User Manual
EKI-7000 Series
Command Line Interface
Copyright
The documentation and the software included with this product are copyrighted 2016
by Advantech Co., Ltd. All rights are reserved. Advantech Co., Ltd. reserves the right
to make improvements in the products described in this manual at any time without
notice. No part of this manual may be reproduced, copied, translated or transmitted
in any form or by any means without the prior written permission of Advantech Co.,
Ltd. Information provided in this manual is intended to be accurate and reliable. However, Advantech Co., Ltd. assumes no responsibility for its use, nor for any infringements of the rights of third parties, which may result from its use.
Acknowledgements
Intel and Pentium are trademarks of Intel Corporation.
Microsoft Windows and MS-DOS are registered trademarks of Microsoft Corp.
All other product names or trademarks are properties of their respective owners.
Technical Support and Assistance
1. Visit the Advantech web site at www.advantech.com/support where you can find
the latest information about the product.
2. Contact your distributor, sales representative, or Advantech's customer service
center for technical support if you need additional assistance. Please have the
following information ready before you call:
– Product name and serial number
– Description of your peripheral attachments
– Description of your software (operating system, version, application software,
etc.)
– A complete description of the problem
– The exact wording of any error messages
Firmware Compatibility
This document contains references to information regarding the CLI interface. The
intent of this document is to provide guidance on identifying the CLI functions for the
following firmware version.
Firmware version: 1.01.xx
Printed in Taiwan Edition1
January 2021
EKI-7000 Series User Manual ii
Warnings, Cautions and Notes
Warning! Warnings indicate conditions, which if not observed, can cause personal
injury!
Caution! Cautions are included to help you avoid damaging hardware or losing
data. e.g.
There is a danger of a new battery exploding if it is incorrectly installed.
Do not attempt to recharge, force open, or heat the battery. Replace the
battery only with the same or equivalent type recommended by the manufacturer. Discard used batteries according to the manufacturer's
instructions.
Note! Notes provide optional additional information.
Document Feedback
To assist us in making improvements to this manual, we would welcome comments
and constructive criticism. Please send all such - in writing to: support@advantech.com
iii EKI-7000 Series User Manual
Contents
Chapter 1 Command Line Interface.....................1
1.1 Using the Command-Line Interface .......................................................... 2
1.1.1 Initially Configuring a Device......................................................... 2
1.1.2 Understanding Command Syntax ................................................. 2
1.1.3 Understanding Enable and Enable Secret Passwords ................. 2
1.1.4 Abbreviating Commands............................................................... 3
1.2 L2 Features ............................................................................................... 3
1.2.1 Port Configuration ......................................................................... 3
1.2.2 MAC Address Table...................................................................... 4
1.2.3 Jumbo Frame................................................................................ 5
1.2.4 Flow Control.................................................................................. 5
1.2.5 Spanning Tree .............................................................................. 5
1.2.6 VLAN............................................................................................. 9
1.2.7 Q-in-Q ......................................................................................... 11
1.2.8 Link Aggregation ......................................................................... 11
1.2.9 GARP.......................................................................................... 13
1.2.10 GVRP.......................................................................................... 13
1.2.11 Port Mirror ................................................................................... 13
1.2.12 LLDP ........................................................................................... 14
1.3 Multicast .................................................................................................. 16
1.3.1 IGMP Snooping........................................................................... 16
1.3.2 MLD Snooping ............................................................................ 19
1.4 Redundancy ............................................................................................ 22
1.4.1 X-Ring ......................................................................................... 22
1.5 QoS ......................................................................................................... 23
1.5.1 Rate Limit.................................................................................... 23
1.5.2 QoS............................................................................................. 23
1.6 Security ................................................................................................... 25
1.6.1 Loop Detection / Prevention........................................................ 25
1.6.2 Storm Control.............................................................................. 25
1.6.3 Port Security ............................................................................... 26
1.6.4 802.1X......................................................................................... 26
1.6.5 Remote Authentication................................................................ 27
1.6.6 One Time Password ................................................................... 28
1.6.7 Account Manager........................................................................ 28
1.6.8 DoS Attack Prevention................................................................ 29
1.6.9 IP Security................................................................................... 29
1.6.10 Access Control List ..................................................................... 30
1.7 Management ........................................................................................... 33
1.7.1 IP Management........................................................................... 33
1.7.2 SNMP.......................................................................................... 34
1.7.3 Configuration Management......................................................... 34
1.7.4 Firmware Management ............................................................... 35
1.7.5 DHCP Server .............................................................................. 36
1.7.6 DHCP Client................................................................................ 37
1.7.7 System Log (SYSLOG)............................................................... 37
1.7.8 System Time ............................................................................... 38
1.7.9 SMTP .......................................................................................... 39
1.7.10 NTP Server ................................................................................. 40
1.7.11 RMON ......................................................................................... 41
1.7.12 IP Configuration .......................................................................... 43
1.7.13 TELNET ...................................................................................... 43
1.7.14 SSH............................................................................................. 43
1.7.15 HTTP........................................................................................... 43
EKI-7720 Series User Manual iv
1.7.16 Modbus TCP ............................................................................... 44
1.7.17 IXM.............................................................................................. 44
1.8 Diagnostic ............................................................................................... 45
1.8.1 Cable Diagnostic......................................................................... 45
1.8.2 DMI ............................................................................................. 45
1.8.3 IP-based Diagnostic.................................................................... 46
1.8.4 PoE ............................................................................................. 46
1.8.5 LED ............................................................................................. 47
1.8.6 System ........................................................................................ 48
v EKI-7720 Series User Manual
Chapter 1
1Command Line
Interface
1.1 Using the Command-Line Interface
The Advantech IOS command-line interface (CLI) is the primary user interface used
to configure, monitor, and maintain Advantech devices. The user interface allows you
to directly execute CLI commands.
This chapter describes the basic features of the Advantech IOS CLI and how to use
them. Topics covered include the following:
Layer 2 features
Multicast
IGMP Snooping
MLD Snooping
Redundancy
QoS
Security
Management
Diagnostic
1.1.1 Initially Configuring a Device
The initial configuration of a device varies by platform. This document provides configuration information for the listed devices.
After initially configuring and connecting the device to the network, you can configure
the device by using the remote access method, such as Telnet or Secure Shell
(SSH), to access the CLI or by using the configuration method provided on the
device, such as Security Device Manager.
1.1.2 Understanding Command Syntax
The command syntax is the format used for entering CLI commands. The commands
are derived from the use of the command, keywords, and arguments. The keywords
are alphanumeric strings used literally, while arguments are used as placeholders for
required values.
1.1.3 Understanding Enable and Enable Secret Passwords
Some privileged EXEC commands are used for actions that impact the system, and it
is recommended that you set a password for these commands to prevent unauthorized use. Two types of passwords, enable (not encrypted) and enable secret
(encrypted), can be set.
The following commands set these passwords and are issued in global configuration
mode:
enable password
enable secret password
2 EKI-7000 Series User Manual
1.1.4 Abbreviating Commands
The CLI commands can be used in an abbreviated form to execute. The CLI recognizes the abbreviates uniquely identifying the command. In the following example the
show version command is used to illustrate the correct usage:
Full command: show version
Correct abbreviation: sh ver
However, attempting to execute the show command by using the single letter s
would be invalid as s may refer to the commands show or save. For the same reason the variable version cannot be abbreviated to a single v as it may represent
the variable vlan, etc.
Full command: show version
Incorrect abbreviation: s version, s ver, sh v
1.2 L2 Features
1.2.1 Port Configuration
Table 1.1: Port Configuration
Function Privilege Description Example
[no] shutdown Admin EXEC Use "shutdown" command
to disable port and use "no
shutdown" to enable port. If
port is error disabled for any
reason, use "no shutdown"
command to recover the
port manually.
speed (10|100) Admin EXEC Use "speed" command to
speed (1000|) Admin EXEC
speed auto
[(10|100|10/100)]
speed auto
[(1000|)]
duplex
(auto|full|half)
description
WORD<1-"
SYS_STR_CONST(SYS_
PORTDESC_STR_LEN)
">
no description Admin EXEC Use no form to restore
Admin EXEC
Admin EXEC
Admin EXEC Use "duplex" command to
Admin EXEC Use "description" command
change port speed
configuration. The speed is
only able to configure to the
physical maximum speed.
For example, in fast
Ethernet port, speed 1000
is not available.
change port duplex
configuration.
to give the port a name to
identify it easily.
If description includes
space character, please use
double quotes to wrap it.
description to empty string.
This example shows how to
modify port duplex
configuration.
switch (config)# interface fa1
switch (config-if)# shutdown"
This example shows how to
modify port speed
configuration.
switch (config)# interface fa2
switch (config-if)# speed auto
10/100
This example shows how to
modify port duplex
configuration.
switch (config)# interface fa1
switch (config-if)# duplex full
switch (config-if)# exit
switch (config)# interface fa2
switch (config-if)# duplex half
This example shows how to
modify port descriptions.
switch (config)# interface fa2
switch (config-if)# description
"uplink port"
EKI-7000 Series User Manual 3
Table 1.1: Port Configuration (Continued)
Function Privilege Description Example
[no] protected Admin EXEC Use "protected" command
to protect port. Protected
port is only allowed to
communicate with
unprotected port. In other
words, protected port is not
allowed to communicate
with another protected port.
Use no form to make port
unprotected
This example shows how to
configure ports fa1 and fa2 as
protected ports.
switch (config)# interface
range fa1-2
switch (config-if-range)#
protected
1.2.2 MAC Address Table
Table 1.2: MAC Address Table
Function Privilege Description Example
show mac addresstable aging-time
show mac addresstable A:B:C:D:E:F
[vlan <1-4094>]
show mac addresstable [vlan <14094>] [interfaces
IF_PORTS]
show mac addresstable static [vlan
<1-4094>]
[interfaces
IF_PORTS]
show mac addresstable dynamic
[vlan <1-4094>]
[interfaces
IF_PORTS]
show mac addresstable counters
clear mac addresstable dynamic
[interfaces
IF_PORTS]
clear mac addresstable dynamic vlan
<1-4094>
mac address-table
aging-time <10630>
mac address-table
static A:B:C:D:E:F
vlan <1-4094>
interfaces
IF_PORTS
User EXEC View the aging time of the
address table.
User EXEC Displays entries for a
specific MAC address (for
all or VLAN).
User EXEC View MAC entry on
specified interface or VLAN
or all dynamic MAC entries
in MAC address table.
User EXEC View static MAC entry on
specified interface or VLAN
or all dynamic MAC entries
in MAC address table.
User EXEC View dynamic MACentry on
specified interface or VLAN
or all dynamic MAC entries
in MAC address table.
User EXEC Display the number of
addresses present in MAC
address table.
Admin EXEC Delete dynamic MAC entry
on specified interface or all
dynamic MAC entries in
MAC address table.
Admin EXEC Delete dynamic MAC entry
on specified VLAN dynamic
MAC entry in MAC address
table.
Admin EXEC Set the aging time of the
address table.
Admin EXEC Add static addresses to the
MAC address table.
switch# show mac addresstable aging-time
switch# show mac addresstable 0:1:2:3:4:5 vlan 1
switch# show mac addresstable vlan 1 interface fa5
switch# show mac addresstable static vlan 1 interface fa5
switch# show mac addresstable dynamic vlan 1 interface
fa5
switch# show mac addresstable counters
switch (config)# clear mac
address-table dynamic
interfaces fa5
switch (config)# clear mac
address-table dynamic vlan 1
switch (config)# mac addresstable aging-time 300
switch (config)# mac addresstable static 0:1:2:3:4:5 vlan 1
interfaces fa5
4 EKI-7000 Series User Manual
Table 1.2: MAC Address Table (Continued)
Function Privilege Description Example
no mac addresstable static
A:B:C:D:E:F vlan
<1-4094>
Admin EXEC Delete static addresses
from the MAC address
table.
switch (config)# no mac
address-table static 0:1:2:3:4:5
vlan 1 interfaces fa5
1.2.3 Jumbo Frame
Table 1.3: Jumbo Frame
Function Privilege Description Example
jumbo-frame <15189216>
no jumbo-frame Admin EXEC Use no form to disable
Admin EXEC Use "jumbo-frame"
command to modify
maximum frame size.
The only way to show this
configuration is by using
"show running-config"
command.
jumbo-frame.
This example shows how to
modify maximum frame size to
9216 bytes.
switch (config)# jumbo-frame
9216
switch (config)# no jumboframe
1.2.4 Flow Control
Table 1.4: Flow Control
Function Privilege Description Example
[no] back-pressure Admin EXEC Use "back-pressure"
command to change port
back-pressure
configuration.
Use no form to restore
back-pressure to default
(off) configuration.
flowcontrol
(off|on)
Admin EXEC Use "flow-control"
command to change port
flow control configuration.
Use off form to restore flow
control to default (off)
configuration.
This example shows how to
modify port duplex
configuration.
switch (config)# interface fa1
switch (config-if)# backpressure
switch (config-if)# no backpressure
This example shows how to
modify port duplex
configuration.
switch (config)# interface fa1
switch (config-if)# flow-control
on
switch (config-if)# flow-control
off
1.2.5 Spanning Tree
Table 1.5: Spanning Tree
Function Privilege Description Example
show spanning-tree
[instance <0-15>]
show spanning-tree
interfaces
IF_PORTS [instance
<0-15>]
EKI-7000 Series User Manual 5
User EXEC Show spanning-tree
instance information.
