readonly | readwrite>
- Mode - Global Config
no users snmpv3 accessmode
This command sets the snmpv3 access privileges for the specified login user as readwrite for the ‘admin’ user; readonly for all other users. The <username> is the login user name for which the specified access mode will apply.
- Format - no users snmpv3 accessmode <username>
- Mode - Global Config
users snmpv3 authentication
This command specifies the authentication protocol to be used for the specified login user. The valid authentication protocols are none, md5 or sha. If md5 or sha are specified, the user login password is also used as the snmpv3 authentication password and therefore must be at least eight characters in length. The <username> is the login user name associated with the authentication protocol.
- Default - no authentication
- Format - users snmpv3 authentication <username> <none | md5 | sha>
- Mode - Global Config
no users snmpv3 authentication
This command sets the authentication protocol to be used for the specified login user to none. The <username> is the login user name for which the specified authentication protocol will be used.
- Format - users snmpv3 authentication <username>
- Mode - Global Config
users snmpv3 encryption
This command specifies the encryption protocol to be used for the specified login user. The valid encryption protocols are des or none.
If des is specified, the required key may be specified on the command line. The encryption key must be 8 to 64 characters long. If the des protocol is specified but a key is not provided, the user will be prompted for the key. When using the des protocol, the user login password is also used as the snmpv3 encryption password and therefore must be at least eight characters in length.
If none is specified, a key must not be provided. The <username> is the login user name associated with the specified encryption.
- Default - no encryption
- Format - users snmpv3 encryption <username> <none | des[key]>
- Mode - Global Config
no users snmpv3 encryption
This command sets the encryption protocol to none. The <username> is the login user name for which the specified encryption protocol will be used.
- Format - no users snmpv3 encryption <username>
- Mode - Global Config
Port Based Network Access Control (IEEE 802.1X) Commands
This section provides a detailed explanation of the 802.1x commands. The commands are divided into the following groups:
- Configuration commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting.
- Show commands are used to display switch settings, statistics and other information.
authentication login
This command creates an authentication login list. The <listname> is up to 15 alphanumeric characters and is not case sensitive. Up to 10 authentication login lists can be configured on the switch. When a list is created, the authentication method “local” is set as the first method.
When the optional parameters “Option1”, “Option2” and/or “Option3” are used, an ordered list of methods are set in the authentication login list. If the authentication login list does not exist, a new authentication login list is first created and then the authentication methods are set in the authentication login list. The maximum number of authentication login methods is three. The possible method values are local, radius and reject.
The value of local indicates that the user’s locally stored ID and password are used for authentication. The value of radius indicates that the user’s ID and password will be authenticated using the RADIUS server. The value of reject indicates the user is never authenticated.
To authenticate a user, the authentication methods in the user’s login will be attempted in order until an authentication attempt succeeds or fails.
Note - The default login list included with the default configuration can not be changed.
|
- Format - authentication login <listname> [method1 [method2 [method3]]]
- Mode - Global Config
no authentication login
This command deletes the specified authentication login list. The attempt to delete will fail if any of the following conditions are true:
- The login list name is invalid or does not match an existing authentication login list
- The specified authentication login list is assigned to any user or to the non configured user for any component
- The login list is the default login list included with the default configuration and was not created using ‘authentication login’. The default login list cannot be deleted.
Following are the format and mode for the no authentication login command:
- Format - no authentication login <listname>
- Mode - Global Config
clear dot1x statistics
This command resets the 802.1x statistics for the specified port or for all ports.
- Format - clear dot1x statistics { <slot/port> | all }
- Mode - Privileged EXEC
clear radius statistics
This command is used to clear all RADIUS statistics.
- Format - clear radius statistics
- Mode - Privileged EXEC
dot1x defaultlogin
This command assigns the authentication login list to use for non-configured users for 802.1x port security. This setting is over-ridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only.
- Format - dot1x defaultlogin <listname>
- Mode - Global Config
dot1x initialize
This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned.
- Format - dot1x initialize <slot/port>
- Mode - Privileged EXEC
dot1x login
This command assigns the specified authentication login list to the specified user for 802.1x port security. The <user> parameter must be a configured user and the <listname> parameter must be a configured authentication login list.
- Format - dot1x login <user> <listname>
- Mode - Global Config
dot1x max-req
This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The <count> value must be in the range 1-10.
- Default - 2
- Format - dot1x max-req <count>
- Mode - Interface Config
no dot1x max-req
This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant.
- Format - no dot1x max-req
- Mode - Interface Config
dot1x port-control
This command sets the authentication mode to be used on the specified port. The control mode may be one of the following:
- force-unauthorized: The authenticator PAE unconditionally sets the controlled port to unauthorized.
- force-authorized: The authenticator PAE unconditionally sets the controlled port to authorized.
- auto: The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator and the authentication server.
Following are the format and mode for the dot1x port-control command.
- Default - auto
- Format - dot1x port-control {force-unauthorized | force-authorized | auto}
- Mode - Interface Config
no dot1x port-control
This command sets the authentication mode to be used on the specified port to 'auto'.
- Format - no dot1x port-control
- Mode - Interface Config
dot1x port-control All
This command sets the authentication mode to be used on all ports. The control mode may be one of the following.
- force-unauthorized: The authenticator PAE unconditionally sets the controlled port to unauthorized.
- force-authorized: The authenticator PAE unconditionally sets the controlled port to authorized.
- auto: The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator and the authentication server.
Following are the format and mode for the dot1x port-control All command.
- Default - auto
- Format - dot1x port-control all {force-unauthorized | force-authorized | auto}
- Mode - Global Config
no dot1x port-control All
This command sets the authentication mode to be used on all ports to 'auto'.
- Format - no dot1x port-control all
- Mode - Global Config
dot1x re-authenticate
This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned.
- Format - dot1x re-authenticate <slot/port>
- Mode - Privileged EXEC
dot1x re-authentication
This command enables re-authentication of the supplicant for the specified port.
- Default - disabled
- Format - dot1x re-authentication
- Mode - Interface Config
no dot1x re-authentication
This command disables re-authentication of the supplicant for the specified port.
- Format - no dot1x re-authentication
- Mode - Interface Config
dot1x system-auth-control
This command is used to enable the dot1x authentication support on the switch. By default, the authentication support is disabled. While disabled, the dot1x configuration is retained and can be changed, but is not activated.
- Default - disabled
- Format - dot1x system-auth-control
- Mode - Global Config
no dot1x system-auth-control
This command is used to disable the dot1x authentication support on the switch.
- Format - no dot1x system-auth-control
- Mode - Global Config
dot1x timeout
This command sets the value, in seconds, of the timer used by the authenticator state machine on this port. Depending on the token used and the value (in seconds) passed, various timeout configurable parameters are set. The following tokens are supported.
- reauth-period: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to determine when re-authentication of the supplicant takes place. The reauth-period must be a value in the range 1 - 65535.
- quiet-period: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant. The quiet-period must be a value in the range 0 - 65535.
- tx-period: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The quiet-period must be a value in the range 1 - 65535.
- supp-timeout: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535.
- server-timeout: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the authentication server. The supp-timeout must be a value in the range 1 - 65535.
Following are the format and mode for the dot1x timeout command.
- Defaults:
- reauth-period: 3600 seconds
- quiet-period: 60 seconds
- tx-period: 30 seconds
- supp-timeout: 30 seconds
- server-timeout: 30 seconds
- Format - dot1x timeout {{reauth-period <seconds>} | {quiet-period <seconds>} | {tx-period <seconds>} | {supp-timeout <seconds>} | {server-timeout <seconds>}}
- Mode - Interface Config
no dot1x timeout
This command sets the value, in seconds, of the timer used by the authenticator state machine on this port to the default values. Depending on the token used, the corresponding default values are set.
- Format - no dot1x timeout {reauth-period | quiet-period | tx-period | supp-timeout | server-timeout}
- Mode - Interface Config
dot1x user
This command adds the specified user to the list of users with access to the specified port or all ports. The <user> parameter must be a configured user.
- Format - dot1x user <user> {<slot/port> | all}
- Mode - Global Config
no dot1x user
This command removes the user from the list of users with access to the specified port or all ports.
- Format - no dot1x user <user> {<slot/port> | all}
- Mode - Global Config
show radius accounting
This command is used to display the configured RADIUS accounting mode, accounting server and the statistics for the configured accounting server.
- Format - show radius accounting [statistics <ipaddr>]
- Mode - Privileged EXEC
If the optional token statistics <ipaddr> is not included, then only the accounting mode and the RADIUS accounting server details are displayed.
TABLE 5-41 Entry Definitions for show radius accounting Without statistics <ipaddr> Included
Entry
|
Definition
|
Mode
|
Enabled or disabled
|
IP Address
|
The configured IP address of the RADIUS accounting server
|
Port
|
The port in use by the RADIUS accounting server
|
Secret Configured
|
Yes or No
|
If the optional token statistics <ipaddr> is included, the statistics for the configured RADIUS accounting server are displayed. The IP address parameter must match that of a previously configured RADIUS accounting server. The following information regarding the statistics of the RADIUS accounting server is displayed.
TABLE 5-42 Entry Definitions for show radius accounting With statistics <ipaddr> Included
Entry
|
Definition
|
Accounting Server IP Address
|
IP Address of the configured RADIUS accounting server
|
Round Trip Time
|
The time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from the RADIUS accounting server.
|
Requests
|
The number of RADIUS Accounting-Request packets sent to this accounting server. This number does not include retransmissions.
|
Retransmission
|
The number of RADIUS Accounting-Request packets retransmitted to this RADIUS accounting server.
|
Responses
|
The number of RADIUS packets received on the accounting port from this server.
|
Malformed Responses
|
The number of malformed RADIUS Accounting-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators and unknown types are not included as malformed accounting responses.
|
Bad Authenticators
|
The number of RADIUS Accounting-Response packets containing invalid authenticators received from this accounting server.
|
Pending Requests
|
The number of RADIUS Accounting-Request packets sent to this server that have not yet timed out or received a response.
|
Timeouts
|
The number of accounting timeouts to this server.
|
Unknown Types
|
The number of RADIUS packets of unknown types, which were received from this server on the accounting port.
|
Packets Dropped
|
The number of RADIUS packets received from this server on the accounting port and dropped for some other reason.
|
show authentication
This command displays the ordered authentication methods for all authentication login lists.
- Format - show authentication
- Mode - Privileged EXEC
TABLE 5-43 Entry Definitions for show authentication
Entry
|
Definition
|
Authentication Login List
|
This displays the authentication login listname.
|
Method 1
|
This displays the first method in the specified authentication login list, if any.
|
Method 2
|
This displays the second method in the specified authentication login list, if any.
|
Method 3
|
This displays the third method in the specified authentication login list, if any.
|
show authentication users
This command displays information about the users assigned to the specified authentication login list. If the login is assigned to non-configured users, the user “default” will appear in the user column.
