How it Works
Edge-Core
Loading...
AS6700-32X
Cli Reference Manual
1116 pgs4.5 Mb0
Installation Manual
54 pgs4.23 Mb0
Quick Start Manual
2 pgs885.26 Kb0
Table of contents
Loading...

Edge-Core AS6700-32X, AS5700-54X Cli Reference Manual

Download
10G/40G Top-of-Rack Switches
AS5700-54X AS6700-32X
Software Release v1.1.166.154
CLI Reference Guide
www.edge-core.com
CLI Reference Guide

AS5700-54X

54-Port 10G Ethernet Switch with 48 10GBASE SFP+ Ports, 6 40GBASE QSFP Ports, 2 Power Supply Units, and 4 Fan Trays (4 Fans – F2B and B2F Airflow)

AS6700-32X

32-Port 40G Data Center Switch with 20 40G QSFP+ Ports, 2 40G Expansion Slots, 2 Power Supply Units, and 5 Fan Trays (5 Fans – F2B or B2F Airflow)
E032016/ST-R02 149100000198A

How to Use This Guide

This guide includes detailed information on the switch software, including how to operate and use the management functions of the switch. To deploy this switch effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all of its software features.
Who Should Read This
Guide?
How This Guide is
Organized
Related
Documentation
This guide is for network administrators who are responsible for operating and maintaining network equipment. The guide assumes a basic working knowledge of LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
This guide describes the switch’s command line interface (CLI). For more detailed information on the switch’s key features refer to the Administrator’s Guide.
The guide includes these sections:
Section I “Getting Started” — Includes information on connecting to the switch
and basic configuration procedures.
Section II “Command Line Interface” — Includes all management options
available through the CLI.
Section III “App en di ce s” — Includes information on troubleshooting switch
management access.
This guide focuses on switch software configuration through the CLI.
For information on how to manage the switch through the Web management interface, see the following guide:
Web Management Guide
Note:
For a general description of switch features, refer to “Introduction” in the
Web Management Guide.
For information on how to install the switch, see the following guide:
Installation Guide
– 3 –
How to Use This Guide
Conventions The following conventions are used throughout this guide to show information:
For all safety information and regulatory statements, see the following documents:
Quick Start Guide Safety and Regulatory Information
Note:
Emphasizes important information or calls your attention to related features
or instructions.
Caution:
Alerts you to a potential hazard that could cause loss of data, or damage
the system or equipment.
Warning:
Alerts you to a potential hazard that could cause personal injury.
Revision History This section summarizes the changes in each revision of this guide.
March 2016 Revision
This is the second version of this guide. This guide is valid for software release v1.1.166.154. It contains the following changes:
Table 1: Revision History
Description of Changes
Added:
Updated:
Deleted:
October 2015 Revision
This is the first version of this guide. This guide is valid for software release v1.1.0.152.
– 4 –

