Release Note |
|
Software Version 2.8.1 |
|
For AT-8800, Rapier i, AT-8700XL, AT-8600, |
|
AT-9900, x900-48FE, AT-8900 and AT-9800 Series |
|
Switches |
|
and AR400 and AR700 Series Routers |
|
Introduction ....................................................................................................... |
4 |
Upgrading to Software Version 2.8.1 ................................................................. |
5 |
Backwards Compatibility Issue when Upgrading ......................................... |
5 |
Overview of New Features ................................................................................. |
6 |
System Enhancements ....................................................................................... |
9 |
Clearing System Parameters ....................................................................... |
9 |
Extended Monitoring of CPU Utilisation ...................................................... |
9 |
Command Reference Updates .................................................................. |
11 |
Command Line Interface (CLI) Enhancements .................................................. |
15 |
More flexibility in Separating Parameters and Values ................................. |
15 |
Additional Shortcuts when Editing ............................................................ |
17 |
Command Reference Updates .................................................................. |
18 |
File System Enhancement ................................................................................. |
21 |
Command Reference Updates .................................................................. |
21 |
Switching Enhancements ................................................................................. |
25 |
Ordering Hardware Filters in 48-Port Switches .......................................... |
25 |
Limiting Rapid MAC Movement ................................................................ |
27 |
Route Update Queue Length .................................................................... |
29 |
Removing a Description from a Switch Port .............................................. |
30 |
Securing a Single VLAN through Switch Filters .......................................... |
30 |
Change of Debug Command Syntax ........................................................ |
32 |
Enhanced Static Switch Filtering on Ports within a Trunk Group ................ |
32 |
Ethernet Protection Switching Ring (EPSR) ................................................ |
32 |
Command Reference Updates .................................................................. |
33 |
PPPoE Access Concentrator .............................................................................. |
47 |
Command Reference Updates .................................................................. |
47 |
MSTP Enhancement ......................................................................................... |
50 |
Command Reference Updates .................................................................. |
50 |
STP Enhancement ............................................................................................ |
51 |
Command Reference Updates .................................................................. |
51 |
Asynchronous Port Enhancement ..................................................................... |
52 |
Making Asynchronous Ports Respond More Quickly .................................. |
52 |
Command Reference Updates .................................................................. |
53 |
Internet Group Management Protocol (IGMP) Enhancements ........................... |
55 |
IGMP Proxy on x900 Series Switches ......................................................... |
55 |
IGMP filtering extended to all IGMP message types .................................. |
57 |
Monitoring reception of IGMP general query messages ............................ |
59 |
Command Reference Updates .................................................................. |
60 |
Internet Protocol (IP) Enhancements ................................................................. |
66 |
Expanded number of Eth interfaces per physical interface ......................... |
66 |
Expanded IP Troubleshooting .................................................................... |
66 |
2 |
Release Note |
|
|
IP Route Preference Options ..................................................................... |
66 |
|
IPv4 Filter Expansion ................................................................................. |
67 |
|
Enhancements to Display of UDP Connections over IPv4 ........................... |
68 |
|
Waiting for a Response to an ARP Request ............................................... |
68 |
|
Adding Static ARP Entries with Multicast MAC Addresses ......................... |
69 |
|
Enhanced Static ARP Entry Filtering on Ports within a Trunk Group ........... |
70 |
|
Command Reference Updates .................................................................. |
71 |
|
IPv6 Enhancements .......................................................................................... |
80 |
|
Display of UDP Connections over IPv6 ...................................................... |
80 |
|
IPv6 Tunnel Expansion .............................................................................. |
80 |
|
Command Reference Updates .................................................................. |
81 |
|
L2TP Enhancements ......................................................................................... |
82 |
|
Decoding Debug Output and Setting a Time Limit for Debugging ............. |
82 |
|
Resetting General L2TP Counters .............................................................. |
83 |
|
Handling PPP Link Negotiation Failures ..................................................... |
83 |
|
Command Reference Updates .................................................................. |
84 |
|
Open Shortest Path First Enhancements ........................................................... |
89 |
|
OSPF Interface Password .......................................................................... |
89 |
|
NSSA Translator Role ................................................................................ |
89 |
|
Redistributing External Routes .................................................................. |
91 |
|
Command Reference Updates .................................................................. |
94 |
|
BGP Enhancements ........................................................................................ |
102 |
|
BGP Backoff Lower Threshold ................................................................ |
102 |
|
BGP Peer and Peer Template Enhancements ........................................... |
103 |
|
Displaying Routes Learned from a Specific BGP Peer ............................... |
104 |
|
Command Reference Updates ................................................................ |
105 |
|
MLD and MLD Snooping Enhancements ........................................................ |
112 |
|
MLD Packet Formats ............................................................................... |
112 |
|
ICMP type for MLDv2 Reports ................................................................ |
112 |
|
MLD Snooping Group Membership Display ............................................ |
113 |
|
Change of Maximum Query Response Interval for MLD .......................... |
113 |
|
Command Reference Updates ................................................................ |
114 |
|
Extension to Range of Classifier fields for x900 Switches ................................ |
117 |
|
Command Reference Updates ................................................................ |
117 |
|
QoS Enhancements ........................................................................................ |
125 |
|
Port Groups ............................................................................................ |
125 |
|
Storm protection .................................................................................... |
126 |
|
Command Reference Updates ................................................................ |
128 |
|
Secure Copy (SCP) ......................................................................................... |
142 |
|
Configuring Secure Copy ....................................................................... |
142 |
|
Loading using Secure Copy .................................................................... |
144 |
|
Uploading using Secure Copy ................................................................. |
145 |
|
Command Reference Updates ................................................................ |
147 |
|
SSL Counter Enhancement ............................................................................. |
158 |
|
Command Reference Updates ................................................................ |
158 |
|
Firewall Enhancements ................................................................................... |
160 |
|
Firewall Licencing ................................................................................... |
160 |
|
Disabling SIP ALG Call ID Translation ....................................................... |
160 |
|
Displaying SIP ALG Session Details .......................................................... |
161 |
|
Firewall Policy Rules Expansion ............................................................... |
161 |
|
Displaying a Subset of Policy Rules .......................................................... |
162 |
|
Command Reference Updates ................................................................ |
162 |
|
Enhancements to IPsec/VPN ........................................................................... |
169 |
|
Responding to IPsec Packets from an |
|
|
Unknown Tunnel ............................................................................. |
169 |
|
Modifying the Message Retransmission Delay ......................................... |
170 |
|
Retrying ISAKMP Phase 1 and 2 Negotiations ......................................... |
171 |
|
VPN Tunnel Licencing ............................................................................. |
172 |
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
3 |
Command Reference Updates ................................................................ |
173 |
SNMP MIBs .................................................................................................... |
186 |
SHDSL Line MIB ...................................................................................... |
186 |
Logging SNMP operation ........................................................................ |
187 |
Traps on OSPF state changes .................................................................. |
188 |
Trap on VRRP topology changes ............................................................. |
189 |
Traps on MSTP state and topology changes ............................................ |
189 |
Restart Log ............................................................................................. |
190 |
Trap on Login Failures ............................................................................. |
190 |
VLAN-based port state changes .............................................................. |
190 |
Trap on Memory Levels ........................................................................... |
191 |
Command Reference Updates ................................................................ |
192 |
CDP over WAN Interfaces .............................................................................. |
193 |
Command Reference Updates ................................................................ |
193 |
Permanent Assignments on AR400 Series Routers .......................................... |
197 |
Software Version 2.8.1
C613-10477-00 REV B
4 |
Introduction |
Release Note |
Introduction
Allied Telesis announces the release of Software Version 2.8.1 on the products in the following table. This Release Note describes the new features and enhancements.
