FS TAP Series Reference Manual

FS Network TAP Series

Command Line Reference

TAP Series Switch Command Line Reference

2

Table of Contents

1 INTERFACE Commands

1.1 show management interface

1.2 show interface

1.3 show interface summary

1.4 show interface status

1.5 show interface description

1.6 clear counters

1.7 interface range

1.8 interface

1.9 shutdown

1.10 description

1.11 speed

1.12 duplex

1.13 unidirectional

1.14 fec

1.15 static-channel-group

1.16 media-type

.....................................................................................................................................

...................................................................................................................................

...............................................................................................................................

.......................................................................................................................................

......................................................................................................................................

............................................................................................................................................

..............................................................................................................................

....................................................................................................................

....................................................................................................

...........................................................................................................................

...........................................................................................................

................................................................................................................

........................................................................................................

............................................................................................................................

...........................................................................................................................

...........................................................................................................................

................................................................................................................

10

10

11

12

14

15

16

18

19

19

20

21

22

24

25

26

27

2 FLOW Commands

2.1 show interface flow statistics

2.2 clear interface flow statistics

2.3 show flow

2.4 flow

2.5 remark

2.6 no sequence-num

2.7 sequence-num

............................................................................................................................

...................................................................................................................................

............................................................................................................................................

........................................................................................................................................

...........................................................................................................................

3 INNER-MATCH Commands

3.1 show inner-match

3.2 inner-match

3.3 remark

3.4 no sequence-num

3.5 sequence-num

4 ACL Commands

...............................................................................................................................

........................................................................................................................................

...........................................................................................................................

...............................................................................................................................

....................................................................................................

.....................................................................................................

......................................................................................................................

..............................................................................................................

......................................................................................................................

......................................................................................................................

28

28

29

30

31

32

33

34

47

47

48

49

50

51

57

TAP Series Switch Command Line Reference

3

4.1 show interface egress ip access-list

..........................................................................................

57

4.2 clear interface egress ip access-list

4.3 show ip access-list

4.4 ip access-list

4.5 remark

4.6 no sequence-num

4.7 sequence-num acl_seq

4.8 egress

5 TAP Commands

5.1 tap-group

5.2 description

5.3 ingress

5.4 egress

5.5 show tap-group

...............................................................................................................................

........................................................................................................................................

.........................................................................................................................................

...............................................................................................................................

...................................................................................................................................

.................................................................................................................................

........................................................................................................................................

.........................................................................................................................................

6 TIMESTAMP Commands

6.1 timestamp-over-ether

6.2 show timestamp sync

...........................................................................................

.....................................................................................................................

......................................................................................................................

..............................................................................................................

.........................................................................................................................

.................................................................................................................

...............................................................................................................

................................................................................................................

58

59

60

61

62

62

68

70

70

71

72

75

76

78

78

79

6.3 timestamp sync

..........................................................................................................................

7 TRUNCATION Commands

7.1 truncation

8 SSH Commands

8.1 show ip ssh server status

8.2 ssh

8.3 ip ssh server enable

8.4 ip ssh server disable

8.5 ip ssh server version

8.6 ip ssh server authentication-retries

8.7 ip ssh server authentication-timeout

8.8 ip ssh server authentication-type

8.9 ip ssh server rekey-interval

8.10 ip ssh server host-key

..............................................................................................................................................

9 LACP Commands

9.1 show channel-group

..................................................................................................................................

...............................................................................................................................

.............................................................................................................................

...............................................................................................................

...........................................................................................................

...................................................................................................................

..................................................................................................................

..................................................................................................................

..........................................................................................

........................................................................................

.............................................................................................

.......................................................................................................

..............................................................................................................

..................................................................................................................

80

82

82

84

84

85

86

86

87

88

89

90

92

93

95

95

9.2 show channel-group interface

9.3 show port-channel load-balance

..................................................................................................

...............................................................................................

97

98

TAP Series Switch Command Line Reference

4

9.4 no port-channel

.........................................................................................................................

99

9.5 port-channel load-balance-mode

9.6 port-channel load-balance hash-arithmetic

9.7 port-channel load-balance set

9.8 port-channel load-balance tunnel-hash-mode

9.9 port-channel load-balance

10 NTP Commands

10.1 show ntp

10.2 show ntp status

10.3 show ntp statistics

10.4 show ntp associations

10.5 show ntp key

10.6 clear ntp statistics

10.7 ntp minimum-distance

10.8 ntp server

10.9 ntp authentication

10.10 ntp key

...........................................................................................

