Allied Telesis AT-S95 CLI User Manual

Download

Management Software

AT-S95

CLI User’s Guide

AT-8000GS Series Stackable Gigabit Ethernet Switches

Version 1.0.1

613-001020 Rev. B

Allied Telesis is a trademark of Allied Telesis, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners.

Allied Telesis, Inc. reserves the right to make changes in specifications and other information contained in this document without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.

Preface ................................................................................................................................... 1

Intended Audience........................................................................................................................... 2

Document Conventions ................................................................................................................... 3

Contacting Allied Telesis .................................................................................................................4

Chapter 1.Using the CLI ....................................................................................................... 5

Overview ................................................................................................................................................5

CLI Command Modes...................................................................................................................... 5

Introduction................................................................................................................................................5

User EXEC Mode ......................................................................................................................................5

Privileged EXEC Mode ..............................................................................................................................5

Global Configuration Mode........................................................................................................................6

Interface Configuration and Specific Configuration Modes........................................................................7

Starting the CLI................................................................................................................................ 8

Editing Features ..............................................................................................................................9

Entering Commands..................................................................................................................................9

Terminal Command Buffer ...................................................................................................................9

Negating the Effect of Commands .....................................................................................................10

Command Completion........................................................................................................................10

Nomenclature.....................................................................................................................................10

Keyboard Shortcuts............................................................................................................................10

CLI Command Conventions ...............................................................................................................11

Copying and Pasting Text........................................................................................................................11

Chapter 2.ACL Commands ................................................................................................ 13

ip access-list.........................................................................................................................................13

permit (ip) .............................................................................................................................................13

deny (IP)...............................................................................................................................................16

mac access-list.....................................................................................................................................18

permit (MAC)........................................................................................................................................19

deny (MAC)..........................................................................................................................................20

service-acl ............................................................................................................................................21

show access-lists .................................................................................................................................22

show interfaces access-lists.................................................................................................................22

Chapter 3.AAA Commands ................................................................................................ 24

aaa authentication login .......................................................................................................................24

aaa authentication enable ....................................................................................................................25

login authentication ..............................................................................................................................26

enable authentication...........................................................................................................................27

ip http authentication ............................................................................................................................27

Page i

Allied Telesis

Command Line Interface User’s Guide

ip https authentication.......................................................................................................................... 28

show authentication methods .............................................................................................................. 29

password ............................................................................................................................................. 30

username............................................................................................................................................. 30

show users accounts ........................................................................................................................... 31

enable password ................................................................................................................................. 32

Chapter 4.Address Table Commands............................................................................... 34

bridge address..................................................................................................................................... 34

bridge multicast filtering....................................................................................................................... 34

bridge multicast address...................................................................................................................... 35

bridge multicast forbidden address...................................................................................................... 36

bridge multicast forward-all.................................................................................................................. 37

bridge multicast forbidden forward-all.................................................................................................. 38

bridge aging-time................................................................................................................................. 38

clear bridge.......................................................................................................................................... 39

port security ......................................................................................................................................... 39

port security mode ............................................................................................................................... 40

port security max ................................................................................................................................. 41

port security routed secure-address .................................................................................................... 41

show bridge address-table .................................................................................................................. 42

show bridge address-table static ......................................................................................................... 43

show bridge address-table count......................................................................................................... 44

show bridge multicast address-table ................................................................................................... 45

show bridge multicast address-table static .......................................................................................... 47

show bridge multicast filtering ............................................................................................................. 47

show ports security.............................................................................................................................. 49

show ports security addresses ............................................................................................................ 50

Chapter 5.Clock Commands .............................................................................................. 52

clock set............................................................................................................................................... 52

clock source......................................................................................................................................... 52

clock timezone..................................................................................................................................... 53

clock summer-time .............................................................................................................................. 54

sntp authentication-key........................................................................................................................ 55

sntp authenticate ................................................................................................................................. 56

sntp trusted-key ................................................................................................................................... 56

sntp client poll timer............................................................................................................................. 57

sntp broadcast client enable................................................................................................................ 57

sntp anycast client enable ................................................................................................................... 58

sntp client enable (Interface) ............................................................................................................... 59

sntp unicast client enable .................................................................................................................... 59

sntp unicast client poll ......................................................................................................................... 60

sntp server........................................................................................................................................... 60

show clock ........................................................................................................................................... 61

show sntp configuration....................................................................................................................... 62

show sntp status.................................................................................................................................. 63

Page ii

Not approved by Document Control. For review only.

Chapter 6.Configuration and Image File Commands ...................................................... 65

copy......................................................................................................................................................65

dir .........................................................................................................................................................67

delete ...................................................................................................................................................68

boot system..........................................................................................................................................69

show running-config .............................................................................................................................69

show startup-config ..............................................................................................................................70

show bootvar........................................................................................................................................71

Chapter 7.DHCP Option 82 Commands ............................................................................ 72

ip dhcp information option....................................................................................................................72

show ip dhcp information option...........................................................................................................72

ip dhcp relay enable .............................................................................................................................73

Chapter 8.DHCP Snooping Commands ............................................................................ 74

ip dhcp snooping..................................................................................................................................74

ip dhcp snooping vlan ..........................................................................................................................74

ip dhcp snooping trust ..........................................................................................................................75

ip dhcp snooping information option allowed-untrusted .......................................................................76

ip dhcp snooping verify ........................................................................................................................76

ip dhcp snooping database ..................................................................................................................77

ip dhcp snooping database update-freq...............................................................................................77

ip dhcp snooping binding .....................................................................................................................78

clear ip dhcp snooping database .........................................................................................................79

show ip dhcp snooping.........................................................................................................................79

show ip dhcp snooping binding ............................................................................................................80

Chapter 9.Ethernet Configuration Commands................................................................. 82

interface ethernet .................................................................................................................................82

interface range ethernet.......................................................................................................................82

shutdown..............................................................................................................................................83

description............................................................................................................................................84

speed ...................................................................................................................................................84

duplex...................................................................................................................................................85

negotiation............................................................................................................................................86

flowcontrol............................................................................................................................................86

mdix......................................................................................................................................................87

back-pressure ......................................................................................................................................88

port jumbo-frame..................................................................................................................................88

system flowcontrol................................................................................................................................89

clear counters.......................................................................................................................................89

set interface active ...............................................................................................................................90

show interfaces advertise.....................................................................................................................90

show interfaces configuration...............................................................................................................91

show interfaces status..........................................................................................................................93

show interfaces description..................................................................................................................94

show ports jumbo-frame.......................................................................................................................95

Page iii

Allied Telesis

Command Line Interface User’s Guide

show interfaces counters..................................................................................................................... 95

show system flowcontrol...................................................................................................................... 99

port storm-control include-multicast (IC).............................................................................................. 99

port storm-control broadcast enable.................................................................................................. 100

port storm-control broadcast rate ...................................................................................................... 101

show ports storm-control ................................................................................................................... 102

Chapter 10.GVRP Commands.......................................................................................... 103

gvrp enable (Global) .......................................................................................................................... 103

gvrp enable (Interface) ...................................................................................................................... 103

garp timer .......................................................................................................................................... 104

gvrp vlan-creation-forbid.................................................................................................................... 105

gvrp registration-forbid....................................................................................................................... 105

clear gvrp statistics ............................................................................................................................ 106

show gvrp configuration..................................................................................................................... 106

show gvrp statistics ........................................................................................................................... 107

show gvrp error-statistics................................................................................................................... 108

Chapter 11.IGMP Snooping Commands......................................................................... 110

ip igmp snooping (Global).................................................................................................................. 110

ip igmp snooping (Interface) .............................................................................................................. 110

ip igmp snooping mrouter learn-pim-dvmrp....................................................................................... 111

ip igmp snooping host-time-out ......................................................................................................... 112

ip igmp snooping querier enable ....................................................................................................... 112

ip igmp snooping querier address ..................................................................................................... 113

ip igmp snooping querier version....................................................................................................... 114

ip igmp snooping mrouter-time-out.................................................................................................... 114

ip igmp snooping leave-time-out........................................................................................................ 115

show ip igmp snooping mrouter......................................................................................................... 116

show ip igmp snooping interface ....................................................................................................... 117

show ip igmp snooping groups .......................................................................................................... 118

Chapter 12.IP Addressing Commands............................................................................ 119

ip address .......................................................................................................................................... 119

ip address dhcp ................................................................................................................................. 119

ip default-gateway ............................................................................................................................. 120

show ip interface................................................................................................................................ 121

arp ..................................................................................................................................................... 122

arp timeout......................................................................................................................................... 122

clear arp-cache.................................................................................................................................. 123

show arp ............................................................................................................................................ 124

ip domain-lookup............................................................................................................................. 124

ip domain-name................................................................................................................................. 125

ip name-server................................................................................................................................... 126

ip domain-name................................................................................................................................. 126

ip name-server................................................................................................................................... 127

ip host ................................................................................................................................................ 127

Page iv

Not approved by Document Control. For review only.

clear host............................................................................................................................................128

clear host dhcp...................................................................................................................................129

show hosts .........................................................................................................................................129

Chapter 13.Line Commands ............................................................................................ 131

line......................................................................................................................................................131

speed .................................................................................................................................................131

autobaud ............................................................................................................................................132

exec-timeout.......................................................................................................................................133

history.................................................................................................................................................133

history size .........................................................................................................................................134

terminal history...................................................................................................................................134

terminal history size ...........................................................................................................................135

show line ............................................................................................................................................135

Section 14.LACP Commands........................................................................................... 138

lacp system-priority ............................................................................................................................138

lacp port-priority .................................................................................................................................139

lacp timeout........................................................................................................................................140

show lacp ethernet .............................................................................................................................141

show lacp port-channel ......................................................................................................................143

Chapter 15.Management ACL Commands ..................................................................... 144

management access-list ....................................................................................................................144

permit (Management).........................................................................................................................145

deny (Management)...........................................................................................................................146

management access-class.................................................................................................................146

show management access-list ...........................................................................................................147

show management access-class .......................................................................................................148

Chapter 16.PHY Diagnostics Commands ....................................................................... 149

test copper-port tdr.............................................................................................................................149

show copper-ports tdr ........................................................................................................................149

show copper-ports cable-length .........................................................................................................150

Chapter 17.Port Channel Commands ............................................................................. 152

interface port-channel ........................................................................................................................152

interface range port-channel ..............................................................................................................152

channel-group ....................................................................................................................................153

show interfaces port-channel .............................................................................................................153

Chapter 18.Port Monitor Commands .............................................................................. 155

port monitor........................................................................................................................................155

show ports monitor.............................................................................................................................156

Chapter 19.Power over Ethernet Commands................................................................. 157

power inline........................................................................................................................................157

Page v

Allied Telesis

Command Line Interface User’s Guide

power inline powered-device ............................................................................................................. 157

power inline priority............................................................................................................................ 158

power inline usage-threshold............................................................................................................. 159

power inline traps enable................................................................................................................... 159

show power inline .............................................................................................................................. 160

Chapter 20.QoS Commands ............................................................................................ 164

qos..................................................................................................................................................... 164

show qos ........................................................................................................................................... 164

priority-queue out num-of-queues ..................................................................................................... 165

rate-limit............................................................................................................................................. 165

traffic-shape....................................................................................................................................... 166

show qos interface............................................................................................................................. 166

wrr-queue cos-map............................................................................................................................ 167

qos trust(Global) ................................................................................................................................ 168

qos map dscp-queue ......................................................................................................................... 169

qos cos .............................................................................................................................................. 170

show qos map ................................................................................................................................... 170

Chapter 21.Radius Commands........................................................................................ 172

radius-server host.............................................................................................................................. 172

radius-server key ............................................................................................................................... 173

radius-server retransmit..................................................................................................................... 173

radius-server source-ip...................................................................................................................... 174

radius-server timeout......................................................................................................................... 175

radius-server deadtime...................................................................................................................... 175

show radius-servers .......................................................................................................................... 176

Chapter 22.RMON Commands......................................................................................... 178

show rmon statistics .......................................................................................................................... 178

rmon collection history....................................................................................................................... 180

show rmon collection history ............................................................................................................. 180

show rmon history ............................................................................................................................. 181

rmon alarm ........................................................................................................................................ 184

show rmon alarm-table ...................................................................................................................... 185

show rmon alarm ............................................................................................................................... 186

rmon event......................................................................................................................................... 187

show rmon events ............................................................................................................................. 188

show rmon log ................................................................................................................................... 189

rmon table-size .................................................................................................................................. 190

Chapter 23.SNMP Commands ......................................................................................... 192

snmp-server community .................................................................................................................... 192

snmp-server view .............................................................................................................................. 193

snmp-server group ............................................................................................................................ 194

snmp-server user............................................................................................................................... 194

snmp-server engineID local............................................................................................................... 196

Page vi

Not approved by Document Control. For review only.

snmp-server enable traps ..................................................................................................................197

snmp-server filter ...............................................................................................................................197

snmp-server host ...............................................................................................................................198

snmp-server v3-host ..........................................................................................................................199

snmp-server trap authentication.........................................................................................................200

snmp-server contact...........................................................................................................................201

snmp-server location..........................................................................................................................201

snmp-server set .................................................................................................................................202

show snmp .........................................................................................................................................203

show snmp engineid ..........................................................................................................................204

show snmp views ...............................................................................................................................205

show snmp groups .............................................................................................................................205

show snmp filters ...............................................................................................................................206

show snmp users ...............................................................................................................................207

Chapter 24.Spanning-Tree Commands........................................................................... 208

spanning-tree .....................................................................................................................................208

spanning-tree mode ...........................................................................................................................208

spanning-tree forward-time ................................................................................................................209

spanning-tree hello-time.....................................................................................................................209

spanning-tree max-age ......................................................................................................................210

spanning-tree priority .........................................................................................................................211

spanning-tree disable.........................................................................................................................211

spanning-tree cost..............................................................................................................................212

spanning-tree port-priority ..................................................................................................................213

spanning-tree portfast ........................................................................................................................213

spanning-tree link-type.......................................................................................................................214

spanning-tree pathcost method..........................................................................................................214

spanning-tree bpdu ............................................................................................................................215

spanning-tree guard root....................................................................................................................216

spanning-tree bpduguard ...................................................................................................................216

clear spanning-tree detected-protocols..............................................................................................217

spanning-tree mst priority...................................................................................................................217

spanning-tree mst max-hops..............................................................................................................218

spanning-tree mst port-priority ...........................................................................................................218

spanning-tree mst cost.......................................................................................................................219

spanning-tree mst configuration.........................................................................................................220

instance (mst).....................................................................................................................................220

name (mst) .........................................................................................................................................221

revision (mst)......................................................................................................................................222

show (mst)..........................................................................................................................................222

exit (mst) ............................................................................................................................................223

abort (mst)..........................................................................................................................................224

show spanning-tree............................................................................................................................224

Chapter 25.SSH Commands ............................................................................................ 236

ip ssh port...........................................................................................................................................236

Page vii

Allied Telesis

Command Line Interface User’s Guide

ip ssh server ...................................................................................................................................... 236

crypto key generate dsa .................................................................................................................... 237

crypto key generate rsa ..................................................................................................................... 237

ip ssh pubkey-auth ............................................................................................................................ 238

crypto key pubkey-chain ssh ............................................................................................................. 238

user-key............................................................................................................................................. 239

key-string ........................................................................................................................................... 240

show ip ssh........................................................................................................................................ 241

show crypto key mypubkey ............................................................................................................... 242

show crypto key pubkey-chain ssh.................................................................................................... 243