Contents

How to Use This Guide 3
Contents 5
Figures 43
Tables 45
Section I Getting Started 53
1 Initial Switch Configuration 55
Connecting to the Switch 55
Configuration Options 55
Connecting to the Console Port 56
Selecting Legacy or Hybrid Operation Mode 57
Logging Onto the Command Line Interface 57
Setting Passwords 58
Remote Connections (Network Interface or Craft Port) 58
Obtaining and Installing a License for the Network Ports 59
Configuring the Switch for Remote Management 61
Using the Service Port or Network Interface 61
Setting an IP Address 62
Enabling SNMP Management Access 67
Managing System Files 69
Upgrading the Operation Code 70
Saving or Restoring Configuration Settings 71
Configuring Automatic Installation of Operation Code and Configuration Settings 72
Downloading Operation Code from a File Server 72
Specifying a DHCP Client Identifier 75
Downloading a Configuration File Referenced by a DHCP Server 75
– 5 –
Contents
Setting the System Clock 77
Setting the Time Manually 78
Configuring SNTP 78
Configuring NTP 79
Section II Command Line Interface 81
2 Using the Command Line Interface 83
Accessing the CLI 83
Console Connection 83
Telnet Connection 83
Entering Commands 85
Keywords and Arguments 85
Minimum Abbreviation 85
Command Completion 85
Getting Help on Commands 86
Partial Keyword Lookup 87
Negating the Effect of Commands 88
Using Command History 88
Understanding Command Modes 88
Exec Commands 88
Configuration Commands 89
Command Line Processing 92
CLI Command Groups 93
3 General Commands 95
prompt 95
reload (Global Configuration) 96
enable 97
quit 98
show history 98
configure 99
disable 100
reload (Privileged Exec) 100
show reload 101
– 6 –
Contents
end 101
exit 101
4 System Management Commands 103
Device Designation 103
hostname 104
Banner Information 104
banner configure 105
banner configure company 106
banner configure dc-power-info 107
banner configure department 108
banner configure equipment-info 108
banner configure equipment-location 109
banner configure ip-lan 110
banner configure lp-number 110
banner configure manager-info 111
banner configure mux 112
banner configure note 112
show banner 113
System Status 113
location-led 114
show access-list tcam-utilization 115
show license file 116
show location-led status 117
show memory 117
show process cpu 117
show running-config 118
show startup-config 120
show system 120
show tech-support 122
show users 123
show version 123
show watchdog 124
watchdog software 124
Fan Control 125
– 7 –
Contents
fan-speed force-full 125
Frame Size 125
jumbo frame 126
File Management 126
General Commands 128
boot system 128
copy 129
delete 132
dir 133
onie 134
umount usbdisk 136
whichboot 136
Automatic Code Upgrade Commands 137
upgrade opcode auto 137
upgrade opcode path 138
upgrade opcode reload 139
show upgrade 140
TFTP Configuration Commands 140
ip tftp retry 140
ip tftp timeout 141
show ip tftp 141
Line 142
line 142
databits 143
exec-timeout 144
login 144
parity 145
password 146
password-thresh 147
silent-time 148
speed 148
stopbits 149
timeout login response 149
disconnect 150
terminal 151
– 8 –
Contents
show line 152
Event Logging 153
logging facility 153
logging history 154
logging host 155
logging on 155
logging trap 156
clear log 157
show log 157
show logging 158
SMTP Alerts 159
logging sendmail 160
logging sendmail host 160
logging sendmail level 161
logging sendmail destination-email 162
logging sendmail source-email 162
show logging sendmail 163
Time 163
SNTP Commands 164
sntp client 164
sntp poll 165
sntp server 166
show sntp 166
NTP Commands 167
ntp authenticate 167
ntp authentication-key 168
ntp client 169
ntp server 169
show ntp 170
Manual Configuration Commands 171
clock summer-time date 171
clock summer-time predefined 172
clock summer-time recurring 173
clock timezone 175
clock timezone-predefined 175
– 9 –
Contents
calendar set 176
show calendar 177
Time Range 177
time-range 178
absolute 178
periodic 179
show time-range 180
5 SNMP Commands 181
General SNMP Commands 182
snmp-server 182
snmp-server community 183
snmp-server contact 184
snmp-server location 184
show snmp 185
SNMP Target Host Commands 186
snmp-server enable traps 186
snmp-server host 187
snmp-server enable port-traps mac-notification 189
show snmp-server enable port-traps 190
SNMPv3 Commands 190
snmp-server engine-id 190
snmp-server group 191
snmp-server user 193
snmp-server view 194
show snmp engine-id 195
show snmp group 196
show snmp user 197
show snmp view 198
Notification Log Commands 199
nlm 199
snmp-server notify-filter 199
show nlm oper-status 201
show snmp notify-filter 201
– 10 –
Contents
Additional Trap Commands 201
memory 201
process cpu 202
6 Remote Monitoring Commands 203
rmon alarm 204
rmon event 205
rmon collection history 206
rmon collection rmon1 207
show rmon alarms 208
show rmon events 208
show rmon history 209
show rmon statistics 209
7 Authentication Commands 211
User Accounts 212
enable password 212
username 213
Authentication Sequence 214
authentication enable 214
authentication login 215
RADIUS Client 216
radius-server acct-port 217
radius-server auth-port 217
radius-server host 218
radius-server key 219
radius-server retransmit 219
radius-server timeout 220
show radius-server 220
TACACS+ Client 221
tacacs-server host 221
tacacs-server key 222
tacacs-server port 222
tacacs-server retransmit 223
tacacs-server timeout 223
show tacacs-server 224
– 11 –
Contents
Web Server 224
ip http port 225
ip http server 225
ip http secure-port 226
ip http secure-server 226
Telnet Server 228
ip telnet max-sessions 228
ip telnet port 229
ip telnet server 229
show ip telnet 229
Secure Shell 230
ip ssh authentication-retries 233
ip ssh server 233
ip ssh server-key size 234
ip ssh timeout 235
delete public-key 235
ip ssh crypto host-key generate 236
ip ssh crypto zeroize 237
ip ssh save host-key 237
show ip ssh 238
show public-key 238
show ssh 239
802.1X Port Authentication 240
General Commands 241
dot1x default 241
dot1x eapol-pass-through 241
dot1x system-auth-control 242
Authenticator Commands 243
dot1x intrusion-action 243
dot1x max-reauth-req 243
dot1x max-req 244
dot1x operation-mode 244
dot1x port-control 245
dot1x re-authentication 246
dot1x timeout quiet-period 246
– 12 –
Contents
dot1x timeout re-authperiod 247
dot1x timeout supp-timeout 247
dot1x timeout tx-period 248
dot1x re-authenticate 249
Information Display Commands 249
show dot1x 249
Management IP Filter 252
management 252
show management 253
8 General Security Measures 255
Port Security 256
mac-learning 256
port security 257
show port security 259
Network Access (MAC Address Authentication) 261
network-access aging 262
network-access mac-filter 263
mac-authentication reauth-time 263
network-access dynamic-qos 264
network-access dynamic-vlan 265
network-access guest-vlan 266
network-access link-detection 267
network-access link-detection link-down 267
network-access link-detection link-up 268
network-access link-detection link-up-down 268
network-access max-mac-count 269
network-access mode mac-authentication 269
network-access port-mac-filter 270
mac-authentication intrusion-action 271
mac-authentication max-mac-count 271
clear network-access 272
show network-access 272
show network-access mac-address-table 273
show network-access mac-filter 274
– 13 –
Contents
Web Authentication 274
web-auth login-attempts 275
web-auth quiet-period 276
web-auth session-timeout 276
web-auth system-auth-control 277
web-auth 277
web-auth re-authenticate (Port) 278
web-auth re-authenticate (IP) 278
show web-auth 279
show web-auth interface 279
show web-auth summary 280
DHCPv4 Snooping 280
ip dhcp snooping 281
ip dhcp snooping information option 283
ip dhcp snooping information option encode no-subtype 284
ip dhcp snooping information option remote-id 285
ip dhcp snooping information policy 286
ip dhcp snooping limit rate 286
ip dhcp snooping verify mac-address 287
ip dhcp snooping vlan 288
ip dhcp snooping information option circuit-id 288
ip dhcp snooping trust 290
clear ip dhcp snooping binding 291
clear ip dhcp snooping database flash 291
ip dhcp snooping database flash 291
show ip dhcp snooping 292
show ip dhcp snooping binding 292
DHCPv6 Snooping 293
ipv6 dhcp snooping 293
ipv6 dhcp snooping option remote-id 296
ipv6 dhcp snooping option remote-id policy 297
ipv6 dhcp snooping vlan 298
ipv6 dhcp snooping max-binding 299
ipv6 dhcp snooping trust 299
clear ipv6 dhcp snooping binding 300
– 14 –
Contents
clear ipv6 dhcp snooping statistics 301
show ipv6 dhcp snooping 301
show ipv6 dhcp snooping binding 301
show ipv6 dhcp snooping statistics 302
IPv4 Source Guard 302
ip source-guard binding 303
ip source-guard 305
ip source-guard max-binding 306
ip source-guard mode 307
clear ip source-guard binding blocked 308
show ip source-guard 308
show ip source-guard binding 309
IPv6 Source Guard 310
ipv6 source-guard binding 310
ipv6 source-guard 312
ipv6 source-guard max-binding 313
show ipv6 source-guard 314
show ipv6 source-guard binding 315
IPv6 Source Guard 315
ipv6 source-guard binding 316
ipv6 source-guard 317
ipv6 source-guard max-binding 319
show ipv6 source-guard 320
show ipv6 source-guard binding 320
ARP Inspection 321
ip arp inspection 322
ip arp inspection filter 323
ip arp inspection log-buffer logs 324
ip arp inspection validate 325
ip arp inspection vlan 325
ip arp inspection limit 326
ip arp inspection trust 327
show ip arp inspection configuration 328
show ip arp inspection interface 328
show ip arp inspection log 329
– 15 –
Contents
show ip arp inspection statistics 329
show ip arp inspection vlan 329
Port-based Traffic Segmentation 330
traffic-segmentation 330
traffic-segmentation session 332
traffic-segmentation uplink/downlink 332
traffic-segmentation uplink-to-uplink 333
show traffic-segmentation 334
9 Access Control Lists 335
IPv4 ACLs 335
access-list ip 336
permit, deny (Standard IP ACL) 337
permit, deny (Extended IPv4 ACL) 338
ip access-group 340
show ip access-group 341
show ip access-list 341
IPv6 ACLs 342
access-list ipv6 342
permit, deny (Standard IPv6 ACL) 343
permit, deny (Extended IPv6 ACL) 344
ipv6 access-group 345
show ipv6 access-group 346
show ipv6 access-list 346
MAC ACLs 347
access-list mac 347
permit, deny (MAC ACL) 348
mac access-group 350
show mac access-group 351
show mac access-list 351
ARP ACLs 352
access-list arp 352
permit, deny (ARP ACL) 353
show access-list arp 354
show arp access-list 354
– 16 –
Contents
ACL Information 355
clear access-list hardware counters 355
show access-group 356
show access-list 356
10 Interface Commands 359
Interface Configuration 360
interface 360
alias 361
description 362
flowcontrol 362
history 363
media-type 364
shutdown 364
switchport mtu 365
clear counters 366
hardware profile portmode 367
show hardware profile portmode 368
show interfaces brief 369
show interfaces counters 369
show interfaces history 373
show interfaces status 376
show interfaces switchport 377
Transceiver Threshold Configuration 378
transceiver-threshold-auto 378
transceiver-monitor 379
transceiver-threshold current 379
transceiver-threshold rx-power 380
transceiver-threshold temperature 381
transceiver-threshold tx-power 382
transceiver-threshold voltage 383
show interfaces transceiver 384
show interfaces transceiver-threshold 386
Cable Diagnostics 387
test loop internal 387
– 17 –
Contents
show loop internal 387
11 Link Aggregation Commands 389
Manual Configuration Commands 391
port channel load-balance 391
channel-group 392
Dynamic Configuration Commands 393
lacp 393
lacp admin-key (Ethernet Interface) 394
lacp port-priority 395
lacp system-priority 396
lacp admin-key (Port Channel) 397
lacp timeout 398
Trunk Status Display Commands 399
show lacp 399
show port-channel load-balance 403
MLAG Commands 403
mlag 404
mlag peer-link 405
mlag group member 405
show mlag 407
show mlag domain 407
12 Port Mirroring Commands 409
Local Port Mirroring Commands 409
port monitor 409
show port monitor 410
RSPAN Mirroring Commands 411
rspan source 413
rspan destination 414
rspan remote vlan 415
no rspan session 416
show rspan 416
13 Congestion Control Commands 419
Rate Limit Commands 419
– 18 –
Contents
rate-limit 420
Storm Control Commands 421
switchport packet-rate 421
14 Loopback Detection Commands 423
loopback-detection 424
loopback-detection action 424
loopback-detection recover-time 425
loopback-detection transmit-interval 426
loopback detection trap 426
loopback-detection release 427
show loopback-detection 428
15 UniDirectional Link Detection Commands 429
udld detection-interval 429
udld message-interval 430
udld recovery 431
udld recovery-interval 431
udld aggressive 432
udld port 433
show udld 434
16 Address Table Commands 437
mac-address-table aging-time 437
mac-address-table static 438
clear mac-address-table dynamic 439
show mac-address-table 439
show mac-address-table aging-time 440
show mac-address-table count 441
17 Spanning Tree Commands 443
spanning-tree 444
spanning-tree forward-time 445
spanning-tree hello-time 445
spanning-tree max-age 446
spanning-tree mode 447
spanning-tree pathcost method 448
– 19 –
Contents
spanning-tree priority 449
spanning-tree mst configuration 449
spanning-tree system-bpdu-flooding 450
spanning-tree transmission-limit 450
max-hops 451
mst priority 451
mst vlan 452
name 453
revision 454
spanning-tree bpdu-filter 454
spanning-tree bpdu-guard 455
spanning-tree cost 456
spanning-tree edge-port 457
spanning-tree link-type 458
spanning-tree mst cost 459
spanning-tree mst port-priority 460
spanning-tree port-priority 461
spanning-tree root-guard 461
spanning-tree spanning-disabled 462
spanning-tree tc-prop-stop 463
spanning-tree protocol-migration 463
show spanning-tree 464
show spanning-tree mst configuration 466
18 VLAN Commands 467
GVRP and Bridge Extension Commands 468
bridge-ext gvrp 468
garp timer 469
switchport gvrp 470
show garp timer 470
show gvrp configuration 471
Editing VLAN Groups 472
vlan database 472
vlan 473
Configuring VLAN Interfaces 474
– 20 –
Contents
interface vlan 474
switchport acceptable-frame-types 475
switchport allowed vlan 476
switchport forbidden vlan 477
switchport ingress-filtering 478
switchport mode 479
switchport native vlan 480
vlan-trunking 480
Displaying VLAN Information 482
show vlan 482
Configuring IEEE 802.1Q Tunneling 483
dot1q-tunnel system-tunnel-control 484
dot1q-tunnel tpid 485
switchport dot1q-tunnel mode 486
switchport dot1q-tunnel priority map 486
switchport dot1q-tunnel service default match all 487
switchport dot1q-tunnel service match cvid 488
show dot1q-tunnel 490
Configuring L2CP Tunneling 492
l2protocol-tunnel custom-pdu 492
l2protocol-tunnel tunnel-dmac 493
switchport l2protocol-tunnel 496
show l2protocol-tunnel 497
Configuring VXLAN Tunneling 497
vxlan udp-dst-port 499
vxlan flood 500
vxlan vlan vni 501
debug vxlan 502
show vxlan udp-dst-port 503
show vxlan vtep 503
show vxlan flood 504
show vxlan vlan-vni 504
show debug vxlan 505
19 Class of Service Commands 507
– 21 –
Contents
Priority Commands (Layer 2) 507
queue mode 508
queue weight 509
switchport priority default 510
show queue mode 511
show queue weight 511
Priority Commands (Layer 3 and 4) 512
qos map phb-queue 513
qos map cos-dscp 513
qos map default-drop-precedence 515
qos map dscp-cos 516
qos map dscp-mutation 517
qos map ip-port-dscp 518
qos map ip-prec-dscp 519
qos map trust-mode 520
show qos map cos-dscp 521
show map default-drop-precedence 521
show map dscp-cos 522
show qos map dscp-mutation 523
show qos map ip-port-dscp 523
show qos map ip-prec-dscp 524
show qos map phb-queue 525
show qos map trust-mode 525
20 Quality of Service Commands 527
class-map 528
description 529
match 529
rename 531
policy-map 531
class 532
police flow 533
police srtcm-color 534
police trtcm-color 537
set cos 539
– 22 –
Contents
set phb 540
service-policy 541
show class-map 541
show policy-map 542
show policy-map interface 543
21 Data Center Bridging Commands 545
DCB Exchange Commands 546
dcbx 546
dcbx mode 547
show dcbx 548
Priority-based Flow Control Commands 549
pfc mode 550
pfc priority 551
clear pfc statistics 552
show pfc 552
show pfc statistics 553
Enhanced Transmission Selection Commands 554
ets mode 555
traffic-class algo 555
traffic-class map 556
traffic-class weight 557
show ets mapping 558
show ets weight 559
Congestion Notification Commands 559
cn 562
cn cnm-transmit-priority 562
cn cnpv 563
cn cnpv alternate-priority (Global Configuration) 564
cn cnpv defense-mode (Global Configuration) 565
cn cnpv alternate-priority (Interface Configuration) 566
cn cnpv defense-mode (Interface Configuration) 567
show cn 567
show cn cnpv 568
show cn cp 569
– 23 –
Contents
Openflow Commands 570
of-agent controller 572
