Allied Telesis AT-S94 CLI User Manual

Management Software
AT-S94
CLI User’s Guide
AT-8000S Series Stackable Gigabit Ethernet Switches Version 3.0.0.45
613-001983 Rev. A
Copyright © 2014 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis is a trademark of Allied Telesis, Inc. Mic ros oft and Internet Explorer are registered trad em arks of Mi crosoft Corporation.
Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners.
Allied Telesis, Inc. reserves the right to make changes in specifications and other information contained in this document without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.
Table of Contents
Preface................................................................................................................................. 14
Intended Audience.........................................................................................................................15
Document Conventions .................................................................................................................15
Contacting Allied Telesis ...............................................................................................................16
Chapter 1.Using the CLI..................................................................................................... 17
Overview..............................................................................................................................................17
CLI Command Modes....................................................................................................................17
Introduction..............................................................................................................................................17
User EXEC Mode ....................................................................................................................................17
Privileged EXEC Mode............................................................................................................................17
Global Configuration Mode......................................................................................................................18
Interface Configuration and Specific Configuration Modes.................................................. ....................19
Starting the CLI..............................................................................................................................20
Editing Features ............................................................................................................................20
Entering Commands................................................................................................................................20
Terminal Command Buffer.................................................................................................................21
Negating the Effect of Commands.....................................................................................................21
Command Completion........................................................................................................................21
Nomenclature.....................................................................................................................................22
Keyboard Shortcuts............................................................................................................................22
CLI Command Conventions...............................................................................................................22
Copying and Pasting Text............................................... .. ... ....................................................................23
Chapter 2.ACL Commands ................................................................................................ 24
ip access-list........................... .... ... ... ... .... ... ... ....................................... ... ... ... .... ... ................................24
permit (ip).............................................................................................................................................24
deny (IP)...............................................................................................................................................27
ipv6 access-list........................... ...................................... .... ... ... ... .... ...................................................29
permit (IPv6).........................................................................................................................................30
deny (IPv6)...........................................................................................................................................32
mac access-list........................... ... ... ... .... ... ... ... ....................................... ... ... .... ... ... .............................34
permit (MAC)........................................................................................................................................35
deny (MAC)..........................................................................................................................................35
service-acl............................................................................................................................................36
show access-lists.................................................................................................................................37
show interfaces access-lists.................................................................................................................38
Chapter 3.AAA Commands................................................................................................39
aaa authentication login.......................................................................................................................39
aaa authentication enable....................................................................................................................40
login authentication..............................................................................................................................41
enable authentication...........................................................................................................................42
Page 2
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide
ip http authentication .................... .... ...................................... .... ... ... ... .... ............................................ 42
ip https authentication................... .... ... ... ....................................... ... ... .... ... ......................................... 43
show authentication methods.............................................................................................................. 44
password............................................................................................................................................. 45
username............................................................................................................................................. 45
aaa accounting login............................................................................................................................46
aaa accounting dot1x ..........................................................................................................................47
show users accounts........................................................................................................................... 49
enable password ................................................................................................................................. 49
show accounting..................................................................................................................................50
Chapter 4.Address Table Commands............................................................................... 52
bridge address.....................................................................................................................................52
bridge multicast filtering.......................................................................................................................52
bridge multicast address...................................................................................................................... 53
bridge multicast forbidden address...................................................................................................... 54
bridge multicast unregistered ..............................................................................................................55
bridge multicast forward-all..................................................................................................................55
bridge multicast forbidden forward-all.................................................................................................. 56
bridge aging-time.................................................................................................................................57
clear bridge.......................................................................................................................................... 58
port security.........................................................................................................................................58
port security mode............................................................................................................................... 59
port security max................................................................................................................................. 59
port security routed secure-address....................................................................................................60
show bridge address-table ..................................................................................................................61
show bridge address-table static......................................................................................................... 62
show bridge address-table count.........................................................................................................62
show bridge multicast address-table ...................................................................................................64
show bridge multicast address-table static..........................................................................................66
show bridge multicast filtering .............................................................................................................66
show bridge multicast unregistered.....................................................................................................68
show ports security.............................................................................................................................. 68
show ports security addresses............... ... ....................................... ... .... ... ... ... ................................... 69
Chapter 5.Clock Commands.............................................................................................. 71
clock set..................... ....................................... ... ... ... .... ... ....................................... ............................71
clock source..................... .... ...................................... .... ... ... ... .... .........................................................71
clock timezone........................... ....................................... ... ... .... ... ... ................................................... 72
clock summer-time ........................... ... ... ... .... ... ....................................... ... ... ... ... .... ............................73
sntp authentication-key........................................................................................................................ 74
sntp authenticate................................................................................................................................. 75
sntp trusted-key................................................................................................................................... 75
sntp client poll timer............................................................................................................................. 76
sntp broadcast client enable................................................................................................................77
sntp anycast client enable ................................................................................................................... 77
sntp client enable (Interface)...............................................................................................................78
Page 3
sntp unicast client enable.....................................................................................................................78
sntp unicast client poll..........................................................................................................................79
sntp server ...........................................................................................................................................80
show clock............................................................................................................................................81
show sntp configuration .......................................................................................................................82
show sntp status ..................................................................................................................................83
Chapter 6.Configuration and Image File Commands...................................................... 85
copy......................................................................................................................................................85
dir.........................................................................................................................................................87
delete ...................................................................................................................................................88
boot system..........................................................................................................................................89
show running-config.............................................................................................................................89
show startup-config..............................................................................................................................90
show bootvar........................................................................................................................................91
Chapter 7.DHCP Snooping Commands............................................................................93
ip dhcp snooping.............. ... ... .... ... ... ... .... ...................................... .... ... ... ... ... .......................................93
ip dhcp snooping vlan ..........................................................................................................................93
ip dhcp snooping trust..........................................................................................................................94
ip dhcp snooping information option allowed-untrusted.......................................................................95
ip dhcp snooping verify ........................................................................................................................95
ip dhcp snooping database..................................................................................................................96
ip dhcp snooping database update-freq...............................................................................................96
ip dhcp snooping binding .....................................................................................................................97
clear ip dhcp snooping database .........................................................................................................98
show ip dhcp snooping.........................................................................................................................98
show ip dhcp snooping binding............................................................................................................99
Chapter 8.Ethernet Configuration Commands............................................................... 100
interface ethernet...............................................................................................................................100
interface range ethernet.....................................................................................................................100
shutdown............................................................................................................................................101
description..........................................................................................................................................102
