Allied Telesis RAPIER I, AT-8600, AT-8900, AT-8700XL, AT-9800 User Manual
...
Release Note
Software Version 2.8.1
For AT-8800, Rapier i, AT-8700XL, AT-8600,
AT-9900, x900-48FE, AT-8900 and AT-9800 Series
Switches
and AR400 and AR700 Series Routers
Introduction .......................................................................................................4
Upgrading to Software Version 2.8.1 .................................................................5
Backwards Compatibility Issue when Upgrading ......................................... 5
Overview of New Features .................................................................................6
System Enhancements .......................................................................................9
Clearing System Parameters ....................................................................... 9
Extended Monitoring of CPU Utilisation ...................................................... 9
Command Reference Updates .................................................................. 11
Command Line Interface (CLI) Enhancements ..................................................15
More flexibility in Separating Parameters and Values ................................. 15
Additional Shortcuts when Editing ............................................................ 17
Command Reference Updates .................................................................. 18
File System Enhancement .................................................................................21
Command Reference Updates .................................................................. 21
Switching Enhancements ................................................................................. 25
Ordering Hardware Filters in 48-Port Switches .......................................... 25
Limiting Rapid MAC Movement ................................................................ 27
Route Update Queue Length .................................................................... 29
Removing a Description from a Switch Port .............................................. 30
Securing a Single VLAN through Switch Filters .......................................... 30
Change of Debug Command Syntax ........................................................ 32
Enhanced Static Switch Filtering on Ports within a Trunk Group ................ 32
Ethernet Protection Switching Ring (EPSR) ................................................ 32
Command Reference Updates .................................................................. 33
PPPoE Access Concentrator ..............................................................................47
Command Reference Updates .................................................................. 47
MSTP Enhancement .........................................................................................50
Command Reference Updates .................................................................. 50
STP Enhancement ............................................................................................51
Command Reference Updates .................................................................. 51
Asynchronous Port Enhancement .....................................................................52
Making Asynchronous Ports Respond More Quickly .................................. 52
Command Reference Updates .................................................................. 53
Internet Group Management Protocol (IGMP) Enhancements ...........................55
IGMP Proxy on x900 Series Switches ......................................................... 55
IGMP filtering extended to all IGMP message types .................................. 57
Monitoring reception of IGMP general query messages ............................ 59
Command Reference Updates .................................................................. 60
Internet Protocol (IP) Enhancements .................................................................66
Expanded number of Eth interfaces per physical interface ......................... 66
Expanded IP Troubleshooting .................................................................... 66
2 Release Note
IP Route Preference Options ..................................................................... 66
IPv4 Filter Expansion ................................................................................. 67
Enhancements to Display of UDP Connections over IPv4 ........................... 68
Waiting for a Response to an ARP Request ............................................... 68
Adding Static ARP Entries with Multicast MAC Addresses ......................... 69
Enhanced Static ARP Entry Filtering on Ports within a Trunk Group ........... 70
Command Reference Updates .................................................................. 71
IPv6 Enhancements ..........................................................................................80
Display of UDP Connections over IPv6 ...................................................... 80
IPv6 Tunnel Expansion .............................................................................. 80
Command Reference Updates .................................................................. 81
L2TP Enhancements .........................................................................................82
Decoding Debug Output and Setting a Time Limit for Debugging ............. 82
Resetting General L2TP Counters .............................................................. 83
Handling PPP Link Negotiation Failures ..................................................... 83
Command Reference Updates .................................................................. 84
Open Shortest Path First Enhancements ...........................................................89
OSPF Interface Password .......................................................................... 89
NSSA Translator Role ................................................................................ 89
Redistributing External Routes .................................................................. 91
Command Reference Updates .................................................................. 94
BGP Enhancements ........................................................................................102
BGP Backoff Lower Threshold ................................................................ 102
BGP Peer and Peer Template Enhancements ........................................... 103
Displaying Routes Learned from a Specific BGP Peer ............................... 104
Command Reference Updates ................................................................ 105
MLD and MLD Snooping Enhancements ........................................................112
MLD Packet Formats ............................................................................... 112
ICMP type for MLDv2 Reports ................................................................ 112
MLD Snooping Group Membership Display ............................................ 113
Change of Maximum Query Response Interval for MLD .......................... 113
Command Reference Updates ................................................................ 114
Extension to Range of Classifier fields for x900 Switches ................................117
Command Reference Updates ................................................................ 117
QoS Enhancements ........................................................................................125
Port Groups ............................................................................................ 125
Storm protection .................................................................................... 126
Command Reference Updates ................................................................ 128
Secure Copy (SCP) .........................................................................................142
Configuring Secure Copy ....................................................................... 142
Loading using Secure Copy .................................................................... 144
Uploading using Secure Copy ................................................................. 145
Command Reference Updates ................................................................ 147
SSL Counter Enhancement .............................................................................158
Command Reference Updates ................................................................ 158
Firewall Enhancements ...................................................................................160
Firewall Licencing ................................................................................... 160
Disabling SIP ALG Call ID Translation ....................................................... 160
Displaying SIP ALG Session Details .......................................................... 161
Firewall Policy Rules Expansion ............................................................... 161
Displaying a Subset of Policy Rules .......................................................... 162
Command Reference Updates ................................................................ 162
Enhancements to IPsec/VPN ...........................................................................169
Responding to IPsec Packets from an
Unknown Tunnel ............................................................................. 169
Modifying the Message Retransmission Delay ......................................... 170
Retrying ISAKMP Phase 1 and 2 Negotiations ......................................... 171
VPN Tunnel Licencing ............................................................................. 172
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 3
Command Reference Updates ................................................................ 173
SNMP MIBs ....................................................................................................186
SHDSL Line MIB ...................................................................................... 186
Logging SNMP operation ........................................................................ 187
Traps on OSPF state changes .................................................................. 188
Trap on VRRP topology changes ............................................................. 189
Traps on MSTP state and topology changes ............................................ 189
Restart Log ............................................................................................. 190
Trap on Login Failures ............................................................................. 190
VLAN-based port state changes .............................................................. 190
Trap on Memory Levels ........................................................................... 191
Command Reference Updates ................................................................ 192
CDP over WAN Interfaces ..............................................................................193
Command Reference Updates ................................................................ 193
Permanent Assignments on AR400 Series Routers ..........................................197
Software Version 2.8.1
C613-10477-00 REV B
4 Introduction Release Note
Introduction
Allied Telesis announces the release of Software Version 2.8.1 on the products
in the following table. This Release Note describes the new features and
enhancements.
