L3 Manage Switch
CLI Configuration Manual
(Applicable to DH-PFS6428-24T)
Contents
CLI Configuration Manual ..................................................................................................................... 1
1. System Status Commands ....................................................................................................... 7
1.1 Mode Description ............................................................................................................. 7
1.2 System information .......................................................................................................... 8
Function Brief .................................................................................................................. 8
1.2.1 show version .......................................................................................................... 8
1.2.2 show clock ............................................................................................................. 8
1.3 Log information ................................................................................................................. 9
Function Brief .................................................................................................................. 9
1.3.1 show logging .......................................................................................................... 9
1.4 Port statistics .................................................................................................................... 9
Function Brief .................................................................................................................. 9
1.4.1 show interface ..................................................................................................... 10
1.5 LACP status .................................................................................................................... 10
Function Brief ................................................................................................................ 10
1.5.1 lacp state .............................................................................................................. 10
1.6 View route ....................................................................................................................... 11
Function Brief ................................................................................................................ 11
1.6.1 show ip route ....................................................................................................... 11
1.7 ERPS-RING status ........................................................................................................ 12
Function Brief ................................................................................................................ 12
1.7.1 show erps ............................................................................................................. 12
1.8 Power status ................................................................................................................... 12
Function Brief ................................................................................................................ 12
1.8.1 show power .......................................................................................................... 12
2. System Setting Commands .................................................................................................... 13
2.1 IP config ........................................................................................................................... 13
Function Brief ................................................................................................................ 13
2.1.1 ip address ............................................................................................................ 13
2.1.2 ip address dhcp ................................................................................................... 13
2.1.3 ip address old_ip ................................................................................................. 14
2.1.4 show interface ..................................................................................................... 14
2.2 User config ...................................................................................................................... 15
Function Brief ................................................................................................................ 15
2.2.1 username name .................................................................................................. 15
2.2.2 show user ............................................................................................................. 16
2.3 Time setting ..................................................................................................................... 16
Function Brief ................................................................................................................ 17
2.3.1 sntp enable|disable ............................................................................................. 17
2.3.2 sntp unicast-server ............................................................................................. 17
2.3.3 sntp auto-sync timer ........................................................................................... 18
2.3.4 sntp connect ........................................................................................................ 18
2.3.5 sntp timezone set ................................................................................................ 18
2.3.6 local-time date ..................................................................................................... 19
3. Port configuration commands ................................................................................................ 20
3.1 Port config ....................................................................................................................... 20
Function Brief ................................................................................................................ 20
3.1.1 duplex ................................................................................................................... 20
3.1.2 speed .................................................................................................................... 21
3.1.3 flow-control .......................................................................................................... 21
3.1.4 shutdown .............................................................................................................. 22
3.1.5 description ............................................................................................................ 22
3.2 Rate limit ......................................................................................................................... 22
Function Brief ................................................................................................................ 22
3.2.1 rate-limit ................................................................................................................ 23
3.3 Port mirroring .................................................................................................................. 23
Function Brief ................................................................................................................ 23
3.3.1 monitor.................................................................................................................. 23
3.4 Link aggregation ............................................................................................................. 24
Function Brief ................................................................................................................ 24
3.4.1 trunk ...................................................................................................................... 24
3.4.2 load-balance ........................................................................................................ 25
3.4.3 lacp enable | disable ........................................................................................... 25
3.4.4 lacp active | passive ........................................................................................... 26
3.4.5 lacp key ................................................................................................................ 26
3.4.6 lacp port-priority .................................................................................................. 27
3.4.7 example ................................................................................................................ 27
4. Advanced configuration commands ...................................................................................... 29
4.1 VLAN config .................................................................................................................... 29
Function Brief ................................................................................................................ 29
4.1.1 switchport mode .................................................................................................. 30
4.1.2 switchport pvid .................................................................................................... 30
4.1.3 switchport trunk|hybrid| access ......................................................................... 31
4.1.4 show vlan ............................................................................................................. 31
4.1.5 example ................................................................................................................ 32
4.2 QinQ config ..................................................................................................................... 33
Function Brief ................................................................................................................ 33
4.2.1 qinq ....................................................................................................................... 33
4.2.2 qinq otpid.............................................................................................................. 33
4.3 MAC config...................................................................................................................... 34
Function Brief ................................................................................................................ 34
4.3.1 mac-address aging-time .................................................................................... 34
4.3.2 show mac-address ............................................................................................. 35
4.4 ARP config ...................................................................................................................... 35
Function Brief ................................................................................................................ 35
4.4.1 show arp ............................................................................................................... 36
4.4.2 arp static ............................................................................................................... 36
4.4.3 arp timeout ........................................................................................................... 36
4.5 MSTP config ................................................................................................................... 37
Function Brief ................................................................................................................ 37
4.5.1 spanning-tree....................................................................................................... 38
4.5.2 spanning-tree mode ........................................................................................... 38
4.5.3 spanning-tree max-age ...................................................................................... 39
4.5.4 spanning-tree hello-time .................................................................................... 39
4.5.5 spanning-tree forward-delay ............................................................................. 39
4.5.6 spanning-tree max-hop ...................................................................................... 40
4.5.7 spanning-tree instance ....................................................................................... 40
4.5.8 spanning-tree mstp name .................................................................................. 41
4.5.9 spanning-tree mstp revision .............................................................................. 41
4.5.10 show spanning-tree .......................................................................................... 41
4.5.11 show spanning-tree interface brief ................................................................. 42
4.6 IGMP-snooping .............................................................................................................. 42
Function Brief ................................................................................................................ 43
4.6.1 igmp-snooping ..................................................................................................... 43
4.6.2 igmp-snooping host-age-time ........................................................................... 43
4.6.3 igmp-snooping fast-leave .................................................................................. 44
4.6.4 igmp-snooping static-group ............................................................................... 44
4.6.5 show igmp-snooping group ............................................................................... 45
4.6.6 example ................................................................................................................ 45
4.7 DHCP server ................................................................................................................... 46
Function Brief ................................................................................................................ 46
4.7.1 ip dhcpd ................................................................................................................ 46
4.7.2 dhcp pool.............................................................................................................. 47
4.7.3 network ................................................................................................................. 47
4.7.4 default-router ....................................................................................................... 48
4.7.5 dns-server ............................................................................................................ 48
4.7.6 static ...................................................................................................................... 48
4.7.7 lease ..................................................................................................................... 49
4.7.8 domain-name ...................................................................................................... 50
4.7.9 nbns-server .......................................................................................................... 50
4.7.10 example .............................................................................................................. 50
4.8 DHCP relay ..................................................................................................................... 51
Function Brief ................................................................................................................ 51
4.8.1 ip helper-address ................................................................................................ 51
4.9 DHCP snooping .............................................................................................................. 52
Function Brief ................................................................................................................ 52
4.9.1 ip dhcp-snooping ................................................................................................ 52
4.9.2 ip dhcp-snooping trust ........................................................................................ 53
4.9.3 show ip dhcp-snooping lease ........................................................................... 53
4.10 QoS config .................................................................................................................... 54
Function Brief ................................................................................................................ 54
4.10.1 remask................................................................................................................ 54
4.10.2 cos default ......................................................................................................... 55
4.10.3 trust ..................................................................................................................... 55
4.10.4 cos map .............................................................................................................. 56
4.10.5 dscp map ........................................................................................................... 56
4.10.6 scheduler policy ................................................................................................ 57
4.10.7 example .............................................................................................................. 57
4.11 VRRP ............................................................................................................................. 59
Function Brief ................................................................................................................ 59
4.11.1 vrrp advertisement ............................................................................................ 59
4.11.2 vrrp ip .................................................................................................................. 60
4.11.3 vrrp preempt ...................................................................................................... 60
4.11.4 vrrp preempt time .............................................................................................. 61
4.11.5 vrrp priority ......................................................................................................... 61
4.11.6 example .............................................................................................................. 62
5. Routing configuration commands .......................................................................................... 64
5.1 Interface config ............................................................................................................... 64
Function Brief ................................................................................................................ 64
5.1.1 interface................................................................................................................ 64
5.1.2 shutdown / no shutdown .................................................................................... 64
5.1.3 ip address ............................................................................................................ 65
5.1.4 show interface ..................................................................................................... 65
5.2 Static routing ................................................................................................................... 66
Function Brief ................................................................................................................ 66
5.2.1 ip route.................................................................................................................. 66
5.2.2 show ip route ....................................................................................................... 67
5.2.3 example ................................................................................................................ 67
5.3 OSPF config.................................................................................................................... 70
Function Brief ................................................................................................................ 70
5.3.1 router ospf ............................................................................................................. 70
5.3.2 network ................................................................................................................. 71
5.3.3 router-id ................................................................................................................ 71
5.3.4 timers throttle spf ................................................................................................ 72
5.3.5 default-metric ....................................................................................................... 72
5.3.6 passive-interface default .................................................................................... 73
5.3.7 redistribute ........................................................................................................... 73
5.3.8 default-information originate ............................................................................. 74
5.3.9 ip ospf ................................................................................................................... 74
5.3.10 show ip ospf....................................................................................................... 76
5.3.11 example .............................................................................................................. 76
5.4 BGP config ...................................................................................................................... 78
Function Brief ................................................................................................................ 78
5.4.1 router bgp ............................................................................................................ 79
5.4.2 timers bgp ............................................................................................................ 79
5.4.3 redistribute ........................................................................................................... 80
5.4.4 neighbor ............................................................................................................... 80
5.4.5 network .................................................................................................................. 80
5.4.6 example................................................................................................................ 81
5.5 RIP config ........................................................................................................................ 82
Function Brief ................................................................................................................ 83
5.5.1 default-information originate .............................................................................. 83
5.5.2 default-metric ....................................................................................................... 83
5.5.3 distance ................................................................................................................. 84
5.5.4 end ......................................................................................................................... 84
5.5.5 exit/quit .................................................................................................................. 85
5.5.6 network .................................................................................................................. 85
5.5.7 offset-list ................................................................................................................ 85
5.5.8 passive-interface .................................................................................................. 86
5.5.9 redistribute ............................................................................................................ 87
5.5.10 timer ..................................................................................................................... 87
5.5.11 version ................................................................................................................. 88
5.5.12 example ............................................................................................................. 88
6. Network security commands .................................................................................................. 91
6.1 Anti-attack ....................................................................................................................... 91
Function Brief ................................................................................................................ 91
6.1.1 system ignore icmp-echo ................................................................................... 91
6.1.2 system protection syn-ack ................................................................................. 91
6.1.3 system rate-limit .................................................................................................. 92
6.2 MAC binding ................................................................................................................... 92
6.2.1 mac-address static ............................................................................................. 93
6.3 ARP binding .................................................................................................................... 93
Function Brief ................................................................................................................ 93
6.3.1 ip-mac bind .......................................................................................................... 94
6.3.2 show ip-mac bind ................................................................................................ 95
6.4 ACL config ....................................................................................................................... 95
Function Brief ................................................................................................................ 95
6.4.1 mac acl ................................................................................................................. 96
6.4.2 ip acl...................................................................................................................... 96
6.4.3 rule ........................................................................................................................ 97
6.4.4 ip/mac access-group .......................................................................................... 97
6.5 802.1X config .................................................................................................................. 98
Function Brief ................................................................................................................ 98
6.5.1 dot1x ..................................................................................................................... 98
6.5.2 dot1x auth-server ................................................................................................ 99
6.5.3 dot1x auth-server type ....................................................................................... 99
6.5.4 dot1x acct-sever ................................................................................................ 100
6.5.5 dot1x timer ......................................................................................................... 100
6.5.6 dot1x auth-mode ............................................................................................... 101
6.5.7 dot1x controlled-mode ..................................................................................... 101
6.5.8 dot1x auth .......................................................................................................... 102
6.5.9 dot1x auth-user ................................................................................................. 102
6.6 Port isolation ................................................................................................................. 102
Function Brief .............................................................................................................. 103
6.6.1 switchport protected ......................................................................................... 103
6.7 Storm control ................................................................................................................. 103
Function Brief .............................................................................................................. 103
6.7.1 storm-control broadcast pps ............................................................................ 104
6.7.2 storm-control multicast pps ............................................................................. 104
6.7.3 storm-control unicast pps ................................................................................ 105
6.8 ERPS-RING config ...................................................................................................... 105
Function Brief .............................................................................................................. 105
6.8.1 loop-protection .................................................................................................. 105
6.8.2 loop-protection tx-time ..................................................................................... 106
6.8.3 loop-protection transmit ................................................................................... 106
6.8.4 show loop-protection ........................................................................................ 107
6.8.5 example .............................................................................................................. 107
6.9 ERPS-E config.............................................................................................................. 109
Function Brief .............................................................................................................. 109
6.9.1 erps ..................................................................................................................... 110
6.9.2 erps xx ................................................................................................................ 110
6.9.3 show erps ........................................................................................................... 111
6.9.4 example .............................................................................................................. 111
6.10 IP source guard .......................................................................................................... 113
Function Brief .............................................................................................................. 113
6.10.1 ip source-guard ............................................................................................... 113
6.10.2 ip source-guard trust ...................................................................................... 114
6.10.3 ip dhcp-snooping binding .............................................................................. 114
6.10.4 show ip source-guard ..................................................................................... 115
7. Network management commands ....................................................................................... 116
7.1 HTTP config .................................................................................................................. 116
Function Brief .............................................................................................................. 116
7.1.1 ip http-server http .............................................................................................. 116
7.1.2 ip http-server https ............................................................................................ 116
7.2 SNMP config ................................................................................................................. 117
Function Brief .............................................................................................................. 117
7.2.1 snmp ................................................................................................................... 117
7.2.2 snmp-server trap2sink ..................................................................................... 118
7.2.3 snmp-server trap ............................................................................................... 118
7.2.4 snmp-server community .................................................................................. 119
7.2.5 snmp host .......................................................................................................... 119
7.2.6 snmp-server user .............................................................................................. 119
7.2.7 example .............................................................................................................. 120
8. System maintenance commands......................................................................................... 122
8.1 Reboot ........................................................................................................................... 122
Function Brief .............................................................................................................. 122
8.1.1 reboot.................................................................................................................. 122
8.2 Restore factory ............................................................................................................. 122
Function Brief .............................................................................................................. 122
8.2.1 default configure ............................................................................................... 123
8.3 Config management .................................................................................................... 123
Function Brief .............................................................................................................. 123
8.3.1 write .................................................................................................................... 123
8.4 PING test ....................................................................................................................... 124
Function Brief .............................................................................................................. 124
8.4.1 ping ..................................................................................................................... 124
1. System Status Commands
1.1 Mode Description
Command Description
How to enter and exit each mode (the privilege mode, global mode,
and interface mode)
Parameter
None
Default
None
Command Mode
Privileged mode
Example
username: admin
password: admin(Hidden)
switch#
switch# exit
press ENTER to get started
username:
// This command is used to enter the privileged mode, and the exit
command is used to exit the privileged mode.