speed .................................................................................................................................................102
duplex.................................................................................................................................................103
negotiation..........................................................................................................................................104
flowcontrol..........................................................................................................................................104
mdix....................................................................................................................................................105
back-pressure ....................................................................................................................................106
system flowcontrol......................... ... ... .... ... ... ... ... ....................................... ... .... ... ... ... ........................106
clear counters.....................................................................................................................................107
set interface active.............................................................................................................................107
show interfaces advertise...................................................................................................................108
show interfaces configuration.............................................................................................................109
show interfaces status........................................................................................................................110
show interfaces description................................................................................................................111
Page 4
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide
show interfaces counters...................................................................................................................112
port storm-control include-multicast (IC)............................................................................................ 115
port storm-control broadcast enable.................................................................................................. 115
port storm-control broadcast rate ......................................................................................................116
show ports storm-control ................................................................................................................... 117
Chapter 9.GVRP Commands............................................................................................ 118
gvrp enable (Global).......................................................................................................................... 118
gvrp enable (Interface) ......................................................................................................................118
garp timer .......................................................................................................................................... 119
gvrp vlan-creation-forbid....................................................................................................................120
gvrp registration-forbid....................................................................................................................... 120
clear gvrp statistics............................................................................................................................ 121
show gvrp configuration..................................................................................................................... 121
show gvrp statistics ........................................................................................................................... 122
show gvrp error-statistics...................................................................................................................123
Chapter 10.IGMP Snooping Commands......................................................................... 125
ip igmp snooping (Global)..................................................................................................................125
ip igmp snooping (Interface).............................................................................................................. 125
ip igmp snooping mrouter learn-pim-dvmrp....................................................................................... 126
ip igmp snooping host-time-out ......................................................................................................... 128
ip igmp snooping querier enable ....................................................................................................... 128
ip igmp snooping querier address ..................................................................................................... 129
ip igmp snooping querier version.......................................................................................................130
ip igmp snooping mrouter-time-out.................................................................................................... 130
ip igmp snooping leave-time-out........................................................................................................131
show ip igmp snooping mrouter..................................................................................................... ....132
show ip igmp snooping interface .......................................................................................................132
show ip igmp snooping groups.......................................................................................................... 134
Chapter 11.IP Addressing Commands............................................................................ 135
ip address.................................................. ....................................... ... .... ... ... ... .................................135
ip address dhcp................... ... ... ... ....................................... ... .... ... ... ... .............................................. 135
ip default-gateway .................. ... ... .... ... ....................................... ... ... ... .... ... ....................................... 136
show ip interface................................................................................................................................ 137
arp ..................................................................................................................................................... 138
arp timeout.........................................................................................................................................138
clear arp-cache..................................................................................................................................139
show arp............................................................................................................................................140
ip domain-lookup................. ... ... ... ....................................... ... .... ... ... ... .............................................. 140
ip domain-name......................... ... .... ... ... ... .... ... ....................................... ... ... ... ... .... ..........................141
ip name-server..................... ... ....................................... ... ... ... .... ... .................................................... 142
ip host.................................................. ... ....................................... ... ... .... ... ... .................................... 142
clear host...........................................................................................................................................143
clear host dhcp.................................................................................................................................. 143
show hosts......................................................................................................................................... 144
Page 5
Chapter 12.IPv6 Addressing Commands........................................................................ 146
ipv6 enable .... ...................................... .... ... ... ... ... ....................................... ... .... ... ... ... ........................146
ipv6 address .. ... ... ... ... .... ... ....................................... ... ... ... .... ... ...........................................................146
ipv6 address link-local ... ... ... ...............................................................................................................147
ipv6 default-gateway.................. ... ... ... ....................................... ... .... ... ... ... ........................................148
show ipv6 interface ............................................................................................................................149
ipv6 nd dad attempts..........................................................................................................................150
ipv6 host. ....................................... ... ... .... ... ... ....................................... ... ... ... .... .................................151
ipv6 neighbor.......................... .... ...................................... .... ... ... ... .... .................................................152
show ipv6 neighbors ..........................................................................................................................153
clear ipv6 neighbors...........................................................................................................................154
Chapter 13.Line Commands ............................................................................................ 155
line......................................................................................................................................................155
speed .................................................................................................................................................155
autobaud............................................................................................................................................156
exec-timeout.......................................................................................................................................157
history.................................................................................................................................................157
history size.......................... ... ....................................... ... .... ... ... ... .....................................................158
terminal history...................................................................................................................................158
terminal history size ...........................................................................................................................159
show line............................................................................................................................................160
Chapter 14.DHCP Option 82 Commands........................................................................162
ip dhcp information option..................................................................................................................162
show ip dhcp information option....................... ... .... ...................................... .... ... ... ... ........................162
Chapter 15.IP DHCP Relay ............................................................................................... 164
ip dhcp relay enable (global)..............................................................................................................164
ip dhcp relay enable (interface)..........................................................................................................164
ip dhcp relay address.........................................................................................................................165
show ip dhcp relay .............................................................................................................................165
Chapter 16.LACP Commands..........................................................................................167
lacp system-priority....................... ... ....................................... ... ... .... ... ... ...........................................167
lacp port-priority ............................... ... .... ...................................... .... ... ... ... ... .....................................168
lacp timeout... ... ....................................... ... ... ... ... .... ...................................... .... ... ... ... ........................169
show lacp ethernet.............................................................................................................................170
show lacp port-channel......................................................................................................................172
Chapter 17.LLDP Commands .......................................................................................... 174
lldp enable (global).............................................................................................................................174
lldp enable (interface).........................................................................................................................174
lldp timer.............................................................................................................................................175
lldp hold-multiplier..............................................................................................................................176
lldp reinit-delay...................................................................................................................................176
Page 6
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide
lldp tx-delay .......................................................................................................................................177
lldp optional-tlv...................................................................................................................................177
lldp management-address.................................................................................................................178
lldp notifications................................................................................................................................. 179
lldp med enable................................................................................................................................. 179
lldp med network-policy (global)........................................................................................................ 180
lldp med network-policy (interface)....................................................................................................181
lldp med location................................................................................................................................ 181
clear lldp rx........................................................................................................................................182
show lldp configuration...................................................................................................................... 183
show lldp med configuration.............................................................................................................. 184
show lldp local................................................................................................................................... 185
show lldp neighbors...........................................................................................................................187
Chapter 18.Login Banner Commands............................................................................. 192
login_banner......................................................................................................................................192
show login_banner ............................................................................................................................192
Chapter 19.Management ACL Commands ..................................................................... 194
management access-list....................................................................................................................194
permit (Management)........................................................................................................................195
deny (Management) ..........................................................................................................................196
management access-class................................................................................................................197