...........................................................................

................................................................................................

.......................................................................

......................................................................................................

...........................................................................................................................

................................................................................................................................

.....................................................................................................................

.................................................................................................................

...........................................................................................................

..........................................................................................................................

..................................................................................................................

..........................................................................................................

..............................................................................................................................

.................................................................................................................

.................................................................................................................................

100

100

101

103

104

106

106

107

108

109

110

111

111

112

113

114

10.11 ntp trustedkey

.....................................................................................................................

11 NETWORK DIAGNOSIS Commands

11.1 ping

11.2 traceroute

12 SYSLOG Commands

12.1 show logging

12.2 show logging buffer

12.3 show logging buffer statistics

12.4 show logging levels

12.5 show logging facilities

12.6 clear logging buffer

12.7 logging sync

12.8 logging buffer

12.9 logging file

12.10 logging level file

12.11 logging level module

........................................................................................................................................

..............................................................................................................................

.....................................................................................................................

..........................................................................................................................

...............................................................................................................

................................................................................................................

...........................................................................................................

................................................................................................................

...........................................................................................................................

........................................................................................................................

.............................................................................................................................

...................................................................................................................

...........................................................................................................

.............................................................................................

................................................................................................

115

117

117

118

120

120

121

122

123

124

125

126

127

127

128

130

12.12 logging timestamp

12.13 logging server

12.14 logging server severity

...............................................................................................................

......................................................................................................................

........................................................................................................

131

132

133

TAP Series Switch Command Line Reference

5

12.15 logging server facility

...........................................................................................................

134

12.16 logging server address

12.17 logging merge

13 SNMP Commands

13.1 show snmp

13.2 show snmp-server version

13.3 show snmp-server community

13.4 show snmp-server engineID

13.5 show snmp-server sys-info

13.6 show snmp-server trap-receiver

13.7 show snmp-server inform-receiver

13.8 show snmp-server view

13.9 snmp-server enable

13.10 snmp-server engineID

13.11 snmp-server system-contact

13.12 snmp-server system-location

13.13 snmp-server version

.........................................................................................................

......................................................................................................................

.......................................................................................................................

.............................................................................................................................

....................................................................................................

..............................................................................................

..................................................................................................

....................................................................................................

...........................................................................................

.......................................................................................

.........................................................................................................

...............................................................................................................

.........................................................................................................

...............................................................................................

..............................................................................................

............................................................................................................

136

137

139

139

140

140

141

142

143

144

145

146

147

148

149

150

13.14 snmp-server view

13.15 snmp-server community

13.16 snmp-server trap enable

13.17 snmp-server trap target-address

13.18 snmp-server trap delay linkup

13.19 snmp-server trap delay linkdown

13.20 snmp-server inform target-address

14 AUTH Commands

14.1 show usernames

14.2 show users

14.3 show web users

14.4 show privilege

14.5 clear line console 0

14.6 clear line vty

14.7 clear web session

14.8 show console

................................................................................................................

.....................................................................................................

.....................................................................................................

........................................................................................

............................................................................................

........................................................................................

....................................................................................

........................................................................................................................

....................................................................................................................

.............................................................................................................................

.....................................................................................................................

........................................................................................................................

................................................................................................................

..........................................................................................................................

..................................................................................................................

.........................................................................................................................

151

152

153

154

156

157

158

160

160

161

161

162

163

164

164

165

14.9 show vty

14.10 show rsa keys

14.11 show rsa key

.................................................................................................................................

.......................................................................................................................

........................................................................................................................

166

167

168

TAP Series Switch Command Line Reference

6

14.12 show key config

...................................................................................................................

170

14.13 show key string

14.14 show tacacs

14.15 show aaa status

....................................................................................................................

.........................................................................................................................

...................................................................................................................

14.16 show aaa privilege mapping

14.17 show aaa method-lists

14.18 line console

14.19 line vty

..........................................................................................................................

.................................................................................................................................

14.20 line vty maximum

14.21 rsa key generate

14.22 rsa key import

14.23 rsa key export

14.24 rsa key

14.25 reset

..................................................................................................................................

.....................................................................................................................................

14.26 key type

14.27 key format

14.28 key string end

14.29 validate

......................................................................................................................

......................................................................................................................

...............................................................................................................................