switch# configure terminal
switch(config)# exit
switch#
// This command is used to enter the global mode, and the exit command is
used to exit the global mode and return to the privileged mode.
switch# configure terminal
switch(config)# interface G1
switch(config-G1)# exit
switch(config)#
// This command is used to enter the G1 interface mode from the global
mode, and the exit command is used to exit the interface mode.
switch(config)# interface vlan1
switch(config-vlanif1)# exit
switch(config)#
// This command is used to enter the vlan1 interface mode from the global
mode, and the exit command is used to exit the vlan1 interface mode.
1.2 System information
Function Brief
This module is used to display the device name, software version,
hardware version, MAC address, compile time, run time, and current system
time.
1.2.1 show version
Command Description
This command is used to display the version information, including
the device name, software version, hardware version, MAC address,
compile time, system run time, current version information, and
backup version information.
Parameter
None
Default
None
Command Mode
Privileged mode(To enter the privileged mode, connect a serial port,
and enter the user name and password. To exit the privileged mode, run the
exit command.)
Example
username: admin
password: admin(The password is hidden.)
switch# show version
1.2.2 show clock
Command Description
This command is used to display the current system time.
Parameter
None
Default
None
Command Mode
Privileged mode
Example
switch# show clock
1.3 Log information
Function Brief
This module is used to display system logs when the system is
running, so that maintenance staff can conveniently analyze relevant
problems.
1.3.1 show logging
Command Description
This command is used to display the current log of the switch.
Parameter
None
Default
None
Command Mode
Privileged mode
Example
switch# show logging
1.4 Port statistics
Function Brief
The port statistics module is used to display the number of
sent/received packets, sent/received bytes, and number of sent/received
error packets on every port.
<cr>
It is used to display data statistics of all ports.
G<1-24>
It is used to display data statistics
1.4.1 show interface
Command Description
This command is used to display the packet statistics of one or more
ports.
Parameter
Default
None
Command Mode
Privileged mode
Example
switch# show interface G1
1.5 LACP status
Function Brief
This function module is used to display the LACP port configurations.
1.5.1 lacp state
Command Description
This command is used to display the status of the LACP system.
Parameter
None
Default
None
Command Mode
bgp
View the BGP routing information
connected
View the connected routing information
ospf
View the ospf routing information
rip
View the rip routing information
static
View the static routing information
A.B.C.D
View contains specific IP routing information
A.B.C.D/M
View of a routing information
summary
View all routing summary information
Global configuration mode
Example
switch(config)# lacp state
1.6 View route
Function Brief
The function module is used to display switch routing information.
1.6.1 show ip route
Command Description
This command is used to display the router information.
Parameter
Default
Command Mode
Example
switch# show ip route connected
None
Privileged mode
1.7 ERPS-RING status
Function Brief
The function module is used to display erps information.
1.7.1 show erps
Command Description
This command is used to display the erps information.
Parameter
None
Default
None
Command Mode
Privileged mode
Example
switch# show erps
1.8 Power status
Function Brief
The function module is used to display power supply information.
1.8.1 show power
Command Description
This command is used to display the power supply information.
Parameter
None
Default
None
Command Mode
Privileged mode
Example
switch# show power
2. System Setting Commands
2.1 IP config
IP address configuration commands include:
ip address
ip address dhcp
ip address old_ip A.B.C.D/M new_ip A.B.C.D/M
show ip interface
notice:A.B.C.D/M,Example:192.168.1.1/24
Function Brief
The IP configuration module is used to add, delete or display the
interface IP information of a switch.
2.1.1 ip address
Command Description
Configure IP port for A.B.C.D/M
no ip address A.B.C.D/M
//Delete ports IP A.B.C.D/M
Parameter
None
Default
VLAN 1 interface
Command Mode
VLAN interface configuration mode
Example
switch(config)# interface vlanif1
switch(config-vlanif1)#ip address 192.168.100.1/24
switch(config-vlanif1)#no ip address 192.168.100.1/24
2.1.2 ip address dhcp
Command Description
Configure IP port for automatic access (network DHCP server will
assign a dynamic IP) for the switch port.
no ip address dhcp
//Disables the IP of the interface to access automatically.
Parameter
None
Default
Open port
Command Mode
Interface configuration mode
Example
switch(config)# interface vlanif1
switch(config-vlanif1)#ip address dhcp
switch(config-vlanif1)#no ip address dhcp
2.1.3 ip address old_ip
Command Description
ip address old_ip A.B.C.D/M new_ip A.B.C.D/M
Change the IP configuration of the interface (amend the old_ip to
new_ip)
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
switch(config)# interface vlanif1
switch(config-vlanif1)#ip address old_ip 192.168.255.1/24 new_ip
192.168.10.1/24
2.1.4 show interface
Command Description
This command is used to display the interface IP information.
Parameter
None
Default
Enabled port
Command Mode
Privileged mode and Global configuration mode
guest
permissions for all users of the guest is limited to check the
system status information under the menu bar
admin
permissions for the admin user, you can add, modify, delete
all configuration
Example
switch(config)#show interface vlanif1
switch#show interface vlanif1
2.2 User config
User configuration commands include:
username name
show user
Note: name indicates the user name, which is a string of 1 to 32
characters. password indicates the password, which is a string of 1 -
32 characters.level indicates the user level, which ranges from 1
(lowest management rights) to 15 (highest management rights).
Function Brief
This function module is used to display, modify or add user
information so as to protect the switch configurations.
2.2.1 username name
Command Description
username name password passwd privilege level
//This command is used to add a user, modify the password of an existing
user, modify the management rights of an existing user, or modify the
password and management rights of an existing user.
no username name
//This command is used to delete a known user.
Parameter
Default
admin
Command Mode
Global configuration mode
Example
switch(config)#username test password test
//Add a user "test", it is the default password is testing and rights: the
guest.
switch(config)#username test password test privilege admin
//Modify user: test, password: test, permissions: admin.
switch(config)#username test password test privilege guest
//Modify user: the test management authority for the guest.
switch(config)#no username test
//Delete user test.
2.2.2 show user
Command Description
This command is used to display all the current user configurations
of the switch.
Parameter
None
Default
None
Command Mode
Privileged mode
Example
Switch#show user
2.3 Time setting
The configuration commands include:
sntp enable|disable
sntp unicast-server
sntp auto-sync timer
sntp connect
sntp timezone
local-time date
Function Brief
When enabled, this function can be used to automatically
synchronize the switch time with the network time.
2.3.1 sntp enable|disable
Command Description
ntp:
//This command is used to enable the NTP function.
no ntp:
//This command is used to disable the NTP function.
Parameter
None
Default
Disable
Command Mode
Global configuration mode
Example
switch(config)#sntp enable
switch(config)#sntp disable
2.3.2 sntp unicast-server
Command Description
sntp unicast-server A.B.C.D
//This command is used to add the IP address of an NTP server.
no sntp unicast-server A.B.C.D
//This command is used to delete the ip address of an NTP server.
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
Switch(config)#sntp unicast-server 210.21.196.6
<0-39>
Each number represents a time zone, can use SNTP
timezone show view the corresponding relationship
2.3.3 sntp auto-sync timer
Command Description
This command is used to set the SNTP synchronization time
interval.
Parameter
sntp auto-sync timer time,time Values range 5-65535s, 300s default
value.
Default
300s
Command Mode
Global configuration mode
Example
Switch(config)#sntp auto-sync timer 5
2.3.4 sntp connect
Command Description
sntp connect A.B.C.D
//This command is used to select the SNTP server to connect.
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
switch(config)#sntp connect 210.21.196.6
2.3.5 sntp timezone set
Command Description
switch(config)# sntp timezone set<0-39>
//This command is used to select the time zone.
Parameter
Default
0
Command Mode
Global configuration mode
Example
switch(config)#sntp timezone set 32
/ /Modify the time zone east eight area.
2.3.6 local-time date
Command Description
local-time date YYYY-MM-DD time HH:MM:SS
//Set the local time year - month - day hours: minutes: seconds
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
switch(config)# local-time date 2015-3-18 time 12:12:12
// Note: due to the chip is limited, can only be set after January 1,1970.
parameter
Parameters of the command mode
auto
Automatic negotiation.
full
Full duplex
half
Half duplex
3. Port configuration commands
3.1 Port config
Port configuration commands include:
duplex
speed
flow-control
shutdown
description
Function Brief
This module is used to configure basic parameters related to ports of
a switch. These basic parameters directly influence the port working mode.