Chapter 26.Syslog Commands........................................................................................ 245

logging on .......................................................................................................................................... 245

logging ............................................................................................................................................... 245

logging console.................................................................................................................................. 246

logging buffered................................................................................................................................. 247

logging buffered size ......................................................................................................................... 247

clear logging ...................................................................................................................................... 248

logging file ......................................................................................................................................... 249

clear logging file................................................................................................................................. 249

aaa logging ........................................................................................................................................ 250

file-system logging............................................................................................................................. 250

management logging ......................................................................................................................... 251

show logging...................................................................................................................................... 252

show logging file ................................................................................................................................ 254

show syslog-servers .......................................................................................................................... 256

Chapter 27.TACACS+ Commands................................................................................... 258

tacacs-server host ............................................................................................................................. 258

tacacs-server key .............................................................................................................................. 259

tacacs-server timeout ........................................................................................................................ 259

tacacs-server source-ip ..................................................................................................................... 260

show tacacs....................................................................................................................................... 260

Chapter 28.System Management Commands................................................................ 262

ping.................................................................................................................................................... 262

reload................................................................................................................................................. 264

resume............................................................................................................................................... 264

hostname........................................................................................................................................... 265

stack master ...................................................................................................................................... 265

stack reload ....................................................................................................................................... 266

stack change unit-id........................................................................................................................... 267

show stack......................................................................................................................................... 267

show users ........................................................................................................................................ 269

show sessions ................................................................................................................................... 270

show system...................................................................................................................................... 271

show system id .................................................................................................................................. 272

Page viii

Not approved by Document Control. For review only.

show version ......................................................................................................................................273

set system ..........................................................................................................................................275

Chapter 29.User Interface Commands............................................................................ 276

enable ................................................................................................................................................276

disable................................................................................................................................................276

login....................................................................................................................................................277

configure ............................................................................................................................................277

exit (Configuration).............................................................................................................................278

exit......................................................................................................................................................278

end .....................................................................................................................................................279

help ....................................................................................................................................................279

terminal datadump .............................................................................................................................280

show history .......................................................................................................................................281

show privilege ....................................................................................................................................281

Chapter 30.VLAN Commands .......................................................................................... 283

vlan database.....................................................................................................................................283

vlan.....................................................................................................................................................283

default-vlan disable ............................................................................................................................284

default-vlan vlan .................................................................................................................................284

interface vlan......................................................................................................................................285

interface range vlan............................................................................................................................286

name ..................................................................................................................................................286

switchport protected ...........................................................................................................................287

switchport mode .................................................................................................................................288

switchport access vlan .......................................................................................................................289

switchport trunk allowed vlan .............................................................................................................289

switchport trunk native vlan................................................................................................................290

switchport general allowed vlan .........................................................................................................290

switchport general pvid ......................................................................................................................291

switchport general ingress-filtering disable ........................................................................................292

switchport general acceptable-frame-type tagged-only .....................................................................292

switchport general acceptable-frame-type tagged-only .....................................................................293

switchport general map macs-group vlan ..........................................................................................293

map mac macs-group ........................................................................................................................294

show vlan macs-group .......................................................................................................................295

switchport forbidden vlan ...................................................................................................................295

ip internal-usage-vlan.........................................................................................................................296

show vlan ...........................................................................................................................................298

show vlan internal usage....................................................................................................................298

show interfaces switchport .................................................................................................................299

Chapter 31.Web Server Commands ................................................................................ 303

ip http server ......................................................................................................................................303

ip http port ..........................................................................................................................................303

ip http exec-timeout............................................................................................................................304

Page ix

Allied Telesis

Command Line Interface User’s Guide

ip https server .................................................................................................................................... 304

ip https port........................................................................................................................................ 305

ip https exec-timeout ......................................................................................................................... 305

crypto certificate generate ................................................................................................................. 306

crypto certificate request ................................................................................................................... 307

crypto certificate import ..................................................................................................................... 308

ip https certificate............................................................................................................................... 309

show crypto certificate mycertificate .................................................................................................. 310

show ip http ....................................................................................................................................... 311

show ip https...................................................................................................................................... 311

Chapter 32.802.1x Commands......................................................................................... 313

aaa authentication dot1x ................................................................................................................... 313

dot1x system-auth-control ................................................................................................................. 313

dot1x port-control............................................................................................................................... 314

dot1x re-authentication ...................................................................................................................... 315

dot1x timeout re-authperiod............................................................................................................... 315

dot1x re-authenticate......................................................................................................................... 316

dot1x timeout quiet-period ................................................................................................................. 316

dot1x timeout tx-period ...................................................................................................................... 317

dot1x max-req.................................................................................................................................... 318

dot1x timeout supp-timeout ............................................................................................................... 318

dot1x timeout server-timeout ............................................................................................................. 319

show dot1x ........................................................................................................................................ 320

show dot1x users............................................................................................................................... 323

show dot1x statistics.......................................................................................................................... 324

dot1x auth-not-req ............................................................................................................................. 326

dot1x guest-vlan ................................................................................................................................ 327

dot1x single-host-violation ................................................................................................................. 328

dot1x mac-authentication .................................................................................................................. 328

show dot1x advanced........................................................................................................................ 329

dot1x guest-vlan enable .................................................................................................................... 330

........................................................................................................................................................... 331

Index................................................................................................................................... 332

Page x

Not approved by Document Control. For review only.

Preface

This guide describes how to configure an AT-S95 v1.0.04 v1.1.0 Series switch using the command line interface. The commands are grouped by topic into the following chapters:

• Chapter 1. "Using the CLI" — Describe the CLI basic structure and command usage.

• Chapter 2. "ACL Commands" — Define MAC and IP based ACLs and ACL bindings.

• Chapter 3. "AAA Commands" — Define the authentication method lists for servers.

• Chapter 4. "Address Table Commands" — Register MAC-layer Multicast addresses, and handles MAC-

layer secure address to a routed port .

• Chapter 5. "Clock Commands" — Show the configuration or status of the Simple Network Time Protocol

(SNTP).

• Chapter 6. "Configuration and Image File Commands" — Display the contents of the currently running

configuration file, specify contents of image files.

• Chapter 7. "DHCP Option 82 Commands" — DHCP with Option 82 attaches authentication messages to

the packets sent from the host. DHCP passes the configuration information to hosts on a TCP/IP network. This permits network administrators to limit address allocation authorized hosts.

• Chapter 8. "DHCP Snooping Commands" — Contains parameters for enabling DHCP Snooping on the

device

• Chapter 9. "Ethernet Configuration Commands" — Configure multiple Ethernet type interfaces.

• Chapter 10. "GVRP Commands" — Display the GARP VLAN Registration Protocol (GVRP) configuration

information, enable GVRP globally or on an interface.

• Chapter 11. "IGMP Snooping Commands" — Enable the Internet Group Management Protocol (IGMP)

snooping.

• Chapter 12. "IP Addressing Commands" — Define a default gateway, set an IP address for interface,

delete entries from the host.

• Chapter 13. "Line Commands" — Display line parameters, enable the command history function, or

configure the command history buffer size.— Configure system priority, physical port priority, assign

Page 1

Allied Telesis

Command Line Interface User’s Guide

administrative LACP timeouts, display LACP information for Ethernet ports, and display LACP information for a port-channel.

• Chapter 15. "Management ACL Commands" — Define a permit or deny a rule, or configure a management

access control list.

• Chapter 16. "PHY Diagnostics Commands" — Display the optical transceiver diagnostics.

• Chapter 17. "Port Channel Commands" — Enter the interface configuration mode to configure a specific,

or a multiple port-channel.

• Chapter 18. "Port Monitor Commands" — Start a port monitoring session, or display the port monitoring

status.

• Chapter 19. "Power over Ethernet Commands" — Configure and display Power over Ethernet device

settings.

• Chapter 20. "QoS Commands" — Enable Quality of Service (QoS) on the device, create policy maps, and

define traffic classifications

• Chapter 21. "Radius Commands" — Specify the source IP address used for communication with Remote

Authentication Dial-in User Service (RADIUS) servers, and display the RADIUS server settings.

• Chapter 22. "RMON Commands" — Display the Remote Network Monitoring (RMON) Ethernet history

statistics, alarms table and configuration.

• Chapter 23. "SNMP Commands" — Configure the community access string to permit access to the Simple

Network Management Protocol (SNMP) server, create or update SNMP server entries, and specify SNMP engineID.

• Chapter 24. "Spanning-Tree Commands" — Configure the spanning-tree functionality.

• Chapter 25. "SSH Commands" — Display the Secure Socket Shell (SSH) public keys on the device, SSH

server configuration, or which SSH public key is manually configured.

• Chapter 26. "Syslog Commands" — Log messages to a syslog server, or limit log messages to a syslog

server.

• Chapter 27. "TACACS+ Commands" — Display configuration and statistical information about a Terminal

Access Controller Access Control System (TACACS+) server, or specify a TACACS+ host.

• Chapter 28. "System Management Commands" — Display and list system, version or Telnet session

information.

• Chapter 29. "User Interface Commands" — Display and list system, version or Telnet session information.

• Chapter 30. "VLAN Commands" — Enter the (Virtual Local Area Network) VLAN Configuration mode,

enable simultaneously configuring multiple VLANs, or adds or remove VLANs.

• Chapter 31. "Web Server Commands" — Enable configuring the device from a browser, or display the

HTTP server configuration.

• Chapter 32. "802.1x Commands" — Specify authentication, authorization and accounting (AAA) methods

for use on interfaces running IEEE 802.1x, and enable 802.1x globally.

Intended Audience

This guide is intended for network administrators familiar with IT concepts and terminology.

Page 2

Not approved by Document Control. For review only.

Document Conventions

Note

Caution

Warning

This document uses the following conventions:

Provides related information or information of special importance.

Indicates potential damage to hardware or software, or loss of data.

Indicates a risk of personal injury.

Preface

Document Conventions

Page 3

Allied Telesis

Command Line Interface User’s Guide

Contacting Allied Telesis

This section provides Allied Telesis contact information for technical support as well as sales or corporate information. .

Online Support

Email and Telephone Support

Returning Products

For Sales or Corporate Information

Warranty

You can request technical support online by accessing the Allied Telesis Knowledge Base from the following web site: www.alliedtelesis.com/support. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions..

For Technical Support via email or telephone, refer to the Allied Telesis web site: www.alliedtelesis.com. Select your country from the list displayed on the website. Then select the appropriate menu tab.

Products for return or repair must first be assigned a Return Materials Authorization (RMA) number. A product sent to Allied Telesis without a RMA number will be returned to the sender at the sender’s expense.

To obtain an RMA number, contact the Allied Telesis Technical Support group at our web site: www.alliedtelesis.com/support/rma. Select your country from the list displayed on the website. Then select the appropriate menu tab.

You can contact Allied Telesis for sales or corporate information at our web site: www.alliedtelesis.com. Select your country from the list displayed on the website. Then select the appropriate menu tab.

The AT-AT-800GS series intelligent Multiservice Gateway has a limited warranty of two years. Go to www.alliedtelesis.com/warranty for the specific terms and conditions of the warranty and for warranty registration.

Page 4

Not approved by Document Control. For review only.

Using the CLI

CLI Command Modes

Chapter 1. Using the CLI

Overview

This chapter describes how to start using the CLI and the CLI command editing features.

CLI Command Modes

Introduction

To assist in configuring the device, the Command Line Interface (CLI) is divided into different command modes. Each command mode has its own set of specific commands. Entering a question mark "?" at the system prompt (console prompt) displays a list of commands available for that particular command mode.

From each mode a specific command is used to navigate from one command mode to another. The standard order to access the modes is as follows: User EXEC mode, Privileged EXEC mode, Global Configuration mode, and Interface Configuration mode.

When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands are available in User EXEC mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required.

The Privileged EXEC mode gives access to commands that are restricted on User EXEC mode and provides access to the device Configuration mode.

The Global Configuration mode manages the device configuration on a global level.

The Interface Configuration mode configures specific interfaces in the device.

User EXEC Mode

After logging into the device, the user is automatically in User EXEC command mode unless the user is defined as a privileged user. In general, the User EXEC commands allow the user to perform basic tests, and list system information.

The user-level prompt consists of the device host name followed by the angle bracket (>).

Console>

The default host name is Console unless it has been changed using the hostname command in the Global Configuration mode.

Privileged EXEC Mode

Privileged access is password protected to prevent unauthorized use because many of the privileged commands set operating system parameters. The password is not displayed on the screen and is case sensitive.

Privileged users enter directly into the Privileged EXEC mode. To enter the Privileged EXEC mode from the User EXEC mode, perform the following steps:

1. At the prompt enter the enable command and press <Enter>. A password prompt is displayed.

Page 5

Allied Telesis

Command Line Interface User’s Guide

2. Enter the password and press <Enter>. The password is displayed as *. The Privileged EXEC mode prompt is displayed. The Privileged EXEC mode prompt consists of the device host name followed by #.

Console#

To return from the Privileged EXEC mode to the User EXEC mode, use the disable command. The following example illustrates how to access the Privileged EXEC mode and return to the User EXEC mode:

Console>

Enter Password: ******

Console#

Console>

The exit command is used to return from any mode to the previous mode except when returning to the User EXEC mode from the Privileged EXEC mode. For example, the exit command is used to return from the Interface Configuration mode to the Global Configuration mode.

enable

disable

Global Configuration Mode

Global Configuration mode commands apply to features that affect the system as a whole, rather than just a specific interface. The configure Privileged EXEC mode command is used to enter the Global Configuration mode.

To enter the Global Configuration mode perform the following steps:

1. At the Privileged EXEC mode prompt enter the configure command and press <Enter>. The Global Configuration mode prompt is displayed. The Global Configuration mode prompt consists of the device host name followed by (config) and #.

Console(config)#

One of the following commands can be used to return from the Global Configuration mode to the Privileged EXEC mode:

• exit

• end

• Ctrl+Z

The following example illustrates how to access the Global Configuration mode and return to the Privileged EXEC mode:

Console#

Console(config)#

Console#

configure

exit

Page 6

Not approved by Document Control. For review only.

Using the CLI

CLI Command Modes

Interface Configuration and Specific Configuration Modes

Interface Configuration mode commands modify specific interface operations. The following are the Interface Configuration modes:

• Line Interface — Contains commands to configure the management connections. These include commands

such as line timeout settings, etc. The line Global Configuration mode command is used to enter the Line Configuration command mode.

• VLAN Database — Contains commands to create a VLAN as a whole. The VLAN database Global

Configuration mode command is used to enter the VLAN Database Interface Configuration mode.

• Management Access List — Contains commands to define management access-lists. The management

access-list Global Configuration mode command is used to enter the Management Access List Configuration

mode.

• Ethernet — Contains commands to manage port configuration. The interface ethernet Global Configuration

mode command is used to enter the Interface Configuration mode to configure an Ethernet type interface.

• Port Channel — Contains commands to configure port-channels, for example, assigning ports to a port-

channel. Most of these commands are the same as the commands in the Ethernet interface mode, and are used to manage the member ports as a single entity. The interface port-channel Global Configuration mode command is used to enter the Port Channel Interface Configuration mode.

