C H A P T E R 3 |
Switching Commands |
This chapter describes the switching commands available in the FASTPATH® CLI.
The Switching Commands chapter includes the following sections:
This section provides a detailed explanation of the FASTPATH software platform commands. The commands are divided into three functional groups:
This section describes the commands you use to view and configure port settings.
This command gives you access to the Interface Config mode, which allows you to enable or modify the operation of an interface (port).
This command enables automatic negotiation on a port.
This command disables automatic negotiation on a port.
Note - Automatic sensing is disabled when automatic negotiation is disabled. |
This command enables automatic negotiation on all ports.
This command disables automatic negotiation on all ports.
Use this command to create an alpha-numeric description of the port.
Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or egress the interface. You can use the mtu command to configure jumbo frame support for physical and port-channel (LAG) interfaces. For the standard FASTPATH implementation, the MTU size is a valid integer between 1522 - 9216 for tagged packets and a valid integer between 1518 - 9216 for untagged packets.
Note - To receive and process packets, the Ethernet MTU must include any extra bytes that Layer-2 headers might require. To configure the IP MTU size, which is the maximum size of the IP packet (IP Header + IP payload), see ip mtu. |
This command sets the default MTU size (in bytes) for the interface.
This command is used only on 10G CX4 interfaces. This command manually adjusts pre-emphasis for varying cable lengths. In general, higher values are for longer cable lengths.
Note - You can use the shutdown command on physical and port-channel (LAG) interfaces, but not on VLAN routing interfaces. |
This command disables all ports.
Note - You can use the shutdown all command on physical and port-channel (LAG) interfaces, but not on VLAN routing interfaces. |
This command enables all ports.
This command sets the speed and duplex setting for the interface.
This command sets the speed and duplex setting for all interfaces.
This command displays port information.
If not blank, this field indicates that this port is a special type of port. The possible values are as follows:
|
|
Selects the Port control administration state. The port must be enabled in order for it to be allowed into the network. - May be enabled or disabled. The factory default is enabled. |
|
Selects the desired port speed and duplex mode. If auto-negotiation support is selected, then the duplex mode and speed is set from the auto-negotiation process. Note that the maximum capability of the port (full duplex -100M) is advertised. Otherwise, this object determines the port's duplex mode and transmission rate. The factory default is Auto. |
|
This object determines whether or not to send a trap when link status changes. The factory default is enabled. |
|
This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group.
Displays the group name of an entry in the Protocol-based VLAN table. |
|
Lists the slot/port interface(s) that are associated with this Protocol Group. |
This section describes the commands you use to configure Spanning Tree Protocol (STP). STP helps prevent network loops, duplicate messages, and network instability.
Note - STP is disabled by default. When you enable STP on the switch, STP is still disabled on each port. |
Note - If STP is disabled, the system does not forward BPDU messages. |
This command sets the spanning-tree operational mode to enabled.
This command sets the spanning-tree operational mode to disabled. While disabled, the spanning-tree configuration is retained and can be changed, but is not activated.
Use this command to force a transmission of rapid spanning tree (RSTP) and multiple spanning tree (MSTP) BPDUs. Use the <slot/port> parameter to transmit a BPDU from a specified interface, or use the all keyword to transmit BPDUs from all interfaces. This command forces the BPDU transmission when you execute it, so the command does not change the system configuration or have a “no” version.
This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using. The <name> is a string of up to 32 characters.
This command resets the Configuration Identifier Name to its default.
This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535.
This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value, 0.
This command specifies that this port is an Edge Port within the common and internal spanning tree. This will allow this port to transition to Forwarding State without delay.
This command specifies that this port is not an Edge Port within the common and internal spanning tree.
This command sets the Force Protocol Version parameter to a new value. The Force Protocol Version can be one of the following:
Following are the format and mode for the spanning-tree forceversion command.
This command sets the Force Protocol Version parameter to the default value, 802.1s.
This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to "(Bridge Max Age / 2) + 1".
This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to the default value, 15.
This command sets the Admin Hello Time parameter to a new value for the common and internal spanning tree. The hellotime <value> is in whole seconds within a range of 1 to 10 with the value being less than or equal to "(Bridge Max Age / 2) - 1".
This command sets the admin Hello Time parameter for the common and internal spanning tree to the default value.
This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree. The max-age value is in seconds within a range of 6 to 40, with the value being less than or equal to "2 times - (Bridge Forward Delay - 1)".
This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value, 20.
This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. The max-hops value is a range from 1 to 127.
This command sets the Bridge Max Hops parameter for the common and internal spanning tree to the default value.
This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree. If you specify an <mstid> parameter that corresponds to an existing multiple spanning tree instance, the configurations are done for that multiple spanning tree instance. If you specify 0 (defined as the default CIST ID) as the <mstid>, the configurations are done for the common and internal spanning tree instance.
If you specify the cost option, the command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance, depending on the <mstid> parameter. You can set the path cost as a number in the range of 1 to 200000000 or auto. If you select auto the path cost value is set based on Link Speed.
If you specify the external-cost option, this command sets the external-path cost for MST instance ‘0’ i.e. CIST instance. You can set the external cost as a number in the range of 1 to 200000000 or auto. If you specify auto, the external path cost value is set based on Link Speed.
If you specify the port-priority option, this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance, depending on the <mstid> parameter. The port-priority value is a number in the range of 0 to 240 in increments of 16.
spanning-tree mst <mstid> {{cost <1-200000000> | auto} | {external-cost <1-200000000> | auto} | port-priority <0-240>} |
|
This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance, or in the common and internal spanning tree to the respective default values. If you specify an <mstid> parameter that corresponds to an existing multiple spanning tree instance, you are configuring that multiple spanning tree instance. If you specify 0 (defined as the default CIST ID) as the <mstid>, you are configuring the common and internal spanning tree instance.