- Format - show authentication users <listname>
- Mode - Privileged EXEC
TABLE 5-44 Entry Definitions for show authentication users
Entry
|
Definition
|
User
|
This field displays the user assigned to the specified authentication login list.
|
Component
|
This field displays the component (User or 802.1x) for which the authentication login list is assigned.
|
show dot1x
This command is used to show a summary of the global dot1x configuration, summary information of the dot1x configuration for a specified port or all ports, the detailed dot1x configuration for a specified port and the dot1x statistics for a specified port depending on the tokens used.
- Format - show dot1x [{summary {<slot/port> | all} | {detail <slot/port>} | {statistics <slot/port>}]
- Mode - Privileged EXEC
If none of the optional parameters are used, the global dot1x configuration summary is displayed.
TABLE 5-45 Entry Definitions for show dot1x Without Optional Parameters
Entry
|
Definition
|
Administrative mode
|
Indicates whether authentication control on the switch is enabled or disabled.
|
If the optional parameter summary {<slot/port> | all} is used, the dot1x configuration for the specified port or all ports are displayed.
TABLE 5-46 Entry Definitions for show dot1x With summary {<slot/port> | all } Parameter Used
Entry
|
Definition
|
Port
|
The interface whose configuration is displayed.
|
Control Mode
|
The configured control mode for this port. Possible values are:
- force-unauthorized
- force-authorized
- auto
|
Operating Control Mode
|
The control mode under which this port is operating. Possible values are:
|
Reauthentication Enabled
|
Indicates whether re-authentication is enabled on this port
|
Key Transmission Enabled
|
Indicates if the key is transmitted to the supplicant for the specified port
|
If the optional parameter detail <slot/port> is used, the detailed dot1x configuration for the specified port are displayed.
TABLE 5-47 Entry Definitions for show dot1x With detail <slot/port> Parameter Used
Entry
|
Definition
|
Port
|
The interface whose configuration is displayed
|
Protocol Version
|
The protocol version associated with this port. The only possible value is 1, corresponding to the first version of the dot1x specification.
|
PAE Capabilities
|
The port access entity (PAE) functionality of this port. Possible values are:
|
Authenticator PAE State
|
Current state of the authenticator PAE state machine. Possible values are:
- Initialize
- Disconnected
- Connecting
- Authenticating
- Authenticated
- Aborting
- Held
- ForceAuthorized
- ForceUnauthorized
|
Backend Authentication State
|
Current state of the backend authentication state machine. Possible values are:
- Request
- Response
- Success
- Fail
- Timeout
- Idle
- Initialize.
|
Quiet Period
|
The timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant. The value is expressed in seconds and will be in the range 0 and 65535.
|
Transmit Period
|
The timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The value is expressed in seconds and will be in the range of 1 and 65535.
|
Supplicant Timeout
|
The timer used by the authenticator state machine on this port to timeout the supplicant. The value is expressed in seconds and will be in the range of 1 and 65535.
|
Server Timeout
|
The timer used by the authenticator on this port to timeout the authentication server. The value is expressed in seconds and will be in the range of 1 and 65535.
|
Maximum Requests
|
The maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request/Identity before timing out the supplicant. The value will be in the range of 1 and 10.
|
Reauthentication Period
|
The timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place. The value is expressed in seconds and will be in the range of 1 and 65535.
|
Reauthentication Enabled
|
Indicates if reauthentication is enabled on this port. Possible values are:
|
Key Transmission Enabled
|
Indicates if the key is transmitted to the supplicant for the specified port. Possible values are:
|
Control Direction
|
Indicates the control direction for the specified port or ports. Possible values are both or in.
|
If the optional parameter statistics <slot/port> is used, the dot1x statistics for the specified port are displayed.
TABLE 5-48 Entry Definitions for show dot1x With statistics <slot/port> Parameter Used
Entry
|
Definition
|
Port
|
The interface whose statistics are displayed.
|
EAPOL Frames Received
|
The number of valid EAPOL frames of any type that have been received by this authenticator.
|
EAPOL Frames Transmitted
|
The number of EAPOL frames of any type that have been transmitted by this authenticator.
|
EAPOL Start Frames Received
|
The number of EAPOL start frames that have been received by this authenticator.
|
EAPOL Logoff Frames Received
|
The number of EAPOL logoff frames that have been received by this authenticator.
|
Last EAPOL Frame Version
|
The protocol version number carried in the most recently received EAPOL frame.
|
Last EAPOL Frame Source
|
The source MAC address carried in the most recently received EAPOL frame.
|
EAP Response/Id Frames Received
|
The number of EAP response/identity frames that have been received by this authenticator.
|
EAP Response Frames Received
|
The number of valid EAP response frames (other than resp/id frames) that have been received by this authenticator.
|
EAP Request/Id Frames Transmitted
|
The number of EAP request/identity frames that have been transmitted by this authenticator.
|
EAP Request Frames Transmitted
|
The number of EAP request frames (other than request/identity frames) that have been transmitted by this authenticator.
|
Invalid EAPOL Frames Received
|
The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized.
|
EAP Length Error Frames Received
|
The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized.
|
show dot1x users
This command displays 802.1x port security user information for locally configured users.
- Format - show dot1x users <slot/port>
- Mode - Privileged EXEC
TABLE 5-49 Entry Definitions for show dot1x users
Entry
|
Definition
|
User
|
Users configured locally to have access to the specified port.
|
show users authentication
This command displays all user and all authentication login information. It also displays the authentication login list assigned to the default user.
- Format - show users authentication
- Mode - Privileged EXEC
TABLE 5-50 Entry Definitions for show users authentication
Entry
|
Definition
|
User
|
This field lists every user that has an authentication login list assigned.
|
System Login
|
This field displays the authentication login list assigned to the user for system login.
|
802.1x Port Security
|
This field displays the authentication login list assigned to the user for 802.1x port security.
|
users defaultlogin
This command assigns the authentication login list to use for non-configured users when attempting to log in to the system. This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only.
- Format - users defaultlogin <listname>
- Mode - Global Config
users login
This command assigns the specified authentication login list to the specified user for system login. The <user> must be a configured <user> and the <listname> must be a configured login list.
If the user is assigned a login list that requires remote authentication, all access to the interface from all CLI, web, and telnet sessions will be blocked until the authentication is complete.
Note that the login list associated with the ‘admin’ user can not be changed to prevent accidental lockout from the switch.
- Format - users login <user> <listname>
- Mode - Global Config
Remote Authentication Dial In User Service (RADIUS) Commands
This section provides a detailed explanation of the RADIUS commands. The commands are divided into the following groups:
- Configuration commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting.
- Show commands are used to display switch settings, statistics and other information.
radius accounting mode
This command is used to enable the RADIUS accounting function.
- Default - disabled
- Format - radius accounting mode
- Mode - Global Config
no radius accounting mode
This command is used to set the RADIUS accounting function to the default value; that is, the RADIUS accounting function is disabled.
- Format - no radius accounting mode
- Mode - Global Config
radius server host
This command is used to configure the RADIUS authentication and accounting server.
If the 'auth' token is used, the command configures the IP address to use to connect to a RADIUS authentication server. Up to 3 servers can be configured per RADIUS client. If the maximum number of configured servers is reached, the command will fail until one of the servers is removed by executing the no form of the command. If the optional <port> parameter is used, the command will configure the UDP port number to use to connect to the configured RADIUS server. In order to configure the UDP port number, the IP address must match that of a previously configured RADIUS authentication server. The port number must lie between 1-65535, with 1812 being the default value.
If the 'acct' token is used, the command configures the IP address to use for the RADIUS accounting server. Only a single accounting server can be configured. If an accounting server is currently configured, it must be removed from the configuration using the no form of the command before this command succeeds. If the optional <port> parameter is used, the command will configure the UDP port to use to connect to the RADIUS accounting server. The IP address specified must match that of a previously configured accounting server. If a port is already configured for the accounting server then the new port will replace the previously configured value. The port must be a value in the range 1 - 65535, with 1813 being the default value.
- Format - radius server host {auth | acct} <ipaddr> [<port>]
- Mode - Global Config
no radius server host
This command is used to remove the configured RADIUS authentication server or the RADIUS accounting server. If the 'auth' token is used, the previously configured RADIUS authentication server is removed from the configuration. Similarly, if the 'acct' token is used, the previously configured RADIUS accounting server is removed from the configuration. The <ipaddr> parameter must match the IP address of the previously configured RADIUS authentication / accounting server.
- Format - no radius server host {auth | acct} <ipaddress>
- Mode - Global Config
radius server key
This command is used to configure the shared secret between the RADIUS client and the RADIUS accounting / authentication server. Depending on whether the 'auth' or 'acct' token is used, the shared secret will be configured for the RADIUS authentication or RADIUS accounting server. The IP address provided must match a previously configured server. When this command is executed, the secret will be prompted. The secret must be an alphanumeric value not exceeding 20 characters.
- Format - radius server key {auth | acct} <ipaddr>
- Mode - Global Config
radius server msgauth
This command enables the message authenticator attribute for a specified server.
- Default - radius server msgauth <ipaddr>
- Mode - Global Config
radius server primary
This command is used to configure the primary RADIUS authentication server for this RADIUS client. The primary server is the one that is used by default for handling RADIUS requests. The remaining configured servers are only used if the primary server cannot be reached. A maximum of three servers can be configured on each client. Only one of these servers can be configured as the primary. If a primary server is already configured prior to this command being executed, the server specified by the IP address specified used in this command will become the new primary server. The IP address must match that of a previously configured RADIUS authentication server.
- Format - radius server primary <ipaddr>
- Mode - Global Config
radius server retransmit
This command sets the maximum number of times a request packet is re-transmitted when no response is received from the RADIUS server. The retries value is an integer in the range of 1 to 15.
- Default - 10
- Format - radius server retransmit <retries>
- Mode - Global Config
no radius server retransmit
This command sets the maximum number of times a request packet is re-transmitted, when no response is received from the RADIUS server, to the default value, 10.
- Format - no radius server retransmit
- Mode - Global Config
radius server timeout
This command sets the timeout value (in seconds) after which a request must be retransmitted to the RADIUS server if no response is received. The timeout value is an integer in the range of 1 to 30.
- Default - 6
- Format - radius server timeout <seconds>
- Mode - Global Config
no radius server timeout
This command sets the timeout value (in seconds) after which a request must be retransmitted to the RADIUS server if no response is received, to the default value, 6.
- Format - no radius server timeout
- Mode - Global Config
show radius
This command is used to display the various RADIUS configuration items for the switch as well as the configured RADIUS servers. If the optional token servers is not included, the following RADIUS configuration items will be displayed.