show management access-list ..........................................................................................................197
show management access-class.......................................................................................................198
Chapter 20.PHY Diagnostics Commands....................................................................... 199
test copper-port tdr............................................................................................................................199
show copper-ports tdr........................................................................................................................199
show copper-ports cable-length ........................................................................................................200
show fiber-ports optical-transceiver...................................................................................................201
Chapter 21.Port Channel Commands ............................................................................. 203
interface port-channel........................................................................................................................203
interface range port-channel..............................................................................................................203
channel-group.................................................................................................................................... 204
show interfaces port-channel.............................................................................................................204
Chapter 22.Port Monitor Commands .............................................................................. 206
port monitor .......................................................................................................................................206
show ports monitor............................................................................................................................ 207
Chapter 23.Power over Ethernet Commands................................................................. 208
power inline ............................ ... ... .... ... ....................................... ... ... ... .... ... ....................................... 208
power inline powered-device............................................... ... ....................................... ... .... ... .......... 208
power inline priority........................... ... ... ...........................................................................................209
power inline usage-threshold..................... .... ... ... ....................................... ... ... ... .... ..........................210
Page 7
power inline traps enable...................................................................................................................210
show power inline...............................................................................................................................211
show power inline power-consumption..............................................................................................213
show power inline version..................................................................................................................213
Chapter 24.QoS Commands ............................................................................................ 215
qos .....................................................................................................................................................215
show qos............................................................................................................................................215
priority-queue out num-of-queues......................................................................................................216
rate-limit .............................................................................................................................................216
traffic-shape .......................................................................................................................................217
show qos interface.............................................................................................................................218
wrr-queue cos-map............................................................................................................................219
qos trust (Global)................................. ....................................... ... .... ... ... ... ........................................220
qos map dscp-queue..........................................................................................................................220
qos cos... ... .... ... ... ... ... .... ...................................... .... ... ... ... .... ...................................... ........................221
show qos map....................................................................................................................................222
Chapter 25.Radius Commands........................................................................................224
radius-server host ..............................................................................................................................224
radius-server key................................................................................................................................225
radius-server retransmit.....................................................................................................................225
radius-server source-ip ......................................................................................................................226
radius-server source-ipv6...................................................................................................................227
radius-server timeout .........................................................................................................................227
radius-server deadtime ......................................................................................................................228
show radius-servers...........................................................................................................................228
Chapter 26.RMON Commands......................................................................................... 230
show rmon statistics...........................................................................................................................230
rmon collection history .. ... ... ... .... ... ... ... .... ...........................................................................................232
show rmon collection history..............................................................................................................232
show rmon history..............................................................................................................................233
rmon alarm....... ... ... ... .... ... ... ... ....................................... ... .... ... ... ... .....................................................236
show rmon alarm-table.......................................................................................................................237
show rmon alarm................................................................................................................................238
rmon event................................................................. ... ... .... ... ...........................................................240
show rmon events..............................................................................................................................240
show rmon log....................................................................................................................................241
rmon table-size........................... ... ... ... .... ... ... ....................................... ... ... ... .... .................................242
Chapter 27.SNMP Commands ......................................................................................... 244
snmp-server community.....................................................................................................................244
snmp-server view.......... ... ... ... ....................................... ... .... ... ... ....................................... .................245
snmp-server group.............................................................................................................................246
snmp-server user.......................... ....................................... ... ... ... .... ... ..............................................247
snmp-server engineID local .................................... ... ... ... .... ...................................... .... ... ... ... ...........248
Page 8
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide
snmp-server enable traps..................................................................................................................249
snmp-server filter....................... ... .... ... ... ... .... ... ....................................... ... ... ... ... .... ..........................249
snmp-server host...............................................................................................................................250
snmp-server v3-host..........................................................................................................................252
snmp-server trap authentication........................................................................................................253
snmp-server contact.......................................................................................................................... 253
snmp-server location.............. ... ... .... ... ... ... ....................................... ... .... ... ... ... .................................254
snmp-server set.................................................................................................................................254
show snmp ........................................................................................................................................ 255
show snmp engineid..........................................................................................................................257
show snmp views .............................................................................................................................. 257
show snmp groups ............................................................................................................................ 258
show snmp filters...............................................................................................................................259
show snmp users............................................................................................................................... 260
Chapter 28.Spanning-Tree Commands........................................................................... 261
spanning-tree..................................................................................................................................... 261
spanning-tree mode................... ... ....................................... ... .... ... ... ... .............................................. 261
spanning-tree forward-time............... ... ... ... .... ....................................................................................262
spanning-tree hello-time.................................................................................................................... 263
spanning-tree max-age......................................................................................................................263
spanning-tree priority.............................. ... ........................................................................................264
spanning-tree disable................ ... .... ... ....................................... ... ... ... .... ... ....................................... 264
spanning-tree cost............................................... ... ....................................... ... ... .... ... ... ....................265
spanning-tree port-priority .................................................................................................................266
spanning-tree portfast........................................................................................................................ 266
spanning-tree link-type........... ... ... .... ...................................... .... ... ... ... .... .......................................... 267
spanning-tree pathcost method.........................................................................................................268
spanning-tree bpdu................. ... ....................................... ... ... .... ... ... ................................................. 268
spanning-tree guard root...................................................................................................................269
spanning-tree bpduguard ....................... ... .... ... ... ... ....................................... ... ... .... ... ... ....................270
clear spanning-tree detected-protocols............................................................................................. 270
spanning-tree mst priority.................................................................................................................. 271
spanning-tree mst max-hops............................................ ....................................... ... ... ... .... ... .......... 271
spanning-tree mst port-priority...........................................................................................................272
spanning-tree mst cost .............................................. .... ... ... ... ....................................... ... .................273
spanning-tree mst configuration ........................................................................................................273
instance (mst)....................................................................................................................................274
name (mst) .......................... ... ... ... .... ...................................... .... ... ... ... .... .......................................... 275
revision (mst)..................................................................................................................................... 275
show (mst).........................................................................................................................................276
exit (mst)............................................................................................................................................ 277
abort (mst)................. ... ....................................... ... ... .... ... ... ....................................... .......................277
show spanning-tree........................................................................................................................... 278
Chapter 29.SSH Commands ............................................................................................ 290
ip ssh port.. ... ... .... ... ... ... ....................................... ... ... .... ... ....................................... ... .......................290
Page 9
ip ssh server..... ... ... ... ....................................... ... .... ... ... ....................................... ... ... ........................290
crypto key generate dsa.....................................................................................................................291
crypto key generate rsa......................................................................................................................291
ip ssh pubkey-auth........... ... ... .... ... ... ... .... ...................................... .... ... ... ... ... .....................................292
crypto key pubkey-chain ssh..............................................................................................................293
user-key .............................................................................................................................................294
key-string............................................................................................................................................294
show ip ssh ........................................................................................................................................295
show crypto key mypubkey................................................................................................................296
show crypto key pubkey-chain ssh ....................................................................................................297
Chapter 30.Syslog Commands........................................................................................299
logging on...........................................................................................................................................299