Product series |
Models |
|
|
x-900-48FE |
x-900-48FE, x-900-48FE-N |
|
|
AT-9900 |
AT-9924T, AT-9924SP, AT-9924T/4SP |
|
|
AT-8900 |
AT-8948 |
|
|
AT-9800 |
AT-9812T, AT-9816GB |
|
|
Rapier i |
Rapier 24i, Rapier 48i, Rapier 16fi |
|
|
AT-8800 |
AT-8824, AT-8848 |
|
|
AT-8700XL |
AT-8724XL, AT-8748XL |
|
|
AT-8600 |
AT-8624T/2M, AT-8624PoE, AT-8648T/2SP |
|
|
AR700 |
AR725, AR745, AR750S, AR770S |
|
|
AR400 |
AR415S, AR440S, AR441S, AR442S, AR450S |
|
|
The product series that each feature and enhancement applies to are shown in “Overview of New Features” on page 6. This Release Note should be read in conjunction with the Installation and Safety Guide or Quick Install Guide, Hardware Reference, and Software Reference for your router or switch. These documents can be found on the Documentation and Tools CD-ROM packaged with your router or switch, or:
www.alliedtelesis.com/support/software
This Release Note has the following structure:
1.Upgrading to Software Version 2.8.1
This section lists the names of the files that may be downloaded from the web site.
2.Overview of New Features
This section lists the new features and shows the product families on which each feature is supported.
3.Descriptions of New Features
These sections describe how to configure each new feature.
Caution: Information in this document is subject to change without notice and does not represent a commitment on the part of Allied Telesis Inc. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesis Inc. can not accept any type of liability for errors in, or omissions arising from, the use of this information.
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
|
|
|
5 |
|
|
Upgrading to Software Version 2.8.1 |
||
|
|
|
||
|
|
Software Version 2.8.1 is available as a flash release that can be downloaded |
||
|
|
directly from the Software/Documentation area of the Allied Telesis website: |
||
|
|
www.alliedtelesis.com/support/software |
|
|
|
|
Software versions must be licenced and require a password to activate. To |
||
|
|
obtain a licence and password, contact your authorised Allied Telesis |
||
|
|
distributor or reseller. |
|
|
|
|
The following table lists the file names for Software Version 2.8.1. |
||
|
|
|
|
|
Product name |
Release file |
GUI resource file |
CLI help file |
|
|
|
|
|
|
AT-9924T/4SP |
89-281.rez |
9924_281-00_en_d.rsc |
89-281a.hlp |
|
|
|
|
|
|
AT-9924SP |
89-281.rez |
9924_281-00_en_d.rsc |
89-281a.hlp |
|
|
|
|
|
|
AT-9924T/4SP |
89-281.rez |
9924_281-00_en_d.rsc |
89-281a.hlp |
|
|
|
|
|
|
AT-8948 |
89-281.rez |
— |
89-281a.hlp |
|
|
|
|
|
|
x900-48FE |
89-281.rez |
— |
89-281a.hlp |
|
|
|
|
|
|
AT-9812T |
sb-281.rez |
9812_281-00_en_d.rsc |
98-281a.hlp |
|
|
|
|
|
|
AT-9816GB |
sb-281.rez |
9816_281-00_en_d.rsc |
98-281a.hlp |
|
|
|
|
|
|
Rapier 24i |
86s-281.rez |
r24i_281-00_en_d.rsc |
rp-281a.hlp |
|
|
|
|
|
|
Rapier 48i |
86s-281.rez |
r16i_281-00_en_d.rsc |
rp-281a.hlp |
|
|
|
|
|
|
Rapier16fi |
86s-281.rez |
r48i_281-00_en_d.rsc |
rp-281a.hlp |
|
|
|
|
|
|
AT-8824 |
86s-281.rez |
8824_281-00_en_d.rsc |
88-281a.hlp |
|
|
|
|
|
|
AT-8848 |
86s-281.rez |
8848_281-00_en_d.rsc |
88-281a.hlp |
|
|
|
|
|
|
AT-8724XL |
87-281.rez |
8724_281-00_en_d.rsc |
87-281a.hlp |
|
|
|
|
|
|
AT-8748XL |
87-281.rez |
8748_281-00_en_d.rsc |
87-281a.hlp |
|
|
|
|
|
|
AT-8624PoE |
sr-281.rez |
— |
86-281a.hlp |
|
|
|
|
|
|
AT-8624T/2M |
sr-281.rez |
sr24_281-00_en_d.rsc |
86-281a.hlp |
|
|
|
|
|
|
AT-8648T/2SP |
sr-281.rez |
— |
86-281a.hlp |
|
|
|
|
|
|
AR770S |
55-281.rez |
— |
700-281a.hlp |
|
|
|
|
|
|
AR750S |
55-281.rez |
750s_281-00_en_d.rsc |
700-281a.hlp |
|
|
|
|
|
|
AR725 |
52-281.rez |
725_281-00_en_d.rsc |
700-281a.hlp |
|
|
|
|
|
|
AR745 |
52-281.rez |
745_281-00_en_d.rsc |
700-281a.hlp |
|
|
|
|
|
|
AR440S |
54-281.rez |
440s_281-00_en_d.rsc |
400-281a.hlp |
|
|
|
|
|
|
AR441S |
54-281.rez |
441s_281-00_en_d.rsc |
400-281a.hlp |
|
|
|
|
|
|
AR442S |
54-281.rez |
442s_281-00_en_d.rsc |
400-281a.hlp |
|
|
|
|
|
|
AR415S |
54-281.rez |
415s_281-00_en_d.rsc |
400-281a.hlp |
|
|
|
|
|
|
AR450S |
54-281.rez |
450s_281-00_en_d.rsc |
400-281a.hlp |
|
|
|
|
|
|
The asexternal parameter of the set ospf command has changed. See OSPF backward compatibility).
Software Version 2.8.1
C613-10477-00 REV B
6 |
Overview of New Features |
Release Note |
Overview of New Features
The following table lists the new features and enhancements by product series.