3.1.1 duplex
Command Description
duplex {auto | full | half }
no duplex
//These commands are used to set the port rate mode.
Parameter
Default
By default, the duplex modes of all ports are Auto. For an optical port,
the duplex mode is always set to full.
Command Mode
Interface configuration mode
Note:
Light port duplex is fixed, is a full-duplex mode (full).
Example
// This command is used to modify the duplex mode of the G1 port.
switch(config)# interface G1
switch(config-G1)# duplex full
parameter
Parameters of the command mode
10,100,1000,10000
The port rate is set to 10M, 100M and 1000M.
auto
The port rate is set to Auto.
3.1.2 speed
Command Description
speed {10 | 100 | 1000|10000|auto }
no speed
//It is used to set the port rate.
Parameter
Default
By default, the speed mode is set to auto for an electric port,
10000M for a f-port fiber port
Command Mode
Interface configuration mode
Note:
Port speed of light is coerced into 1000M and 10000M.
Electricity mouth can only set auto, 10M and 100M
Example
// The port rate of G1 is set to 100M.
switch(config)# interface G1
switch(config-G1)# speed 100
3.1.3 flow-control
Command Description
flowctrl
no flowctrl
//This command is used to enable or disable the flow control function of a
port.
Parameter
None
Default
The flow control function is enable by default
Command Mode
Interface configuration mode
Example
//enable the function.
switch(config-G1)# flowctrl
3.1.4 shutdown
Command Description
shutdown
no shutdown
//This command is port switch.
Parameter
None
Default
The port is enabled by default.
Command Mode
Interface configuration mode
Example
//This command is used to disable a port.
switch(config)#interface G1
switch(config-G1)# shutdown
3.1.5 description
Command Description
This command is to configure the port description information,
convenient for management (composed of letters, Numbers and
underscore).
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
switch(config)#interface G1
switch(config-G1)# description A1_1
3.2 Rate limit
Function Brief
It is used to configure the speed limiting policy of a port to limit the
ingress and egress rates of all packets of the port.
1-10000000
Port speed range is 1-10000000kbps
Parameter
Parameters of the command mode
3.2.1 rate-limit
Command Description
rate-limit {1-10000000 } egress/ingress
no rate-limit egress/ingress
//Configure port egress / ingress speed limit function, use the no form, port restore
default settings .
Parameter
Default
0
Command Mode
Interface configuration mode
Example
//The speed limit exports 10000 Kbps
switch(config)#interface G1
switch(config-G1)# rate-limit 10000 egress
3.3 Port mirroring
Function Brief
Port mirroring is also called port monitoring. Port monitoring is a data
packet acquisition technology. It can be configured on a switch to copy data
packets from one or more ports (mirror source ports) to a specified port
(mirror destination port). The destination port is connected to a host installed
with the packet analysis software. The software analyzes the collected
packets to implement network monitoring and eliminating network faults.
3.3.1 monitor
Command Description
monitor session <1-4> ingress destination <IFNAME> source
<IFNAME>
no monitor session <1-4>
//Configure port mirroring function, use the no form of the command, delete the
image settings.
Parameter
1-4
Port mirror number
IFNAME
port number,Example G1,T1
Default
None
Command Mode
Global configuration mode
Example
//This command is to configure the session 1 source port for G1,G2, destination
port for G3.
switch(config)# monitor session 1 both destination G3 source G1
G2
3.4 Link aggregation
Static aggregation configuration commands include:
Trunk
Dynamic aggregation configuration commands include:
lacp enable | disable
lacp active | passive
lacp key
lacp port-priority
Function Brief
Link aggregation is used to form a logical port using multiple physical
ports of a switch. Multiple links within the same aggregation group are
deemed as a larger bandwidth logical link.
By link aggregation, the communication traffic is shared among
member ports of the aggregation group, and thus the bandwidth is increased.
Besides, member ports of the same aggregation share dynamic backups
with each other, and thus the link reliability is improved.
3.4.1 trunk
Member ports of the same aggregation group shall have the same
configurations. The configurations mainly include STP, QoS, VLAN, port
attribute, MAC address learning, ERPS configuration, loop protection
configuration, mirror, 802.1x, IP filtering, MAC filtering, port isolation, etc.
Command Description
both-mac
Based on the source mesh MAC load balancing
dst-mac
Based on the destination MAC load balancing
src-mac
Based on the source MAC load balancing
interface trunk [trunk ID]
Configuration trunk
trunk [trunk ID]
Default
None
Command Mode
Global configuration mode
Example
switch(config)# interface trunk 1
switch(config)# interface G1
switch(config-G1)# trunk 1
3.4.2 load-balance
Command Description
load-balance
//This command is to set up static aggregation of load balance mode.
Parameter
Default
Disable
Command Mode
Interface configuration mode
Example
//This command is to set up load balancing model based on source and
destination MAC.
switch(config)# load-balance both-mac
3.4.3 lacp enable | disable
Command Description
lacp enable
//This command is used to enable dynamic aggregation of ports.
lacp disable
//This command is used to disable dynamic aggregation of ports.
Parameter
None
Default
Disable
Command Mode
Interface configuration mode
Example
switch(config)#interface G1
switch(config-G1)# lacp disable
3.4.4 lacp active | passive
Command Description
lacp active
lacp passive
//This command is used to configure the role of an LACP port.
//It specifies the role of a port, which is active or passive.
Parameter
None
Default
active
Command Mode
Interface configuration mode
Example
switch(config)#interface G1
switch(config-G1)# lacp active
3.4.5 lacp key
Command Description
LACP key refers to the management key value of a dynamic
aggregation port and determines whether the port can be added into
an aggregation port. LACP protocol generates an operation key
based on the port configuration (that is, the rate, duplex, basic
configuration and management key). Members of a dynamic
aggregation group can only be aggregated when they have the
same operation key.
Parameter
<1-65535>: The key value is manually specified. The value ranges
from 1 to 65535.
auto: The key value is automatically negotiated.
Default
auto
Command Mode
Interface configuration mode
Example
switch(config)# interface G1
switch(config-G1)# lacp key 100
3.4.6 lacp port-priority
Command Description
lacp port-priority <1-32768>
//This command is used to configure the priority of an LACP port.
Parameter
<1-32768>: It specifies the priority range. A smaller value indicates a
higher priority.
Default
0
Command Mode
Interface configuration mode
Example
switch(config)# interface G1
switch(config-G1)# lacp port-priority 100
3.4.7 example
The link aggregation is used to increase the bandwidth of device-level serial
ports and share loads based on the source/destination MAC address.
SW1/SW2:
switch# configure terminal
switch(config)# load-balance both-mac
switch(config)# interface trunk 1
switch(config)# interface G1
switch(config-G1)# trunk 1
switch(config)# interface trunk 1
switch(config)# interface G2
switch(config-G1)# trunk 1
phenomenon:
After aggregation, two links form one logical link and thus the
bandwidth is doubled. Besides, the load is shared based on the source or
destination MAC address. When one link in the aggregation group is
disconnected, the packet is sent through another link, and thus the
communication is not interrupted.
4. Advanced configuration commands
4.1 VLAN config
VLAN configuration commands include:
switchport mode
switchport pvid
switchport trunk|hybrid| access
show vlan
Function Brief
Ethernet is a shared communication media based on the Carrier
Sense Multiple Access/Collision Detect (CSMA/CD) technology. A LAN built
using the Ethernet technology is not only a collision domain, but also a
broadcast domain. When the number of hosts on the network is large, the
collision becomes serious, broadcast flooding occurs, and the performance
is significantly degraded. Even worse, the network is unavailable.
Deployment of bridges or L2 switches on the Ethernet can resolve the
problem of serous collision, but still cannot isolate broadcast packets. To
address this issue, the Virtual Local Area Network (VLAN) technology
emerges. This technology can divide a physical LAN into multiple logical
LANs, that is, VLANs. Hosts located in the same VLAN can directly
communicate with each other, but hosts located in different VLANs cannot
communicate with each other. In this way, broadcast packets are confined in
the same VLAN. That is, each VLAN is a broadcast domain.
Advantages of VLAN are as follows:
1) Improve network performance. Broadcast packets are confined in the
VLAN, which effectively controls broadcast storms of the network, saves the
network bandwidth, and improves the network processing capability.
2) Enhance network security. Devices in different VLANs cannot access
each other, and hosts in different VLANs cannot directly communicate with
each other. Packets must be forwarded at L3 through network layer devices,
such as routers or L3 switches.
3) Simplify network management. Hosts in the same virtual work group are
not limited to a certain physical range, which simplifies network management,
and makes it convenient for people in different areas to set up work groups.
Parameter
Parameters of the command mode
access
Access mode
trunk
Trunk mode
Hybrid
Hybrid mode
Parameter
Parameters of the command mode
Vlan-id
Vlan id.Value range:1-4094.
4.1.1 switchport mode
Command Description
switchport mode {access | trunk | hybrid }
//This command is to configure the port mode.
Parameter
Default
Access mode
Command Mode
Interface configuration mode
A switch port supports the following modes:
Access mode: The port belongs to only one VLAN, and only
sends and receives untagged Ethernet frames.
Trunk mode: The port is connected with other switches, and can
receive and send tagged Ethernet frames.
Hybrid mode: The port can be connected to a PC or a switch and
router. (The hybrid mode is the combination of the access mode
and the trunk mode.)
Example
//The port is configured to VLAN trunk /hybrid/access.
Switch(config)# interface T1
Switch(config-T1)#switchport mode trunk /hybrid/access
4.1.2 switchport pvid
Command Description
switchport pvid { vlan-id}
Parameter
Default
Vlan1
Command Mode
Interface configuration mode
Parameter
Parameters of the command mode.
Vlan-id
Vlan id,Value range:1-4094.
Parameter
Parameters of the command mode
vlan-id
The display VLAN Value range:1-4094.
Example
//The default vlan Settings for the port for vlan2.
Switch(config)# interface T1
Switch(config-T1)# switchport pvid 2
4.1.3 switchport trunk|hybrid| access
Command Description
switchport trunk tag {vlan-id}
switchport hybrid tag|untag|unpvid {vlan-id}
switchport access {vlan-id}
Parameter
Default
All ports are members of vlan1, do not belong to other vlan
Command Mode
Interface configuration mode
Example
//This command is the trunk mode port to join one vlan or multiple vlan.
switch(config)# interface T1
switch(config-T1)# switchport mode trunk
switch(config-T1)# switchport trunk tag 2
switch(config-T1)# switchport trunk tag 3-4
//This command is the hybrid mode port to join one vlan or multiple vlan.
switch(config-T1)# switchport mode hybrid
switch(config-T1)# switchport hybrid tag|untag 2
switch(config-T1)# switchport hybrid tag| untag 3-4
//This command is to access mode port to join vlan2
switch(config-T1)# switchport access 2
4.1.4 show vlan
Command Description
show vlan [vlan-id ]
Parameter
Default
None
Command Mode
Privileged mode
Example
//This command is to display all VLAN information.
Switch#show vlan
Vid Status Name Ports
---------------------------------------------------------------
------------------------------------
1 static vlan1 G1 G2 G3 G4 T1 T2 T3 T4 T5 T6 T7 T8 T9
T10 T11 T12 T13 T14 T15 T16 T17 T18 T19
T20 T21 T22 T23 T24
2 static vlan2
3 static vlan3
4.1.5 example
Enable VLAN communication across different switches. (PC1 and PC2 can
communicate with each other normally.)
SW1/SW2:
switch# configure terminal
switch(config)# interface G1
switch(config-if)# switchport mode trunk
switch(config-if)# switchport trunk tag 2
switch(config-if)# exit
switch(config)# interface G2
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan 2
phenomenon:
pc1(192.168.222.107)and pc2(192.168.222.94)are mutually
pinged.