logging................................................................................................................................................299
logging console..................................................................................................................................300
logging buffered .................................................................................................................................301
logging buffered size..........................................................................................................................301
clear logging.......................................................................................................................................302
logging file..........................................................................................................................................303
clear logging file.................................................................................................................................303
aaa logging.........................................................................................................................................304
file-system logging .............................................................................................................................304
management logging..........................................................................................................................305
show logging......................................................................................................................................306
show logging file.................................................................................................................................307
show syslog-servers...........................................................................................................................308
Chapter 31.TACACS+ Commands...................................................................................310
tacacs-server host.. ... .... ... ... ... ............................................................................................................310
tacacs-server key............. ... ...............................................................................................................311
tacacs-server timeout.... ...................................... .... ... ... ... .... ...................................... .... ... .................311
tacacs-server source-ip......................................................................................................................312
show tacacs .......................................................................................................................................312
Chapter 32.Tunnel Commands........................................................................................314
interface tunnel...................................................................................................................................314
tunnel mode ipv6ip.............................................................................................................................314
tunnel isatap router ............................................................................................................................315
tunnel source......................................................................................................................................316
tunnel isatap query-interval................................................................................................................316
tunnel isatap solicitation-interval........................................................................................................317
tunnel isatap robustness....................................................................................................................318
show ipv6 tunnel ................................................................................................................................318
Chapter 33.System Management Commands................................................................320
ping ....................................................................................................................................................320
telnet ..................................................................................................................................................321
Page 10
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide
reload................................................................................................................................................. 324
resume............................................................................................................................................... 325
hostname........................................................................................................................................... 325
stack master...................................................................................................................................... 326
stack reload....................................................................................................................................... 327
stack change unit-id........................................................................................................................... 327
show stack......................................................................................................................................... 328
show users ........................................................................................................................................ 329
show sessions................................................................................................................................... 330
show system...................................................................................................................................... 331
show system id..................................................................................................................................332
show version...................................................................................................................................... 333
Chapter 34.User Interface Commands............................................................................ 335
do.......................................................................................................................................................335
enable................................................................................................................................................ 336
disable............................................................................................................................................... 336
login...................................................................................................................................................337
configure............................................................................................................................................ 337
exit (Configuration)............................................................................................................................ 338
exit.....................................................................................................................................................338
end.....................................................................................................................................................339
help.................................................................................................................................................... 339
terminal datadump.............................................................................................................................340
show history....................................................................................................................................... 341
show privilege.................................................................................................................................... 342
Chapter 35.VLAN Commands.......................................................................................... 343
vlan database.................. .... ... ... ....................................... ... ... .... ... ... ................................................. 343
vlan....................................................................................................................................................343
interface vlan.....................................................................................................................................344
interface range vlan........................................................................................................................... 345
name.................................................................................................................................................. 345
switchport protected ..........................................................................................................................346
switchport mode ................................................................................................................................347
switchport access vlan....................................................................................................................... 348
switchport trunk allowed vlan..... ... .... ...................................... .... ... ... ... .............................................. 348
switchport trunk native vlan ............................................................................................................... 349
switchport general allowed vlan................. .... ... ... ....................................... ... ... ... .... ..........................349
switchport general pvid......................................................................................................................350
switchport general ingress-filtering disable.................................................................................... ....351
switchport general acceptable-frame-type tagged-only.....................................................................351
switchport general map macs-group vlan..........................................................................................352
map mac macs-group........................................................................................................................353
show vlan macs-group....................................................................................................................... 353
switchport forbidden vlan..................... ... ....................................... ... ... .... ... ....................................... 354
ip internal-usage-vlan................ ... .... ... ... ... .... ...................................... .... ... ... ... ... ..............................355
Page 11
show vlan...........................................................................................................................................356
show vlan internal usage....................................................................................................................356
show interfaces switchport.................................................................................................................357
Chapter 36.Web Server Commands................................................................................361
ip http server ................................. ... ... ....................................... ... .... ... ... ... ........................................361
ip http port.................................. ... ....................................... ... ... ... .... ... ..............................................361
ip http exec-timeout ....................................... ... ... .... ... ... ....................................... ... ... .... ....................362
ip https server................................ ... ....................................... ... ... .... ... ... ...........................................362
ip https port ... ...................................... .... ... ... ... ... ....................................... ... .... ... ... ... ........................363
ip https exec-timeout..... ... ... ... .... ... ... ....................................... ... ... .... ... ..............................................364
crypto certificate generate................................... .... ...................................... .... ... ... ... .... ....................364
crypto certificate request........ ....................................... ... .... ... ... ... .....................................................365
crypto certificate import....... ....................................... ... ... .... ... ... ....................................... .................367
ip https certificate............................. ... .... ... ....................................... ... ... ... ... .... .................................368
show crypto certificate mycertificate ..................................................................................................369
show ip http........................................................................................................................................369
show ip https......................................................................................................................................370
Chapter 37. 802.1x Commands........................................................................................ 372
aaa authentication dot1x....................................................................................................................372
dot1x system-auth-control................................ ... .... ... ... ... .... ... ....................................... ... ... ..............372
dot1x port-control................................................................. ... ... ... .... .................................................373
dot1x re-authentication.................................. ....................................... ... ... ... .... ... ..............................374
dot1x timeout re-authperiod............................. ... .... ... ....................................... ... ... ... .... ... .................374
dot1x re-authenticate .................................... ... ... .... ... ... ....................................... ... ... .... ... .................375
dot1x timeout quiet-period..................................................................................................................376
dot1x timeout tx-period............................ ... ....................................... ... ... ... ... .... .................................376
dot1x max-req....................................................................................................................................377
dot1x timeout supp-timeout.... ....................................... ... .... ... ... ... ....................................... ..............378
dot1x timeout server-timeout......................... ....................................... ... ... ... .... ... ..............................378
show dot1x.........................................................................................................................................379
show dot1x users...............................................................................................................................381
show dot1x statistics..........................................................................................................................383
dot1x auth-not-req..............................................................................................................................384
dot1x guest-vlan .. ....................................... ........................................................................................385
dot1x single-host-violation..................................................................................................................386
dot1x mac-authentication...................................................................................................................387
show dot1x advanced ........................................................................................................................387
dot1x guest-vlan enable......... ............................................................................................................389
dot1x guest-vlan timeout....................................................................................................................389
dot1x radius-attributes vlan........ ... ... ... .... ... ... ... ....................................... ... ... .... ... ... ...........................390
Index................................................................................................................................... 392
Page 12
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide
Page 13