For supported models, see “Introduction” on page 4.
|
AR400 |
AR7x5 AR750S Rapier |
AT-8800 |
AT-8700XL |
AT-8600 |
AT-9800 AT-8900 x900-48FE AT-9900 |
|
|
|
||||||
System: Clearing System Parameters |
9 9 9 9 9 9 9 9 9 9 9 |
||||||
|
|
||||||
System: Extended Monitoring of CPU Utilisation |
9 9 9 9 9 9 9 9 9 9 9 |
||||||
|
|
||||||
CLI: Command Line Interface (CLI) Enhancements |
9 9 9 9 9 9 9 9 9 9 9 |
||||||
|
|
||||||
File System: File System Enhancement |
9 9 9 9 9 9 9 9 9 9 9 |
||||||
|
|
|
|
||||
Switching: Ordering Hardware Filters in 48-Port Switches |
|
9 9 9 9 |
|
||||
|
|
|
|
|
|
|
|
Switching: Limiting Rapid MAC Movement |
|
|
|
|
|
9 9 9 |
|
|
|
|
|
|
|
|
|
Switching: Route Update Queue Length |
|
|
|
|
|
9 9 9 |
|
|
|
|
|||||
Switching: Removing a Description from a Switch Port |
9 |
9 9 9 9 9 9 9 9 9 |
|||||
|
|
|
|
||||
Switching: Securing a Single VLAN through Switch Filters |
|
9 9 9 9 |
|
||||
|
|
|
|
|
|
|
|
Switching: Change of Debug Command Syntax |
9 |
9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Switching: Enhanced Static Switch Filtering on Ports within a |
|
9 |
9 |
9 |
9 |
9 |
|
Trunk Group |
|
||||||
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
Switching: Ethernet Protection Switching Ring (EPSR) |
|
|
|
|
|
9 9 9 |
|
|
|
|
|
||||
MSTP: MSTP Enhancement |
|
9 9 9 9 |
9 9 9 |
||||
|
|
|
|||||
STP: STP Enhancement |
|
9 9 9 9 9 9 9 9 |
|||||
|
|
|
|
|
|
|
|
Asyn Ports: Making Asynchronous Ports Respond More |
9 9 9 9 9 9 9 9 9 9 9 |
||||||
Quickly |
|||||||
|
|
|
|
|
|
||
|
|
|
|
|
|||
PPPoE: PPPoE Access Concentrator |
9 9 9 9 9 |
|
|
9 9 9 9 |
|||
|
|
|
|
|
|
|
|
IGMP: IGMP Proxy on x900 Series Switches |
|
|
|
|
|
9 9 9 |
|
|
|
||||||
IGMP: IGMP filtering extended to all IGMP message types |
9 9 9 9 9 9 9 9 9 9 9 |
IGMP: Monitoring reception of IGMP general query messages 9 9 9 |
9 9 9 9 9 9 9 9 |
|
|
IP: Expanded number of Eth interfaces per physical interface 9 9 9 |
|
IP: Expanded IP Troubleshooting |
9 9 9 9 9 9 9 9 9 9 9 |
||||||||
|
|
||||||||
IP: IP Route Preference Options |
9 9 9 9 9 9 9 9 9 9 9 |
||||||||
|
|
||||||||
IP: IPv4 Filter Expansion |
9 9 9 9 9 9 9 9 9 9 9 |
||||||||
|
|
||||||||
IP: Enhancements to Display of UDP Connections over IPv4 |
9 9 9 9 9 9 9 9 9 9 9 |
||||||||
|
|
||||||||
IP: Waiting for a Response to an ARP Request |
9 9 9 9 9 9 9 9 9 9 9 |
||||||||
|
|
||||||||
IP: Adding Static ARP Entries with Multicast MAC Addresses |
9 9 9 9 9 9 9 9 9 9 9 |
||||||||
|
|
|
|
|
|
|
|
|
|
IP: Enhanced Static ARP Entry Filtering on Ports within a |
9 |
9 |
9 |
9 |
9 |
9 |
9 |
9 |
|
Trunk Group |
|||||||||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|||||
IPv6: Display of UDP Connections over IPv6 |
9 9 9 9 9 |
|
|
9 9 9 9 |
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
|
|
|
7 |
|
|
|
|
|
|
|
|
|
AR400 AR7x5 AR750S Rapier AT-8800 |
AT-8700XL AT-8600 AT-9800 AT-8900 |
x900-48FE |
AT-9900 |
|
|
|
|
|
|
|
IPv6: IPv6 Tunnel Expansion |
9 |
|
|
|
|
|
|
|
||
|
L2TP: Decoding Debug Output and Setting a Time Limit for |
9 9 9 9 9 |
9 9 9 9 |
||
|
Debugging |
|
|
|
|
|
L2TP: Resetting General L2TP Counters |
9 9 9 9 9 |
9 9 9 9 |
||
|
|
|
|
||
|
L2TP: Handling PPP Link Negotiation Failures |
9 9 9 9 9 |
9 9 9 9 |
||
|
|
|
|
||
|
OSPF: OSPF Interface Password |
9 9 9 9 9 |
9 9 9 9 9 9 |
||
|
|
|
|
||
|
OSPF: NSSA Translator Role |
9 9 9 9 9 |
9 9 9 9 9 9 |
||
|
|
|
|
||
|
OSPF: Redistributing External Routes |
9 9 9 9 9 |
9 9 9 9 9 9 |
||
|
|
|
|
||
|
BGP: BGP Backoff Lower Threshold |
9 9 9 9 9 |
9 9 9 9 |
||
|
|
|
|
||
|
BGP: BGP Peer and Peer Template Enhancements |
9 9 9 9 9 |
9 9 9 9 |
||
|
|
|
|
||
|
BGP: Displaying Routes Learned from a Specific BGP Peer |
9 9 9 9 9 |
9 9 9 9 |
||
|
|
|
|
||
|
MLD: MLD Packet Formats |
9 9 9 9 9 |
9 9 9 9 |
||
|
|
|
|
||
|
MLD: ICMP type for MLDv2 Reports |
9 9 9 9 9 |
9 9 9 9 |
||
|
|
|
|
||
|
MLD: MLD Snooping Group Membership Display |
9 9 |
9 9 9 9 |
||
|
|
|
|||
|
MLD: Change of Maximum Query Response Interval for MLD 9 9 9 9 9 |
9 9 9 9 |
|||
|
Classifier: Extension to Range of Classifier fields for x900 |
|
9 |
9 |
9 |
|
Switches |
|
|||
|
|
|
|
|
|
|
|
|
|
||
|
QoS: Port Groups |
|
9 9 9 |
||
|
|
|
|
||
|
QoS: Storm protection |
|
9 9 9 |
||
|
|
|
|
||
|
SCP: Configuring Secure Copy |
9 9 9 9 9 |
9 9 9 9 9 9 |
||
|
|
|
|
||
|
SCP: Loading using Secure Copy |
9 9 9 9 9 |
9 9 9 9 9 9 |
||
|
|
|
|
||
|
SCP: Uploading using Secure Copy |
9 9 9 9 9 |
9 9 9 9 9 9 |
||
|
|
|
|
||
|
SSL: SSL Counter Enhancement |
9 9 9 9 9 |
9 9 9 9 9 9 |
||
|
|
|
|
|
|
|
Firewall: Firewall Licencing |
9 9 9 9 9 |
9 |
|
|
|
|
|
|
|
|
|
Firewall: Disabling SIP ALG Call ID Translation |
9 9 9 9 9 |
|
|
|
|
|
|
|
|
|
|
Firewall: Displaying SIP ALG Session Details |
9 9 9 9 9 |
|
|
|
|
|
|
|
|
|
|
Firewall: Firewall Policy Rules Expansion |
9 9 9 9 9 |
|
|
|
|
|
|
|
|
|
|
Firewall: Displaying a Subset of Policy Rules |
9 9 9 9 9 |
9 |
|
|
|
|
|
|
|
|
|
IPSEC/VPN: Responding to IPsec Packets from an Unknown |
9 9 9 9 9 |
|
|
|
|
Tunnel |
|
|
|
|
|
IPSEC/VPN: Modifying the Message Retransmission Delay |
9 9 9 9 9 |
|
|
|
|
|
|
|
|
|
|
IPSEC/VPN: Retrying ISAKMP Phase 1 and 2 Negotiations |
9 9 9 9 9 |
|
|
|
|
|
|
|
|
|
|
IPSEC/VPN: VPN Tunnel Licencing |
9 9 9 9 9 |
|
|
|
|
|
|
|
|
|
|
SNMP MIBs: SHDSL Line MIB |
9 |
|
|
|
|
|
|
|
||
|
SNMP MIBs: Logging SNMP operation |
9 9 9 9 9 |
9 9 9 9 9 9 |
Software Version 2.8.1
C613-10477-00 REV B
8 |
Overview of New Features |
|
Release Note |
|
|
|
|
|
|
|
|
|
AR400 AR7x5 AR750S Rapier AT-8800 AT-8700XL AT-8600 |
AT-9800 AT-8900 x900-48FE AT-9900 |
|
|
|
||
|
SNMP MIBs: Traps on OSPF state changes |
9 9 9 9 9 9 9 9 9 9 9 |
||
|
|
|
||
|
SNMP MIBs: Trap on VRRP topology changes |
9 9 9 9 9 9 9 9 9 9 9 |
||
|
|
|
|
|
|
SNMP MIBs: Traps on MSTP state and topology changes |
9 9 9 9 |
9 9 9 |
|
|
|
|
||
|
SNMP MIBs: Restart Log |
9 9 9 9 9 9 9 9 9 9 9 |
||
|
|
|
||
|
SNMP MIBs: Trap on Login Failures |
9 9 9 9 9 9 9 9 9 9 9 |
||
|
|
|
||
|