User EXEC Show spanning-tree
instance information per
port.
switch# show spanning-tree
instance 10
switch# show spanning-tree
interface gi1 instance 10
Table 1.5: Spanning Tree (Continued)
Function Privilege Description Example
show spanning-tree User EXEC Show spanning-tree
information.
show spanning-tree
interfaces
IF_PORTS
show spanning-tree
interfaces
IF_PORTS statistic
[no] spanning-tree Admin EXEC Enable or Disable
spanning-tree bpdu
(filtering|floodin
g)
no spanning-tree
bpdu
spanning-tree mode
(stp|rstp|mstp)
no spanning-tree
force-version
spanning-tree
priority <0-61440>
no spanning-tree
priority
spanning-tree
hello-time <1-10>
no spanning-tree
hello-time
spanning-tree
forward-delay <430>
no spanning-tree
forward-delay
User EXEC Show spanning-tree state of
one port.
User EXEC Show spanning-tree
statistics of one port.
Spanning-Tree Protocol.
Admin EXEC Specify the forwarding
action of BPDU to filtering
or flooding.
Admin EXEC Restore to default BPDU
action. Default action is
flooding.
Admin EXEC Specify the mode to
Spanning Tree Protocol.
Specify the mode to Rapid
Spanning Tree Protocol.
Specify the mode to
Multiple Spanning Tree
Protocol.
Admin EXEC Restore to default stp
version. Default stp version
is rstp.
Admin EXEC Specify the bridge priority;
must use multiples of 4096.
Admin EXEC Restore to default priority.
Default priority is 32768.
Admin EXEC Specify the hello-time
interval (seconds).
Admin EXEC Restore to default hello-
time. Default hello-time is 2.
Admin EXEC Specify the forward-delay
interval (seconds).
Admin EXEC Restore to default forward-
delay. Default forward-delay
is 15.
switch# show spanning-tree
switch# show spanning-tree
interface gi1
switch# show spanning-tree
interface gi1 statistic
switch# configure
switch (config)# spanning-tree
switch (config)# exit
switch# configure
switch (config)# spanning-tree
bpdu filtering
switch (config)# exit
switch# configure
switch (config)# no spanningtree bpdu
switch (config)# exit"
switch# configure
switch (config)# spanning-tree
mode stp
switch (config)# exit
switch# configure
switch (config)# no spanningtree force-version
switch (config)# exit
switch# configure
switch (config)# spanning-tree
priority 16384
switch (config)# exit
switch# configure
switch (config)# no spanningtree priority
switch (config)# exit
switch# configure
switch (config)# spanning-tree
hello-time 5
switch (config)# exit
switch# configure
switch (config)# no spanningtree hello-time
switch (config)# exit
switch# configure
switch (config)# spanning-tree
forward-delay 30
switch (config)# exit
switch# configure
switch (config)# no spanningtree forward-delay
switch (config)# exit
6 EKI-7000 Series User Manual
Table 1.5: Spanning Tree (Continued)
Function Privilege Description Example
spanning-tree
maximum-age <6-40>
no spanning-tree
maximum-age
spanning-tree txhold-count <1-10>
no spanning-tree
tx-hold-count
spanning-tree
pathcost method
(long|short)
[no] spanning-tree Admin EXEC Enable or Disable
spanning-tree
port-priority <0240>
no spanning-tree
port-priority
spanning-tree cost
long <0-200000000>
spanning-tree cost
short <0-65535>
Admin EXEC Specify the maximum-age
time (seconds).
Admin EXEC Restore to default
maximum-age. Default
maximum-age is 20.
Admin EXEC Specify the tx-hold-count
value.
Admin EXEC Restore to default tx-hold-
count. Default tx-hold-count
is 6.
Admin EXEC Specify the type of pathcost
value as 32 bits (long).
Specify the type of pathcost
value as 16 bits (short).
Spanning-Tree Protocol per
port.
Admin EXEC Specify the STP port
priority; must use multiples
of 16.
Admin EXEC Restore to default port-
priority. Default port-priority
is 128.
Admin EXEC Specify the STP port cost.
In long pathcost method,
the range is from 0 to
20000000. (0 = Auto)
Admin EXEC Specify the STP port cost.
In short pathcost method,
the range is from 0 to
65535. (0 = Auto).
switch# configure
switch (config)# spanning-tree
maximum-age 10
switch (config)# exit
switch# configure
switch (config)# no spanningtree maximum-age
switch (config)# exit
switch# configure
switch (config)# spanning-tree
tx-hold-count 10
switch (config)# exit
switch# configure
switch (config)# no spanningtree tx-hold-count
switch (config)# exit
switch# configure
switch (config)# spanning-tree
pathcost method short
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# spanningtree
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# spanningtree port-priority 64
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# no spanningtree port-priority
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# spanningtree cost long 200000
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# spanningtree cost short 1000
switch (config-if)# exit
switch (config)# exit
EKI-7000 Series User Manual 7
Table 1.5: Spanning Tree (Continued)
Function Privilege Description Example
no spanning-tree
cost
[no] spanning-tree
edge
spanning-tree
link-type pointto-point
no spanning-tree
link-type pointto-point
spanning-tree
mcheck
spanning-tree mstconfig-id
revision-level
LEVEL<0-65535>
spanning-tree mstconfig-id name
NAME<32>
[no] spanning-tree
instance-id
INST<1-15>
spanning-tree
instance-id
INST<1-15> vlan
(add|remove) VLANLIST
spanning-tree
instance-id
INST<1-15>
priority VALUE<061440>
Admin EXEC Restore to default cost per
port. Default cost is 0.
Admin EXEC Enable or Disable
Spanning-Tree edge.
Admin EXEC Specify the STP port link-
type to point-to-point.
Admin EXEC Disable the STP port link-
type from point-to-point.
Admin EXEC Specify the STP port to
migrate port.
Admin EXEC Specify the MSTP mst-
config-id revision level.
Admin EXEC Specify the MSTP mst-
config-id name.
Admin EXEC Create or delete MSTP
instance ID.
Admin EXEC Add or remove VLAN from
instance.
Admin EXEC Specify the instance priority. switch# configure
switch# configure
switch (config)# interface gi1
switch (config-if)# no spanningtree cost
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# spanningtree edge
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# spanningtree link-type point-to-point
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# no spanningtree link-type point-to-point
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# spanningtree mcheck
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# spanning-tree
mst-config-id revision-level 100
switch (config)# exit
switch# configure
switch (config)# spanning-tree
mst-config-id name MST1
switch (config)# exit
switch# configure
switch (config)# spanning-tree
instance-id 10
switch (config)# exit
switch# configure
switch (config)# spanning-tree
instance-id 10 vlan add 10-20
switch (config)# exit
switch (config)# spanning-tree
instance-id 10 priority 1000
switch (config)# exit
8 EKI-7000 Series User Manual
1.2.6 VLAN
Table 1.6: VLAN
Function Privilege Description Example
show vlan defaultvlan
show vlan VLANLIST interfaces
IF_PORTS
membership
show vlan [(VLANLIST|dynamic|stati
c)]
show interfaces
IF_PORTS
show interfaces
IF_PORTS status
show interfaces
IF_PORTS protected
show interfaces
switchport
IF_PORTS
[no] vlan VLANLIST
name NAME Admin EXEC Configure the name of a
switchport mode
hybrid
show managementvlan
switchport hybrid
pvid <1-4094>
[no] switchport
hybrid ingressfiltering
User EXEC Display information about
default VLAN.
User EXEC Display information about
VLAN list.
User EXEC Display information about
VLAN list or dynamic or
static.
User EXEC Use "show interface"
command to show port
counters, parameters and
status.
User EXEC Use "show interface"
command to show port
status.
User EXEC Use "show interface"
command to show port
protected status.
User EXEC Use "show interface
switchport" command to
show port VLAN status.
Admin EXEC Create or remove a VLAN
entry. Using “vlan”
command to enter the
VLAN configuration mode.
VLAN entry.
Admin EXEC Hybrid port: Support all
functions as defined in
IEEE 802.1Q specification.
User EXEC Display information about
management VLAN.
Admin EXEC This command configures
the hybrid port’s PVID. Use
"show interface switchport"
command to show
configuration.
Admin EXEC This command per port
configures the ingressfiltering status. This filtering
is used to filter the frames
come from the non-member
ingress port. Use "show
interface switchport"
command to show
configuration.
switch# show vlan default-vlan
switch# show vlan 1 interfaces
GigabitEthernet 10
membership
switch# show vlan 1
switch# show vlan dynamic
switch# show vlan static
show interfaces
GigabitEthernet 1
show interfaces
GigabitEthernet 1 status
show interfaces
GigabitEthernet 1 protected
switch# show interfaces
switchport GigabitEthernet 1
switch (config)# vlan 100
switch (config)# no vlan 100
switch (config)# vlan 100
switch (config-vlan)# name
VLAN-one-hundred
switch (config-if)# switchport
mode hybrid
switch (config)# show
management-vlan
switch (config)# interface
GigabitEthernet 1
switch (config-if)# switchport
mode hybrid
switch (config-if)# switchport
hybrid pvid 100
switch (config)# interface
GigabitEthernet 1
switch (config-if)# switchport
mode hybrid
switch (config-if)# switchport
hybrid ingress-filtering
EKI-7000 Series User Manual 9
Table 1.6: VLAN (Continued)
Function Privilege Description Example
switchport hybrid
acceptable-frametype (all|taggedonly|untaggedonly)
switchport hybrid
allowed vlan add
VLAN-LIST
[(tagged|untagged)
]
switchport hybrid
allowed vlan
remove VLAN-LIST
[no] switchport
default-vlan
tagged
[no] switchport
forbidden defaultvlan
switchport
forbidden vlan
(add|remove) VLANLIST
management-vlan
vlan <1-4094>
no management-vlan
Admin EXEC This command per port
configures the acceptableframe-type. Use "show
interface switchport"
command to show
configuration.
Admin EXEC This command per hybrid
port configures adds the
allowed VLAN list. Use
"show interface switchport"
command to show
configuration.
Admin EXEC This command per hybrid
port configures removes the
allowed VLAN list. Use
"show interface switchport"
command to show
configuration.
Admin EXEC This command perport
configures the membership
of the default VLAN to
tagged. Use "show
interface switchport"
command to show
configuration.
Admin EXEC This command perport
configures the membership
of the default VLAN to
forbidden. Use "show
interface switchport"
command to show
configuration.
Admin EXEC This command perport
configures the membership
of the specfied VLANs to
forbidden. Use "show
interface switchport"
command to show
configuration.
Admin EXEC (1) Set <1-4094> as
management VLAN ID; it is
recommended to first
create the VLAN and then
assign the port to it.
(2) When using no
command, restore
management VLAN to
default VLAN.
(3) To view the created
management VLAN, use
"show management-vlan".
switch (config)# interface
GigabitEthernet 1
switch (config-if)# switchport
mode hybrid
switch (config-if)# switchport
hybrid acceptable-frame-type
tagged-only
switch (config)# interface
GigabitEthernet 1
switch (config-if)# switchport
mode hybrid
switch (config-if)# switchport
hybrid allowed vlan add 1
tagged
switch (config)# interface
GigabitEthernet 1
switch (config-if)# switchport
mode hybrid
switch (config-if)# switchport
hybrid allowed vlan remove
100
switch (config)# interface
GigabitEthernet 1
switch (config-if)# switchport
mode hybrid
switch (config-if)# switchport
default-vlan tagged
switch (config)# interface
GigabitEthernet 1
switch (config-if)# switchport
mode hybrid
switch (config-if)# switchport
forbidden default-vlan
switch (config)# interface
GigabitEthernet 1
switch (config-if)# switchport
mode hybrid
switch (config-if)# switchport
forbidden vlan 100
(1) The following example
specifies that management
VLAN 2 is created.
switch (config)# managementvlan vlan 2
(2) The following example
specifies that managementVLAN is restored to be default
VLAN.
switch (config)# no
management-vlan
10 EKI-7000 Series User Manual
1.2.7 Q-in-Q
Table 1.7: Q-in-Q
Function Privilege Description Example
switchport
outerpvid <1-4094>
switchport
qinqmode (nni|uni)
vlan outertpid
<0x0000-0xFFFF>
Admin EXEC This command configures
the hybrid port’s Outer
PVID. Use "show interface
switchport" command to
show configuration.
Admin EXEC The qinqmode is used to
configure the hybrid port for
different port roles.
Nni: transfer frame will be
add outer tag Vlan-Identifier
Uni: transfer frame will not
be add outer tag VlanIdentifier.
Admin EXEC Use "vlan outertpid"
command to change outer
VLAN's Tag Protocol
Identifier(tpid)
configuration.
This example sets gi2's Outer
PVID to 1024.
switch (config)# interface
GigabitEthernet 2
switch (config-if)# switchport
outerpvid 1024
This example shows how to
change gi1 to nni mode and
gi2 to uni mode.
switch (config)# interface
GigabitEthernet 1
switch (config-if)# switchport
qinqmode nni
switch (config-if)# exit
switch (config)# interface
GigabitEthernet 2
switch (config-if)# switchport
qinqmode uni
This example shows how to
modify Tag Protocol Identifier
configuration.
switch (config)# vlan outertpid
0x9100
1.2.8 Link Aggregation
Table 1.8: Link Aggregation
Function Privilege Description Example
show lag User EXEC Use "show lag" command
to show current LAG load
balance algorithm and
members active/inactive
status.
lag load-balance
(src-dst-mac|srcdst-mac-ip|srcport)
no lag loadbalance
Admin EXEC Link aggregation group port
should transmit packets
spread to all ports to
balance traffic loading. Two
algorithms are supported;
use this command to select
the required algorithm.