- Format - show radius [servers]
- Mode - Privileged EXEC
TABLE 5-51 Entry Definitions for show radius With Token servers Not Included
Entry
|
Definition
|
Primary Server IP Address
|
Indicates the configured server currently in use for authentication
|
Number of configured servers
|
The configured IP address of the authentication server
|
Max number of retransmits
|
The configured value of the maximum number of times a request packet is retransmitted
|
Timeout Duration
|
The configured timeout value, in seconds, for request re-transmissions
|
Accounting Mode
|
Yes or No
|
If the optional token 'servers' is included, the following information regarding the configured RADIUS servers is displayed.
TABLE 5-52 Entry Definitions for show radius With Token servers Included
Entry
|
Definition
|
IP Address
|
IP Address of the configured RADIUS server
|
Port
|
The port in use by this server
|
Type
|
Primary or secondary
|
Secret Configured
|
Yes / No
|
Message Authenticator
|
Enables or disables. the message authenticator attribute for the selected server
|
show radius statistics
This command is used to display the statistics for RADIUS or configured server . To show the configured RADIUS server statistic, the IP Address specified must match that of a previously configured RADIUS server. On execution, the following fields are displayed.
- Format - show radius statistics [ipaddr]
- Mode - Privileged EXEC
If the IP address is not specified only the Invalid Server Address field is displayed. Otherwise other listed fields are displayed.
TABLE 5-53 Entry Definitions for show radius statistics
Entry
|
Definitions
|
Invalid Server Addresses
|
The number of RADIUS Access-Response packets received from unknown addresses.
|
Server IP Address
|
IP Address of the server.
|
Round Trip Time
|
The time interval, in hundredths of a second, between the most recent Access-Reply | Access-Challenge and the Access-Request that matched it from the RADIUS authentication server.
|
Access Requests
|
The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions.
|
Access Retransmission
|
The number of RADIUS Access-Request packets retransmitted to this RADIUS authentication server.
|
Access Accepts
|
The number of RADIUS Access-Accept packets, including both valid and invalid packets, which were received from this server.
|
Access Rejects
|
The number of RADIUS Access-Reject packets, including both valid and invalid packets, which were received from this server.
|
Access Challenges
|
The number of RADIUS Access-Challenge packets, including both valid and invalid packets, which were received from this server.
|
Malformed Access Responses
|
The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed access responses.
|
Bad Authenticators
|
The number of RADIUS Access-Response packets containing invalid authenticators or signature attributes received from this server.
|
Pending Requests
|
The number of RADIUS Access-Request packets destined for this server that have not yet timed out or received a response.
|
Timeouts
|
The number of authentication timeouts to this server.
|
Unknown Types
|
The number of RADIUS packets of unknown types, which were received from this server on the authentication port.
|
Packets Dropped
|
The number of RADIUS packets received from this server on the authentication port and dropped for some other reason.
|
Secure Shell (SSH) Commands
This section provides a detailed explanation of the SSH commands. The commands are divided into the following groups:
- Configuration commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting.
- Show commands are used to display switch settings, statistics and other information.
ip ssh
This command is used to enable SSH.
- Default - disabled
- Format - ip ssh
- Mode - Privileged EXEC
no ip ssh
This command is used to disable SSH.
- Format - no ip ssh
- Mode - Privileged EXEC
ip ssh protocol
This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set.
- Default - 1 and 2
- Format - ip ssh protocol [1] [2]
- Mode - Privileged EXEC
show ip ssh
This command displays the SSH settings.
- Format - show ip ssh
- Mode - Privileged EXEC
TABLE 5-54 Entry Definitions for show ip ssh
Entry
|
Definition
|
Administrative Mode
|
This field indicates whether the administrative mode of SSH is enabled or disabled.
|
Protocol Level
|
The protocol level may have the values of version 1, version 2 or both versions 1 and version 2.
|
Connections
|
This field specifies the current SSH connections.
|
Hypertext Transfer Protocol (HTTP) Commands
This section provides a detailed explanation of the HTTP commands. The commands are divided into the following groups:
- Configuration commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting.
- Show commands are used to display switch settings, statistics and other information.
ip http secure-port
This command is used to set the sslt port where port can be 1-65535 and the default is port 443.
- Default - 443
- Format - ip http secure-port <portid>
- Mode - Privileged EXEC
no ip http secure-port
This command is used to reset the sslt port to the default value.
- Format - no ip http secure-port
- Mode - Privileged EXEC
ip http secure-protocol
This command is used to set protocol levels (versions). The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3.
- Default - SSL3 and TLS1
- Format - ip http secure-protocol [SSL3] [TLS1]
- Mode - Privileged EXEC
ip http secure-server
This command is used to enable the secure socket layer for secure HTTP.
- Default - disabled
- Format - ip http secure-server
- Mode - Privileged EXEC
no ip http secure-server
This command is used to disable the secure socket layer for secure HTTP.
- Format - ip http secure-server
- Mode - Privileged EXEC
ip http server
This command enables access to the switch through the Web interface. When access is enabled, the user can login to the switch from the Web interface. When access is disabled, the user cannot login to the switch's Web server.
Disabling the Web interface takes effect immediately. All interfaces are effected.
- Default - enabled
- Format - ip http server
- Mode - Privileged EXEC
no ip http server
This command disables access to the switch through the Web interface. When access is disabled, the user cannot login to the switch's Web server.
- Format - no ip http server
- Mode - Privileged EXEC
show ip http
This command displays the http settings for the switch.
- Format - show ip http
- Mode - Privileged EXEC
TABLE 5-55 Entry Definitions for show ip http
Entry
|
Definition
|
Secure-Server Administrative Mode
|
This field indicates whether the administrative mode of secure HTTP is enabled or disabled.
|
Secure Protocol Level
|
The protocol level may have the values of SSL3, TSL1, or both SSL3 and TSL1.
|
Secure Port
|
This field specifies the port configured for SSLT.
|
HTTP Mode
|
This field indicates whether the HTTP mode is enabled or disabled.
|
DHCP Server Commands
These commands configure the DHCP Server parameters and address pools. The commands are divided by functionality into these different groups:
- Configuration Commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting.
- Show commands are used to display switch settings, statistics and other information.
- Clear commands clear some or all of the settings to factory defaults.
client-identifier
This command specifies the unique identifier for a DHCP client. Unique-identifier is a valid notation in hexadecimal format. In some systems, such as Microsoft DHCP clients, the client identifier is required instead of hardware addresses. The unique-identifier is a concatenation of the media type and the MAC address. For example, the Microsoft client identifier for Ethernet address c819.2488.f177 is 01c8.1924.88f1.77 where 01 represents the Ethernet media type. Refer to the "Address Resolution Protocol Parameters" section of RFC 1700, Assigned Numbers for a list of media type codes.
- Default - None
- Format - client-identifier <uniqueidentifier>
- Mode - DHCP Pool Config
no client-identifier
This command deletes the client identifier.
- Format - no client-identifier
- Mode - DHCP Pool Config
client-name
This command specifies the name for a DHCP client. Name is a string consisting of standard ASCII characters.
- Default - None
- Format - client-name <name>
- Mode - DHCP Pool Config
no client-name
This command removes the client name.
- Format - no client-name
- Mode - DHCP Pool Config
default-router
This command specifies the default router list for a DHCP client. {address1, address2... address8} are valid IP addresses, each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid.
- Default - None
- Format - default-router <address1> [<address2>....<address8>]
- Mode - DHCP Pool Config
no default-router
This command removes the default router list.
- Format - no default-router
- Mode - DHCP Pool Config
dns-server
This command specifies the IP servers available to a DHCP client. Address parameters are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid.
- Default - none
- Format - dns-server <address1> [<address2>....<address8>]
- Mode - DHCP Pool Config
no dns-server
This command removes the DNS Server list.
- Format - no dns-server
- Mode - DHCP Pool Config
hardware-address
This command specifies the hardware address of a DHCP client.
Hardware-address is the MAC address of the hardware platform of the client consisting of 6 bytes in dotted hexadecimal format.
Type indicates the protocol of the hardware platform. It is 1 for 10 MB Ethernet and 6 for IEEE 802.
- Default - ethernet
- Format - hardware-address <hardwareaddress> [type]
- Mode - DHCP Pool Config
no hardware-address
This command removes the hardware address of the DHCP client.
- Format - no hardware-address
- Mode - DHCP Pool Config
host
This command specifies the IP address and network mask for a manual binding to a DHCP client. Address and Mask are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid.
The prefix-length is an integer from 0 to 32.
- Default - none
- Format - host <address> [mask | prefix-length]
- Mode - DHCP Pool Config
no host
This command removes the IP address of the DHCP client.
- Format - no host
- Mode - DHCP Pool Config
ip dhcp excluded-address
This command specifies the IP addresses that a DHCP server should not assign to DHCP clients. Low-address and high-address are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid.
- Default - none
- Format - ip dhcp excluded-address <lowaddress> [highaddress]
- Mode - Global Config
no ip dhcp excluded-address
This command removes the excluded IP addresses for a DHCP client. Low-address and high-address are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid.
- Format - no ip dhcp excluded-address <lowaddress> [highaddress]
- Mode - Global Config
ip dhcp ping packets
This command is used to specify the number in a range from 2-10, of packets a DHCP server sends to a pool address as part of a ping operation. Setting the number of ping packets to 0 is the same as ‘no ip dhcp ping packets’ and will prevent the server from pinging pool addresses.
- Default - 2
- Format - ip dhcp ping packets <0,2-10>
- Mode - Global Config
no ip dhcp ping packets
This command prevents the server from pinging pool addresses and will set the number of packets to 0.
- Default - 0
- Format - no ip dhcp ping packets
- Mode - Global Config
ip dhcp pool
This command configures a DHCP address pool name on a DHCP server and enters DHCP pool configuration mode.
- Default - none
- Format - ip dhcp pool <name>
- Mode - Global Config Mode
no ip dhcp pool
This command removes the DHCP address pool. The name should be previously configured pool name.
- Format - no ip dhcp pool <name>
- Mode - Global Config Mode
lease
This command configures the duration of the lease for an IP address that is assigned from a DHCP server to a DHCP client. The overall lease time should be between 1-86400 minutes. If infinite is specified, lease is set for 60 days. Days is an integer from 0 to 59. Hours is an integer from 0 to 1439. Minutes is an integer from 0 to 86399.
- Default - 1 (day)
- Format - lease {[<days> [hours] [minutes]] | [infinite]}
- Mode - DHCP Pool Config
no lease
This command restores the default value of the lease time for DHCP Server.
- Format - no lease
- Mode - DHCP Pool Config
network
This command is used to configure the subnet number and mask for a DHCP address pool on the server. Network-number is a valid IP address, made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Mask is the IP subnet mask for the specified address pool. The prefix-length is an integer from 0 to 32.
- Default - none
- Format - network <networknumber> [mask | prefixlength]
- Mode - DHCP Pool Config
no network
This command removes the subnet number and mask.
- Format - no network
- Mode - DHCP Pool Config
service dhcp
This command enables the DHCP server and relay agent features on the router.
- Default - disabled
- Format - service dhcp
- Mode - Global Config
no service dhcp
This command disables the DHCP server and relay agent features.