SNMP MIBs: VLAN-based port state changes |
9 9 9 9 9 9 9 9 9 9 9 |
||
|
|
|
||
|
SNMP MIBs: Trap on Memory Levels |
9 9 9 9 9 9 9 9 9 9 9 |
||
|
|
|
|
|
|
CDP: CDP over WAN Interfaces |
9 9 9 9 9 |
9 9 9 9 |
|
|
|
|
|
|
|
Permanent Assignments on AR400 Series Routers |
9 |
|
|
|
|
|
|
|
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
9 |
This Software Version includes the following enhancements to system commands:
■Clearing System Parameters
■Extended Monitoring of CPU Utilisation
This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.
The option none has been added to the following commands:
set system name={name|none}
set system contact={contact-name|none}
set system location={location|none}
This allows you to clear a previously specified system name, contact name or location. For example, to clear the system name, use one of the commands:
set sys nam=none set sys nam=”” set sys nam=
set sys nam
Command Changes
The following table summarises the modified commands:
Command |
Change |
|
|
set system name |
New none option for name parameter |
|
|
set system contact |
New none option for contact parameter |
|
|
set system location |
New none option for location parameter |
|
|
This Software Version includes a new feature for monitoring CPU utilisation. You can now set the router or switch to capture data about which specific functions the CPU is executing, and the level of instantaneous usage the CPU is experiencing. This allows you, in conjunction with your authorised distributor or reseller, to diagnose the causes of high rates of CPU utilisation on the router or switch.
You can set the router or switch to capture data continuously, or only when the CPU experiences a specific level of instantaneous usage. The router or switch holds up to 500 entries (10 seconds) of data about CPU utilisation.
Software Version 2.8.1
C613-10477-00 REV B
10 |
System Enhancements |
Release Note |
To capture data when the CPU is experiencing a specific amount of instantaneous usage, set the start and start percentages with the command:
activate cpu extended start=1..100 [stop=1..100]
When a start percentage is set, the router or switch automatically disables extended monitoring once it has 500 data entries.
To enable extended monitoring, use the command:
enable cpu extended
This command also lets you capture data immediately, without first setting start and stop percentages. This adds data entries continuously, until you stop it. Only the last 10 seconds of data entries are stored.
To stop capturing data, and reset the start and stop parameters if they are set, use the command:
disable cpu extended
To remove data entries and reset the start and stop parameters in the activate cpu extended command, use the command:
reset cpu utilisation
This command interrupts active data capturing for a specific event. However, monitoring remains enabled, and continues to collect data. This means you can capture data for a particular event without having to disable and re-enable this feature.
Command Changes
The following table summarises the new and modified commands:
Command |
Change |
|
|
activate cpu extended |
New command. |
|
|
disable cpu extended |
New command. |
|
|
enable cpu extended |
New command. |
|
|
reset cpu utilisation |
Modified command. |
|
|
show cpu |
New extended parameter in command. |
|
New output field when extended parameter is used. |
|
|
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
11 |
|
Command Reference Updates |
|
This section describes each new command and the changed portions of |
|
modified commands and output screens. For modified commands and output, |
|
the new parameters, options, and fields are shown in bold. |
|
activate cpu extended |
Syntax |
|
ACTivate CPU EXTended STARt=1..100 [STOp=1..100] |
|
Description |
This new command lets you set monitoring so that it captures data when the |
|
CPU experiences a specific amount of instantaneous usage. |
|
The start parameter sets the percentage of utilisation the CPU must equal or |
|
exceed before it can begin capturing data. When CPU utilisation reaches the |
|
parameter, the router or switch begins capturing data. It continues until |
|
utilisation falls below the stop parameter, or until it captures 500 entries (10 |
|
seconds worth). |
|
The stop parameter sets the percentage of utilisation the CPU must reach to |
|
stop data capturing. If CPU utilisation falls below the stop percentage before |
|
the router or switch has 500 data entries, then the router or switch resumes data |
|
capturing the next time utilisation reaches the start percentage. When the |
|
router or switch has 500 entries, it stops collecting data. |
Example |
To capture extended CPU utilisation data when CPU utilisation exceeds 70% |
|
and until it falls below 50%, use the command: |
|
act cpu ext star=70 sto=50 |
|
disable cpu extended |
Syntax |
|
DISable CPU EXTended |
|
Description |
This new command stops data capture of CPU utilisation, and resets |
|
parameters in the activate cpu extended command. |
Example |
To stop capturing extended CPU utilisation data, use the command: |
|
dis cpu ext |
|
enable cpu extended |
Syntax |
|
ENAble CPU EXTended |
|
Description |
This new command lets you capture up to 500 data entries (10 seconds) of CPU |
|
utilisation data. Extended monitoring is disabled by default. This command |
|
takes effect when you enter it, or use the activate cpu extended command to |
|
collect data during specific usage levels. |
Example |
To begin capturing extended CPU utilisation data, use the command: |
|
ena cpu ext |
Software Version 2.8.1
C613-10477-00 REV B
12 |
System Enhancements |
Release Note |
Syntax RESET CPU UTIlisation
Description This command, which resets all CPU utilisation percentages, has been modified to include resetting any start and stop percentages set with the activate cpu extended command. It also removes any data captured during extended utilisation monitoring, and clears this output from the show cpu command.