• SSH Public Key-chain — Contains commands to manually specify other device SSH public keys. The

crypto key pubkey-chain ssh Global Configuration mode command is used to enter the SSH Public Key-

chain Configuration mode.

• QoS — Contains commands related to service definitions. The qos Global Configuration mode command is

used to enter the QoS services configuration mode.

• MAC Access-List— Configures conditions required to allow traffic based on MAC addresses. The mac

access-list Global Configuration mode command is used to enter the MAC access-list configuration mode.

Page 7

Allied Telesis

Note

Command Line Interface User’s Guide

Starting the CLI

The device can be managed over a direct connection to the device console RS-232 port or via a Telnet connection. The device is managed by entering command keywords and parameters at the prompt. Using the device Command Line Interface (CLI) is very similar to entering commands on a UNIX system.

If access is via a Telnet connection, ensure that the device has a defined IP address, corresponding management access is granted, and the workstation used to access the device is connected to the device prior to using CLI commands.

The following steps are for use on the console line only.

To start using the CLI, perform the following steps:

1. Connect the DB9 null-modem or cross over cable to the RS-232 serial port of the device to the RS-232 serial port of the terminal or computer running the terminal emulation application.

The default data rate is 115200 bps.

a) Set the data format to 8 data bits, 1 stop bit, and no parity. b) Set Flow Control to none.

c) Under Properties, select VT100 for Emulation mode. d) Select Terminal keys for Function, Arrow, and Ctrl keys. Ensure that the setting is for Terminal keys

(not Windows keys).

When using HyperTerminal with Microsoft® Windows 2000, ensure that Windows® 2000 Service Pack 2 or later is installed. With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal’s VT100 emulation. Go to www.microsoft.com for information on Windows 2000 service packs.

2. Enter the following commands to begin the configuration procedure:

Console>

Console#

enable

configure

Console(config)#

3. Configure the device and enter the necessary commands to complete the required tasks.

4. When finished, exit the session with the exit command.

When a different user is required to log onto the system, use the login Privileged EXEC mode command. This effectively logs off the current user and logs on the new user.

Page 8

Not approved by Document Control. For review only.

Using the CLI

Editing Features

Entering Commands

A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command show interfaces status ethernet 1/g11, show, interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/g11 specifies the port.

To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter:

Console(config)#

When working with the CLI, the command options are not displayed. The command is not selected from a menu, but is manually entered. To see what commands are available in each mode or within an interface configuration, the CLI does provide a method of displaying the available commands, the command syntax requirements and in some instances parameters required to complete the command. The standard command to request help is ?.

There are two instances where help information can be displayed:

• Keyword lookup — The character ? is entered in place of a command. A list of all valid commands and

corresponding help messages are is displayed.

• Partial keyword lookup — If a command is incomplete and or the character ? is entered in place of a

parameter. The matched keyword or parameters for this command are displayed.

To assist in using the CLI, there is an assortment of editing features. The following features are described:

• Terminal Command Buffer

• Command Completion

• Nomenclature

• Keyboard Shortcuts

username

admin

password

alansmith

Terminal Command Buffer

Every time a command is entered in the CLI, it is recorded on an internally managed Command History buffer. Commands stored in the buffer are maintained on a First In First Out (FIFO) basis. These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets.

Keyword Description

Up-arrow key Ctrl+P

Down-arrow key Returns to more recent commands in the history buffer after recalling

By default, the history buffer system is enabled, but it can be disabled at any time. For information about the command syntax to enable or disable the history buffer, see history.

There is a standard default number of commands that are stored in the buffer. The standard number of 10 commands can be increased to 216. By configuring 0, the effect is the same as disabling the history buffer system. For information about the command syntax for configuring the command history buffer, see history size.

To display the history buffer, see show history.

Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands.

commands with the up-arrow key. Repeating the key sequence will recall successively more recent commands.

Page 9

Allied Telesis

Command Line Interface User’s Guide

Negating the Effect of Commands

For many configuration commands, the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value. This guide describes the negation effect for all applicable commands.

Command Completion

If the command entered is incomplete, invalid or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing the <Tab> button, an incomplete command is entered. If the characters already entered are not enough for the system to identify a single matching command, press ? to display the available commands matching the characters already entered.

Nomenclature

When referring to an Ethernet port in a CLI command, the following format is used:

• For an Ethernet port on a standalone device: Ethernet_type port_number

• For an Ethernet port on a stacked device: unit_number/Ethernet_type port number

The Ethernet type may be Gigabit Ethernet (indicated by “g”) or Fast Ethernet (indicated by “e”).

For example, g3 stands for Gigabit Ethernet port 3 on a stand-alone device, and e3 stands for Fast Ethernet port 3 on a stand-alone device, whereas 1/g3 stands for Gigabit Ethernet port 3 on stacking unit 1 and 1/g3 stands for Fast Ethernet port 3 on stacking unit 1.

The ports may be described on an individual basis or within a range. Use format port number-port number to specify a set of consecutive ports and port number, port number to indicate a set of non-consecutive ports. For example, g1-3 stands for Gigabit Ethernet ports 1, 2 and 3, and g1, 5 stands for Gigabit Ethernet ports 1 and 5.

Keyboard Shortcuts

The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts.

Keyboard Key Description

Up-arrow key Recalls commands from the history buffer, beginning with the most recent command.

Repeat the key sequence to recall successively older commands.

Down-arrow key Returns the most recent commands from the history buffer after recalling commands with

the up arrow key. Repeating the key sequence will recall successively more recent commands.

Ctrl+A Moves the cursor to the beginning of the command line.

Ctrl+E Moves the cursor to the end of the command line.

Ctrl+Z / End Returns back to the Privileged EXEC mode from any configuration mode.

Backspace key Deletes one character left to the cursor position.

Page 10

Not approved by Document Control. For review only.

CLI Command Conventions

Note

When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions.

Convention Description

[ ] In a command line, square brackets indicates an optional entry.

{ } In a command line, curly brackets indicate a selection of compulsory parameters

separated by the | character. One option must be selected. For example: flowcontrol {auto|on|off} means that for the flowcontrol command either auto, on or off must be selected.

Italic font Indicates a parameter.

<Enter> Indicates an individual key on the keyboard. For example, <Enter> indicates the Enter

key.

Ctrl+F4 Any combination keys pressed simultaneously on the keyboard.

Screen Display

all When a parameter is required to define a range of ports or parameters and all is an

Indicates system messages and prompts appearing on the console.

option, the default for the command is all when no parameters are defined. For example, the command interface range port-channel has the option of either entering a range of channels, or selecting all. When the command is entered without a parameter, it automatically defaults to all.

Copying and Pasting Text

Up to 1000 lines of text (i.e., commands) can be copied and pasted into the device.

It is the user’s responsibility to ensure that the text copied into the device consists of legal commands only.

This feature is dependent on the baud rate of the device.

The default device baud rate is 115,200

When copying and pasting commands from a configuration file, make sure that the following conditions exist:

• A device Configuration mode has been accessed.

• The commands contain no encrypted data, like encrypted passwords or keys. Encrypted data cannot be

copied and pasted into the device.

Allied Telesis

Command Line Interface User’s Guide

Page 12

Not approved by Document Control. For review only.

ACL Commands

Chapter 2. ACL Commands

ip access-list

The ip access-list Global Configuration mode command defines an IPv4 Access List and places the device in IPv4 Access List Configuration mode. Use the no form of this command to remove the Access List.

Syntax

ip access-list access-list-name

no ip access-list access-list-name

Parameters

access-list-name — Name of the IPv4 Access List.

•

Default Configuration

No IPv4 Access List is defined

Command Mode

Global Configuration mode

User Guidelines

IPv4 ACLs are defined by a unique name. An IPv4 ACL and MAC ACL cannot share the same name.

Example

The following example places the device in IPv4 Access List Configuration mode.

Console(config)#

ip access-list

permit (ip)

The permit Ip Access-list Configuration mode command sets conditions to allow a packet to pass a named IP Access List.

Syntax

permit {any | protocol} {any | {source source-wildcard}} {any | {destination destination-wildcard}} [dscp number | ip-precedence number] [fragments]

permit-icmp {any | {source source-wildcard}} {any | {destination destination-wildcard}} {any | icmp-type} {any | icmp-code} [dscp number | ip-precedence number]

permit-igmp {any | {source source-wildcard}} {any | {destination destination-wildcard}} {any | igmp-type} [dscp number | ip-precedence number]

permit-tcp {any | { source source-wildcard}} {any | source-port} {any |{ destination destination-wildcard}} {any |

destination-port} [dscp number | ip-precedence number] [flags list-of-flags]

Page 13

Allied Telesis

Command Line Interface User’s Guide

permit-udp {any | { source source-wildcard}} {any | source-port} {any | {destination destination-wildcard}} {any | destination-port} [dscp number | ip-precedence number]

Parameters

source — Source IP address of the packet.

•

• source-wildcard — Wildcard bits to be applied to the source IP address. Use 1s in the bit position to be

ignored.

• destination — Destination IP address of the packet.

• destination-wildcard — Wildcard bits to be applied to the destination IP address. Use 1s in the bit position to

be ignored.

• protocol — The name or the number of an IP protocol. Available protocol names: icmp, igmp, ip, tcp, egp,

igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp, isis. (Range: 0 - 255)

• dscp number — Specifies the DSCP value.

• ip-precedence number — Specifies the IP precedence value.

• fragments— The set of conditions is applied only to noninitial fragments.

• icmp-type — Specifies an ICMP message type for filtering ICMP packets. Enter a number or one of the

following values: echo-reply, destination-unreachable, source-quench, redirect, alternate-hostaddress, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-request, address mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip, photuris. (Range: 0 - 255)

• icmp-code — Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)

• igmp-type — IGMP packets can be filtered by IGMP message type. Enter a number or one of the following

values: host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-v2, host-report-v3. (Range: 0 - 255)

• destination-port — Specifies the UDP/TCP destination port. (Range: 0 - 65535)

• source-port — Specifies the UDP/TCP source port. (Range: 0 - 65535)

• flags list-of-flags — List of TCP flags that should occur. If a flag should be set it is prefixed by "+".If a flag

should be unset it is prefixed by "-". Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, psh, -rst, -syn and -fin. The flags are concatenated to a one string. For example: +fin-ack.

Page 14

Not approved by Document Control. For review only.

ACL Commands

IP Protocol Abbreviated Name Protocol Number

Internet Control Message Protocol icmp 1

Internet Group Management Protocol igmp 2

IP in IP (encapsulation) Protocol ipinip 4

Transmission Control Protocol tcp 6

Exterior Gateway Protocol egp 8

Interior Gateway Protocol igp 9

User Datagram Protocol udp 17

Host Monitoring Protocol hmp 20

Reliable Data Protocol rdp 27

Inter-Domain Policy Routing Protocol

Ipv6 protocol ipv6 41

Routing Header for IPv6 ipv6-route 43

Fragment Header for IPv6 ipv6-frag 44

Inter-Domain Routing Protocol

Reservation Protocol rsvp 46

General Routing Encapsulation gre 47

Encapsulating Security Payload (50)

Authentication Header ah 51

ICMP for IPv6 ipv6-icmp 58

EIGRP routing protocol eigrp 88

Open Shortest Path Protocol ospf 89

Protocol Independent Multicast pim 103

Layer Two Tunneling Protocol l2tp 115

ISIS over IPv4 isis 124

(any IP protocol) any 25504

idpr 35

idrp 45

esp 50

• dscp — Indicates matching the dscp number with the packet dscp value.

• ip-precedence — Indicates matching ip-precedence with the packet ip-precedence value.

• icmp-type — Specifies an ICMP message type for filtering ICMP packets. Enter a value or one of the following

values: echo-reply, destination-unreachable, source-quench, redirect, alternate-host-address, echorequest, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-request, address-mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, ipv6-where-are-you, ipv6-i-am-here,

Page 15

Allied Telesis

Command Line Interface User’s Guide

mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip and photuris. (Range: 0-255)

• icmp-code — Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by

ICMP message type can also be filtered by the ICMP message code. (Range: 0-255)

• igmp-type — IGMP packets can be filtered by IGMP message type. Enter a number or one of the following

values: dvmrp, host-query, host-report, pim or trace. (Range: 0-255)

• destination-port — Specifies the UDP/TCP destination port. (Range: 0-65535)

• source-port — Specifies the UDP/TCP source port. (Range: 0-65535)

• list-of-flags — Specifies a list of TCP flags that can be triggered. If a flag is set, it is prefixed by “+”. If a flag is

not set, it is prefixed by “-”. Possible values: +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn and -fin. The flags are concatenated into one string. For example: +fin-ack.

Default Configuration

No IPv4 ACL is defined.

Command Mode

Ip Access-list Configuration mode

User Guidelines

You enter IP-Access List configuration mode by using the ip access-list Global Configuration mode command.

Example

The following example shows how to define a permit statement for an IP ACL.

Console(config)#

Console(config-ip-al)#

ip access-list

permit

rsvp 192.1.1.1 0.0.0.0

ip-acl1

any dscp

deny (IP)

The deny IP Access List Configuration mode command sets conditions to not allow a packet to pass a named IP Access List.

Syntax

deny [disable-port] {any| protocol} {any|{source source-wildcard}} {any|{destination destination- wildcard}} [dscp number | ip-precedence number]

deny-icmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}} {any|icmp-type} {any|icmp-code} [dscp number | ip-precedence number]

deny-igmp [disable-port] {any|{source source-wildcard}} {any|{destination destination-wildcard}} {any|igmp-type} [dscp number | ip-precedence number]

deny-tcp [disable-port] {any|{ source source-wildcard}} {any|source-port} {any|{ destination destination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] [flags list-of-

Page 16

Not approved by Document Control. For review only.

ACL Commands

flags]

deny-udp [disable-port] {any|{ source source-wildcard}} {any| source-port} {any|{destination destination-wildcard}} {any|destination-port} [dscp number | ip-precedence number]

Parameters

•

disable-port — The Ethernet interface is disabled if the condition is matched. (Range: 0 - 65535)

• source — Source IP address of the packet.

• source-wildcard — Wildcard bits to be applied to the source IP address. Use 1s in the bit position to be

ignored.

• destination — Packet’s destination IP address.

• destination-wildcard — Wildcard bits to be applied to the destination IP address. Use 1s in the bit position to

be ignored.

• protocol —The name or number of an IP protocol. Available protocol names: icmp, igmp, ip, tcp, egp, igp,

udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp, isis.: (Range: 0 - 255)

• dscp number — Specifies the DSCP value.

• ip-precedence number — Specifies the IP precedence value.

• icmp-type — Specifies an ICMP message type for filtering ICMP packets. Enter a number, or one of the

following values: echo-reply, destination-unreachable, source-quench, redirect, alternate-hostaddress, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-request, addressmask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip, photuriss. (Range: 0 - 255)

• icmp-code — Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)

• igmp-type — GMP packets can be filtered by IGMP message type. Enter a number, or one of the following

values: host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-v2, host-report-v3. (Range: 0 - 255)

• destination-port — Specifies the UDP/TCP destination port.

• source-port — Specifies the UDP/TCP source port. (Range: 0 - 65535)

• flags list-of-flags — List of TCP flags that should occur. If a flag is intended to be set, it is prefixed by ‘+’.If a

flag should be unset it is prefixed by ‘-’. Available options are: +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack,

-psh, -rst, -syn and -fin. The flags are concatenated to a single string. For example: +fin-ack.