Admin EXEC Use no form to disable
load-blance.
This example shows how to
show current LAG status.
switch# show lag
This example shows how to
change load balance algorithm
to src-dst-mac-ip.
switch (config)# lag loadbalance src-dst-mac-ip
This example shows how to
disable load balance algorithm.
switch (config)# no lag loadbalance
EKI-7000 Series User Manual 11
Table 1.8: Link Aggregation (Continued)
Function Privilege Description Example
lag <1-8> mode
(static | active |
passive)
no lag Admin EXEC Use "no lag" to leave the
lacp systempriority <1-65535>
no lacp systempriority
lacp port-priority
<1-65535>
no lacp portpriority
lacp timeout
(long|short)
no lacp timeout Admin EXEC
Admin EXEC Link aggregation group
function aggregates
multiple physical ports into
one logic port to increase
bandwidth. This command
makes normal port joins a
normal port to a specific
LAG logic port in static or
dynamic mode.
LAG logic port.
Admin EXEC LACP system priority is
used for two connected
DUT to select master
switch. Lower system
priority value has higher
priority. The DUT with
higher priority can decide
which ports are able to join
the LAG.
Admin EXEC Use "no lacp system-
priority" to restore to the
default priority value. Use
"show running-config"
command to show
configuration.
Admin EXEC LACP port priority is used
for two connected DUT to
select aggregation ports.
Lower port priority value
has higher priority. The port
with higher priority will be
selected into LAG first.
Use "show running-config"
command to show
configuration.
Admin EXEC Use no form to restore port-
priority to default value.
Admin EXEC LACP must send LACP
packet to partner switch to
check the link status. This
command configures the
LACP packet sending
interval.
This example shows how to
create a dynamic LAG and join
fa1-fa3 to this LAG.
switch (config)# interface
range fa1-3
switch (config-if)# lag 1 mode
active
This example shows how to
remove gi1 from LAG.
switch (config)# interface
GigabitEthernet 1
switch (config-if)# no lag
This example shows how to
configure lacp system priority
to 1000.
switch (config)# lacp systempriority 1000
This example shows how to
restore lacp system priority to
default value.
switch (config)# no lacp
system-priority
This example shows how to
configure interface fa1 lacp
port priority to 100.
switch (config)# interface fa1
switch (config-if)# lacp portpriority 100
This example shows how to
configure interface fa1 lacp
timeout to short.
switch (config)# interface fa1
switch (config-if)# lacp timeout
short
12 EKI-7000 Series User Manual
1.2.9 GARP
Table 1.9: GARP
Function Privilege Description Example
show garp User EXEC Display GARP status. switch# show garp
garp join-time <6600>
garp leave-time
<12-3000>
garp leaveall-time
<12-12000>
garp timer join
<6-600> leave <123000> leaveall
<12-12000>
Admin EXEC Set interval of join timer. switch (config)# garp join-time
10
Admin EXEC Set interval of leave timer. switch (config)# garp leave-
time 30
Admin EXEC Set interval of leave all
timer.
Admin EXEC Set interval of all timers. switch (config)# garp timer join
switch (config)# garp leavealltime 240
10 leave 30 leaveall 240
1.2.10 GVRP
Table 1.10: GVRP
Function Privilege Description Example
show gvrp User EXEC Display GVRP status. switch# show gvrp
[no] gvrp Admin EXEC Enable or disable GVRP
function.
switch (config)# gvrp
1.2.11 Port Mirror
Table 1.11: GVRP
Function Privilege Description Example
show mirror User EXEC Display all mirror sessions. switch# show mirror
show mirror
session <1-4>
mirror session <14> source
interfaces
IF_PORTS
(both|rx|tx)
mirror session <14> destination
interface
IF_NMLPORT [allowingress]
no mirror session
(<1-4>|all)
User EXEC Specify the mirror session
to display.
Admin EXEC Specify the mirror session
to configure.
Specify the source
interface, include physical
ports and LA port.
Specify the traffic direction
to mirror.
Admin EXEC Specify the mirror session
to configure.
Specify the SPAN
destination. A destination
must be a physical port.
Enable ingress traffic
forwarding.
Admin EXEC Clear the configuration of
specified mirror session.
Clear the configuration of all
the mirror sessions.
switch# show mirror session 1
switch# configure
switch (config)# mirror session
1 source interface fa2-5 both
switch (config)# exit
switch# configure
switch (config)# mirror session
1 destination interface fa1
switch (config)# exit
switch# configure
switch (config)# no mirror
session 1
switch (config)# exit
EKI-7000 Series User Manual 13
Table 1.11: GVRP (Continued)
Function Privilege Description Example
no mirror session
<1-4> destination
interface
IF_NMLPORT
no mirror session
<1-4> source
interfaces
IF_PORTS
(both|rx|tx)
Admin EXEC Delete the destination
interface of the mirror
session.
Admin EXEC Delete the source interface
of the mirror session.
Delete the traffic direction of
the mirror port.
switch# configure
switch (config)# no mirror
session 1 destination interface
fa1
switch (config)# exit
switch# configure
switch (config)# no mirror
session 1 source interface fa25 both
switch (config)# exit
1.2.12 LLDP
Table 1.12: LLDP
Function Privilege Description Example
show lldp User EXEC Display LLDP information. switch# show lldp
show lldp
interfaces
IF_NMLPORTS
show lldp localdevice
show lldp
interfaces
IF_NMLPORTS localdevice
show lldp neighbor User EXEC Display the neighbor's
show lldp
interfaces
IF_NMLPORTS
neighbor
show lldp
statistics
show lldp
interfaces
IF_NMLPORTS
statistics
show lldp
interfaces
IF_NMLPORTS tlvsoverloading
clear lldp
statistics
[no] lldp Admin EXEC Disable or enable LLDP. switch (config)# lldp
[no] lldp tx Admin EXEC Per port disable or enable
[no] lldp rx Admin EXEC Per port disable or enable
User EXEC Display LLDP information in
specified ports.
User EXEC Display the local
configuration.
User EXEC Display the local
configuration in specified
ports.
LLDP information.
User EXEC Display the neighbor's
LLDP information in
specified ports.
User EXEC Display the LLDP RX/TX
statistics.
User EXEC Display the LLDP RX/TX
statistics in specified ports.
User EXEC Display the length of LLDP
TLVs and if the TLVs
overload the PDU length in
specified ports.
Admin EXEC Clear statistics of LLDP. switch# clear lldp statistics
LLDP TX.
LLDP RX.
switch# show lldp interfaces
fa5
switch# show lldp local-device
switch# show lldp interfaces
fa5,fa6 local-device
switch# show lldp neighbor
switch# show lldp interfaces
fa5,fa6 neighbor
switch# show lldp statistics
switch# show lldp interfaces
fa5,fa6 statistics
switch# show lldp interfaces
fa5,fa6 tlvs-overloading
switch (config-if)# lldp rx
switch (config-if)# lldp tx
14 EKI-7000 Series User Manual
Table 1.12: LLDP (Continued)
Function Privilege Description Example
lldp holdtimemultiplier <2-10>
no lldp holdtimemultiplier
lldp tx-interval
<5-32767>
no lldp txinterval
lldp reinit-delay
<1-10>
no lldp reinitdelay
lldp tx-delay <18191>
no lldp tx-delay Admin EXEC switch (config)# no lldp tx-
lldp tlv-select
pvid
(enable|disable)
no lldp tlv-select
pvid
lldp tlv-select
vlan-name
(add|remove) VLANLIST
lldp tlv-select
TLV [TLV] [TLV]
[TLV] [TLV] [TLV]
[TLV] [TLV]
no lldp tlv-select Admin EXEC switch (config-if)# no lldp tlv-
Admin EXEC Set the LLDP PDU hold
multiplier that decides timeto-live (TTL) value sent in
LLDP advertisements: TTL
= (tx-interval * holdtimemultiplier).
Admin EXEC switch (config)# no lldp
Admin EXEC Set the LLDP TX interval. switch (config)# lldp tx-interval
Admin EXEC switch (config)# no lldp tx-
Admin EXEC Set the LLDP re-initial
delay. This delay avoids
LLDP generating too many
PDUs if the port is up and
down frequently.
Admin EXEC switch (config)# no lldp reinit-
Admin EXEC Set the delay in seconds
between successive LLDP
frame transmissions. The
delay starts to count any
time that LLDP PDU is sent,
such as by LLDP PDU
advertise routine, LLDP
PDU content change, port
link up, etc.
Admin EXEC This command per port
configures the 802.1 PVID
TLV attach enable status.
Admin EXEC switch (config-if)# no lldp tlv-
Admin EXEC The commands per port
add or remove VLAN list for
802.1 VLAN-NAME TLV.
Admin EXEC This command per port
configures the selected TLV
attaching in PDU.
switch (config)# lldp holdtimemultiplier 4
holdtime-multiplier
30
interval
switch (config)# lldp reinitdelay 2
delay
switch (config)# lldp tx-delay 2
delay
switch (config-if)# lldp tlv-select
pvid enable
select pvid
switch (config-if)# lldp tlv-select
vlan-name add 1,2,3,4
switch (config-if)# lldp tlv-select
port-desc sys-name sys-desc
sys-cap mac-phy lag maxframe-size management-addr
select
EKI-7000 Series User Manual 15
Table 1.12: LLDP (Continued)
Function Privilege Description Example
lldp lldpdu
(filtering|bridgin
g|flooding)
no lldp lldpdu Admin EXEC switch (config)# no lldp lldpdu
Admin EXEC This command globally
configures the LLDP PDU
handling behavior when
LLDP is globally disabled. It
should be noted that if
LLDP is globally enabled
and per port LLDP RX
status is configured to
disable, the received LLDP
PDU is dropped instead of
taking the global disable
behavior.
switch (config)# lldp lldpdu
filtering
1.3 Multicast
1.3.1 IGMP Snooping
Table 1.13: IGMP Snooping
Function Privilege Description Example
show ip igmp
snooping
show ip igmp
snooping router
show ip igmp
snooping groups
[(dynamic |
static)]
show ip igmp
snooping vlan
[VLAN-LIST]
show ip igmp
snooping groups
counters
show ip igmp
snooping querier
clear ip igmp
snooping groups
[(dynamic
|static)]
clear ip igmp
snooping
statistics
User EXEC This command will display
IP IGMP snooping global
info.
User EXEC This command will display
the IP IGMP router info.
User EXEC This command will display
the IP IGMP groups for
dynamic or static or all
types.
User EXEC This command will display
IP IGMP snooping VLAN
info.
User EXEC This command will display
the IP IGMP group counter
include static group.
User EXEC This command will display
all of the static VLAN IP
IGMP querier info.
Admin EXEC This command will clear the
IP IGMP groups for
dynamic or static or all
types.
Admin EXEC This command will clear the
IGMP statistics.
switch# show ip igmp snooping
switch# show ip igmp snooping
router
switch# show ip igmp snooping
groups
switch# show ip igmp snooping
groups dynamic
switch# show ip igmp snooping
groups static
switch# show ip igmp snooping
vlan
switch# show ip igmp snooping
counters
switch# show ip igmp snooping
querier
switch# clear ip igmp snooping
groups static
switch# clear ip igmp snooping
statistics
16 EKI-7000 Series User Manual
Table 1.13: IGMP Snooping (Continued)
Function Privilege Description Example
[no] ip igmp
snooping
[no] ip igmp
snooping reportsuppression
no ip igmp
snooping vlan
VLAN-LIST group
A.B.C.D
no ip unknownmulticast action
Admin EXEC "No IP IGMP snooping" will
clear all ip igmp snooping
dynamic groups and
dynamic router ports, and
make the static IP IGMP
group invalid.
Subsequently, dynamic
group and router port will
not be learned via IGMP
message.
Admin EXEC "No IP IGMP snooping
report-suppression" will
disable IGMP v1/v2 IGMP
report suppression function.
When received, report will
be forwarded to the VLAN
router ports.
Admin EXEC "IP IGMP snooping vlan 1
static-group 224.1.1.1
interfaces gi1" will add
static group.
The static group will not
learn other dynamic ports. If
the dynamic group exists,
the static group will overlap
the dynamic group. If the
last member of the static
group is removed, the static
group will be deleted.
To validate the static group,
IGMP snooping VLAN and
IP IGMP snooping must be
enabled.
Use "Show IP IGMP
snooping group [(dynamic |
static)]" command to
display configuration. Use
"No IP IGMP snooping vlan
1 group 224.1.1.1"
command to delete the
static group. The "clear ip
igmp snooping groups"
command can also be used
to delete the static group.
Admin EXEC When IGMP snooping and
MLD snooping are
disabled, router port actions
cannot be set.
Disabling IGMP snooping &
MLD snooping will flood
multicast traffic to all
members of the VLAN.