Preface

Preface
This guide describes how to configure an AT-8000S Series switch with AT-S94 V2.0.0 firmware using the command line interface. The commands are grouped by topic into the following chapters:
Chapter 1. "Using the CLI" — Describe the CLI basic structure and command usage.
Chapter 2. "ACL Commands" — Define MAC and IP based ACLs and ACL bindings.
Chapter 3. "AAA Commands" — Define the authentication method lists for servers.
Chapter 4. "Address Table Commands" — Register MAC-layer Multicast addresses, and handles MAC-
layer secure address to a routed port .
Chapter 5. "Clock Commands" — Show the configuration or status of the Simple Network Time Protocol
(SNTP).
Chapter 6. "Configuration and Image File Commands" — Display the contents of the currently running
configuration file, specify contents of image files.
Chapter 7. "DHCP Snooping Commands" — Contains parameters for enabling DHCP Snooping on the
device
Chapter 8. "Ethernet Configuration Commands" — Configure multiple Ethernet type interfaces.
Chapter 9. "GVRP Commands" — Display the GARP VLAN Registration Protocol (GVRP) configuration
information, enable GVRP globally or on an interface.
Chapter 10. "IGMP Snooping Commands" — Enable the Internet Group Management Protocol (IGMP)
snooping.
Chapter 11. "IP Addressing Commands" — Define a default gateway, set an IP address for interface,
delete entries from the host.
Chapter 12. "IPv6 Addressing Commands" — Define addressing commands for the IPv6 protocol.
Chapter 13. "Line Commands" — Display line parameters, enable the command history function, or
configure the command history buffer size.
Chapter 14. "DHCP Option 82 Commands" — DHCP with Option 82 attaches authentication messages to
the packets sent from the host. DHCP passes the configuration information to hosts on a TCP/IP network. This permits network administrators to limit address allocation authorized hosts.
Chapter 15. "IP DHCP Relay" — Defines Dynamic Host Configuration Protocol (DHCP) relay features on
the router.
Chapter 16. "LACP Commands" — Specify LACP system and port priority and display LACP information.
Chapter 17. "LLDP Commands" — Define commands for use with LLDP.
Chapter 18. "Login Banner Commands" — Display login banner commands.
Chapter 19. "Management ACL Commands" — Define a permit or deny a rule, or configure a management
access control list.
Chapter 20. "PHY Diagnostics Commands" — Display the optical transceiver diagnostics.
Chapter 21. "Port Channel Commands" — Enter the interface configuration mode to confi gure a specific,
or a multiple port-channel.
Chapter 22. "Port Monitor Commands" — Start a port monitoring session, or display the port monitoring
status.
Chapter 23. "Power over Ethernet Commands" — Configure and display Power over Ethernet device
settings.
Chapter 24. "QoS Commands" — Enable Quality of Service (QoS) on the device, create policy maps, and
define traffic classifications
Page 14
Allied Telesis
Note
Caution
Warning
AT-8000S-S94-3.0 Command Line Interface User’s Guide
Chapter 25. "Radius Commands" — Specify the source IP address used for communication with Remote
Authentication Dial-in User Service (RADIUS) servers, and display the RADIUS server settings.
Chapter 26. "RMON Commands" — Display the Remote Network Monitoring (RMON) Ethernet history
statistics, alarms table and configuration.
Chapter 27. "SNMP Commands" — Configure the community access string to permit access to the Simple
Network Management Protocol (SNMP) server, create or update SNMP server entries, and specify SNMP engineID.
Chapter 28. "Spanning-Tree Commands" — Configure the spanning-tree functionality.
Chapter 29. "SSH Commands" — Display the Secure Socket Shell (SSH) public keys on the device, SSH
server configuration, or which SSH public key is manually configured.
Chapter 30. "Syslog Commands" — Log messages to a syslog server, or limit log messages to a syslog
server.
Chapter 31. "TACACS+ Commands" — Display configuration and statistical information about a Terminal
Access Controller Access Control System (TACACS+) server, or specify a TACACS+ host.
Chapter 32. "Tunnel Commands" — Configure interface tunnel commands.
Chapter 33. "System Management Commands" — Display and list system, version or Telnet session
information.
Chapter 34. "User Interface Commands" — Display and list system, version or Telnet session information.
Chapter 35. "VLAN Commands" — Enter the (Virtual Local Area Network) VLAN Configuration mode,
enable simultaneously configuring multiple VLANs, or adds or remove VLANs.
Chapter 36. "Web Server Commands" — Enable configuring the device from a browser, or display the
HTTP server configuration.
Chapter 37. "802.1x Commands" — Specify authentication, authorization and accounting (AAA) methods
for use on interfaces running IEEE 802.1x, and enable 802.1x globally.

Intended Audience

This guide is intended for network administrators familiar with IT concepts and terminology.

Document Conventions

This document uses the following conventions:
Provides related information or information of special importance.
Indicates potential damage to hardware or software, or loss of data.
Indicates a risk of personal injury.
Page 15

Contacting Allied Telesis

Contacting Allied Telesis
This section provides Allied Telesis contact information for technical support as well as sales or corporate information. .
Preface
Online Support
Email and Telephone Support
Returning Products
For Sales or Corporate Information
Warranty
You can request technical support online by accessing the Allied Telesis Knowledge Base from the following web site: www.alliedtelesis.com/support. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions..
For Technical Support via email or telephone, refer to the Allied Telesis web site: www.alliedtelesis.com. Select your country from the list displayed on the website. Then select the appropriate menu tab.
Products for return or repair must first be assigned a Return Materials Authorization (RMA) number. A product sent to Allied Telesis without a RMA number will be returned to the sender at the sender’s expense.
To obtain an RMA number, contact the Allied Telesis Technical Support group at our web site: www.alliedtelesis.com/support/. Select your country from the list displayed on the website. Then select the appropriate menu tab.
You can contact Allied Telesis for sales or corporate information at our web site: www.alliedtelesis.com. Select your country from the list displayed on the website. Then select the appropriate menu tab.
The AT-8000S Series Switch has a limited warranty of two years. Go to www.alliedtelesis.com/warranty for the specific terms and conditions of the warranty and for warranty registration.
Page 16
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide

Chapter 1. Using the CLI

Overview

This chapter describes how to start using the CLI and the CLI command editing features.

CLI Command Modes

Introduction

To assist in configuring the device, the Command Line Interface (CLI) is divided into different command modes. Each command mode has its own set of specific commands. Entering a question mark "?" at the system prompt (console prompt) displays a list of commands available for that particular command mode.
From each mode a specific command is used to navigate from one command mode to another. The standard order to access the modes is as follows: Privileged EXEC mode, Global Configuration mode, and Interface Configuration mode. After logging into the device, the user is automatically in Privileged EXEC command mode unless the user is defined as a User EXEC user.
The User EXEC mode can be assigned for a user once a user account is created. Only a limited subset of commands are available in User EXEC mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required.
The Privileged EXEC mode gives access to commands that are restricted on User EXEC mode and provides access to the device Configuration mode.
The Global Configuration mode manages the device configuration on a global level. The Interface Configuration mode configures specific interfaces in the device.