Product series Models
x-900-48FE x-900-48FE, x-900-48FE-N
AT-9900 AT-9924T, AT-9924SP, AT-9924T/4SP
AT-8900 AT-8948
AT-9800 AT-9812T, AT-9816GB
Rapier i Rapier 24i, Rapier 48i, Rapier 16fi
AT-8800 AT-8824, AT-8848
AT-8700XL AT-8724XL, AT-8748XL
AT-8600 AT-8624T/2M, AT-8624PoE, AT-8648T/2SP
AR700 AR725, AR745, AR750S, AR770S
AR400 AR415S, AR440S, AR441S, AR442S, AR450S
The product series that each feature and enhancement applies to are shown in
“Overview of New Features” on page 6. This Release Note should be read in
conjunction with the Installation and Safety Guide or Quick Install Guide,
Hardware Reference, and Software Reference for your router or switch. These
documents can be found on the Documentation and Tools CD-ROM packaged
with your router or switch, or:
www.alliedtelesis.com/support/software
This Release Note has the following structure:
1. Upgrading to Software Version 2.8.1
This section lists the names of the files that may be downloaded from the
web site.
2. Overview of New Features
This section lists the new features and shows the product families on which
each feature is supported.
3. Descriptions of New Features
These sections describe how to configure each new feature.
Caution: Information in this document is subject to change without notice and
does not represent a commitment on the part of Allied Telesis Inc. While every
effort has been made to ensure that the information contained within this
document and the features and changes described are accurate, Allied Telesis
Inc. can not accept any type of liability for errors in, or omissions arising from,
the use of this information.
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 5
Upgrading to Software Version 2.8.1
Software Version 2.8.1 is available as a flash release that can be downloaded
directly from the Software/Documentation area of the Allied Telesis website:
www.alliedtelesis.com/support/software
Software versions must be licenced and require a password to activate. To
obtain a licence and password, contact your authorised Allied Telesis
distributor or reseller.
The following table lists the file names for Software Version 2.8.1.
Product name Release file GUI resource file CLI help file
AT-9924T/4SP 89-281.rez 9924_281-00_en_d.rsc 89-281a.hlp
AT-9924SP 89-281.rez 9924_281-00_en_d.rsc 89-281a.hlp
AT-9924T/4SP 89-281.rez 9924_281-00_en_d.rsc 89-281a.hlp
AT-8948 89-281.rez — 89-281a.hlp
x900-48FE 89-281.rez — 89-281a.hlp
AT-9812T sb-281.rez 9812_281-00_en_d.rsc 98-281a.hlp
AT-9816GB sb-281.rez 9816_281-00_en_d.rsc 98-281a.hlp
Rapier 24i 86s-281.rez r24i_281-00_en_d.rsc rp-281a.hlp
Rapier 48i 86s-281.rez r16i_281-00_en_d.rsc rp-281a.hlp
Rapier16fi 86s-281.rez r48i_281-00_en_d.rsc rp-281a.hlp
AT-8824 86s-281.rez 8824_281-00_en_d.rsc 88-281a.hlp
AT-8848 86s-281.rez 8848_281-00_en_d.rsc 88-281a.hlp
AT-8724XL 87-281.rez 8724_281-00_en_d.rsc 87-281a.hlp
AT-8748XL 87-281.rez 8748_281-00_en_d.rsc 87-281a.hlp
AT-8624PoE sr-281.rez — 86-281a.hlp
AT-8624T/2M sr-281.rez sr24_281-00_en_d.rsc 86-281a.hlp
AT-8648T/2SP sr-281.rez — 86-281a.hlp
AR770S 55-281.rez — 700-281a.hlp
AR750S 55-281.rez 750s_281-00_en_d.rsc 700-281a.hlp
AR725 52-281.rez 725_281-00_en_d.rsc 700-281a.hlp
AR745 52-281.rez 745_281-00_en_d.rsc 700-281a.hlp
AR440S 54-281.rez 440s_281-00_en_d.rsc 400-281a.hlp
AR441S 54-281.rez 441s_281-00_en_d.rsc 400-281a.hlp
AR442S 54-281.rez 442s_281-00_en_d.rsc 400-281a.hlp
AR415S 54-281.rez 415s_281-00_en_d.rsc 400-281a.hlp
AR450S 54-281.rez 450s_281-00_en_d.rsc 400-281a.hlp
Software Version 2.8.1
C613-10477-00 REV B
Backwards Compatibility Issue when Upgrading
The asexternal parameter of the set ospf command has changed. See OSPF
backward compatibility).
6 Overview of New Features Release Note
Overview of New Features
The following table lists the new features and enhancements by product series.
For supported models, see “Introduction” on page 4.