4.2 QinQ config
Qinq configuration commands include:
Qinq
Qinq otpid
Function Brief
QinQ technology through the stacked two 802.1Q in the Ethernet
frame header, effectively expanded the number of VLAN, make the
number of vlans up to 4094x4094.
4.2.1 qinq
Command Description
Enable qinq
//no qinq express disable qinq function.
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
switch(config)# interface G1
switch(config-G1)# qinq
4.2.2 qinq otpid
Command Description
Configuration tag QinQ layer protocol type.
Parameter
<0x0000-0x9999>
Tag QinQ layer protocol type
Parameter
Parameters of the command mode
time
The value range is <0,
10-1000000>.
Default
0x8100
Command Mode
Interface configuration mode
Example
switch(config)# qinq otpid 0x88a8
4.3 MAC config
MAC configuration commands include:
mac-address aging-time
show mac-addres
Function Brief
The switch is able to send packets directly to the destination node instead of
sending packets to all nodes as a hub,the key technology is that the switch can
identify the network card MAC address of the node, then put them in a place called
MAC address table. The MAC address table is stored in the switch's cache and
remembers these addresses.In this way, when the data is sent to the destination
address, the switch can locate the node position of the MAC address in the MAC
address table, and then send the data directly to the node of the location. MAC
address number refers to the number of MAC addresses that can be stored in the
MAC address table of the switch, the more the number of MAC addresses is stored,
the higher the speed and efficiency of data forwarding.
4.3.1 mac-address aging-time
Command Description
mac address-table aging-time time {10-1000000}:
//This command is used to set the aging time of the MAC address. If the aging time
is set to 0, the MAC address is automatically aged.
no mac address-table aging time:
//This command is used to restore the default aging time.
Parameter
Default
None
Command Mode
Global configuration mode
Example
//Set the MAC address aging time to 100s.
switch(config)# mac-address aging-time 100
//Set the MAC address aging time to 300s.
switch(config)# no mac-address aging-time
4.3.2 show mac-address
Command Description
show mac-addres{ aging-time}
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
//This command can display the MAC address and MAC address of the aging time.
switch# show mac-address
MAC Vlan Port Type
------------------------------------------------------------------------------------
94-de-80-dc-cf-38 1 G4 dynamic
60-92-17-9d-30-c3 1 G4 dynamic
Switch# show mac-address aging-time
Mac address aging-time : 100
4.4 ARP config
ARP configuration commands include:
show arp
arp static
arp timeout
Function Brief
This function module, you can view the ARP entry information that the switch
has learned, you can add ARP static entries to prevent unauthorized access to the
Parameter
Parameters of the command mode
ip_addr
Ip address,Value range:X.X.X.X.
mac_addr
Mac address,Value range:H.H.H.H
host and modify the aging time of ARP entries.
4.4.1 show arp
Command Description
show arp
//This command to display the ARP.
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
//This command to display the ARP.
switch(config)# show arp
4.4.2 arp static
Command Description
arp static ip_addr mac_addr
//This command is used to add a static entry.
no arp static ip_addr
//This command is used to delete a static entry.
Parameter
Default
None
Command Mode
Global configuration mode
Example
// Add a static entry.
switch(config)# arp static 192.168.111.1 00-00-a1-b2-c3-d4
4.4.3 arp timeout
Command Description
Parameter
Parameters of the command mode
seconds
Unit :second, value range:60-86400.
arp timeout seconds
//This command is used to set the aging time.
no arp timeout
//This command is used to cancel time Settings.
Parameter
Default
None
Command Mode
Interface configuration mode
Example
//This command is to set up the ARP aging time for 3000 seconds.
switch(config)# interface vlanif1
switch(config-vlanif1)# arp timeout 3000
4.5 MSTP config
MSTP configuration commands include:
spanning-tree
spanning-tree mode
spanning-tree max-age
spanning-tree hello-time
spanning-tree forward-delay
spanning-tree max-hop
spanning-tree instance
show spanning-tree
show spanning-tree interface brief
Function Brief
STP is developed based on IEEE 802.1D, and is a protocol used to
eliminate physical loops at the data link layer in the LAN. STP-enabled
devices exchange information to detect loops on the network, and
selectively block some ports to change a loop topology into a loop-free tree
topology. This prevents continuous growing and infinite loop of packets on
the loop network, and prevents occurrence of problems such as degraded
packet processing capability of devices caused by repeated receiving of the
Stp
Enable STP
rstp
Enable RSTP
mstp
Enable MSTP
same packets.
Protocol packets used by STP are Bridge Protocol Data Units
(BPDUs), which are also called configuration messages. A BPDU contains
sufficient information to ensure that a device can complete the spanning tree
computation process. STP transfers BPDUs between devices to determine
the network topology.
4.5.1 spanning-tree
Command Description
spanning-tree:
//This command is used to enable the STP function.
no spanning-tree:
//This command is used to disable the STP function.
Parameter
None
Default
Enable
Command Mode
Global configuration mode
Example
switch(config)# spanning-tree
switch(config)# no spanning-tree
4.5.2 spanning-tree mode
Command Description
spanning-tree mode {stp|rstp|mstp}
//This command is used to set the STP version.
Parameter
Default
stp
Command Mode
seconds
BPDU biggest survival time.Value range:6-40s.
Time
Hello message sending interval,Value range:1-10s.
Global configuration mode
Example
switch(config)# spanning-tree mode rstp
//Set the STP version to RSTP.
4.5.3 spanning-tree max-age
Command Description
spanning-tree max-age {6-40}
Parameter
Default
20s
Command Mode
Global configuration mode
Example
//This command configure the STP the largest survival time for 24 seconds.
switch(config)# spanning-tree max-age 24
4.5.4 spanning-tree hello-time
Command Description
spanning-tree hello-time{1-10}
Parameter
Default
2s
Command Mode
Global configuration mode
Example
Switch(config)# spanning-tree hello-time 10
//This command configure the STP hello message sending time interval to 10 seconds.
4.5.5 spanning-tree forward-delay
Command Description
spanning-tree forward-delay{4-30}
time
Forwarding delay ,Value range:4-30s.
hop
BPDU max-hop, Value range:1-40.
Parameter
Default
15 seconds
Command Mode
Global configuration mode
Example
switch(config)# spanning-tree forward-delay 20
//This command configure the STP forwarding delay for 20 seconds.
4.5.6 spanning-tree max-hop
Command Description
spanning-tree max-hop{1-40}
Parameter
Default
20
Command Mode
Global configuration mode
Example
switch(config)# spanning-tree max-hop 40
//This command configure bpdus protocol packet maximum hop count of 40
effective.
4.5.7 spanning-tree instance
Command Description
spanning-tree instance
//This command is to configure the vlan and examples of MSTP mapping relationship.
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
switch(config)# spanning-tree instance 44 vid 4
4.5.8 spanning-tree mstp name
Command Description
spanning-tree mstp name
//This command is to configure the MSTP domain name.
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
switch(config)# spanning-tree mstp name 2
4.5.9 spanning-tree mstp revision
Command Description
spanning-tree mstp revision
//This command is the configuration revision number of MSTP.
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
switch(config)# spanning-tree mstp revision 2
4.5.10 show spanning-tree
Command Description
show spanning-tree
Parameter
None
Default
None
Command Mode
Global configuration mode and Privileged mode
Example
//Display the STP configuration.
switch# show spanning-tree
Spanning-tree is disable:
max age 20 bridge forward delay 20
forward delay 15 max hops 20
hello time 2 orce protocol version mstp
4.5.11 show spanning-tree interface brief
Command Description
show spanning-tree interface brief
Parameter
None
Default
None
Command Mode
Global configuration mode and Privileged mode
Example
switch(config)# show spanning-tree interface brief
4.6 IGMP-snooping
IGMP snooping configuration commands include:
igmp-snooping
igmp-snooping host-age-time
igmp-snooping fast-leave
igmp-snooping static-group
Parameter
Parameters of the command mode
time
Old Time,value range:200-1000s.
show igmp-snooping group
Function Brief
Internet Group Management Protocol Snooping, shorted as IGMP
Snooping, is a multicast restriction mechanism running on a L2 device to
manage and control multicast groups. The L2 device on which IGMP
Snooping runs analyzes the received IGMP packets, create a mapping
relationship between ports and MAC multicast addresses and forwards
multicast data according to the mapping relationship
4.6.1 igmp-snooping
Command Description
ip igmp snooping:
//This command is used to enable the igmp-snooping function.
no ip igmp snooping:
//This command is used to disable the igmp-snooping function.
Parameter
None
Default
Disable
Command Mode
Global configuration mode
Example
//This command will configure open and closed igmp snooping:
switch(config)# igmp-snooping
switch(config)#no igmp-snooping
4.6.2 igmp-snooping host-age-time
Command Description
igmp-snooping host-age-time{200-1000}
Parameter
Default
260S
Command Mode
Global configuration mode
Example
//This command will configure a old time of 200s:
switch(config)# igmp-snooping host-age-time 200
4.6.3 igmp-snooping fast-leave
Command Description
ip igmp-snooping fast-leave:
//This command is used to enable the immediate leave function of a port.
no ip igmp-snooping fast-leave:
//This command is used to disable the immediate leave function of a port.
Parameter
None
Default
Disable
Command Mode
Interface configuration mode
Example
switch(config)# interface G1
switch(config-G1)# igmp-snooping fast-leave
4.6.4 igmp-snooping static-group
Command Description
igmp-snooping static-group
//This command is to add the static multicast group.
no igmp-snooping static-group
//This command is to delete the static multicast group.
Parameter
None
Default
Disable
Command Mode
Interface configuration mode
Example
switch(config)# interface G1
switch(config-G1)# igmp-snooping static-group 224.1.1.1 vlan 2
switch(config-G1)# no igmp-snooping static-group 224.1.1.1 vlan 2
4.6.5 show igmp-snooping group
Command Description
show igmp-snooping group
Parameter
None
Default
None
Command Mode
Privileged mode
Example
//This command is to display multicast group information:
switch# show igmp-snooping group
VID SOURCE GROUP interFACE
----------------------------------------------- ----------------------1 0.0.0.0 233.45.18.88 G4
1 0.0.0.0 239.255.255.250 G4 G2
1 0.0.0.0 224.0.0.252 G2 G4
4.6.6 example
Member ports requesting to join the multicast group can receive multicast
streams, but non-member ports not requesting to join the multicast group cannot
receive multicast streams.
switch# configure terminal
switch(config)# igmp snooping
switch(config)# interface G1
switch(config-G1)# igmp-snooping static-group 233.2.2.2 vlan 1
switch(config)# interface G2
switch(config-G2)# igmp-snooping static-group 233.2.2.2 vlan 1
switch(config)# interface G3
switch(config-G3)# igmp-snooping static-group 233.2.2.2 vlan 1
phenomenon:
PC2/PC3 can receive video streams from the multicast source, but PC4
cannot.
4.7 DHCP server
DHCP server configuration commands include:
ip dhcpd
dhcp pool
network
default-router
dns-server
static
lease
domain-name
netbios-name-server
Function Brief
DHCP server refers to a computer that manages DHCP standards on a
specific network. It allocates a unique IP address to each workstation that logs in to
the server. DHCP server greatly simplifies network management which needs to be
manually completed before.
4.7.1 ip dhcpd
Command Description
ip dhcpd enable:
//This command is used to enable the DHCP service.
ip dhcpd disable:
//This command is used to disable the DHCP service.