............................................................................................................................

......................................................................................................................

................................................................................................................................

........................................................................................................

................................................................................................................

..................................................................................................................

................................................................................................

171

172

173

174

175

176

176

177

178

179

180

182

183

183

184

185

186

14.30 KEYLINE

14.31 re-activate radius-server

14.32 show radius-server

14.33 radius-server host

14.34 radius-server deadtime

14.35 radius-server retransmit

14.36 radius-server timeout

14.37 radius-server key

................................................................................................................................

.....................................................................................................

..............................................................................................................

................................................................................................................

.......................................................................................................

......................................................................................................

..........................................................................................................

.................................................................................................................

14.38 re-activate tacacs-server host

14.39 tacacs-server host

14.40 username

.............................................................................................................................

14.41 username password

14.42 username assign

14.43 username privilege

14.44 username secret

14.45 re-username

14.46 enable password

................................................................................................................

............................................................................................................

..................................................................................................................

..............................................................................................................

..................................................................................................................

........................................................................................................................

.................................................................................................................

.............................................................................................

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

201

202

14.47 enable password privilege

14.48 service password-encryption

...................................................................................................

..............................................................................................

203

204

TAP Series Switch Command Line Reference

7

14.49 aaa new-model

....................................................................................................................

205

14.50 aaa authentication login

14.51 aaa authorization exec

14.52 aaa accounting exec

14.53 aaa accounting commands

14.54 aaa privilege mapping

14.55 debug aaa

14.56 exec-timeout

14.57 login

14.58 privilege level

14.59 line-password

14.60 stopbits

14.61 databits

14.62 parity

14.63 speed

14.64 authorization exec

14.65 accounting exec

14.66 end

.......................................................................................................................................

............................................................................................................................

........................................................................................................................

.....................................................................................................................................

.......................................................................................................................

......................................................................................................................

................................................................................................................................

................................................................................................................................

....................................................................................................................................

...................................................................................................................................

...................................................................................................................

......................................................................................................

........................................................................................................

............................................................................................................

.........................................................................................................

...............................................................................................................

..................................................................................................

207

208

209

210

211

212

213

215

216

217

218

219

220

221

222

224

225

15 SFLOW Commands

15.1 sflow enable

15.2 sflow agent

15.3 sflow collector

15.4 sflow counter interval

15.5 sflow counter-sampling enable

15.6 sflow flow-sampling rate

15.7 sflow flow-sampling enable

15.8 debug sflow

15.9 show sflow

16 GLOBAL Commands

16.1 show debugging

16.2 no debug all

16.3 show history

16.4 show running-config

......................................................................................................................

..........................................................................................................................

............................................................................................................................

.......................................................................................................................

...........................................................................................................................

.............................................................................................................................

....................................................................................................................

....................................................................................................................

...........................................................................................................................

..........................................................................................................................

17 MANAGEMENT Commands

............................................................................................................

.............................................................................................

.......................................................................................................

..................................................................................................

..............................................................................................................

........................................................................................................

227

227

228

229

230

231

232

233

234

235

237

237

238

238

239

244

17.1 show diagnostic-information

17.2 hostname

...............................................................................................................................

................................................................................................

244

282

TAP Series Switch Command Line Reference

8

17.3 format udisk:

.........................................................................................................................

283

17.4 umount udisk:

17.5 management ip address

17.6 management route gateway

17.7 service telnet enable

17.8 service http

........................................................................................................................

........................................................................................................

.................................................................................................

.............................................................................................................

............................................................................................................................

18 SYSTEM CONFIGURATION Commands

18.1 disable

18.2 enable

18.3 logout

18.4 reboot

18.5 show file system

....................................................................................................................................

....................................................................................................................................

.....................................................................................................................................

....................................................................................................................................

....................................................................................................................

18.6 show management ip address

18.7 show startup-config

18.8 write

.......................................................................................................................................

18.9 boot system flash

18.10 boot system tftp:

...............................................................................................................

..................................................................................................................

.................................................................................................................

.......................................................................................

..............................................................................................

284

285

286

287

288

290

290

291

292

292

293

294

295

299

299

300

18.11 show boot

18.12 show memory

............................................................................................................................

......................................................................................................................

18.13 show memory summary

18.14 show cpu utilization

18.15 terminal length

18.16 terminal monitor

18.17 cd

18.18 mkdir

18.19 rmdir

18.20 pwd

18.21 ls

.........................................................................................................................................