of-agent datapath-desc 573
clear of-agent 573
show of-agent controller 573
show of-agent flow 574
show of-agent group 578
22 Multicast Filtering Commands 581
IGMP Snooping 582
ip igmp snooping 583
ip igmp snooping priority 584
ip igmp snooping proxy-reporting 585
ip igmp snooping querier 585
ip igmp snooping router-alert-option-check 586
ip igmp snooping router-port-expire-time 587
ip igmp snooping tcn-flood 587
ip igmp snooping tcn-query-solicit 588
ip igmp snooping unregistered-data-flood 589
ip igmp snooping unsolicited-report-interval 590
ip igmp snooping version 590
ip igmp snooping version-exclusive 591
ip igmp snooping vlan general-query-suppression 592
ip igmp snooping vlan immediate-leave 592
ip igmp snooping vlan last-memb-query-count 593
ip igmp snooping vlan last-memb-query-intvl 594
ip igmp snooping vlan mrd 595
ip igmp snooping vlan proxy-address 596
ip igmp snooping vlan query-interval 597
ip igmp snooping vlan query-resp-intvl 598
ip igmp snooping vlan static 598
clear ip igmp snooping groups dynamic 599
clear ip igmp snooping statistics 599
show ip igmp snooping 600
show ip igmp snooping group 601
– 24 –
Contents
show ip igmp snooping mrouter 602
show ip igmp snooping statistics 602
Static Multicast Routing 605
ip igmp snooping vlan mrouter 605
IGMP Filtering and Throttling 606
ip igmp filter (Global Configuration) 607
ip igmp profile 608
permit, deny 608
range 609
ip igmp authentication 609
ip igmp filter (Interface Configuration) 611
ip igmp max-groups 612
ip igmp max-groups action 612
ip igmp query-drop 613
show ip igmp authentication 613
show ip igmp filter 614
show ip igmp profile 615
show ip igmp query-drop 615
show ip igmp throttle interface 616
MLD Snooping 617
ipv6 mld snooping 618
ipv6 mld snooping querier 618
ipv6 mld snooping query-interval 619
ipv6 mld snooping query-max-response-time 619
ipv6 mld snooping robustness 620
ipv6 mld snooping router-port-expire-time 621
ipv6 mld snooping unknown-multicast mode 621
ipv6 mld snooping version 622
ipv6 mld snooping vlan immediate-leave 622
ipv6 mld snooping vlan mrouter 623
ipv6 mld snooping vlan static 624
clear ipv6 mld snooping groups dynamic 624
clear ipv6 mld snooping statistics 625
show ipv6 mld snooping 625
show ipv6 mld snooping group 626
– 25 –
Contents
show ipv6 mld snooping group source-list 627
show ipv6 mld snooping mrouter 627
IGMP (Layer 3) 628
ip igmp 628
ip igmp last-member-query-interval 629
ip igmp max-resp-interval 630
ip igmp query-interval 631
ip igmp robustval 632
ip igmp static-group 632
ip igmp version 633
clear ip igmp group 634
show ip igmp groups 635
show ip igmp interface 637
IGMP Proxy Routing 638
ip igmp proxy 638
ip igmp proxy unsolicited-report-interval 640
MLD (Layer 3) 640
ipv6 mld 641
ipv6 mld last-member-query-response-interval 641
ipv6 mld max-resp-interval 642
ipv6 mld query-interval 643
ipv6 mld robustval 644
ipv6 mld static-group 644
ipv6 mld version 645
clear ipv6 mld group 646
show ipv6 mld groups 647
show ipv6 mld interface 648
MLD Proxy Routing 649
ipv6 mld proxy 649
ipv6 mld proxy unsolicited-report-interval 651
23 LLDP Commands 653
lldp 655
lldp holdtime-multiplier 655
lldp med-fast-start-count 656
– 26 –
Contents
lldp notification-interval 657
lldp refresh-interval 657
lldp reinit-delay 658
lldp tx-delay 658
lldp admin-status 659
lldp basic-tlv management-ip-address 659
lldp basic-tlv port-description 660
lldp basic-tlv system-capabilities 661
lldp basic-tlv system-description 661
lldp basic-tlv system-name 662
lldp dcbx-tlv ets-config 662
lldp dcbx-tlv ets-recommend 663
lldp dcbx-tlv pfc-config 664
lldp dot1-tlv proto-ident 664
lldp dot1-tlv proto-vid 665
lldp dot1-tlv pvid 665
lldp dot1-tlv vlan-name 666
lldp dot3-tlv link-agg 666
lldp dot3-tlv mac-phy 667
lldp dot3-tlv max-frame 667
lldp med-location civic-addr 668
lldp med-notification 669
lldp med-tlv inventory 670
lldp med-tlv location 671
lldp med-tlv med-cap 671
lldp med-tlv network-policy 672
lldp notification 672
show lldp config 673
show lldp info local-device 674
show lldp info remote-device 675
show lldp info statistics 678
24 CFM Commands 681
Defining CFM Structures 684
ethernet cfm ais level 684
– 27 –
Contents
ethernet cfm ais ma 685
ethernet cfm ais period 686
ethernet cfm ais suppress alarm 686
ethernet cfm domain 687
ethernet cfm enable 689
ma index name 690
ma index name-format 691
ethernet cfm mep 692
ethernet cfm port-enable 693
clear ethernet cfm ais mpid 693
show ethernet cfm configuration 694
show ethernet cfm md 696
show ethernet cfm ma 696
show ethernet cfm maintenance-points local 697
show ethernet cfm maintenance-points local detail mep 698
show ethernet cfm maintenance-points remote detail 699
Continuity Check Operations 701
ethernet cfm cc ma interval 701
ethernet cfm cc enable 702
snmp-server enable traps ethernet cfm cc 703
mep archive-hold-time 704
clear ethernet cfm maintenance-points remote 704
clear ethernet cfm errors 705
show ethernet cfm errors 706
Cross Check Operations 707
ethernet cfm mep crosscheck start-delay 707
snmp-server enable traps ethernet cfm crosscheck 707
mep crosscheck mpid 708
ethernet cfm mep crosscheck 709
show ethernet cfm maintenance-points remote crosscheck 710
Link Trace Operations 710
ethernet cfm linktrace cache 710
ethernet cfm linktrace cache hold-time 711
ethernet cfm linktrace cache size 712
ethernet cfm linktrace 712
– 28 –
Contents
clear ethernet cfm linktrace-cache 714
show ethernet cfm linktrace-cache 714
Loopback Operations 715
ethernet cfm loopback 715
Fault Generator Operations 716
mep fault-notify alarm-time 716
mep fault-notify lowest-priority 717
mep fault-notify reset-time 718
show ethernet cfm fault-notify-generator 719
Delay Measure Operations 720
ethernet cfm delay-measure two-way 720
25 Domain Name Service Commands 723
ip domain-list 724
ip domain-lookup 725
ip domain-name 725
ip host 726
ip name-server 727
ipv6 host 728
clear dns cache 728
clear host 729
show dns 729
show dns cache 730
show hosts 730
26 DHCP Commands 733
DHCP Client 733
ip dhcp client class-id 733
ip dhcp restart client 735
ipv6 dhcp client rapid-commit vlan 736
DHCP Relay 737
DHCP for IPv4 737
ip dhcp relay server 737
ip dhcp restart relay 738
DHCP for IPv6 739
ipv6 dhcp relay destination 739
– 29 –
Contents
show ipv6 dhcp relay destination 740
27 IP Interface Commands 741
IPv4 Interface 741
Basic IPv4 Configuration 742
ip address 742
ip default-gateway 746
show ip interface 747
show ip traffic 747
traceroute 748
ping 750
ARP Configuration 751
arp 751
arp timeout 752
clear arp-cache 753
show arp 753
IPv6 Interface 754
Interface Address Configuration and Utilities 755
ipv6 default-gateway 755
ipv6 address 756
ipv6 address eui-64 757
ipv6 address link-local 759
ipv6 enable 760
ipv6 mtu 762
show ipv6 interface 763
show ipv6 mtu 765
show ipv6 traffic 765
clear ipv6 traffic 770
ping6 770
traceroute6 771
Neighbor Discovery 773
ipv6 hop-limit 773
ipv6 nd dad attempts 773
ipv6 nd ns-interval 775
ipv6 nd raguard 776
– 30 –
Contents
ipv6 nd reachable-time 777
ipv6 neighbor 778
clear ipv6 neighbors 779
show ipv6 nd raguard 779
show ipv6 neighbors 780
ND Snooping 781
ipv6 nd snooping 782
ipv6 nd snooping auto-detect 784
ipv6 nd snooping auto-detect retransmit count 784
ipv6 nd snooping auto-detect retransmit interval 785
ipv6 nd snooping prefix timeout 785
ipv6 nd snooping max-binding 786
ipv6 nd snooping trust 787
clear ipv6 nd snooping binding 787
clear ipv6 nd snooping prefix 788
show ipv6 nd snooping 788
show ipv6 nd snooping binding 788
show ipv6 nd snooping prefix 789
28 VRRP Commands 791
vrrp ping-enable 791
vrrp authentication 792
vrrp ip 793
vrrp preempt 794
vrrp priority 795
vrrp timers advertise 796
show vrrp 796
show vrrp interface 798
show vrrp interface counters 799
show vrrp router counters 800
29 IP Routing Commands 801
Global Routing Configuration 801
IPv4 Commands 803
ip route 803
show ip host-route 804
– 31 –
Contents
show ip route 805
show ip route database 806
show ip route summary 807
show ip traffic 807
ECMP Commands 808
ecmp load-balance 808
hash-selection list 809
maximum-paths 810
dst-mac (MAC Hash) 810
ethertype (MAC Hash) 810
src-mac (MAC Hash) 811
vlan (MAC Hash) 811
dst-ip (IPv4 Hash) 811
dst-l4-port (IPv4 Hash) 812
protocol-id (IPv4 Hash) 812
src-ip (IPv4 Hash) 812
src-l4-port (IPv4 Hash) 813
vlan (IPv4 Hash) 813
collapsed-dst-ip (IPv6 Hash) 813
collapsed-src-ip (IPv6 Hash) 814
dst-l4-port (IPv6 Hash) 814
next-header (IPv6 Hash) 815
src-l4-port (IPv6 Hash) 815
vlan (IPv6 Hash) 815
show ecmp load-balance 816
show hash-selection list 816
IPv6 Commands 817
ipv6 route 817
show ipv6 route 818
Routing Information Protocol (RIP) 820
router rip 820
default-information originate 821
default-metric 822
distance 823
maximum-prefix 823
– 32 –
Contents
neighbor 824
network 825
passive-interface 826
redistribute 826
timers basic 828
version 829
ip rip authentication mode 830
ip rip authentication string 831
ip rip receive version 831
ip rip receive-packet 832
ip rip send version 833
ip rip send-packet 834
ip rip split-horizon 835
clear ip rip route 835
show ip protocols rip 836
show ip rip 837
Open Shortest Path First (OSPFv2) 838
General Configuration 839
router ospf 839
compatible rfc1583 840
default-information originate 841
router-id 842
timers spf 843
clear ip ospf process 844
Route Metrics and Summaries 844
area default-cost 844
area range 845
auto-cost reference-bandwidth 846
default-metric 847
redistribute 847
summary-address 849
Area Configuration 850
area authentication 850
area nssa 851
area stub 853
– 33 –
Contents
area virtual-link 854
network area 856
Interface Configuration 857
ip ospf authentication 857
ip ospf authentication-key 859
ip ospf cost 860
ip ospf dead-interval 861
ip ospf hello-interval 861
ip ospf message-digest-key 862
ip ospf priority 863
ip ospf retransmit-interval 864
ip ospf transmit-delay 865
passive-interface 866
Display Information 866
show ip ospf 866
show ip ospf border-routers 868
show ip ospf database 869
show ip ospf interface 875
show ip ospf neighbor 877
show ip ospf route 878
show ip ospf virtual-links 878
show ip protocols ospf 879
Open Shortest Path First (OSPFv3) 880
General Configuration 882
router ipv6 ospf 882
abr-type 883
max-current-dd 884
router-id 885
timers spf 886
Route Metrics and Summaries 886
area default-cost 886
area range 887
default-metric 888
redistribute 889
– 34 –
Contents
Area Configuration 890
area stub 890
area virtual-link 891
ipv6 router ospf area 893
ipv6 router ospf tag area 894
Interface Configuration 895
ipv6 ospf cost 895
ipv6 ospf dead-interval 896
ipv6 ospf hello-interval 897
ipv6 ospf priority 897
ipv6 ospf retransmit-interval 898
ipv6 ospf transmit-delay 899
passive-interface 900
Display Information 900
show ipv6 ospf 900
show ipv6 ospf database 902
show ipv6 ospf interface 903
show ipv6 ospf neighbor 904
show ipv6 ospf route 905
show ipv6 ospf virtual-links 906
Border Gateway Protocol (BGPv4) 908
BGP Overview 908
External and Internal BGP 908
BGP Routing Basics 909
Internal BGP Scalability 913
Route Flap Dampening 917
BGP Command List 918
General Configuration 922
router bgp 922
ip as-path access-list 923
ip community-list 924
ip extcommunity-list 926
ip prefix-list 928
aggregate-address 929
bgp client-to-client reflection 931
– 35 –
Contents
bgp cluster-id 932
bgp confederation identifier 933
bgp confederation peer 934
bgp dampening 935
bgp enforce-first-as 936
bgp fast-external-failover 936
bgp log-neighbor-changes 937
bgp network import-check 937
bgp router-id 938
bgp scan-time 938
network 939
redistribute 940
timers bgp 941
clear ip bgp 942
clear ip bgp dampening 943
Route Metrics and Selection 944
bgp always-compare-med 944
bgp bestpath as-path ignore 944
bgp bestpath compare-confed-aspath 945
bgp bestpath compare-routerid 945
bgp bestpath med 946
bgp default local-preference 947
bgp deterministic-med 947
distance 948
distance bgp 949
Neighbor Configuration 950
neighbor activate 950
neighbor advertisement-interval 951
neighbor allowas-in 951
neighbor attribute-unchanged 952
neighbor capability dynamic 953
neighbor capability orf prefix-list 953
neighbor default-originate 954
neighbor description 955
neighbor distribute-list 955
– 36 –
Contents
neighbor dont-capability-negotiate 956
neighbor ebgp-multihop 957
neighbor enforce-multihop 957
neighbor filter-list 958
neighbor interface 959
neighbor maximum-prefix 959
neighbor next-hop-self 960
neighbor override-capability 961
neighbor passive 962
neighbor password 962
neighbor peer-group (Creating) 963
neighbor peer-group (Group Members) 964
neighbor port 964
neighbor prefix-list 965
neighbor remote-as 966
neighbor remove-private-as 966
neighbor route-map 967
neighbor route-reflector-client 968
neighbor route-server-client 969
neighbor send-community 970
neighbor shutdown 970
neighbor soft-reconfiguration inbound 971
neighbor strict-capability-match 972
neighbor timers 972
neighbor timers connect 973
neighbor unsuppress-map 974
neighbor update-source 975
neighbor weight 975
Display Information 976
show ip bgp 976
show ip bgp attribute-info 977
show ip bgp cidr-only 978
show ip bgp community 978
show ip bgp community-info 979
show ip bgp community-list 980
– 37 –
Contents
show ip bgp dampening 980
show ip bgp filter-list 982
show ip bgp neighbors 982
show ip bgp paths 984
show ip bgp prefix-list 985
show ip bgp regexp 985
show ip bgp route-map 986
show ip bgp scan 986
show ip bgp summary 986
show ip community-list 987
show ip extcommunity-list 987
show ip prefix-list 988
show ip prefix-list detail 989
show ip prefix-list summary 989
show ip protocols bgp 990
Policy-based Routing for BGP 991
route-map 993
call 994
continue 995
description 995
match as-path 996
match community 996
match extcommunity 997
match ip address 997
match ip next-hop 998
match ip route-source 999
match metric 999
match origin 1000
match pathlimit 1000
match peer 1001
on-match 1002
set aggregator as 1002
set as-path 1003
set atomic-aggregate 1003
set comm-list delete 1004
– 38 –
Contents
set community 1005
set extcommunity 1006
set ip next-hop 1007
set local-preference 1008
set metric 1008
set origin 1009
set originator-id 1010
set pathlimit ttl 1010
set weight 1011
show route-map 1011
30 Multicast Routing Commands 1013
General Multicast Routing 1013
IPv4 Commands 1013
ip multicast-routing 1013
show ip mroute 1014
IPv6 Commands 1016
ipv6 multicast-routing 1016
show ipv6 mroute 1017
Static Multicast Routing 1019
ip igmp snooping vlan mrouter 1019
Static Multicast Routing 1020
ip igmp snooping vlan mrouter 1020
show ip igmp snooping mrouter 1021
PIM Multicast Routing 1022
IPv4 PIM Commands 1022
PIM Shared Mode Commands 1023
router pim 1023
ip pim 1024
ip pim hello-holdtime 1025
ip pim hello-interval 1026
ip pim join-prune-holdtime 1027
ip pim lan-prune-delay 1027
ip pim override-interval 1028
ip pim propagation-delay 1029
– 39 –
Contents
ip pim trigger-hello-delay 1030
show ip pim interface 1030
show ip pim neighbor 1031
PIM-DM Commands 1032
ip pim graft-retry-interval 1032
ip pim max-graft-retries 1032
ip pim state-refresh origination-interval 1033
PIM-SM Commands 1034
ip pim bsr-candidate 1034
ip pim register-rate-limit 1035
ip pim register-source 1036
ip pim rp-address 1036
ip pim rp-candidate 1038
ip pim spt-threshold 1039
ip pim ssm range 1040
ip pim dr-priority 1042
ip pim join-prune-interval 1043
clear ip pim bsr rp-set 1044
show ip pim bsr-router 1045
show ip pim rp mapping 1046
show ip pim rp-hash 1046
show ip pim ssm range 1047
IPv6 PIM Commands 1047
PIM6 Shared Mode Commands 1048
router pim6 1048
ipv6 pim 1049
ipv6 pim hello-holdtime 1050
ipv6 pim hello-interval 1051
ipv6 pim join-prune-holdtime 1051
ipv6 pim lan-prune-delay 1052
ipv6 pim override-interval 1053
ipv6 pim propagation-delay 1054
ipv6 pim trigger-hello-delay 1054
show ipv6 pim interface 1055
show ipv6 pim neighbor 1056
– 40 –
Contents
PIM6-DM Commands 1056
ipv6 pim graft-retry-interval 1056
ipv6 pim max-graft-retries 1057
ipv6 pim state-refresh origination-interval 1058
PIM6-SM Commands 1058
ipv6 pim bsr-candidate 1058
ipv6 pim register-rate-limit 1060
ipv6 pim register-source 1060
ipv6 pim rp-address 1061
ipv6 pim rp-candidate 1062
ipv6 pim spt-threshold 1064
ipv6 pim dr-priority 1065
ipv6 pim join-prune-interval 1066
clear ipv6 pim bsr rp-set 1067
show ipv6 pim bsr-router 1068
show ipv6 pim rp mapping 1069
show ipv6 pim rp-hash 1069
Section III Appendices 1071
A Legacy and Hybrid Operating Mode Feature Set Differences 1073
B Troubleshooting 1077
Problems Accessing the Management Interface 1077
Using System Logs 1078
C License Information 1079
The GNU General Public License 1079
Glossary 1083
List of CLI Commands 1091
Index 1101
– 41 –
Contents
– 42 –