If the you specify cost, this command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance, depending on the <mstid> parameter, to the default value, i.e. a path cost value based on the Link Speed.
If you specify external-cost, this command sets the external path cost for this port for mst ‘0’ instance, to the default value, i.e. a path cost value based on the Link Speed.
If you specify port-priority, this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance, depending on the <mstid> parameter, to the default value.
no spanning-tree mst <mstid> <cost | external-cost | port-priority> |
|
---|---|
This command adds a multiple spanning tree instance to the switch. The instance <mstid> is a number within a range of 1 to 4094, that corresponds to the new instance ID to be added. The maximum number of multiple instances supported by FASTPATH is 4.
This command removes a multiple spanning tree instance from the switch and reallocates all VLANs allocated to the deleted instance to the common and internal spanning tree. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance to be removed.
This command sets the bridge priority for a specific multiple spanning tree instance. The parameter <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The priority value is a number within a range of 0 to 61440 in increments of 4096.
If you specify 0 (defined as the default CIST ID) as the <mstid>, this command sets the Bridge Priority parameter to a new value for the common and internal spanning tree. The bridge priority value is a number within a range of 0 to 61440. The twelve least significant bits are masked according to the 802.1s specification. This causes the priority to be rounded down to the next lower valid priority.
This command sets the bridge priority for a specific multiple spanning tree instance to the default value. The parameter <mstid> is a number that corresponds to the desired existing multiple spanning tree instance.
If 0 (defined as the default CIST ID) is passed as the <mstid>, this command sets the Bridge Priority parameter for the common and internal spanning tree to the default value.
This command adds an association between a multiple spanning tree instance and a VLAN so that the VLAN is no longer associated with the common and internal spanning tree. The parameter <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <vlanid> corresponds to an existing VLAN ID.
This command removes an association between a multiple spanning tree instance and a VLAN so that the VLAN is again be associated with the common and internal spanning tree. The parameter <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <vlanid> corresponds to an existing VLAN ID.
This command sets the Administrative Switch Port State for this port to disabled.
This command sets the Administrative Switch Port State for all ports to enabled.
This command sets the Administrative Switch Port State for all ports to disabled.
This command displays spanning tree settings for the common and internal spanning tree. The following details are displayed.
When the “brief” optional parameter is included, this command displays spanning tree settings for the bridge.
This command displays spanning tree settings for the bridge. The following information appears.
This command displays the settings and parameters for a specific switch port within the common and internal spanning tree. The <slot/port> is the desired switch port. The following details are displayed on execution of the command.
This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. The parameter <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <slot/port> is the desired switch port.
If you specify 0 (defined as the default CIST ID) as the <mstid>, this command displays the settings and parameters for a specific switch port within the common and internal spanning tree. The <slot/port> is the desired switch port. In this case, the following are displayed.
This command displays the settings of one or all ports within the specified multiple spanning tree instance. The parameter <mstid> indicates a particular MST instance. The parameter {<slot/port> | all} indicates the desired switch port or all ports.
If you specify 0 (defined as the default CIST ID) as the <mstid>, the status summary displays for one or all ports within the common and internal spanning tree.
show spanning-tree mst port summary <mstid> {<slot/port> | all} |
|
---|---|
This command displays summary information about all multiple spanning tree instances in the switch. On execution, the following details are displayed.
For each MSTID, the following will be displayed.
List of forwarding database identifiers associated with this instance. |
|
This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command.
This command displays the association between a VLAN and a multiple spanning tree instance. The <vlanid> corresponds to an existing VLAN ID.
Identifier for the associated multiple spanning tree instance or "CST" if associated with the common and internal spanning tree |
This section describes the commands you use to configure VLAN settings.
This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics.
This command configures the Management VLAN ID.
This command sets the Management VLAN ID to the default.
This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-3965.
This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-3965.
This command sets the frame acceptance mode per interface. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
This command sets the frame acceptance mode per interface to Admit All. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
This command disables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-3965.
This command changes the name of a VLAN. The name is an alphanumeric string of up to 32 characters, and the ID is a valid VLAN identification number. ID range is 1-4094.
This command sets the name of a VLAN to a blank string. The VLAN ID is a vailid VLAN identification number. ID range is 1-4094.
This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number.
Participation options are as follows.
This command configures the degree of participation for all interfaces in a VLAN. The ID is a valid VLAN identification number.
Participation options are as follows.
This command sets the frame acceptance mode for all interfaces. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
This command sets the frame acceptance mode for all interfaces to Admit All. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
This command enables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
This command changes the VLAN ID for all interface.
This command configures the tagging behavior for all interfaces in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
This command configures the tagging behavior for all interfaces in a VLAN to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
This command adds protocol-based VLAN group to the system. The <groupName> is a character string of 1 to 16 characters. When it is created, the protocol group will be assigned a unique number that will be used to identify the group in subsequent commands.
This command adds the <protocol> to the protocol-based VLAN identified by <groupid>. A group may have more than one protocol associated with it. Each interface and protocol combination can only be associated with one group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this command will fail and the protocol will not be added to the group. The possible values for protocol are ip, arp, and ipx.
Note - FASTPATH supports IPv4 protocol-based VLANs. |
This command removes the <protocol> from this protocol-based VLAN group that is identified by this <groupid>. The possible values for protocol are ip, arp, and ipx.
This command removes the protocol-based VLAN group that is identified by this <groupid>.
This command attaches a <vlanid> to the protocol-based VLAN identified by <groupid>. A group may only be associated with one VLAN at a time, however the VLAN association can be changed.