Example To reset the CPU utilisation, use the command:
reset cpu util
Syntax SET SYStem CONtact={contact-name|NONE}
The contact parameter specifies the contact name, which is:
■displayed in the output of the show system command
■stored in the MIB object sysContact
If the new option none is specified, no contact name is defined. Any existing contact name is cleared. The default is none.
Syntax SET SYStem LOCation={location|NONE}
The location parameter specifies the location of the router or switch, which is:
■displayed in the output of the show system command
■stored in the MIB object sysLocation
If the new option none is specified, no location is defined. Any existing location is cleared. The default is none.
Syntax SET SYStem NAMe={name|NONE}
The name parameter specifies the system name of the router or switch, which is:
■displayed in the output of the show system command
■displayed in the CLI prompt so you know which router or switch you are configuring
■stored in the MIB object sysName
If the new option none is specified, no name is defined. Any existing name is cleared. The default is none.
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
13 |
Syntax SHow CPU [EXTended]
Description The new extended parameter in this command displays information about extended CPU utilisation data.
Figure 1: Example output from the show cpu extended command
CPU Utilisation ( |
as |
a percentage ) |
|
---------------------------------------- |
|||
Maximum since router |
restarted ..... 100 |
||
Maximum over last |
5 minutes ........ |
100 |
|
Average since router |
restarted ..... 5 |
||
Average over last |
5 minutes ........ |
6 |
|
Average over last |
minute ........... |
7 |
|
Average over last |
10 |
seconds ....... |
41 |
Average over last |
second ........... |
100 |
|
---------------------------------------- |
Extended CPU Information
------------------------------------------------------------
State |
............... |
Enabled |
Current ........Time |
21:44:49 (04aa9a34 / 2573941241) |
|
Current Install ..... 54-281.rez (5012892) |
||
Start .......percent |
- |
|
Stop ........percent |
- |
|
msSM |
Timestamp Util Caller Return1 Return2 Return3 |
------------------------------------------------------------
04aa9a34 |
2573927208 |
100 |
0021a384 |
00031c0c |
00027e8c |
0021a57c |
04aa9a20 |
2573907218 |
100 |
0021a384 |
00031c0c |
00027e8c |
0021a57c |
04aa9a0c |
2573887230 |
100 |
0021a4b0 |
00031c0c |
00027e8c |
0021a57c |
. |
|
|
|
|
|
|
. |
|
|
|
|
|
|
. |
|
|
|
|
|
|
Software Version 2.8.1
C613-10477-00 REV B
14 |
System Enhancements |
Release Note |
|
|
|
Table 1: New parameters in output of the show cpu=extended command |
|
|
|
|
|
|
|
Parameter |
Meaning |
|
|
|
|
|
|
State |
Whether extended CPU utilisation is enabled. |
|
|
|
|
|
|
Current Time |
Current time in hh:mm:ss format. The time in |
|
|
|
milliseconds since midnight, and the current timestamp |
|
|
|
are also in brackets. |
|
|
|
|
|
|
Current Install |
Current installed release, with the size of the release in |
|
|
|
brackets. |
|
|
|
|
|
|
Start percent |
Percentage of utilisation that the CPU must reach, if any, |
|
|
|
before the router or switch can begin capturing |
|
|
|
extended CPU utilisation data. A “-” shows if no |
|
|
|
percentage is set. |
|
|
|
|
|
|
Stop percent |
Percentage of utilisation that the CPU must fall below |
|
|
|
before the router or switch stops capturing extended |
|
|
|
CPU utilisation data. |
|
|
|
|
|
|
msSM |
Time when the router or switch captured the CPU |
|
|
|
utilisation sample. The time format is milliseconds since |
|
|
|
midnight, in hexadecimal notation. |
|
|
|
|
|
|
Timestamp |
Time when the router or switch captured the CPU |
|
|
|
utilisation sample. The time format is microseconds |
|
|
|
since the router or switch last restarted. This figure |
|
|
|
wraps at 4 294 967 295 to return to 0. |
|
|
|
|
|
|
Util |
Percentage of instantaneous CPU utilisation. |
|
|
|
|
|
|
Caller |
Return address of the function that the CPU is |
|
|
|
executing. |
|
|
|
|
|
|
Return 1, Return 2, Return 3 |
Return addresses for function calls on the CPU stack. |
|
|
|
|
Example To display the extended CPU utilisation data, use the command:
sh cpu ext
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
15 |
Command Line Interface (CLI)
Enhancements
The CLI has been enhanced in the following ways:
■More flexibility in Separating Parameters and Values
■Additional Shortcuts when Editing
■New command show command history that displays past commands. Please note that it replaces the Ctrl-C shortcut.
■You can now use the create config command to also set the router or switch to use the new configuration file.
This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.
The CLI has been enhanced to give you the flexibility of choosing whether the equals sign should be required between parameters and their related values in the syntax.
Parameters are keywords in a command that define the object or details of the action. Parameter values can be numbers or text, or can come from a list of items. Now you can set the syntax so that parameters and values can be separated by either one of the following:
■an equals sign (=)
■a single space
The set command assignmentoperator command lets you change the syntax. When using aliases, we suggest you use the = sign in the syntax to link parameters with their values. Otherwise, if you separate a parameter with a space, a matching alias could erroneously be substituted for the value. Note that certain command handlers, such as STT, PERM, and ACC, always require the = sign.
Parts of a Command
A command is a sequence of keywords and values that define an action for the router or switch to perform. The Software Reference uses terms in the following figure and table when describing commands.
keywords
add ip rip interface=vlan2 auth=md5 ip=ipadd
|
|
|
|
|
|
|
|
|
|
|
action |
|
|
value |
option |
placeholder |
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
parameters
cli-command-parts
Software Version 2.8.1
C613-10477-00 REV B
16 |
Command Line Interface (CLI) Enhancements |
Release Note |
||
|
|
|
|
|
|
|
Command Part |
Description |
|
|
|
|
|
|
|
|
Keyword |
A generic term for a predefined sequence of characters that the CLI |
|
|
|
|
treats as a single unit. |
|
|
|
|
Actions, parameters, and some parameter values are keywords. |
|
|
|
|
Keywords are not case sensitive. In this Software Reference and the |
|
|
|
|
online help, uppercase letters indicate minimum keyword abbreviations. |
|
|
|
|
|
|
|
|
Action |
The first keyword in a command. This defines the type of operation to |
|
|
|
|
perform. Actions do not have values. |
|
|
|
|
|
|
|
|
Parameter |
Additional keywords that define: |
|
•the object of the action (for example, “ip rip” in the figure above)
•the details of the action (for example, “auth” in the figure above)
Parameters are optional or required, may accept values, and are not case sensitive. Spaces must separate parameters.