Figures

Figure 1: MLAG Domain Topology 403
Figure 2: MLAG Peer Operation 407
Figure 3: Configuring VLAN Trunking 481
Figure 4: Mapping QinQ Service VLAN to Customer VLAN 489
Figure 5: Openflow Process 571
Figure 6: Connections for Internal and External BGP 908
Figure 7: Connections for Single Route Reflector 914
Figure 8: Connections for Multiple Route Reflectors 914
Figure 9: Connections for BGP Confederation 916
Figure 10: Connections for Route Server 917
– 43 –
Figures
– 44 –

Tables

Table 1: Revision History 4
Table 2: Options 60, 66 and 67 Statements 76
Table 3: Options 55 and 124 Statements 76
Table 4: General Command Modes 88
Table 5: Configuration Command Modes 90
Table 6: Keystroke Commands 92
Table 7: Command Group Index 93
Table 8: General Commands 95
Table 9: System Management Commands 103
Table 10: Device Designation Commands 103
Table 11: Banner Commands 104
Table 12: System Status Commands 113
Table 13: show access-list tcam-utilization - display description 115
Table 14: show system – display description 121
Table 15: show version – display description 124
Table 16: Fan Control Commands 125
Table 17: Frame Size Commands 125
Table 18: Flash/File Commands 127
Table 19: File Directory Information 133
Table 20: Line Commands 142
Table 21: Event Logging Commands 153
Table 22: Logging Levels 154
Table 23: show logging flash/ram - display description 159
Table 24: show logging trap - display description 159
Table 25: Event Logging Commands 159
Table 26: Time Commands 163
Table 27: Predefined Summer-Time Parameters 173
Table 28: Time Range Commands 177
Table 29: SNMP Commands 181
– 45 –
Tabl es
Table 30: show snmp engine-id - display description 196
Table 31: show snmp group - display description 197
Table 32: show snmp user - display description 198
Table 33: show snmp view - display description 198
Table 34: RMON Commands 203
Table 35: Authentication Commands 211
Table 36: User Access Commands 212
Table 37: Default Login Settings 213
Table 38: Authentication Sequence Commands 214
Table 39: RADIUS Client Commands 216
Table 40: TACACS+ Client Commands 221
Table 41: Web Server Commands 224
Table 42: HTTPS System Support 227
Table 43: Telnet Server Commands 228
Table 44: Secure Shell Commands 230
Table 45: show ssh - display description 239
Table 46: 802.1X Port Authentication Commands 240
Table 47: Management IP Filter Commands 252
Table 48: General Security Commands 255
Table 49: Port Security Commands 256
Table 50: show port security - display description 260
Table 51: Network Access Commands 261
Table 52: Dynamic QoS Profiles 264
Table 53: Web Authentication 275
Table 54: DHCP Snooping Commands 280
Table 55: Option 82 information 289
Table 56: DHCP Snooping Commands 293
Table 57: IPv4 Source Guard Commands 302
Table 58: IPv6 Source Guard Commands 310
Table 59: IPv6 Source Guard Commands 315
Table 60: ARP Inspection Commands 321
Table 61: Commands for Configuring Traffic Segmentation 330
Table 62: Traffic Segmentation Forwarding 331
Table 63: Access Control List Commands 335
Table 64: IPv4 ACL Commands 335
– 46 –
Tabl es
Table 65: IPv6 ACL Commands 342
Table 66: MAC ACL Commands 347
Table 67: ARP ACL Commands 352
Table 68: ACL Information Commands 355
Table 69: Interface Commands 359
Table 70: show interfaces counters - display description 370
Table 71: show interfaces switchport - display description 378
Table 72: Link Aggregation Commands 389
Table 73: show lacp counters - display description 399
Table 74: show lacp internal - display description 400
Table 75: show lacp neighbors - display description 402
Table 76: show lacp sysid - display description 402
Table 77: Port Mirroring Commands 409
Table 78: Mirror Port Commands 409
Table 79: RSPAN Commands 411
Table 80: Congestion Control Commands 419
Table 81: Rate Limit Commands 419
Table 82: Rate Limit Commands 421
Table 83: Loopback Detection Commands 423
Table 84: UniDirectional Link Detection Commands 429
Table 85: show udld - display description 434
Table 86: Address Table Commands 437
Table 87: Spanning Tree Commands 443
Table 88: Recommended STA Path Cost Range 456
Table 89: Default STA Path Costs 457
Table 90: VLAN Commands 467
Table 91: GVRP and Bridge Extension Commands 468
Table 92: Commands for Editing VLAN Groups 472
Table 93: Commands for Configuring VLAN Interfaces 474
Table 94: Commands for Displaying VLAN Information 482
Table 95: 802.1Q Tunneling Commands 483
Table 96: L2 Protocol Tunnel Commands 492
Table 97: VxLAN Tunneling Commands 498
Table 98: Priority Commands 507
Table 99: Priority Commands (Layer 2) 507
– 47 –
Tabl es
Table 100: Priority Commands (Layer 3 and 4) 512
Table 101: Mapping Internal Per-hop Behavior to Hardware Queues 513
Table 102: Default Mapping of CoS/CFI to Internal PHB/Drop Precedence 514
Table 103: Mapping Per-hop Behavior to Drop Precedence 515
Table 104: Mapping Internal PHB/Drop Precedence to CoS/CFI Values 516
Table 105: Default Mapping of DSCP Values to Internal PHB/Drop Values 517
Table 106: Default Mapping of IP Precedence to Internal PHB/Drop Values 519
Table 107: Quality of Service Commands 527
Table 108: Data Center Bridging Commands 545
Table 109: DCB Exchange Commands 546
Table 110: Priority-based Flow Control Commands 549
Table 111: ETS Commands 554
Table 112: CN Commands 561
Table 113: show cn cp - display description 569
Table 114: Openflow Commands 571
Table 115: Multicast Filtering Commands 581
Table 116: IGMP Snooping Commands 582
Table 117: show ip igmp snooping statistics input - display description 603
Table 118: show ip igmp snooping statistics output - display description 604
Table 119: show ip igmp snooping statistics vlan query - display description 604
Table 120: Static Multicast Interface Commands 605
Table 121: IGMP Filtering and Throttling Commands 606
Table 122: IGMP Authentication RADIUS Attribute Value Pairs 610
Table 123: MLD Snooping Commands 617
Table 124: IGMP Commands (Layer 3) 628
Table 125: show ip igmp groups - display description 636
Table 126: show ip igmp groups detail - display description 636
Table 127: IGMP Proxy Commands 638
Table 128: MLD Commands (Layer 3) 640
Table 129: show ipv6 mld groups - display description 647
Table 130: IGMP Proxy Commands 649
Table 131: LLDP Commands 653
Table 132: LLDP MED Location CA Types 668
Table 133: CFM Commands 681
Table 134: show ethernet cfm configuration traps - display description 695
– 48 –
Tabl es
Table 135: show ethernet cfm maintenance-points local detail mep - display 699
Table 136: show ethernet cfm maintenance-points remote detail - display 700
Table 137: show ethernet cfm errors - display description 706
Table 138: show ethernet cfm linktrace-cache - display description 714
Table 139: Remote MEP Priority Levels 718
Table 140: MEP Defect Descriptions 718
Table 141: show fault-notify-generator - display description 719
Table 142: Address Table Commands 723
Table 143: show dns cache - display description 730
Table 144: show hosts - display description 731
Table 145: DHCP Commands 733
Table 146: DHCP Client Commands 733
Table 147: Options 60, 66 and 67 Statements 734
Table 148: Options 55 and 124 Statements 734
Table 149: DHCP Relay Commands 737
Table 150: IP Interface Commands 741
Table 151: IPv4 Interface Commands 741
Table 152: Basic IP Configuration Commands 742
Table 153: Address Resolution Protocol Commands 751
Table 154: IPv6 Configuration Commands 754
Table 155: show ipv6 interface - display description 764
Table 156: show ipv6 mtu - display description 765
Table 157: show ipv6 traffic - display description 767
Table 158: show ipv6 neighbors - display description 780
Table 159: ND Snooping Commands 782
Table 160: VRRP Commands 791
Table 161: show vrrp - display description 797
Table 162: show vrrp brief - display description 798
Table 163: IP Routing Commands 801
Table 164: Global Routing Configuration Commands 801
Table 165: show ip host-route - display description 804
Table 166: Routing Information Protocol Commands 820
Table 167: Open Shortest Path First Commands 838
Table 168: show ip ospf - display description 867
Table 169: show ip ospf database - display description 870
– 49 –
Tabl es
Table 170: show ip ospf database summary - display description 871
Table 171: show ip ospf database external - display description 872
Table 172: show ip ospf database network - display description 873
Table 173: show ip ospf database router - display description 874
Table 174: show ip ospf database summary - display description 875
Table 175: show ip ospf interface - display description 876
Table 176: show ip ospf neighbor - display description 877
Table 177: show ip ospf virtual-links - display description 879
Table 178: show ip protocols ospf - display description 879
Table 179: Open Shortest Path First Commands (Version 3) 880
Table 180: show ip ospf - display description 901
Table 181: show ip ospf database - display description 903
Table 182: show ip ospf interface - display description 903
Table 183: show ipv6 ospf neighbor - display description 905
Table 184: show ipv6 ospf virtual-links - display description 906
Table 185: Border Gateway Protocol Commands – Version 4 918
Table 186: show ip bgp - display description 977
Table 187: show ip bgp community-info - display description 980
Table 188: show ip bgp dampening parameters- display description 981
Table 189: show ip bgp - display description 983
Table 190: show ip bgp paths - display description 984
Table 191: show ip protocols bgp - display description 990
Table 192: Policy-based Routing Configuration Commands 991
Table 193: Multicast Routing Commands 1013
Table 194: General Multicast Routing Commands 1013
Table 195: show ip mroute - display description 1015
Table 196: show ip mroute - display description 1018
Table 197: Static Multicast Routing Commands 1019
Table 198: Static Multicast Routing Commands 1020
Table 199: IPv4 and IPv6 PIM Commands 1022
Table 200: PIM-DM and PIM-SM Multicast Routing Commands 1022
Table 201: show ip pim neighbor - display description 1031
Table 202: show ip pim bsr-router - display description 1045
Table 203: show ip pim rp mapping - display description 1046
Table 204: show ip pim rp-hash - display description 1047
– 50 –
Tabl es
Table 205: PIM-DM and PIM-SM Multicast Routing Commands 1047
Table 206: show ipv6 pim neighbor - display description 1056
Table 207: show ip pim bsr-router - display description 1068
Table 208: show ip pim rp mapping - display description 1069
Table 209: show ip pim rp-hash - display description 1070
Table 210: Legacy and Hybrid Operating Mode Feature Set Differences 1073
Table 211: Troubleshooting Chart 1077
– 51 –
Tabl es
– 52 –
Section I

Getting Started

This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface.
This section includes these chapters:
"Initial Switch Configuration" on page 55
– 53 –
Section I
| Getting Started
– 54 –

1 Initial Switch Configuration

This chapter includes information on connecting to the switch and basic configuration procedures.

Connecting to the Switch

The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).
Note:
An IPv4 address for this switch is obtained via DHCP by default. To change
this address, see “Setting an IP Address” on page 62.
Configuration Options The switch’s HTTP web agent allows you to configure switch parameters, monitor
port connections, and display statistics using a standard web browser such as Internet Explorer 8 or above, Mozilla Firefox 32 or above, and Google Chrome 39 or above. The switch’s web management interface can be accessed from any computer attached to the network.
The CLI program can be accessed by a direct connection to the RS-232 serial console port on the switch, or remotely by a Telnet connection over the network.
The switch’s management agent also supports SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using network management software.
The switch’s web interface, console interface, and SNMP agent allow you to perform the following management functions:
Set user names and passwords
Set an IP interface for any VLAN
Configure SNMP parameters
Enable/disable any port
Set the speed/duplex mode for any port
Configure the bandwidth of any port by limiting input or output rates
– 55 –
Chapter 1
Connecting to the Switch
| Initial Switch Configuration
Control port access through IEEE 802.1X security or static address filtering
Filter packets using Access Control Lists (ACLs)
Configure up to 4094 IEEE 802.1Q VLANs
Configure IP routing for unicast or multicast traffic
Configure router redundancy
Configure IGMP multicast filtering
Upload and download system firmware or configuration files via HTTP (using
the web interface) or FTP/TFTP (using the command line or web interface)
Configure Spanning Tree parameters
Configure Class of Service (CoS) priority queuing
Configure static or LACP trunks (up to 8)
Enable port mirroring
Set storm control on any port for excessive broadcast, multicast, or unknown
unicast traffic
Connecting to the
Console Port
Display system information and statistics
The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.
Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in the Installation Guide.
To connect a terminal to the console port, complete the following steps:
1. Connect the console cable to the serial port on a terminal, or a PC running
terminal emulation software, and tighten the captive retaining screws on the DB-9 connector.
2. Connect the other end of the cable to the RS-45 serial port on the switch.
3. Make sure the terminal emulation software is set as follows:
Select the appropriate serial port (COM port 1 or COM port 2).
Set the baud rate to 115200 bps.
Set the data format to 8 data bits, 1 stop bit, and no parity.
Set flow control to none.
Set the emulation mode to VT100.
When using HyperTerminal, select Terminal keys, not Windows keys.
– 56 –
Chapter 1
| Initial Switch Configuration
Connecting to the Switch
4. Power on the switch.
After the system completes the boot cycle, the logon screen appears.
Selecting Legacy or
Hybrid Operation
Mode
The switch supports two operating modes:
Legacy Mode – Basic feature set, accessible via CLI, web interface, or SNMP.
Hybrid Mode – Provides OpenFlow agent and OF-Data Plane Abstraction flow
tables, switch configuration from OpenFlow controller, and partial legacy feature set. This operating mode is only accessible via the CLI and SNMP.
Note:
For a list of differences in the features provided by Legacy Mode and Hybrid Mode, see “Legacy and Hybrid Operating Mode Feature Set Differences” on
page 1073.
To select the operating mode, select one of the following options during bootup:
Select operation mode. If no selection is made within 5 seconds,
the mode, Legacy (example), you used last time will start automatically.....
1 - Legacy mode 2 - Hybrid mode
Select (1, 2): Operation Mode : Legacy......
Logging Onto the
Command Line
Interface
The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities. To fully configure the switch parameters, you must access the CLI at the Privileged Exec level.
Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps:
1. To initiate your console connection, press <Enter>. The “User Access
Verification” procedure starts.
2. At the User Name prompt, enter “admin.”
3. At the Password prompt, also enter “admin.” (The password characters are not
displayed on the console screen.)
4. The session is opened and the CLI displays the “Console#” prompt indicating
you have access at the Privileged Exec level.
– 57 –
Chapter 1
Connecting to the Switch
| Initial Switch Configuration
Setting Passwords If this is your first time to log into the CLI program, you should define new
passwords for both default user names using the “username” command, record them and put them in a safe place.
Passwords can consist of up to 32 alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows:
1. Open the console interface with the default user name and password “admin”
to access the Privileged Exec level.
2. Type “configure” and press <Enter>.
3. Type “username guest password 0 password,” for the Normal Exec level, where
password is your new password. Press <Enter>.
4. Type “username admin password 0 password,” for the Privileged Exec level,
where password is your new password. Press <Enter>.
Remote Connections
(Network Interface
or Craft Port)
Username: admin Password:
CLI session with the AOS5700-54X* is opened. To end the CLI session, enter [Exit].
Console#configure Console(config)#username guest password 0 [password] Console(config)#username admin password 0 [password] Console(config)#
* This manual covers the AS5700-54X 10G and AS6700-32X 40G Layer 3 Ethernet
switches. AS5700-54X and AS6700-32X are the bare metal switch names without any operating system installed. AOS5700-54X and AOS6700-32X are the same switches with the AOS operating system as described in this manual. Other than the difference in port types, there are no significant differences. Therefore most of the screen display examples are based on the AOS5700-54X.
Prior to accessing the switch’s onboard agent via a network connection, you must first configure the switch’s network interface or craft port with a valid IPv4 or IPv6 address.
The default network interface is VLAN 1 which includes ports 1-32/54. However, note that the switch also includes a Craft port on the front panel which provides a secure management channel that is isolated from all other ports on the switch. This interface is not configured with an IP address by default, but may be manually configured with an IPv4 address. The Craft port is specified with the name “craft” in the commands used to configure its IP address.
When configuring the network interface, the IP address, subnet mask, and default gateway may all be set using a console connection, or DHCP protocol as described in the following sections.
– 58 –
Chapter 1
| Initial Switch Configuration
Connecting to the Switch
An IPv4 address for the primary network interface is obtained via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP, see “Setting an IP Address” on page 62.
After configuring the switch’s IP parameters, you can access the onboard configuration program from anywhere within the attached network. The onboard configuration program can be accessed using Telnet or SSH from any computer attached to the network. The switch can also be managed by any computer using a web browser (Internet Explorer 8 or above, Mozilla Firefox 32 or above, and Google Chrome 39 or above).
Note:
This switch supports eight Telnet sessions or SSH sessions.
The onboard program only provides access to basic configuration functions. To access the full range of SNMP management functions, you must use SNMP-based network management software.
Obtaining and
Installing a License
for the Network Ports
The operational ports (that is network ports but not the craft port) are disabled by default. These ports will only function when a port usage license is obtained from your distributor and installed on the switch.
To verify whether or not a port usage license is installed on the switch, enter the following command from the craft port. If the Link Down Reason displays “Invalid or Trial License, then you need to obtain and install a license for the network ports. Note that a trial licence limits the number of usable ports, whereas a valid license provides full access to all ports.
Note:
A trial license provides access to ports 1-12 and 49-52 for one month.
Console#show interfaces status ethernet 1/1 Information of Eth 1/1 Basic Information: Member port of trunk 1 was created by user. Port Type : 10GBASE SFP+ MAC Address : 70-72-CF-EA-1B-72 Configuration: Port Admin : Up Speed-duplex : 10G full Capabilities : 10Gfull Broadcast Storm : Enabled Broadcast Storm Limit : 500 packets/second Multicast Storm : Disabled Multicast Storm Limit : 500 packets/second Unknown Unicast Storm : Disabled Unknown Unicast Storm Limit : 500 packets/second Flow Control : Disabled LACP : Disabled MAC Learning : Enabled Link-up-down Trap : Enabled Media Type : None MTU : 1518
– 59 –
Chapter 1
| Initial Switch Configuration
Connecting to the Switch
Current Status: Link Status : Down
Link Down Reason : Invalid License or Trial License
Operation Speed-duplex : 10G full Flow Control Type : None Max Frame Size : 1522 bytes (1522 bytes for tagged frames) MAC Learning Status : Enabled
To order a licence, you must provide the following information to your distributor:
Switch model number (AOS5700-54X or AOS6700-32X)
System MAC address. Enter the “show system” command from the craft port to
display this information.
Console#show system System Description : AOS5700-54X System OID String : 1.3.6.1.4.1.259.12.1.2.101 System Information System Up Time : 0 days, 1 hours, 22 minutes, and 57.7 seconds System Name : System Location : System Contact :
MAC Address (Unit 1) : 70-72-CF-EA-1B-71
Web Server : Enabled Web Server Port : 80 Web Secure Server : Enabled Web Secure Server Port : 443 Telnet Server : Enabled Telnet Server Port : 23 Jumbo Frame : Disabled ...
To install a license, first verify that the craft port is configured with a valid IP address using the “show interface” command. If no information is displayed for the craft interface, use the ”ip address” command to configure the IP address for the craft port as shown in the following example:
Console#configure Console(config)#interface craft Console(config-if)#ip address 192.168.0.200 255.255.255.0 Console(config-if)#
Download the corresponding license file as shown in the following example. Note that the license file is named according to the device MAC address. The network ports will be automatically activated within two minutes after successful installation.
Console#copy tftp file TFTP server IP address: 192.168.0.102 Choose file type:
1. config; 2. opcode; 3. license: 3 Source file name: 7072CFEB9CE4.lic
– 60 –
Chapter 1
| Initial Switch Configuration