IP Protocol Abbreviated Name Protocol Number

Internet Control Message Protocol icmp 1

Internet Group Management Protocol igmp 2

Transmission Control Protocol tcp 6

Exterior Gateway Protocol egp 8

Interior Gateway Protocol igp 9

User Datagram Protocol udp 17

Host Monitoring Protocol hmp 20

Reliable Data Protocol rdp 27

Inter-Domain Policy Routing Protocol

idpr 35

Page 17

Allied Telesis

Command Line Interface User’s Guide

IP Protocol Abbreviated Name Protocol Number

Ipv6 protocol ipv6 41

Routing Header for IPv6 ipv6-route 43

Fragment Header for IPv6 ipv6-frag 44

Inter-Domain Routing Protocol

Reservation Protocol rsvp 46

General Routing Encapsulation gre 47

Encapsulating Security Payload (50)

Authentication Header ah 51

ICMP for IPv6 ipv6-icmp 58

EIGRP routing protocol eigrp 88

Open Shortest Path Protocol ospf 89

Protocol Independent Multicast pim 103

Layer Two Tunneling Protocol l2tp 115

ISIS over IPv4 isis 124

(any IP protocol) any 25504

idrp 45

esp 50

Default Configuration

No IPv4 Access List is defined.

Command Mode

IP Access-list Configuration mode

User Guidelines

Enter IP-Access List configuration mode by using the ip access-list Global Configuration mode command.

•

• After an access control entry (ACE) is added to an access control list, an implied deny-any-any condition

exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets.

Example

The following example shows how to define a permit statement for an IP ACL.

Console(config)#

Console(config-ip-al)#

ip-access-list

deny

rsvp 192.1.1.1 0.0.0.255

ip-acl1

any

mac access-list

The mac access-list Global Configuration mode command defines a Layer 2 Access List and places the device in MAC-Access List Configuration mode. Use the no form of this command to remove the Access List.

Page 18

Not approved by Document Control. For review only.

ACL Commands

Syntax

mac access-list access-list-name

no mac access-list access-list-name

Parameters

access-list-name — Name of the MAC-Access List.

•

Default Configuration

No MAC-Access List is defined.

Command Mode

Global Configuration mode

User Guidelines

MAC ACLs are defined by a unique name. An IPv4 ACL, IPv6 ACL and MAC ACL cannot share the same name.

Example

The following example shows how to create a MAC ACL.

Console(config)#

Console(config-mac-al)#

mac access-list

macl-acl1

permit (MAC)

The permit MAC-Access List Configuration mode command sets permit conditions for a MAC-Access List.

Syntax

permit {any | {source source-wildcard} any | {destination destination-wildcard}} [vlan vlan-id] [cos cos cos- wildcard] [ethtype eth-type]

Parameters

source — Source MAC address of the packet.

•

• source-wildcard — Wildcard bits to be applied to the source MAC address. Use 1s in the bit position to be

ignored.

• destination — Destination MAC address of the packet.

• destination-wildcard — Specifies wildcard bits to be applied to the destination MAC address. Use 1s in bit

positions to be ignored.

• vlan-id — Specifies the ID of the packet VLAN.

• cos — Specifies the Class of Service (CoS) for the packet. (Range: 0-7)

• cos-wildcard — Specifies wildcard bits to be applied to the CoS.

• eth-type — Specifies the Ethernet type in hexadecimal format of the packet.

Default Configuration

No MAC ACL is defined.

Page 19

Allied Telesis

Command Line Interface User’s Guide

Command Mode

MAC-Access List Configuration mode

User Guidelines

Enter IP-Access List configuration mode by using the MAC access-list Global Configuration mode command.

•

• After an access control entry (ACE) is added to an access control list, an implied deny-any-any condition

exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets.

Example

The following example shows how to create a MAC ACL with permit rules.

Console(config)#

Console(config-mac-al)#

mac access-list

permit 6:6:6:6:6:6 0:0:0:0:0:0 any vlan 6

macl-acl1

deny (MAC)

The deny MAC-Access List Configuration mode command sets deny conditions for an MAC-Access List.

Syntax

deny [disable-port] {any|{source source- wildcard} {any|{ destination destination- wildcard}} [vlan vlan-id] [cos cos cos-wildcard] [ethtype eth-type]

Parameters

•

disable-port — Indicates the Ethernet interface is disabled if the condition is matched.

• source — Specifies source MAC address of the packet.

• source-wildcard — Specifies wildcard bits to be applied to the source MAC address. Use 1s in the bit position

to be ignored.

• destination — Specifies the MAC address of the host to which the packet is being sent.

• destination-wildcard — Specifies wildcard bits to be applied to the destination MAC address. Use 1s in the bit

position to be ignored.

• vlan-id — Specifies the VLAN ID of the packet. (Range: 0 - 4095)

• cos — Specifies the Class of Service of the packet. (Range: 0 - 7)

• cos-wildcard — Specifies wildcard bits to be applied to the CoS.

• eth-type — Specifies the Ethernet type in hexadecimal format of the packet. (Range: 0 - 0xFFFF)

Default Configuration

No MAC-Access List is defined.

Command Mode

MAC-Access List Configuration mode

Page 20

Not approved by Document Control. For review only.

ACL Commands

User Guidelines

MAC BPDU packets cannot be denied.

•

• This command defines an Access Control Element (ACE). An ACE can only be removed by deleting the ACL,

using the no mac access-list Global Configuration mode command. Alternatively, the Web-based interface can be used to delete ACEs from an ACL.

• The following user guidelines are relevant to GE devices only:

Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied.

If the VLAN ID is specified, the policy map cannot be connected to the VLAN interface.

Example

The following example shows how to create a MAC ACL with deny rules.

Console(config)#

Console (config-mac-acl)#

mac access-list

deny

6:6:6:6:6:6:0:0:0:0:0:0

macl1

any

service-acl

The service-acl Interface Configuration mode command controls access to an interface. Use the no form of this command to remove the access control.

Syntax

service-acl input acl-name

no service-acl input

Parameters

•

input — Applies the specified ACL to the input interface.

Default Configuration

This command has no default configuration.

Command Mode

Interface Configuration (Ethernet, Port-Channel) mode

User Guidelines

In advanced mode, when an ACL is bound to an interface, the port trust mode is set to trust 12-13 and not to 12.

Example

The following example, binds (services) an ACL to Ethernet interface g2.

Console(config)#

Console(config-if)#

interface ethernet

service-acl input

macl1

Page 21

Allied Telesis

Command Line Interface User’s Guide

show access-lists

The show access-lists Privileged EXEC mode command displays Access Control Lists (ACLs) configured on the switch.

Syntax

show access-lists [name]

Parameters

•

name — Name of the ACL.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example displays access lists.

Console#

IP access list ACL1

permit ip host 172.30.40.1 any

permit rsvp host 172.30.8.8 any

show access-lists

show interfaces access-lists

The show interfaces access-lists Privileged EXEC mode command displays access lists applied on interfaces.

Syntax

show interfaces access-lists [ ethernet interface | vlan vlan-id | port-channel port-channel-number ]

Parameters

•

vlan-id— Specifies the ID of the VLAN.

• interface — The full syntax is: unit/port.

• port-channel-number — Valid port-channel Index.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

Page 22

Not approved by Document Control. For review only.

User Guidelines

There are no user guidelines for this command.

Example

The following example displays ACLs applied to the interfaces of a device

Table 1:

Console# show interfaces access-lists

Interfaces Input ACL

-------------- --------------

1/g1 ACL1

2/g1 ACL3

ACL Commands

Page 23

Allied Telesis

Note

Command Line Interface User’s Guide

Chapter 3. AAA Commands

aaa authentication login

The aaa authentication login Global Configuration mode command defines login authentication. Use the no form of this command to return to the default configuration.

Syntax

aaa authentication login {default | list-name} method1 [method2...]

no aaa authentication login {default | list-name}

Parameters

default — Uses the listed authentication methods that follow this argument as the default list of methods

•

when a user logs in.

• list-name — Character string used to name the list of authentication methods activated when a user logs in.

(Range: 1-12 characters).

• method1 [method2...] — Specify at least one from the following table:

Keyword Description

enable Uses the enable password for authentication.

line Uses the line password for authentication.

local Uses the local username database for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication.

tacacs Uses the list of all TACACS+ servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the command aaa authentication login list- name local.

On the console, login succeeds without any authentication check if the authentication method is not defined.

Command Mode

Global Configuration mode

Page 24

Not approved by Document Control. For review only.

AAA Commands

User Guidelines

The default and optional list names created with the aaa authentication login command are used with the

•

• Create a list by entering the aaa authentication login list-name method command for a particular protocol,

where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries, in the given sequence.

• The additional methods of authentication are used only if the previous method returns an error, not if it fails.

To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.

Example

The following example configures the authentication login.

Console(config)#

aaa authentication login default radius local enable none

aaa authentication enable

The aaa authentication enable Global Configuration mode command defines authentication method lists for accessing higher privilege levels. Use the no form of this command to return to the default configuration.

Syntax

aaa authentication enable {default | list-name} method1 [method2...]

no aaa authentication enable {default | list-name}

Parameters

default — Uses the listed authentication methods that follow this argument as the default list of methods,

•

when using higher privilege levels.

• list-name — Character string used to name the list of authentication methods activated, when using access

higher privilege levels (Range: 1-12 characters).

• method1 [method2...] — Specify at least one from the following table:

Keyword Description

enable Uses the enable password for authentication.

line Uses the line password for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication. Uses username $enabx$.,

where x is the privilege level.

tacacs Uses the list of all TACACS+ servers for authentication. Uses username

"$enabx$." where x is the privilege level.

Default Configuration

If the default list is not set, only the enable password is checked. This has the same effect as the command aaa authentication enable default enable.

On the console, the enable password is used if it exists. If no password is set, the process still succeeds. This has the same effect as using the command aaa authentication enable default enable none.

Page 25

Allied Telesis

Command Line Interface User’s Guide

Command Mode

Global Configuration mode

User Guidelines

The default and optional list names created with the aaa authentication enable command are used with the

•

enable authentication command.

• The additional methods of authentication are used only if the previous method returns an error, not if it fails.

To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.

• All aaa authentication enable default requests sent by the device to a RADIUS or TACACS+ server include

the username $enabx$., where x is the requested privilege level.

Example

The following example sets the enable password for authentication when accessing higher privilege levels.

Console(config)#

aaa authentication enable default enable

login authentication

The login authentication Line Configuration mode command specifies the login authentication method list for a remote telnet or console. Use the no form of this command to return to the default configuration specified by the

aaa authentication login command.

Syntax

no login authentication

Parameters

default — Uses the default list created with the aaa authentication login command.

•

• list-name — Uses the indicated list created with the aaa authentication login command.

Default Configuration

Uses the default set with the command aaa authentication login.

Command Mode

Line Configuration mode

User Guidelines

Changing login authentication from default to another value may disconnect the telnet session.

Example

The following example specifies the default authentication method for a console.

Console(config)#

Console(config-line)#

line console

Page 26

Not approved by Document Control. For review only.

AAA Commands

enable authentication

The enable authentication Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet or console. Use the no form of this command to return to the default configuration specified by the aaa authentication enable command.

Syntax

enable authentication {default | list-name}

no enable authentication

Parameters

•

default — Uses the default list created with the aaa authentication enable command.

• list-name — Uses the indicated list created with the aaa authentication enable command.

Default Configuration

Uses the default set with the aaa authentication enable command.

Command Mode

Line Configuration mode

User Guidelines

There are no user guidelines for this command.

Example

The following example specifies the default authentication method when accessing a higher privilege level from a console.

Console(config)#

Console(config-line)#

line console

enable authentication default

ip http authentication

The ip http authentication Global Configuration mode command specifies authentication methods for HTTP server users. Use the no form of this command to return to the default configuration.

Syntax

ip http authentication method1 [method2...]

no ip http authentication

Parameters

method1 [method2...] — Specify at least one from the following table:

•

Keyword Description

local Uses the local username database for authentication.

none Uses no authentication.

Page 27

Allied Telesis

Command Line Interface User’s Guide

radius Uses the list of all RADIUS servers for authentication.

tacacs Uses the list of all TACACS+ servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the command ip http authentication local.

Command Mode

Global Configuration mode

User Guidelines

The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.

Example

The following example configures the HTTP authentication.

Console(config)#

ip http authentication radius local

ip https authentication

The ip https authentication Global Configuration mode command specifies authentication methods for HTTPS server users. Use the no form of this command to return to the default configuration.

Syntax

ip https authentication method1 [method2...]

no ip https authentication

Parameters

method1 [method2...] — Specify at least one from the following table:

•

Keyword Source or destination

local Uses the local username database for authentication.

none Uses no authentication.

radius Uses the list of all RADIUS servers for authentication.

tacacs Uses the list of all TACACS+ servers for authentication.

Default Configuration

The local user database is checked. This has the same effect as the command ip https authentication local.

Command Mode

Global Configuration mode

Page 28

Not approved by Document Control. For review only.

AAA Commands

User Guidelines

Example

The following example configures HTTPS authentication.

Console(config)#

ip https authentication radius local

show authentication methods

The show authentication methods Privileged EXEC mode command displays information about the authentication methods.

Syntax

show authentication methods

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the authentication configuration.

Console#

---------------------------------

Default: Radius, Local, Line

Console_Login:

show authentication methods

Line, None

Enable Authentication Method Lists

----------------------------------

Default: Radius, Enable

Console_Enable:

Enable, None

Page 29

Allied Telesis

Command Line Interface User’s Guide

Line Login Method List Enable Method List

-------------- ----------------- ------------------

Console Console_Login Console_Enable

Telnet Default Default

SSH Default Default

http: Radius, Local

https: Radius, Local

dot1x: Radius

password

The password Line Configuration mode command specifies a password on a line. Use the no form of this command to remove the password.

Syntax

password password [encrypted]

no password

Parameters

•

password — Password for this level (Range: 1-159 characters).

• encrypted — Encrypted password to be entered, copied from another device configuration.

Default Configuration

No password is defined.

Command Mode

Line Configuration mode

User Guidelines

If a password is defined as encrypted, the required password length is 32 characters.

Example

The following example specifies password secret on a console.

Console(config)#

Console(config-line)#

line console

password

secret

username

The username Global Configuration mode command creates a user account in the local database. Use the no form of this command to remove a user name.

Page 30

Not approved by Document Control. For review only.

AAA Commands

Syntax

username name [password password] [level level] [encrypted]

no username name

Parameters

name — The name of the user (Range: 1- 20 characters).

•

• password — The authentication password for the user (Range: 1-159 characters).

• level — The user level (Range: 1-15).

• encrypted — Encrypted password entered, copied from another device configuration.

Default Configuration

No user is defined.

Command Mode

Global Configuration mode

User Guidelines

User account can be created without a password.

•

• A single username can be defined for privilege level 1 and another one for privilege level 15.

• Default usernames:

Privilege level 1: username = operator, password = operator

Privilege level 15: username = manager, password = friend

Example

The following example configures user bob with password lee and user level 15 to the system.

Console(config)#

username

bob

password

lee

level

show users accounts

The show users accounts Privileged EXEC mode command displays information about the local user database.

Syntax

show users accounts

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Page 31

Allied Telesis

Command Line Interface User’s Guide

Example

The following example displays the local users configured with access to the system.