AR400
AR7x5
AR750S
Rapier
AT-8800
AT-8700XL
AT-8600
AT-9800
AT-8900
x900-48FE
System: Clearing System Parameters
99999999999
AT-9900
System: Extended Monitoring of CPU Utilisation
CLI: Command Line Interface (CLI) Enhancements
File System: File System Enhancement
Switching: Ordering Hardware Filters in 48-Port Switches
Switching: Limiting Rapid MAC Movement
Switching: Route Update Queue Length
Switching: Removing a Description from a Switch Port
Switching: Securing a Single VLAN through Switch Filters
Switching: Change of Debug Command Syntax
Switching: Enhanced Static Switch Filtering on Ports within a
Trunk Group
Switching: Ethernet Protection Switching Ring (EPSR)
MSTP: MSTP Enhancement
STP: STP Enhancement
Asyn Ports: Making Asynchronous Ports Respond More
Quickly
PPPoE: PPPoE Access Concentrator
99999999999
99999999999
99999999999
9999
999
999
9 999999999
9999
99
99999
999
9999 999
99999999
99999999999
99999 9999
IGMP: IGMP Proxy on x900 Series Switches
IGMP: IGMP filtering extended to all IGMP message types
IGMP: Monitoring reception of IGMP general query messages
IP: Expanded number of Eth interfaces per physical interface
IP: Expanded IP Troubleshooting
IP: IP Route Preference Options
IP: IPv4 Filter Expansion
IP: Enhancements to Display of UDP Connections over IPv4
IP: Waiting for a Response to an ARP Request
IP: Adding Static ARP Entries with Multicast MAC Addresses
IP: Enhanced Static ARP Entry Filtering on Ports within a
Trunk Group
IPv6: Display of UDP Connections over IPv6
999
99999999999
99999999999
999
99999999999
99999999999
99999999999
99999999999
99999999999
99999999999
99999999
99999 9999
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 7
AR400
AR7x5
AR750S
Rapier
AT-8800
AT-8700XL
AT-8600
AT-9800
AT-8900
x900-48FE
IPv6: IPv6 Tunnel Expansion
9
AT-9900
L2TP: Decoding Debug Output and Setting a Time Limit for
Debugging
L2TP: Resetting General L2TP Counters
L2TP: Handling PPP Link Negotiation Failures
OSPF: OSPF Interface Password
OSPF: NSSA Translator Role
OSPF: Redistributing External Routes
BGP: BGP Backoff Lower Threshold
BGP: BGP Peer and Peer Template Enhancements
BGP: Displaying Routes Learned from a Specific BGP Peer
MLD: MLD Packet Formats
MLD: ICMP type for MLDv2 Reports
MLD: MLD Snooping Group Membership Display
MLD: Change of Maximum Query Response Interval for MLD
Classifier: Extension to Range of Classifier fields for x900
Switches
QoS: Port Groups
99999 9999
99999 9999
99999 9999
99999999999
99999999999
99999999999
99999 9999
99999 9999
99999 9999
99999 9999
99999 9999
99 9999
99999 9999
999
999
QoS: Storm protection
SCP: Configuring Secure Copy
SCP: Loading using Secure Copy
SCP: Uploading using Secure Copy
SSL: SSL Counter Enhancement
Firewall: Firewall Licencing
Firewall: Disabling SIP ALG Call ID Translation
Firewall: Displaying SIP ALG Session Details
Firewall: Firewall Policy Rules Expansion
Firewall: Displaying a Subset of Policy Rules
IPSEC/VPN: Responding to IPsec Packets from an Unknown
Tunn el
IPSEC/VPN: Modifying the Message Retransmission Delay
IPSEC/VPN: Retrying ISAKMP Phase 1 and 2 Negotiations
IPSEC/VPN: VPN Tunnel Licencing
SNMP MIBs: SHDSL Line MIB
999
99999999999
99999999999
99999999999
99999999999
99999 9
99999
99999
99999
99999 9
99999
99999
99999
99999
9
SNMP MIBs: Logging SNMP operation
Software Version 2.8.1
C613-10477-00 REV B
99999999999
8 Overview of New Features Release Note
AR400
AR7x5
AR750S
Rapier
AT-8800
AT-8700XL
AT-8600
AT-9800
AT-8900
x900-48FE
SNMP MIBs: Traps on OSPF state changes
99999999999
AT-9900
SNMP MIBs: Trap on VRRP topology changes
SNMP MIBs: Traps on MSTP state and topology changes
SNMP MIBs: Restart Log
SNMP MIBs: Trap on Login Failures
SNMP MIBs: VLAN-based port state changes
SNMP MIBs: Trap on Memory Levels
CDP: CDP over WAN Interfaces
Permanent Assignments on AR400 Series Routers
99999999999
9999 999
99999999999
99999999999
99999999999
99999999999
99999 9999
9
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 9
System Enhancements
This Software Version includes the following enhancements to system
commands:
■ Clearing System Parameters
■ Extended Monitoring of CPU Utilisation
This section describes the enhancements. The new and modified commands to
implement them are described in Command Reference Updates.
Clearing System Parameters
The option none has been added to the following commands:
set system name={name|none}
set system contact={contact-name|none}
set system location={location|none}
This allows you to clear a previously specified system name, contact name or
location. For example, to clear the system name, use one of the commands:
set sys nam=none
set sys nam=””
set sys nam=
set sys nam
Command Changes
The following table summarises the modified commands:
Command Change
set system name New none option for name parameter
set system contact New none option for contact parameter
set system location New none option for location parameter
Extended Monitoring of CPU Utilisation
This Software Version includes a new feature for monitoring CPU utilisation.
You can now set the router or switch to capture data about which specific
functions the CPU is executing, and the level of instantaneous usage the CPU is
experiencing. This allows you, in conjunction with your authorised distributor
or reseller, to diagnose the causes of high rates of CPU utilisation on the router
or switch.