Value |
The value assigned to a parameter. Depending on the parameter, a value |
|
|
can be: |
|
|
• an item from a list of option keywords |
|
|
• |
a number |
|
• |
arbitrary text |
|
Values are optional or required. Enter values with the syntax |
|
|
parameter=value or parameter value (for details, see Command |
|
|
Reference Updates). Most values are not case sensitive, except for |
|
|
text, such as passwords. |
|
|
|
|
Option |
A keyword that is one of a pre-defined list of values that a parameter |
|
|
can accept. |
|
|
|
|
Placeholder |
A format convention that describes the value a parameter can accept. |
|
|
Instead of typing the placeholder, replace it with an appropriate value. |
|
|
In this Software Reference, placeholders are printed in lowercase italic |
|
|
font. |
|
|
|
|
Default |
The value the router or switch uses as the parameter when you do not |
|
|
enter one but the parameter requires one. |
|
|
|
|
Command Changes
The following table summarises the new command.
Command |
Description |
set command assignmentoperator New command that sets the assignment operator of the command parser to allow either an equals sign or a space between the parameter as the value.
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
17 |
You can now move the cursor to the beginning or end of lines by using single keys on the keyboard.
To move the cursor to the... |
You could only press... |
Now you can also press the... |
|
|
|
beginning of the command |
Ctrl+A |
Home key |
line |
|
|
|
|
|
end of the command line |
Ctrl+E |
End key |
|
|
|
Command Changes
The following table summarises the changes new and modified commands.
Command |
Description |
|
|
show command history |
New command that displays past commands. |
|
Please note that it replaces the Ctrl-C shortcut. |
|
|
create config |
New set option that lets you set the switch to the |
|
configuration file that you create. |
|
|
Software Version 2.8.1
C613-10477-00 REV B
18 |
Command Line Interface (CLI) Enhancements |
Release Note |
This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold.
Syntax CREate CONfig=filename [SET]
Description This command now lets you set the switch to a configuration file when you create it. This command still requires a user with security officer privilege when the router or switch is in security mode.
Parameter |
Description |
|
|
CONfig |
Name of the configuration file or script to create. If one already exists, |
|
it is replaced. |
|
The filename is in the format [device:]filename.ext and can be: |
|
• uppercase and lowercase letters |
|
• digits |
|
• # $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space |
|
device indicates the physical location where the file is stored. The |
|
default is flash. |
|
.ext is an 3-letter extension, such as .txt or .scp. |
|
Invalid characters are * “ | \ : ? / < > |
|
Default: no default |
|
|
SET |
Sets the switch to use the configuration file or script specified by |
|
filename when the switch boots up again. |
|
|
Example To save the current dynamic configuration to a script file called test.cfg, use the command:
cre con=test.cfg
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
19 |
Syntax SET COMmand {ASSignmentoperator=[Equals|SPaceorequals]}
Description This new command sets the assignment operator of the command parser thereby defining the format of the command syntax for the CLI.
Parameter |
Description |
|
|
|
|
ASSignmentoperator |
Defines the operator between parameters when assigning values. |
|
|
Default: Equals |
|
|
|
|
|
Equals |
Requires users to enter = sign. To ensure clarity |
|
|
and accuracy, we recommend always using the = |
|
|
sign. |
|
|
|
|
SPaceorequals |
Lets users enter either the = sign or just leave a |
|
|
single space between parameters. |
|
|
|
The following commands have the same effect. Note that the first one is clearer because of the = sign.
add ip rou=172.16.9.0 mask=255.255.255.0 int=vlan1 next=172.16.8.82 met=1
add ip rou 172.16.9.0 mask 255.255.255.0 int vlan1 next 172.16.8.82 met 1
Take care when using aliases because they match any whole word on the command line. Therefore, if you separate a parameter with a space, a matching alias could erroneously be substituted for the value.
Note that certain command handlers, such as those for STT, PERM, and ACC, always require the = sign.
Example To set the command processor so that you can enter a space between parameters and values on the command line, use the command:
set com ass=sp
Software Version 2.8.1
C613-10477-00 REV B
20 |
Command Line Interface (CLI) Enhancements |
Release Note |
Syntax SHow COMmand History
Description This new command replaces the Ctrl-C keyboard shortcut, and displays past commands for you to select one from the list (Figure 1).
Figure 2: Example output from the show command history command
131set vrrp 20 portmon off
132set vrrp 20 portmon on
133sh vrrp 20
134sh vrrp 0
135sh vrrp 21
136sh vrrp 255
137sh vrrp none
138sh vrrp any
139destroy qos queue2priomap queue 0 bwclass 2 vrrp none
140destroy qos queue2priomap queue 0 bwclass 2 vrrp any
141destroy qos queue2priomap queue 0 bwclass 2 vrrp 0
142destroy qos queue2priomap queue 0 bwclass 2 vrrp 256
143destroy qos queue2priomap queue 0 bwclass 2 vrrp 17,18
144destroy qos queue2priomap queue 0 bwclass 2 vrrp 17-19
145destroy qos queue2priomap queue 0 bwclass 2 vrrp
146destroy qos queue2priomap queue 0 bwclass 2 vrrp 1
147destroy qos queue2priomap queue 0 bwclass 2 vrrp 20
148destroy qos queue2priomap queue 0 bwclass 2 vrrp all
Enter command number>
Example To see a list of past commands, use the command:
sh com h
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
21 |
This Software Version gives you 4 new commands for working with files.
Command Changes
The following table summarises the new commands:
Command |
Change |
|
|
add file |
New command |
|
|
create file |
New command |
|
|
reset file permanentredirect |
New command |
|
|
show file permanentredirect |
New command |
|
|
This section describes each new command.
add file
Syntax ADD FIle=filename [COMmand=commandstring]
[SCRipt=scriptname] [PERManentredirect] [LIMIT=limit]
Description This new command takes output from a specific command or script and adds it to a text file when you next issue that command or script. This is useful for collecting debug output. If a file does not exist, one is created. While output is being redirected, the text file cannot be edited, renamed, deleted, or uploaded.
Parameter |
Description |
|
|
|
|
FIle |
Name of the text file where you want to send output. One is created |
|
|
if it does not already exist.The filename is in the format |
|
|
[device:]filename.txt and can be: |
|
|
• uppercase and lowercase letters |
|
|
• |
digits |
|
• |
# $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space |
|
device indicates the physical location where the file is stored. The |
|
|
default is flash. |
|
|
Default: no default |
|
|
|
|
COMmand |
Command whose output is used to generate the text when it is next |
|
|
issued. Commandstring is the command syntax enclosed in quotes. |
|
|
Command and script are mutually exclusive. |
|
|
|
|
SCRipt |
Script whose output is used to generate the text when it is next issued. |
|
|
The script is treated as a simple list of commands. Flow control |
statements are not accepted to ensure that the extra text the script produces is not in the output file. Scriptname has the same format as filename except it must have either a .cfg or .scp extension.
Command and script are mutually exclusive.
Software Version 2.8.1
C613-10477-00 REV B
22 |
File System Enhancement |
Release Note |
|
|
|
|
|
|
|
|
|
Parameter (cont.) |
Description (cont.) |
|
|
|
|
|
|
|
|
PERManentredirect |
Permanently directs output to the designated text file until the reset |
|
|
|
|
file permanentredirect command is issued or the router or switch is |
|
|
|
|
rebooted. |
|
|
|
|
|
|
|
|
LIMIT |
A decimal number from 0 to 1048576 bytes specifying the maximum |
|
|
|
|
file size. |
|
|
|
|
Default: 204800 bytes |
|
|
|
|
|
|
Examples To add output one time only from the show trace command to a file called trace.txt command, use the command:
add fi=trace.txt com="show trace"
To permanently add output from the show debug command to a file called debug2.txt command, use the command:
add fi=debug2.txt com="show debug"
Syntax CREate FIle=filename [FORCE] [COMmand=commandstring]
[SCRipt=scriptname] [PERManentredirect] [LIMIT=limit]
Description This new command creates a text file containing output from a specific command or script. This is useful for collecting debug output. The file cannot be edited, renamed, deleted, or uploaded while it is receiving input.