Console# show users accounts

Username Privilege Password

Aging

-------- --------- -------- ----------- -------

Bob 1 120 Jan 21 2005 -

Admin 15 120 Jan 21 2005 -

Manager 15 120 Jan 21 2005 -

The following table describes significant fields shown above.

Field Description

Username Name of the user.

Privilege User’s privilege level.

Password Aging User’s password expiration time in days.

Password Expiry Date Expiration date of the user’s password.

Lockout If lockout control is enabled, specifies the number of failed authentication attempts

since the user last logged in successfully. If the user account is locked, specifies LOCKOUT.

Password Expiry date

Lockout

enable password

The enable password Global Configuration mode command sets a local password to control access to user and privilege levels. Use the no form of this command to remove the password requirement.

Syntax

enable password [level level] password [encrypted]

no enable password [level level]

Parameters

•

password — Password for this level. (Range: 1-159 characters)

• level level — Level for which the password applies. If not specified the level is 15. (Range: 1-15)

• encrypted — Encrypted password entered, copied from another device configuration.

Default Configuration

No enable password is defined.

Command Mode

Global Configuration mode

Page 32

Not approved by Document Control. For review only.

AAA Commands

User Guidelines

There are no user guidelines for this command.

Example

The following example sets a local level 15 password called ‘secret’ to control access to user and privilege levels. .

Console(config)#

enable password secret level 15

Page 33

Allied Telesis

Command Line Interface User’s Guide

Chapter 4. Address Table Commands

bridge address

The bridge address Interface Configuration (VLAN) mode command adds a MAC-layer station source address to the bridge table. Use the no form of this command to delete the MAC address.

Syntax

bridge address mac-address {ethernet interface | port-channel port-channel-number} [permanent permanent} | delete-on-reset delete-on-reset} | delete-on-timeout delete-on-timeout} | secure secure]

no bridge address [mac-address]

Parameters

•

mac-address — A valid MAC address.

• interface — A valid Ethernet port.

• port-channel-number — A valid port-channel number.

• permanent — The address can only be deleted by the no bridge address command.

• delete-on-reset — The address is deleted after reset.

• delete-on-timeout — The address is deleted after "age out" time has expired.

• secure — The address is deleted after the port changes mode to unlock learning (no port security

command). This parameter is only available when the port is in the learning locked mode.

Default Configuration

No static addresses are defined. The default mode for an added address is permanent.

Command Mode

Interface Configuration (VLAN) mode

User Guidelines

Using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).

Example

The following example adds a permanent static MAC-layer station source address 3aa2.64b3.a245 on port 1/g16 to the bridge table.

Console(config)#

Console(config-if)#

interface vlan

bridge address

3aa2.64b3.a245

ethernet

1/g16

permanent

bridge multicast filtering

The bridge multicast filtering Global Configuration mode command enables filtering of Multicast addresses. Use the no form of this command to disable filtering of Multicast addresses.

Page 34

Not approved by Document Control. For review only.

Address Table Commands

Syntax

bridge multicast filtering

no bridge multicast filtering

Parameters

This command has no keywords or arguments.

Default Configuration

Filtering Multicast addresses is disabled. All Multicast addresses are flooded to all ports.

Command Mode

Global Configuration mode

User Guidelines

If routers exist on the VLAN, do not change the unregistered Multicast addresses state to drop on the routers

•

ports.

• If Multicast routers exist on the VLAN and IGMP snooping isn't enabled, use the bridge multicast forward-

all command to enable forwarding all Multicast packets to the Multicast routers.

Example

In this example, bridge Multicast filtering is enabled.

Console(config)#

bridge multicast filtering

bridge multicast address

The bridge multicast address Interface Configuration mode command registers MAC-layer Multicast addresses to the bridge table, and adds ports statically to the group. Use the no form of this command to deregister the address.

Syntax

bridge multicast address mac-multicast-address

Parameters

add — Adds ports to the group. If no option is specified, this is the default option.

•

• remove — Removes ports from the group.

• mac-multicast-address — A valid MAC Multicast address.

• interface-list — Separate nonconsecutive Ethernet ports with a comma and no spaces; a hyphen is used to

designate a range of ports.

• port-channel-number-list — Separate nonconsecutive port-channels with a comma and no spaces; a hyphen

is used to designate a range of ports.

Default Configuration

No Multicast addresses are defined.

Page 35

Allied Telesis

Command Line Interface User’s Guide

Command Mode

Interface configuration (VLAN) mode

User Guidelines

If the command is executed without add or remove, the command only registers the group in the bridge

•

database.

• Static Multicast addresses can only be defined on static VLANs.

Example

The following example registers the MAC address:

Console(config)#

Console(config-if)#

The following example registers the MAC address and adds ports statically.

console(config)#

console(config-if)# g2

interface vlan

bridge multicast address

interface vlan

bridge multicast address

01:00:5e:02:02:03

add ethernet

1/g1-9, 2/

bridge multicast forbidden address

The bridge multicast forbidden address Interface Configuration mode command forbids adding specific Multicast addresses to specific ports. Use the no form of this command to return to default.

Syntax

bridge multicast forbidden address {mac-multicast-address | ip-multicast-address} {add | remove} {ethernet interface-list | port-channel port-channel-number-list}

no bridge multicast forbidden address {mac-multicast-address | ip-multicast-address}

Parameters

add — Adds ports to the group.

•

• remove — Removes ports from the group.

• mac-multicast-address — A valid MAC Multicast address.

• interface-list — Separate nonconsecutive Ethernet ports with a comma and no spaces; hyphen is used to

designate a range of ports.

• port-channel-number-list — Separate nonconsecutive valid port-channels with a comma and no spaces; a

hyphen is used to designate a range of port-channels.

Default Configuration

No forbidden addresses are defined.

Command Modes

Interface Configuration (VLAN) mode

Page 36

Not approved by Document Control. For review only.

Address Table Commands

User Guidelines

Before defining forbidden ports, the Multicast group should be registered.

Example

In this example, MAC address 0100.5e02.0203 is forbidden on port 2/g9 within VLAN 8.

Console(config)#

Console(config-if)#

interface vlan

bridge multicast address

bridge multicast forbidden address

0100.5e02.0203

add ethernet

2/g9

bridge multicast forward-all

The bridge multicast forward-all Interface Configuration (VLAN) mode command enables forwarding all Multicast packets on a port. Use the no form of this command to restore the default configuration.

Syntax

bridge multicast forward-all {add | remove} {ethernet interface-list | port-channel port-channel-number-list}

no bridge multicast forward-all

Parameters

•

add — Force forwarding all Multicast packets.

• remove — Do not force forwarding all Multicast packets.

• interface-list — Separate nonconsecutive Ethernet ports with a comma and no spaces; a hyphen is used to

designate a range of ports.

• port-channel-number-list — Separate nonconsecutive port-channels with a comma and no spaces; a hyphen

is used to designate a range of port-channels.

Default Configuration

This setting is disabled.

Command Mode

Interface Configuration (VLAN) mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, all Multicast packets on port 1/g8 are forwarded.

Console(config)#

Console(config-if)#

ethernet 1/g8

interface vlan 2

bridge multicast forward-all add

Page 37

Allied Telesis

Command Line Interface User’s Guide

bridge multicast forbidden forward-all

The bridge multicast forbidden forward-all Interface Configuration mode command forbids a port to be a Forward-all-Multicast port. Use the no form of this command to return to default.

Syntax

bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel port-channel-

number-list}

no bridge multicast forbidden forward-all

Parameters

•

add — Forbid forwarding all Multicast packets.

• remove — Do not forbid forwarding all Multicast packets.

• interface-list — Separates nonconsecutive Ethernet ports with a comma and no spaces; use a hyphen to

designate a range of ports.

• port-channel-number-list — Separates nonconsecutive port-channels with a comma and no spaces; use a

hyphen to designate a range of port-channels.

Default Configuration

This setting is disabled.

Command Mode

Interface Configuration (VLAN) mode

User Guidelines

•

IGMP snooping dynamically discovers Multicast router ports. When a Multicast router port is discovered, all the Multicast packets are forwarded to it unconditionally.

• This command prevents a port from becoming a Multicast router port.

Example

In this example, forwarding all Multicast packets to 1/g1 with VLAN 2 is forbidden.

Console(config)#

Console(config-if)#

interface vlan

bridge multicast forbidden forward-all add ethernet

1/g1

bridge aging-time

The bridge aging-time Global Configuration mode command sets the aging time of the Address Table. Use the no form of this command to restore the default.

Syntax

bridge aging-time seconds

no bridge aging-time

Parameters

seconds — Time in seconds. (Range: 10-630 seconds)

•

Not approved by Document Control. For review only.

Page 38

Default Configuration

The default setting is 300 seconds.

Command Mode

Global Configuration mode

User Guidelines

There are no user guidelines for this command.

Example

In this example the bridge aging time is set to 250.

Address Table Commands

Console(config)#

bridge aging-time

250

clear bridge

The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database.

Syntax

clear bridge

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, the bridge tables are cleared.

Console#

clear bridge

port security

The port security Interface Configuration mode command enables port security on an interface. Use the no form of this command to disable port security on an interface.

Syntax

port security [forward | discard | discard-shutdown] [trap seconds]

no port security

Page 39

Allied Telesis

Command Line Interface User’s Guide

Parameters

forward — Forwards frames with unlearned source addresses, but does not learn the address.

•

• discard — Discards frames with unlearned source addresses. This is the default if no option is indicated.

• discard-shutdown — Discards frames with unlearned source addresses. The port is also shut down.

• trap seconds — Send SNMP traps, and specifies the minimum time between consecutive traps.

Default Configuration

This setting is disabled.

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, port 1/g1 forwards all packets without learning addresses of packets from unknown sources and sends traps every 100 seconds if a packet with an unknown source address is received.

Console(config)#

Console(config-if)#

interface ethernet 1/g1

port security forward trap

100

port security mode

The port security mode Interface Configuration mode command configures the port security mode. Use the no form of this command to return to the default configuration.

Syntax

port security mode {lock | max-addresses}

no port security mode

Parameters

lock — Saves the current dynamic MAC addresses associated with the port and disables learning, relearning

•

and aging.

• max-addresses — Delete the current dynamic MAC addresses associated with the port. Learn up to the

maximum addresses allowed on the port. Relearning and aging are enabled.

Default Configuration

Lock.

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

There are no user guidelines for this command.

Not approved by Document Control. For review only.

Page 40

Example

In this example, port security mode is set to dynamic for Ethernet interface 1/g7.

Address Table Commands

Console(config)#

interface ethernet 1/g7

port security max

The port security max Interface Configuration (Ethernet, port-channel) mode command configures the maximum number of addresses that can be learned on the port while the port is in port security mode. Use the no form of this command to return to the default configuration.

Syntax

port security max max-addr

no port security max

Parameters

max-addr— Maximum number of addresses that can be learned by the port.

•

(Range: 1-128)

Default Configuration

The default setting is 1 address.

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

This command is only relevant in dynamic learning modes.

Example

In this example, the maximum number of addresses that are learned on port 1/g7 before it is locked is set to 20.

Console(config)#

Console(config-if)#

interface ethernet 1/g7

port security max

port security routed secure-address

The port security routed secure-address Interface Configuration (Ethernet, port-channel) mode command adds a MAC-layer secure address to a routed port. Use the no form of this command to delete a MAC address.

Syntax

port security routed secure-address mac-address

no port security routed secure-address mac-address

Parameters

mac-address — A valid MAC address.

•

Page 41

Allied Telesis

Command Line Interface User’s Guide

Default Configuration

No addresses are defined.

Command Mode

Interface Configuration (Ethernet, port-channel) mode. Cannot be configured for a range of interfaces (range context).

User Guidelines

•

The command enables adding secure MAC addresses to a routed port in port security mode.

• The command is available when the port is a routed port and in port security mode.

• The address is deleted if the port exits the security mode or is not a routed port.

Example

In this example, the MAC-layer address 66:66:66:66:66:66 is added to port 1/g1.

Console(config)#

Console(config-if)#

interface ethernet 1/g1

port security routed secure-address

66:66:66:66:66:66

show bridge address-table

The show bridge address-table Privileged EXEC mode command displays all entries in the bridge-forwarding database.

Syntax

show bridge address-table [vlan vlan] [ethernet interface | port-channel port-channel-number]

Parameters

•

vlan — Specifies a valid VLAN, such as VLAN 1.

• interface — A valid Ethernet port.

• port-channel-number — A valid port-channel number.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

Internal usage VLANs (VLANs that are automatically allocated on ports with a defined Layer 3 interface) are

•

presented in the VLAN column by a port number and not by a VLAN ID.

• "Special" MAC addresses that were not statically defined or dynamically learned are displayed in the MAC

Address Table.

Page 42

Not approved by Document Control. For review only.

Address Table Commands

Example

In this example, all classes of entries in the bridge-forwarding database are displayed.

Console#

Aging time is 300 sec

vlan mac address Port Type

--------- -------------- ---- -------

1 00:02:3f:b4:28:05 g16 dynamic

1 00:07:40:c9:5f:83 ch5 dynamic

1 00:15:77:74:64:40 ch5 dynamic

show bridge address-table

show bridge address-table static

The show bridge address-table static Privileged EXEC mode command displays statically created entries in the bridge-forwarding database.

Syntax

show bridge address-table static [vlan vlan] [ethernet interface | port-channel port-channel-number]

Parameters

•

vlan — Specifies a valid VLAN, such as VLAN 1.

• interface — A valid Ethernet port.

• port-channel-number — A valid port-channel number.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, all static entries in the bridge-forwarding database are displayed.

Console#

Aging time is 300 sec

vlan mac address port type

show bridge address-table static

Page 43

Allied Telesis

Command Line Interface User’s Guide

---- ----------------- ---- -----------------

1 00:60:70:4C:73:FF 1/g8 Permanent

1 00:60.70.8C.73:FF 1/g8 delete-on-timeout

200 00:10:0D:48:37:FF 1/g9 delete-on-reset

show bridge address-table count

The show bridge address-table count Privileged EXEC mode command displays the number of addresses present in the Forwarding Database.

Syntax

show bridge address-table count [vlan vlan][ ethernet interface-number | port-channel port-channel-number]

Parameters

•

vlan — Specifies a valid VLAN, such as VLAN 1.

• interface — A valid Ethernet port.

• port-channel-number — A valid port-channel number.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, the number of addresses present in all VLANs are displayed.

Console#

This may take some time.

Capacity: 8192

Free: 8190

Used: 2

Secure: 0

Dynamic: 2

Static : 0

Internal: 0

show bridge address-table count

Page 44

Not approved by Document Control. For review only.

Address Table Commands

show bridge multicast address-table

The show bridge multicast address-table Privileged EXEC mode command displays the bridge Multicast Address Table information.

Syntax

show bridge multicast address-table [vlan vlan-id] [address mac-multicast-address | ip-multicast-address] [format ip | format mac] [source ip-address]

Parameters

vlan-id — A valid VLAN ID value.

•

• mac-multicast-address — A valid MAC Multicast address.

• ip-multicast-address — A valid IP Multicast address.

• ip-address — Source IP address

• format ip|mac — Multicast address format. Can be ip or mac. If the format is unspecified, the default is mac.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

A MAC address can be displayed in IP format only if it is in the range of 0100.5e00.0000-0100.5e7f.ffff.

Page 45

Allied Telesis

Command Line Interface User’s Guide

Examples

In these examples, Multicast MAC address and IP Address Table information is displayed.