The referenced VLAN should be created prior to the creation of the protocol-based VLAN except when GVRP is expected to create the VLAN.
This command removes the <vlanid> from this protocol-based VLAN group that is identified by this <groupid>.
This command adds the physical <slot/port> interface to the protocol-based VLAN identified by <groupid>. A group may have more than one interface associated with it. Each interface and protocol combination can only be associated with one group. If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command will fail and the interface(s) will not be added to the group.
The referenced VLAN should be created prior to the creation of the protocol-based VLAN except when GVRP is expected to create the VLAN.
This command removes the <interface> from this protocol-based VLAN group that is identified by this <groupid>. If <all> is selected, all ports will be removed from this protocol group.
This command adds all physical interfaces to the protocol-based VLAN identified by <groupid>. A group may have more than one interface associated with it. Each interface and protocol combination can only be associated with one group. If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command will fail and the interface(s) will not be added to the group.
The referenced VLAN should be created prior to the creation of the protocol-based VLAN except when GVRP is expected to create the VLAN.
This command removes all interfaces from this protocol-based VLAN group that is identified by this <groupid>.
This command changes the VLAN ID per interface.
This command sets the VLAN ID per interface to 1.
This command configures the tagging behavior for a specific interface in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
This command configures the tagging behavior for a specific interface in a VLAN to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
This command associates a VLAN to a specific IP-subnet.
This command removes association of a specific IP-subnet to a VLAN.
This command associates a MAC address to a VLAN.
This command removes the association of a MAC address to a VLAN.
This command displays detailed information, including interface information, for a specific VLAN. The ID is a valid VLAN identification number.
This command displays a list of all configured VLANs.
This command displays VLAN port information.
This command displays the VLAN associated with a specific configured IP-Address and net mask. If no IP Address and net mask are specified, the VLAN associations of all the configured IP-subnets are displayed.
This command displays the VLAN associated with a specific configured MAC address. If no MAC address is specified, the VLAN associations of all the configured MAC addresses are displayed.
This section describes the commands you use to configure double VLAN (DVLAN). Double VLAN tagging is a way to pass VLAN traffic from one customer domain to another through a Metro Core in a simple and cost effective manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving the VLAN identification of the individual customers when they enter their own 802.1Q domain.
This command configures the ether-type for the specified interface. The ether-type may have the values of 802.1Q, vMAN, or custom. If the ether-type has a value of custom, the optional value of the custom ether type must be set to a value from 0 to 65535.
This command configures the ether-type for the specified interface to its default value.
This command is used to enable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
Use this command to enable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
Note - When you use the mode dvlan-tunnel command on an interface, it becomes a service provider port. Ports that do not have double VLAN tunneling enabled are customer ports. |
This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling. Use the optional parameters to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces.
Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling. Use the optional parameters to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces.
This section describes the commands you use to configure provisioning, which allows you to prioritize ports.
This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. The range for the priority is 0-7. Any subsequent per port configuration will override this configuration setting.
This command configures the default 802.1p port priority assigned for untagged packets for a specific interface. The range for the priority is 0-7
This section describes commands you use to configure and view protected ports on a switch. Protected ports do not forward traffic to each other, even if they are on the same VLAN. However, protected ports can forward traffic to all unprotected ports in their group. Unprotected ports can forward traffic to both protected and unprotected ports. Ports are unprotected by default.
If an interface is configured as a protected port, and you add that interface to a Port Channel or Link Aggregation Group (LAG), the protected port status becomes operationally disabled on the interface, and the interface follows the configuration of the LAG port. However, the protected port configuration for the interface remains unchanged. Once the interface is no longer a member of a LAG, the current configuration for that interface automatically becomes effective.
Use this command to create a protected port group. The <groupid> parameter identifies the set of protected ports. Use the name <name> pair to assign a name to the protected port group. The name can be up to 32 alphanumeric characters long, including blanks. The default is blank.
Use this command to remove a protected port group. The groupid parameter identifies the set of protected ports. Use the name keyword to remove the name from the group.
Use this command to add an interface to a protected port group. The <groupid> parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group.
Use this command to configure a port as unprotected. The groupid parameter identifies the set of protected ports to which this interface is assigned.
This command displays the status of all the interfaces, including protected and unprotected interfaces.
This command displays the status of the interface (protected/unprotected) under the groupid.
This section describes the commands you use to configure Generic Attribute Registration Protocol (GARP) and view GARP status. The commands in this section affect both GARP VLAN Registration Protocol (GVRP) and Garp Multicast Registration Protocol (GMRP). GARP is a protocol that allows client stations to register with the switch for membership in VLANS (by using GVMP) or multicast groups (by using GVMP).
This command sets the GVRP join time for one port (Interface Config mode) or all (Global Config mode) and per GARP. Join time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering) membership for a VLAN or multicast group. This command has an effect only when GVRP is enabled. The time is from 10 to 100 (centiseconds). The value 20 centiseconds is 0.2 seconds.
This command sets the GVRP join time (for one or all ports and per GARP) to the default and only has an effect when GVRP is enabled.
This command sets the GVRP leave time for one port (Interface Config mode) or all ports (Global Config mode) and only has an effect when GVRP is enabled. Leave time is the time to wait after receiving an unregister request for a VLAN or a multicast group before deleting the VLAN entry. This can be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. The leave time is 20 to 600 (centiseconds). The value 60 centiseconds is 0.6 seconds.
This command sets the GVRP leave time on all ports or a single port to the default and only has an effect when GVRP is enabled.