Software Version 2.8.1
C613-10477-00 REV B
You can set the router or switch to capture data continuously, or only when the
CPU experiences a specific level of instantaneous usage. The router or switch
holds up to 500 entries (10 seconds) of data about CPU utilisation.
10 System Enhancements Release Note
To capture data when the CPU is experiencing a specific amount of
instantaneous usage, set the start and start percentages with the command:
activate cpu extended start=1..100 [stop=1..100]
When a start percentage is set, the router or switch automatically disables
extended monitoring once it has 500 data entries.
To enable extended monitoring, use the command:
enable cpu extended
This command also lets you capture data immediately, without first setting
start and stop percentages. This adds data entries continuously, until you stop
it. Only the last 10 seconds of data entries are stored.
To stop capturing data, and reset the start and stop parameters if they are set,
use the command:
disable cpu extended
To remove data entries and reset the start and stop parameters in the activate
cpu extended command, use the command:
reset cpu utilisation
This command interrupts active data capturing for a specific event. However,
monitoring remains enabled, and continues to collect data. This means you can
capture data for a particular event without having to disable and re-enable this
feature.
Command Changes
The following table summarises the new and modified commands:
Command Change
activate cpu extended New command.
disable cpu extended New command.
enable cpu extended New command.
reset cpu utilisation Modified command.
show cpu New extended parameter in command.
New output field when extended parameter is used.
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 11
Command Reference Updates
This section describes each new command and the changed portions of
modified commands and output screens. For modified commands and output,
the new parameters, options, and fields are shown in bold.
activate cpu extended
Syntax ACTivate CPU EXTended STARt=1..100 [STOp=1..100]
Description This new command lets you set monitoring so that it captures data when the
CPU experiences a specific amount of instantaneous usage.
The start parameter sets the percentage of utilisation the CPU must equal or
exceed before it can begin capturing data. When CPU utilisation reaches the
parameter, the router or switch begins capturing data. It continues until
utilisation falls below the stop parameter, or until it captures 500 entries (10
seconds worth).
The stop parameter sets the percentage of utilisation the CPU must reach to
stop data capturing. If CPU utilisation falls below the stop percentage before
the router or switch has 500 data entries, then the router or switch resumes data
capturing the next time utilisation reaches the start percentage. When the
router or switch has 500 entries, it stops collecting data.
Example To capture extended CPU utilisation data when CPU utilisation exceeds 70%
and until it falls below 50%, use the command:
act cpu ext star=70 sto=50
disable cpu extended
Syntax DISable CPU EXTended
Description This new command stops data capture of CPU utilisation, and resets
parameters in the activate cpu extended command.
Example To stop capturing extended CPU utilisation data, use the command:
dis cpu ext
Software Version 2.8.1
C613-10477-00 REV B
enable cpu extended
Syntax ENAble CPU EXTended
Description This new command lets you capture up to 500 data entries (10 seconds) of CPU
utilisation data. Extended monitoring is disabled by default. This command
takes effect when you enter it, or use the activate cpu extended command to
collect data during specific usage levels.
Example To begin capturing extended CPU utilisation data, use the command:
ena cpu ext
12 System Enhancements Release Note
reset cpu utilisation
Syntax RESET CPU UTIlisation
Description This command, which resets all CPU utilisation percentages, has been
modified to include resetting any start and stop percentages set with the
activate cpu extended command. It also removes any data captured during
extended utilisation monitoring, and clears this output from the show cpu
command.
Example To reset the CPU utilisation, use the command:
reset cpu util
set system contact
Syntax SET SYStem CONtact={contact-name|NONE}
The contact parameter specifies the contact name, which is:
■ displayed in the output of the show system command
■ stored in the MIB object sysContact
If the new option none is specified, no contact name is defined. Any existing
contact name is cleared. The default is none.
set system location
Syntax SET SYStem LOCation={location|NONE}
The location parameter specifies the location of the router or switch, which is:
■ displayed in the output of the show system command
■ stored in the MIB object sysLocation
If the new option none is specified, no location is defined. Any existing
location is cleared. The default is none.
set system name
Syntax SET SYStem NAMe={name|NONE}
The name parameter specifies the system name of the router or switch, which
is:
■ displayed in the output of the show system command
■ displayed in the CLI prompt so you know which router or switch you are
configuring
■ stored in the MIB object sysName
If the new option none is specified, no name is defined. Any existing name is
cleared. The default is none.
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 13
show cpu
Syntax SHow CPU [EXTended]
Description The new extended parameter in this command displays information about
extended CPU utilisation data.
Figure 1: Example output from the show cpu extended command
CPU Utilisation ( as a percentage )
----------------------------------------
Maximum since router restarted ..... 100
Maximum over last 5 minutes ........ 100
Average since router restarted ..... 5
Average over last 5 minutes ........ 6
Average over last minute ........... 7
Average over last 10 seconds ....... 41
Average over last second ........... 100
----------------------------------------
Extended CPU Information
------------------------------------------------------------
State ............... Enabled
Current Time ........ 21:44:49 (04aa9a34 / 2573941241)
Current Install ..... 54-281.rez (5012892)
Start percent ....... -
Stop percent ........ -
msSM Timestamp Util Caller Return1 Return2 Return3
-----------------------------------------------------------04aa9a34 2573927208 100 0021a384 00031c0c 00027e8c 0021a57c
04aa9a20 2573907218 100 0021a384 00031c0c 00027e8c 0021a57c
04aa9a0c 2573887230 100 0021a4b0 00031c0c 00027e8c 0021a57c
.
.
.
Software Version 2.8.1
C613-10477-00 REV B
14 System Enhancements Release Note
Table 1: New parameters in output of the show cpu=extended command
Parameter Meaning
State Whether extended CPU utilisation is enabled.
Current Time Current time in hh:mm:ss format. The time in
milliseconds since midnight, and the current timestamp
are also in brackets.