Console#

show bridge multicast address-table

Multicast address table for VLANs in MAC-GROUP bridging mode:

Vlan MAC Address Type Ports

---- -------------- ------- ----------

1 0100.5e23.8787 static 1/g1, 2/g2

1 01:00:5e:02:02:03 dynamic 1/g1, 2/g2

19 01:00:5e:02:02:08 static 1/g1-g8

19 00:00:5e:02:02:08 dynamic 1/g9-g/g11

Forbidden ports for multicast addresses:

Vlan MAC Address Ports

---- -------------- -----

1 01:00:5e:02:02:03 2/8

19 01:00:5e:02:02:08 2/8

Console # show bridge multicast address-table format ip

Multicast address table for VLANs in MAC-GROUP bridging mode:

Vlan IP/MAC Address Type Ports

---------- --------------- ---------------- ------------------

1 0100.9923.8787 static 1/g1, 2/g2

1 224-239.130|2.2.3 dynamic 1/g1, 2/g2

19 224-239.130|2.2.8 static 1/g1-g8

19 224-239.130|2.2.8 dynamic 1/g9-g11

Forbidden ports for multicast addresses:

Vlan IP/MAC Address Ports

--------- ---------------- -----------

1 224-239.130|2.2.3 2/8

19 224-239.130|2.2.8 2/8

Page 46

Not approved by Document Control. For review only.

Address Table Commands

Note

A Multicast MAC address maps to multiple IP addresses as shown above.

show bridge multicast address-table static

The show bridge multicast address-table static Privileged EXEC mode command displays statically configured Multicast addresses.

Syntax

show bridge multicast address-table static [vlan vlan-id] [address mac-multicast-address |

Parameters

vlan-id — A valid VLAN ID value.

•

• mac-multicast-address — A valid MAC Multicast address.

• ip-multicast-address — A valid IP Multicast address.

• ip-address — Source IP address

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

A MAC address can be displayed in IP format only if it's in the range 0100.5e00.0000 through 0100.5e7f.ffff.

Example

In this example, Multicast MAC address and IP Address Table information is displayed.

Console#

Multicast address table for VLANs in MAC-GROUP bridging mode:

Vlan MAC Address Type Ports

---- -------------- ------- ----------

1 0100.5e23.8787 static 1/g1, 2/g2

Forbidden ports for multicast addresses:

Vlan MAC Address Ports

---------- ---------------- -------------------------------------

console#

show bridge multicast address-table static

show bridge multicast filtering

The show bridge multicast filtering User EXEC mode command displays Multicast filtering configuration.

Page 47

Allied Telesis

Command Line Interface User’s Guide

Syntax

show bridge multicast filtering vlan-id

Parameters

vlan-id — VLAN ID value.

•

Default Configuration

This command has no default configuration.

Command Mode

User EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, the Multicast configuration for VLAN 1 is displayed.

Console#

Filtering: Enabled

VLAN: 1

Forward-All

Port Static Status

---- --------- ---------

1/g1 - Filter

1/g2 - Filter

1/g3 - Filter

1/g4 - Filter

1/g5 - Filter

1/g6 - Filter

1/g7 - Filter

1/g8 - Filter

1/g9 - Filter

1/g10 - Filter

1/g11 - Filter

1/g12 - Filter

show bridge multicast filtering

Page 48

Not approved by Document Control. For review only.

Address Table Commands

Console#

Filtering: Enabled

VLAN: 1

Port Forward-Unregistered Forward-All

---- --------- --------- --------- ----------

1/g1 Forbidden Filter Forbidden Filter

1/g2 Forward Forward(s) Forward Forward(s)

1/g3 - Forward(d) - Forward(d)

show bridge multicast filtering

Static Status Static Status

show ports security

The show ports security Privileged EXEC mode command displays the port-lock status.

Syntax

show ports security [ethernet interface | port-channel port-channel-number]

Parameters

•

interface — A valid Ethernet port.

• port-channel-number — A valid port-channel number.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

In this example, all classes of entries in the port-lock status are displayed:

Console#

Port Status Learning Action Maximum Trap Frequency

---- ------- -------- ------- ------- ------- ---------

1/g1 Locked Dynamic Discard 3 Enable 100

show ports security

Page 49

Allied Telesis

Command Line Interface User’s Guide

1/g2 Unlocked Dynamic - 28 - -

1/g3 Locked Disabled Discard,

Shutdown

The following table describes the fields shown above.

Field Description

Port Port number

Status Locked/Unlocked

Learning Learning mode

Action Action on violation

Maximum Maximum addresses that can be associated on this port in Static

Learning mode or in Dynamic Learning mode

Trap Indicates if traps are sent in case of a violation

Frequency Minimum time between consecutive traps

8 Disable -

show ports security addresses

The show ports security addresses Privileged EXEC mode command displays the current dynamic addresses in locked ports.

Syntax

show ports security addresses [ethernet interface | port-channel port-channel-number]

Parameters

•

interface — A valid Ethernet port.

• port-channel-number — A valid port-channel number.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Examples

In these examples, dynamic addresses in currently locked ports are displayed.

Console#

Port Status Learning Current Maximum

show ports security addresses

Page 50

Not approved by Document Control. For review only.

Address Table Commands

---- -------- -------- ------- -------

1/g1 Disabled Lock - 1

1/g2 Disabled Lock - 1

1/g3 Enabled Max-addresses 0 1

1/g4 Port is a member in port-channel ch1

1/g5 Disabled Lock - 1

1/g6 Enabled Max-addresses 0 10

ch1 Enabled Max-addresses 0 50

ch2 Enabled Max-addresses 0 128

In this example, dynamic addresses in currently locked port 1/g1 are displayed.

Console#

show ports security addresses ethernet 1/g1

Port Status Learning Current Maximum

---- -------- -------- ------- -------

1/g1 Disabled Lock - 1

Page 51

Allied Telesis

Command Line Interface User’s Guide

Chapter 5. Clock Commands

clock set

The clock set Privileged EXEC mode command manually sets the system clock. To avoid an SNTP conflict, this command should only be used if there is no clock source set.

Syntax

clock set hh:mm:ss day month year

clock set hh:mm:ss month day year

Parameters

hh:mm:ss — Current time in hours (military format), minutes, and seconds (hh: 0 - 23, mm: 0 - 59, ss: 0 - 59).

•

• day — Current day (by date) in the month (1 - 31).

• month — Current month using the first three letters by name (Jan, …, Dec).

• year — Current year (2000 - 2097).

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example sets the system time to 13:32:00 on the 7th March 2002.

Console# clock set 13:32:00 7 Mar 2002

clock source

The clock source Global Configuration mode command configures an external time source for the system clock. Use no form of this command to disable external time source.

Syntax

clock source {sntp}

no clock source

Parameters

sntp — SNTP servers

•

Page 52

Not approved by Document Control. For review only.

Clock Commands

Default Configuration

No external clock source

Command Mode

Global Configuration mode

User Guidelines

There are no user guidelines for this command.

Example

The following example configures an external time source for the system clock.

Console(config)# clock source sntp

clock timezone

The clock timezone Global Configuration mode command sets the time zone for display purposes. Use the no form of this command to set the time to the Coordinated Universal Time (UTC).

Syntax

clock timezone hours-offset [minutes minutes-offset] [zone acronym]

no clock timezone

Parameters

hours-offset — Hours difference from UTC. (Range: -12 – +13)

•

• minutes-offset — Minutes difference from UTC. (Range: 1 – 59)

• acronym — The acronym of the time zone. (Range: Up to 4 characters)

Default Configuration

Clock set to UTC.

Command Mode

Global Configuration mode

User Guidelines

The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set.

Example

The following example sets the timezone to 6 hours difference from UTC.

Console(config)

clock timezone -6 zone CST

Page 53

Allied Telesis

Command Line Interface User’s Guide

clock summer-time

The clock summer-time Global Configuration mode command configures the system to automatically switch to summer time (daylight saving time). Use the no form of this command to configure the software not to automatically switch to summer time.

Syntax

clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone

acronym]

clock summer-time date date month year hh:mm date month year hh:mm [offset offset] [zone acronym]

clock summer-time date month date year hh:mm month date year hh:mm [offset offset] [zone acronym]

no clock summer-time recurring

Parameters

recurring — Indicates that summer time should start and end on the corresponding specified days every

•

year.

• date — Indicates that summer time should start on the first specific date listed in the command and end on

the second specific date in the command.

• usa — The summer time rules are the United States rules.

• eu — The summer time rules are the European Union rules.

• week — Week of the month. (Range: 1 - 5, first, last)

• day — Day of the week (Range: first three letters by name, like sun)

• date — Date of the month. (Range:1 - 31)

• month — Month. (Range: first three letters by name, like Jan)

• year — year - no abbreviation (Range: 2000 - 2097)

• hh:mm — Time in military format, in hours and minutes. (Range: hh: 0 - 23, mm:0 - 59)

• offset — Number of minutes to add during summer time. (Range: 1 - 1440)

• acronym — The acronym of the time zone to be displayed when summer time is in effect. (Range: Up to 4

characters)

Default Configuration

Summer time is disabled.

offset — Default is 60 minutes.

acronym — If unspecified default to the timezone acronym.

If the timezone has not been defined, the default is GMT.

Command Mode

Global Configuration mode

Page 54

Not approved by Document Control. For review only.

Clock Commands

User Guidelines

In both the date and recurring forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is chronologically after the ending month, the system assumes that the device is in the southern hemisphere.

USA rule for daylight savings time:

• Start: Second Sunday in March

• End: First Sunday in November

• Time: 2 am local time

EU rule for daylight savings time:

• Start: Last Sunday in March

• End: Last Sunday in October

• Time: 1.00 am (01:00)

Example

The following example sets summer time starting on the first Sunday in April at 2 am and finishing on the last Sunday in October at 2 am.

Console(config)# clock summer-time recurring first sun apr 2:00 last sun oct 2:00

sntp authentication-key

The sntp authentication-key Global Configuration mode command defines an authentication key for Simple Network Time Protocol (SNTP). Use the no form of this command to remove the authentication key for SNTP.

Syntax

sntp authentication-key number md5 value

no sntp authentication-key number

Parameters

•

number — Key number (Range: 1-4294967295)

• value — Key value (Range: 1-8 characters)

Default Configuration

No authentication key is defined.

Command Mode

Global Configuration mode

User Guidelines

Multiple keys can be generated.

Page 55

Allied Telesis

Command Line Interface User’s Guide

Example

The following example defines the authentication key for SNTP.

Console(config)#

sntp authentication-key

md5

ClkKey

sntp authenticate

The sntp authenticate Global Configuration mode command grants authentication for received Simple Network Time Protocol (SNTP) traffic from servers. Use the no form of this command to disable the feature.

Syntax

sntp authenticate

no sntp authenticate

Default Configuration

No authentication

Command Mode

Global Configuration mode

User Guidelines

The command is relevant for both Unicast and Broadcast.

Example

The following example defines the authentication key for SNTP and grants authentication.

Console(config)#

sntp authentication-key

sntp trusted-key

sntp authenticate

md5

ClkKey

sntp trusted-key

The sntp trusted-key Global Configuration mode command authenticates the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. Use the no form of this command to disable authentication of the identity of the system.

Syntax

sntp trusted-key key-number

no sntp trusted-key key-number

Parameters

•

key-number — Key number of authentication key to be trusted. (Range: 1 - 4294967295)

Default Configuration

No keys are trusted.

Page 56

Not approved by Document Control. For review only.

Command Mode

Global Configuration mode

User Guidelines

The command is relevant for both received Unicast and Broadcast.

If there is at least 1 trusted key, then unauthenticated messages will be ignored.

Example

The following example authenticates key 8.

Clock Commands

Console(config)#

sntp authentication-key

sntp trusted-key

sntp authenticate

md5

ClkKey

sntp client poll timer

The sntp client poll timer Global Configuration mode command sets the polling time for the Simple Network Time Protocol (SNTP) client. Use the no form of this command to return to default configuration.

Syntax

sntp client poll timer seconds

no sntp client poll timer

Parameters

seconds — Polling interval in seconds (Range: 60-86400)

•

Default Configuration

Polling interval is 1024 seconds.

Command Mode

Global Configuration mode

User Guidelines

There are no user guidelines for this command.

Example

The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 120 seconds.

Console(config)#

sntp client poll timer

120

sntp broadcast client enable

The sntp broadcast client enable Global Configuration mode command enables Simple Network Time Protocol (SNTP) Broadcast clients. Use the no form of this command to disable SNTP Broadcast clients.

Page 57

Allied Telesis

Command Line Interface User’s Guide

Syntax

sntp broadcast client enable

no sntp broadcast client enable

Default Configuration

The SNTP Broadcast client is disabled.

Command Mode

Global Configuration mode

User Guidelines

Use the sntp client enable (Interface) Interface Configuration mode command to enable the SNTP client on a specific interface.

Example

The following example enables the SNTP Broadcast clients.

Console(config)# sntp broadcast client enable

sntp anycast client enable

The sntp anycast client enable Global Configuration mode command enables SNTP Anycast client. Use the no form of this command to disable the SNTP Anycast client.

Syntax

sntp anycast client enable

no sntp anycast client enable

Default Configuration

The SNTP Anycast client is disabled.

Command Mode

Global Configuration mode

User Guidelines

The sntp client poll timer Global Configuration mode command determines polling time.

Use the sntp client enable (Interface) Interface Configuration mode command to enable the SNTP client on a specific interface.

Example

The following example enables SNTP Anycast clients.

console(config)#

sntp anycast client enable

Page 58

Not approved by Document Control. For review only.

Clock Commands

sntp client enable (Interface)

The sntp client enable Interface Configuration (Ethernet, port-channel, VLAN) mode command enables the Simple Network Time Protocol (SNTP) client on an interface. This applies to both receive Broadcast and Anycast updates. Use the no form of this command to disable the SNTP client.

Syntax

sntp client enable

no sntp client enable

Default Configuration

The SNTP client is disabled on an interface.

Command Mode

Interface configuration (Ethernet, port-channel, VLAN) mode

User Guidelines

Use the sntp broadcast client enable Global Configuration mode command to enable Broadcast clients globally.

Use the sntp anycast client enable Global Configuration mode command to enable Anycast clients globally.

Example

The following example enables the SNTP client on Ethernet port 1/g3.

onsole(config)#

Console(config-if)#

interface ethernet 1/g3

sntp client enable

sntp unicast client enable

The sntp unicast client enable Global Configuration mode command enables the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers. Use the no form of this command to disable requesting and accepting SNTP traffic from servers.

Syntax

sntp unicast client enable

no sntp unicast client enable

Default Configuration

The SNTP Unicast client is disabled.

Command Mode

Global Configuration mode

User Guidelines

Use the sntp server Global Configuration mode command to define SNTP servers.

Page 59

Allied Telesis

Command Line Interface User’s Guide

Example

The following example enables the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers.

Console(config)#

sntp unicast client enable

sntp unicast client poll

The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol (SNTP) predefined Unicast servers. Use the no form of this command to disable the polling for SNTP client.

Syntax

sntp unicast client poll

no sntp unicast client poll

Default Configuration

Polling is disabled.

Command Mode

Global Configuration mode

User Guidelines

The sntp client poll timer Global Configuration mode command determines polling time.