This command sets how frequently Leave All PDUs are generated. A Leave All PDU indicates that all registrations will be unregistered. Participants would need to rejoin in order to maintain registration. The value applies per port and per GARP participation. The time may range from 200 to 6000 (centiseconds). The value 1000 centiseconds is 10 seconds. You can use this command on all ports (Global Config mode) or a single port (Interface Config mode), and it only has an effect only when GVRP is enabled.
This command sets how frequently Leave All PDUs are generated the default and only has an effect when GVRP is enabled.
This command displays GARP information.
This section describes the commands you use to configure and view GARP VLAN Registration Protocol (GVRP) information. GVRP-enabled switches exchange VLAN configuration information, which allows GVRP to provide dynamic VLAN creation on trunk ports and automatic VLAN pruning.
Note - If GVRP is disabled, the system does not forward GVRP messages. |
This command enables GVRP on the system.
This command enables GVRP on a single port (Interface Config mode) or all ports (Global Config mode).
This command disables GVRP on a single port (Interface Config mode) or all ports (Global Config mode). If GVRP is disabled, Join Time, Leave Time and Leave All Time have no effect.
This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces.
This section describes the commands you use to configure and view GARP Multicast Registration Protocol (GMRP) information. Like IGMP snooping, GMRP helps control the flooding of multicast packets.GMRP-enabled switches dynamically register and de-register group membership information with the MAC networking devices attached to the same segment. GMRP also allows group membership information to propagate across all networking devices in the bridged LAN that support Extended Filtering Services.
Note - If GMRP is disabled, the system does not forward GMRP messages. |
This command enables GARP Multicast Registration Protocol (GMRP) on the system.
This command disables GARP Multicast Registration Protocol (GMRP) on the system.
This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode) or all interfaces (Global Config mode). If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality is disabled on that interface. GARP functionality is subsequently re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled.
This command disables GARP Multicast Registration Protocol on a single interface or all interfaces. If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality is disabled. GARP functionality is subsequently re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled.
This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces.
This command displays the GMRP entries in the Multicast Forwarding Database (MFDB) table.
This section describes the commands you use to configure port-based network access control (802.1x). Port-based network access control allows you to permit access to network services only to and devices that are authorized and authenticated.
This command creates an authentication login list. The <listname> is any character string and is not case sensitive. Up to 10 authentication login lists can be configured on the switch. When a list is created, the authentication method “local” is set as the first method.
When the optional parameters “Option1”, “Option2” and/or “Option3” are used, an ordered list of methods are set in the authentication login list. If the authentication login list does not exist, a new authentication login list is first created and then the authentication methods are set in the authentication login list. The maximum number of authentication login methods is three. The possible method values are local, radius and reject.
The value of local indicates that the user’s locally stored ID and password are used for authentication. The value of radius indicates that the user’s ID and password will be authenticated using the RADIUS server. The value of reject indicates the user is never authenticated.
To authenticate a user, the first authentication method in the user’s login (authentication login list) is attempted. FASTPATH software does not utilize multiple entries in the user’s login. If the first entry returns a timeout, the user authentication attempt fails.
Note - The default login list included with the default configuration can not be changed. |
authentication login <listname> [<method1> [<method2> [<method3>]]] |
|
---|---|
This command deletes the specified authentication login list. The attempt to delete fails if any of the following conditions are true:
This command resets the 802.1x statistics for the specified port or for all ports.
This command is used to clear all RADIUS statistics.
This command assigns the authentication login list to use for non-configured users for 802.1x port security. This setting is over-ridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only.
This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned.
This command assigns the specified authentication login list to the specified user for 802.1x port security. The <user> parameter must be a configured user and the <listname> parameter must be a configured authentication login list.
This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The <count> value must be in the range 1 - 10.
This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant.
This command sets the authentication mode to use on the specified port. Select force-unauthorized to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized. Select force-authorized to specify that the authenticator PAE unconditionally sets the controlled port to authorized. Select auto to specify that the authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator and the authentication server.
dot1x port-control {force-unauthorized | force-authorized | auto} |
|
This command sets the authentication mode on the specified port to the default value.
This command sets the authentication mode to use on all ports. Select force-unauthorized to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized. Select force-authorized to specify that the authenticator PAE unconditionally sets the controlled port to authorized. Select auto to specify that the authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator and the authentication server.
dot1x port-control all {force-unauthorized | force-authorized | auto} |
|
This command sets the authentication mode on all ports to the default value.
This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned.
This command enables re-authentication of the supplicant for the specified port.
This command disables re-authentication of the supplicant for the specified port.
Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x configuration is retained and can be changed, but is not activated.
This command is used to disable the dot1x authentication support on the switch.
This command sets the value, in seconds, of the timer used by the authenticator state machine on this port. Depending on the token used and the value (in seconds) passed, various timeout configurable parameters are set. The following tokens are supported.
reauth-period: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to determine when re-authentication of the supplicant takes place. The reauth-period must be a value in the range 1 - 65535.
quiet-period: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant. The quiet-period must be a value in the range 0 - 65535.
tx-period: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The quiet-period must be a value in the range 1 - 65535.
supp-timeout: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535.
server-timeout: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the authentication server. The supp-timeout must be a value in the range 1 - 65535.
This command sets the value, in seconds, of the timer used by the authenticator state machine on this port to the default values. Depending on the token used, the corresponding default values are set.
no dot1x timeout {reauth-period | quiet-period | tx-period | supp-timeout | server-timeout} |
|
---|---|
This command adds the specified user to the list of users with access to the specified port or all ports. The <user> parameter must be a configured user.
This command removes the user from the list of users with access to the specified port or all ports.
This command assigns the authentication login list to use for non-configured users when attempting to log in to the system. This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only.
This command assigns the specified authentication login list to the specified user for system login. The <user> must be a configured <user> and the <listname> must be a configured login list.