Current Install Current installed release, with the size of the release in
brackets.
Start percent Percentage of utilisation that the CPU must reach, if any,
before the router or switch can begin capturing
extended CPU utilisation data. A “-” shows if no
percentage is set.
Stop percent Percentage of utilisation that the CPU must fall below
before the router or switch stops capturing extended
CPU utilisation data.
msSM Time when the router or switch captured the CPU
utilisation sample. The time format is milliseconds since
midnight, in hexadecimal notation.
Timestamp Time when the router or switch captured the CPU
utilisation sample. The time format is microseconds
since the router or switch last restarted. This figure
wraps at 4 294 967 295 to return to 0.
Util Percentage of instantaneous CPU utilisation.
Caller Return address of the function that the CPU is
executing.
Return 1, Return 2, Return 3 Return addresses for function calls on the CPU stack.
Example To display the extended CPU utilisation data, use the command:
sh cpu ext
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 15
keywords
action
placeholder
value
option
parameters
Command Line Interface (CLI) Enhancements
The CLI has been enhanced in the following ways:
■ More flexibility in Separating Parameters and Values
■ Additional Shortcuts when Editing
■ New command show command history that displays past commands.
Please note that it replaces the Ctrl-C shortcut.
■ You can now use the create config command to also set the router or
switch to use the new configuration file.
This section describes the enhancements. The new and modified commands to
implement them are described in Command Reference Updates.
More flexibility in Separating Parameters and Values
The CLI has been enhanced to give you the flexibility of choosing whether the
equals sign should be required between parameters and their related values in
the syntax.
Parameters are keywords in a command that define the object or details of the
action. Parameter values can be numbers or text, or can come from a list of
items. Now you can set the syntax so that parameters and values can be
separated by either one of the following:
■ an equals sign (=)
■ a single space
The set command assignmentoperator command lets you change the syntax.
When using aliases, we suggest you use the = sign in the syntax to link
parameters with their values. Otherwise, if you separate a parameter with a
space, a matching alias could erroneously be substituted for the value. Note
that certain command handlers, such as STT, PERM, and ACC, always require
the = sign.
Parts of a Command
A command is a sequence of keywords and values that define an action for the
router or switch to perform. The Software Reference uses terms in the
following figure and table when describing commands.
keywords
Software Version 2.8.1
C613-10477-00 REV B
add ip rip interface=vlan2 auth=md5 ip=ipadd
action
value
parameters
option
placeholder
cli-command-parts
16 Command Line Interface (CLI) Enhancements Release Note
Command Part Description
Keyword A generic term for a predefined sequence of characters that the CLI
treats as a single unit.
Actions, parameters, and some parameter values are keywords.
Keywords are not case sensitive. In this Software Reference and the
online help, uppercase letters indicate minimum keyword abbreviations.
Action The first keyword in a command. This defines the type of operation to
perform. Actions do not have values.
Parameter Additional keywords that define:
• the object of the action (for example, “ip rip” in the figure above)
• the details of the action (for example, “auth” in the figure above)
Parameters are optional or required, may accept values, and are not case
sensitive. Spaces must separate parameters.
Value The value assigned to a parameter. Depending on the parameter, a value
can be:
• an item from a list of option keywords
• a number
• arbitrary text
Values are optional or required. Enter values with the syntax
parameter=value or parameter value (for details, see Command
Reference Updates). Most values are not case sensitive, except for
text, such as passwords.
Option A keyword that is one of a pre-defined list of values that a parameter
can accept.
Placeholder A format convention that describes the value a parameter can accept.
Instead of typing the placeholder, replace it with an appropriate value.
In this Software Reference, placeholders are printed in lowercase italic
font.
Default The value the router or switch uses as the parameter when you do not
enter one but the parameter requires one.
Command Changes
The following table summarises the new command.
Command Description
set command assignmentoperator New command that sets the assignment operator
of the command parser to allow either an equals
sign or a space between the parameter as the
value.
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 17
Additional Shortcuts when Editing
You can now move the cursor to the beginning or end of lines by using single
keys on the keyboard.
To move the cursor to the... You could only press... Now you can also press the...
beginning of the command
line
end of the command line Ctrl+E End key
Command Changes
The following table summarises the changes new and modified commands.
Command Description
show command history New command that displays past commands.
create config New set option that lets you set the switch to the
Ctrl+A Home key
Please note that it replaces the Ctrl-C shortcut.
configuration file that you create.
Software Version 2.8.1
C613-10477-00 REV B
18 Command Line Interface (CLI) Enhancements Release Note
Command Reference Updates
This section describes each new command and the changed portions of
modified commands and output screens. For modified commands and output,
new parameters, options and fields are shown in bold.
create config
Syntax CREate CONfig=filename [SET]
Description This command now lets you set the switch to a configuration file when you
create it. This command still requires a user with security officer privilege
when the router or switch is in security mode.
Parameter Description
CONfig Name of the configuration file or script to create. If one already exists,
it is replaced.
The filename is in the format [device:]filename.ext and can be:
• uppercase and lowercase letters
• digits
• # $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space
device indicates the physical location where the file is stored. The
default is flash.
.ext is an 3-letter extension, such as .txt or .scp.
Invalid characters are * “ | \ : ? / < >
Default: no default
SET Sets the switch to use the configuration file or script specified by
filename when the switch boots up again.
Example To save the current dynamic configuration to a script file called test.cfg, use the
command:
cre con=test.cfg
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 19
set command assignmentoperator
Syntax SET COMmand {ASSignmentoperator=[Equals|SPaceorequals]}
Description This new command sets the assignment operator of the command parser
thereby defining the format of the command syntax for the CLI.
Parameter Description
ASSignmentoperator Defines the operator between parameters when assigning values.