User EXEC Mode

In general, the User EXEC commands allow the user to perform basic tests, and list system information. The user-level prompt consists of the device host name followed by the angle bracket (>).
Console>
The default host name is Console unless it has been changed using the hostname command in the Global Configuration mode.

Privileged EXEC Mode

Privileged access is the system default mode and is password protected to prevent unauthorized use because many of the privileged commands set operating system parameters. The password is not displayed on the screen and is case sensitive.
Privileged users enter directly into the Privileged EXEC mode. To enter the Privileged EXEC mode from the User EXEC mode, perform the following steps:
1. At the prompt enter the enable command and press <Enter>. A password prompt is displayed.
Page 17
Using the CLI
CLI Command Modes
2. Enter the password and press <Enter>. The password is displayed as *. The Privileged EXEC mode prompt is displayed. The Privileged EXEC mode prompt consists of the device host name followed by #.
Console#
To return from the Privileged EXEC mode to the User EXEC mode, use the disable command. The following example illustrates how to access the Privileged EXEC mode and return to the User EXEC mode:
Console> Enter Password: ****** Console# Console# Console>
The exit command is used to return from any mode to the previous mode except when returning to the User EXEC mode from the Privileged EXEC mode. For example, the exit command is used to return from the Inter face Configuration mode to the Global Configuration mode.
enable
disable

Global Configuration Mode

Global Configuration mode commands apply to features that affect the system as a whole, rather than just a specific interface. The configure Privileged EXEC mode command is used to enter the Global Configuration mode.
To enter the Global Configuration mode perform the following steps:
1. At the Privileged EXEC mode prompt enter the configure command and press <Enter>. The Global Configuration mode prompt is displayed. The Global Configuration mode prompt consists of the device host name followed by (config) and #.
Console(config)#
One of the following commands can be used to return from the Global Configuration mode to the Privileged EXEC mode:
exit
end
Ctrl+Z
The following example illustrates how to access the Global Configuration mode and return to the Privileged EXEC mode:
Console# Console# Console(config)# Console#
configure
exit
Page 18
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide

Interface Configuration and Specific Configuration Modes

Interface Configuration mode commands modify specific interface operations. The following are the Interface Configuration modes:
Line Interface — Contains commands to configure the management connections. These include commands
such as line timeout settings, etc. The line Global Configuration mode command is used to enter the Line Configuration command mode.
VLAN Database — Contains commands to create a VLAN as a whole. The VLAN database Global
Configuration mode command is used to enter the VLAN Database Interface Configuration mode.
Management Access List — Contains commands to define management access-lists. The management
access-list Global Configuration mode command is used to enter the Management Access List Configuration
mode.
Ethernet — Contains commands to manage port configuration. The interface ethernet Global Configuration
mode command is used to enter the Interface Configuration mode to configure an Ethernet type interface.
Port Channel — Contains commands to configure port-channels, for example, assigning ports to a port-
channel. Most of these commands are the same as the commands in the Ethernet interface mode, and are used to manage the member ports as a single entity. The interface port-channel Global Configuration mode command is used to enter the Port Channel Interface Configuration mode.
SSH Public Key-chain — Contains commands to manually specify other device SSH public keys. The
crypto key pubkey-chain ssh Global Configuration mode command is used to enter the SSH Public Key-
chain Configuration mode.
QoS — Contains commands related to service definitions. The qos Global Configuration mode command is
used to enter the QoS services configuration mode.
MAC Access-List— Configures conditions required to allow traffic based on MAC addresses. The mac
access-list Global Configuration mode command is used to enter the MAC access-list configuration mode.
Tunnel Mode — Configures tunneling specifications in the device. The tunnel interface Global
Configuration mode command is used to enter the tunneling configuration mode.
Page 19
Using the CLI
Note
Note
Note

Starting the CLI

Starting the CLI
The device can be managed over a direct connection to the device console RS-232 port or via a Telnet connection. The device is managed by entering command keywords and parameters at the prompt. Using the device Command Line Interface (CLI) is very similar to entering commands on a UNIX system.
If access is via a Telnet connection, ensure that the device has a defined IP address, corresponding management access is granted, and the workstation used to access the device is connected to the device prior to using CLI commands.
The following steps are for use on the console line only.
To start using the CLI, perform the following steps:
1. Connect the DB9 null-modem or cross over cable to the RS-232 serial port of the device to the RS-232 serial port of the terminal or computer running the terminal emulation application.
The default data rate is 115200 bps.
a) Set the data format to 8 data bits, 1 stop bit, and no parity. b) Set Flow Control to none.
c) Under Properties, select VT100 for Emulation mode. d) Select Terminal keys for Function, Arrow, and Ctrl keys. Ensure that the setting is for Terminal keys
(not Windows keys).
When using HyperTerminal with Microsoft® Windows 2000, ensure that Windows® 2000 Service Pack 2 or later is installed. With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal’s VT100 emulation. Go to www.microsoft.com for information on Windows 2000 service packs.
2. Configure the device and enter the necessary commands to complete the required tasks.
3. When finished, exit the session with the exit command.
When a different user is required to log onto the system, use the login Privileged EXEC mode command. This effectively logs off the current user and logs on the new user.