If the user is assigned a login list that requires remote authentication, all access to the interface from all CLI, web, and telnet sessions will be blocked until the authentication is complete.
Note that the login list associated with the ‘admin’ user can not be changed to prevent accidental lockout from the switch.
This command displays the ordered authentication methods for all authentication login lists.
This command displays information about the users assigned to the specified authentication login list. If the login is assigned to non-configured users, the user “default” will appear in the user column.
This field displays the user assigned to the specified authentication login list. |
|
This field displays the component (User or 802.1x) for which the authentication login list is assigned. |
This command is used to show a summary of the global dot1x configuration, summary information of the dot1x configuration for a specified port or all ports, the detailed dot1x configuration for a specified port and the dot1x statistics for a specified port - depending on the tokens used.
show dot1x [{summary {<slot/port> | all} | detail <slot/port> | statistics <slot/port>] |
|
---|---|
If you do not use any of the optional parameters, the global dot1x configuration summary is displayed.
Indicates whether authentication control on the switch is enabled or disabled. |
|
---|---|
If you use the optional parameter summary {<slot/port> | all}, the dot1x configuration for the specified port or all ports are displayed.
If the optional parameter detail <slot/port> is used, the detailed dot1x configuration for the specified port are displayed.
If you use the optional parameter statistics <slot/port>, the following dot1x statistics for the specified port appear.
This command displays 802.1x port security user information for locally configured users.
Users configured locally to have access to the specified port. |
This command displays all user and all authentication login information. It also displays the authentication login list assigned to the default user.
This section describes commands you use to configure storm control and view storm-control configuration information. The Storm Control feature allows you to limit the rate of specific types of packets through the switch on a per-port, per-type, basis. The Storm Control feature can help maintain network performance.
Use this command to enable broadcast storm recovery mode for a specific interface. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold.
Use this command to disable broadcast storm recovery mode for a specific interface.
Use this command to configure the broadcast storm recovery threshold for an interface. When you use this command, broadcast storm recovery mode is enabled on the interface and broadcast storm recovery is active. If the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the configured threshold.
This command sets the broadcast storm recovery threshold to the default value for an interface and disables broadcast storm recovery.
This command enables broadcast storm recovery mode for all interfaces. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold.
This command disables broadcast storm recovery mode for all interfaces.
This command configures the broadcast storm recovery threshold for all interfaces. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold.This command also enables broadcast storm recovery mode for all interfaces.
This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery.
This command enables multicast storm recovery mode for an interface. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold.
This command disables multicast storm recovery mode for an interface.
This command configures the multicast storm recovery threshold for an interface and enables multicast storm recovery mode. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold.
This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast storm recovery.
This command enables multicast storm recovery mode for all interfaces. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold.
This command disables multicast storm recovery mode for all interfaces.
This command configures the multicast storm recovery threshold for all interfaces and enables multicast storm recovery mode. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold.
This command sets the multicast storm recovery threshold to the default value for all interfaces and disables multicast storm recovery.
This command enables unicast storm recovery mode for an interface. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold.
This command disables unicast storm recovery mode for an interface.
This command configures the unicast storm recovery threshold for an interface and enables unicast storm recovery. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold.This command also enables unicast storm recovery mode for an interface.
This command sets the unicast storm recovery threshold to the default value for an interface and disables unicast storm recovery.
This command enables unicast storm recovery mode for all interfaces. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold.
This command disables unicast storm recovery mode for all interfaces.
This command configures the unicast storm recovery threshold and enables unicast storm recovery for all interfaces. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold.
This command returns the unicast storm recovery threshold to the default value and disables unicast storm recovery for all interfaces.
This command enables 802.3x flow control for the switch and only applies to full-duplex mode ports.
This command disables 802.3x flow control for the switch.
Note - This command only applies to full-duplex mode ports. |
This command displays switch configuration information. If you do not use any of the optional parameters, this command displays global storm control configuration parameters. Use the all keyword to display the per-port configuration parameters for all interfaces, or specify the slot/port to display information about a specific interface.
This section describes the commands you use to configure port-channels, which are also known as link aggregation groups (LAGs). Link aggregation allows you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing. The LAG feature initially load shares traffic based upon the source and destination MAC address.Assign the port-channel (LAG) VLAN membership after you create a port-channel. If you do not assign VLAN membership, the port-channel might become a member of the management VLAN which can result in learning and switching issues.
A port-channel (LAG) interface can be either static or dynamic, but not both. All members of a port channel must participate in the same protocols.) A static port-channel interface does not require a partner system to be able to aggregate its member ports.
Note - If you configure the maximum number of dynamic port-channels (LAGs) that your platform supports, additional port-channels that you configure are automatically static. |
This command configures a new port-channel (LAG) and generates a logical slot/port number for the port-channel. The <name> field is a character string which allows the dash “-” character as well as alphanumeric characters. Use the show port channel command to display the slot/port number for the logical interface.
Note - Before you include a port in a port-channel, set the port physical mode. For more information, see speed. |
This command deletes a port-channel (LAG).
This command adds one port to the port-channel (LAG). The first interface is a Logical slot and port number. of a configured port-channel.
Note - Before adding a port to a port-channel, set the physical mode of the port. For more information, see speed. |
This command deletes the port from the port-channel (LAG). The interface is a Logical slot and port number. of a configured port-channel.
This command deletes all configured ports from the port-channel (LAG). The interface is a Logical slot and port number. of a configured port-channel. To clear the port channels, see clear port-channel
This command enables the static mode on a port-channel (LAG) interface. By default the static mode for a new port-channel is disabled, which means the port-channel is dynamic. However if the maximum number of allowable dynamic port-channels are already present in the system, the static mode for a new port-channel enabled, which means the port-channel is static.You can only use this command on port-channel interfaces.