When the action is a router
port flood or drop, it will
delete the unknown
multicast group entry.
switch (config)# ip igmp
snooping
switch (config)# no ip igmp
snooping
switch (config)# ip igmp
snooping report-suppression
switch (config)# no ip igmp
snooping report-suppression
switch (config)# ip igmp
snooping vlan 1 static-group
224.1.1.1 interfaces gi1-2
switch (config)# ip unknownmulticast action router-port
switch (config)# no ip
unknown-multicast action
EKI-7000 Series User Manual 17
Table 1.13: IGMP Snooping (Continued)
Function Privilege Description Example
[no] ip igmp
snooping vlan
VLAN-LIST
fastleave
[no] ip igmp
snooping vlan
VLAN-LIST router
learn pim-dvmrp
ip igmp snooping
vlan VLAN-LIST
robustnessvariable <1-7>
no ip igmp
snooping vlan
VLAN-LIST
robustnessvariable
ip igmp snooping
vlan VLAN-LIST
response-time <520>
no ip igmp
snooping vlan
VLAN-LIST
response-time
ip igmp snooping
vlan VLAN-LIST
query-interval
<30-18000>
no ip igmp
snooping vlan
VLAN-LIST queryinterval
ip igmp snooping
vlan VLAN-LIST
last-member-queryinterval <1-25>
no ip igmp
snooping vlan
VLAN-LIST lastmember-queryinterval
ip igmp snooping
vlan VLAN-LIST
last-member-querycount <1-7>
no ip igmp
snooping vlan
VLAN-LIST lastmember-query-count
Admin EXEC "No IP IGMP snooping vlan
1 (last-member-query-count
| last-member-queryinterval | query-interval |
response-time | robustnessvariable)" will set the VLAN
parameters to default.
The CLI setting will change
the IP IGMP VLAN
parameters admin settings.
switch (config)# ip igmp
snooping vlan 1 fastleave
switch (config)# ip igmp
snooping vlan 1 last-memberquery-count 5
switch (config)# ip igmp
snooping vlan 1 last-memberquery-interval 3
switch (config)# ip igmp
snooping vlan 1 query-interval
100
switch (config)# ip igmp
snooping vlan 1 response-time
12
switch (config)# ip igmp
snooping vlan 1 robustnessvariable 4
18 EKI-7000 Series User Manual
Table 1.13: IGMP Snooping (Continued)
Function Privilege Description Example
[no] ip igmp
snooping vlan
VLAN-LIST
ip igmp snooping
version (2|3)
no ip igmp
snooping vlan
VLAN-LIST querier
[version (2|3)]
ip igmp snooping
vlan VLAN-LIST
querier
Admin EXEC "No IP IGMP snooping vlan
1" will clear all VLAN IP
IGMP snooping dynamic
groups and dynamic router
ports, and invalidate any
static IP IGMP groups with
a VLAN ID of 1.
Subsequently, the dynamic
groups and router ports will
not be learned via IGMP
message for VLAN 1.
Admin EXEC "IP IGMP snooping version
3" supports v3 basic mode.
When the version changes
from v3 to v2, all querier
versions will update to
version 2.
Admin EXEC When IP IGMP vlan querier
is enabled, a router
selection process will be
triggered. The selected
router will send a general
and specific query.
switch (config)# ip igmp
snooping vlan 1
switch (config)# ip igmp
snooping version 3
switch (config)# ip igmp
snooping vlan 2 querier
1.3.2 MLD Snooping
Table 1.14: MLD Snooping
Function Privilege Description Example
show ip mld
snooping
show ip mld
snooping router
show ip mld
snooping groups
[(dynamic |
static)]
show ip mld
snooping vlan
[VLAN-LIST]
show ip mld
snooping groups
counters
show ip mld
snooping querier
User EXEC This command will display
IP MLD snooping global
info.
User EXEC This command will display
the IP MLD router info.
User EXEC This command will display
the IP MLD groups for
dynamic or static ports, or
for all types.
User EXEC This command will display
IP MLD snooping VLAN
info.
User EXEC This command will display
the IP MLD group counter
include static group.
User EXEC This command will display
all of the static VLAN IP
MLD querier info.
switch# show ip mld snooping
switch# show ip mld snooping
router
switch# show ip mld snooping
groups
switch# show ip mld snooping
groups dynamic
Switch# show ip mld snooping
groups static
switch# show ip mld snooping
vlan
switch# show ip mld snooping
counters
switch# show ip mld snooping
querier
EKI-7000 Series User Manual 19
Table 1.14: MLD Snooping (Continued)
Function Privilege Description Example
clear ip mld
snooping groups
[(dynamic
|static)]
clear ip mld
snooping
statistics
[no] ip mld
snooping
[no] ip mld
snooping reportsuppression
[no] ip mld
snooping vlan
VLAN-LIST staticgroup X:X::X:X
interfaces
IF_PORTS
no ip mld snooping
vlan VLAN-LIST
group X:X::X:X
Admin EXEC This command will clear the
IP MLD groups for dynamic
or static ports, or for all
types.
Admin EXEC This command will clear the
MLD statistics.
Admin EXEC "No IP MLD snooping" will
clear all IP MLD snooping
dynamic groups and
dynamic router ports, and
make the static IP MLD
group invalid.
Subsequently, the dynamic
group and router ports will
not be learned via MLD
message.
Admin EXEC "No IP MLD snooping
report-suppression" will
disable MLD v1/v2 MLD
report suppression function.
Reports received will be
forwarded to the VLAN
router ports.
Admin EXEC "IP MLD snooping vlan 1
static-group ff0e:dd::00:dd
interfaces gi1" will add
static group.
The static group willl not
learn other dynamic ports. If
the dynamic group exists,
the static group will overlap
the dynamic group. If the
last member of the static
group is removed, the static
group will be deleted.
For the static group to be
valid, IGMP snooping VLAN
and IP IGMP snooping
must both be enabled.
Use "Show IP IGMP
snooping group [(dynamic |
static)]" to display the
configuration. Use "No IP
MLD snooping vlan 1 group
ff0e:dd::00:dd" or "Clear IP
MLD snooping groups" to
delete the static group.
switch# clear ip mld snooping
groups static
switch# clear ip mld snooping
statistics
switch (config)# ip mld
snooping
switch (config)# no ip mld
snooping
switch (config)# ip mld
snooping report-suppression
switch (config)# no ip mld
snooping report-suppression
switch (config)# ip mld
snooping vlan 1 static-group
ff0e:dd::00:dd interfaces gi1-2
20 EKI-7000 Series User Manual
Table 1.14: MLD Snooping (Continued)
Function Privilege Description Example
[no] ip mld
snooping vlan
VLAN-LIST
fastleave
[no] ip mld
snooping vlan
VLAN-LIST router
learn pim-dvmrp
ip mld snooping
vlan VLAN-LIST
robustnessvariable <1-7>
no ip mld snooping
vlan VLAN-LIST
robustnessvariable
ip mld snooping
vlan VLAN-LIST
response-time <520>
no ip mld snooping
vlan VLAN-LIST
response-time
ip mld snooping
vlan VLAN-LIST
query-interval
<30-18000>
no ip mld snooping
vlan VLAN-LIST
query-interval
ip mld snooping
vlan VLAN-LIST
last-member-queryinterval <1-25>
no ip mld snooping
vlan VLAN-LIST
last-member-queryinterval
ip mld snooping
vlan VLAN-LIST
last-member-querycount <1-7>
no ip mld snooping
vlan VLAN-LIST
last-member-querycount
[no] ip mld
snooping vlan
VLAN-LIST
Admin EXEC "No IP MLD snooping vlan
1 (last-member-query-count
| last-member-queryinterval | query-interval |
response-time | robustnessvariable)" will set the VLAN
parameters to default.
The CLI setting will change
the IP MLD vlan parameters
admin settings.
Admin EXEC "No IP MLD snooping vlan
1" will clear vlan all IP MLD
snooping dynamic group
and dynamic router ports,
and invalidate any static IP
MLD group invalid with a
VLAN ID of 1.
Subsequently, the dynamic
group and router ports will
not be learned via MLD
message for VLAN 1.
switch (config)# ip mld
snooping vlan 1 fastleave
switch (config)# ip mld
snooping vlan 1 last-memberquery-count 5
switch (config)# ip mld
snooping vlan 1 last-memberquery-interval 3
switch (config)# ip mld
snooping vlan 1 query-interval
100
switch (config)# ip mld
snooping vlan 1 response-time
12
switch (config)# ip mld
snooping vlan 1 robustnessvariable 4
switch (config)# ip mld
snooping vlan 1
EKI-7000 Series User Manual 21
Table 1.14: MLD Snooping (Continued)
Function Privilege Description Example
ip mld snooping
version (1|2)
ip mld snooping
vlan VLAN-LIST
querier [version
(1|2)]
no ip mld snooping
[vlan VLAN-LIST]
querier
Admin EXEC "IP MLD snooping version
2", supports v2 basic mode.
When the version changes
from v2 to v1, all querier
versions will update to
version 2.
Admin EXEC When enable IP MLD vlan
querier is enabled, a router
selection process will be
triggered. The selected
router will send a general
and specific query.
switch (config)# ip mld
snooping version 2
switch (config)# ip mld
snooping vlan 2 querier
1.4 Redundancy
1.4.1 X-Ring
Table 1.15: X-Ring
Function Privilege Description Example
show xring-elite User EXEC Display xring-elite status. switch# show xring-elite
[no] xring-elite Admin EXEC Disable or enable xring-elite
function.
xring-elite ringid <1-255> ports
IF_PORTS
xring-elite legacy
ring-id <1-255>
ports IF_PORTS
no xring-elite
ring-id <1-255>
show xring-plus User EXEC Display xring-plus status. switch# show xring-plus
[no] xring-plus Admin EXEC Disable or enable xring-plus
xring-plus create
ring-id <1-255>
interface IF_PORT
interface IF_PORT
xring-plus create
ring-id <1-255>
coupling
interfaces
IF_PORTS masterring ring-id <1255>
xring-plus delete
ring-id <1-255>
Admin EXEC Create a normal ring. switch (config)# xring-elite ring-
Admin EXEC Create a legacy ring. switch (config)# xring-elite
Admin EXEC Delete a normal ring or
legacy ring.
function.
Admin EXEC Create a ring. switch (config)# xring-plus
Admin EXEC Create a coupling. switch (config)# xring-plus
Admin EXEC Delete a ring or coupling. switch (config)# xring-plus
switch (config)# no xring-elite
switch (config)# xring-elite
id 1 ports GigabitEthernet 1,2
legacy ring-id 2 ports
GigabitEthernet 3,4
switch (config)# no xring-elite
ring-id 1
switch (config)# no xring-plus
switch (config)# xring-plus
create ring-id 5 interface
GigabitEthernet 1 interface
GigabitEthernet 2
create ring-id 6 coupling
interfaces 3 master-ring ring-id
5
switch (config)# xring-plus
create ring-id 6 coupling
interfaces 3,4 master-ring ringid 5
delete ring-id 5
22 EKI-7000 Series User Manual
1.5 QoS
1.5.1 Rate Limit
Table 1.16: Rate Limit
Function Privilege Description Example
show rate-limit User EXEC Display rate-limit
information.
show rate-limit
interfaces
IF_NMLPORTS
rate-limit ingress
<16-1000000>
no rate-limit
ingress
rate-limit egress
<16-1000000>
no rate-limit
egress
rate-limit egress
queue <1-8> <161000000>
no rate-limit
egress queue <1-8>
User EXEC Display rate-limit
information in specified
interface.
Admin EXEC Set ingress rate-limit. switch (config-if)# rate-
Admin EXEC No ingress rate-limit. switch (config-if)# no
Admin EXEC Set egress rate-limit. switch (config-if)# rate-
Admin EXEC No egress rate-limit. switch (config-if)# no
Admin EXEC Set egress rate-limit in
queue.
Admin EXEC No egress rate-limit in
queue.
switch# show rate-limit
switch# show rate-limit
interfaces fa 5
limit ingress 10000
rate-limit ingress
limit egress 10000
rate-limit egress
switch (config-if)# ratelimit egress queue 3
10000
switch (config-if)# no
rate-limit egress queue 3
1.5.2 QoS
Table 1.17: QoS
Function Privilege Description Example
show qos User EXEC Display QoS state. switch# show qos
show qos queueing User EXEC Display QoS queueing
state.
show qos
interfaces
IF_PORTS
show qos map
[(cos-queue|dscpqueue|precedencequeue|queuecos|queuedscp|queueprecedence)]
[no] qos Admin EXEC Enabled or disabled the
qos queue strictpriority-num <0-8>
qos queue weight
SEQUENCE
User EXEC Display QoS state by
interface.
User EXEC Display QoS map detail. switch# show qos map
device to QoS mode.
Admin EXEC Specify the strict priority
queue number.
Admin EXEC Specify the non-strict
priority queue weight value.
The valid queue weight
value is from 1 to 127.
switch# show qos queueing
switch# show qos interface gi1
switch# configure
switch (config)# qos
switch (config)# exit
switch# configure
switch (config)# qos queue
strict-priority-num 1
switch (config)# exit
switch# configure
switch (config)# qos queue
weight 3
switch (config)# exit
EKI-7000 Series User Manual 23
Table 1.17: QoS (Continued)
Function Privilege Description Example
qos map cos-queue
SEQUENCE to <1-8>
qos map dscp-queue
SEQUENCE to <1-8>
qos map
precedence-queue
SEQUENCE to <1-8>
qos trust
(cos|cosdscp|dscp|preceden
ce)
no qos trust Admin EXEC Clear qos trust configure. switch# configure
qos cos <0-7> Admin EXEC Specify the CoS value for
[no] qos trust Admin EXEC Enabled or disabled the
qos map queue-cos
SEQUENCE to <0-7>
qos map queue-dscp
SEQUENCE to <0-63>
qos map queueprecedence
SEQUENCE to <0-7>
Admin EXEC Configure or show CoS to
queue map
Admin EXEC Configure or show DSCP to
queue map.