Configuring the Switch for Remote Management

Flash programming started. Flash programming completed. Success.
To display information on the installed file, enter the “show license file” command.
Console#show license file aos-license/1.0 Name: Steve Rayward
CPU-MAC-Address: 70-72-CF-EA-1B-71
Project-Number: AOS5700-54X License-Number: fef8deac-da47-43e5-9749-8e388b12dddc License-Issue-Date: Fri May 8 05:41:01 2015
License-Valid-Start-Date: Fri May 8 00:00:00 2015 License-Valid-End-Date: Tue Jun 30 23:59:59 2015
License-Access-List: gf5zGdtiN8WPaSgQEPBm7WsU0MvylPKyKIC0mfIjbeCRz1GrK1TVm3IB Yk9QLzbZl2Yq5OfZyseMpOszYpRFmxD969aLn9oWFYfUAX9pZi2KRp+A6m+PwYYaABDFw5NxoumC yqS0vvZO63d8jpvoZMuBu+C69uIHmGw0dWKjtGwHty5xWDfMY44LvZbfktH7vTmVgnm/Ty/mSwll lJd FtWTPfC7rRzXcngfiiMUmbJs= Signature1: ImNS2m9IqBDVxzTsw+PZnHvFC6Z+irLIDylJNWPn65Lpv/AtxzmEAAhPrXgHJk4P9 VcNnYGmJ6CB0X9jnWYox86W5RCB6p+HbC7MFDY0gtUFmfNz16th+DaWOi+m2gAvc5Y/mXS9l/LZt 9Kcm4EfBi7Qxv2r0qayPu/QN9LMqOAi0RFs48Rz752fCwnCWgUYtgzI9YnK/Eq3lsWDC+w7y2CDS vF/5IWGvr2xF5QFXJM8UG7BmK6A1fED/4CBjxwCgjRdTC/EAAllBN1/rHNNVGE82b6RhcBbmpgay ijNc+ouARNguSIQdNfL8OrE7EdB3xLuxqw0WkAkLxvLMdJwtA== Signature2: Gnd3p8D/ TuSee5ol1s3TF3fuGazqWaqYSy270I97Syoaztq3DfsAtd0NPoVOabb8iWqIGFqy43ieDkIaYB+E pTZkUY8vFt6JOiIDsPQLrzu8W+HU6xcX9YS0UmBisZoSHSu+eJeHzpGupwdYhccOQ5gL2O5YK9f1 LGjsQz8sjHVwaa7u7NsOu26zt1XGrwq1Pj5jIzJc6uJ7QZBicjqbpqhNyUM9vmx2qnwYALfz2k8e 4IEsim3NrkleEkMcJTcHk7KiAkat5sEq83vgOoA0l+m/4fGC8Gmw84LPhSbeHwZDqY8Ziedt tfX9IYDhU1DMh7ZlhMXsDVOWv+WQVYi22Q== Console#
Configuring the Switch for Remote Management
Using the Service Port
or Network Interface
The service port is a dedicated for out-of-band management. In general, the service port should be used to manage the switch for security reasons. Traffic on this port is segregated from normal network traffic on other switch ports and cannot be switched or routed to the operational network. Additionally, if the operational network is experiencing problems, the service port still allows you to access the switch’s management interface and troubleshoot network problems. Configuration options on the service port are limited, which makes it difficult to accidentally cut off management access to the switch.
Alternatively, the switch can be managed through the operational network, known as in-band management. Because in-band management traffic is mixed in with operational network traffic, it is subject to all of the filtering rules usually applied to a standard network ports such as ACLs and VLAN tagging. In-band network management can be accessed via a connection to any network port (1-32/54).
– 61 –
Chapter 1
Configuring the Switch for Remote Management
| Initial Switch Configuration
Setting an IP Address You must establish IP address information for the switch to obtain management
access through the network. This can be done in either of the following ways:
Manual — You have to input the information, including IP address and subnet
mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router.
Dynamic — The switch can send IPv4 configuration requests to DHCP address
allocation servers on the network, or can automatically generate a unique IPv6 host address based on the local subnet address prefix received in router advertisement messages. An IPv6 link local address for use in a local network can also be dynamically generated as described in “Obtaining an IPv6 Address”
on page 66.
This switch is designed as a router, and therefore does not support DHCP for IPv6, so an IPv6 global unicast address for use in a network containing more than one subnet can only be manually configured as described in “Assigning an
IPv6 Address” on page 63.
Manual Configuration
You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IPv4 addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program.
Note:
The IPv4 address for the network interface on this switch is obtained via DHCP by default.
Assigning an IPv4 Address
Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:
IP address for the switch
Network mask for this network
Default gateway for the network
To assign an IPv4 address to the switch, complete the following steps
1. From the Global Configuration mode prompt, type “interface vlan 1” to access
the interface-configuration mode. Press <Enter>.
2. Type “ip address ip-address netmask,” where “ip-address” is the switch IP
address and “netmask” is the network mask for the network. Press <Enter>.
3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.
– 62 –
Chapter 1
| Initial Switch Configuration
Configuring the Switch for Remote Management
4. To set the IP address of the default gateway for the network to which the switch
belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway. Press <Enter>.
Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254
Assigning an IPv6 Address
This section describes how to configure a “link local” address for connectivity within the local subnet only, and also how to configure a “global unicast” address, including a network prefix for use on a multi-segment network and the host portion of the address.
An IPv6 prefix or address must be formatted according to RFC 2373 “IPv6 Addressing Architecture,” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields. For detailed information on the other ways to assign IPv6 addresses, see “IPv6 Interface” on page 754.
Link Local Address — All link-local addresses must be configured with a prefix in the range of FE80~FEBF. Remember that this address type makes the switch accessible over IPv6 for all devices attached to the same local subnet only. Also, if the switch detects that the address you configured conflicts with that in use by another device on the subnet, it will stop using the address in question, and automatically generate a link local address that does not conflict with any other devices on the local subnet.
To configure an IPv6 link local address for the switch, complete the following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to access
the interface-configuration mode. Press <Enter>.
2. Type “ipv6 address” followed by up to 8 colon-separated 16-bit hexadecimal
values for the ipv6-address similar to that shown in the example, followed by the “link-local” command parameter. Then press <Enter>.
Console(config)#interface vlan 1 Console(config-if)#ipv6 address FE80::260:3EFF:FE11:6700 link-local Console(config-if)#ipv6 enable Console(config-if)#end Console#show ipv6 interface VLAN 1 is up IPv6 is enabled. Link-local address: fe80::260:3eff:fe11:6700%1/64 Global unicast address(es): (None) Joined group address(es): ff02::2 ff02::1:ff00:0
– 63 –
Chapter 1
| Initial Switch Configuration
Configuring the Switch for Remote Management
ff02::1:ff11:6700 ff02::1:2 ff02::1 IPv6 link MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1. ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised router lifetime is 1800 seconds
Console#
Address for Multi-segment Network — Before you can assign an IPv6 address to the switch that will be used to connect to a multi-segment network, you must obtain the following information from your network administrator:
Prefix for this network
IP address for the switch
Default gateway for the network
For networks that encompass several different subnets, you must define the full address, including a network prefix and the host address for the switch. You can specify either the full IPv6 address, or the IPv6 address and prefix length. The prefix length for an IPv6 network is the number of bits (from the left) of the prefix that form the network address, and is expressed as a decimal number. For example, all IPv6 addresses that start with the first byte of 73 (hexadecimal) could be expressed as 73:0:0:0:0:0:0:0/8 or 73::/8.
To generate an IPv6 global unicast address for the switch, complete the following steps:
1. From the global configuration mode prompt, type “interface vlan 1” to access
the interface-configuration mode. Press <Enter>.
2. From the interface prompt, type “ipv6 address ipv6-address” or “ipv6 address
ipv6-address/prefix-length,” where “prefix-length” indicates the address bits
used to form the network portion of the address. (The network address starts from the left of the prefix and should encompass some of the ipv6-address bits.) The remaining bits are assigned to the host interface. Press <Enter>.
3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.
4. To set the IP address of the IPv6 default gateway for the network to which the
switch belongs, type “ipv6 default-gateway gateway,” where “gateway” is the IPv6 address of the default gateway. Press <Enter>.
Console(config)#interface vlan 1 Console(config-if)#ipv6 address 2001:DB8:2222:7272::/64 Console(config-if)#exit Console(config)#ipv6 default-gateway 2001:DB8:2222:7272::254 Console(config)end
– 64 –
Chapter 1
| Initial Switch Configuration
Configuring the Switch for Remote Management
Console#show ipv6 interface VLAN 1 is up IPv6 is enabled. Link-local address: fe80::260:3eff:fe11:6700%1/64 Global unicast address(es): 2001:db8:2222:7272::/64, subnet is 2001:db8:2222:7272::/64 Joined group address(es): ff02::2 ff02::1:ff00:0 ff02::1:ff11:6700 ff02::1:2 ff02::1 IPv6 link MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1. ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised router lifetime is 1800 seconds
Console#show ipv6 default-gateway ipv6 default gateway: 2001:DB8:2222:7272::254 Console#
Dynamic Configuration
Obtaining an IPv4 Address
If you select the “dhcp” option, the system will immediately start broadcasting service requests. IP will be enabled but will not function until a DHCP reply has been received. Requests are broadcast every few minutes using exponential backoff until IP configuration information is obtained from a DHCP server. DHCP values can include the IP address, subnet mask, and default gateway. If the DHCP server is slow to respond, you may need to use the “ip dhcp restart client” command to re-start broadcasting service requests.
Note that the “ip dhcp restart client” command can also be used to start broadcasting service requests for all VLANs configured to obtain address assignments through DHCP. It may be necessary to use this command when DHCP is configured on a VLAN, and the member ports which were previously shut down are now enabled.
If the “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service requests as soon as it is powered on.
To automatically configure the switch by communicating with DHCP address allocation servers on the network, complete the following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to access
the interface-configuration mode. Press <Enter>.
2. At the interface-configuration mode prompt, use the following command:
To obtain IP settings via DHCP, type “ip address dhcp” and press <Enter>.
– 65 –
Chapter 1
| Initial Switch Configuration
Configuring the Switch for Remote Management
3. Type “end” to return to the Privileged Exec mode. Press <Enter>.
4. Wait a few minutes, and then check the IP configuration settings by typing the
“show ip interface” command. Press <Enter>.
5. Then save your configuration changes by typing “copy running-config startup-
config.” Enter the startup file name and press <Enter>.
Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#show ip interface VLAN 1 is Administrative Up - Link Up Address is 00-E0-0C-00-00-FB Index: 1001, MTU: 1500 Address Mode is DHCP IP Address: 192.168.0.2 Mask: 255.255.255.0 Proxy ARP is disabled Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming.
\Write to FLASH finish. Success.
Obtaining an IPv6 Address
Link Local Address — There are several ways to configure IPv6 addresses. The simplest method is to automatically generate a “link local” address (identified by an address prefix in the range of FE80~FEBF). This address type makes the switch accessible over IPv6 for all devices attached to the same local subnet.
To generate an IPv6 link local address for the switch, complete the following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to access
the interface-configuration mode. Press <Enter>.
2. Type “ipv6 enable” and press <Enter>.
Console(config)#interface vlan 1 Console(config-if)#ipv6 enable Console(config-if)#end Console#show ipv6 interface VLAN 1 is up IPv6 is enabled Link-local address: FE80::260:3EFF:FE11:6700/64 Global unicast address(es): 2001:DB8:2222:7272::/64, subnet is 2001:DB8:2222:7272::/64 Joined group address(es): FF02::1:FF00:0 FF02::1:FF11:6700 FF02::1 IPv6 link MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1. ND retransmit interval is 1000 milliseconds
– 66 –
ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised router lifetime is 1800 seconds
Console#