Example

The following example enables polling for Simple Network Time Protocol (SNTP) predefined Unicast clients.

Console(config)#

sntp unicast client poll

sntp server

The sntp server Global Configuration mode command configures the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from a specified server. Use the no form of this command to remove a server from the list of SNTP servers.

Syntax

sntp server {ip-address | hostname}[poll] [key keyid]

no sntp server host

Parameters

ip-address — IP address of the server.

•

• hostname — Hostname of the server. (Range: 1-158 characters)

• poll — Enable polling.

• keyid — Authentication key to use when sending packets to this peer.

(Range:1-4294967295)

Page 60

Not approved by Document Control. For review only.

Clock Commands

Default Configuration

No servers are defined.

Command Mode

Global Configuration mode

User Guidelines

Up to 8 SNTP servers can be defined.

To enable predefined Unicast clients globally use the sntp unicast client enable Global Configuration mode command.

To enabling global polling use the sntp unicast client poll Global Configuration mode command.

The sntp client poll timer Global Configuration mode command determines polling time.

Example

The following example configures the device to accept SNTP traffic from the server on 192.1.1.1.

Console(config)#

sntp server

192.1.1.1

show clock

The show clock User EXEC mode command displays the time and date from the system clock.

Syntax

show clock [detail]

Parameters

•

detail — Shows timezone and summertime configuration.

Default Configuration

This command has no default configuration.

Command Mode

User EXEC mode

User Guidelines

The symbol that precedes the show clock display indicates the following:

Symbol Description

* Time is not authoritative.

(blank) Time is authoritative.

. Time is authoritative, but SNTP is not synchronized.

Page 61

Allied Telesis

Command Line Interface User’s Guide

Example

The following example displays the time and date from the system clock.

Console> show clock

15:29:03 PDT(UTC-7) Jun 17 2002

Time source is SNTP

Console>

15:29:03 PDT(UTC-7) Jun 17 2002

Time source is SNTP

Time zone:

Acronym is PST

Offset is UTC-8

Summertime:

Acronym is PDT

Recurring every year.

Begins at first Sunday of April at 2:00.

Ends at last Sunday of October at 2:00.

Offset is 60 minutes.

show clock detail

show sntp configuration

The show sntp configuration Privileged EXEC mode command shows the configuration of the Simple Network Time Protocol (SNTP).

Syntax

show sntp configuration

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the current SNTP configuration of the device.

Console#

Polling interval: 7200 seconds

show sntp configuration

MD5 Authentication keys: 8, 9

Page 62

Not approved by Document Control. For review only.

Authentication is required for synchronization.

Trusted Keys: 8, 9

Unicast Clients: Enabled

Unicast Clients Polling: Enabled

Server Polling Encryption Key

----------- ------- --------------

176.1.1.8 Enabled 9

176.1.8.179 Disabled Disabled

Broadcast Clients: Enabled

Anycast Clients: Enabled

Broadcast and Anycast Interfaces: 1/g1, 1/g3

Clock Commands

show sntp status

The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol (SNTP).

Syntax

show sntp status

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example shows the status of the SNTP.

Console# show sntp status

Clock is synchronized, stratum 4, reference is 176.1.1.8, unicast

Reference time is AFE2525E.70597B34 (00:10:22.438 PDT Jul 5 1993)

Unicast servers:

Server Status Last response Offset

[mSec]

Page 63

Delay [mSec]

Allied Telesis

Command Line Interface User’s Guide

----------- ------- ---------------------------- ------ ------

176.1.1.8 Up 19:58:22.289 PDT Feb 19 2002 7.33 117.79

176.1.8.179 Unknown 12:17.17.987 PDT Feb 19 2002 8.98 189.19

Anycast server:

Server Interface Status Last response Offset Delay

[mSec] [mSec]

--------- ------- ----- ----------------------------- ------ -----

176.1.11.8 VLAN 118 Up 9:53:21.789 PDT Feb 19 2002 7.19 119.89

Broadcast:

Interface Interface Last response

--------- --------- ----------------------------

176.9.1.1 VLAN 119 19:17:59.792 PDT Feb 19 2002

Page 64

Not approved by Document Control. For review only.

Configuration and Image File Commands

Chapter 6. Configuration and Image File Commands

copy

The copy Privileged EXEC mode command copies files from a source to a destination.

Syntax

copy source-url destination-url

Parameters

source-url — The source file location URL or reserved keyword of the source file to be copied.

•

(Range: 1-160 characters)

• destination-url — The destination file URL or reserved keyword of the destination file.

(Range: 1-160 characters)

The following table displays keywords and URL prefixes:

Keyword Source or Destination

flash: Source or destination URL for flash memory. It’s the default in case a URL is specified

without a prefix.

running-config Represents the current running configuration file.

startup-config Represents the startup configuration file.

image If the source file, represents the active image file. If the destination file, represents the

non-active image file.

boot Boot file.

tftp:// Source or destination URL for a TFTP network server. The syntax for this alias is tftp://

host/[directory]/filename. The host can be represented by its IP address or hostname.

xmodem: Source for the file from a serial connection that uses the Xmodem protocol.

unit://member/ image

unit://member/ boot

null: Null destination for copies or files. A remote file can be copied to null to determine its size.

backup-config Represents the backup configuration file.

unit://member/ backup-config

Image file on one of the units. To copy from the master to all units, specify * in the member field.

Boot file on one of the units. To copy from the master to all units, specify * in the member field.

Backup configuration on one of the units.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

Page 65

Allied Telesis

Command Line Interface User’s Guide

User Guidelines

Up to five backup configuration files are supported on the device.

The location of a file system dictates the format of the source or destination URL.

The entire copying process may take several minutes and differs from protocol to protocol and from network to network.

*.prv and *.sys files cannot be copied.

Understanding Invalid Combinations of Source and Destination

Some invalid combinations of source and destination exist. Specifically, you cannot copy if one of the following conditions exist:

The source file and destination file are the same file.

xmodem: is the destination file. The source file can be copied to image, boot and null: only.

tftp:// is the source file and destination file on the same copy.

The following table describes copy characters:

Character Description

! For network transfers, indicates that the copy process is taking place. Each exclamation

point indicates successful transfer of ten packets (512 bytes each).

. For network transfers, indicates that the copy process timed out. Generally, many

periods in a row means that the copy process may fail.

Copying an Image File from a Server to Flash Memory

To copy an image file from a server to flash memory, use the copy source-url image command.

Copying a Boot File from a Server to Flash Memory

To copy a boot file from a server to flash memory, enter the copy source-url boot command.

Copying a Configuration File from a Server to the Running Configuration File

To load a configuration file from a network server to the running configuration file of the device, enter the copy

source-url running-config command. The commands in the loaded configuration file are added to those in the running configuration file as if the commands were typed in the command-line interface (CLI). Thus, the resulting configuration file is a combination of the previous running configuration and the loaded configuration files with the loaded configuration file taking precedence.

Copying a Configuration File from a Server to the Startup Configuration

To copy a configuration file from a network server to the startup configuration file of the device, enter copy source- url startup-config. The startup configuration file is replaced by the copied configuration file.

Storing the Running or Startup Configuration on a Server

Use the copy running-config destination-url command to copy the current configuration file to a network server using TFTP. Use the copy startup-config destination-url command to copy the startup configuration file to a network server.

Saving the Running Configuration to the Startup Configuration

To copy the running configuration to the startup configuration file, enter the copy running-config startup-config command.

Backing up the Running or Startup Configuration to a Backup Configuration File

Page 66

Not approved by Document Control. For review only.

Configuration and Image File Commands

To copy the running configuration file to a backup configuration file, enter the copy running-config file command. To copy the startup configuration file to a backup configuration file, enter the copy startup-config file command.

Before copying from the backup configuration file to the running configuration file, make sure that the backup configuration file has not been corrupted.

Example

The following example copies system image file1 from the TFTP server 172.16.101.101 to a non-active image file.

Console#

Accessing file 'file1' on 172.16.101.101...

Loading file1 from 172.16.101.101: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK]

Copy took 0:01:11 [hh:mm:ss]

copy tftp://

172.16.101.101/file1

image

dir

The dir Privileged EXEC mode command displays the list of files on a flash file system.

Syntax

dir

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the list of files on a flash file system.

Console# dir

Directory of flash:

File Name Permission FlashSize DataSize Modified

---------- ---------- ---------- ---------- ----------

image-1 rw 5242880 4325376 01-Jan-2000 01:07:13

image-2 rw 5242880 4325376 01-Jan-2000 09:09:19

dhcpsn.prv -- 131072 --- 01-Jan-2000 01:02:15

sshkeys.prv -- 262144 --- 01-Jan-2000 01:02:15

Page 67

Allied Telesis

Command Line Interface User’s Guide

syslog1.sys r 262144 -- 01-Jan-2000 01:03:21

syslog2.sys r 262144 -- 01-Jan-2000 01:03:21

directry.prv -- 262144 -- 01-Jan-2000 01:02:15

startup-config rw 524288 4 01-Jan-2000 01:06:34

Total size of flash: 15728640 bytes

Free size of flash: 3538944 bytes

console#

delete

The delete Privileged EXEC mode command deletes a file from a flash memory device.

Syntax

delete url

Parameters

•

url — The location URL or reserved keyword of the file to be deleted. (Range: 1-160 characters)

The following table displays keywords and URL prefixes:

Keyword Source or Destination

flash: Source or destination URL for flash memory. It’s the default in case a URL is specified

without a prefix.

startup-config Represents the startup configuration file.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

*.sys, *.prv, image-1 and image-2 files cannot be deleted.

Example

The following example deletes file test from flash memory.

Console#

Delete flash:test? [confirm]

delete flash:

test

Page 68

Not approved by Document Control. For review only.

Configuration and Image File Commands

boot system

The boot system Privileged EXEC mode command specifies the system image that the device loads at startup.

Syntax

boot system [unit unit] {image-1 | image-2}

Parameters

unit — Specifies the unit number.

•

• image-1 — Specifies image 1 as the system startup image.

• image-2 — Specifies image 2 as the system startup image.

Default Configuration

If the unit number is unspecified, the default setting is the master unit number.

Command Mode

Privileged EXEC mode

User Guidelines

Use the show bootvar command to find out which image is the active image.

Example

The following example loads system image 1 at device startup.

Console#

boot system image-1

show running-config

The show running-config Privileged EXEC mode command displays the contents of the currently running configuration file.

Syntax

show running-config

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Page 69

Allied Telesis

Command Line Interface User’s Guide

Example

The following example displays the contents of the running configuration file.

Console#

software version 1.1

hostname device

interface ethernet 1/g1

ip address 176.242.100.100 255.255.255.0

duplex full

speed 1000

interface ethernet 1/g2

ip address 176.243.100.100 255.255.255.0

duplex full

speed 1000

show running-config

show startup-config

The show startup-config Privileged EXEC mode command displays the contents of the startup configuration file.

Syntax

show startup-config

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the contents of the running configuration file.

Console#

software version 1.1

hostname device

show startup-config

Page 70

Not approved by Document Control. For review only.

Configuration and Image File Commands

interface ethernet 1/g1

ip address 176.242.100.100 255.255.255.0

duplex full

speed 1000

interface ethernet 1/g2

ip address 176.243.100.100 255.255.255.0

duplex full

speed 1000

show bootvar

The show bootvar Privileged EXEC mode command displays the active system image file that is loaded by the device at startup.

Syntax

show bootvar [unit unit]

Parameters

•

unit — Specifies the unit number.

Default Configuration

This command has no default configuration.

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the active system image file that is loaded by the device at startup.

Console#

Images currently available on the FLASH

image-1 active

image-2 not active (selected for next boot)

Unit Active Image Selected for next boot

---- ------------ ----------------------

1 image-1 image-2

2 image-1 image-1

show bootvar

Page 71

Allied Telesis

Command Line Interface User’s Guide

Chapter 7. DHCP Option 82 Commands

ip dhcp information option

The ip dhcp information option Global Configuration mode command enables Dynamic Host Configuration Protocol (DHCP) option-82 data insertion. Use the no form of this command to disable DHCP option-82 data insertion.

Syntax

ip dhcp information option

no ip dhcp information option

Parameters

This command has no arguments or keywords.

Default Configuration

DHCP option-82 data insertion is enabled.

Command Mode

Global Configuration mode

User Guidelines

DHCP option 82 is enabled only if DHCP snooping or DHCP relay are enabled.

Example

The following example enables DHCP option-82 data insertion.

Console(config)# ip dhcp information option

show ip dhcp information option

The show ip dhcp information option EXEC mode command displays the DHCP option 82 configuration.

Syntax

show ip dhcp information option

Parameters

This command has no arguments or keywords.

Default Configuration

DHCP option-82 data insertion is enabled.

Page 72

Not approved by Document Control. For review only.

Command Mode

Privileged EXEC

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the DHCP option 82 configuration.

DHCP Option 82 Commands

Console(config)#

show ip dhcp information option

ip dhcp relay enable

The ip dhcp relay enable Global Configuration mode command enables DHCP relay features on your router. Use the no form of this command to disable the relay agent features.

Syntax

ip dhcp relay {address|enable}

no ip dhcp relay {address|enable}

Parameters

This command has no arguments or keywords.

Default Configuration

Disabled.

Command Mode

Global Configuration

User Guidelines

There are no user guidelines for this command.

Example

The following example enables DHCP relay features.

Console(config)#

ip dhcp relay enable

Page 73

Allied Telesis

Command Line Interface User’s Guide

Chapter 8. DHCP Snooping Commands

ip dhcp snooping

The ip dhcp snooping Global Configuration mode command globally enables DHCP snooping. Use the no form of this command to return to the default setting.

Syntax

ip dhcp snooping

no ip dhcp snooping

Parameters

This command has no arguments or keywords

Default Configuration

Disabled

Command Mode

Global Configuration mode

User Guidelines

For any DHCP snooping configuration to take effect, DHCP snooping must be globally enabled. DHCP snooping is not active until snooping on a VLAN is enabled by using the ip dhcp snooping VLAN Global Configuration mode command.

Example

.The following example configures globally enabling DHCP snooping.

Console(config)# ip dhcp snooping

ip dhcp snooping vlan

The ip dhcp snooping vlan Global Configuration mode command enables DHCP snooping on a VLAN. Use the no form of this command to disable DHCP snooping on a VLAN

Syntax

ip dhcp snooping vlan vlan-id

no ip dhcp snooping vlan vlan-id

Parameters

vlan-id — Specify VLAN ID.

•

Default Configuration

Disabled

Page 74

Not approved by Document Control. For review only.

DHCP Snooping Commands

Command Mode

Global Configuration mode

User Guidelines

DHCP snooping must be first globally enabled before enabling DHCP snooping on a VLAN.

Example

The following example configures DHCP snooping on a VLAN.

Console(config)# ip dhcp snooping vlan 1

ip dhcp snooping trust

The ip dhcp snooping trust Interface Configuration mode command configures a port as trusted for DHCP snooping purposes. Use the no form of this command to return to the default setting.

Syntax

ip dhcp snooping trust

no ip dhcp snooping trust

Parameters

This command has no arguments or keywords.

Default Configuration

Interface configuration (Ethernet, Port-channel)

Command Mode

Interface Configuration mode

User Guidelines

Configure as trusted ports those that are connected to a DHCP server or to other switches or routers. Configure as untrusted ports those that are connected to DHCP clients.