Parameter
None
Default
Disable
Command Mode
Global configuration mode
Example
Parameter
Parameters of the command mode
NAME
Pool name ,Example:dizhichi
Parameter
Parameters of the command mode
A.B.C.D/M
Address
pool,Example:192.168.1.0/24
vlanif-id
Interface Vlan id
//This command is used to globally enable the DHCP server.
switch(config)# ip dhcpd enable
4.7.2 dhcp pool
Command Description
dhcp pool <word>:
// This command is used to add a DHCP address pool.
No dhcp pool <word>:
// This command is used to delete a DHCP address pool with the specified name.
Parameter
Default
None
Command Mode
Global configuration mode
Example
//This command is to create a named dizhichi address pool.
switch(config)#dhcp pool dizhichi
4.7.3 network
Command Description
network A.B.C.D/M vlanif-id
//This command is used to add an IP address segment to the address pool.
Parameter
Default
None
Command Mode
Address pool configuration mode
Example
Parameter
Parameters of the command mode
A.B.C.D
Default-router
Parameter
Parameters of the command mode
A.B.C.D
dns address
switch(config-dhcp)#Network 192.168.1.0/24 vlanif1
//Set the DHCP from vlan1 distributed address segment is 192.168.1.0/24
4.7.4 default-router
Command Description
Default-router <A.B.C.D>:
//This command is used to configure the default gateway of the address pool.
Parameter
Default
None
Command Mode
Address pool configuration mode
Example
switch(config-dhcp)#Default-router 192.168.1.1
//This command is to set up DHCP issued a gateway.
4.7.5 dns-server
Command Description
Dns-server<A.B.C.D>:
// This command is used to configure the IP address of the DNS server.
Parameter
Default
None
Command Mode
Address pool configuration mode
Example
switch(config-dhcp)#dns-server 192.168.1.1
//Set the DNS server address 192.168.1.1
4.7.6 static
Command Description
Paramet
er
Parameters of the command mode
A.B.C.D
Static binding IP
MAC
Static binding MAC
Parameter
Parameters of the command mode
<0-31536000>
Time range Unit: second
infinite
permanent
static A.B.C.D MAC
//This command is used to static binding IP and MAC.
no static A.B.C.D
//This command is used to delete static binding.
Parameter
Default
None
Command Mode
Address pool configuration mode
Example
switch(config-dhcp)#static 192.168.1.1 11-11-11-11-11-11
//This command is static binding 192.168.1.1 and 11-11-11-11-11-11
switch(config-dhcp)#no static 192.168.1.1
//This command is used to delete static binding.
4.7.7 lease
Command Description
lease <0-31536000>/infinite
//This command is used to configure the lease period of the IP address in the
address pool.
Parameter
Default
Infinite
Command Mode
Address pool configuration mode
Example
// This command is used to configure the lease time of the address pool to 3600s.
switch(config)# dhcp pool 1
switch(config-dhcp)# lease 3600
Parameter
Parameters of the command mode
domain
Domain-name,Example:www.dahua.com
Parameter
Parameters of the command mode
A.B.C.D
DNS ip address
4.7.8 domain-name
Command Description
domain-name domain
//This command is used to configure the DNS server domain name.
Parameter
Default
None
Command Mode
Address pool configuration mode
Example
switch(config)# dhcp pool 1
switch(config-dhcp)# domain-name www.dahua.com
//This command is used to configure the DNS server domain name at
www.dahua.com.
4.7.9 nbns-server
Command Description
nbns-server A.B.C.B
//This command is used to configure the secondary DNS server.
Parameter.
Default
None
Command Mode
Address pool configuration mode
Example
//Set the secondary DNS server address 114.114.114.114 .
switch(config)# dhcp pool 1
switch(config-dhcp)# nbns-server 114.114.114.114
4.7.10 example
that IP addresses at the client are uniformly allocated by the server.
This command is used to configure the switch to a DHCP server, so
switch# configure terminal
switch(config)# ip dhcpd enable
switch(config)# dhcp pool a
switch(config-dhcp)# default-router 192.168.1.1
switch(config-dhcp)#dns-server 8.8.8.8
switch(config-dhcp)# lease 1000
switch(config-dhcp)# network 192.168.1.0/24 vlanif1
phenomenon:
Clients including PC1-PC100 can obtain correct IP addresses from
the DHCP server (SW 1).
Note: An L3 interface of the same VLAN shall be configured for the
DHCP server in the VLAN, so that the DHCP server can distribute IP
addresses to clients in the VLAN.
4.8 DHCP relay
Function Brief
If the DHCP client and the DHCP server on the same physical
network segment, the client can correctly obtain the IP address of dynamic
allocation. If they are not in the same physical network, they need DHCP
Relay Agent (relay agent). DHCP Relay agent can be removed to the
necessary of DHCP server should be in each physical segment, It can
deliver messages to the DHCP server that is not in the same physical
subnet,it can also send a message back to the DHCP client that is not in the
same physical subnet.
4.8.1 ip helper-address
Command Description
ip helper-address A.B.C.D
//This command is used to enable the DHCP relay.
no ip helper-address A.B.C.D
//This command is used to disable the DHCP relay.
Parameter
None
Default
Disable
Command Mode
Interface configuration mode
Example
//This command is used to open the DHCP relay in vlan 1
switch(config)#interface vlanif1
switch(config-vlanif1)# ip helper-address 192.168.1.1
4.9 DHCP snooping
DHCP snooping configuration commands include:
ip dhcp-snooping
ip dhcp-snooping trust
show ip dhcp-snooping lease
Function Brief
DHCP snooping is a security feature of DHCP, and provides the
following functions: Ensure that a client obtains its IP address from an
authorized server. If an unauthorized DHCP server that is built privately
exists on the network, the DHCP clients may obtain incorrect IP addresses
and network configuration parameters, and consequently cannot implement
communication normally. To ensure that DHCP clients can obtain IP
addresses from an authorized DHCP server, the DHCP snooping security
mechanism supports configuration of ports as trusted or untrusted ports.
1、A trusted port can forward received DHCP packets normally.
2、On receiving the DHCP-ACK and DHCP-OFFER packets from the
DHCP server, an untrusted port drops the packets.
4.9.1 ip dhcp-snooping
Command Description
ip dhcp-snooping:
//This command is used to enable the DHCP snooping configuration mode.
no ip dhcp-snooping:
//This command is used to disable the DHCP snooping configuration mode.
Parameter
None
Default
Disable
Command Mode
Global configuration mode
Example
None
4.9.2 ip dhcp-snooping trust
Command Description
ip dhcp-snooping trust:
//This command is used to configure the DHCP snooping trust mode.
no ip dhcp-snooping trust:
//This command is used to configure the DHCP snooping non-trust mode.
Parameter
None
Default
Non-Trust
Command Mode
Interface configuration mode
Example
//This command is to set port 1 model for trust.
switch(config)#interface G1
switch(config-G1)# ip dhcp-snooping trust
4.9.3 show ip dhcp-snooping lease
Command Description
show ip dhcp-snooping interface:
//This command is used to display the DHCP snooping trust mode of a port.
Parameter
None
Default
None
Command Mode
Privileged mode
Example
switch# show ip dhcp-snooping lease
4.10 QoS config
QoS configuration commands include:
remark
cos default
trust
cos map
dscp map
scheduler police
Function Brief
QoS(Quality of Service) refers to a network can use a variety of basic
technology and provid better service capabilities for designated network
communications. It is a technique that used to solve the problem of network delay
and congestion.When the network overload or congestion, QoS can ensure that the
important traffic is not delayed or discarded,while ensuring the efficient operation of
the network.
4.10.1 remask
Command Description
Qos remask<all/cos/dscp>
Change the QoS trust mode weight.
Parameter
None
Default
Cos
Command Mode
Interface configuration mode
Example
//This command is to modify the G1 qos trust mode to DSCP port.
switch(config)# interface G1
switch(config-G1)# qos remask dscp
4.10.2 cos default
Command Description
cos default<0-7>
Parameter
None
Default
0
Command Mode
Interface configuration mode
Example
//This command is to modify the G1 qos trust mode to COS port.
switch(config)# interface G1
switch(config-G1)# cos default 6
4.10.3 trust
Command Description
qos trust
//This command is to set port trust packets take priority.
no qos trust
//This command is to set port trust default port priority.
Parameter
None
Default
Qos trust
Command Mode
Interface configuration mode
Example
//This command is to set port 1 trust port the default priority.
Switch(config)#interface G1
switch(config-G1)# no qos trust
Dscp priority
Cos priority
0-7 0 8-15
1
16-23
2
24-31
3
32-39
4
40-47
5
48-55
6
56-63
7
4.10.4 cos map
Command Description
cos map
Set the mapping relationship between COS priority and queue.
Parameter
None
Default
Priority and queue one-to-one mapping
Command Mode
Global configuration mode
Example
//Map the cos priority 0 to the queue 3
switch(config)# cos map 0 3
4.10.5 dscp map
Command Description
dscp map
//Mapping relationship between DSCP priority and COS priority.
Parameter
None
Default
Command Mode
Global configuration mode
Example
//Map the DSCP priority 45 to Cos priority 7
switch(config)# cos map 45 7
sp
Strict priority mode: First in the queue with the highest priority
service, until the priority is empty and service for the next high
priority queue, and so on.
wrr
Weighted round robin scheduling algorithm: To support different
bandwidth requirements, it can allocate different proportion of
output bandwidth for different queues.
4.10.6 scheduler policy
Command Description
scheduler police
//Set Qos scheduling algorithm.
Parameter
Default
sp
Command Mode
Global configuration mode
Example
switch(config)# scheduler policy wrr 1 2 3 4 5 6 7 8
4.10.7 example
Test topology map (test is based on the QoS of ports)
The 1-3 port of the Ixia tester corresponds to the G18-G22 of the switch.
(一)Configuration
// When the data packets in the port is not marked with any priority, the priority of
the port is set to the corresponding queue.
a、Set the packets which enter the 18 port are marked with priority 7 and set
the packets which enter the 20 port are marked with priority 6.
switch(config)#interface G18
switch(config-G18)cos default 7
switch(config-G18)no qos trust
switch(config-G18)exit
switch(config)#interface G20
switch(config-G20)cos default 6
switch(config-G20)no qos trust
b、Set the destination address of the Ixia1-2 port to the source MAC address
of the Ixia3 port.
c、1-2 ports start sending data packets after learning MAC addresss.
(二)Test result
Conclusion:pass
Observe the source MAC address of the packets which capture in port
3 ,you can find that the received data packets from port 11.
the packets of high queue first pass
Parameter
Parameters of the command mode
Group
VRRP group,1-255
Time
Time interval between1-10s,default 1s
4.11 VRRP
configuration commands include:
vrrp advertisement
vrrp IP
vrrp preempt
vrrp preempt time
vrrp priority
Function Brief
Virtual Router Redundancy Protocol,or VRRPfor short, it is proposed
by IETF to solve the routing protocol of single point of failure in the local area
network configuration.It has introduced a standard RFC2338 protocol in
1998. VRRP is widely used in the edge network, It is design intent to support
the IP data traffic failed to transfer in a given case will not cause confusion,
allow the host to use a single router, make the connectivity between routers
is still maintained timely in the case of the failure of the first hop router.
VRRP is a routing fault tolerance protocol, which can also be called
backup routing protocol. A default route is set for all hosts in a local area
network, when the destination address in the network from the host are not
in the network segment, the message will be sent to the external router
through the default route, so that the communication between the host and
the external network is realized. The internal host will not be able to
communicate with the external after the default router down off (port is
closed), If the router set up VRRP, then the virtual router will enable the
backup router at this time,so can achieve the whole network communication.