Enabling SNMP Management Access

The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as Edge -Core ECView Pro. You can configure the switch to respond to SNMP requests or generate SNMP traps.
When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.
Chapter 1
| Initial Switch Configuration
Enabling SNMP Management Access
The switch includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients. To provide management access for version 1 or 2c clients, you must specify a community string. The switch provides a default MIB View (i.e., an SNMPv3 construct) for the default “public” community string that provides read access to the entire MIB tree, and a default view for the “private” community string that provides read/write access to the entire MIB tree. However, you may assign new views to version 1 or 2c community strings that suit your specific security requirements (see snmp-server view command).
Community Strings (for SNMP version 1 and 2c clients)
Community strings are used to control management access to SNMP version 1 and 2c stations, as well as to authorize SNMP stations to receive trap messages from the switch. You therefore need to assign community strings to specified users, and set the access level.
The default strings are:
public - with read-only access. Authorized management stations are only able
to retrieve MIB objects.
private - with read/write access. Authorized management stations are able to
both retrieve and modify MIB objects.
To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you change the default community strings.
– 67 –
Chapter 1
Enabling SNMP Management Access
| Initial Switch Configuration
To configure a community string, complete the following steps:
1. From the Privileged Exec level global configuration mode prompt, type “snmp-
2. To remove an existing string, simply type “no snmp-server community string,”
Console(config)#snmp-server community admin rw Console(config)#snmp-server community private Console(config)#
Note:
recommend that you delete both of the default community strings. If there are no community strings, then SNMP management access from SNMP v1 and v2c clients is disabled.
server community string mode,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press <Enter>. (Note that the default mode is read only.)
where “string” is the community access string to remove. Press <Enter>.
If you do not intend to support access to SNMP version 1 and 2c clients, we
Trap Receivers
You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, use the “snmp-server host” command. From the Privileged Exec level global configuration mode prompt, type:
“snmp-server host host-address community-string [version {1 | 2c | 3 {auth |
noauth | priv}}]”
where “host-address” is the IP address for the trap receiver, “community-string” specifies access rights for a version 1/2c host, or is the user name of a version 3 host, “version” indicates the SNMP client version, and “auth | noauth | priv” means that authentication, no authentication, or authentication and privacy is used for v3 clients. Then press <Enter>. For a more detailed description of these parameters, see the snmp-server host command. The following example creates a trap host for each type of SNMP client.
Console(config)#snmp-server host 10.1.19.23 batman Console(config)#snmp-server host 10.1.19.98 robin version 2c Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth Console(config)#
Configuring Access for SNMP Version 3 Clients
To configure management access for SNMPv3 clients, you need to first create a view that defines the portions of MIB that the client can read or write, assign the view to a group, and then assign the user to a group. The following example creates one view called “mib-2” that includes the entire MIB-2 tree branch, and then
– 68 –
Chapter 1
| Initial Switch Configuration

Managing System Files

another view that includes the IEEE 802.1d bridge MIB. It assigns these respective read and read/write views to a group call “r&d” and specifies group authentication via MD5 or SHA. In the last step, it assigns a v3 user to this group, indicating that MD5 will be used for authentication, provides the password “greenpeace” for authentication, and the password “einstien” for encryption.
Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included Console(config)#snmp-server group r&d v3 auth mib-2 802.1d Console(config)#snmp-server user steve r&d v3 auth md5 greenpeace priv des56
einstien
Console(config)#
For a more detailed explanation on how to configure the switch for access from SNMP v3 clients, refer to the CLI Reference Guide or Web Management Guide.
Managing System Files
The switch’s flash memory supports three types of system files that can be managed by the CLI program, the web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file. The types of files are:
Configuration — This file type stores system configuration information and is
Operation Code — System software that is executed after boot-up, also
created when configuration settings are saved. Saved configuration files can be selected as a system start-up file or can be uploaded via FTP/TFTP to a server for backup. The file named “Factory_Default_Config.cfg” contains all the system default settings and cannot be deleted from the system. If the system is booted with the factory default settings, the switch will also create a file named “startup1.cfg” that contains system settings for switch initialization, including information about the unit identifier, and MAC address for the switch. The configuration settings from the factory defaults configuration file are copied to this file, which is then used to boot the switch. See “Saving or Restoring
Configuration Settings” on page 71 for more information.
known as run-time code. This code runs the switch operations and provides the CLI and web management interfaces.
Diagnostic Code — Software that is run during system boot-up, also known as
POST (Power On Self-Test).
Note:
The Boot ROM and Loader cannot be uploaded or downloaded from the FTP/TFTP server. You must follow the instructions in the release notes for new firmware, or contact your distributor for help.
– 69 –
Chapter 1
| Initial Switch Configuration
Managing System Files
Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many diagnostic code files and configuration files as available flash memory space allows. The switch has a total of 2 GB of flash memory for system files.
In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operation code files set as the start-up file are run, and then the start-up configuration file is loaded.
Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running­config, the system will reboot, and the settings will have to be copied from the running-config to a permanent file.
Upgrading the
Operation Code
The following example shows how to download new firmware to the switch and activate it. The TFTP server could be any standards-compliant server running on Windows or Linux. When downloading from an FTP server, the logon interface will prompt for a user name and password configured on the remote server. Note that “anonymous” is set as the default user name.
File names on the switch are case-sensitive. The destination file name should not contain slashes (\ or /), and the maximum length for file names is 32 characters for files on the switch or 128 characters for files on the server. (Valid characters: A-Z, a-z, 0-9, “.”, “-”)
Console#copy tftp file TFTP server ip address: 10.1.0.19 Choose file type:
1. config: 2. opcode: 2 Source file name: m360.bix Destination file name: m360.bix \Write to FLASH Programming.
-Write to FLASH finish. Success. Console#config Console(config)#boot system opcode: m360.bix Console(config)#exit Console#dir
File Name Type Startup Modify Time Size(bytes)
-------------------------- -------------- ------- ------------------- ---------­ Unit 1: runtime.bix OpCode Y 1972-05-18 21:50:04 32842013 Factory_Default_Config.cfg Config N 2014-12-30 02:34:32 455 startup1.cfg Config Y 2014-12-30 02:34:38 2917
----------------------------------------------------------------------------­ Free space for compressed user config files:1593241600
Console#
– 70 –
Chapter 1
| Initial Switch Configuration
Managing System Files
Saving or Restoring
Configuration
Settings
Configuration commands only modify the running configuration file and are not saved when the switch is rebooted. To save all your configuration changes in nonvolatile storage, you must copy the running configuration file to the start-up configuration file using the “copy” command.
New startup configuration files must have a name specified. File names on the switch are case-sensitive, can be from 1 to 31 characters, must not contain slashes (\ or /), and the leading letter of the file name must not be a period (.). (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
There can be more than one user-defined configuration file saved in the switch’s flash memory, but only one is designated as the “startup” file that is loaded when the switch boots. The copy running-config startup-config command always sets the new file as the startup file. To select a previously saved configuration file, use the boot system config:<filename> command.
The maximum number of saved configuration files depends on available flash memory. The amount of available flash memory can be checked by using the dir command.
To save the current configuration settings, enter the following command:
1. From the Privileged Exec mode prompt, type “copy running-config startup-
config” and press <Enter>.
2. Enter the name of the start-up file. Press <Enter>.
Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming.
\Write to FLASH finish. Success.
Console#
To restore configuration settings from a backup server, enter the following command:
1. From the Privileged Exec mode prompt, type “copy tftp startup-config” and
press <Enter>.
2. Enter the address of the TFTP server. Press <Enter>.
3. Enter the name of the startup file stored on the server. Press <Enter>.
4. Enter the name for the startup file on the switch. Press <Enter>.
– 71 –
Chapter 1

Configuring Automatic Installation of Operation Code and Configuration Settings

| Initial Switch Configuration
Console#copy tftp startup-config TFTP server IP address: 192.168.0.4 Source configuration file name: startup-rd.cfg Startup configuration file name [startup1.cfg]:
Success. Console#
Configuring Automatic Installation of Operation Code and Configuration Settings
Downloading
Operation Code from
a File Server
Automatic Operation Code Upgrade can automatically download an operation code file when a file newer than the currently installed one is discovered on the file server. After the file is transferred from the server and successfully written to the file system, it is automatically set as the startup file, and the switch is rebooted.
Usage Guidelines
If this feature is enabled, the switch searches the defined URL once during the
bootup sequence.
FTP (port 21) and TFTP (port 69) are both supported. Note that the TCP/UDP
port bindings cannot be modified to support servers listening on non-standard ports.
The host portion of the upgrade file location URL must be a valid IPv4 IP
address. DNS host names are not recognized. Valid IP addresses consist of four numbers, 0 to 255, separated by periods.
The path to the directory must also be defined. If the file is stored in the root
directory for the FTP/TFTP service, then use the “/” to indicate this (e.g., ftp://
192.168.0.1/).
The file name must not be included in the upgrade file location URL. The file
name of the code stored on the remote server must be ecs5610-52s.bix (using lower case letters as indicated).
The FTP connection is made with PASV mode enabled. PASV mode is needed to
traverse some fire walls, even if FTP traffic is not blocked. PASV mode cannot be disabled.
The switch-based search function is case-insensitive in that it will accept a file
name in upper or lower case (i.e., the switch will accept AOS5700-54X.BIX from the server even though AOS5700-54X.bix was requested). However, keep in mind that the file systems of many operating systems such as Unix and most Unix-like systems (FreeBSD, NetBSD, OpenBSD, and most Linux distributions, etc.) are case-sensitive, meaning that two files in the same directory, aos5700-52x.bix. and AOS5700-54X.BIX are considered to be unique files. Thus, if
– 72 –
Chapter 1
Configuring Automatic Installation of Operation Code and Configuration Settings
| Initial Switch Configuration
the upgrade file is stored as AOS5700-54X.BIX (or even Aos5700-54x.bix) on a case-sensitive server, then the switch (requesting AOS5700-54X.bix) will not be upgraded because the server does not recognize the requested file name and the stored file name as being equal. A notable exception in the list of case­sensitive Unix-like operating systems is Mac OS X, which by default is case­insensitive. Please check the documentation for your server’s operating system if you are unsure of its file system’s behavior.
Note that the switch itself does not distinguish between upper and lower-case
file names, and only checks to see if the file stored on the server is more recent than the current runtime image.
If two operation code image files are already stored on the switch’s file system,
then the non-startup image is deleted before the upgrade image is transferred.
The automatic upgrade process will take place in the background without
impeding normal operations (data switching, etc.) of the switch.
During the automatic search and transfer process, the administrator cannot
transfer or update another operation code image, configuration file, public key, or HTTPS certificate (i.e., no other concurrent file management operations are possible).
The upgrade operation code image is set as the startup image after it has been
successfully written to the file system.
The switch will send an SNMP trap and make a log entry upon all upgrade
successes and failures.
The switch will immediately restart after the upgrade file is successfully written
to the file system and set as the startup image.
To enable automatic upgrade, enter the following commands:
1. Specify the TFTP or FTP server to check for new operation code.
When specifying a TFTP server, the following syntax must be used, where filedir indicates the path to the directory containing the new image:
tftp://192.168.0.1[/filedir]/
When specifying an FTP server, the following syntax must be used, where filedir indicates the path to the directory containing the new image:
ftp://[username[:password@]]192.168.0.1[/filedir]/
If the user name is omitted, “anonymous” will be used for the connection. If the password is omitted a null string (“”) will be used for the connection.
– 73 –
Chapter 1
| Initial Switch Configuration
Configuring Automatic Installation of Operation Code and Configuration Settings
This shows how to specify a TFTP server where new code is stored.
Console(config)#upgrade opcode path tftp://192.168.0.1/sm24/ Console(config)#
This shows how to specify an FTP server where new code is stored.
Console(config)#upgrade opcode path ftp://admin:billy@192.168.0.1/sm24/ Console(config)#
2. Set the switch to automatically reboot and load the new code after the opcode
upgrade is completed.
Console(config)#upgrade opcode reload Console(config)#
3. Set the switch to automatically upgrade the current operational code when a
new version is detected on the server. When the switch starts up and automatic image upgrade is enabled by this command, the switch will follow these steps when it boots up:
a. It will search for a new version of the image at the location specified by
upgrade opcode path command. The name for the new image stored on
the TFTP server must be aos5700-54x.bix. If the switch detects a code version newer than the one currently in use, it will download the new image. If two code images are already stored in the switch, the image not set to start up the system will be overwritten by the new version.
b. After the image has been downloaded, the switch will send a trap message
to log whether or not the upgrade operation was successful.
c. It sets the new version as the startup image.
d. It then restarts the system to start using the new image.
Console(config)#upgrade opcode auto Console(config)#
4. Display the automatic upgrade settings.
Console#show upgrade Auto Image Upgrade Global Settings: Status : Enabled Reload Status : Enabled Path : File Name : aos5700-54x.bix Console#
– 74 –
Chapter 1
Configuring Automatic Installation of Operation Code and Configuration Settings
| Initial Switch Configuration
Specifying a DHCP
Client Identifier
DHCP servers index their database of address bindings using the client’s Media Access Control (MAC) Address or a unique client identifier. The client identifier is used to identify the vendor class and configuration of the switch to the DHCP server, which then uses this information to decide on how to service the client or the type of information to return.
DHCP client Identifier (Option 60) is used by DHCP clients to specify their unique identifier. The client identifier is optional and can be specified while configuring DHCP on the primary network interface. DHCP Option 60 is disabled by default.
The general framework for this DHCP option is set out in RFC 2132 (Option 60). This information is used to convey configuration settings or other identification information about a client, but the specific string to use should be supplied by your service provider or network administrator. Options 60 (vendor-class-identifier), 66 (tftp-server-name) and 67 (bootfile-name) statements can be added to the server daemon’s configuration file as described in the following section.
If the DHCP server has an index entry for a switch requesting service, it should reply with the TFTP server name and boot file name. Note that the vendor class identifier can be formatted in either text or hexadecimal, but the format used by both the client and server must be the same.
Downloading a
Configuration File
Referenced by a
DHCP Server
Console(config)#interface vlan 2 Console(config-if)#ip dhcp client class-id hex 0000e8666572 Console(config-if)#
Information passed on to the switch from a DHCP server may also include a configuration file to be downloaded and the TFTP servers where that file can be accessed. If the Factory Default Configuration file is used to provision the switch at startup, in addition to requesting IP configuration settings from the DHCP server, it will also ask for the name of a bootup configuration file and TFTP servers where that file is stored.
If the switch receives information that allows it to download the remote bootup file, it will save this file to a local buffer, and then restart the provision process.
Note the following DHCP client behavior:
The bootup configuration file received from a TFTP server is stored on the
switch with the original file name. If this file name already exists in the switch, the file is overwritten.
If the name of the bootup configuration file is the same as the Factory Default
Configuration file, the download procedure will be terminated, and the switch will not send any further DHCP client requests.
– 75 –
Chapter 1
Configuring Automatic Installation of Operation Code and Configuration Settings
| Initial Switch Configuration
If the switch fails to download the bootup configuration file based on
information passed by the DHCP server, it will not send any further DHCP client requests.
If the switch does not receive a DHCP response prior to completing the bootup
process, it will continue to send a DHCP client request once a minute. These requests will only be terminated if the switch’s address is manually configured, but will resume if the address mode is set back to DHCP.
To successfully transmit a bootup configuration file to the switch, the DHCP daemon (using a Linux based system for this example) must be configured with the following information:
Options 60, 66 and 67 statements can be added to the daemon’s configuration
file.
Table 2: Options 60, 66 and 67 Statements
Option
Keyword Parameter
60 vendor-class-identifier a string indicating the vendor class identifier
66 tftp-server-name a string indicating the tftp server name
67 bootfile-name a string indicating the bootfile name
By default, DHCP option 66/67 parameters are not carried in a DHCP server
Statement
reply. To ask for a DHCP reply with option 66/67 information, the DHCP client request sent by this switch includes a “parameter request list” asking for this information. Besides these items, the client request also includes a “vendor class identifier” that allows the DHCP server to identify the device, and select the appropriate configuration file for download. This information is included in Option 55 and 124.
Table 3: Options 55 and 124 Statements
Option
Keyword Parameter
55 dhcp-parameter-request-list a list of parameters, separated by a comma ', '
124 vendor-class-identifier a string indicating the vendor class identifier
Statement
The following configuration example is provided for a Linux-based DHCP daemon (dhcpd.conf file). In the “Vendor class” section, the server will always send Option 66 and 67 to tell the switch to download the “test” configuration file from server
192.168.255.101.
ddns-update-style ad-hoc;
default-lease-time 600; max-lease-time 7200;
– 76 –
Chapter 1
log-facility local7;
server-name "Server1"; Server-identifier 192.168.255.250; #option 66, 67 option space dynamicProvision code width 1 length 1 hash size 2; option dynamicProvision.tftp-server-name code 66 = text; option dynamicProvision.bootfile-name code 67 = text;
subnet 192.168.255.0 netmask 255.255.255.0 { range 192.168.255.160 192.168.255.200; option routers 192.168.255.101; option tftp-server-name "192.168.255.100"; #Default Option 66 option bootfile-name "bootfile"; #Default Option 67 }
class "Option66,67_1" { #DHCP Option 60 Vendor class two match if option vendor-class-identifier = "aos5700-54x.cfg"; option tftp-server-name "192.168.255.101"; option bootfile-name "test"; }
| Initial Switch Configuration