- Format - no service dhcp
- Mode - Global Config
bootfile
The command specifies the name of the default boot image for a DHCP client. The <filename> specifies the boot image file.
- Default - none
- Format - bootfile <filename>
- Mode - DHCP Pool Config
no bootfile
This command deletes the boot image name.
- Format - no bootfile
- Mode - DHCP Pool Config
domain-name
This command specifies the domain name for a DHCP client. The <domain> specifies the domain name string of the client.
- Default - none
- Format - domain-name <domain>
- Mode - DHCP Pool Config
no domain-name
This command removes the domain name.
- Format - no domain-name
- Mode - DHCP Pool Config
ip dhcp bootp automatic
This command enables the allocation of the addresses to the bootp client. The addresses are from the automatic address pool.
- Default - disable
- Format - ip dhcp bootp automatic
- Mode - Global Config
no ip dhcp bootp automatic
This command disables the allocation of the addresses to the bootp client. The address are from the automatic address pool.
- Format - no ip dhcp bootp automatic
- Mode - Global Config
ip dhcp conflict logging
This command enables conflict logging on DHCP server.
- Default - enabled
- Format - ip dhcp conflict logging
- Mode - Global Config
no ip dhcp conflict logging
This command disables conflict logging on DHCP server.
- Format - no ip dhcp conflict logging
- Mode - Global Config
netbios-name-server
This command configures NetBIOS Windows Internet Naming Service (WINS) name servers that are available to DHCP clients.
One IP address is required, although one can specify up to eight addresses in one command line. Servers are listed in order of preference (address1 is the most preferred server, address2 is the next most preferred server, and so on).
- Default - none
- Format - netbios-name-server <address> [<address2>...<address8>]
- Mode - DHCP Pool Config
no netbios-name-server
This command removes the NetBIOS name server list.
- Format - no netbios-name-server
- Mode - DHCP Pool Config
netbios-node-type
The command configures the NetBIOS node type for Microsoft Dynamic Host Configuration Protocol (DHCP) clients.type Specifies the NetBIOS node type. Valid types are:
- b-node - Broadcast
- p-node - Peer-to-peer
- m-node - Mixed
- h-node - Hybrid (recommended)
Following are the formats and modes for the netbios-node-type command.
- Default - none
- Format - netbios-node-type <type>
- Mode - DHCP Pool Config
no netbios-node-type
This command removes the NetBIOS node Type.
- Format - no netbios-node-type
- Mode - DHCP Pool Config
next-server
This command configures the next server in the boot process of a DHCP client.
Address is the IP address of the next server in the boot process, which is typically a Trivial File Transfer Protocol (TFTP) server.
- Default - If the next-server command is not used to configure a boot server list, the DHCP Server uses inbound interface helper addresses as boot servers.
- Format - next-server <address>
- Mode - DHCP Pool Config
no next-server
This command removes the boot server list.
- Format - no next-server
- Mode - DHCP Pool Config
option
The command configures DHCP Server options. Code specifies the DHCP option code. Ascii string specifies an NVT ASCII character string. ASCII character strings that contain white space must be delimited by quotation marks. Hex string specifies hexadecimal data. in hexadecimal character strings is two hexadecimal digits--each byte can be separated by a period, colon, or white space.
Example :a3:4f:22:0c / a3 4f 22 0c / a34f.220c.9fed The <address> specifies an IP address.
- Default - none
- Format - option <code> {ascii string | hex <string1> [<string2>...<string8> ] | ip <address1> [<address2>...<address8> ]}
- Mode - DHCP Pool Config
no option
This command removes the options.
- Format - no option <code>
- Mode - DHCP Pool Config
show ip dhcp binding
This command displays address bindings for the specific IP address on the DHCP server. If no IP address is specified, the bindings corresponding to all the addresses are displayed.
- Format - show ip dhcp binding [address]
- Mode - Privileged EXEC and User EXEC
TABLE 5-56 Entry Definitions for show ip dhcp binding
Entry
|
Definition
|
IP address
|
The IP address of the client.
|
Hardware Address
|
The MAC Address or the client identifier.
|
Lease expiration
|
The lease expiration time of the IP Address assigned to the client.
|
Type
|
The manner in which IP Address was assigned to the client.
|
show ip dhcp global configuration
This command displays address bindings for the specific IP address on the DHCP server. If no IP address is specified, the bindings corresponding to all the addresses are displayed.
- Format - show ip dhcp global configuration
- Mode - Privileged EXEC and User EXEC
TABLE 5-57 Entry Definitions for show ip dhcp global configuration
Entry
|
Definition
|
Service DHCP
|
The field to display the status of dhcp protocol.
|
Number of Ping Packets
|
The maximum number of Ping Packets that will be sent to verify that an ip address id not already assigned.
|
Excluded Address
|
The ranges of IP addresses that a DHCP server should not assign to DHCP clients.
|
show ip dhcp pool configuration
This command displays pool configuration. If all is specified, configuration for all the pools is displayed.
- Format - show ip dhcp pool configuration {<name> | all}
- Mode - Privileged EXEC and User EXEC
TABLE 5-58 Entry Definitions for show ip dhcp pool configuration
Entry
|
Definition
|
Pool Name
|
The name of the configured pool.
|
Pool Type
|
The pool type.
|
Lease Time
|
The lease expiration time of the IP Address assigned to the client.
|
DNS Servers
|
The list of DNS servers available to the DHCP client
|
Default Routers
|
The list of the default routers available to the DHCP client Following additional field is displayed for Dynamic pool type:
|
Network
|
The network number and the mask for the DHCP address pool. Following additional fields are displayed for Manual pool type:
|
Client Name
|
The name of a DHCP client.
|
Client Identifier
|
The unique identifier of a DHCP client.
|
Hardware Address
|
The hardware address of a DHCP client.
|
Hardware Address Type
|
The protocol of the hardware platform.
|
Host
|
The IP address and the mask for a manual binding to a DHCP client.
|
The following additional field is displayed for Dynamic pool type:
TABLE 5-59 Field for Dynamic pool type for show ip dhcp pool configuration
Entry
|
Definition
|
Network
|
The network number and the mask for the DHCP address pool.
|
Following additional fields are displayed for Manual pool type:
TABLE 5-60 Field for Manual pool type for show ip dhcp pool configuration
Entry
|
Definition
|
Client Name
|
The name of a DHCP client.
|
Client Identifier
|
The unique identifier of a DHCP client.
|
Hardware Address
|
The hardware address of a DHCP client.
|
Hardware Address Type
|
The protocol of the hardware platform.
|
Host
|
The IP address and the mask for a manual binding to a DHCP client.
|
show ip dhcp server statistics
This command displays DHCP server statistics.
- Format - show ip dhcp server statistics
- Mode - Privileged EXEC and User EXEC
TABLE 5-61 Entry Definitions for show ip dhcp server statistics
Entry
|
Defintion
|
Address Pool
|
The number of configured address pools in the DHCP server.
|
Automatic bindings
|
The number of IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database.
|
Manual bindings
|
The number of IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database.
|
Expired bindings
|
The number of expired leases.
|
Malformed messages
|
The number of truncated or corrupted messages that were received by the DHCP server.
|
Following are the possible messages received from the show ip dhcp server statistics command.
TABLE 5-62 Possible Messages Received for show ip dhcp server statistics
Message
|
Definition
|
DHCPREQUEST
|
The number of DHCPREQUEST messages that were received by the server.
|
DHCPDECLINE
|
The number of DHCPDECLINE messages that were received by the server.
|
DHCPRELEASE
|
The number of DHCPRELEASE messages that were received by the server.
|
DHCPINFORM
|
The number of DHCPINFORM messages that were received by the server.
|
Following are the possible messages sent from the show ip dhcp server statistics command.
TABLE 5-63 Possible Messages Sent for show ip dhcp server statistics
Message
|
Definition
|
DHCPOFFER
|
The number of DHCPOFFER messages that were sent by the server.
|
DHCPACK
|
The number of DHCPPACK messages that were sent by the server.
|
DHCPNACK
|
The number of DHCPNACK messages that were sent by the server.
|
show ip dhcp conflict
This command displays address conflicts logged by the DHCP Server. If no IP address is specified, all the conflicting addresses are displayed.
- Format - show ip dhcp conflict [ip-address]
- Mode - Privileged EXEC and User EXEC
TABLE 5-64 Entry Definitions for show ip dhcp conflict
Entry
|
Definition
|
IP address
|
The IP address of the host as recorded on the DHCP server.
|
Detection Method
|
The manner in which the IP address of the hosts were found on the DHCP Server
|
Detection time
|
The time when the conflict was found.
|
clear ip dhcp binding
This command deletes an automatic address binding from the DHCP server database. If “*” is specified, the bindings corresponding to all the addresses are deleted. <address> is a valid IP address made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid.
- Default - none
- Format - clear ip dhcp binding {address | *}
- Mode - Privileged EXEC
clear ip dhcp server statistics
This command clears DHCP server statistics counters.
- Format - clear ip dhcp server statistics
- Mode - Privileged EXEC
clear ip dhcp conflict
The command is used to clear an address conflict from the DHCP Server database. The server detects conflicts using a ping. DHCP server clears all conflicts If the asterisk (*) character is used as the address parameter.
- Default - none
- Format - clear ip dhcp conflict {<address> | *}
- Mode - Privileged EXEC
Double VLAN Commands
This chapter provides a detailed explanation of the Double VLAN (dvlan) commands. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
dvlan-tunnel customer-id
This command configures the customer identification for the Double VLAN tunnel on the specified interface. The customer ID may have the value 0 to 4095. The default value of the customer ID is 0.
- Default - 0
- Format - dvlan-tunnel customer-id <0-4095>
- Mode - Interface Config
no dvlan-tunnel customer-id
This command configures the customer identification for the Double VLAN tunnel on the specified interface to its default value.
- Format - no dvlan-tunnel customer-id
- Mode - Interface Config
dvlan-tunnel etherType
This command configures the ether-type for the specified interface. The ether-type may have the values of 802.1Q, vMAN, or custom. If the ether-type has a value of custom, the optional value of the custom ether type must be set to a value from 0 to 65535.
- Default - vman
- Format - dvlan-tunnel etherType <802.1Q | vman | custom> [0-65535]
- Mode - Interface Config
no dvlan-tunnel etherType
This command configures the ether-type for the specified interface to its default value.
- Format - no dvlan-tunnel etherType
- Mode - Interface Config
mode dot1q-tunnel
This command is used to enable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
- Default - disabled
- Format - mode dot1q-tunnel
- Mode - Interface Config
no mode dot1q-tunnel
This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
- Format - no mode dot1q-tunnel
- Mode - Interface Config
mode dvlan-tunnel
This command is used to enable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
- Default - disabled
- Format - mode dvlan-tunnel
- Mode - Interface Config
no mode dvlan-tunnel
This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
- Format - no mode dvlan-tunnel
- Mode - Interface Config
show dot1q-tunnel
This command displays all interfaces enabled for Double VLAN Tunneling.