....................................................................................................................................

....................................................................................................................................

......................................................................................................................................

...........................................................................................................................................

18.22 copy running-config

18.23 copy startup-config

18.24 copy mgmt-if

18.25 copy

18.26 more

18.27 delete

.....................................................................................................................................

....................................................................................................................................

...................................................................................................................................

.......................................................................................................................

............................................................................................................

....................................................................................................................

.................................................................................................................

.............................................................................................................

..............................................................................................................

.....................................................................................................

301

302

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

18.28 rename

18.29 source

.................................................................................................................................

..................................................................................................................................

318

319

TAP Series Switch Command Line Reference

9

19 DEVICE Commands

.....................................................................................................................

321

19.1 show version

19.2 show stm prefer

19.3 show environment

19.4 show clock

19.5 show transceiver

..........................................................................................................................

.....................................................................................................................

.................................................................................................................

.............................................................................................................................

...................................................................................................................

19.6 show system summary

19.7 show reboot-info

19.8 clear reboot-info

19.9 set device id-led

19.10 show device id-led

...................................................................................................................

....................................................................................................................

.....................................................................................................................

...............................................................................................................

19.11 show schedule reboot

19.12 stm prefer

19.13 temperature

19.14 clock set datetime

19.15 clock set timezone

19.16 update bootrom

19.17 split interface

............................................................................................................................

........................................................................................................................

...............................................................................................................

...............................................................................................................

..................................................................................................................

.......................................................................................................................

..........................................................................................................

.........................................................................................................

321

322

323

324

325

327

328

330

330

331

332

333

334

335

336

337

338

19.18 schedule reboot at

..............................................................................................................

19.19 schedule reboot delay

.........................................................................................................

339

339

TAP Series Switch Command Line Reference

10

1 INTERFACE Commands

1.1 show management interface

Use this command to display the status and configurations on management interface.

Command Syntax

show management interface

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to display the states and configurations on management interface.

Examples

The following example displays the states, configurations and statistics on management

interface:

Switch# show management interface

Management Interface current state: UP

Description:

Link encap: Ethernet HWaddr: 00:1E:08:0B:E6:C1

net addr: 10.10.39.104 Mask: 255.255.254.0

Bcast: 10.10.39.255 MTU: 1500

Speed: 1000Mb/s Duplex: Full

Auto-negotiation: Enable

Received: 1030834 Packets, 79596824 Bytes (75.9 MiB)

Transmitted: 110758 Packets, 16209745 Bytes (15.4 MiB)

TAP Series Switch Command Line Reference

11

Related Commands

1.2 show interface

IF_NAME

Specify the interface name to show.

show interface status

Use this command to display the configurations and statistics on all interfaces or one

interface.

Command Syntax

show interface (IF_NAME |)

Command Mode

Privileged EXEC

Default

Usage

Examples

None

Use this command to display the configurations and statistics on all interfaces or one

interface.

If the parameter “IF_NAME” is not specified, the command indicates that all interfaces on

this device should be displayed; otherwise only the specified interface should be displayed.

This example shows how to display the configurations and statistics of interface eth-0-1:

Switch# show interface eth-0-1

Interface eth-0-1

Interface current state: DOWN

Hardware is Port, address is 001e.0809.78a3

Bandwidth 1000000 kbits

Index 1 , Metric 1

Speed - auto , Duplex - auto , Media type is 1000BASE_T

Link speed type is autonegotiation, Link duplex type is autonegotiation

TAP Series Switch Command Line Reference

12

Admin input flow-control is off, output flow-control is off

1.3 show interface summary

IF_NAME

Specify the interface name to show.

This command supports physical or link
aggregation interfaces.

Oper input flow-control is off, output flow-control is off

The Maximum Frame Size is 1632 bytes

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes

Received0 unicast, 0 broadcast, 0 multicast

0 runts, 0 giants, 0 input errors, 0 CRC

0 frame, 0 overrun, 0 pause input

0 packets output, 0 bytes

Transmitted 0 unicast, 0 broadcast, 0 multicast

0 underruns, 0 output errors, 0 pause output

Related Commands

show interface status

Use this command to display the statistics on all interfaces or one interface.

Command Syntax

show interface summary (IF_NAME |)

Command Mode

Privileged EXEC

Default

none

Usage

Use this command to display the statistics on all interfaces or one interface.