Admin EXEC Configure or show IP
Precedence to queue map.
Admin EXEC Specify the device to trust
CoS.
Specify the device to trust
DSCP for IP packets, and
trust CoS for non-IP
packets.
Specify the device to trust
DSCP.
Specify the device to trust
IP Precedence
the interface.
QoS mode per port.
Admin EXEC Configure or show CoS to
queue map.
Admin EXEC Configure or show DSCP to
queue map.
Admin EXEC Configure or show IP
Precedence to queue map.
switch# configure
switch (config)# qos map cosqueue 6 7 to 1
switch (config)# exit
switch# configure
switch (config)# qos map dscpqueue 6 7 to 1
switch (config)# exit
switch# configure
switch (config)# qos map
precedence-queue 6 7 to 1
switch (config)# exit
switch# configure
switch (config)# qos trust cos
switch (config)# qos trust dscp
switch (config)# exit
switch (config)# no qos trust
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# qos cos 1
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# qos
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# qos map
cos-queue 6 7 to 1
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# qos map
dscp-queue 6 7 to 1
switch (config-if)# exit
switch (config)# exit
switch# configure
switch (config)# interface gi1
switch (config-if)# qos map
precedence-queue 6 7 to 1
switch (config-if)# exit
switch (config)# exit
24 EKI-7000 Series User Manual
Table 1.17: QoS (Continued)
Function Privilege Description Example
[no] qos remark
(cos|dscp|preceden
ce)
Admin EXEC
1.6 Security
1.6.1 Loop Detection / Prevention
Table 1.18: Loop Detection / Prevention
Function Privilege Description Example
show loopbackdetection
show loopbackdetection
interfaces
IF_PORTS state
[no] loopbackdetection
loopback-detection
interval <1-32767>
loopback-detection
recover-time <601000000>
[no] loopbackdetection
User EXEC Display loopback-detection
global status.
User EXEC Display loopback-detection
status of specified ports.
Admin EXEC Enable or disable loopback-
detection.
Admin EXEC Set loopback detection
interval.
Admin EXEC Set block port recover time. switch (config)# loopback-
Admin EXEC Enable or disable loopback-
detection of a specified
port.
switch# show loopbackdetection
show loopback-detection
interfaces GigabitEthernet 1,2
state
switch (config)# loopbackdetection
switch (config)# no loopbackdetection
switch (config)# loopbackdetection interval 1
detection recover-time 60
switch (config-if)# loopbackdetection
switch (config-if)# no loopbackdetection
1.6.2 Storm Control
Table 1.19: Storm Control
Function Privilege Description Example
show storm-control User EXEC Display storm-control
information.
show storm-control
interfaces
IF_NMLPORTS
storm-control ifg
(include|exclude)
storm-control unit
(bps|pps)
[no] storm-control Admin EXEC Disable or enable storm-
User EXEC Display storm-control
information in specified
interface.
Admin EXEC Decide whether to include/
exclude the preamble and
inter frame gap into the
calculation or not.
Admin EXEC Set the unit of calculation
method.
control.
switch# show storm-control
switch# show storm-control
interfaces fa5
switch (config)# storm-control
ifg include
switch (config)# storm-control
unit bps
switch (config)# storm-control
EKI-7000 Series User Manual 25
Table 1.19: Storm Control (Continued)
Function Privilege Description Example
[no] storm-control
(broadcast|unknown
-unicast|unknownmulticast)
storm-control
(broadcast|unknown
-unicast|unknownmulticast) level
<1-1000000>
no storm-control
(broadcast|unknown
-unicast|unknownmulticast) level
storm-control
action
(drop|shutdown)
no storm-control
action
Admin EXEC Disable or enable storm-
control type.
Admin EXEC Set control rate of storm-
control type.
Admin EXEC No control rate of storm-
control type.
Admin EXEC The storm control
mechanism drops packets
which exceed storm control
rate or just shuts down the
port.
Admin EXEC Set action to drop. switch (config-if)# no storm-
switch (config-if)# stormcontrol broadcast
switch (config-if)# stormcontrol broadcast level 1000
switch (config-if)# no stormcontrol broadcast level
switch (config-if)# stormcontrol action shutdown
control action
1.6.3 Port Security
Table 1.20: Port Security
Function Privilege Description Example
show port-security User EXEC Display port-security status. switch# show port-security
[no] port-security
[learning-limit
<0-64>]
[no] macviolation-notify
Admin EXEC Enable port security of a
port and specify a
maximum FDB learning
number of that port.
Disable port security.
Admin EXEC When a port reaches its
maximum FDB learning
number, the system will
send to SNMP trap for a
new MAC.
switch (config-if)# port-security
learning-limit 5
switch (config-if)# port-security
switch (config-if)# no portsecurity
switch (config-if)# macviolation-notify
switch (config-if)# no macviolation-notify
1.6.4 802.1X
Table 1.21: 802.1X
Function Privilege Description Example
show dot1x status User EXEC Show Dot1x configuration. switch# show dot1x
[no] dot1x Admin EXEC Configure radius server
enable/disable.
The “dot1x” command
globally enables 802.1x
ability.
The “no dot1x run"
command disables the
802.1x ability.
switch#show dot1x
switch (config)# no dot1x
26 EKI-7000 Series User Manual
Table 1.21: 802.1X (Continued)
Function Privilege Description Example
dot1x
authenticationbased (port | mac)
dot1x
authenticationport IF_PORTS
sectype (authorize
| disable)
dot1x sysconfiguration ip
X.X.X.X radiusport <1-65535>
accounting-port
<1-65535> secret
WORD<0-128>
dot1x miscconfiguration
reauth-period <165535>
Admin EXEC Configure radius server
authentication mode.
Admin EXEC Configure radius server
authentication port.
Admin EXEC Configure radius server IP
& port and secret key.
Admin EXEC Configure radius server
reauth period.
switch (config)# dot1x
authentication-based port
switch (config)# dot1x
authentication-based mac
switch (config)# dot1x
authentication-port
FastEthernet 1 sectype
authorize
switch (config)# dot1x
authentication-port
FastEthernet 1 sectype disable
switch (config)# dot1x sysconfiguration ip 192.168.1.100
radius-port 1812 accountingport 1813 secret 12345678
switch (config)# dot1x miscconfiguration reauth-period
3600
1.6.5 Remote Authentication
Table 1.22: Remote Authentication
Function Privilege Description Example
show securitylogin
[no] securitylogin
security-login
radius-config ip
X.X.X.X port <165535> secret
WORD<0-128>
security-login
tacacs-config ip
X.X.X.X port <165535> secret
WORD<0-128>
security-login
access-contrl
(http | telnet |
ssh | all)
no security-login
access-contrl
(http | telnet |
ssh | all)
User EXEC Show security login
configuration.
Admin EXEC Use "security-login"
command to enable
security-login services.
Use no form to disable
service.
Admin EXEC Configure radius login
access control.
Admin EXEC Configure security login
access control.
Admin EXEC Configure security login
access control.
Admin EXEC Reset security login access
control.
switch# show security-login
switch (config)# security-login
switch (config)# no securitylogin
switch (config)# security-login
radius-config ip 192.168.1.100
port 1812 secret 12345678
switch (config)# security-login
rtacacs-config ip
192.168.1.100 port 1812
secret 12345678
switch (config)# security-login
access-contrl http
switch (config)# no securitylogin access-contrl
EKI-7000 Series User Manual 27
Table 1.22: Remote Authentication (Continued)
Function Privilege Description Example
security-login
login-type (radius
| tacacs | both |
all)
no security-login
login-type
Admin EXEC Configure security login
type.
Admin EXEC Reset security login type. switch (config)# no security-
switch (config)# security-login
login-type radius
login login-type
1.6.6 One Time Password
Table 1.23: One Time Password
Function Privilege Description Example
show otp User EXEC Show OTP configuration. switch# show otp
[no] otp Admin EXEC Use "otp" command to
enable otp services.
Use no form to disable
service.
otp secure-keymode (one-timeused | timerestricted)
otp interval
<3600-86400>
otp display-mode
(attempt-failed |
fixed-display)
otp ssh-firstphase-auth
username WORD<132> password
WORD<1-32>
Admin EXEC Configure OTP secure key
mode.
Admin EXEC Configure OTP survival
time.
Admin EXEC Configure OTP display
mode.
Admin EXEC Configure OTP SSH login
information.
switch (config)# otp
switch (config)# no otp
switch (config)# otp securekey-mode one-time-used
switch (config)# otp securekey-mode time-restricted
switch (config)# otp interval
switch (config)# otp displaymode attempt-failed
switch (config)# otp displaymode fixed-display
switch (config)# otp ssh-firstphase-auth username admin
password 12345678
1.6.7 Account Manager
Table 1.24: Account Manager
Function Privilege Description Example
show username User EXEC Show all user accounts in
local database.
show privilege User EXEC Show current privilege
level.
username WORD<032> [privilege
(admin|user)]
(password WORD<032>) | ( secret
[encrypted]
WORD<0-32>) |
nopassword
no username
WORD<0-32>
Admin EXEC Use "username" command
to add a new user account
or edit an existing user
account.
Admin EXEC Delete an existing user
account.
28 EKI-7000 Series User Manual
switch# show username
switch# show privilege
switch (config)# username test
privilege admin secret 1234
switch (config)# no username
test
Table 1.24: Account Manager (Continued)
Function Privilege Description Example
enable (password |
(secret
[encrypted]))
PASSWORD
no enable Admin EXEC Restore enable password to
Admin EXEC Edit password for each
privilege level to enable
authentication.
default empty value.
switch (config)# enable secret
1234
switch (config)# no enable
1.6.8 DoS Attack Prevention
Table 1.25: DoS Attack Prevention
Function Privilege Description Example
show dos User EXEC Show current dos global
state.
show dos
interfaces
IF_PORTS
[no] dos (tcpfrag-off-mincheck|synrstdeny|synfindeny|xmadeny|nullscandeny|synsportl1024deny|tcphdr-mincheck|smurfdeny|icmpv6-pingmax-check|icmpv4ping-maxcheck|icmp-fragpkts-deny|ipv6min-frag-sizecheck|poddeny|tcpblatdeny|udpblatdeny|landdeny|daeqsa-deny)
User EXEC Show dos configuration
on selected ports.
Admin EXEC Configure DUT to
enable/disable support
types of attacks.
switch# show dos
switch# show dos
interfaces
GigabitEthernet 1
switch (config)# no dos
land-deny
switch (config)# dos
land-deny
1.6.9 IP Security
Table 1.26: IP Security
Function Privilege Description Example
show ip-security User EXEC Display IP security
information.
[no] ip-security Admin EXEC Disable or enable IP
security.
EKI-7000 Series User Manual 29
switch# show ip-security
switch (config)# ip-security
Table 1.26: IP Security (Continued)
Function Privilege Description Example
ip-security ip
A.B.C.D mask
A.B.C.D [service
(ping | http |
https | telnet |
ssh | snmp) state
(enable |
disable)]
no ip-security ip
A.B.C.D mask
A.B.C.D
Admin EXEC Add a specified IP (and
service) entry for IP security
usage.
Admin EXEC Remove specified IP
security entry.
switch (config)# ip-security ip
192.168.1.1 mask 255.255.0.0
service ping state enable
switch (config)# no ip-security
ip 192.168.1.1 mask
255.255.0.0
1.6.10 Access Control List
Table 1.27: Access Control List
Function Privilege Description Example
show ipacl [entryid WORD<1-7>]
show macacl
[entry-id WORD<17>]
macacl entry-id
<1-250>
no macacl entry-id
WORD<1-7>
ipacl entry-id <1250>
no ipacl entry-id
WORD<1-7>
dst-mac
A:B:C:D:E:F mask
A:B:C:D:E:F
no dst-mac Admin EXEC Remove destination MAC
src-mac
A:B:C:D:E:F mask
A:B:C:D:E:F
no src-mac Admin EXEC Remove source MAC
User EXEC Display IP ACL entry
information.
User EXEC Display MAC ACL entry
information.
Admin EXEC Specify MAC ACL entry id. switch# configure
Admin EXEC Remove the MAC ACL
entry with specified id.
Admin EXEC Specify IP ACL entry id. switch# configure
Admin EXEC Remove the IP ACL entry
with specified id.
Admin EXEC Specify destination MAC
address and mask for MAC
ACL entry.
address for MAC ACL entry.
Admin EXEC Specify source MAC
address and mask for MAC
ACL entry.
address for MAC ACL entry.
switch# show ipacl
switch# show macacl 3
switch (config)# macacl entryid 10
switch# configure
switch (config)# no macacl
entry-id 10
switch( config)# ipacl entry-id
20
switch# configure
switch (config)# no ipacl entryid 2
switch# configure
switch (config)# macacl entryid 10
switch (config-macacl)# dstmac 96:FA:95:1D:67:4A mask
FF:FF:FF:00:00:00
switch (config-macacl)# exit
switch (config-macacl)# no dstmac
switch# configure
switch (config)# macacl entryid 10
switch (config-macacl)# srcmac 96:FA:95:1D:67:4A mask
FF:FF:FF:00:00:00
switch# configure
switch (config)# macacl entryid 10
switch (config-macacl)# no srcmac
30 EKI-7000 Series User Manual
Table 1.27: Access Control List (Continued)
Function Privilege Description Example
ethertype <065535>
no ethertype Admin EXEC Remove Ether type for
vlanid <1-4094> Admin EXEC Specify the VLAN id for
no vlanid Admin EXEC Remove the VLAN id for
dst-ip A.B.C.D
mask A.B.C.D
no dst-ip Admin EXEC Remove destination IP
src-ip A.B.C.D
mask A.B.C.D
no src-ip Admin EXEC Remove source IP address
no protocol Admin EXEC Remove the IP protocol for
protocol icmp Admin EXEC Specify the IP protocol with
Admin EXEC Specify the Ether type for
MAC ACL entry.