- Format - show dot1q-tunnel
- Mode - Privileged EXEC and User EXEC
TABLE 5-65 Entry Definitions for show dot1q-tunnel
Entry
|
Definition
|
Slot/Port
|
Valid slot and port number separated by forward slashes.
|
show dot1q-tunnel interface
This command displays detailed information about Double VLAN Tunneling for the specified interface.
- Format - show dot1q-tunnel interface <slot/port>
- Mode - Privileged EXEC and User EXEC
TABLE 5-66 Entry Definitions for show dot1q-tunnel interface
Entry
|
Defintion
|
Slot/Port
|
Valid slot and port number separated by forward slashes.
|
Mode
|
This field specifies the administrative mode through which Double VLAN Tunneling can be enabled or disabled. The default value for this field is disabled.
|
Customer Id
|
This is a 12-bit customer ID which will be used as the last 12 bits of the Double VLAN Tunnel. The valid range for a customer ID is 0 to 4095.
|
EtherType
|
This field represents a 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three different EtherType tags. The first is 802.1Q, which represents the commonly used value of 0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If EtherType is not one of these two values, then it is a custom tunnel value, representing any value in the range of 0 to 65535.
|
show dvlan-tunnel
This command displays all interfaces enabled for Double VLAN Tunneling.
- Format - show dvlan-tunnel
- Mode - Privileged EXEC and User EXEC
TABLE 5-67 Entry Definitions for show dvlan-tunnel
Entry
|
Definition
|
Slot/Port
|
Valid slot and port number separated by forward slashes.
|
show dvlan-tunnel interface
This command displays detailed information about Double VLAN Tunneling for the specified interface.
- Format - show dvlan-tunnel interface <slot/port>
- Mode - Privileged EXEC and User EXEC
TABLE 5-68 Entry Definitions for show dvlan-tunnel interface
Entry
|
Definition
|
Slot/Port
|
Valid slot and port number separated by forward slashes.
|
Mode
|
This field specifies the administrative mode through which Double VLAN Tunneling can be enabled or disabled. The default value for this field is disabled.
|
Customer Id
|
This is a 12-bit customer ID which will be used as the last 12 bits of the DVLAN Tunnel. The valid range for a customer ID is 0 to 4095.
|
EtherType
|
This field represents a 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three different EtherType tags. The first is 802.1Q, which represents the commonly used value of 0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If EtherType is not one of these two values, then it is a custom tunnel value, representing any value in the range of 0 to 65535.
|
Provisioning (IEEE 802.1p) Commands
This chapter provides a detailed explanation of the Provisioning commands. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
classofservice dot1pmapping
This command maps an 802.1p priority to an internal traffic class for a device when in ‘Global Config’ mode. The number of available traffic classes may vary with the platform. Userpriority and trafficclass can both be the range from 0-7. The command is only available on platforms that support priority to traffic class mapping on a ‘per-port’ basis, and the number of available traffic classes may vary with the platform.
- Format - classofservice dot1pmapping <userpriority> <trafficclass>
- Mode - Global Config or Interface Config
show classofservice dot1pmapping
This command displays the current 802.1p priority mapping to internal traffic classes for a specific interface. The slot/port parameter is required on platforms that support priority to traffic class mapping on a ‘per-port’ basis.
Platforms that support priority to traffic class mapping on a per-port basis:
- Format - show classofservice dot1pmapping <slot/port>
Platforms that do not support priority to traffic class mapping on a per-port basis:
- Format - show classofservice dot1pmapping
- Mode - Privileged EXEC and User EXEC
vlan port priority all
This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. The range for the priority is 0-7. Any subsequent per port configuration will override this configuration setting.
- Format - vlan port priority all <priority>
- Mode - Global Config
vlan priority
This command configures the default 802.1p port priority assigned for untagged packets for a specific interface. The range for the priority is 0-7
- Default - 0
- Format - vlan priority <priority>
- Mode - Interface Config
GARP Commands
This chapter provides a detailed explanation of the GARP commands. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
set garp timer join
This command sets the GVRP join time per port and per GARP. Join time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering) membership for a VLAN or multicast group.
This command has an effect only when GVRP is enabled. The time is from 10 to 100 (centiseconds). the value 20 centiseconds is 0.2 seconds.
- Default - 20
- Format - set garp timer join <10-100>
- Mode - Interface Config
no set garp timer join
This command sets the GVRP join time per port and per GARP to 20 centiseconds (0.2 seconds). This command has an effect only when GVRP is enabled.
- Format - no set garp timer join
- Mode - Interface Config
set garp timer join all
This command sets the GVRP join time for all ports and per GARP. Join time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering) membership for a VLAN or multicast group.
This command has an effect only when GVRP is enabled. The time is from 10 to 100 (centiseconds). The value 20 centiseconds is 0.2 seconds.
- Default - 20
- Format - set garp timer join all <10-100>
- Mode - Global Config
no set garp timer join all
This command sets the GVRP join time for all ports and per GARP to 20 centiseconds (0.2 seconds). This command has an effect only when GVRP is enabled.
- Format - no set garp timer join all
- Mode - Global Config
set garp timer leave
This command sets the GVRP leave time per port. Leave time is the time to wait after receiving an unregister request for a VLAN or a multicast group before deleting the VLAN entry. This can be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service.time is 20 to 600 (centiseconds). The value 60 centiseconds is 0.6 seconds.
Note - This command has an effect only when GVRP is enabled.
|
- Default - 60
- Format - set garp timer leave <20-600>
- Mode - Interface Config
no set garp timer leave
This command sets the GVRP leave time per port to 60 centiseconds (0.6 seconds).
Note - This command has an effect only when GVRP is enabled.
|
- Format - no set garp timer leave
- Mode - Interface Config
set garp timer leave all
This command sets the GVRP leave time for all ports. Leave time is the time to wait after receiving an unregister request for a VLAN or a multicast group before deleting the VLAN entry. This can be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service.time is 20 to 600 (centiseconds). The value 60 centiseconds is 0.6 seconds.
Note - This command has an effect only when GVRP is enabled.
|
- Default - 60
- Format - set garp timer leave all <20-600>
- Mode - Global Config
no set garp timer leave all
This command sets the GVRP leave time for all ports to the default 60 centiseconds (0.6 seconds).
Note - This command has an effect only when GVRP is enabled.
|
- Format - no set garp timer leave all
- Mode - Global Config
set garp timer leaveall
This command sets how frequently Leave All PDUs are generated per port. A Leave All PDU indicates that all registrations will be unregistered. Participants would need to rejoin in order to maintain registration. The value applies per port and per GARP participation. The time may range from 200 to 6000 (centiseconds). The value 1000 centiseconds is 10 seconds.
Note - This command has an effect only when GVRP is enabled.
|
- Default - 1000
- Format - set garp timer leaveall <200-6000>
- Mode - Interface Config
no set garp timer leaveall
This command sets how frequently Leave All PDUs are generated per port to 1000 centiseconds (10 seconds). .
Note - This command has an effect only when GVRP is enabled.
|
- Format - no set garp timer leaveall
- Mode - Interface Config
set garp timer leaveall all
This command sets how frequently Leave All PDUs are generated for all ports. A Leave All PDU indicates that all registrations will be unregistered. Participants would need to rejoin in order to maintain registration. The value applies per port and per GARP participation. The time may range from 200 to 6000 (centiseconds). The value 1000 centiseconds is 10 seconds.
Note - This command has an effect only when GVRP is enabled.
|
- Default - 1000
- Format - set garp timer leaveall all <200-6000>
- Mode - Global Config
no set garp timer leaveall all
This command sets how frequently Leave All PDUs are generated for all ports to 1000 centiseconds (10 seconds).
Note - This command has an effect only when GVRP is enabled.
|
- Format - no set garp timer leaveall all
- Mode - Global Config
show garp
This command displays Generic Attributes Registration Protocol (GARP) information.
- Format - show garp
- Mode - Privileged EXEC and User EXEC
TABLE 5-69 Entry Definitions for show garp
Entry
|
Definition
|
GMRP Admin Mode
|
This displays the administrative mode of GARP Multicast Registration Protocol (GMRP) for the system.
|
GVRP Admin Mode
|
This displays the administrative mode of GARP VLAN Registration Protocol (GVRP) for the system
|
GARP VLAN Registration Protocol (GVRP) Commands
This chapter provides a detailed explanation of the GVRP commands. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
set gvrp adminmode
This command enables GVRP.
- Default - disabled
- Format - set gvrp adminmode
- Mode - Privileged EXEC
no set gvrp adminmode
This command disables GVRP.
- Format - no set gvrp adminmode
- Mode - Privileged EXEC
set gvrp interfacemode
This command enables GVRP (GARP VLAN Registration Protocol) for a specific port.
- Default - disabled
- Format - set gvrp interfacemode
- Mode - Interface Config
no set gvrp interfacemode
This command disables GVRP (GARP VLAN Registration Protocol) for a specific port. If GVRP is disabled, Join Time, Leave Time and Leave All Time have no effect.
- Format - no set gvrp interfacemode
- Mode - Interface Config
set gvrp interfacemode all
This command enables GVRP (GARP VLAN Registration Protocol) for all ports.
- Default - disabled
- Format - set gvrp interfacemode all
- Mode - Global Config
no set gvrp interfacemode all
This command disables GVRP (GARP VLAN Registration Protocol) for all ports. If GVRP is disabled, Join Time, Leave Time and Leave All Time have no effect.
- Format - no set gvrp interfacemode all
- Mode - Global Config
show gvrp configuration
This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces.
- Format - show gvrp configuration {<slot/port> | all}
- Mode - Privileged EXEC and User EXEC
TABLE 5-70 Entry Definitions for show gvrp configuration
Entry
|
Definition
|
Interface
|
Valid slot and port number separated by forward slashes.
|
Join Timer
|
Specifies the interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
|
Leave Timer
|
Specifies the period of time to wait after receiving an unregister request for an attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds). The factory default is 60 centiseconds (0.6 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
|
LeaveAll Timer
|
This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. There is an instance of this timer on a per-Port, per-GARP participant basis. The Leave All Period Timer is set to a random value in the range of LeaveAll-Time to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60 seconds). The factory default is 1000 centiseconds (10 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
|
Port GMRP Mode
|
Indicates the GMRP administrative mode for the port. It may be enabled or disabled. If this parameter is disabled, Join Time, Leave Time and Leave All Time have no effect. The factory default is disabled.
|
GARP Multicast Registration Protocol (GMRP) Commands
This chapter provides a detailed explanation of the GMRP commands. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
set gmrp adminmode
This command enables GARP Multicast Registration Protocol (GMRP) on the system. The default value is disable.
- Format - set gmrp adminmode
- Mode - Privileged EXEC
no set gmrp adminmode
This command disables GARP Multicast Registration Protocol (GMRP) on the system.