Default: Equals
Equals Requires users to enter = sign. To ensure clarity
and accuracy, we recommend always using the =
sign.
SPaceorequals Lets users enter either the = sign or just leave a
single space between parameters.
The following commands have the same effect. Note that the first one is clearer
because of the = sign.
add ip rou=172.16.9.0 mask=255.255.255.0 int=vlan1
next=172.16.8.82 met=1
add ip rou 172.16.9.0 mask 255.255.255.0 int vlan1 next
172.16.8.82 met 1
Take care when using aliases because they match any whole word on the
command line. Therefore, if you separate a parameter with a space, a matching
alias could erroneously be substituted for the value.
Note that certain command handlers, such as those for STT, PERM, and ACC,
always require the = sign.
Example To set the command processor so that you can enter a space between
parameters and values on the command line, use the command:
set com ass=sp
Software Version 2.8.1
C613-10477-00 REV B
20 Command Line Interface (CLI) Enhancements Release Note
show command history
Syntax SHow COMmand History
Description This new command replaces the Ctrl-C keyboard shortcut, and displays past
commands for you to select one from the list (Figure 1).
Figure 2: Example output from the show command history command
131 set vrrp 20 portmon off
132 set vrrp 20 portmon on
133 sh vrrp 20
134 sh vrrp 0
135 sh vrrp 21
136 sh vrrp 255
137 sh vrrp none
138 sh vrrp any
139 destroy qos queue2priomap queue 0 bwclass 2 vrrp none
140 destroy qos queue2priomap queue 0 bwclass 2 vrrp any
141 destroy qos queue2priomap queue 0 bwclass 2 vrrp 0
142 destroy qos queue2priomap queue 0 bwclass 2 vrrp 256
143 destroy qos queue2priomap queue 0 bwclass 2 vrrp 17,18
144 destroy qos queue2priomap queue 0 bwclass 2 vrrp 17-19
145 destroy qos queue2priomap queue 0 bwclass 2 vrrp
146 destroy qos queue2priomap queue 0 bwclass 2 vrrp 1
147 destroy qos queue2priomap queue 0 bwclass 2 vrrp 20
148 destroy qos queue2priomap queue 0 bwclass 2 vrrp all
Enter command number>
Example To see a list of past commands, use the command:
sh com h
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 21
File System Enhancement
This Software Version gives you 4 new commands for working with files.
Command Changes
The following table summarises the new commands:
Command Change
add file New command
create file New command
reset file permanentredirect New command
show file permanentredirect New command
Command Reference Updates
This section describes each new command.
add file
Syntax ADD FIle=filename [COMmand=commandstring]
[SCRipt=scriptname] [PERManentredirect] [LIMIT=limit]
Description This new command takes output from a specific command or script and adds it
to a text file when you next issue that command or script. This is useful for
collecting debug output. If a file does not exist, one is created. While output is
being redirected, the text file cannot be edited, renamed, deleted, or uploaded.
Parameter Description
FIle Name of the text file where you want to send output. One is created
if it does not already exist.The filename is in the format
[device:]filename.txt and can be:
• uppercase and lowercase letters
• digits
• # $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space
device indicates the physical location where the file is stored. The
default is flash.
Default: no default
COMmand Command whose output is used to generate the text when it is next
issued. Commandstring is the command syntax enclosed in quotes.
Command and script are mutually exclusive.
SCRipt Script whose output is used to generate the text when it is next issued.
The script is treated as a simple list of commands. Flow control
statements are not accepted to ensure that the extra text the script
produces is not in the output file. Scriptname has the same format as
filename except it must have either a .cfg or .scp extension.
Command and script are mutually exclusive.
Software Version 2.8.1
C613-10477-00 REV B
22 File System Enhancement Release Note
Parameter (cont.) Description (cont.)
PERManentredirect Permanently directs output to the designated text file until the reset
file permanentredirect command is issued or the router or switch is
rebooted.
LIMIT A decimal number from 0 to 1048576 bytes specifying the maximum
file size.
Default: 204800 bytes
Examples To add output one time only from the show trace command to a file called
trace.txt command, use the command:
add fi=trace.txt com="show trace"
To permanently add output from the show debug command to a file called
debug2.txt command, use the command:
add fi=debug2.txt com="show debug"
create file
Syntax CREate FIle=filename [FORCE] [COMmand=commandstring]
[SCRipt=scriptname] [PERManentredirect] [LIMIT=limit]
Description This new command creates a text file containing output from a specific
command or script. This is useful for collecting debug output. The file cannot
be edited, renamed, deleted, or uploaded while it is receiving input.
Parameter Description
FIle Name of the text file that you want to create. The filename is in the
format [device:]filename.txt and can be:
• uppercase and lowercase letters
• digits
• # $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space
device indicates the physical location where the file is stored. The
default is flash.
Default: no default
FORCE Overwrites the text file if one already exists. If force is not specified
and the file exists, the command has no effect.
COMmand Command whose output is used to generate the text when it is next
issued. Commandstring is the command syntax enclosed in quotes.
Command and script are mutually exclusive.
SCRipt Script whose output is used to generate the text when it is next issued.
The script is treated as a simple list of commands. Flow control
statements are not accepted to ensure that the extra text the script
produces is not in the output file. Scriptname has the same format as
filename except it must have either a .cfg or .scp extension.
Command and script are mutually exclusive.
PERManentredirect Permanently directs output to the designated text file until the reset
file permanentredirect command is issued or the router or switch is
rebooted.
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 23
Parameter Description (cont.)
LIMIT A decimal number from 0 to 1048 576 bytes specifying the maximum
file size.