MAC ACL entry.
MAC ACL entry.
MAC ACL entry.
Admin EXEC Specify destination IP
address and mask for IP
ACL entry.
address for IP ACL entry.
Admin EXEC Specify source IP address
and mask for IP ACL entry.
for IP ACL entry.
IP ACL entry.
ICMP for IP ACL entry.
switch# configure
switch (config)# macacl entryid 10
switch (config-macacl)#
ethertype 100
switch# configure
switch (config)# macacl entryid 10
switch (config-macacl)# no
ethertype
switch# configure
switch (config)# macacl entryid 10
switch (config-macacl)# vlan id
10
switch (config-macacl)# exit
switch# configure
switch (config)# macacl entryid 10
switch (config-macacl)# no
vlnaid
switch (config-macacl)# exit
switch# configure
switch (config)# ipcacl entry-id
20
switch (config-ipacl)# dst-ip
192.168.1.6 mask
255.255.255.0
switch (config-ipacl)# exit
switch (config-ipacl)# no dst-ip
switch# configure
switch (config)# ipcacl entry-id
20
switch (config-ipacl)# src-ip
192.168.1.3 mask
192.168.1.254
switch (config-ipacl)# exit
switch# configure
switch (config)# ipcacl entry-id
20
switch (config-ipacl)# no src-ip
switch (config-ipacl)# exit
switch# configure
switch (config)# ipcacl entry-id
2
switch (config-ipacl)# no
protocol
switch (config-ipacl)# exit
switch# configure
switch (config)# ipcacl entry-id
2
switch (config-ipacl)# proto-col
icmp
switch (config-ipacl)# exit
EKI-7000 Series User Manual 31
Table 1.27: Access Control List (Continued)
Function Privilege Description Example
protocol tcp
[dstport <065535>] [srcport
<0-65535>]
protocol udp
[dstport <065535>] [srcport
<0-65535>]
action permit Admin EXEC Specify the MAC/IP ACL
action drop Admin EXEC Specify the MAC/IP ACL
action assignqueue <1-8>
incoming-interface
IF_PORTS
action redirectportlist
IF_NMLPORTS
action redirectport IF_NMLPORTS
[no] active Admin EXEC Enable or disable the active
Admin EXEC Specify the destination and
source ports of TCP
protocol for IP ACL.
Admin EXEC Specify the destination and
source ports of UDP
protocol for IP ACL.
action to be permit.
action to be drop.
Admin EXEC Specify the MAC/IP ACL
action to be assign queue.
Admin EXEC Specify the incoming
interface port for MAC/IP
ACL.
Admin EXEC Specify the MAC/IP ACL
action to be to be redirect
action to portlist.
Admin EXEC Specify the MAC/IP ACL
action to be to be redirect
action to port.
state of MAC/IP ACL.
switch# configure
switch (config)# ipcacl entry-id
2
switch (config-ipacl)# protocol
tcp dstport 10 srcport 15
switch# configure
switch (config)# ipcacl entry-id
2
switch (config-ipacl)# protocol
udp dstport 20 srcport 25
switch (config-ipacl)# exit
switch# configure
switch (config)# macacl entryid 20
switch (config-macacl)# action
permit
switch (config-macacl)# exit
switch# configure
switch (config)# macacl entryid 20
switch (config-macacl)# action
drop
switch (config-macacl)# exit
switch# configure
switch (config)# macacl entryid 20
switch (config-macacl)# action
assign-queue 1
switch (config-macacl)# exit
switch# configure
switch (config)# macacl entryid 20
switch (config-macacl)# incoming-interface GE2
switch (config-macacl)# exit
switch# configure
switch (config)# macacl entryid 20
switch (config-macacl)# action
redirect-portlist GE3, GE4,
GE8
switch (config-macacl)# exit.
switch (config-macacl)# action
redirect-port GE9
switch (config-macacl)# exit.
switch# configure
switch (config)# macacl entryid 20
switch (config-macacl)# no
active
switch (config-macacl)# exit
32 EKI-7000 Series User Manual
1.7 Management
1.7.1 IP Management
Table 1.28: IP Management
Function Privilege Description Example
show ip User EXEC Show system IPv4 address,
net mask and default
gateway.
show ip dhcp User EXEC Show IPv4 DHCP client
enable state.
show auto-ip User EXEC
[no] ip dhcp Admin EXEC Use "IP DHCP" command
to enable DHCP client to
get IP address from remote
DHCP server.
Use "No IP DHCP"
command to disable DHCP
client and use static IP
address.
ip address A.B.C.D
[mask A.B.C.D]
default-gateway
A.B.C.D
show ipv6 dhcp User EXEC Show system IPv6 DHCP
show ipv6 User EXEC Show system IPv6 address,
[no] ipv6 dhcp Admin EXEC Use "IPv6 DHCP"
[no] ipv6
autoconfig
ipv6 address
X:X::X:X prefix
<0-128>
ipv6 defaultgateway X:X::X:X
Admin EXEC Modify administration IPv4
address.
Admin EXEC Modify default gateway
address.
client enable state.
net mask, default gateway
and auto config state.
command enable DHCPv6
client to get IP address from
remote DHCPv6 server.
Use "No IPv6 DHCP"
command to disable
DHCPv6 client and use
static IPv6 address or IPv6
auto config address.
Admin EXEC Use "IPv6 autoconfig"
command to enable IPv6
auto configuration feature.
Use "No IPv6 autoconfig"
command to disable IPv6
auto configuration feature.
Admin EXEC Use "IPv6 address"
command to specify static
IPv6 address.
Admin EXEC Use "IPv6 default-gateway"
command to modify default
gateway IPv6 address.
switch# show ip
switch# show ip dhcp
switch (config)# ip dhcp
switch (config)# no ip dhcp
switch (config)# ip address
192.168.1.200 mask
255.255.255.0
switch (config)# ip defaultgateway 192.168.1.100
switch# show ipv6 dhcp
switch# show ipv6
switch (config)# ipv6 dhcp
switch (config)# no ipv6
autoconfig
switch (config)# ipv6 address
fe80::20e:2eff:fef1:4b3c prefix
128
switch (config)# ipv6 defaultgateway
fe80::dcad:beff:feef:103
EKI-7000 Series User Manual 33
1.7.2 SNMP
Table 1.29: SNMP
Function Privilege Description Example
show snmp User EXEC Display SNMP state. switch# show snmp
show snmpv3 User EXEC Display SNMPv3 configure
state.
show snmp trap User EXEC Display SNMP trap setting. switch# show snmp trap
[no] snmp Admin EXEC Enable or disabled SNMP
engine.
[no] snmp trap
(auth|linkUpDown|w
arm-start|coldstart|portsecurity)
snmp community
NAME (ro|rw)
no snmp community
NAME
snmp host
(A.B.C.D|X:X::X:X|
HOSTNAME) [version
(1|2c)] NAME
no snmp host
(A.B.C.D|X:X::X:X|
HOSTNAME) [version
(1|2c)]
snmpv3 user NAME
(ro|rw) auth
(md5|sha) password
WORD<8-32> priv
password WORD<832>
no snmpv3 user
NAME
Admin EXEC Specify SNMP trap setting. switch# configure
Admin EXEC SNMP v1/v2 community
name.
SNMP community read or
readwrite attribute for basic
mode.
Admin EXEC Delete SNMP community
name.
Admin EXEC SNMP trap host IPv4/IPv6
address or host name.
v1/v2c/v3 traps.
SNMP community name or
user name.
Admin EXEC Delete SNMP host. switch# configure
Admin EXEC SNMPv3 user name.
SNMPv3 user read or
readwrite attribute for basic
mode.
SNMPv3 user security
level, auth-protocol, prviprotocol.
Admin EXEC Delete SNMPv3 user name. switch# configure
switch# show snmpv3
switch# configure
switch (config)# snmp
switch (config)# exit
switch (config)# snmp trap
auth
switch (config)# exit
switch# configure
switch (config)# snmp
community user rw
switch (config)# exit
switch# configure
switch (config)# no snmp
community user
switch (config)# exit
switch# configure
switch (config)# snmp host
192.168.1.100 version 2c
private
switch (config)# exit
switch (config)# no snmp host
192.168.1.100 version 2c
switch (config)# exit
switch# configure
switch (config)# snmpv3 user
root rw auth md5 password
12345678
switch (config)# exit
switch (config)# no snmp user
root
switch (config)# exit
1.7.3 Configuration Management
Table 1.30: Configuration Management
Function Privilege Description Example
show (startupconfig|runningconfig)
Admin EXEC Show startup/running
configuration.
34 EKI-7000 Series User Manual
switch# show startup-config
switch# show running-config
Table 1.30: Configuration Management (Continued)
Function Privilege Description Example
show runningconfig interfaces
IF_PORTS
copy runningconfig (startupconfig|)
copy (runningconfig|startupconfig) tftp://
copy tftp://
(runningconfig|startupconfig)
copy (startupconfig) runningconfig
delete (startupconfig|flash://)
reset Admin EXEC Restore system to all
reset except for
[ip-address]
[vlan] [useraccount]
save Admin EXEC
Admin EXEC Show running configuration
on selected ports.
Admin EXEC Copy running configuration
to startup configuration.
Admin EXEC Copy running/startup
configuration to remote tftp
server.
Admin EXEC Upgrade running/startup
configuration from remote
tftp server.
Admin EXEC Copy startup configuration
to running configuration.
Admin EXEC Restore factory defaults,
equal to command "restoredefaults".
factory defaults.
Admin EXEC Restore system to all
factory defaults except for
specified settings.
switch# show running-config
interfaces GigabitEthernet 1
switch# copy running-config
startupst-config
switch# copy running-config
startupst-config tftp://
192.168.1.111/test1.cfg
switch# copy tftp://
192.168.1.111/test2.cfg
startup-config
switch# copy startupst-config
running-config
switch# delete backup-config
switch# reset
switch# reset except for ipaddress
1.7.4 Firmware Management
Table 1.31: Firmware Management
Function Privilege Description Example
boot system
(image0|image1)
delete system
(image0|image1)
copy (flash://
|tftp://) (flash:/
/|tftp://)
Admin EXEC Dual image stores a backup
image in the flash partition.
Use "boot system"
command to select the
active firmware image.
The other firmware image
will become a backup.
Admin EXEC Delete firmware image
stored in flash.
Admin EXEC Upgrade/backup firmware
image from/to remote tftp
server.
switch (config)# boot system
image1
switch# delete system image1
switch# copy tftp://
192.168.1.100/vmlinux.bix
flash://image0
EKI-7000 Series User Manual 35
1.7.5 DHCP Server
Table 1.32: DHCP Server
Function Privilege Description Example
show dhcp-server
[lease]
[no] dhcp-server Admin EXEC Enable or disable DHCP
dhcp-server leasetime <60-86400>
dhcp-server global
low-ip-address
A.B.C.D high-ipaddress A.B.C.D
subnet-mask
A.B.C.D gateway
A.B.C.D dns
A.B.C.D
no dhcp-server
global
dhcp-server
interface
IF_NMLPORT low-ipaddress A.B.C.D
high-ip-address
A.B.C.D subnetmask A.B.C.D
gateway A.B.C.D
dns A.B.C.D
no dhcp-server
interfaces
IF_NMLPORT
dhcp-server vlan
entry <1-8> vlan
<1-4094> low-ipaddress A.B.C.D
high-ip-address
A.B.C.D subnetmask A.B.C.D
gateway A.B.C.D
dns A.B.C.D
no dhcp-server
vlan entry <1-8>
dhcp-server
option82 entry <12> low-ip-address
A.B.C.D high-ipaddress A.B.C.D
subnet-mask
A.B.C.D gateway
A.B.C.D dns
A.B.C.D
User EXEC Show DHCP server
information.
Show leased client
information.
server.
Admin EXEC Set the lease-time of DHCP
server.
Admin EXEC Set allocate IP range,
subnet mask, gateway,
DNS in global settings of
DHCP server.
Admin EXEC Remove global settings of
DHCP server
Admin EXEC Set allocate IP range,
subnet mask, gateway,
DNS in specified port
settings of DHCP server.
Admin EXEC Remove specific port
settings of DHCP server.
Admin EXEC Set allocate IP range,
subnet mask, gateway,
DNS in specified VLAN
settings of DHCP server.
Admin EXEC Remove specific VLAN
settings of DHCP server.