Editing Features

Entering Commands

A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command show interfaces status ethernet 1/e11, show, interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/e11 specifies the port.
Page 20
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide
To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter:
Console(config)#
When working with the CLI, the com m an d options are not displayed. The command is not selected from a menu, but is manually entered. To see what commands are available in each mode or within an interface configuration, the CLI does provide a method of displaying the available commands, the command syntax requirements and in some instances parameters required to complete the command. The standard command to request help is ?.
There are two instances where help information can be displayed:
username
admin
password
alansmith
Keyword lookup — The character ? is entered in place of a command. A list of all valid commands and
corresponding help messages are is displayed.
Partial keyword lookup — If a command is incomplete and or the character ? is entered in place of a
parameter. The matched keyword or parameters for this command are displayed.
To assist in using the CLI, there is an assortment of editing features. The following features are described:
Terminal Command Buffer
Command Completion
Nomenclature
Keyboard Shortcuts
Terminal Command Buffer
Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a First In First Out (FI FO) basis. These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets.
Keyword Description
Up-arrow key Ctrl+P
Down-arrow key Returns to more recent commands in the history buffer after recalling
By default, the history buffer system is enabled, but it can be disabled at any time. For information about the command syntax to enable or disable the history buffer, see history.
There is a standard default number of commands that are stored in the buffer. The standard number of 10 commands can be increased to 216. By configuring 0, the effect is the same as disabling the history buffer system. For information about the command syntax for configuring the command history buffer, see history size.
To display the history buff er, see show history.
Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands.
commands with the up-arrow key. Repeating the key sequence will recall successively more recent commands.
Negating the Effect of Commands
For many configuration commands, the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value. This guide describes the negation effect for all applicable commands.
Command Completion
If the command entered is incomplete, invalid or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing the <Tab> button, an incomplete
Page 21
Using the CLI
Editing Features
command is entered. If the characters already entered are not enough for the system to identify a single matching command, press ? to display the available commands matching the characters already entered.
Nomenclature
When referring to an Ethernet port in a CLI command, the following format is used:
For an Ethernet port on a standalone device: Ethernet_type port_number
For an Ethernet port on a stacked device: unit_number/Ethernet_type port number
The Ethernet type is Fast Ethernet (indicated by “e”). For example, and e3 stands for Fast Ethernet port 3 on a stand-alone device, whereas 1/e3 stands for Fast
Ethernet port 3 on stacking unit 1. The ports may be described on an individual basis or within a range. Use format port number-port number to
specify a set of consecutive ports and port number, port number to indicate a set of non-consecutive ports. For example, e1-3 stands for Ethernet ports 1, 2 and 3, and e1, 5 stands for Ethernet ports 1 and 5.
Keyboard Shortcuts
The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts.
Keyboard Key Description
Up-arrow key Recalls commands from the history buffer, beginning with the most recent command.
Repeat the key sequence to recall successively older commands.
Down-arrow key Returns the most recent commands from the history buffer after recalling commands with
the up arrow key. Repeating the key sequence will recall successively more recent
commands. Ctrl+A Moves the cursor to the beginning of the command line. Ctrl+E Moves the cursor to the end of the command line. Ctrl+Z / End Returns back to the Privileged EXEC mode from any configuration mode. Backspace key Deletes one character left to the cursor position.
CLI Command Conventions
When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions.
Convention Description
[ ] In a command line, square brackets indicates an optional entry. { } In a command line, curly brackets indicate a selection of compulsory parameters
separated by the | character. One option must be selected. For example: flowcontrol {auto|on|off} means that for the flowcontrol command either auto, on or off must be
selected. Italic font Indicates a parameter. <Enter> Indicates an individual key on the keyboard. For example, <Enter> indicates the Enter
key.
Page 22
Note
Note
Ctrl+F4 Any combination keys pressed simultaneously on the keyboard.
Screen Display
all When a parameter is required to define a range of ports or parameters and all is an
Indicates system messages and prompts appearing on the console.
option, the default for the command is all when no parameters are defined. For example, the command interface range port-channel has the option of either entering a range of channels, or selecting all. When the command is entered without a parameter, it automatically defaults to all.

Copying and Pasting Text

Up to 1000 lines of text (i.e., commands) can be copied and pasted into the device.
It is the user’s responsibility to ensure that the text copied into the device consists of legal commands only.
This feature is dependent on the baud rate of the device.
The default device baud rate is 115,200
When copying and pasting commands from a configuration file, make sure that the following conditions exist:
A device Configuration mode has been accessed.
The commands contain no encrypted data, like encrypted passwords or keys. Encrypted data cannot be
copied and pasted into the device.
ACL Commands

Chapter 2. ACL Commands

ip access-list

The ip access-list Global Configuration mode command defines an IPv4 Access List and places the devic e in IPv4 Access List Configuration mode. Use the no form of this command to remove the Access List.
Syntax
ip access-list access-list-name no ip access-list access-list-name
Parameters
access-list-name — Name of the IPv4 Access List. (Range: 1 - 32 characters)
Default Configuration
No IPv4 Access List is defined
Command Mode
Global Configuration mode
User Guidelines
IPv4 ACLs are defined by a unique name. An IPv4 ACL and MAC ACL cannot share the same name.
Example
The following example places the device in IPv4 Access List Configuration mode.
console(config)#
ip access-list

permit (ip)

The permit IP Access-list Configuration mode command sets conditions to allow a packet to pass a named IP Access List.
Syntax
permit {any | protocol} {any | {source source-wildcard}} {any | {destination destination-wildcard}} [dscp number | ip-precedence number] [fragments]
permit-icmp {any | {source source-wildcard}} {any | {destination destination-wildcard}} {any | icmp-type} {any | icmp-code} [dscp number | ip-precedence number]
permit-igmp {any | {source source-wildcard}} {any | {destination destination-wildcard}} {any | igmp-type} [dscp number | ip-precedence number]
permit-tcp {any | { source source-wildcard}} {any | source-port} {any |{ destination destination-wildcard}} {any |
destination-port} [dscp number | ip-precedence number] [flags list-of-flags]
Page 24
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide
permit-udp {any | { source source-wildcard}} {any | source-port} {any | {destination destination-wildcard}} {any | destination-port} [dscp number | ip-precedence number]
Parameters
source — Source IP address of the packet.
source-wildcard — Wildcard bits to be applied to the source IP address. Use 1s in the bit position to be
ignored.
destination — Destination IP address of the packet.
destination-wildcard — Wildcard bits to be applied to the destination IP address. Use 1s in the bit position to
be ignored.
protocol — The name or the number of an IP protocol. Available protocol names: icmp, igmp, ip, tcp, egp,
igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp, isis. (Range: 0 - 255)
dscp number — Speci fies the DSCP value.
ip-precedence number — Specifies the IP precedence value.
fragments— The set of conditions is applied only to noninitial fragments.
icmp-type — Specifies an ICMP message type for filtering ICMP packets. Enter a number or one of the
following values: echo-reply, destination-unreachable, source-quench, redirect, alternate-host­address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-request, address mask-reply, traceroute, datagram-conversion-error , mobile-host-redirect, mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip, photuris. (Range: 0 - 255)
icmp-code — Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)
igmp-type — IGMP packets can be filtered by IGMP message type. Enter a number or one of the following
values: host-query , host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-v2, host-report-v3. (Range: 0 - 255)
destination-port — Specifies the UDP/TCP destination port. (Range: 1 - 65535)
source-port — Specifies the UDP/TCP source port. (Range: 1 - 65535)
flags list-of-flags — List of TCP flags that should occur. If a flag should be set it is prefixed by "+".If a flag
should be unset it is prefixed by "-". Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, ­psh, -rst, -syn and -fin. The flags are concatenated to a one string. For example: +fin-ack.
Page 25
ACL Commands
IP Protocol Abbreviated Name Protocol Number
Internet Control Message Protocol icmp 1 Internet Group Management Protocol igmp 2 IP in IP (encapsulation) Protocol ipinip 4 Transmission Control Protocol tcp 6 Exterior Gateway Protocol egp 8 Interior Gateway Protocol igp 9 User Datagram Protocol udp 17 Host Monitoring Protocol hmp 20 Reliable Data Protocol rdp 27
Inter-Domain Policy Routing Protocol Ipv6 protocol ipv6 41
Routing Header for IPv6 ipv6-route 43 Fragment Header for IPv6 ipv6-frag 44
Inter-Domain Routing Protocol Reservation Protocol rsvp 46 General Routing Encapsulation gre 47
Encapsulating Security Payload (50) Authentication Header ah 51 ICMP for IPv6 ipv6-icmp 58 EIGRP routing protocol eigrp 88
Open Shortest Path Protocol ospf 89 Protocol Independent Multicast pim 103 Layer Two Tunneling Protocol l2tp 115 ISIS over IPv4 isis 124 (any IP protocol) any 25504
idpr 35
idrp 45
esp 50
dscp — Indicates matching the dscp number with the packet dscp value.
ip-precedence — Indicates matching ip-precedence with the packet ip-precedence value.
icmp-type — Specifies an ICMP message type for filtering ICMP packets. Enter a value or one of the following
values: echo-reply, destination-unreachable, source-quench, redirect, alternate-host-address, echo­request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-request, address-mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, ipv6-where-are-you, ipv6-i-am-here,
Page 26
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide
mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip and photuris. (Range: 0-255)
icmp-code — Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by
ICMP message type can also be filtered by the ICMP message code. (Range: 0-255)
igmp-type — IGMP packets can be filtered by IGMP message type. Enter a number or one of the following
values: dvmrp, host-query, host-report, pim or trace. (Range: 0-255)
destination-port — Specifies the UDP/TCP destination port. (Range: 0-65535)
source-port — Specifies the UDP/TCP source port. (Range: 0-65535)
list-of-flags — Specifies a list of TCP flags that can be triggered. If a flag is set, it is prefixed by “+”. If a flag is
not set, it is prefixed by “-”. Possible values: +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and -fin. The flags are concatenated into one string. For example: +fin-ack.
Default Configuration
No IPv4 ACL is defined.
Command Mode
Ip Access-list Configuration mode
User Guidelines
You enter IP-Access List configuration mode by using the ip access-list Global Configuration mode command.
Example
The following example defines a permit statement for an IP ACL.
console(config)# console(config-ip-al)#
ip access-list
permit
rsvp 192.1.1.1 0.0.0.0
ip-acl1
any dscp
56