4.11.1 vrrp advertisement
Command Description
vrrp <group> advertisement <time>
Parameter
Default
None
Command Mode
Interface configuration mode
Example
//Modify notification time of group1 is 5 seconds.
switch(config)# interface vlanif1
switch(config-vlanif1)# vrrp 1 advertisement 5
4.11.2 vrrp ip
Command Description
vrrp<group> ip A.B.C.D
//This command is to set up virtual routing IP address.
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
//This command is to set up virtual IP as 192.168.1.254.
switch(config)#interface vlanif1
switch(config-vlanif1)# vrrp 1 ip 192.168.1.254
4.11.3 vrrp preempt
Command Description
vrrp<group> preempt
//This command is VRRP preemption mode.
no vrrp<group> preempt
//This command is disabled VRRP preemption mode.
Parameter
None
Default
Enable
Command Mode
Interface configuration mode
Example
//This command is disabled VRRP preemption mode.
switch(config)#interface vlanif1
switch(config-vlanif1)#no vrrp 1 preempt
4.11.4 vrrp preempt time
Command Description
vrrp<group> preempt time< 0-1000s>
//This command is to set the current VRRP group delay.
Parameter
Time: Time range 0-1000s,Default 0s
Default
0
Command Mode
Interface configuration mode
Example
//This command is to set up 3 seconds after the preemption.
switch(config)#interface vlanif1
switch(config-vlanif1)# vrrp 1 preempt 3
4.11.5 vrrp priority
Command Description
vrrp<group> priority <priority>
//This command is to set up the gateway priority.
Parameter
priority:Priority range1-254,Default 100,
the greater the number, the higher the priority.
Default
Enable
Command Mode
Interface configuration mode
Example
//This command is to set priorities for 111.
switch(config)#interface vlan1
switch(config-vlanif1)# vrrp 1 ip 192.168.2.1
switch(config-vlanif1)#vrrp 1 priority 111
4.11.6 example
a, Network diagram as shown in Figure:
Sw1:
switch(config)# interface vlan1
switch(config-vlanif2)# ip address 192.168.1.11/24
switch(config-vlanif2)#exit
switch(config)# interface vlan2
switch(config-vlanif2)# ip address 192.168.2.11/24
switch(config-vlanif2)#exit
switch(config)# interface g2
switch(config-G2)# switchport mode access
switch(config-G2)# switchport pvid 2
switch(config)# interface vlanif1
switch(config-vlanif1)# vrrp 1 ip 192.168.1.100
switch(config-vlanif1)#vrrp 1 priority 120
switch(config)# interface vlanif2
switch(config-vlanif2)# vrrp 2 ip 192.168.2.100
switch(config-vlanif1)#vrrp 2 priority 120
Sw2:
switch(config)# interface vlan1
switch(config-vlanif2)# ip address 192.168.1.22/24
switch(config-vlanif2)#exit
switch(config)# interface vlan2
switch(config-vlanif2)# ip address 192.168.2.22/24
switch(config-vlanif2)#exit
switch(config)# interface g2
switch(config-G2)# switchport mode access
switch(config-G2)# switchport pvid 2
switch(config)# interface vlanif1
switch(config-vlanif1)# vrrp 1 ip 192.168.1.100
switch(config)# interface vlanif2
switch(config-vlanif2)# vrrp 2 ip 192.168.2.100
Phenomena:
b, PC1 continued to ping PC2(you can capture data packets and find that the
packets forwarded by SW2)
c, Power down the SW2, observe the results of the Ping (switching time is about 3S)
Parameter
Parameters of the command mode
IFNAME
Interface vlan vlan range:vlan1-vlan4094
5. Routing configuration commands
5.1 Interface config
Interface configuration commands include:
interface
shutdown
ip address
show interface
Function Brief
Based on the switch L3 routing principle, the virtual interface is
established for each Vlan to set up the L3 address information of each Vlan.
5.1.1 interface
Command Description
interface{IFNAME}
//This command is to enter interface configuration mode.
Parameter
Default
None
Command Mode
Global configuration mode
Example
//This command is to vlan1 configuration mode.
switch(config)# interface vlan1
5.1.2 shutdown / no shutdown
Command Description
shutdown/no shutdown
//This command is turned on or off a vlan interface.
Parameter
None
Default
Open
Parameter
Parameters of the command
mode
A.B.C.D/M
Ipv4 address
Parameter
Parameters of the command mode
IFNAME
Vlan interface
Command Mode
Interface configuration mode
Example
switch(config-vlanif1)# shutdown
switch(config-vlanif1)# no shutdown
5.1.3 ip address
Command Description
ip address { A.B.C.D/M}
no ip address{ A.B.C.D/M}
Parameter
Default
192.168.255.1
Command Mode
Interface configuration mode
Example
//This command is to add or delete an IP address.
switch(config)# interface vlan1
switch(config-vlanif1)# ip address 10.0.0.1/8
switch(config-vlanif1)# no ip address 10.0.0.1/8
5.1.4 show interface
Command Description
show interface{ IFNAME}
Parameter
Default
None
Command Mode
Privileged mode
Example
//This command is to look at the IP address of the vlan1.
switch# show interface vlan1
Parameter
Parameters of the command mode.
A.B.C.D
Ipv4 address.
A.B.C.D/M
Ipv4 address and mask.
Distance
administrative Distance range:1-255.
5.2 Static routing
Static routing configuration commands include:
ip route
show ip route
Function Brief
Static routing is a routing information that is manually configured by a
user or network administrator. When the topology of the network or the state
of the link changes, the network administrator needs to manually modify the
routing table in the relevant static routing information.Static routing
information is private by default and will not be passed to other routers.Of
course, the network administrator can also be set to make the router to be
shared.Static routing is generally applicable to a relatively simple network
environment, in this environment, the network administrator can easily
understand the topology of the network, easy to set up the correct routing
information.
5.2.1 ip route
Command Description
ip route {A.B.C.D/M}{ gateway}{ 1-255}
ip route { A.B.C.D}{mask}gateway}{ 1-255}
//This command is to set up the static routing.
no ip route {A.B.C.D/M}{ gateway}{ 1-255}
no ip route { A.B.C.D}{mask}gateway}{ 1-255}
//This command is to delete the static routing.
Parameter
Default
None
Command Mode
Global configuration mode
Example
//This command is to add or delete the static routing.
switch(config)# ip route 0.0.0.0/8 0.0.0.0 1
switch(config)# no ip route 0.0.0.0/8 0.0.0.0 1
switch(config)# ip route 10.0.0.2 10.255.255.255.0 10.0.0.1 1
switch(config)# no ip route 10.0.0.2 10.255.255.255.0 10.0.0.1 1
5.2.2 show ip route
Command Description
show ip route:
//This command is used to display the static routes.
Parameter
None
Default
None
Command Mode
Privileged mode
Example
//Display the static routes.
switch# show ip route static
S>* 0.0.0.0/8 [1/0] via 192.168.255.1, vlanif1 S>* 0.0.0.0/8 [1/0] via 192.168.255.1,
vlanif1
5.2.3 example
This command is used to realize trans-network segment communication
between PC1 and PC2 through a static route.
sw1: switch# configure terminal
switch(config)# interface vlan1
switch(config-vlanif1)# ip address 192.168.1.1 /24
switch(config-vlanif1)# exit
switch(config)# interface vlan2
switch(config-vlanif2)# ip address 192.168.2.1/24
switch(config-vlanif2)# exit
switch(config)# interface G2
switch(config-G2)# switchport mode access
switch(config-G2)# switchport pvid 2
switch(config-G2)#exit
switch(config)# ip route 192.168.3.0/24 192.168.2.2 2
sw2: switch# configure terminal
switch(config)# interface vlan1
switch(config-vlanif1)# ip address 192.168.3.1/24
switch(config-vlanif1)# exit
switch(config)# interface vlan2
switch(config-vlanif2)# ip address 192.168.2.2/24
switch(config)# interface G2
switch(config-G2)# switchport mode access
switch(config-G2)# switchport pvid 2
switch(config-G2)#exit
switch(config)# ip route 192.168.1.0/24 192.168.2.1 2
pc1: ip 192.168.1.100 gateway 192.168.1.1
Pc2: ip 192.168.3.100 gateway 192.168.3.1
phenomenon:
pc1 ping pc2
pc2 ping pc1
5.3 OSPF config
OSPF configuration commands include:
router OSPF
network address wildmask area area-ID
router-id A.B.C.D
timers throttle spf
default-metric
passive-interface
redistribute rip|static|connected
default-information originate
ip ospf
Show ip ospf
Function Brief
OSPF is a link state routing protocol that uses bandwidth based
metrics.OSPF uses the SPF algorithm to calculate the route,no routing loop is
guaranteed from the algorithm,maintain route through neighbor relationship,Avoid
periodic updates on bandwidth consumption.OSPF routing update rate is high, and
the network convergence is fast,it is Suitable for large and medium sized networks.
5.3.1 router ospf
Command Description
router ospf
no router ospf
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
switch(config)#Router OSPF
//This command is enable the OSPF.
Parameter
Parameters of the command mode
A.B.C.D/M
Ip address and mask
area-id
area,range: <0-4294967295>
Parameter
Parameters of the command mode
A.B.C.D
Router-id address
5.3.2 network
Command Description
network A.B.C.D/M area area-id
//Declaration of OSPF network and regional.
no network A.B.C.D/M area area-id
//Delete the declaration of OSPF network and regional.
Parameter
Default
None
Command Mode
Global configuration mode
Example
//Declaration of 192.168.1.0 network and divided in region 0
switch(config-ospf)#Network 192.168.1.0 0.0.0.255 area 0
5.3.3 router-id
Command Description
router-id A.B.C.D
//This command is to set up the router-id.
no router-id
//This command is set as the default router-id.
Parameter
Default
0.0.0.0
Command Mode
Global configuration mode
Example
switch(config-ospf)#router-id 1.1.1.1
//This command is to modify the router-id for 1.1.1.1
Parameter
Parameters of the command mode
TIME1
Delay time,range:0-600000s
TIME2
Initialization time,range:0-600000s
TIME3
Max age, range:0-600000s
Parameter
Parameters of the command mode
Metric
Default-metric,range:0-16777214
5.3.4 timers throttle spf
Command Description
timers throttle spf TIME1 TIME2 TIME3
no timers throttle spf
//Configure the throttle SPF timer, use the no form of the command, the throttle
SPF timer value is returned to the default value.
Parameter
Default
Delay time 200s.
Initialization time 1000s.
Max age 10000s.
Command Mode
Global configuration mode
Example
//Set the delay, the initialization hold time, the maximum hold time is 111
switch(config-ospf)#timers throttle spf 111 111 111
5.3.5 default-metric
Command Description
default-metric metric
//This command is to configure OSPF default-metric.
no default-metric
//This command is to configure OSPF default-metric to default values.
Parameter
Default
None
Command Mode
Global configuration mode
Example
Parameter
Parameters of the command mode
IFNAME
Port,Example G1,T1
switch(config-ospf)#default-metric 111
//This command is to configure OSPF default-metric for 111.
5.3.6 passive-interface default
Command Description
passive-interface default
//This command is to configure OSPF passive-interface default.
no passive-interface default
//This command is disable the OSPF passive-interface default.
passive-interface IFNAME
//This command is enable OSPF passive ports.
no passive-interface IFNAME
//This command is disable OSPF passive ports.
Parameter
Default
None
Command Mode
Global configuration mode
Example
switch(config-ospf)#passive-interface T1
//This command is the T1 for passive-interface.
5.3.7 redistribute
Command Description
redistribute RIP|static|connected
no redistribute RIP|static|connected
//The external routing is fully distributed into the OSPF network.
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
always
Always notify the default route.
always
Notice the cost of the default route.
metric-type
Notice the type of default route, the value of 1
or 2, the default is 2.
route-map
Notice the default route to call the route-map
rule.