Admin EXEC Set allocate IP range,
subnet mask, gateway,
DNS in specified option 82
settings of DHCP server.
switch# show dhcp-server
switch# show dhcp-server
lease
switch (config)# dhcp-server
switch (config)# dhcp-server
lease-time 16888
switch (config)# dhcp-server
global low-ip-address 10.1.1.1
high-ip-address 10.1.2.1
subnet-mask 255.255.0.0
gateway 10.1.1.254 dns
10.1.1.100
switch (config)# no dhcpserver global
switch (config)# dhcp-server
interface GigabitEthernet1 lowip-address 11.1.1.1 high-ipaddress 11.1.2.1 subnet-mask
255.255.0.0 gateway
11.1.1.254 dns 11.1.1.100
switch (config)# no dhcpserver interfaces
GigabitEthernet1
switch (config)# dhcp-server
vlan entry 2 vlan 12 low-ipaddress 12.1.1.1 high-ipaddress 12.1.2.1 subnet-mask
255.255.0.0 gateway
12.1.1.254 dns 12.1.1.100
switch (config)# no dhcpserver vlan entry 2
switch (config)# dhcp-server
option82 entry 1 low-ipaddress 13.1.1.1 high-ipaddress 13.1.2.1 subnet-mask
255.255.0.0 gateway
13.1.1.254 dns 13.1.1.100
36 EKI-7000 Series User Manual
Table 1.32: DHCP Server (Continued)
Function Privilege Description Example
dhcp-server
option82 entry <12> circuit-id
format ( string |
hex ) content
WORD<0-120>
dhcp-server
option82 entry <12> remote-id
format ( string |
hex ) content
WORD<0-120>
no dhcp-server
option82 entry <12>
Admin EXEC Set circuit ID in specified
option 82 settings of DHCP
server.
Admin EXEC Set remote ID in specified
option 82 settings of DHCP
server.
Admin EXEC Remove specific option 82
settings of DHCP server.
switch (config)# dhcp-server
option82 entry 1 circuit-id
format string content Hello
switch (config)# dhcp-server
option82 entry 1 remote-id
format string content World
switch (config)# no dhcpserver option82 entry 1
1.7.6 DHCP Client
Table 1.33: DHCP Client
Function Privilege Description Example
show dhcp-autoprovision
[no] dhcp-autoprovision
[no] ip dhcp
option82
ip dhcp option82
circuit-id format
( string | hex |
user-define )
[content WORD<0120>]
ip dhcp option82
remote-id format
( string | hex |
user-define )
[content WORD<0120>]
User EXEC View DHCP-auto-provision
status.
Admin EXEC Enable of disable DHCP-
auto-provision.
Admin EXEC Enable or disable DHCP
option 82 for DHCP client.
Admin EXEC Set circuid-id in DHCP
option 82 for DHCP client.
Admin EXEC Set remote-id in DHCP
option 82 for DHCP client.
switch# show dhcp-autoprovision
switch (config)# dhcp-autoprovision
switch (config)# ip dhcp
option82
switch (config)# ip dhcp
option82 circuit-id format string
Hello
switch (config)# ip dhcp
option82 remote-id format
string World
1.7.7 System Log (SYSLOG)
Table 1.34: System Log (SYSLOG)
Function Privilege Description Example
show logging User EXEC Display the global logging
status.
show logging
(buffered|file)
clear logging
(buffered|file)
[no] logging Admin EXEC Disable or enable logging
EKI-7000 Series User Manual 37
User EXEC Display log of buffer or file. switch# show logging buffered
Admin EXEC Clear logging information. switch# clear logging buffered
service.
switch# show logging
switch (config)# logging
Table 1.34: System Log (SYSLOG) (Continued)
Function Privilege Description Example
logging host
(A.B.C.D|HOSTNAME)
[port <0-65535>]
[severity <0-7>]
[facility
(local0|local1|loc
al2|local3|local4|
local5|local6|loca
l7)]
logging
(buffered|console|
file) [severity
<0-7>]
no logging
(buffered|console|
file)
no logging host
(A.B.C.D|HOSTNAME)
Admin EXEC Set remote log server
information and specify the
minimum severity mask and
facility of logging message.
Admin EXEC Enable logging into buffer
or console of file and
specify the minimum
severity mask of logging
message.
Admin EXEC Disable logging into buffer
or console or file.
Admin EXEC Remove remote log server. switch (config)# no logging
switch (config)# logging host
192.168.1.100 severity 6
facility local0
switch (config)# logging
buffered severity 6
switch (config)# no logging
buffered
host 192.168.1.100
1.7.8 System Time
Table 1.35: System Time
Function Privilege Description Example
clock source
(local|sntp)
clock timezone
ACRONYM HOUROFFSET [minutes
<0-59>]
no clock timezone Admin EXEC Use the no form of this
sntp host HOSTNAME
[port <1-65535>]
Admin EXEC Set the source of time.
Use the no form of this
command to select the
default setting.
Admin EXEC Use the clock timezone
command to set timezone
setting.
command to timezone
default setting.
Admin EXEC Use the clock set command
to set static time.
The static time won’t save
to configuration file.
switch (config)# clock source
sntp
switch (config)# show clock
detail
08:32:12 test(UTC+5) Sep 21
2012
No time source
Time zone:
Acronym is DFL
Offset is UTC+8
switch (config)# clock timezone
test +5
switch (config)# show clock
detail
10:13:27 test(UTC+5) Sep 21
2012
No time source
Time zone:
Acronym is test
Offset is UTC+5
switch (config)# no clock
timezone
switch# clock set 11:03:00 sep
21 2012
11:03:00 DFL(UTC+8) Sep 21
2012
38 EKI-7000 Series User Manual
Table 1.35: System Time
Function Privilege Description Example
no sntp Admin EXEC Use the no form of this
command to restore sntp
default setting.
clock set HH:MM:SS
(jan|feb|mar|apr|m
ay|jun|jul|aug|sep
|oct|nov|dec) <131> <2000-2035>
clock summer-time
ACRONYM date
(jan|feb|mar|apr|m
ay|jun|jul|aug|sep
|oct|nov|dec) <131> <2000-2037>
HH:MM
(jan|feb|mar|apr|m
ay|jun|jul|aug|sep
|oct|nov|dec) <131> <2000-2037>
HH:MM [<1-1440>]
clock summer-time
ACRONYM recurring
(usa|eu) [<11440>]
clock summer-time
ACRONYM recurring
(<1-5>|first|last)
(sun|mon|tue|wed|t
hu|fri|sat)
(jan|feb|mar|apr|m
ay|jun|jul|aug|sep
|oct|nov|dec)
HH:MM (<15>|first|last)
(sun|mon|tue|wed|t
hu|fri|sat)
(jan|feb|mar|apr|m
ay|jun|jul|aug|sep
|oct|nov|dec)
HH:MM [<1-1440>]
no clock summertime
Admin EXEC Use the clock set command
to set static time.
The static time won’t save
to configuration file.
Admin EXEC Use the clock summer-time
command to set daylight
saving time for system time.
Admin EXEC Use the global daylight
saving policy defined by an
international organization.
Admin EXEC Use the clock summer-time
recurring daylight saving
time duration. The first part
of the command specifies
when summer time begins,
and the second part
specifies when it ends.
Admin EXEC Use the no form of this
command to clock summertime default setting.
switch (config)# no sntp
switch# clock set 11:03:00 sep
21 2012
11:03:00 DFL(UTC+8) Sep 21
2012
switch (config)# clock summertime ACRONYM date jan 1
2017 00:00 apr 30 2017 23:59
60
switch (config)# clock summertime DLS recurring usa 60
clock summer-time ACRONYM
recurring 1 sun jan 20:00 last
sun jan 22:00 60
switch (config)# no clock
summer-time
1.7.9 SMTP
Table 1.36: SMTP
Function Privilege Description Example
show smtp User EXEC View SMTP client
information.
smtpc profile-id
<1-2> server-ip
A.B.C.D serverport <25-25>
EKI-7000 Series User Manual 39
Admin EXEC Set SMTP server's IP and
udp port in profile 1 or 2.
switch (config)# smtpc profileid 1 server-ip 192.168.1.100
server-port 25
Table 1.36: SMTP (Continued)
Function Privilege Description Example
smtpc profile-id
<1-2> sender-mail
WORD<1-64>
no smtpc profileid <1-2> sendermail
smtpc profile-id
<1-2> target-mail
WORD<1-64>
no smtpc profileid <1-2> targetmail ( all |
WORD<1-64>)
smtpc active
profile-id <1-2>
no smtpc active
profile
smtpc sendmsg
title WORD<1-20>
content WORD<1-64>
Admin EXEC Set sender's mail address
in profile 1 or 2.
Admin EXEC Remove sender's mail
address in profile 1 or 2.
Admin EXEC Set target's mail address in
profile 1 or 2.
Admin EXEC Remove target's mail
address in profile 1 or 2.
Admin EXEC Select an enabled profile for
SMTP client used.
Admin EXEC SMTP client will not use
any profile. It means
disabled.
Admin EXEC Send a mail for testing
SMTP client.
switch (config)# smtpc profileid 1 sender-mail
sender@advantech.com.tw
switch (config)# no smtpc
profile-id 1 sender-mail
sender@advantech.com.tw
switch (config)# smtpc profileid 1 sender-mail
target@advantech.com.tw
switch (config)# no smtpc
profile-id 1 sender-mail
target@advantech.com.tw
switch (config)# smtpc active
profile-id 1
switch (config)# no smtpc
active profile
switch (config)# smtpc
sendmsg title hello content
world
1.7.10 NTP Server
Table 1.37: NTP Server
Function Privilege Description Example
show ntp-server User EXEC Show NTP server
configuration.
[no] ntp-server Admin EXEC Use "ntp-server" command
to enable NTP server
services.
Use no form to disable
service.
ntp-server servernum <1-10> address
WORD<0-64>
[no] ntp-server
server-num <1-10>
ntp-server servertime HH:MM:SS
(jan|feb|mar|apr|m
ay|jun|jul|aug|sep
|oct|nov|dec) <131> <2000-2035>
ntp-server
timezone ACRONYM
HOUR-OFFSET
[minutes <0-59>]
no ntp-server
timezone
Admin EXEC NTP server address
configuration.
Admin EXEC Use the command to delete
specific NTP server.
Admin EXEC Use the command to set
static time. The static time
won’t save to configuration
file.
Admin EXEC Use the command to set
timezone setting. Use the
no form of this command to
default setting.
Admin EXEC Disable timezone setting.
switch# show ntp-server
switch (config)# ntp-server
switch (config)# no ntp-server
switch (config)# ntp-server
server-num 1 address
192.168.1.100
switch (config)# ntp-server
server-num 1
switch (config)# ntp-server
server-time 11:03:00 sep 21
2012
switch (config)# ntp-server
timezone test +5
40 EKI-7000 Series User Manual
Table 1.37: NTP Server (Continued)
Function Privilege Description Example
ntp-server summertime ACRONYM date
(jan|feb|mar|apr|m
ay|jun|jul|aug|sep
|oct|nov|dec) <131> <2000-2037>
HH:MM
(jan|feb|mar|apr|m
ay|jun|jul|aug|sep
|oct|nov|dec) <131> <2000-2037>
HH:MM [<1-1440>]
ntp-server summertime ACRONYM
recurring (usa|eu)
[<1-1440>]
ntp-server summertime ACRONYM
recurring (<15>|first|last)
(sun|mon|tue|wed|t
hu|fri|sat)
(jan|feb|mar|apr|m
ay|jun|jul|aug|sep
|oct|nov|dec)
HH:MM (<15>|first|last)
(sun|mon|tue|wed|t
hu|fri|sat)
(jan|feb|mar|apr|m
ay|jun|jul|aug|sep
|oct|nov|dec)
HH:MM [<1-1440>]
ntp-server manualtime (enable |
disable)
Admin EXEC Use the command to set
daylight saving time for
system time.
Admin EXEC Use the command to set
daylight saving time for
system time.
Admin EXEC Use the command to set
daylight saving time for
system time.
Admin EXEC Manually set the system
clock.
Reference clock summer-time
setting.
Reference clock summer-time
setting.
Reference clock summer-time
setting.
switch (config)# ntp-server
manual-time enable
switch (config)# ntp-server
manual-time disable
1.7.11 RMON
Table 1.38: RMON
Function Privilege Description Example
show rmon
(statistics |
history | alarms |
events)
rmon statistics
index <1-65535>
interface
IF_NMLPORT [owner
OWNER<1-32>]
EKI-7000 Series User Manual 41
User EXEC Display RMON setting
configuration.
Admin EXEC Specify RMON statistics
index.
Specify statistics interface.
Specify owner.
switch# show rmon history
switch# configure
switch (config)# rmon statistics
index 10 interface gi1 owner
ADV
switch (config)# exit
Table 1.38: RMON (Continued)
Function Privilege Description Example
no rmon statistics
index <1-65535>
rmon history index
<1-65535>
interface
IF_NMLPORT
[buckets <1-50>]
[interval <13600>] [owner
OWNER<1-32>]
no rmon history
index <1-65535>
rmon alarm index
<1-65535> oidvariable OID<255>
interval <12147483647>
(absolute|delta)
rising-threshold
<0-2147483647>
rising-event-index
<1-65535> fallingthreshold <02147483647>
falling-eventindex <1-65535>
[owner OWNER<132>]
no rmon alarm
index <1-65535>
rmon event index
<1-65535>
description
DESC<128> [log]
[trap communityname OWNER<1-32>]
[owner OWNER<132>]
no rmon event
index <1-65535>
Admin EXEC Delete snmp statistics
index.
Admin EXEC Specify RMON history
index.
Specify history interface.
Specify history bucket time.
Specify history record
interval time.
Specify owner.
Admin EXEC Delete SNMP history index. switch# configure
Admin EXEC Specify RMON alarm index.