Setting the System Clock

Note:
Setting the System Clock
Simple Network Time Protocol (SNTP) or Network Time Protocol (NTP) can be used to set the switch’s internal clock based on periodic updates from a time server. Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. You can also manually set the clock. If the clock is not set manually or via SNTP or NTP, the switch will only record the time from the factory default set at the last bootup.
When the SNTP client is enabled, the switch periodically sends a request for a time update to a configured time server. You can configure up to three time server IP addresses. The switch will attempt to poll each server in the configured sequence.
The switch also supports the following time settings:
Time Zone – You can specify the offset from Coordinated Universal Time (UTC),
Use “aos5700-54x.cfg” for the vendor-class-identifier in the dhcpd.conf file.
also known as Greenwich Mean Time (GMT).
Summer Time/Daylight Saving Time (DST) – In some regions, the time shifts by
one hour in the fall and spring. The switch supports manual entry for one-time or recurring clock shifts.
– 77 –
Chapter 1
| Initial Switch Configuration
Setting the System Clock
Setting the Time
Manually
To manually set the clock to 14:11:36, April 1st, 2013, enter this command.
Console#calendar set 14 11 36 1 April 2013 Console#
To set the time zone, enter a command similar to the following.
Console(config)#clock timezone Japan hours 8 after-UTC Console(config)#
To set the time shift for summer time, enter a command similar to the following.
Console(config)#clock summer-time SUMMER date 2 april 2013 0 0 30 june 2013 0
0
Console(config)#
To display the clock configuration settings, enter the following command.
Console#show calendar Current Time : Apr 2 15:56:12 2013 Time Zone : UTC, 08:00 Summer Time : SUMMER, offset 60 minutes Apr 2 2013 00:00 to Jun 30 2013 00:00 Summer Time in Effect : Yes Console#
Configuring SNTP Setting the clock based on an SNTP server can provide more accurate clock
synchronization across network switches than manually-configured time. To configure SNTP, set the switch as an SNTP client, and then set the polling interval, and specify a time server as shown in the following example.
Console(config)#sntp client Console(config)#sntp poll 60 Console(config)#sntp server 10.1.0.19 Console(config)#exit Console#show sntp Current Time : Apr 2 16:06:07 2013 Poll Interval : 60 seconds Current Mode : Unicast SNTP Status : Enabled SNTP Server : 10.1.0.19 Current Server : 10.1.0.19 Console#
– 78 –
Chapter 1
| Initial Switch Configuration
Setting the System Clock
Configuring NTP Requesting the time from a an NTP server is the most secure method. You can
enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers. The authentication keys and their associated key number must be centrally managed and manually distributed to NTP servers and clients. The key numbers and key values must match on both the server and client.
When more than one time server is configured, the client will poll all of the time servers, and compare the responses to determine the most reliable and accurate time update for the switch.
To configure NTP time synchronization, enter commands similar to the following.
Console(config)#ntp client Console(config)#ntp authentication-key 45 md5 thisiskey45 Console(config)#ntp authenticate Console(config)#ntp server 192.168.3.20 Console(config)#ntp server 192.168.3.21 Console(config)#ntp server 192.168.5.23 key 19 Console(config)#exit Console#show ntp Current Time : Apr 29 13:57:32 2011 Polling : 1024 seconds Current Mode : unicast NTP Status : Enabled NTP Authenticate Status : Enabled Last Update NTP Server : 192.168.0.88 Port: 123 Last Update Time : Mar 12 02:41:01 2013 UTC NTP Server 192.168.0.88 version 3 NTP Server 192.168.3.21 version 3 NTP Server 192.168.4.22 version 3 key 19 NTP Authentication Key 19 md5 42V68751663T6K11P2J307210R885
Current Time : Apr 2 16:28:34 2013 Polling : 1024 seconds Current Mode : unicast NTP Status : Enabled NTP Authenticate Status : Enabled Last Update NTP Server : 192.168.5.23 Port: 0 Last Update Time : Apr 2 16:00:00 2013 UTC NTP Server 192.168.3.20 version 3 NTP Server 192.168.3.21 version 3 NTP Server 192.168.5.23 version 3 key 19 NTP Authentication Key 45 md5 2662T75S5658RU5424180034777 Console#
– 79 –
Chapter 1
Setting the System Clock
| Initial Switch Configuration
– 80 –
Section II

Command Line Interface

This section provides a detailed description of the Command Line Interface, along with examples for all of the commands.
This section includes these chapters:
“Using the Command Line Interface” on page 83
“General Commands” on page 95
“System Management Commands” on page 103
“SNMP Commands” on page 181
“Remote Monitoring Commands” on page 203
“Authentication Commands” on page 211
“General Security Measures” on page 255
“Access Control Lists” on page 335
“Interface Commands” on page 359
“Link Aggregation Commands” on page 389
“Port Mirroring Commands” on page 409
“Congestion Control Commands” on page 419
“Loopback Detection Commands” on page 423
“UniDirectional Link Detection Commands” on page 429
“Address Table Commands” on page 437
“Spanning Tree Commands” on page 443
“VLAN Commands” on page 467
– 81 –
Section II
| Command Line Interface
“Class of Service Commands” on page 507
“Quality of Service Commands” on page 527
“Multicast Filtering Commands” on page 581
“LLDP Commands” on page 653
“CFM Commands” on page 681
“DHCP Commands” on page 733
“IP Interface Commands” on page 741
“VRRP Commands” on page 791
“IP Routing Commands” on page 801
“Multicast Routing Commands” on page 1013
– 82 –
2 Using the Command Line
Interface
This chapter describes how to use the Command Line Interface (CLI).

Accessing the CLI

When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet or Secure Shell connection (SSH), the switch can be managed by entering command keywords and parameters at the prompt. Using the switch's command-line interface (CLI) is very similar to entering commands on a UNIX system.
Console Connection To access the switch through the console port, perform these steps:
1. At the console prompt, enter the user name and password. (The default user
names are “admin” and “guest” with corresponding passwords of “admin” and “guest.”) When the administrator user name and password is entered, the CLI displays the “Console#” prompt and enters privileged access mode (i.e., Privileged Exec). But when the guest user name and password is entered, the CLI displays the “Console>” prompt and enters normal access mode (i.e., Normal Exec).
2. Enter the necessary commands to complete your desired tasks.
3. When finished, exit the session with the “quit” or “exit” command.
After connecting to the system through the console port, the login screen displays:
User Access Verification Username: admin Password: CLI session with the AOS5700-54X is opened. To end the CLI session, enter [Exit]. Console#
Telnet Connection Telnet operates over the IP transport protocol. In this environment, your
management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Each address consists of a network portion and host
– 83 –
Chapter 2
Accessing the CLI
| Using the Command Line Interface
portion. For example, the IP address assigned to this switch, 10.1.0.1, consists of a network portion (10.1.0) and a host portion (1).
Note:
The IP address for this switch is obtained via DHCP by default.
To access the switch through a Telnet session, you must first set the IP address for the Master unit, and set the default gateway if you are managing the switch from a different IP subnet. For example,
Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.254 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.254 Console(config)#
If your corporate network is connected to another network outside your office or to the Internet, you need to apply for a registered IP address. However, if you are attached to an isolated network, then you can use any IP address that matches the network segment to which you are attached.
After you configure the switch with an IP address, you can open a Telnet session by performing these steps:
1. From the remote host, enter the Telnet command and the IP address of the
device you want to access.
2. At the prompt, enter the user name and system password. The CLI will display
the “Vty-n#” prompt for the administrator to show that you are using privileged access mode (i.e., Privileged Exec), or “Vty-n>” for the guest to show that you are using normal access mode (i.e., Normal Exec), where n indicates the number of the current Telnet session.
3. Enter the necessary commands to complete your desired tasks.
4. When finished, exit the session with the “quit” or “exit” command.
After entering the Telnet command, the login screen displays:
Username: admin Password:
CLI session with the AOS5700-54X is opened. To end the CLI session, enter [Exit].
Vty-0#
Note:
You can open up to eight sessions to the device via Telnet or SSH.
– 84 –