//This command is to set the OSPF redistribution RIP.
switch(config-ospf)#redistribute RIP
//This command is to set the OSPF redistribution static.
switch(config-ospf)#redistribute static
//This command is to set the OSPF redistribution connected.
switch(config-ospf)#redistribute connected
5.3.8 default-information originate
Command Description
default-information originate [always] [metric] [metric-type] [route-map]
no default-information originate [always] [metric] [metric-type] [route-map]
//default-information originate command is used to configure the local router to
generate a default OSPF routing and related parameters, and to notify the neighbors.
//no default-information originate command is used to cancel the generation of the
default route or to change the associated parameters.
Parameter
Default
None
Command Mode
OSPF configuration mode
Example
//Configure OSPF process 11 to generate a default route for metric 12:
switch(config-ospf-11)#default-information originate metric 12
5.3.9 ip ospf
Command Description
Ip ospf cost/network/priority/hello-interval/dead-interval/authentication/
authentication-key
cost
Cost value,you can increase the
measure value of this interface to go out.
network
Network
type:point-to-point ,broadcast,non-broad
cast
priority
Interface priority, broadcast multi access
network to make it a DR
hello-interval
Valid time interval
dead-interval
Invalid time interval
authentication
Authentication Type:MD5、SIMPLE
authentication
-key
Key authentication
//This command is set OSPF network attribute
Parameter
Default
None
Command Mode
vlan configuration mode
Example
//This command is to modify the cost to 20.
switch(config)# interface vlanif2
switch(config-vlanif2)# ip ospf cost 20
//This command is to modify the network type of point-to-point.
switch(config)# interface vlanif2
switch(config-vlanif2)# ip ospf network point-to-point
//This command is to modify the interface priority for 254.
switch(config)# interface vlanif2
switch(config-vlanif2)# ip ospf priority 254
//Modify the effective interval of 30 seconds.
switch(config)# interface vlanif2
switch(config-vlanif2)# ip ospf hello-interval 30
//Modified failure interval time 300 seconds.
switch(config)# interface vlanif2
switch(config-vlanif2)# ip ospf dead-interval 300
//Modify the authentication type for MD5,The secret key for ABC
certification .
switch(config)# interface vlanif2
border-routers
Boundary router, which is used
to display the border router.
database
Link state database, view
OSPF link state database
interface
Display interface OSPF
information
neighbor
Neighbor: view OSPF neighbor
table
route
Route: view OSPF route
switch(config-vlanif2)# ip ospf authentication message-digest
switch(config-vlanif2)# ip ospf authentication-key abc
5.3.10 show ip ospf
Command Description
//This command is used to display the OSPF
show ip ospf border-routers/database/interface/neighbor/route
Parameter
Default
None
Command Mode
Privileged mode
Example
//This command is to display the border-routers.
switch# show ip ospf border-routers
//This command is to display the database.
switch# show ip ospf database
//This command is to display OSPF interface information.
switch# show ip ospf interface vlanif1
//This command is to display the neighbor.
switch# show ip ospf neighbor
//This command is to display the OSPF route.
switch# show ip ospf route
5.3.11 example
Network diagram as shown in Figure:
sw1:
switch(config)#interface vlanif1
switch(config-vlanif1)# ip address 192.168.222.1/24
switch(config)#interface vlanif2
switch(config-vlanif2)# ip address 192.168.2.1/24
switch(config-vlanif2)#exit
switch(config)#interface G22
switch(config-G22)# switchport mode access
switch(config-G22)# switchport pvid 2
switch(config)# router ospf
switch(config-ospf)# ospf router-id 1.1.1.1
switch(config-ospf)# network 192.168.2.0/24 area 0
switch(config-ospf)# network 192.168.222.0/24 area 0
sw1:
switch(config)#interface vlanif3
switch(config-vlanif3)# ip address 192.168.3.1/24
switch(config-vlanif3)#exit
switch(config)#interface G23
switch(config-G23)# switchport mode access
switch(config-G23)# switchport pvid 3
switch(config)#interface vlanif2
switch(config-vlanif2)# ip address 192.168.2.2/24
switch(config-vlanif2)#exit
switch(config)#interface G22
switch(config-G22)# switchport mode access
switch(config-G22)# switchport pvid 2
switch(config)# router ospf
switch(config-ospf)# ospf router-id 2.2.2.2
switch(config-ospf)# network 192.168.2.0/24 area 0
switch(config-ospf)# network 192.168.3.0/24 area 0
phenomenon:
//Display OSPF route
SW1:
SW2:
PC1 ping PC2
5.4 BGP config
BGP configuration commands include:
router bgp
timers bgp
redistribute
neighbor
Network
Function Brief
The border gateway protocol (BGP) is a routing protocol that runs on
TCP,which is a kind of autonomous system. BGP is the only protocol that is used to
deal with the network size of the Internet, and is the only protocol that can properly
handle the multi connection between the routing domain.BGP is built on the
experience of EGP.The main function of the BGP system is to exchange network
reachability information with other BGP systems.The network reachability
information includes information of the autonomous system (AS) listed.These
information effectively construct the topology of AS interconnection and thus clears
the routing loop,At the same time, the AS level can be implemented in strategic
decision-making.
5.4.1 router bgp
Command Description
router bgp
//This command is enable BGP.
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
//This command is enable BGP.
switch(config)# router bgp 1
5.4.2 timers bgp
Command Description
timers bgp
//This command is to set up BGP update-time and max age.
Parameter
None
Default
Update-time:60
Max age:180
Command Mode
Interface configuration mode
Example
//Setting the BGP update time is 50s, the aging time is 150s.
switch(config)# router bgp 1
switch(config-bgp)# timers bgp 50 150
5.4.3 redistribute
Command Description
redistribute
//This command is to set the BGP redistribution.
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
//This command is to set the BGP redistribution OSPF.
switch(config-bgp)# redistribute ospf
5.4.4 neighbor
Command Description
neighbor
//This command is to set up BGP neighbor information.
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
//This command is set the BGP neighbors to 192.168.222.222 belongs to AS1
switch(config)# router bgp 2
switch(config-bgp)# neighbor 192.168.222.22 remote-as1
5.4.5 network
Command Description
neighbor
//Set BGP neighbor information.
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
//Declare the 192.168.3.0 network to BGP routing.
switch(config)# router bgp 1
switch(config-bgp)# network 192.168.3.0/24
5.4.6 example
sw1:
switch(config)# interface vlan1
switch(config-vlanif1)# ip address 192.168.222.1/24
switch(config)# interface vlan2
switch(config-vlanif2)# ip address 192.168.2.1/24
switch(config)# interface G2
switch(config-G2)# switchport pvid 2
switch(config)# router bgp 1
switch(config-bgp)# network 192.168.2.0
switch(config-bgp)# network 192.168.222.0
switch(config-bgp)# neighbor 192.168.2.2 remote-as 2
sw2:
switch(config)# interface vlan1
switch(config-vlanif1)# ip address 192.168.3.1/24
switch(config)# interface vlan2
switch(config-vlanif2)# ip address 192.168.2.2/24
switch(config)# interface G2
switch(config-G2)# switchport pvid 2
switch(config)# router bgp 2
switch(config-bgp)# network 192.168.2.0
switch(config-bgp)# network 192.168.3.0
switch(config-bgp)# neighbor 192.168.2.1 remote-as 1
phenomenon:
sw1:
Sw2:
PC1 ping PC2
5.5 RIP config
RIP configuration commands include:
default-information
default-metric
distance
end
exit/quit
network
offset-list
passive-interface
redistribute
Parameter
Parameters of the command mode
XX
Default 1 ,range 1-16
timers
version
Function Brief
RIP is Interior Gateway Protocol that more common used and used earlier.It is
suitable for small and similar network,and it is a typical distance vector protocol.RIP
exchange routing information through broadcast UDP messages,and it is send
routing information update every 30 seconds.RIP provides count Hop (hop count) as
a scale to measure routing distance.The hop count is the number of routers that a
packet must pass to reach the target.If the same target has two different speed or
bandwidth of the router, but the same hop count.Then RIP thinks that the two route
is equal distance.RIP maximum support of the number of hops is 15,the number of
hops 16 indicates that it is not reachable.
5.5.1 default-information originate
Command Description
//default-information originate
no default-information originate
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
Switch(config)#default-information originate
//Start rip to generate the default rip route function.
5.5.2 default-metric
Command Description
default-metric XX
no default-metric XX
Parameter
Default
None
Parameter
Parameters of the command mode
XX
Range 1-255. Default 120
Command Mode
Interface configuration mode
Example
//This command is to set the default-metric to 5.
switch(config)# router rip
switch(config-rip)# default-metric 5
5.5.3 distance
Command Description
distance XX
Parameter
Default
120
Command Mode
Interface configuration mode
Example
//This command is to change administrative distance to 110.
switch(config)# router rip
switch(config-rip)# distance 110
5.5.4 end
Command Description
end
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
switch(config)# router rip
switch(config-rip)# end
Parameter
Parameters of the command
mode
A.B.C.D/M
192.168.1.0/24
WORD
interface
5.5.5 exit/quit
Command Description
Exit/quit
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
switch(config)# router rip
switch(config-rip)# exit
5.5.6 network
Command Description
Network A.B.C.D/M
Network WORD
//Set the rip operating segments.
Parameter
Default
None
Command Mode
Interface configuration mode
Example
switch(config)# router rip
switch(config-rip)#network 192.168.1.0/24
5.5.7 offset-list
Command Description
Parameter
Parameters of the command mode
acl-name
Call access control list name
In| out
Call ACL application direction
Metric
Set offset by default 1, range 1-16
If-name
Application of the rules of the
interface, the default all applications
offset-list <acl-name> {in | out} <metric> [<if-name>]
No offset-list <acl-name> {in | out} <metric> [<if-name>]
Parameter
Default
None
Command Mode
Interface configuration mode
Example
//The rule that calls the ACL1, the offset is set to 16 at G2 port import direction .
switch(config)# router rip
switch(config-rip)# offset-list 1 in 16 G2
5.5.8 passive-interface
Command Description
passive-interface <if-name>
//This command is to configure RIP passive-interface
No passive-interface <if-name>
//This command is disable RIP passive-interface
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
//this command is to configure vlan3 for passive-interface.
switch(config)# router rip
switch(config-rip)#passive-interface vlan3
Parameter
Parameters of the command mode
protocol
The routing protocols that need to be
introduced into the RIP, such as IS-IS,
OSPF, BGP, static, connect, etc., are
introduced.
Metric
Specifies the metric value when the
route is introduced
Route-map
Route-map name to be referenced
when the route is introduced
Parameter
Parameters of the command mode
5.5.9 redistribute
Command Description
redistribute <protocol> [metric <metric>] [route-map <route-map>]
no redistribute <protocol> [metric <metric>] [route-map <route-map>]
Parameter
Default
None
Command Mode
Interface configuration mode
Example
//The introduction of the direct route to RIP routing table, and through the
route-map rule "list123" rule, the metric value of the specified route is 9.
switch(config)# router rip
switch(config-rip)#redistribute connected metric 9 route-map list123
5.5.10 timer
Command Description
timers basic <update-interval> <dead-interval> <garbage-interval>
no timers basic
//Change the time interval of the RIP periodic update packets, RIP route
waiting time, RIP routing is set to not be used to completely remove the time
interval from the routing table.
Parameter
update-interval
RIP packet update interval , default 30S
dead-interval
RIP packet dead interval ,default 180S
garbage-interval
RIP packet garbage interval,default 120S.