Specify alarm OID.
Specify alarm check value
frequency.
How to compare values
Specify rasing-threshold.
Specify rasing-event-index.
Specify falling-threshold.
Specify falling-event-index.
Specify owner.
Admin EXEC Delete SNMP statistics
index.
Admin EXEC Specify RMON event index.
Specify event description.
Specify log flag for
recording.
Specify trap name to send
SNMP trap message.
Specify owner.
Admin EXEC Delete SNMP event index. switch# configure
switch# configure
switch (config)# no rmon
statistics index 10
switch (config)# exit
switch# configure
switch (config)# rmon history
index 10 interface gi1 buckets
20 interval 1000 owner ADV
switch (config)# exit
switch (config)# no rmon
history index 10
switch (config)# exit
switch# configure
switch (config)# rmon statistics
index 10 interface gi1 owner
ADV
switch (config)# exit
switch# configure
switch (config)# no rmon alarm
index 10
switch (config)# exit
switch# configure
switch (config)# rmon event
index 10 description Good for
us. log trap public owner ADV
switch (config)# exit
switch (config)# no rmon event
index 10
switch (config)# exit
42 EKI-7000 Series User Manual
1.7.12 IP Configuration
Table 1.39: IP Configuration
Function Privilege Description Example
ip address A.B.C.D
[mask A.B.C.D]
ip default-gateway
A.B.C.D
no ip defaultgateway
ip dns A.B.C.D
[A.B.C.D]
no ip dns A.B.C.D Admin EXEC Use "No IP DNS" to delete
Admin EXEC Use "IP address" command
to modify administration
IPv4 address.
Admin EXEC Use "IP default-gateway"
command to modify default
gateway address.
Admin EXEC Use "No IP default-
gateway" to restore default
gateway address to factory
default.
Admin EXEC Use "IP DNS" command to
modify DNS server
address.
existing DNS server.
switch (config)# ip address
192.168.1.200 mask
255.255.255.0
switch (config)# ip defaultgateway 192.168.1.100
switch (config)# no ip defaultgateway
switch (config)# ip dns
111.111.111.111
switch (config)# no ip dns
111.111.111.111
1.7.13 TELNET
Table 1.40: TELNET
Function Privilege Description Example
ip telnet Admin EXEC Use "IP service" command
to enable telnet services.
[no] ip telnet Admin EXEC Use no form to disable
service.
switch (config)# ip telnet
switch (config)# no ip telnet
1.7.14 SSH
Table 1.41: SSH
Function Privilege Description Example
ip ssh Admin EXEC Use "IP service" command
to enable ssh services.
[no] ip ssh Admin EXEC Use no form to disable
service.
show ip ssh User EXEC Show current ssh service
status.
switch (config)# ip ssh
switch (config)# no ip ssh
switch# show ip ssh
1.7.15 HTTP
Table 1.42: HTTP
Function Privilege Description Example
ip http Admin EXEC Use "IP service" command
to enable http services.
ip https Admin EXEC Use "IP service" command
to enable https services.
[no] ip https Admin EXEC Use no form to disable
service.
EKI-7000 Series User Manual 43
switch (config)# ip http
switch (config)# ip https
switch (config)# no ip http
Table 1.42: HTTP (Continued)
Function Privilege Description Example
[no] ip http Admin EXEC Use no form to disable
service.
show ip
(http|https)
ip (http|https)
session-timeout
<0-86400>
User EXEC Show current https or http
service status.
Admin EXEC Use "IP session-timeout"
command to specify the
session timeout value for
http or https service.
switch (config)# no ip http
switch (config)# no ip https
switch# show ip https
switch (config)# ip http
session-timeout 15
switch (config)# ip https
session-timeout 20
1.7.16 Modbus TCP
Table 1.43: Modbus TCP
Function Privilege Description Example
show tcp-modbus
status
show tcp-modbus
timeout
[no] tcp-modbus Admin EXEC Use "TCP-modbus"
User EXEC Show current TCP-modbus
status.
User EXEC Show current TCP-modbus
timeouts value.
command to enable TCP
modbus services.
Use no form to disable
service.
switch# show tcp-modbus
status
switch# show tcp-modbus
timeout
switch (config)# tcp-modbus
switch (config)# no tcp-modbus
1.7.17 IXM
Table 1.44: IXM
Function Privilege Description Example
[no] ixm Admin EXEC Use "IXM" command to
enable IXM services.
Use no form to disable
service.
switch (config)# ixm
switch (config)# no ixm
44 EKI-7000 Series User Manual
1.8 Diagnostic
1.8.1 Cable Diagnostic
Table 1.45: Cable Diagnostic
Function Privilege Description Example
show cable-diag
interfaces
IF_NMLPORTS
User EXEC Display the estimated
length of copper cable
attached to the ports.
Show cable-diag interface
all.
Display the estimated
length of copper cables
attached to all ports.
show cable-diag interface
Display the estimated
length of copper cable
attached to port gi1.
This example show the cable's
information which link in gi1.
switch (config)# show cablediag interfaces gi1
Port | Speed | Local pair | Pair
length | Pair status
------ + ------- + ------------+ -------
------ + -------------gi1 | auto | Pair A | 0.88
| Open
Pair B | 0.87
| Open
Pair C | 0.82
| Open
Pair D | 0.82
| Open
1.8.2 DMI
Table 1.46: DMI
Function Privilege Description Example
show dmi IF_PORTS
information
[no] dmi
(alarm|warning)
(temperature|volta
g|txbasis|txpower|
rxpower)
(high|low) state
dmi
(alarm|warning)
(temperature|volta
g|txbasis|txpower|
rxpower)
(high|low) value
INPUT_VALUE
Admin EXEC Use this command to
display the information of
EEPROM and Digital
Diagnostic Monitoring
Interface in SFP Optical
Transceivers.
Admin EXEC Use this command to
enable/disable the
mechanism that monitors
SFP Optical Transceiver's
Digital Diagnostic
Monitoring interface
information.
Use no form to disable
warning/alarm mechanism.
Admin EXEC Use this command to
configure high/low
threshold value used to
compare with SFP Optical
Transceiver's Digital
Diagnostic Monitoring
interface's value
(temperature, voltage, etc).
This example show SFP
Optical Transceivers
information whicn plug-in fa10.
switch# show dmi FastEthernet
10 information
This example shows how to
enable temperature's high
threshold monitor mechanism
with alarm level. (Current sfp
plug-in in fa10).
switch (config)# interface
FastEthernet 10
switch (config-if)# dmi alarm
temperature high state
This example shows how to
configure the temperature high
threshold value is 30.5 with
alarm level.
switch (config-if)# dmi alarm
temperature high value 30.5
EKI-7000 Series User Manual 45
Table 1.46: DMI (Continued)
Function Privilege Description Example
[no] dmi alarmwarning message
(log|snmp|mail)
Admin EXEC Use this command to
determine which method to
use when notifying of user
alarm/warning events.
This example shows how to
configure alarm-warning
message is system log.
switch (config)# dmi alarmwarning message log
1.8.3 IP-based Diagnostic
Table 1.47: IP-based Diagnostic
Function Privilege Description Example
ping HOSTNAME
[count <1-5>]
[interval <1-5>]
[size <8-5120>]
ping6 HOSTNAME
[count <1-5>]
[interval <1-5>]
[size <8-5120>]
show arp User EXEC Use "show arp" command
clear arp
[A.B.C.D]
User EXEC Use "ping" command to do
network ping diagnostic.
User EXEC Use "ping6" command to
carry out network ping
diagnostic.
to show all arp entries.
Admin EXEC Use "clear arp" command to
clear all arp entries or one
specific arp entry.
switch# ping 192.168.1.100
count 4 interval 4 size 128
switch# ping6 192.168.1.100
count 4 interval 4 size 128
Switch# show arp
Switch# clear arp
1.8.4 PoE
Table 1.48: PoE
Function Privilege Description Example
show poe
(system|port)
poe Admin EXEC Use PoE command to enter
system powerlimit
<0-800>
system legacymode(enable|
disable)
User EXEC Use "show PoE
(system|port)" command to
show current PoE setting
value and status.
PoE's control level.
Admin EXEC Use "system powerlimit"
command to configure how
much power can be used in
entire system.
Admin EXEC Use "legacy-mode (enable |
disable)" command to
configure supply power
mechanism in whole
system.
This example shows current
PoE status per port.
switch# show poe port
This example shows how to
enter PoE control level.
switch# configure
switch (config)# poe
switch (config-poe)#
This example shows how to
configure whole system
available power to 720W.
switch (config-poe)# system
power-limit 120
This example show how to
configure supply power
mechanism to legacy mode.
switch (config-poe)# system
legacy-mode enable
46 EKI-7000 Series User Manual
Table 1.48: PoE (Continued)
Function Privilege Description Example
interfaces
IF_NMLPORT state
(enable|disable)
interfaces
IF_NMLPORT
priority
(low|medium|high|
critical)
interfaces
IF_NMLPORT powerlimit <0-32000>
interfaces
IF_NMLPORT tyep
(af | both_at_af)
interfaces
IF_NMLPORT classerror-bypass
(enable | disable)
Admin EXEC Use "state (enable|disable)"
command to configure
whether PoE port will
supply power or not.
Admin EXEC Use "priority
(low|medium|high|critical)"
command to configure PoE
port's priority of power
supply sequence.
Admin EXEC Use "power-limit <0-
30000>" command to
configure how much power
can be used via PoE port.
Admin EXEC Use "type (af | both_at_af)"
command to determine
which PoE protocol support
by PoE port.
Two option can be selected:
AF only or AT/AF .
Admin EXEC Use “class-error-bypass
(enable | disable)”
command to configure PoE
port supply power ignore
error class detected.
This command is typically
used when PSE detects
PD-class errors.
This example shows how to
stop PoE port supply power via
fa1.
switch (config-poe)# interfaces
FastEthernet 1 state disable
This example shows how to
configure fa1 as the most high
priority level in power supply
sequence.
switch (config-poe)# interfaces
FastEthernet 1 priority critical
This example shows how to
configure fa1's power of PoE to
15W.
switch (config-poe)# interfaces
FastEthernet 1 power-limit
15000
This example show how to
configure gi1's PoE only
support AF proctocol only.
switch (config-poe)# interfaces
GigabitEthernet 1 type af
This example show how to
configure the gi1 PoE power
supply during a detected class
error.
switch (config-poe)# interfaces
GigabitEthernet 1 class-errorbypass enable
1.8.5 LED
Table 1.49: LED
Function Privilege Description Example
show led User EXEC Use "show LED" command
to show current LED event
status and error times.
This example shows current
LED event and its own error
times.
switch# show led
( ALARM LED ) EVENTS |
STATUS | ERROR TIMES
------------------------ + ----------- +
------------ Power Failure |
ERROR | 1
------------------------ + ----------- +
-------------
EKI-7000 Series User Manual 47
Table 1.49: LED (Continued)
Function Privilege Description Example
[no] led (alarm |
system)
[no] led (alarm |
system) (powerfailure | fiberdown | always)
led system blink
interval <0-3>
Admin EXEC Use "LED (alarm | system)"
command to configure LED
indication mechanism.
Use no form to disable LED
indication mechanism
configuration.
Admin EXEC Use "(power-failure | fiber-
down | always)" command
to configure which event will
be binding with which LED
indication mechanism.
Use no form to remove
event from LED indication
mechanism.
Admin EXEC Use "LED system blink
interval" command to
configure how long system
LED will blink for.
This example shows how to
configure enable alarm LED
indication mechanism.
switch (config)# led alarm
This example shows how to
add the event fiber-down to
alarm LED indication
mechanism.
switch (config)# led alarm
fiber-down
This example shows how to
configure system LED blink
interval.
switch (config)# led system
blink interval 3
1.8.6 System
Table 1.50: System
Function Privilege Description Example
show version User EXEC Use "show version"
command to show loader
and firmware version and
build date.
show info User EXEC Use "show info" command
to show system summary
information.
reboot Admin EXEC Use "reboot" command to
make system hot restart.
show language User EXEC
show flash User EXEC Use "show flash" command
to show all files" status
which stored in flash.
clear line telnet Admin EXEC
terminal length
<0-24>
show network-port User EXEC Show network port
[no] network-port
type
(http|https|telnet
|ssh)
network-port type
(http|https|telnet
|ssh) port-num <165535>
User EXEC
information.
Admin EXEC Use no form to restore
default value.
Admin EXEC Use the command to
change network port.
switch# show version
switch# show info
switch# reboot
switch# show flash
switch (config)# no networkport type http
switch (config)# network-port
type http port-num 8080
48 EKI-7000 Series User Manual
Table 1.50: System (Continued)
Function Privilege Description Example
system name NAME Admin EXEC Use "system name"
command to modify system
name information of the
switch.
system location
LOCATION
system contact
CONTACT
Admin EXEC Use "system contact"
command to modify contact
information of the switch.
Admin EXEC Use "system location"
command to modify
location information of the
switch.
switch (config)# system name
myname
switch (config)# system
contact callme
switch (config)# system
location home
EKI-7000 Series User Manual 49
www.advantech.com
Please verify specifications before quoting. This guide is intended for reference
purposes only.
All product specifications are subject to change without notice.
No part of this publication may be reproduced in any form or by any means,
electronic, photocopying, recording or otherwise, without prior written permission of the publisher.
All brand and product names are trademarks or registered trademarks of their
respective companies.
© Advantech Co., Ltd. 2020
Loading...