Default: 204 800 bytes
Example To permanently direct all debug output from the BGP module to a file named
bgp.txt, use the command:
cre fi=bgp.txt com="enable bgp debug=all" perm
reset file permanentredirect
Syntax RESET FIle[=filename] PERManentredirect
Description This new command closes one or all text files so that they no longer receive
input from commands or scripts. After the file closes, it can be uploaded or
edited
Parameter Description
FIle Name of the text file to close. If no file is specified, all text files are
closed.
The filename is in the format [device:]filename.txt and can be:
• uppercase and lowercase letters
• digits
• # $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space
device indicates the physical location where the file is stored. The
default is flash.
Default: no default
Example To reset the bgp.txt file so that it no longer receives output from the enable bgp
debug=all command (previously set), use the command:
reset fi=bgp.txt perm
show file permanentredirect
Syntax SHow FIle[=filename] PERManentredirect
Description This new command displays information about one text file or all that are
permanently receiving output from commands or scripts (Figure 3, Ta b le 2 ).
These files are typically created to collect data during debugging.
Software Version 2.8.1
C613-10477-00 REV B
The file parameter displays information about a specific text file (Figure 4). The
filename option is in the format [device:]filename.txt and can be:
■ uppercase and lowercase letters
■ digits
■ # $ % & ! ' ( ) + , - . ; = @ [ ] ^ _ ` { } ~ and space
Device indicates the physical location where the file is stored. The default is
flash.
24 File System Enhancement Release Note
Figure 3: Example output from the show file permanentredirect command
TTY Current Limit File
Instance Size
--------------------------------------------------17 12345 204800 bgp.txt
Figure 4: Example output from the show file=filename permanentredirect command
File............ bgp.txt
TTY Instance.... 17
Current Size.... 12345
Limit........... 204800
Input(s)........ COMMAND="enable bgp debug=all"
Table 2: Parameters in output of the show file permanentredirect command
Parameter Meaning
TTY Instance Instance number for the TTY device.
Current Size Size of the text file in bytes.
Limit Limit of file size in bytes set by the limit parameter.
File Name of text file.
Input(s) Commands and scripts that generate input for the text file.
Example To display all text files receiving output from commands or scripts, use the
command:
sh fi perm
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 25
Switching Enhancements
This Software Version includes the following enhancements to switching:
■ Ordering Hardware Filters in 48-Port Switches
■ Limiting Rapid MAC Movement
■ Route Update Queue Length
■ Removing a Description from a Switch Port
■ Securing a Single VLAN through Switch Filters
■ Change of Debug Command Syntax
■ Enhanced Static Switch Filtering on Ports within a Trunk Group
■ Ethernet Protection Switching Ring (EPSR)
This section describes the enhancements. The new and modified commands to
implement them are described in Command Reference Updates.
Ordering Hardware Filters in 48-Port Switches
This feature applies only to the following products: AT-8648, AT-8748, AT-8848,
and the Rapier 48i. These products contain 2 switching instances, which adds
complexity to the filtering process when packets are being sent between
instances.
This Software Version allows you to select between two modes of using
classifier-based packet filtering in 48-port switches: port-specific filters first, or
non port-specific filters first.
You can select different modes using the new set switch hwfilter mode
command. Selecting the right mode when setting up classifier-based packet
filters ensures that packets are filtered as expected across switch instances. The
switch defaults to port-specific filters first. You can change the filtering mode
on the switch by using the command:
set switch hwfilter mode={psf|npsf}
Port-specific filters apply to traffic either ingressing or egressing a particular
port. They use a classifier which specifies the iport or eport parameter. Non
port-specific filters can apply to all traffic travelling through the switch. Non
port-specific filters are created with a classifier that does not have the iport or
eport parameter specified.
Software Version 2.8.1
C613-10477-00 REV B
26 Switching Enhancements Release Note
When to Use
Port-Specific Mode
Use the port-specific psf mode when you want non port-specific filters to
override the port-specific filters for certain circumstances. In the following
example:
■ the first (port-specific) filter stops all traffic from ingressing port 2
■ the second (port-specific) filter allows traffic with the specific IP address
(192.168.2.2) to ingress port 2
■ the third (non port-specific) filter allows any ARP request (prot=0806) to
ingress and egress all ports
create classifier=1 iport=2
create classifier=2 iport=2 ipsa=192.168.2.2
create classifier=3 prot=0806
add swi hwf classifier=1 action=discard
add swi hwf classifier=2 action=nodrop
add swi hwf classifier=3 action=nodrop
In psf mode, you must enter the port-specific filters first. If you add a
port-specific filter after the non port-specific filters, the switch may still use a
matching non port-specific filter when the packet travels between ports on
different switch instances.
When to Use Non
Port-Specific Mode
Use the non port-specific npsf mode when you want port-specific filters to
override the non port-specific filters for certain circumstances. In the following
example, the second (port-specific) filter stops the first (non port-specific) filter
from discarding packets from port 50:
create class=1 ipsa=192.168.1.254/32
create class=4 ipo=50
add switch hwf class=1 ac=dis
add switch hwf class=4 ac=nod
In npsf mode, you must enter the non port-specific filters first. If you add a non
port-specific filter after the port-specific filters, the switch may not use the non
port-specific filter when the packet travels between ports on different switch
instances.
Changing Modes You can change the filter mode after filters have been entered. When you
change modes, the filter entries remain in the original order. To see which
mode the switch is in, use the command:
show switch hwfilter
Command Changes
The following table summarises the new and modified commands:
Command Change
set switch hwfilter mode New command.
show switch hwfilter New mode parameter in output.
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 27
Limiting Rapid MAC Movement
This Software Version introduces the ability to limit rapid MAC movement.
MAC address thrashing occurs when MAC addresses move rapidly between
one or more ports or trunks. For example, certain MAC addresses are learnt on
one port, then very shortly afterwards are learnt on another port, then learnt on
the original port again, and so on. This typically occurs when there is an
uncontrolled loop on the network.