This command sets the static mode on a particular port-channel (LAG) interface to the default value. This command will be executed only for interfaces of type port-channel (LAG).
This command enables Link Aggregation Control Protocol (LACP) on a port.
This command disables Link Aggregation Control Protocol (LACP) on a port.
This command enables Link Aggregation Control Protocol (LACP) on all ports.
This command disables Link Aggregation Control Protocol (LACP) on all ports.
This command enables a port-channel (LAG). The option all sets every configured port-channel with the same administrative mode setting.
This command disables a port-channel (LAG). The option all sets every configured port-channel with the same administrative mode setting.
This command enables link trap notifications for the port-channel (LAG). The interface is a logical slot/port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.
This command disables link trap notifications for the port-channel (LAG). The interface is a logical slot and port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.
This command defines a name for the port-channel (LAG). The interface is a logical slot/port for a configured port-channel, and <name> is an alphanumeric string up to 15 characters.
This command displays a summary of individual port-channel (LAG) interfaces.
For each port-channel the following information is displayed.
Shows whether the port-channel is statically or dynamically maintained. |
|
Shows ports that are actively participating in the port-channel |
This command displays an overview of all port-channels (LAGs) on the switch.
Port mirroring, which is also known as port monitoring, selects network traffic that you can analyze with a network analyzer, such as a SwitchProbe device or other Remote Monitoring (RMON) probe.
This command configures a probe port and a monitored port for monitor session (port monitoring). Use the source interface <slot/port> parameter to specify the interface to monitor. Use rx to monitor only ingress packets, or use tx to monitor only egress packets. If you do not specify an {rx | tx} option, the destination port monitors both ingress and egress packets. Use the destination interface <slot/port> to specify the interface to receive the monitored traffic. Use the mode parameter to enabled the administrative mode of the session. If enabled, the probe port monitors all the traffic received and transmitted on the physical monitored port.
monitor session <session-id> {source interface <slot/port> [{rx | tx}] | destination interface <slot/port> | mode} |
|
---|---|
Use this command without optional parameters to remove the monitor session (port monitoring) designation from the source probe port, the destination monitored port and all VLANs. Once the port is removed from the VLAN, you must manually add the port to any desired VLANs. Use the source interface <slot/port> parameter or destination interface <slot/port> to remove the specified interface from the port monitoring session. Use the mode parameter to disable the administrative mode of the session.
Note - Since the current version of FASTPATH only supports one session, if you do not supply optional parameters, the behavior of this command is similar to the behavior of the no monitor command. |
no monitor session <session-id> [{source interface <slot/port> | destination interface <slot/port> | mode}] |
|
---|---|
This command removes all the source ports and a destination port for the and restores the default value for mirroring session mode for all the configured sessions.
Note - This is a stand-alone “no” command. This command does not have a “normal” form. |
This command displays the Port monitoring information for a particular mirroring session.
Note - The <session-id> parameter is an integer value used to identify the session. In the current version of the software, the <session-id> parameter is always one (1). |
The commands in this section describe how to configure static MAC filtering.
This command adds a static MAC filter entry for the MAC address <macaddr> on the VLAN <vlanid>.
The value of the <macaddr> parameter is a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
The restricted MAC Addresses are as follows:
The <vlanid> parameter must identify a valid VLAN. You can create up to 100 static MAC filters.
This command removes all filtering restrictions and the static MAC filter entry for the MAC address <macaddr> on the VLAN <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
The <vlanid> parameter must identify a valid VLAN.
This command adds the interface to the source filter set for the MAC filter with the MAC address of <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN.
This command removes a port from the source filter set for the MAC filter with the MAC address of <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN.
This command adds all interfaces to the source filter set for the MAC filter with the MAC address of <macaddr> and <vlanid>. You must specify the <macaddr> parameter as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN.
This command removes all interfaces to the source filter set for the MAC filter with the MAC address of <macaddr> and VLAN of <vlanid>. You must specify the <macaddr> parameter as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
The <vlanid> parameter must identify a valid VLAN.
This command displays the Static MAC Filtering information for all Static MAC Filters. If you select <all>, all the Static MAC Filters in the system are displayed. If you supply a value for <macaddr>, you must also enter a value for <vlanid>, and the system displays Static MAC Filter information only for that MAC address and VLAN.
This command displays the Static Filtering entries in the Multicast Forwarding Database (MFDB) table.
This section describes the commands you use to configure IGMP snooping. FASTPATH supports IGMP Versions 1, 2, and 3. The IGMP snooping feature can help conserve bandwidth because it allows the switch to forward IP multicast traffic only to connected hosts that request multicast traffic. IGMPv3 adds source filtering capabilities to IGMP versions 1 and 2.
This command enables IGMP Snooping on the system (Global Config Mode) or an interface (Interface Config Mode). This command also enables IGMP snooping on a particular VLAN and can enable IGMP snooping on all interfaces participating in a VLAN.
If an interface has IGMP Snooping enabled and you enable this interface for routing or enlist it as a member of a port-channel (LAG), IGMP Snooping functionality is disabled on that interface. IGMP Snooping functionality is re-enabled if you disable routing or remove port-channel (LAG) membership from an interface that has IGMP Snooping enabled.
The IGMP application supports the following activities:
This command disables IGMP Snooping on the system.
This command enables IGMP Snooping on all interfaces. If an interface has IGMP Snooping enabled and you enable this interface for routing or enlist it as a member of a port-channel (LAG), IGMP Snooping functionality is disabled on that interface. IGMP Snooping functionality is re-enabled if you disable routing or remove port-channel (LAG) membership from an interface that has IGMP Snooping enabled.