If the parameter “IF_NAME” is not specified, the command indicates that all interfaces on

this device should be displayed; otherwise only the specified interface should be displayed.

TAP Series Switch Command Line Reference

13

Examples

The following example shows how to display the statistic of interface eth-0-1

Switch# show interface summary eth-0-1

RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)

TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)

Interface Link RXBS RXPS TXBS TXPS

----------+------+--------------+--------------+--------------+--------------

eth-0-1 DOWN 0 0 0 0

The following example shows how to display the statistic of interfaces:

Switch# show interface summary eth-0-1

Switch# show interface summary

RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)

TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)

Interface Link RXBS RXPS TXBS TXPS

----------+------+--------------+--------------+--------------+--------------

eth-0-1 UP 0 0 0 0

eth-0-2 UP 0 0 0 0

eth-0-3 UP 0 0 0 0

eth-0-4 UP 0 0 0 0

eth-0-5 UP 0 0 0 0

eth-0-6 UP 0 0 0 0

eth-0-7 UP 0 0 0 0

eth-0-8 UP 0 0 0 0

eth-0-9 UP 0 0 0 0

eth-0-10 UP 0 0 0 0

eth-0-11 UP 0 0 0 0

eth-0-12 UP 0 0 0 0

eth-0-13 UP 0 0 0 0

eth-0-14 UP 0 0 0 0

eth-0-15 UP 0 0 0 0

eth-0-16 UP 0 0 0 0

eth-0-17 UP 0 0 0 0

eth-0-18 UP 0 0 0 0

eth-0-19 UP 0 0 0 0

eth-0-20 UP 0 0 0 0

eth-0-21 UP 0 0 0 0

eth-0-22 UP 0 0 0 0

eth-0-23 UP 0 0 0 0

eth-0-24 UP 0 0 0 0

：

Related Commands

show interface

TAP Series Switch Command Line Reference

14

1.4 show interface status

Use this command to display the brief information on all physical and link aggregation

interfaces.

Command Syntax

show interface status

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to display the brief information on all physical and link aggregation

Examples

interfaces.

This example shows how to display the brief information on all physical and link aggregation

interfaces:

Switch# show interface status

Name Status Duplex Speed Mode Type Description

----------+-----------+--------+--------+-------+------------+----------------

eth-0-1 down auto auto trunk UNKNOWN

eth-0-2 down auto auto trunk UNKNOWN

eth-0-3 down auto auto trunk UNKNOWN

eth-0-4 down auto auto trunk UNKNOWN

eth-0-5 down auto auto trunk UNKNOWN

eth-0-6 down auto auto trunk UNKNOWN

eth-0-7 down auto auto trunk UNKNOWN

eth-0-8 down auto auto trunk UNKNOWN

eth-0-9 down auto auto trunk UNKNOWN

eth-0-10 down auto auto trunk UNKNOWN

eth-0-11 down auto auto trunk UNKNOWN

eth-0-12 down auto auto trunk UNKNOWN

eth-0-13 down auto auto trunk UNKNOWN

eth-0-14 down auto auto trunk UNKNOWN

eth-0-15 down auto auto trunk UNKNOWN

TAP Series Switch Command Line Reference

15

eth-0-16 down auto auto trunk UNKNOWN

1.5 show interface description

eth-0-17 down auto auto trunk UNKNOWN
eth-0-18 down auto auto trunk UNKNOWN
eth-0-19 down auto auto trunk UNKNOWN
eth-0-20 down auto auto trunk UNKNOWN
eth-0-21 down auto auto trunk UNKNOWN
eth-0-22 down auto auto trunk UNKNOWN
eth-0-23 down auto auto trunk UNKNOWN
eth-0-24 down auto auto trunk UNKNOWN
eth-0-25 down auto auto trunk UNKNOWN
eth-0-26 down auto auto trunk UNKNOWN
eth-0-27 down auto auto trunk UNKNOWN
eth-0-28 down auto auto trunk UNKNOWN
eth-0-29 down auto auto trunk UNKNOWN
eth-0-30 down auto auto trunk UNKNOWN
eth-0-31 down auto auto trunk UNKNOWN
eth-0-32 down auto auto trunk UNKNOWN
FGE0/33 down full 40000 trunk UNKNOWN
FGE0/34 down full 40000 trunk UNKNOWN
agg5 down auto auto trunk LAG

Related Commands

show interface

Use this command to display the description information on all interfaces.