Disabling a port There are different ways you can disable a port when thrashing is detected.
These are called thrash actions:
■ learnDisable
Address learning is temporarily disabled on the port.
■ portDisable
The port is logically disabled. Traffic flow is prevented, but the link
remains up. The device at the other end does not notice that the port has
changed status, and the link LEDs at both ends stay on. This is equivalent
to entering the disable switch port command.
■ linkDown
The port is physically disabled and the link is down. This is equivalent to
entering the disable switch port link=disabled command.
■ vlanDisable
The port is disabled only for the VLAN on which thrashing has occurred. It
can still receive and transmit traffic for any other VLANs of which it is a
member.
When a MAC address is thrashing between two ports, only one of those ports
is disabled. When multiple ports are involved, enough ports are disabled to
prevent the storm.
To set a thrash action for a port, use the command:
set switch port={port-list|all}
[thrashaction={learndisable|linkdown|none|portdisable|vla
ndisable}]
To view the thrash action that is set for a port, use the command:
show switch port={port-list|all}
To set a thrash action for a trunk, use one of the commands:
create switch trunk=trunk [port=port-list]
[thrashaction={learndisable|linkdown|none|portdisable|vla
ndisable}]
set switch thrashlimit=trunk
[thrashaction={learndisable|linkdown|none|portdisable|vla
ndisable}]
Software Version 2.8.1
C613-10477-00 REV B
To view the thrash action that is set for a trunk, use the command:
show switch trunk={trunk}
28 Switching Enhancements Release Note
To view details about disabled ports for VLANs, use one of the commands:
show vlan[={vlan-name|1..4094|all}]
show vlan[=all]
Re-enabling a port When a port is disabled, either completely or for a specific VLAN, it remains
disabled until it is manually re-enabled in any of the following ways:
■ with SNMP
■ as the result of a reboot
■ by specifying a thrash timeout value along with the thrash action
■ via the CLI
If the vlandisable thrash action has been applied, to re-enable one or more
ports from VLANs to which they belong, use the command:
enable switch port={port-list|all}
vlan[={vlan-name|1..4094|all}]
If either the portdisable or linkdown thrash action has been applied, to
re-enable one or more ports, use the command:
If the learndisable thrash action has been applied, the port is automatically
re-enabled when the defined timeout expires. You cannot manually re-enable
the port.
Port Types Limiting rapid MAC movement is supported on all port types. It is also
supported on trunked ports.
Command Changes
The following table summarises the new and modified commands:
Command Change
create switch trunk New thrashaction parameter.
New thrashtimeout parameter.
enable switch port vlan New command.
enable switch port vlan New command.
set lacp New thrashaction parameter.
New thrashtimeout parameter.
set switch port New thrashaction parameter.
New thrashtimeout parameter.
New vlanstatustrap parameter.
set switch thrashlimit New command.
set switch trunk New thrashaction parameter.
New thrashtimeout parameter.
show lacp New address learn thrash action parameter.
New address learn thrash timeout parameter.
show switch port New address learn thrash status parameter.
New address learn thrash action parameter.
New address learn thrash timeout parameter.
New vlan status trap parameter.
Software Version 2.8.1
C613-10477-00 REV B
Software Version 2.8.1 29
Route Update Queue Length
When hardware learning delay is enabled (the default), the switch learns new
routes in software, then places them into a queue for adding to its hardware
routing table. Defaults have been set for the maximum number of entries in the
queue, and depend on the amount of memory installed on the switch, as
shown in the following table:
Memory Size (Mbytes) Default length
(number of entries)
up to 128 200000 200000
129-256 1000000 1500000
more than 256 3000000 4000000
Maximum possible length
(number of entries)
You can alter the length of the queue, by using the following new command to
specify the maximum number of entries in the queue:
set switch hwrouteupdate=1..maximum
The maximum depends on the amount of memory on the switch, as shown in
the table above.
The purpose of this feature is to enable you to tune the balance between the
memory that the route update process uses, and the speed with which large
route updates are processed.
Output of the show switch command has been expanded to display
information about the queue settings.
Command Changes
The following table summarises the new and modified commands:
Command Change
set switch hwrouteupdate New command
show lacp New fields about the hardware route update queue
Software Version 2.8.1
C613-10477-00 REV B
30 Switching Enhancements Release Note
Removing a Description from a Switch Port
You can now return the description of a switch port to its original blank value
by entering the following command:
set switch port=port-number description=
and providing no value for the description parameter.
Command Changes
The following table summarises the modified command:
Command Change
set switch port Changed description parameter
Securing a Single VLAN through Switch Filters
On AT-8824, Rapier 24i, AT-8724XL and AT-8624 switches only (not on 48-port
switches), this enhancement enables you to use switch filters to secure only the
current VLAN, instead of securing all VLANs on the switch. To turn on this
feature, a new command disables “vlansecure” mode for filters (see
“Configuring vlansecure” on page 31).
Without this enhancement (the default situation) a switch filter only allows a
host to access the network through a particular port on the switch. For
example, if you have a PC connected to port 15 in vlan2, and define the
following filter, the PC can only communicate when it is connected to port 15:
add switch filter entry=0 dest=pc-mac-address vlan=2 port=15
action=forward
With this enhancement, the above filter limits the host to accessing vlan2
through port 15, but does not prevent the host from accessing other VLANs
through other ports in vlan2. For example, if the above filter exists and you
move the PC to another port in vlan2, this enhancement prevents the PC from
communicating with devices in vlan2 but allows it access to other VLANs on
the switch. The following figure shows a PC that has been moved from port 15
to port 16 to illustrate the effect.
Software Version 2.8.1
C613-10477-00 REV B
Loading...