deny (IP)

The deny IP Access List Configuration mode command sets conditions to not allow a packet to pass a named IP Access List.
Syntax
deny [disable-port] {any| protocol} {any|{source source-wildcard}} {any|{destination destination-wildcard}} [dscp number | ip-precedence number]
deny-icmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}} {any|icmp­type} {any|{icmp-code} [dscp number | ip-precedence number]
deny-igmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}} {any|igmp- type} [dscp number | ip-precedence number]
deny-tcp [disable-port] {any|{ source source-wildcard}} {any|source-port} {any|{ destination destination- wildcard}} {any|destin
deny-udp [disable-port] {any|{ source source-wildcard}} {any| source-port} {any|{destination destination-
wildcard}} {any|destination-port} [dscp number | ip-precedence number]
ation-port} [dscp number | ip-precedence number] [flags list-of-flags]
Page 27
ACL Commands
Parameters
disable-port — The Ethernet interface is disabled if the condition is matched.
source — Source IP address of the packet.
source-wildcard — Wildcard bits to be applied to the source IP address. Use 1s in the bit position to be
ignored.
destination — Packet’s destination IP address.
destination-wildcard — Wildcard bits to be applied to the destination IP address. Use 1s in the bit position to
be ignored.
protocol —The name or number of an IP protocol. Available protocol names: icmp, igmp, ip, tcp, egp, igp,
udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp, isis.: (Range: 0 - 255)
dscp number — Specifies the DSCP value.
ip-precedence number — Specifies the IP precedence value.
icmp-type — Specifies an ICMP message type for filtering ICMP packets. Enter a number, or one of the
following values: echo-reply, destination-unreachable, source-quench, redirect, alternate-host­address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-request, address­mask-reply, traceroute, datagram-conversion-error , mobile-host-redirect, mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip, photuriss. (Range: 0 - 255)
icmp-code — Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)
igmp-type — GMP packets can be filtered by IGMP message type. Enter a number, or one of the following
values: host-query , host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-v2, host-report-v3. (Range: 0 - 255)
destination-port — Specifies the UDP/TCP destination port. (Range: 1 - 65535)
source-port — Specifies the UDP/TCP source port. (Range: 1 - 65535)
flags list-of-flags — List of TCP flags that should occur. If a flag is intended to be set, it is prefixed by ‘+’.If a
flag should be unset it is prefixed by ‘-’. Available options are: +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack,
-psh, -rst, -syn and -fin. The flags are concatenated to a single string. For example: +fin-ack.
IP Protocol Abbreviated Name Protocol Number
Internet Control Message Protocol icmp 1 Internet Group Management Protocol igmp 2 Transmission Control Protocol tcp 6 Exterior Gateway Protocol egp 8 Interior Gateway Protocol igp 9 User Datagram Protocol udp 17 Host Monitoring Protocol hmp 20 Reliable Data Protocol rdp 27
Inter-Domain Policy Routing Protocol Ipv6 protocol ipv6 41
Routing Header for IPv6 ipv6-route 43 Fragment Header for IPv6 ipv6-frag 44
Inter-Domain Routing Protocol Reservation Protocol rsvp 46
idpr 35
idrp 45
Page 28
Allied Telesis AT-8000S-S94-3.0 Command Line Interface User’s Guide
IP Protocol Abbreviated Name Protocol Number
General Routing Encapsulation gre 47 Encapsulating Security Payload (50)
Authentication Header ah 51 ICMP for IPv6 ipv6-icmp 58 EIGRP routing protocol eigrp 88 Open Shortest Path Protocol ospf 89 Protocol Independent Multicast pim 103 Layer Two Tunneling Protocol l2tp 115 ISIS over IPv4 isis 124 (any IP protocol) any 25504
esp 50
Default Configuration
No IPv4 Access List is defined.
Command Mode
IP Access-list Configuration mode
User Guidelines
Enter IP-Access List configuration mode by using the ip access-list Global Configuration mode command.
After an access control entry (ACE) is added to an access control list, an implied deny-any-any condition
exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets.
Example
The following example defines a permit statement for an IP ACL.
console(config)# console(config-ip-al)#
ip-access-list
deny
rsvp 192.1.1.1 0.0.0.255
ip-acl1
any

ipv6 access-list

The ipv6 access-list Global Configuration mode command defines an IPv6 Access List and places the device in IPv6 Access List Configuration mode. Use the no form of this command to remove the Access List.
Syntax
ipv6 access-list access-list-name no ipv6 access-list access-list-name
Parameters
access-list-name — Name of the IPv6 Access List. (Range: 1 - 32 characters)
Page 29
Loading...
+ 372 hidden pages