This command disables IGMP Snooping on all interfaces.
This command enables or disables IGMP Snooping fast-leave admin mode on a selected interface or VLAN. Enabling fast-leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC-based general queries to the interface.
Enable fast-leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port but were still interested in receiving multicast traffic directed to that group. Also, fast-leave processing is supported only with IGMP version 2 hosts.
This command disables IGMP Snooping fast-leave admin mode on a selected interface.
This command sets the IGMP Group Membership Interval time on a VLAN, one interface or all interfaces. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry. This value must be greater than the IGMPv3 Maximum Response time value. The range is 2 to 3600 seconds.
This command sets the IGMPv3 Group Membership Interval time to the default value.
This command sets the IGMP Maximum Response time for the system, on a particular interface or VLAN. The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface. This value must be less than the IGMP Query Interval time value. The range is 1 to 3599 seconds.
This command sets the max response time (on the interface or VLAN) to the default value.
This command sets the Multicast Router Present Expiration time. The time is set for the system, on a particular interface or VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached. The range is 0 to 3600 seconds. A value of 0 indicates an infinite time-out, i.e. no expiration.
This command sets the Multicast Router Present Expiration time to 0. The time is set for the system, on a particular interface or a VLAN.
This command configures the VLAN ID for the VLAN that has the multicast router mode enabled.
This command disables multicast router mode for a VLAN with a particular VLAN ID.
This command configures the interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs.
This command disables the status of the interface as a statically configured multicast router interface.
This command displays IGMP Snooping information. Configured information is displayed whether or not IGMP Snooping is enabled.
When the optional arguments <slot/port> or <vlanid> are not used, the command displays the following information.
When you specify the <slot/port> values, the following information displays.
When you specify a value for <vlanid>, the following additional information appears.
This command displays information about statically configured ports.
This command displays information about statically configured ports.
Shows the port on which multicast router information is being displayed. |
|
Displays the list of VLANs of which the interface is a member. |
This command displays the IGMP Snooping entries in the MFDB table.
This section describes the command you use to configure Port Security on the switch. Port security, which is also known as port MAC locking, allows you to secure the network by locking allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally, and all other packets are discarded.
Note - To enable the SNMP trap specific to port security, see snmp-server enable traps violation. |
This command enables port locking at the system level (Global Config) or port level (Interface Config)
This command disables port locking at the system level (Global Config) or port level (Interface Config).
This command sets the maximum of dynamically locked MAC addresses allowed on a specific port.
This command resets the maximum of dynamically locked MAC addresses allowed on a specific port to its default value.
This command sets the maximum number of statically locked MAC addresses allowed on a specific port.
This command resets the maximum of statically locked MAC addresses allowed on a specific port to its default value.
This command adds a MAC address to the list of statically locked MAC addresses. The <vid> is the VLAN ID.
This command removes a MAC address from the list of statically locked MAC addresses.
This command converts dynamically locked MAC addresses to statically locked addresses.
This command displays the port-security settings. If you do not use a parameter, the command displays the settings for the entire system. Use the optional parameters to display the settings on a specific interface or on all interfaces.
For each interface, or for the interface you specify, the following information appears.
Port Locking mode for the Interface. This field displays if you do not supply any parameters. |
|
This command displays the dynamically locked MAC addresses for the port.
This command displays the statically locked MAC addresses for port.
This command displays the source MAC address of the last packet discarded on a locked port.
This section describes the command you use to configure Link Layer Discovery Protocol (LLDP), which is defined in the IEEE 802.1AB specification. LLDP allows stations on an 802 LAN to advertise major capabilities and physical descriptions. The advertisements allow a network management system (NMS) to access and display this information.
Use this command to enable the LLDP advertise capability.
Use this command to return the local data transmission capability to the default.
Use this command to enable the LLDP receive capability.
Use this command to return the reception of LLDPDUs to the default value.
Use this command to set the timing parameters for local data transmission on ports enabled for LLDP. The <interval-seconds> determines the number of seconds to wait between transmitting local data LLDPDUs. The range is 1-32768 seconds. The <hold-value> is the multiplier on the transmit interval that sets the TTL in local data LLDPDUs. The multiplier range is 2-10. The <reinit-seconds> is the delay before re-initialization, and the range is 1-0 seconds.
lldp timers [interval <interval-seconds>] [hold <hold-value>] [reinit <reinit-seconds>] |
|
Use this command to return any or all timing parameters for local data transmission on ports enabled for LLDP to the default values.
Use this command to specify which optional type length values (TLVs) in the 802.1AB basic management set are transmitted in the LLDPDUs. Use sys-name to transmit the system name TLV. To configure the system name, see snmp-server Use sys-desc to transmit the system description TLV. Use sys-cap to transmit the system capabilities TLV. Use port-desc to transmit the port description TLV. To configure the port description, see description
lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc] |
|
Use this command to remove an optional TLV from the LLDPDUs. Use the command without parameters to remove all optional TLVs from the LLDPDU.
no lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc] |
|
---|---|
Use this command to include transmission of the local system management address information in the LLDPDUs.
Use this command to include transmission of the local system management address information in the LLDPDUs. Use this command to cancel inclusion of the management information in LLDPDUs.
Use this command to enable remote data change notifications.
Use this command to disable notifications.
Use this command to configure how frequently the system sends remote data change notifications. The <interval> parameter is the number of seconds to wait between sending notifications. The valid interval range is 5-3600 seconds.
Use this command to return the notification interval to the default value.
Use this command to reset all LLDP statistics.
Use this command to delete all information from the LLDP remote data table.
Use this command to display a summary of the current LLDP configuration.