Default
None
Command Mode
Interface configuration mode
Example
//The periodic update time of the configuration RIP protocol is 20 seconds, the
death time is 100 seconds, garbage collection time is 60 seconds.
switch(config)# router rip
switch(config-rip)#timers basic 20 100 60
5.5.11 version
Command Description
Version
//This command is to modify the RIP version .
Parameter
None
Default
None
Command Mode
Interface configuration mode
Example
//This command is to modify the RIP version for V2
switch(config)# router rip
switch(config-rip)#version 2
5.5.12 example
Network diagram as shown in Figure:
sw1:
switch(config)#interface vlanif1
switch(config-vlanif1)# ip address 192.168.222.1/24
switch(config)#interface vlanif2
switch(config-vlanif2)# ip address 192.168.2.1/24
switch(config-vlanif2)#exit
switch(config)#interface G22
switch(config-G22)# switchport mode access
switch(config-G22)# switchport pvid 2
switch(config)# router rip
switch(config-rip)# network 192.168.2.0/24
switch(config-rip)# network 192.168.222.0/24
sw2:
switch(config)#interface vlanif3
switch(config-vlanif3)# ip address 192.168.3.1/24
switch(config-vlanif3)#exit
switch(config)#interface G23
switch(config-G23)# switchport mode access
switch(config-G23)# switchport pvid 3
switch(config)#interface vlanif2
switch(config-vlanif2)# ip address 192.168.2.2/24
switch(config-vlanif2)#exit
switch(config)#interface G22
switch(config-G22)# switchport mode access
switch(config-G22)# switchport pvid 2
switch(config)# router rip
switch(config-rip)# network 192.168.2.0/24
switch(config-rip)# network 192.168.3.0/24
phenomenon:
//Display RIP route
SW1:
SW2:
PC1 ping PC2
6. Network security commands
6.1 Anti-attack
Anti-attack configuration commands include:
system ignore icmp-echo
system protection syn-ack
system rate-limit
Function Brief
Anti attack configuration is used to ignore the ICMP request for the
purpose of this device, The defense equipment TCP SYN attack and control
CPU data receiving threshold.
6.1.1 system ignore icmp-echo
Command Description
system ignore icmp-echo
no system ignore icmp-echo
//If you want to ignore the ICMP request for this device, it can be
configured by this command. Use the no form of the command to cancel this
configuration.
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
//Configur ignores purpose for the ICMP request of this device .
switch(config)# system ignore icmp-echo
6.1.2 system protection syn-ack
Command Description
If you want to defend against this device SYN TCP attack, you can
configure this command. Use the no form of the command to cancel this
Paramet
er
Parameters of the command mode
value
<0-100000> pps , default 0 :disable limited.
configuration.
system protection syn-ack
no system ignore icmp-echo
Parameter
None
Default
None
Command Mode
Global configuration mode
Example
//Configur defense against this device SYN TCP attack.
switch(config)# system protection syn-ack
6.1.3 system rate-limit
Command Description
system rate-limit value
no system rate-limit
//If you want to control the CPU of the received data value, you can use
this command to configure. Use the no form of the command to cancel this
configuration.
Parameter
Default
None
Command Mode
Global configuration mode
Example
//Configure the CPU data receiving threshold is 1000.
switch(config)# system rate-limit 1000
//Close the CPU data receiving threshold control function.
switch(config)# no system rate-limit
6.2 MAC binding
MAC binding configuration commands include:
Parameter
Parameters of the command mode
mac-addr
It specifies the MAC address.
vlan-id
It specifies the VLAN to which the
MAC address belongs. The value
ranges from 1 to 4094.
interface-id
It specifies the physical port to which
the MAC address belongs.
mac-address static
6.2.1 mac-address static
Command Description
mac-address static mac-addr vlan vlan-id interface interface-id
//This command is used to add a static MAC address.
no mac-address static mac-addr vlan vlan-id
// This command is used to delete a static MAC address.
Parameter
Default
None
Command Mode
Global configuration mode
Example
//Run the following command to bind the MAC address 00-00-00-00-00-01 to port
10 that belongs to VLAN2:
switch(config)# mac-address static 00-00-00-00-00-01 vlan 2 interface T10
6.3 ARP binding
ARP binding configuration commands include:
ip-mac bind
show ip-mac bind
Function Brief
In order to r manage the computer bette in the network, you can use
the ARP binding function to control the network access (IP binding).
Note:
dynamic item when static binding.
Because it is a private function, showing in ARP table is still
Parameter
Parameters of the command mode
interface-id
The physical port of the MAC address.
ip-addr
Ip address
mac-addr
MAC address
enable
Global switch on
disable
Global switch off
enable port
Port opening
eisable port
Port shutdown
add
adjunction
del
delete
6.3.1 ip-mac bind
Command Description
//This command is used to enable the ip-mac banding.
ip-mac bind enable
//This command is used to disable the ip-mac banding.
ip-mac bind disable
//This command is used to enacble IP - MAC banding on the interface.
ip-mac bind enable port interface-id
//This command is used to disable IP - MAC banding on the interface.
ip-mac bind disable port interface-id
//This command is used to add a ip-mac binding.
ip-mac bind add interface-id ip-addr mac-addr
//This command is used to delete a ip-mac binding.
ip-mac bind del ip-addr
Parameter
Default
None
Command Mode
Global configuration mode
Example
//This command is used to open the IP - MAC binding.
switch(config)# ip-mac bind enable
//This command is used to open IP - MAC binding in G2 .
switch(config)# ip-mac bind enable port G2
// Add a ip-mac binding.
ip-addr
Ip address
config
Configuration
statistics
Static binding
table
list of bindin
switch(config)# ip-mac bind add G2 192.168.1.1 50-46-5D-E2-D5-50
6.3.2 show ip-mac bind
Command Description
//This command is used to display a IP ip-mac binding.
show ip-mac bind ip-addr
//This command is used to display the ip-mac configuration.
show ip-mac bind config
//This command is used to display the ip-mac bind.
show ip-mac bind statistics
//This command is used to display the ip-mac bind table.
show ip-mac bind table
Parameter
Default
None
Command Mode
Privileged mode
Example
//This command is used to display the ip-mac bind table.
switch(config)# show ip-mac bind table
6.4 ACL config
ACL configuration commands include:
mac acl
ip acl
rule
ip/mac access-group
Function Brief
ACLs are used to filter packets based on the configured packet matching
rules and processing operations. After an ACL is applied to a port, fields in each
packet are analyzed. After matched packets are identified, these packets are
processed according to the preset operations, such as permit, deny, rate limiting,
Parameter
Parameters of the command mode
<1-99>
It specifies the ID of an MAC-ACL.
The value ranges from 1 to 99
Parameter
Parameters of the command mode
<100-999>
It specifies the ID of an IP-ACL. The
value ranges from 100 to 999
redirection, or port shutdown.
6.4.1 mac acl
Command Description
mac acl <1-99>
//This command is used to add an Mac-acl entry.
no mac acl <1-99>
//This command is used to delete an Mac-acl entry.
Parameter
Default
None
Command Mode
Global configuration mode
Example
switch(config)#mac acl 1
6.4.2 ip acl
Command Description
ip acl <100-999>
//This command is used to add an IP-ACL entry.
no ip acl <100-999>
//This command is used to delete an IP-ACL entry.
Parameter
Default
None
Command Mode
Global configuration mode
Example
switch(config)#ip acl 100
Parameter
Parameters of the command mode
<1-127>
Rule number, range: 1-127
source mac
Source MAC address
destination mac
Destination MAC address,
1-4094
Vlan-id,range:1-4094
ETHTYPE
Ethernet type, range: 0x0000-0xFFFF;
0x0000 or do not fill in the representation
does not match the Ethernet type field,
source ip
Source IP address
destination ip
Destination IP address,
<0-7>
Match the IP priority, range 0-7
<0-15>
Match the TOS, range 0-15
<0-63>
Match the DSCP, range 0-63
6.4.3 rule
Command Description
rule <1-127> deny/permit <source mac> <destination mac> cos
<0-7>/vlan <1-4094>/eth_type ETHTYPE
rule <1-127> deny/permit icmp/igmp/tcp/udp/ip <source ip>
<destination ip> ip_pri<0-7> / tos_pri<0-15>/ dscp_pri<0-63>
//This command is used to add an ACL ACE entry.
no rulel <1-127>
//This command is used to delete an ACL ACE entry.
Parameter
Default
None
Command Mode
Global configuration mode
Example
//This command is used to add a Mac - acl rules.
switch(config)#mac acl 1
switch(config-acl-mac)#rule 1 deny any any
6.4.4 ip/mac access-group
Command Description
ip access-group <100-999>
no ip access-group <100-999>
mac access-group <1-99>
no mac access-group <1-99>
//Using this command, you can bind the port to use the ACL rule.
Parameter
Parameter
Parameters of the command mode
<100-999>
ip acl group ID,range:100-999
<1-99>
mac acl group ID,range:1-99
Default
None
Command Mode
Interface configuration mode
Example
switch(config-G1)# ip access-group <100-999>
6.5 802.1X config
802.1X configuration commands include:
dot1x
dot1x auth-server
dot1x auth-server-type
dot1x acct-server
dot1x timer
dot1x auth-mode authorized-force/ auto/ unauthorized-force
dot1x controlled-mode based-on-mac/ based-on-port
dot1x auth
dot1x auth-user
Function Brief
802.1x was proposed by IEEE802 LAN/WAN Standards Committee
to resolve the security issues of the WLAN. Later this protocol is used on the
Ethernet as a common access control mechanism of LAN ports. 802.1x is
mainly used to resolve the authentication and security issues on the
Ethernet. It implements authentication and control on devices connected to
ports of the LAN access devices.
6.5.1 dot1x
Command Description
//This command is used to globally enable the 802.1x .
//This command is used to globally disable the 802.1x .
Dot1x
no Dot1x
Parameter
Parameters of the command mode.
A.B.C.D
Ipaddress
secondary-ip
The standby server ip address.
Parameter
None
Default
Disable
Command Mode
Global configuration mode
Example
switch(config)#dot1x
6.5.2 dot1x auth-server
Command Description
dot1x auth-server ip A.B.C.D secondary-ip A.B.C.D port<PORT>
shared-secret< SECRET >
//The configuration of the authentication server IP address and IP address of the secret key
and the standby server.
Parameter
Default
Authentication server ip address:127.0.0.1
port number :1812
Key:radius
Command Mode
Global configuration mode
Example
switch(config)# dot1x auth-server ip 127.0.0.2 secondary-ip 127.0.0.3
port 1812 shared-secret 123
6.5.3 dot1x auth-server type
Command Description
dot1x auth-server type local/ remote
Parameter
None
Default
Remote
Parameter
Parameters of the command mode.
A.B.C.D
IP address .
secondary-ip
The standby server ip address.
Parameter
Parameters of the command mode
value
Unit: second, range: 1-65535, aging update time
reauth-period
Authentication update interval time
quient-period
Quiet period update interval
Command Mode
Global configuration mode
Example
switch(config)#dot1x auth-server-type local
switch(config)#dot1x auth-server-type remote
6.5.4 dot1x acct-sever
Command Description
dot1x acct-sever ip A.B.C.D secondary-ip A.B.C.D port<PORT>
shared-secret< SECRET >
//Configure the billing server IP address and the standby server IP address and
secret key.
Parameter
Default
Remote
Command Mode
Global configuration mode
Example
switch(config)# dot1x acct-sever ip 127.0.0.2 secondary-ip 127.0.0.3 port
1812 shared-secret 123
6.5.5 dot1x timer
Command Description
dot1x timer reauth-period/quient-period value <1-65535>
//Configure authentication server update interval /hold authentication time.
Parameter
Default
This command is to reauth-period is 3600s
Loading...