Parameter |
Description |
|
|
|
|
FIle |
Name of the text file that you want to create. The filename is in the |
|
|
format [device:]filename.txt and can be: |
|
|
• uppercase and lowercase letters |
|
|
• |
digits |
|
• |
# $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space |
|
device indicates the physical location where the file is stored. The |
|
|
default is flash. |
|
|
Default: no default |
|
|
|
|
FORCE |
Overwrites the text file if one already exists. If force is not specified |
|
|
and the file exists, the command has no effect. |
|
|
|
|
COMmand |
Command whose output is used to generate the text when it is next |
|
|
issued. Commandstring is the command syntax enclosed in quotes. |
|
|
Command and script are mutually exclusive. |
|
|
|
|
SCRipt |
Script whose output is used to generate the text when it is next issued. |
|
|
The script is treated as a simple list of commands. Flow control |
|
|
statements are not accepted to ensure that the extra text the script |
|
|
produces is not in the output file. Scriptname has the same format as |
|
|
filename except it must have either a .cfg or .scp extension. |
|
|
Command and script are mutually exclusive. |
|
|
|
|
PERManentredirect |
Permanently directs output to the designated text file until the reset |
|
|
file permanentredirect command is issued or the router or switch is |
|
|
rebooted. |
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
23 |
|
|
|
|
|
|
|
Parameter |
Description (cont.) |
|
|
|
|
|
|
LIMIT |
A decimal number from 0 to 1048 576 bytes specifying the maximum |
|
|
|
file size. |
|
|
|
Default: 204 800 bytes |
|
|
|
|
|
Example To permanently direct all debug output from the BGP module to a file named bgp.txt, use the command:
cre fi=bgp.txt com="enable bgp debug=all" perm
Syntax RESET FIle[=filename] PERManentredirect
Description This new command closes one or all text files so that they no longer receive input from commands or scripts. After the file closes, it can be uploaded or edited
Parameter |
Description |
|
|
|
|
FIle |
Name of the text file to close. If no file is specified, all text files are |
|
|
closed. |
|
|
The filename is in the format [device:]filename.txt and can be: |
|
|
• uppercase and lowercase letters |
|
|
• |
digits |
|
• |
# $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space |
device indicates the physical location where the file is stored. The default is flash.
Default: no default
Example To reset the bgp.txt file so that it no longer receives output from the enable bgp debug=all command (previously set), use the command:
reset fi=bgp.txt perm
Syntax SHow FIle[=filename] PERManentredirect
Description This new command displays information about one text file or all that are permanently receiving output from commands or scripts (Figure 3, Table 2). These files are typically created to collect data during debugging.
The file parameter displays information about a specific text file (Figure 4). The filename option is in the format [device:]filename.txt and can be:
■uppercase and lowercase letters
■digits
■# $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space
Device indicates the physical location where the file is stored. The default is flash.
Software Version 2.8.1
C613-10477-00 REV B
24 |
File System Enhancement |
|
|
|
Release Note |
|
|
|
Figure 3: Example output from the show file permanentredirect command |
||||
|
|
|
|
|
|
|
|
|
TTY |
Current |
Limit |
File |
|
|
|
Instance |
Size |
|
|
|
|
|
--------------------------------------------------- |
||||
|
|
17 |
12345 |
|
204800 |
bgp.txt |
|
|
|
||||
|
|
Figure 4: Example output from the show file=filename permanentredirect command |
||||
|
|
|
|
|
|
|
|
|
............File |
|
bgp.txt |
|
|
|
|
TTY Instance.... |
17 |
|
|
|
|
|
Current Size.... |
12345 |
|
|
|
|
|
Limit........... |
|
204800 |
|
|
|
|
Input(s)........ |
|
COMMAND="enable bgp debug=all" |
||
|
|
|
||||
|
|
Table 2: Parameters in output of the show file permanentredirect command |
||||
|
|
|
|
|
|
|
|
|
Parameter |
Meaning |
|
|
|
|
|
|
|
|||
|
|
TTY Instance |
Instance number for the TTY device. |
|||
|
|
|
|
|
||
|
|
Current Size |
Size of the text file in bytes. |
|
||
|
|
|
|
|||
|
|
Limit |
Limit of file size in bytes set by the limit parameter. |
|||
|
|
|
|
|
||
|
|
File |
Name of text file. |
|
||
|
|
|
|
|||
|
|
Input(s) |
Commands and scripts that generate input for the text file. |
|||
|
|
|
|
|
|
|
Example To display all text files receiving output from commands or scripts, use the command:
sh fi perm
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
25 |
This Software Version includes the following enhancements to switching:
■Ordering Hardware Filters in 48-Port Switches
■Limiting Rapid MAC Movement
■Route Update Queue Length
■Removing a Description from a Switch Port
■Securing a Single VLAN through Switch Filters
■Change of Debug Command Syntax
■Enhanced Static Switch Filtering on Ports within a Trunk Group
■Ethernet Protection Switching Ring (EPSR)
This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.
This feature applies only to the following products: AT-8648, AT-8748, AT-8848, and the Rapier 48i. These products contain 2 switching instances, which adds complexity to the filtering process when packets are being sent between instances.
This Software Version allows you to select between two modes of using classifier-based packet filtering in 48-port switches: port-specific filters first, or non port-specific filters first.
You can select different modes using the new set switch hwfilter mode command. Selecting the right mode when setting up classifier-based packet filters ensures that packets are filtered as expected across switch instances. The switch defaults to port-specific filters first. You can change the filtering mode on the switch by using the command:
set switch hwfilter mode={psf|npsf}
Port-specific filters apply to traffic either ingressing or egressing a particular port. They use a classifier which specifies the iport or eport parameter. Non port-specific filters can apply to all traffic travelling through the switch. Non port-specific filters are created with a classifier that does not have the iport or eport parameter specified.
Software Version 2.8.1
C613-10477-00 REV B
26 |
Switching Enhancements |
Release Note |
When to Use
Port-Specific Mode
Use the port-specific psf mode when you want non port-specific filters to override the port-specific filters for certain circumstances. In the following example:
■the first (port-specific) filter stops all traffic from ingressing port 2
When to Use Non
Port-Specific Mode
Changing Modes
■the second (port-specific) filter allows traffic with the specific IP address (192.168.2.2) to ingress port 2
■the third (non port-specific) filter allows any ARP request (prot=0806) to ingress and egress all ports
create classifier=1 iport=2
create classifier=2 iport=2 ipsa=192.168.2.2 create classifier=3 prot=0806
add swi hwf classifier=1 action=discard add swi hwf classifier=2 action=nodrop add swi hwf classifier=3 action=nodrop
In psf mode, you must enter the port-specific filters first. If you add a port-specific filter after the non port-specific filters, the switch may still use a matching non port-specific filter when the packet travels between ports on different switch instances.