Use this command to display a summary of the current LLDP configuration for a specific interface or for all interfaces.
Use this command to display the current LLDP traffic and remote table statistics for a specific interface or for all interfaces.
Use this command to display summary information about remote devices that transmit current LLDP data to the system. You can show information about LLDP remote data received on all ports or on a specific port.
Identifies the interface that received the LLDPDU from the remote device. |
|
Use this command to display detailed information about remote devices that transmit current LLDP data to an interface on the system.
Use this command to display summary information about the advertised LLDP local data. This command can display summary information or detail for each interface.
Use this command to display detailed information about the LLDP data a specific interface transmits.
This section describes the commands you use to configure DoS Control. FASTPATH software provides support for classifying and blocking specific types of Denial of Service attacks.
You can configure your system to monitor and block six types of attacks:
1. SIP=DIP: Source IP address = Destination IP address.
2. First Fragment:TCP Header size smaller then configured value.
3. TCP Fragment: IP Fragment Offset = 1.
4. TCP Flag: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
5. L4 Port: Source TCP/UDP Port = Destination TCP/UDP Port.
6. ICMP: Limiting the size of ICMP Ping packets.
This command enables Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with SIP=DIP, the packets will be dropped if the mode is enabled.
This command disables Source IP Address = Destination IP Address (SIP=DIP) Denial of Service prevention.
This command enables Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller then the configured value, the packets will be dropped if the mode is enabled.The default is disabled. If you enable dos-control firstfrag, but do not provide a Minimum TCP Header Size, the system sets that value to 20.
This command sets Minimum TCP Header Size Denial of Service protection to the default value of disabled.
This command enables TCP Fragment Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having IP Fragment Offset equal to one (1), the packets will be dropped if the mode is enabled.
This command disabled TCP Fragment Denial of Service protection.
This command enables TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attacks. If packets ingress having TCP Flag SYN set and a source port less than 1024 or having TCP Control Flags set to 0 and TCP Sequence Number set to 0 or having TCP Flags FIN, URG, and PSH set and TCP Sequence Number set to 0 or having TCP Flags SYN and FIN both set, the packets will be dropped if the mode is enabled.
This command sets disables TCP Flag Denial of Service protections.
This command enables L4 Port Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having Source TCP/UDP Port Number equal to Destination TCP/UDP Port Number, the packets will be dropped if the mode is enabled.
This command disables L4 Port Denial of Service protections.
This command enables Maximum ICMP Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If ICMP Echo Request (PING) packets ingress having a size greater than the configured value, the packets will be dropped if the mode is enabled.
This command disables Maximum ICMP Packet Size Denial of Service protections.
This command displays Denial of Service configuration information.
This section describes the commands you use to configure and view information about the MAC databases.
This command configures the forwarding database address aging timeout in seconds. The <seconds> parameter must be within the range of 10 to 1,000,000 seconds.
This command sets the forwarding database address aging timeout to the default value.
This command displays the timeout for address aging. In an IVL system, the [fdbid | all] parameter is required.
This command displays the Multicast Forwarding Database (MFDB) information. If you enter the command with no parameter, the entire table is displayed. You can display the table entry for one MAC Address by specifying the MAC address as an optional parameter.
This command displays the Multicast Forwarding Database (MFDB) statistics.
This section describes the Layer 2 failover commands. Layer 2 failover functionality disables configured server ports in case a monitored uplink port or port channel fails. This failover is designed to be used with NIC teaming or bonding to facilitate uplink redundancy without the need for Layer 2 connections between Fabric/Base switches.
Layer 2 failover incorparates the track object features of VRRP, using the object status to determine uplink status to the switch. For commands and configuration guidelines, see VRRP Tracking Commands.
This command configures the interface to track the configured monitor and to disable the interface if the monitor status is down. The number at the end of the command corresponds to the track object number listed under the global configuration.
Show status of single or all interfaces configured with the failover track command.
This section provides a detailed explanation of the link aggregation (LAG) commands. The commands are divided into two functional groups:
This command enables the support of port-channels (static link aggregations - LAGs) on the device. By default, the static capability for all port-channels is disabled.
This command disables the support of static port-channels (link aggregations - LAGs) on the device.
This command enables Link Aggregation Control Protocol (LACP) on a port.
This command disables Link Aggregation Control Protocol (LACP) on a port.
This command enables Link Aggregation Control Protocol (LACP) on all ports.
This command disables Link Aggregation Control Protocol (LACP) on all ports.
This command configures a new port-channel (LAG) and generates a logical slot/port number for the port-channel. The <name> field is a character string which allows the dash '-' character as well as alphanumeric characters. Display this number using the “show port-channel”.
Note - Before including a port in a port-channel, set the port physical mode (see speed). |
This command deletes a port-channel (LAG).
This command enables a port-channel (LAG). The interface is a logical slot/port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.
This command disables a port-channel (LAG). The interface is a logical slot/port for a configured port- channel. The option all sets every configured port-channel with the same administrative mode setting.
This command enables link trap notifications for the port-channel (LAG). The interface is a logical slot/ port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.
This command disables link trap notifications for the port-channel (LAG). The interface is a logical unit, slot and port slot and port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.
This command defines a name for the port-channel (LAG). The interface is a logical slot/port for a configured port-channel, and name is an alphanumeric string up to 15 characters. This command is used to modify the name that was associated with the port-channel when it was created.
This command displays the static capability of all port-channels (LAGs) on the device as well as a summary of individual port-channels.
This field displays whether or not the device has static capability enabled. |
For each port-channel, the following information is displayed.
This command displays an overview of all port-channels (LAGs) on the switch.
© 2007 Diversified Technology, Inc. All Rights Reserved. © 2009 Sun Microsystems, Inc. All rights reserved.