Entering Commands

Chapter 2
| Using the Command Line Interface
This section describes how to enter CLI commands.
Entering Commands
Keywords and
Arguments
A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces status ethernet 1/5,” show interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/5 specifies the unit/port.
You can enter commands as follows:
To enter a simple command, enter the command keyword.
To enter multiple commands, enter each command in the required order. For
example, to enable Privileged Exec command mode, and display the startup configuration, enter:
Console>enable Console#show startup-config
To enter commands that require parameters, enter the required parameters
after the command keyword. For example, to set a password for the administrator, enter:
Console(config)#username admin password 0 smith
Minimum
Abbreviation
Command
Completion
The CLI will accept a minimum number of characters that uniquely identify a command. For example, the command “configure” can be entered as con. If an entry is ambiguous, the system will prompt for further input.
If you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to the point of ambiguity. In the “logging history” example, typing log followed by a tab will result in printing the command up to “logging.”
– 85 –
Chapter 2
| Using the Command Line Interface
Entering Commands
Getting Help on
Commands
You can display a brief description of the help system by entering the help command. You can also display command syntax by using the “?” character to list keywords or parameters.
Showing Commands
If you enter a “?” at the command prompt, the system will display the first level of keywords or command groups. You can also display a list of valid keywords for a specific command. For example, the command “show ?” displays a list of possible show commands:
Console#show ? access-group Access groups access-list Access lists arp Information of ARP cache banner Banner info bridge-ext Bridge extension information calendar Date and time information class-map Displays class maps cn Displays congestion notification information dcbx DCBX debug State of each debugging option dns DNS information dot1q-tunnel 802.1Q tunnel dot1x 802.1X content ecmp ECMP information ethernet Shows Metro Ethernet information ets 802.1Qaz configuration hardware Hardware ralated functions hash-selection Hash selection lists history Shows history information hosts Host information interfaces Shows interface information ip IP information ipv6 IPv6 information l2protocol-tunnel Layer 2 protocol tunneling configuration lacp LACP statistics license show license line TTY line information lldp LLDP location-led Location LED operation log Log records logging Logging setting loop Shows the information of loopback loopback-detection Shows loopback detection information mac MAC access list mac-address-table Configuration of the address table management Shows management information memory Memory utilization mlag Displays MLAG information network-access Shows the entries of the secure port nlm Show notification log ntp Network Time Protocol configuration pfc Displays Priority-based Flow Control Information policy-map Displays policy maps port Port characteristics port-channel Port channel information process Device process public-key Public key information qos Quality of Service queue Priority queue information
– 86 –
Chapter 2
| Using the Command Line Interface
Entering Commands
radius-server RADIUS server information reload Shows the reload settings rmon Remote Monitoring Protocol route-map Shows route-map rspan Display status of the current RSPAN configuration running-config Information on the running configuration sflow Shows the sflow information snmp Simple Network Management Protocol configuration and
statistics snmp-server Displays SNMP server configuration sntp Simple Network Time Protocol configuration spanning-tree Spanning-tree configuration ssh Secure shell server connections startup-config Startup system configuration system System information tacacs-server TACACS server information tech-support Technical information traffic-segmentation Traffic segmentation information udld Displays UDLD information upgrade Shows upgrade information users Information about users logged in version System hardware and software versions vlan Shows virtual LAN settings vrrp Shows VRRP vxlan Shows VXLAN information watchdog Displays watchdog status web-auth Shows web authentication configuration Console#show
Partial Keyword
Lookup
The command “show interfaces ?” will display the following information:
Console#show interfaces ? brief Brief interface description counters Interface counters information history Historical sample of interface counters information protocol-vlan Protocol-VLAN information status Shows interface status switchport Shows interface switchport information transceiver Interface of transceiver information transceiver-threshold Interface of transceiver-threshold information Console#
Show commands which display more than one page of information (e.g., show running-config) pause and require you to press the [Space] bar to continue
displaying one more page, the [Enter] key to display one more line, or the [a] key to display the rest of the information without stopping. You can press any other key to terminate the display.
If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.”
Console#show s? sflow snmp snmp-server sntp spanning-tree ssh startup-config system Console#show s
– 87 –
Chapter 2
Entering Commands
| Using the Command Line Interface
Negating the Effect of
Commands
Using Command
History
Understanding
Command Modes
For many configuration commands you can enter the prefix keyword “no” to cancel the effect of a command or reset the configuration to the default value. For example, the logging command will log system messages to a host server. To disable logging, specify the no logging command. This guide describes the negation effect for all applicable commands.
The CLI maintains a history of commands that have been entered. You can scroll back through the history of commands by pressing the up arrow key. Any command displayed in the history list can be executed again, or first modified and then executed.
Using the show history command displays a longer list of recently executed commands.
The command set is divided into Exec and Configuration classes. Exec commands generally display information on system status or clear statistical counters. Configuration commands, on the other hand, modify interface parameters or enable certain switching functions. These classes are further divided into different modes. Available commands depend on the selected mode. You can always enter a question mark “?” at the prompt to display a list of the commands available for the current mode. The command classes and associated modes are displayed in the following table:
Table 4: General Command Modes
Class Mode
Exec Normal
Privileged
Configuration
* You must be in Privileged Exec mode to access the Global configuration mode.
You must be in Global Configuration mode to access any of the other configuration modes.
Global
*
Access Control List CFM Class Map DHCP IGMP Profile Interface Line Multiple Spanning Tree Policy Map Route Map Router Time Range VLAN Database
Exec Commands When you open a new console session on the switch with the user name and
password “guest,” the system enters the Normal Exec command mode (or guest mode), displaying the “Console>” command prompt. Only a limited number of the
– 88 –
Chapter 2
| Using the Command Line Interface
Entering Commands
commands are available in this mode. You can access all commands only from the Privileged Exec command mode (or administrator mode). To access Privilege Exec mode, open a new console session with the user name and password “admin.” The system will now display the “Console#” command prompt. You can also enter Privileged Exec mode from within Normal Exec mode, by entering the enable command, followed by the privileged level password “super.”
To enter Privileged Exec mode, enter the following user names and passwords:
Username: admin Password: [admin login password]
CLI session with the AOS5700-54X is opened. To end the CLI session, enter [Exit].
Console#
Username: guest Password: [guest login password]
Configuration
Commands
CLI session with the AOS5700-54X is opened. To end the CLI session, enter [Exit].
Console>enable Password: [privileged level password] Console#
Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in non­volatile storage, use the copy running-config startup-config command.
The configuration commands are organized into different modes:
Global Configuration - These commands modify the system level configuration,
and include commands such as hostname and snmp-server community.
Access Control List Configuration - These commands are used for packet
filtering.
CFM Configuration - Configures connectivity monitoring using continuity
check messages, fault verification through loopback messages, and fault isolation by examining end-to-end connections between Provider Edge devices or between Customer Edge devices.
Class Map Configuration - Creates a DiffServ class map for a specified traffic
type.
DHCP Configuration - These commands are used to configure the DHCP server.
– 89 –
Chapter 2
| Using the Command Line Interface
Entering Commands
IGMP Profile - Sets a profile group and enters IGMP filter profile configuration
mode.
Interface Configuration - These commands modify the port configuration such
as speed-duplex and negotiation.
Line Configuration - These commands modify the console port and Telnet
configuration, and include command such as parity and databits.
Multiple Spanning Tree Configuration - These commands configure settings for
the selected multiple spanning tree instance.
Policy Map Configuration - Creates a DiffServ policy map for multiple interfaces.
Route Map Configuration - These commands specify the action (next hop or
silently drop) to take when a match is found.
Router Configuration - These commands configure global settings for unicast
and multicast routing protocols.
Time Range - Sets a time range for use by other functions, such as Access
Control Lists.
VLAN Configuration - Includes the command to create VLAN groups.
To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands.
Console#configure Console(config)#
To enter the other modes, at the configuration prompt type one of the following commands. Use the exit or end command to return to the Privileged Exec mode.
Table 5: Configuration Command Modes
Mode Command Prompt Page
Access Control List
access-list ip standard access-list ip extended access-list ipv6 standard access-list ipv6 extended access-list mac
Console(config-std-acl) Console(config-ext-acl) Console(config-std-ipv6-acl) Console(config-ext-ipv6-acl) Console(config-mac-acl)
336 336 342 342 347
CFM ethernet cfm domain Console(config-ether-cfm) 681
Class Map class-map Console(config-cmap) 528
Interface interface {ethernet port | port-channel id|
vlan id}
Line line {console | vty} Console(config-line) 142
Console(config-if) 360
– 90 –
Chapter 2
| Using the Command Line Interface
Entering Commands
Table 5: Configuration Command Modes (Continued)
Mode Command Prompt Page
MSTP spanning-tree mst-configuration Console(config-mstp) 449
Policy Map policy-map Console(config-pmap) 531
Route Map route-map Console(config-route-map) 993
Router router { bgp | ipv6 ospf | ospf } pim } pim6 | rip Console(config-router) 908
882 839 1022 1047 820
Time Range
VLAN vlan database Console(config-vlan) 472
time-range Console(config-time-range) 178
– 91 –
Chapter 2
| Using the Command Line Interface
Entering Commands
For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec mode
Console(config)#interface ethernet 1/5 . . .
Console(config-if)#exit Console(config)#
Command Line
Processing
Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?” character to display a list of possible matches. You can also use the following editing keystrokes for command-line processing:
Table 6: Keystroke Commands
Keystroke Fu nction
Ctrl-A Shifts cursor to start of command line.
Ctrl-B Shifts cursor to the left one character.
Ctrl-C Terminates the current task and displays the command prompt.
Ctrl-E Shifts cursor to end of command line.
Ctrl-F Shifts cursor to the right one character.
Ctrl-K Deletes all characters from the cursor to the end of the line.
Ctrl-L Repeats current command line on a new line.
Ctrl-N Enters the next command line in the history buffer.
Ctrl-P Enters the last command.
Ctrl-R Repeats current command line on a new line.
Ctrl-U Deletes from the cursor to the beginning of the line.
Ctrl-W Deletes the last word typed.
Esc-B Moves the cursor back one word.
Esc-D Deletes from the cursor to the end of the word.
Esc-F Moves the cursor forward one word.
Delete key or backspace key
Erases a mistake when entering a command.
– 92 –

CLI Command Groups

Chapter 2
| Using the Command Line Interface
CLI Command Groups
The system commands can be broken down into the functional groups shown
.
below
Table 7: Command Group Index
Command Group Description Page
General Basic commands for entering privileged access mode,
System Management Display and setting of system information, basic modes of
Simple Network Management Protocol
Remote Monitoring Supports statistics, history, alarm and event groups 203
User Authentication Configures user names and passwords, logon access using
General Security Measures Segregates traffic for clients attached to common data ports;
Access Control List Provides filtering for IPv4 frames (based on address, protocol,
Interface Configures the connection parameters for all Ethernet ports,
restarting the system, or quitting the CLI
operation, maximum frame size, file management, console port and telnet settings, system logs, SMTP alerts, and the system clock,
Activates authentication failure traps; configures community access strings, and trap receivers
local or remote authentication, management access through the web server, Telnet server and Secure Shell; as well as port security, IEEE 802.1X port access control, and restricted access based on specified IP addresses,
and prevents unauthorized access by configuring valid static or dynamic addresses, web authentication, MAC address authentication, filtering DHCP requests and replies, and discarding invalid ARP responses
TCP/UDP port number or TCP control code), IPv6 frames (based on address, or non-IP frames (based on MAC address or Ethernet type)
aggregated links, and VLANs
95
103
181
211
255
335
359
Link Aggregation Statically groups multiple ports into a single logical trunk;
Mirror Port Mirrors data to another port for analysis without affecting the
Congestion Control Sets the input/output rate limits, traffic storm thresholds, and
UniDirectional Link Detection
Address Table Configures the address table for filtering specified addresses,
Spanning Tree Configures Spanning Tree settings for the switch 443
VLANs Configures VLAN settings, and defines port membership for
Class of Service Sets port priority for untagged frames, selects strict priority or
configures Link Aggregation Control Protocol for port trunks
data passing through or the performance of the monitored port
thresholds for broadcast and multicast storms which can be used to trigger configured rate limits or to shut down a port.
Detect and disables unidirectional links 429
displays current entries, clears the table, or sets the aging time
VLAN groups
weighted round robin, relative weight for each priority queue, also sets priority for TCP/UDP traffic types, IP precedence, and DSCP
389
409
419
437
467
507
– 93 –
Chapter 2
| Using the Command Line Interface
CLI Command Groups
Table 7: Command Group Index (Continued)
Command Group Description Page
Quality of Service Configures Differentiated Services 527
Multicast Filtering Configures IGMP multicast filtering, query, profile, and proxy
Link Layer Discovery Protocol
Domain Name Service Configures DNS services. 723
Dynamic Host Configuration Protocol
Router Redundancy Configures router redundancy to create primary and backup
IP Interface Configures IP address for the switch interfaces; also
IP Routing Configures static unicast routing, policy-based unicast
Multicast Routing Configures static multicast routing for IPv4 1013
Data Center Configures Database Center Bridging Exchange (DCBX),
Debug Displays debugging information for all key function
parameters; specifies ports attached to a multicast router
Configures LLDP settings to enable information discovery about neighbor devices
Configures DHCP client, relay and server functions 733
routers
configures ARP parameters
routing for BGP, and dynamic unicast routing
Congestion Notification (CN), Enhanced Transmission Selection (ETS), Priority-Based Flow Control (PFC), and OpenFlow
These commands are not described in this manual Please refer to the prompt messages included in the CLI interface.
581
653
791
741
801
545
The access mode shown in the following tables is indicated by these abbreviations:
ACL (Access Control List Configuration) CFM (Connectivity Fault Management Configuration) CM (Class Map Configuration) DC (DHCP Server Configuration) GC (Global Configuration) IC (Interface Configuration) IPC (IGMP Profile Configuration) LC (Line Configuration) MST (Multiple Spanning Tree) NE (Normal Exec) PE (Privileged Exec) PM (Policy Map Configuration) RC (Router Configuration) RM (Route Map Configuration) VC (VLAN Database Configuration)
– 94 –

3 General Commands

The general commands are used to control the command access mode, configuration mode, and other basic functions.
Table 8: General Comm ands
Command Function Mode
prompt Customizes the CLI prompt GC
reload Restarts the system at a specified time, after a specified delay, or at a
periodic interval
enable Activates privileged mode NE
quit Exits a CLI session NE, PE
show history Shows the command history buffer NE, PE
configure Activates global configuration mode PE
disable Returns to normal mode from privileged mode PE
reload Restarts the system immediately PE
show reload Displays the current reload settings, and the time at which next
scheduled reload will take place
end Returns to Privileged Exec mode any config.
exit Returns to the previous configuration mode, or exits the CLI any mode
help Shows how to use help any mode
? Shows options for command completion (context sensitive) any mode
GC
PE
mode
prompt This command customizes the CLI prompt. Use the no form to restore the default
prompt.
Syntax

prompt string

no prompt
string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters)
Default Setting
Console
– 95 –
Chapter 3
| General Commands
Command Mode
Global Configuration
Example
Console(config)#prompt RD2 RD2(config)#
reload
(Global Configuration)
This command restarts the system at a specified time, after a specified delay, or at a periodic interval. You can reboot the system immediately, or you can configure the switch to reset after a specified amount of time. Use the cancel option to remove a configured setting.
Syntax
reload {at hour minute [{month day | day month} [year]] |
in {hour hours | minute minutes | hour hours minute minutes} | regularity hour minute [period {daily
|
weekly day-of-week
|
monthly day
}] |
cancel [at | in | regularity]}
reload at - A specified time at which to reload the switch.
hour - The hour at which to reload. (Range: 0-23)
minute - The minute at which to reload. (Range: 0-59)
month - The month at which to reload. (january ... december)
day - The day of the month at which to reload. (Range: 1-31)
year - The year at which to reload. (Range: 1970-2037)
reload in - An interval after which to reload the switch.
hours - The number of hours, combined with the minutes, before the switch resets. (Range: 0-576)
minutes - The number of minutes, combined with the hours, before the switch resets. (Range: 0-59)
reload
hour - The hour at which to reload. (Range: 0-23)
minute - The minute at which to reload. (Range: 0-59)
day-of-week - Day of the week at which to reload. (Range: monday ... saturday)
day
reload cancel - Cancels the specified reload option.
Default Setting
None
regularity
- A periodic interval at which to reload the switch.
- Day of the month at which to reload. (Range: 1-31)
– 96 –
Chapter 3
| General Commands
Command Mode
Global Configuration
Command Usage
This command resets the entire system.
Any combination of reload options may be specified. If the same option is re-
specified, the previous setting will be overwritten.
When the system is restarted, it will always run the Power-On Self-Test. It will
also retain all configuration information stored in non-volatile memory by the
copy running-config startup-config command (See “copy” on page 129).
Example
This example shows how to reset the switch after 30 minutes:
Console(config)#reload in minute 30 *** *** --- Rebooting at January 1 02:10:43 2013 --­***
Are you sure to reboot the system at the specified time? <y/n>

enable This command activates Privileged Exec mode. In privileged mode, additional

commands are available, and certain commands display additional information. See “Understanding Command Modes” on page 88.
Syntax
enable [level]
level - Privilege level to log into the device.
The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec. Enter level 15 to access Privileged Exec mode.
Default Setting
Level 15
Command Mode
Normal Exec
Command Usage
“super” is the default password required to change the command mode from
Normal Exec to Privileged Exec. (To set this password, see the enable password command.)
The “#” character is appended to the end of the prompt to indicate that the
system is in privileged access mode.
– 97 –
Chapter 3
| General Commands
Example
Console>enable Password: [privileged level password] Console#
Related Commands
disable (100) enable password (212)

quit This command exits the configuration program.

Default Setting
None
Command Mode
Normal Exec, Privileged Exec
Command Usage
The quit and exit commands can both exit the configuration program.
Example
This example shows how to quit a CLI session:
Console#quit
Press ENTER to start session
User Access Verification
Username:

show history This command shows the contents of the command history buffer.

Default Setting
None
Command Mode
Normal Exec, Privileged Exec
Command Usage
The history buffer size is fixed at 10 Execution commands and 10 Configuration commands.
– 98 –
Chapter 3
| General Commands
Example
In this example, the show history command lists the contents of the command history buffer:
Console#show history Execution command history: 2 config 1 show history
Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end
Console#
The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer when you are in any of the configuration modes. In this example, the !2 command repeats the second command in the Execution history buffer (config).
Console#!2 Console#config Console(config)#

configure This command activates Global Configuration mode. You must enter this mode to

modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, such as Interface Configuration, Line Configuration, and VLAN Database Configuration. See
“Understanding Command Modes” on page 88.
Default Setting
None
Command Mode
Privileged Exec
Example
Console#configure Console(config)#
Related Commands
end (101)
– 99 –
Chapter 3
| General Commands

disable This command returns to Normal Exec mode from privileged mode. In normal

access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode. See “Understanding Command Modes” on page 88.
Default Setting
None
Command Mode
Privileged Exec
Command Usage
The “>” character is appended to the end of the prompt to indicate that the system is in normal access mode.
Example
Console#disable Console>
Related Commands
enable (97)
reload (Privileged Exec) This command restarts the system.
Note:
When the system is restarted, it will always run the Power-On Self-Test. It will also retain all configuration information stored in non-volatile memory by the copy running-config startup-config command.
Default Setting
None
Command Mode
Privileged Exec
Command Usage
This command resets the entire system.
Example
This example shows how to reset the switch:
Console#reload System will be restarted, continue <y/n>? y
– 100 –
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use