- Format - no set gmrp adminmode
- Mode - Privileged EXEC
set gmrp interfacemode
This command enables GARP Multicast Registration Protocol on a selected interface. If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality will be disabled on that interface. GARP functionality will subsequently be re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled.
- Default - disabled
- Format - set gmrp interfacemode
- Mode - Interface Config
no set gmrp interfacemode
This command disables GARP Multicast Registration Protocol on a selected interface. If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality will be disabled on that interface. GARP functionality will subsequently be re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled.
- Format - no set gmrp interfacemode
- Mode - Interface Config
set gmrp interfacemode all
This command enables GARP Multicast Registration Protocol on all interfaces. If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality will be disabled on that interface. GARP functionality will subsequently be re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled.
- Default - disabled
- Format - set gmrp interfacemode all
- Mode - Global Config
no set gmrp interfacemode all
This command disables GARP Multicast Registration Protocol on a selected interface.
- Format - no set gmrp interfacemode all
- Mode - Global Config
show gmrp configuration
This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces.
- Format - show gmrp configuration {<slot/port> | all}
- Mode - Privileged EXEC and User EXEC
TABLE 5-71 Entry Definitions for show gmrp configuration
Entry
|
Definition
|
Interface
|
This displays the slot/port of the interface that this row in the table describes.
|
Join Timer
|
Specifies the interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
|
Leave Timer
|
Specifies the period of time to wait after receiving an unregister request for an attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds). The factory default is 60 centiseconds (0.6 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
|
LeaveAll Timer
|
This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. There is an instance of this timer on a per-Port, per-GARP participant basis. The Leave All Period Timer is set to a random value in the range of LeaveAll-Time to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60 seconds). The factory default is 1000 centiseconds (10 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
|
Port GMRP Mode
|
Indicates the GMRP administrative mode for the port. It may be enabled or disabled. If this parameter is disabled, Join Time, Leave Time and Leave All Time have no effect. The factory default is disabled.
|
show mac-address-table gmrp
This command displays the GARP Multicast Registration Protocol (GMRP) entries in the Multicast Forwarding Database (MFDB) table.
- Format - show mac-address-table gmrp
- Mode - Privileged EXEC
TABLE 5-72 Entry Definitions for show mac-address-table gmrp
Entry
|
Definition
|
Mac Address
|
A unicast MAC address for which the switch has forwarding and or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes.
|
Type
|
This displays the type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol.
|
Description
|
The text description of this multicast table entry.
|
Interfaces
|
The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
|
Internet Group Management Protocol (IGMP) Commands
This chapter provides a detailed explanation of the IGMP commands. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
set igmp
This command enables IGMP Snooping on the system. The default value is disable.
The IGMP application supports the following:
- Global configuration or per interface configuration. Per VLAN configuration is unsupported in the IGMP snooping application.
- Validation of the IP header checksum (as well as the IGMP header checksum) and discarding of the frame upon checksum error.
- Maintenance of the forwarding table entries based on the MAC address versus the IP address.
- Flooding of unregistered multicast data packets to all ports in the VLAN.
Following are the format and mode for the set igmp command.
- Format - set igmp
- Mode - Global Config
no set igmp
This command disables IGMP Snooping on the system.
- Format - no set igmp
- Mode - Global Config
set igmp
This command enables IGMP Snooping on a selected interface. If an interface which has IGMP Snooping enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), IGMP Snooping functionality will be disabled on that interface. IGMP Snooping functionality will subsequently be re-enabled if routing is disabled or port-channel (LAG) membership is removed from an interface that has IGMP Snooping enabled.
- Default - Disabled
- Format - set igmp
- Mode - Interface Config
no set igmp
This command disables IGMP Snooping on a selected interface.
- Format - no set igmp
- Mode - Interface Config
set igmp groupmembershipinterval
This command sets the IGMP Group Membership Interval time on the system. The Group Membership Interval time is the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface before deleting the interface from the entry. This value must be greater than the IGMP Maximum Response time value. The range is 2 to 3600 seconds.
- Default - 260
- Format - set igmp groupmembershipinterval <2-3600>
- Mode - Global Config
no set igmp groupmembershipinterval
This command sets the IGMP Group Membership Interval time on the system to 260 seconds.
- Format - no set igmp groupmembershipinterval
- Mode - Global Config
set igmp interfacemode all
This command enables IGMP Snooping on all interfaces. If an interface which has IGMP Snooping enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), IGMP Snooping functionality will be disabled on that interface. IGMP Snooping functionality will subsequently be re-enabled if routing is disabled or port-channel (LAG) membership is removed from an interface that has IGMP Snooping enabled.
- Default - disabled
- Format - set igmp interfacemode all
- Mode - Global Config
no set igmp interfacemode all
This command disables IGMP Snooping on all interfaces.
- Format - no set igmp interfacemode all
- Mode - Global Config
set igmp maxresponse
This command sets the IGMP Maximum Response time on the system. The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface. This value must be less than the IGMP Query Interval time value. The range is 1 to 3599 seconds.
- Default - 10
- Format - set igmp maxresponse <1-3599>
- Mode - Global Config
no set igmp maxresponse
This command sets the IGMP Maximum Response time on the system to 10 seconds.
- Format - no set igmp maxresponse
- Mode - Global Config
set igmp mcrtrexpiretime
This command sets the Multicast Router Present Expiration time on the system. This is the amount of time in seconds that a switch will wait for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached. The range is 0 to 3600 seconds. A value of 0 indicates an infinite timeout; that is, no expiration.
- Default - 0
- Format - set igmp mcrtrexpiretime <0-3600>
- Mode - Global Config
no set igmp mcrtrexpiretime
This command sets the Multicast Router Present Expiration time on the system to 0. A value of 0 indicates an infinite timeout; that is, no expiration.
- Format - no set igmp mcrtrexpiretime
- Mode - Global Config
show igmpsnooping
This command displays IGMP Snooping information. Configured information is displayed whether or not IGMP Snooping is enabled. Status information is only displayed when IGMP Snooping is enabled.
- Format - show igmpsnooping
- Mode - Privileged EXEC
TABLE 5-73 Entry Definitions for show igmpsnooping
Entry
|
Definition
|
Admin Mode
|
This indicates whether or not IGMP Snooping is active on the switch.
|
Group Membership Interval
|
This displays the IGMP Query Interval Time. This is the amount of time a switch will wait for a report for a particular group on a particular interface before it sends a query on that interface. This value may be configured
|
Max Response Time
|
This displays the amount of time the switch will wait after sending a query on an interface because it did not receive a report for a particular group on that interface. This value may be configured.
|
Multicast Router Present Expiration Time
|
If a query is not received on an interface within this amount of time, the interface is removed from the list of interfaces with multicast routers attached. This value may be configured.
|
Interfaces Enabled for IGMP Snooping
|
This is the list of interfaces on which IGMP Snooping is enabled.
|
Multicast Control Frame Count
|
This displays the number of multicast control frames that are processed by the CPU.
|
show mac-address-table igmpsnooping
This command displays the IGMP Snooping entries in the Multicast Forwarding Database (MFDB) table.
- Format - show mac-address-table igmpsnooping
- Mode - Privileged EXEC
TABLE 5-74 Entry Definitions for show mac-address-table igmpsnooping
Entry
|
Definition
|
Mac Address
|
A multicast MAC address for which the switch has forwarding and or filtering information. The format is two-digit hexadecimal numbers that are separated by colons, for example 01:00:5E:37:37:AB. In an IVL system the MAC address will be displayed as a MAC address and VLAN ID combination of 8 bytes.
|
Type
|
This displays the type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol.
|
Description
|
The text description of this multicast table entry.
|
Interfaces
|
The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
|
Spanning Tree (STP) Commands
This section provides a detailed explanation of the Spanning Tree commands. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
Note - The FASTPATH software platform STP default mode is IEEE 802.1s, but the legacy IEEE 802.1D mode is available. To change to the legacy IEEE 802.1D mode, set the STP operational mode to disabled, then enable the IEEE 802.1D mode from the source code. Recompile the FASTPATH software to operationally enable the IEEE 802.1D mode. With the IEEE 802.1D mode operationally enabled, the rapid configuration and multiple instances features are not available. If the rapid configuration and multiple instances capabilities are required, use the IEEE 802.1s mode which is compatible with the legacy IEEE 802.1D standard.
|
spanning-tree max-hops
This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. The max-hops value is in a range of 1 to 127.
- Default - 20
- Format - spanning-tree max-hops <1-127>
- Mode - Global Config
no spanning-tree max-hops
This command sets the Bridge Max Hops parameter for the common and internal spanning tree to the default value.
- Format - no spanning-tree max-hops
- Mode - Global Config
spanning-tree
This command sets the spanning-tree operational mode to enabled.
- Default - disabled
- Format - spanning-tree
- Mode - Global Config
no spanning-tree
This command sets the spanning-tree operational mode to disabled. While disabled, the spanning-tree configuration is retained and can be changed, but is not activated.
- Format - no spanning-tree
- Mode - Global Config
spanning-tree configuration name
This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using. The <name> is a string of at most 32 characters.
- Default - The base MAC address displayed using hexadecimal notation as specified in IEEE 802 standard.
- Format - spanning-tree configuration name <name>
- Mode - Global Config
no spanning-tree configuration name
This command resets the Configuration Identifier Name to its default.
- Format - no spanning-tree configuration name
- Mode - Global Config
spanning-tree configuration revision
This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535.
- Default - 0
- Format - spanning-tree configuration revision <0-65535>
- Mode - Global Config
no spanning-tree configuration revision
This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value, 0.
- Format - no spanning-tree configuration revision
- Mode - Global Config
spanning-tree edgeport
This command specifies that this port is an Edge Port within the common and internal spanning tree. This will allow this port to transition to Forwarding State without delay.
- Format - spanning-tree edgeport
- Mode - Interface Config
no spanning-tree edgeport
This command specifies that this port is not an Edge Port within the common and internal spanning tree.
- Format - no spanning-tree edgeport
- Mode - Interface Config
spanning-tree forceversion
This command sets the Force Protocol Version parameter to a new value. The Force Protocol Version can be one of the following:
- 802.1d - ST BPDUs are transmitted rather than MST BPDUs (IEEE 802.1d functionality supported)
- 802.1w - RST BPDUs are transmitted rather than MST BPDUs (IEEE 802.1w functionality supported)
- 802.1s - MST BPDUs are transmitted (IEEE 802.1s functionality supported)
Following are the format and mode for the spanning-tree forceversion command.
- Default - 802.1s
- Format - spanning-tree forceversion <802.1d | 802.1w | 802.1s>
- Mode - Global Config
no spanning-tree forceversion
This command sets the Force Protocol Version parameter to the default value, 802.1s.
- Format - no spanning-tree forceversion
- Mode - Global Config
spanning-tree forward-time
This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to "(Bridge Max Age / 2) + 1".