Example

.The following example configures a port as trusted for DHCP snooping purposes.

console#

console# configure

console(config)#

console(config-if)#

interface ethernet 1/g1

ip dhcp snooping trust

Page 75

Allied Telesis

Command Line Interface User’s Guide

ip dhcp snooping information option allowed-untrusted

The ip dhcp snooping information option allowed-untrusted Global Configuration mode command configures a switch to accept DHCP packets with option-82 information from an untrusted port. Use the no form of this command to configure the switch to drop these packets from an untrusted port.

Syntax

ip dhcp snooping information option allowed-untrusted

no ip dhcp snooping information option allowed-untrusted

Parameters

This command has no arguments or keywords.

Default Configuration

Discard DHCP packets with option-82 information from an untrusted port.

Command Mode

Global Configuration mode

User Guidelines

There are no user guidelines for this command.

Example

The following example configures the switch to accept DHCP packets with option-82 information from an untrusted port.

Console(config)# ip dhcp snooping information option allowed-untrusted

ip dhcp snooping verify

The ip dhcp snooping verify Global Configuration mode command configures the switch to verify, on an untrusted port, that the source MAC address in a DHCP packet matches the client hardware address. Use the no form of this command to configure the switch to not verify the MAC addresses.

Syntax

ip dhcp snooping verify

no ip dhcp snooping verify

Parameters

This command has no arguments or keywords.

Default Configuration

The switch verifies the source MAC address in a DHCP packet that is received on untrusted ports matches the client hardware address in the packet.

Command Mode

Global configuration.

Page 76

Not approved by Document Control. For review only.

DHCP Snooping Commands

User Guidelines

There are no user guidelines for this command.

Example

The following example configures the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address

Console(config) #ip dhcp snooping verify

ip dhcp snooping database

The ip dhcp snooping database Global Configuration mode command configures the DHCP snooping binding file. Use the no form of this command to delete the binding file.

Syntax

ip dhcp snooping database

no ip dhcp snooping database

Parameters

This command has no arguments or keywords.

Default Configuration

The URL is not defined.

Command Mode

Global Configuration mode

User Guidelines

To ensure that the lease time in the database is accurate, Simple Network Time Protocol (SNTP) is enabled and configured.

The switch writes binding changes to the binding file only when the switch system clock is synchronized with SNTP.

Example

.The following example configures the DHCP snooping binding file.

Console(config)# ip dhcp snooping database

ip dhcp snooping database update-freq

The ip dhcp snooping database update-freq Global Configuration mode command configures the update frequency of the DHCP snooping binding file. Use the no form of this command to return to default.

Syntax

ip dhcp snooping database update-freq seconds

Page 77

Allied Telesis

Command Line Interface User’s Guide

no ip dhcp snooping database update-freq

Parameters

•

seconds — Specify, in seconds, the update frequency (Range: 600 - 86400 ).

Default Configuration

1200

Command Mode

Global Configuration mode

User Guidelines

There are no user guidelines for this command.

Example

The following example configures the update frequency of the DHCP snooping binding file.

Console(config)# ip dhcp snooping database update-freq

ip dhcp snooping binding

The ip dhcp snooping binding Privileged EXEC mode command configures the DHCP snooping binding database and adds binding entries to the database. Use the no form of this command to delete entries from the binding database.

Syntax

ip dhcp snooping binding mac-address vlan-id ip-address {ethernet interface | port-channel port-channel- number} expiry seconds

no ip dhcp snooping binding mac-address vlan-id

Parameters

•

mac-address — Specify a MAC address

• vlan-id — Specify a VLAN number

• ip-address — Specify an IP address

• interface — Specify Ethernet port

• port-channel-number — Specify Port-channel number

• expiry seconds — Specify the interval, in seconds, after which the binding entry is no longer valid (Range: 10

- 4294967295)

Default Configuration

No static binding exists

Command Mode

Privileged EXEC

Page 78

Not approved by Document Control. For review only.

DHCP Snooping Commands

User Guidelines

After entering this command an entry is added to the DHCP snooping database. If DHCP snooping binding file exists, the entry is added to that file also.

The entry is displayed in the show commands as a ‘DHCP Snooping entry’.

Example

The following example configures the DHCP snooping binding database and adds binding entries to the database.

Console# ip dhcp snooping binding 0060.704c.73ff 3 10.1.8.1 ethernet 1/g21

clear ip dhcp snooping database

The clear ip dhcp snooping database Privileged EXEC mode command clears the DHCP binding database.

Syntax

clear ip dhcp snooping database

Parameters

This command has no arguments or keywords.

Default Configuration

No static binding exists

Command Mode

Privileged EXEC mode

User Guidelines

There are no user guidelines for this command.

Example

The following example clears the DHCP binding database.

Console# clear ip dhcp snooping database

show ip dhcp snooping

The show ip dhcp snooping EXEC mode command displays the DHCP snooping configuration.

Syntax

show ip dhcp snooping [ethernet interface | port-channel port-channel-number]

Parameters

interface — Specify Ethernet port

•

• port-channel-number — Specify Port-channel number

Default Configuration

This command has no default configuration.

Page 79

Allied Telesis

Command Line Interface User’s Guide

Command Mode

EXEC mode.

User Guidelines

There are no user guidelines for this command.

Example

The following example displays the DHCP snooping configuration.

Console# show ip dhcp snooping

DHCP snooping is enabled

DHCP snooping is configured on following VLANs: 2, 7-18

DHCP snooping database: enabled

Option 82 on untrusted port is allowed

Relay agent information option 82 is enabled.

Verification of hwaddr field is enabled

Interface Trusted

---------------------- ----------------------

1/1 Yes

1/2 Yes

show ip dhcp snooping binding

The show ip dhcp snooping binding User EXEC mode command displays the DHCP snooping binding database and configuration information for all interfaces on a switch.

Syntax

show ip dhcp snooping binding [mac-address mac-address] [ip-address ip-address] [vlan vlan] [ethernet interface | port-channel port-channel-number]

Parameters

mac-address — Specify a MAC address

•

• ip-address — Specify an IP address.

• vlan-id — Specify a VLAN number.

• interface — Specify Ethernet port.

• port-channel-number — Specify Port-channel number

Default Configuration

Command Mode

EXEC

Page 80

Not approved by Document Control. For review only.

User Guidelines

There are no user guidelines for this command.

Example

DHCP Snooping Commands

Console#

Total number of binding: 2

MAC Adreess IP Address Lease (sec) Type VLAN Interface

------------------ --------------- ------------ ---------- ---- ----------

00:60:70:4c:73:ff 10.1.8.1 4294967295 snooping 3 1/g21

00:60:70:4c:7f:c1 10.1.8.2 4294967295 snooping 3 1/g22

Console#

show ip dhcp snooping binding

Page 81

Allied Telesis

Command Line Interface User’s Guide

Chapter 9. Ethernet Configuration Commands

interface ethernet

The interface ethernet Global Configuration mode command enters the interface configuration mode to configure an Ethernet type interface.

Syntax

interface ethernet interface

Parameters

•

interface — Valid Ethernet port. (Full syntax: unit/port)

Default Configuration

This command has no default configuration.

Command Mode

Global Configuration mode

User Guidelines

There are no user guidelines for this command.

Example

The following example enables configuring Ethernet port 5/g18.

Console(config)#

interface ethernet

5/g18

interface range ethernet

The interface range ethernet Global Configuration mode command configures multiple Ethernet type interfaces at the same time.

Syntax

interface range ethernet {port-range | all}

Parameters

port-range — List of valid ports. Where more than one port is listed, separate nonconsecutive ports with a

•

comma and no spaces, use a hyphen to designate a range of ports and group a list separated by commas in brackets.

• all — All Ethernet ports.

Default Configuration

This command has no default configuration.

Not approved by Document Control. For review only.

Page 82

Ethernet Configuration Commands

Command Mode

Global Configuration mode

User Guidelines

Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces.

Example

The following example shows how ports 5/g18 to 5/g20 and 3/g1 to 3/24 are grouped to receive the same command.

Console(config)#

Console(config-if)#

interface range ethernet

5/g18-20,3/g1-24

shutdown

The shutdown Interface Configuration (Ethernet, port-channel) mode command disables an interface. Use the no form of this command to restart a disabled interface.

Syntax

shutdown

no shutdown

Default Configuration

The interface is enabled.

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

There are no user guidelines for this command.

Example

The following example disables Ethernet port 1/g5 operations.

Console(config)#

Console(config-if)#

The following example restarts the disabled Ethernet port.

Console(config)#

Console(config-if)#

interface ethernet 1/g5

shutdown

interface ethernet 1/g5

no shutdown

Page 83

Allied Telesis

Command Line Interface User’s Guide

description

The description Interface Configuration (Ethernet, port-channel) mode command adds a description to an interface. Use the no form of this command to remove the description.

Syntax

description string

no description

Parameters

string — Comment or a description of the port to enable the user to remember what is attached to the port.

•

(Range: 1-64 characters)

Default Configuration

The interface does not have a description.

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

There are no user guidelines for this command.

Example

The following example adds a description to Ethernet port 1/g5.

Console(config)#

Console(config-if)#

interface ethernet 1/g5

description

"RD SW#3"

speed

The speed Interface Configuration (Ethernet, port-channel) mode command configures the speed of a given Ethernet interface when not using auto-negotiation. Use the no form of this command to restore the default configuration.

Syntax

speed {10 | 100 | 1000}

no speed

Parameters

•

10 — Forces10 Mbps operation.

• 100 — Forces 100 Mbps operation.

• 1000 — Forces 1000 Mbps operation.

Default Configuration

Maximum port capability

Page 84

Not approved by Document Control. For review only.

Ethernet Configuration Commands

Note

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

The no speed command in a port-channel context returns each port in the port-channel to its maximum capability.

Example

The following example configures the speed operation of Ethernet port 1/g5 to 100 Mbps operation.

Console(config)#

Console(config-if)#

This document uses the following conventions to highlight important information:

The speed setting for SFP ports is dependent on the maximum speed of the port.

interface ethernet 1/g5

speed 100

duplex

The duplex Interface Configuration (Ethernet) mode command configures the full/half duplex operation of a given Ethernet interface when not using auto-negotiation. Use the no form of this command to restore the default configuration.

Syntax

duplex {half | full}

no duplex

Parameters

•

half — Forces half-duplex operation

• full — Forces full-duplex operation

Default Configuration

The interface is set to full duplex.

Command Mode

Interface Configuration (Ethernet) mode

User Guidelines

When configuring a particular duplex mode on the port operating at 10/100 Mbps, disable the auto-negotiation on that port.

Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps.

Page 85

Allied Telesis

Command Line Interface User’s Guide

Example

The following example configures the duplex operation of Ethernet port 1/g5 to full duplex operation.

Console(config)#

Console(config-if)#

interface ethernet 1/g5

duplex full

negotiation

The negotiation Interface Configuration (Ethernet, port-channel) mode command enables auto-negotiation operation for the speed and duplex parameters of a given interface. Use the no form of this command to disable auto-negotiation.

Syntax

negotiation [capability1 [capability2…capability5]]

no negotiation

Parameters

capability — Specifies the capabilities to advertise. (Possible values: 10h, 10f, 100h,100f, 1000f)

•

Default Configuration

Auto-negotiation is enabled.

If unspecified, the default setting is to enable all capabilities of the port.

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

If capabilities were specified when auto-negotiation was previously entered, not specifying capabilities when currently entering auto-negotiation overrides the previous configuration and enables all capabilities.

Example

The following example enables auto-negotiation on Ethernet port 1/g5.

Console(config)#

Console(config-if)#

interface ethernet 1/g5

negotiation

flowcontrol

The flowcontrol Interface Configuration (Ethernet, port-channel) mode command configures flow control on a given interface. Use the no form of this command to disable flow control.

Syntax

flowcontrol {on | off | auto}

no flowcontrol

Page 86

Not approved by Document Control. For review only.

Parameters

on — Force flow control as enabled.

•

• off — Force flow control as disabled.

• auto — Enable AUTO flow control configuration.

Default Configuration

Flow control is off.

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

Negotiation should be enabled for flow control auto.

Example

In the following example, flow control is enabled on port 1/g5.

Ethernet Configuration Commands

Console(config)#

Console(config-if)#

interface ethernet 1/g5

flowcontrol on

mdix

The mdix Interface Configuration (Ethernet) mode command enables cable crossover on a given interface. Use the no form of this command to disable cable crossover.

Syntax

mdix {on | auto}

no mdix

Parameters

on — Manual mdix

•

• auto — Automatic mdi/mdix

Default Configuration

The default setting is on.

Command Mode

Interface Configuration (Ethernet) mode

User Guidelines

Auto: All possibilities to connect a PC with cross or normal cables are supported and are automatically detected.

On: It is possible to connect to a PC only with a normal cable and to connect to another device only with a cross

cable.

No: It is possible to connect to a PC only with a cross cable and to connect to another device only with a normal cable.

Page 87

Allied Telesis

Command Line Interface User’s Guide

Example

In the following example, automatic crossover is enabled on port 1/g5.

Console(config)#

Console(config-if)#

interface ethernet 1/g5

mdix auto

back-pressure

The back-pressure Interface Configuration (Ethernet, port-channel) mode command enables back pressure on a given interface. Use the no form of this command to disable back pressure.

Syntax

back-pressure

no back-pressure

Default Configuration

Back pressure is enabled.

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

There are no user guidelines for this command.

Example

In the following example back pressure is enabled on port 1/g5.

Console(config)#

Console(config-if)# back-pressure

interface ethernet 1/g5

port jumbo-frame

The port jumbo-frame Global Configuration mode command enables jumbo frames for the device. Use the no form of this command to disable it.

Syntax

port jumbo-frame

no port jumbo-frame

Default Configuration

Disabled.

Command Mode

Global Configuration mode.

Page 88

Not approved by Document Control. For review only.

Allied Telesis AT-S95 CLI User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Table of Contents

Preface

Intended Audience

Document Conventions

Contacting Allied Telesis

CLI Command Modes

Chapter 1. Using the CLI

Overview

Introduction

User EXEC Mode

Privileged EXEC Mode

Global Configuration Mode

Interface Configuration and Specific Configuration Modes

Starting the CLI

Editing Features

Entering Commands

Terminal Command Buffer

Negating the Effect of Commands

Command Completion

Nomenclature

Keyboard Shortcuts

CLI Command Conventions

Copying and Pasting Text

Chapter 2. ACL Commands

ip access-list

permit (ip)

deny (IP)

mac access-list

permit (MAC)

deny (MAC)

service-acl

show access-lists

show interfaces access-lists

Chapter 3. AAA Commands

aaa authentication login

aaa authentication enable

login authentication

enable authentication

ip http authentication

ip https authentication

show authentication methods

password

username

show users accounts

enable password

Chapter 4. Address Table Commands

bridge address

bridge multicast filtering

bridge multicast address

bridge multicast forbidden address

bridge multicast forward-all

bridge multicast forbidden forward-all

bridge aging-time

clear bridge

port security

port security mode

port security max

port security routed secure-address

show bridge address-table

show bridge address-table static

show bridge address-table count

show bridge multicast address-table

show bridge multicast address-table static

show bridge multicast filtering

show ports security

show ports security addresses

Chapter 5. Clock Commands

clock set

clock source

clock timezone

clock summer-time

sntp authentication-key

sntp authenticate

sntp trusted-key

sntp client poll timer

sntp broadcast client enable