Use the non port-specific npsf mode when you want port-specific filters to override the non port-specific filters for certain circumstances. In the following example, the second (port-specific) filter stops the first (non port-specific) filter from discarding packets from port 50:
create class=1 ipsa=192.168.1.254/32 create class=4 ipo=50
add switch hwf class=1 ac=dis add switch hwf class=4 ac=nod
In npsf mode, you must enter the non port-specific filters first. If you add a non port-specific filter after the port-specific filters, the switch may not use the non port-specific filter when the packet travels between ports on different switch instances.
You can change the filter mode after filters have been entered. When you change modes, the filter entries remain in the original order. To see which mode the switch is in, use the command:
show switch hwfilter
Command Changes
The following table summarises the new and modified commands:
Command |
Change |
|
|
set switch hwfilter mode |
New command. |
|
|
show switch hwfilter |
New mode parameter in output. |
|
|
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
27 |
This Software Version introduces the ability to limit rapid MAC movement. MAC address thrashing occurs when MAC addresses move rapidly between one or more ports or trunks. For example, certain MAC addresses are learnt on one port, then very shortly afterwards are learnt on another port, then learnt on the original port again, and so on. This typically occurs when there is an uncontrolled loop on the network.
Disabling a port There are different ways you can disable a port when thrashing is detected. These are called thrash actions:
■learnDisable
Address learning is temporarily disabled on the port.
■portDisable
The port is logically disabled. Traffic flow is prevented, but the link remains up. The device at the other end does not notice that the port has changed status, and the link LEDs at both ends stay on. This is equivalent to entering the disable switch port command.
■linkDown
The port is physically disabled and the link is down. This is equivalent to entering the disable switch port link=disabled command.
■vlanDisable
The port is disabled only for the VLAN on which thrashing has occurred. It can still receive and transmit traffic for any other VLANs of which it is a member.
When a MAC address is thrashing between two ports, only one of those ports is disabled. When multiple ports are involved, enough ports are disabled to prevent the storm.
To set a thrash action for a port, use the command:
set switch port={port-list|all} [thrashaction={learndisable|linkdown|none|portdisable|vla ndisable}]
To view the thrash action that is set for a port, use the command:
show switch port={port-list|all}
To set a thrash action for a trunk, use one of the commands:
create switch trunk=trunk [port=port-list] [thrashaction={learndisable|linkdown|none|portdisable|vla ndisable}]
set switch thrashlimit=trunk [thrashaction={learndisable|linkdown|none|portdisable|vla ndisable}]
To view the thrash action that is set for a trunk, use the command:
show switch trunk={trunk}
Software Version 2.8.1
C613-10477-00 REV B
28 |
Switching Enhancements |
Release Note |
To view details about disabled ports for VLANs, use one of the commands:
show vlan[={vlan-name|1..4094|all}]
show vlan[=all]
Re-enabling a port When a port is disabled, either completely or for a specific VLAN, it remains disabled until it is manually re-enabled in any of the following ways:
■with SNMP
■as the result of a reboot
■by specifying a thrash timeout value along with the thrash action
■via the CLI
If the vlandisable thrash action has been applied, to re-enable one or more ports from VLANs to which they belong, use the command:
enable switch port={port-list|all} vlan[={vlan-name|1..4094|all}]
If either the portdisable or linkdown thrash action has been applied, to re-enable one or more ports, use the command:
If the learndisable thrash action has been applied, the port is automatically re-enabled when the defined timeout expires. You cannot manually re-enable the port.
Port Types Limiting rapid MAC movement is supported on all port types. It is also supported on trunked ports.
Command Changes
The following table summarises the new and modified commands:
Command |
Change |
|
|
create switch trunk |
New thrashaction parameter. |
|
New thrashtimeout parameter. |
|
|
enable switch port vlan |
New command. |
|
|
enable switch port vlan |
New command. |
|
|
set lacp |
New thrashaction parameter. |
|
New thrashtimeout parameter. |
|
|
set switch port |
New thrashaction parameter. |
|
New thrashtimeout parameter. |
|
New vlanstatustrap parameter. |
|
|
set switch thrashlimit |
New command. |
|
|
set switch trunk |
New thrashaction parameter. |
|
New thrashtimeout parameter. |
|
|
show lacp |
New address learn thrash action parameter. |
|
New address learn thrash timeout parameter. |
|
|
show switch port |
New address learn thrash status parameter. |
|
New address learn thrash action parameter. |
|
New address learn thrash timeout parameter. |
|
New vlan status trap parameter. |
|
|
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 |
29 |
When hardware learning delay is enabled (the default), the switch learns new routes in software, then places them into a queue for adding to its hardware routing table. Defaults have been set for the maximum number of entries in the queue, and depend on the amount of memory installed on the switch, as shown in the following table:
Memory Size (Mbytes) |
Default length |
Maximum possible length |
|
(number of entries) |
(number of entries) |
|
|
|
up to 128 |
200000 |
200000 |
|
|
|
129-256 |
1000000 |
1500000 |
|
|
|
more than 256 |
3000000 |
4000000 |
|
|
|
You can alter the length of the queue, by using the following new command to specify the maximum number of entries in the queue:
set switch hwrouteupdate=1..maximum
The maximum depends on the amount of memory on the switch, as shown in the table above.
The purpose of this feature is to enable you to tune the balance between the memory that the route update process uses, and the speed with which large route updates are processed.
Output of the show switch command has been expanded to display information about the queue settings.
Command Changes
The following table summarises the new and modified commands:
Command |
Change |
|
|
set switch hwrouteupdate |
New command |
|
|
show lacp |
New fields about the hardware route update queue |
|
|
Software Version 2.8.1
C613-10477-00 REV B
30 |
Switching Enhancements |
Release Note |
You can now return the description of a switch port to its original blank value by entering the following command:
set switch port=port-number description=
and providing no value for the description parameter.
Command Changes
The following table summarises the modified command:
Command |
Change |
|
|
set switch port |
Changed description parameter |
|
|
On AT-8824, Rapier 24i, AT-8724XL and AT-8624 switches only (not on 48-port switches), this enhancement enables you to use switch filters to secure only the current VLAN, instead of securing all VLANs on the switch. To turn on this feature, a new command disables “vlansecure” mode for filters (see “Configuring vlansecure” on page 31).
Without this enhancement (the default situation) a switch filter only allows a host to access the network through a particular port on the switch. For example, if you have a PC connected to port 15 in vlan2, and define the following filter, the PC can only communicate when it is connected to port 15:
add switch filter entry=0 dest=pc-mac-address vlan=2 port=15 action=forward
With this enhancement, the above filter limits the host to accessing vlan2 through port 15, but does not prevent the host from accessing other VLANs through other ports in vlan2. For example, if the above filter exists and you move the PC to another port in vlan2, this enhancement prevents the PC from communicating with devices in vlan2 but allows it access to other VLANs on the switch. The following figure shows a PC that has been moved from port 15 to port 16 to illustrate the effect.
Software Version 2.8.1
C613-10477-00 REV B