- Default - 15
- Format - spanning-tree forward-time <4-30>
- Mode - Global Config
no spanning-tree forward-time
This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to the default value, 15.
- Format - no spanning-tree forward-time
- Mode - Global Config
spanning-tree hello-time
This command sets the Admin Hello Time parameter to a new value for the common and internal spanning tree. The hellotime <value> is in whole seconds within a range of 1 to 10 with the value being less than or equal to "(Bridge Max Age / 2) - 1".
- Default - 2
- Format - spanning-tree hello-time <1-10>
- Mode - Interface Config
no spanning-tree hello-time
This command sets the admin Hello Time parameter for the common and internal spanning tree to the default value.
- Format - no spanning-tree hello-time
- Mode - Interface Config
spanning-tree max-age
This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree. The max-age value is in seconds within a range of 6 to 40, with the value being less than or equal to "2 times - (Bridge Forward Delay - 1)".
- Default - 20
- Format - spanning-tree max-age <6-40>
- Mode - Global Config
no spanning-tree max-age
This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value, 20.
- Format - no spanning-tree max-age
- Mode - Global Config
spanning-tree mst instance
This command adds a multiple spanning tree instance to the switch. The instance <mstid> is a number within a range of 1 to 4021, that corresponds to the new instance ID to be added. The maximum number of multiple instances supported by FASTPATH is 4.
- Format - spanning-tree mst instance <mstid>
- Mode - Global Config
no spanning-tree mst instance
This command removes a multiple spanning tree instance from the switch and reallocates all VLANs allocated to the deleted instance to the common and internal spanning tree. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance to be removed.
- Format - no spanning-tree mst instance <mstid>
- Mode - Global Config
spanning-tree mst priority
This command sets the bridge priority for a specific multiple spanning tree instance. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The priority value is a number within a range of 0 to 61440 in increments of 4096.
If 0 (defined as the default CIST ID) is passed as the <mstid>, then this command sets the Bridge Priority parameter to a new value for the common and internal spanning tree. The bridge priority value again is a number within a range of 0 to 61440. The twelve least significant bits will be masked according to the 802.1s specification. This will cause the priority to be rounded down to the next lower valid priority.
- Default - 32768
- Format - spanning-tree mst priority <mstid> <0-61440>
- Mode - Global Config
no spanning-tree mst priority
This command sets the bridge priority for a specific multiple spanning tree instance to the default value, 32768. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance.
If 0 (defined as the default CIST ID) is passed as the <mstid>, then this command sets the Bridge Priority parameter for the common and internal spanning tree to the default value, 32768.
- Format - spanning-tree mst priority <mstid>
- Mode - Global Config
spanning-tree mst vlan
This command adds an association between a multiple spanning tree instance and a VLAN. The VLAN will no longer be associated with the common and internal spanning tree. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <vlanid> corresponds to an existing VLAN ID.
- Format - spanning-tree mst vlan <mstid> <vlanid>
- Mode - Global Config
no spanning-tree mst vlan
This command removes an association between a multiple spanning tree instance and a VLAN. The VLAN will again be associated with the common and internal spanning tree. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <vlanid> corresponds to an existing VLAN ID.
- Format - no spanning-tree mst vlan <mstid> <vlanid>
- Mode - Global Config
spanning-tree port mode
This command sets the Administrative Switch Port State for this port to enabled.
- Default - disabled
- Format - spanning-tree port mode
- Mode - Interface Config
no spanning-tree port mode
This command sets the Administrative Switch Port State for this port to disabled.
- Format - no spanning-tree port mode
- Mode - Interface Config
spanning-tree port mode all
This command sets the Administrative Switch Port State for all ports to enabled.
- Default - disabled
- Format - spanning-tree port mode all
- Mode - Global Config
no spanning-tree port mode all
This command sets the Administrative Switch Port State for all ports to disabled.
- Format - no spanning-tree port mode all
- Mode - Global Config
spanning-tree
This command sets the STP mode for a specific port-channel (LAG). This is the value specified for STP Mode on the Port Configuration Menu. 802.1D mode is the default. The interface is a logical unit, slot and port slot and port for a configured port-channel. The all option sets all configured port-channels (LAGs) with the same option.
- Format - spanning-tree {<logical slot/port> | all | <off | 802.1d | fast>}
- Mode - Global Config
The mode is one of the following.
TABLE 5-75 Mode Settings for spanning-tree
Entry
|
Description
|
802.1d
|
IEEE 802.1D-compliant STP mode is used
|
fast
|
Fast STP mode is used
|
off
|
STP is turned off
|
spanning-tree bpdumigrationcheck
This command enables BPDU migration check on a given interface. The all option enables BPDU migration check on all interfaces.
- Format - spanning-tree bpdumigrationcheck {<slot/port> | all}
- Mode - Global Config
no spanning-tree bpdumigrationcheck
This command disables BPDU migration check on a given interface. The all option disables BPDU migration check on all interfaces.
- Format - no spanning-tree bpdumigrationcheck {<slot/port> | all}
- Mode - Global Config
show spanning-tree
This command displays spanning tree settings for the common and internal spanning tree, when the optional parameter “brief” is not included in the command. The following details are displayed.
- Format - show spanning-tree <brief>
- Mode - Privileged EXEC and User EXEC
TABLE 5-76 Entry Definitions for show spanning-tree Without brief Parameter
Entry
|
Definition
|
Bridge Priority
|
Specifies the bridge priority for the spanning tree.
|
Bridge Identifier
|
The bridge identifier for the selected instance.
|
Time Since Topology Change
|
The time in seconds since the topology last changed.
|
Topology Change Count
|
Number of times the topology has changed.
|
Topology Change in progress
|
Boolean value of the Topology Change parameter for the switch indicating if a topology change is in progress on any port assigned to the common and internal spanning tree.
|
Designated Root
|
The bridge identifier of the root bridge. It is derived from the bridge priority and the base MAC address of the bridge.
|
Root Path Cost
|
Value of the Root Path Cost parameter for the common and internal spanning tree.
|
Root Port Identifier
|
Port to access the Designated Root.
|
Bridge Max Age
|
Specifies the bridge maximum age for the spanning tree.
|
Bridge Forwarding Delay
|
Specifies the time spent in “Listening and Learning” mode before forwarding packets. Bridge Forwarding Delay must be greater or equal to “(Bridge Max Age/2) + 1”. The time range is from 4 seconds to 30 seconds. The default value is 15.
|
Hello Time
|
Configured value of the parameter for common spanning tree.
|
Bridge Hold Time
|
Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs)
|
CST Regional Root
|
Bridge Identifier of the common spanning tree regional root. It is derived using the bridge priority and the base MAC address of the bridge.
|
Regional Root Path Cost
|
Path cost to the common spanning tree Regional Root.
|
Associated FIDs
|
List of forwarding database identifiers currently associated with this instance.
|
Associated VLANs
|
List of VLAN IDs currently associated with this instance.
|
When the “brief” optional parameter is included, this command displays spanning tree settings for the bridge. In this case, the following details are displayed.
TABLE 5-77 Entry Definitions for show spanning-tree With brief Parameter
Entry
|
Definition
|
Bridge Priority
|
Specifies the bridge priority for the spanning tree.
|
Bridge Identifier
|
The bridge identifier for the selected instance.
|
Bridge Max Age
|
Specifies the bridge maximum age for the spanning tree.
|
Hello Time
|
Configured value of the parameter for the common spanning tree.
|
Bridge Forwarding Delay
|
Specifies the time spent in “Listening and Learning” mode before forwarding packets. Bridge Forwarding Delay must be greater or equal to “(Bridge Max Age/2) + 1”. The time range is from 4 seconds to 30 seconds. The default value is 15.
|
Bridge Hold Time
|
Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs).
|
show spanning-tree interface
This command displays the settings and parameters for a specific switch port within the common and internal spanning tree. The <slot/port> is the desired switch port. The following details are displayed on execution of the command.
- Format - show spanning-tree interface <slot/port>
- Mode - Privileged EXEC and User EXEC
TABLE 5-78 Entry Definitions for show spanning-tree interface
Entry
|
Definition
|
Port Mode
|
Enabled or disabled.
|
Port Up Time Since Counters Last Cleared
|
Time since port was reset, displayed in days, hours, minutes, and seconds.
|
STP BPDUs Transmitted
|
Spanning Tree Protocol Bridge Protocol Data Units sent
|
STP BPDUs Received
|
Spanning Tree Protocol Bridge Protocol Data Units received.
|
RST BPDUs Transmitted
|
Rapid Spanning Tree Protocol Bridge Protocol Data Units sent
|
RST BPDUs Received
|
Rapid Spanning Tree Protocol Bridge Protocol Data Units received.
|
MSTP BPDUs Transmitted
|
Multiple Spanning Tree Protocol Bridge Protocol Data Units sent
|
MSTP BPDUs Received
|
Multiple Spanning Tree Protocol Bridge Protocol Data Units received.
|
show spanning-tree mst detailed
This command displays settings and parameters for the specified multiple spanning tree instance. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance ID. The following details are displayed.
- Format - show spanning-tree mst detailed <mstid>
- Mode - Privileged EXEC and User EXEC
TABLE 5-79 Entry Definitions for show spanning-tree mst detailed
Entry
|
Definition
|
MST Instance ID
|
The ID of the MST being created.
|
MST Bridge Priority
|
The bridge priority for the MST instance selected.
|
Time Since Topology Change
|
The time in seconds since the topology changed.
|
Topology Change Count
|
Number of times the topology has changed for this multiple spanning tree instance.
|
Topology Change in Progress
|
Value of the Topology Change parameter for the multiple spanning tree instance.
|
Designated Root
|
Identifier of the Regional Root for this multiple spanning tree instance.
|
Root Path Cost
|
Path Cost to the Designated Root for this multiple spanning tree instance.
|
Root Port Identifier
|
Port to access the Designated Root for this multiple spanning tree instance.
|
Associated FIDs
|
List of forwarding database identifiers associated with this instance.
|
Associated VLANs
|
List of VLAN IDs associated with this instance.
|
show spanning-tree mst port detailed
This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <slot/port> is the desired switch port.
- Format - show spanning-tree mst port detailed <mstid> <slot/port>
- Mode - Privileged EXEC and User EXEC
TABLE 5-80 Entry Definitions for show spanning-tree mst port detailed
Entry
|
Definition
|
MST Instance ID
|
The ID of the MST instance.
|
Port Identifier
|
The port identifier for the specified port within the spanning tree.
|
Port Priority
|
The priority for a particular port within the selected MST instance.
|
Port Forwarding State
|
Current spanning tree state of this port
|
Port Role
|
Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree.
|
Port Path Cost
|
Configured value of the Internal Port Path Cost parameter
|
Designated Root
|
The Identifier of the designated root for this port.
|
Designated Port Cost
|
Path Cost offered to the LAN by the Designated Port
|
Designated Bridge
|
Bridge Identifier of the bridge with the Designated Port.
|
Designated Port Identifier
|
Port on the Designated Bridge that offers the lowest cost to the LAN.
|
If 0 (defined as the default CIST ID) is passed as the <mstid>, then this command displays the settings and parameters for a specific switch port within the common and internal spanning tree. The <slot/port> is the desired switch port. In this case, the following are displayed.
TABLE 5-81 Entry Definitions for show spanning-tree mst port detailed if 0 is Passed as the <mtsid>
Entry
|
Definition
|
Port Identifier
|
The port identifier for this port within the CST.
|
Port Priority
|
The priority of the port within the CST.
|
Port Forwarding State
|
The forwarding state of the port within the CST.
|
Port Role
|
The role of the specified interface within the CST.
|
Port Path Cost
|
The configured path cost for the specified interface.
|
Designated Root
|
Identifier of the designated root for this port within the CST.
|
Designated Port Cost
|
Path Cost offered to the LAN by the Designated Port.
|
Designated Bridge
|
The bridge containing the designated port
|
Designated Port Identifier
|
Port on the Designated Bridge that offers the lowest cost to the LAN
|
Topology Change Acknowledgement
|
Value of flag in next Configuration Bridge Protocol Data Unit (BPDU) transmission indicating if a topology change is in progress for this port.
|
Hello Time
|
The hello time in use for this port.
|
Edge Port
|
The configured value indicating if this port is an edge port.
|
Edge Port Status
|
The derived value of the edge port status. True if operating as an edge port; false otherwise.
|
Point To Point MAC Status
|
Derived value indicating if this port is part of a point to point link.
|
CST Regional Root
|
The regional root identifier in use for this port.
|
CST Port Cost
|
The configured path cost for this port.
|
show spanning-tree mst port summary
This command displays the settings of one or all ports within the specified multiple spanning tree instance. The parameter <mstid> indicates a particular MST instance. The parameter {<slot/port> | all} indicates the desired switch port or all ports.
If 0 (defined as the default CIST ID) is passed as the <mstid>, then the status summary is displayed for one or all ports within the common and internal spanning tree.
- Format - show spanning-tree mst port summary <mstid> {<slot/port> | all}
- Mode - Privileged EXEC and User EXEC
TABLE 5-82 Entry Definitions for show spanning-tree mst port summary
Entry
|
Definition
|
MST Instance ID
|
The MST instance associated with this port.
|
Slot/Port
|
Valid slot and port number separated by forward slashes.
|
Type
|
Currently not used.
|
STP State
|
The forwarding state of the port in the specified spanning tree instance
|
Port Role
|
The role of the specified port within the spanning tree.
|
Link Status
|
The operational status of the link. Possible values are “Up” or “Down”.
|
Link Trap
|
The link trap configuration for the specified interface.
|
show spanning-tree mst summary
This command displays summary information about all multiple spanning tree instances in the switch. On execution, the following details are displayed.
- Format - show spanning-tree mst summary
- Mode - Privileged EXEC and User EXEC
TABLE 5-83 Entry Definitions for show spanning-tree mst summary
Entry
|
Definition
|
MST Instance ID List
|
List of multiple spanning trees IDs currently configured.
|
For each MSTID, the following will be displayed.
TABLE 5-84 Entry Definitions for show spanning-tree mst summary for Each MTSID
Display
|
Definition
|
Associated FIDs
|
List of forwarding database identifiers associated with this instance.
|
Associated VLANs
|
List of VLAN IDs associated with this instance.
|
show spanning-tree summary
This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command.
- Format - show spanning-tree summary
- Mode - Privileged EXEC and User EXEC
TABLE 5-85 Entry Definitions for show spanning-tree summary
Entry
|
Definition
|
Spanning Tree Adminmode
|
Enabled or disabled.
|
Spanning Tree Version
|
Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based upon the Force Protocol Version parameter.
|
Configuration Name
|
Identifier used to identify the configuration currently being used.
|
Configuration Revision Level
|
Identifier used to identify the configuration currently being used.
|
Configuration Digest Key
|
Identifier used to identify the configuration currently being used.
|
MST Instances
|
List of all multiple spanning tree instances configured on the switch
|
show spanning-tree vlan
This command displays the association between a VLAN and a multiple spanning tree instance. The<vlanid> corresponds to an existing VLAN ID.
- Format - show spanning-tree vlan <vlanid>
- Mode - Privileged EXEC and User EXEC
TABLE 5-86 Entry Definitions for show spanning-tree vlan
Entry
|
Definition
|
Associated Instance
|
Identifier for the associated multiple spanning tree instance or "CST" if associated with the common and internal spanning tree
|
Layer 2 Failover Commands
This section describes the Layer 2 failover commands. Layer 2 failover functionality disables configured server ports in case a monitored uplink port or port channel fails. This failover is designed to be used with NIC teaming or bonding to facilitate uplink redundancy without the need for Layer 2 connections between Fabric/Base switches.
Layer 2 failover incorparates the track object features of VRRP, using the object status to determine uplink status to the switch. For commands and configuration guidelines, see VRRP Tracking Commands.
failover track
This command configures the interface to track the configured monitor and to disable the interface if the monitor status is down. The number at the end of the command corresponds to the track object number listed under the global configuration.
Default
|
disabled
|
Format
|
Failover track [ <1-255> ]
|
Mode
|
Interface Config
|
show track failover
Show status of single or all interfaces configured with the failover track command.
Format
|
show track failover [ interface <0/#> ] [all]
|
Mode
|
Privileged EXEC
|
TABLE 5-87 Entry Definitions for show track failover
Entry
|
Definition
|
Interface
|
Displays interfaces configured with failover track command.
|
Track Num
|
Displays the tracking object number associated with the listed interface.
|
Track Status
|
Displays the status of the tracking object (up or down).
|
Interface Status
|
Displays the status of the interface configured with the failover track command.
- Up indicates the tracked object is up and the interface is connected and active.
- Disabled indicates the tracked object is down and the interface link state has been disabled.
|
Link Aggregation (LAG)/Port-Channel (802.3AD) Commands
This section provides a detailed explanation of the LAG commands. The commands are divided into two functional groups:
- Show commands display switch settings, statistics, and other information.
- Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
port-channel staticcapability
This command enables the support of port-channels (static link aggregations - LAGs) on the device. By default, the static capability for all port-channels is disabled.
- Default - disabled
- Format - port-channel staticcapability
- Mode - Global Config
no port-channel staticcapability
This command disables the support of static port-channels (link aggregations - LAGs) on the device.
- Format - no port-channel staticcapability
- Mode - Global Config
port lacpmode
This command enables Link Aggregation Control Protocol (LACP) on a port.
- Default - disabled
- Format - port lacpmode
- Mode - Interface Config
no port lacpmode
This command disables Link Aggregation Control Protocol (LACP) on a port.
- Format - no port lacpmode
- Mode - Interface Config
port lacpmode all
This command enables Link Aggregation Control Protocol (LACP) on all ports.
- Format - port lacpmode all
- Mode - Global Config
no port lacpmode all
This command disables Link Aggregation Control Protocol (LACP) on all ports.
- Format - no port lacpmode all
- Mode - Global Config
port-channel
This command configures a new port-channel (LAG) and generates a logical slot/port number for the port-channel. The <name> field is a character string which allows the dash '-' character as well as alphanumeric characters. Display this number using the “show port-channel”.
Note - Before including a port in a port-channel, set the port physical mode (see speed).
|
- Format - port-channel <name>
- Mode - Global Config
no port-channel
This command deletes a port-channel (LAG).
- Format - no port-channel <name>
- Mode - Global Config
port-channel adminmode all
This command enables a port-channel (LAG). The interface is a logical slot/port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.
- Format - port-channel adminmode all
- Mode - Global Config
no port-channel adminmode
This command disables a port-channel (LAG). The interface is a logical slot/port for a configured port- channel. The option all sets every configured port-channel with the same administrative mode setting.
- Format - no port-channel adminmode all
- Mode - Global Config
port-channel linktrap
This command enables link trap notifications for the port-channel (LAG). The interface is a logical slot/ port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.
- Default - enabled
- Format - port-channel linktrap {<logical slot/port> | all}
- Mode - Global Config
no port-channel linktrap
This command disables link trap notifications for the port-channel (LAG). The interface is a logical unit, slot and port slot and port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.
- Format - no port-channel linktrap {<logical slot/port> | all]
- Mode - GlobalConfig
port-channel name
This command defines a name for the port-channel (LAG). The interface is a logical slot/port for a configured port-channel, and name is an alphanumeric string up to 15 characters. This command is used to modify the name that was associated with the port-channel when it was created.
- Format - port-channel name {<logical slot/port> | all | <name>}
- Mode - Global Config
show port-channel brief
This command displays the static capability of all port-channels (LAGs) on the device as well as a summary of individual port-channels.
- Format - show port-channel brief
- Mode - Privileged EXEC and User EXEC
TABLE 5-88 Entry Definitions for show port-channel brief
Entry
|
Definition
|
Static Capability
|
This field displays whether or not the device has static capability enabled.
|
For each port-channel, the following information is displayed.
TABLE 5-89 Information Displayed For Each Channel of show port-channel brief
Entry
|
Definition
|
Name
|
This field displays the name of the port-channel.
|
Link State
|
This field indicates whether the link is up or down.
|
Mbr Ports
|
This field lists the ports that are members of this port-channel, in <slot/port> notation.
|
Active Ports
|
This field lists the ports that are actively participating in this port-channel.
|
show port-channel
This command displays an overview of all port-channels (LAGs) on the switch.
- Format - show port-channel {<logical slot/port> | all}
- Mode - Privileged EXEC
TABLE 5-90 Entry Definitions for show port-channel
Entry
|
Definition
|
Logical slot/port
|
Valid slot and port number separated by forward slashes.
|
Name
|
The name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric characters.
|
Link State
|
Indicates whether the Link is up or down.
|
Admin Mode
|
May be enabled or disabled. The factory default is enabled.
|
Link Trap Mode
|
This object determines whether or not to send a trap when link status changes. The factory default is enabled.
|
STP Mode
|
The Spanning Tree Protocol Administrative Mode associated with the port or port-channel (LAG). The possible values are:
- Disable - Spanning tree is disabled for this port.
- Enable - Spanning tree is enabled for this port.
|
Mbr Ports
|
A listing of the ports that are members of this port-channel (LAG), in slot/port notation. There can be a maximum of eight ports assigned to a given port-channel (LAG).
|
Port Speed
|
Speed of the port-channel port.
|
Type
|
This field displays the status designating whether a particular port-channel (LAG) is statically or dynamically maintained. The possible values of this field are:
- Static, indicating that the port-channel is statically maintained
- Dynamic, indicating that the port-channel is dynamically maintained.
|
Active Ports
|
This field lists the ports that are actively participating in the port-channel (LAG).
|
Sun Netra CP3140 Switch Software Reference Manual
|
819-3774-15
|
|
Copyright © 2009 Sun Microsystems, Inc. All rights reserved.