Command Syntax

show interface description

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to display the description information on all interfaces.

TAP Series Switch Command Line Reference

16

Examples

1.6 clear counters

The following example shows how to display the description information of all interfaces:

Switch# show interface description
Name Status Description

----------+-----------+--------------------------------------------------------­eth-0-1 down TenGigabitEthernet
eth-0-2 down
eth-0-3 down
eth-0-4 down
eth-0-5 down
eth-0-6 down
eth-0-7 down
eth-0-8 down
eth-0-9 down
eth-0-10 down
eth-0-11 down
eth-0-12 down
eth-0-13 down
eth-0-14 down
eth-0-15 down
eth-0-16 down
eth-0-17 down
eth-0-18 down
eth-0-19 down
eth-0-20 down
eth-0-21 down
eth-0-22 down
eth-0-23 down
eth-0-24 down
eth-0-25 down
eth-0-26 down
eth-0-27 down
eth-0-28 down
eth-0-29 down
eth-0-30 down
eth-0-31 down
eth-0-32 down
FGE0/33 down
FGE0/34 down
agg5 down LinkAgg5

Related Commands

Show interface

Use this command to clear the counters on the interfaces.

TAP Series Switch Command Line Reference

17

Command Syntax

IF_NAME

Specify the interface name to clear the
statistics counters.

This command supports physical or link
aggregation interfaces.

clear counters (IF_NAME |)

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to clear the counters on the interfaces.

If the parameter“IF_NAME”is not specified, the command indicates that all interfaces

statistics counters information on this device should be cleared; otherwise only the specified

interface should be cleared.

Examples

This example shows how to clear the counters on all interfaces:

Switch# clear counters

This example shows how to clear the counters on the interface eth-0-1:

Switch# clear counters eth-0-1

This example shows how to clear the counters on the agg10:

Switch# clear counters agg10

Related Commands

’

show interface

TAP Series Switch Command Line Reference

18

1.7 interface range

Use this command to operate a list of interfaces.

KLINE

Specify a range of interfaces to operate. The
interfaces’ names are joined by '-' or ','

e.g.: “eth-0-1 – 8” or “eth-0-1, eth-0-2”

Command Syntax

interface range KLINE

Command Mode

Global Configuration

Default

None

Usage

Use this command to operate a list of interfaces. Physical or link aggregation interfaces are

supported.

Examples

The following example shows how to enter interface eth-0-1 ~ eth-0-10 and shutdown these

10 interfaces:

Switch(config)# interface range eth-0-1 - 10
Switch(config-if-range)# shutdown

The following example shows how to enter interface eth-0-8 and eth-0-10, and shutdown

these 2 interfaces:

Switch(config)# interface range eth-0-8，eth-0-10
Switch(config-if-range)# shutdown

Related Commands

interface

TAP Series Switch Command Line Reference

19

1.8 interface

Use this command to enter interface mode.

IF_NAME

Specify the interface name to enter the mode.

This command supports physical or link
aggregation interfaces.

1.9 shutdown

Command Syntax

interface IF_NAME

Command Mode

Global Configuration

Default

None

Usage

The interface name can be either a port name (i.e. eth-0-1) or link-agg name (i.e. agg1).

Examples

This example shows how to enter the interface mode for eth-0-1:

Switch(config)# interface eth-0-1

This example shows how to enter the interface mode for agg1:

Switch(config)# interface agg1

Related Commands

interface range

Use this command to shutdown an interface administratively.

Use the no form of this command to turn on an interface administratively.

TAP Series Switch Command Line Reference

20

Command Syntax

1.10 description

LINE

Interface description string, which should
begin with a-z/A-Z, valid characters are 0-9A-

shutdown

no shutdown

Command Mode

Interface Configuration

Default

The interfaces are turned on by default.

Usage

Use the command to shutdown a port.

Examples

The following example shows how to shutdown a port:

Switch(config)# interface eth-0-1
Switch(config-if-eth-0-1)# shutdown

Related Commands

show interface status

Use this command to set the description on the interface.

Use the no form of this command to delete the description.

Command Syntax

description LINE

no description

TAP Series Switch Command Line Reference

21

Za-z.-, and maximum length is 64 characters.

Command Mode

1.11 speed

auto

Enable auto negotiation for the speed of a
port.

Default

Usage

Examples

Interface Configuration

The interface has no description by default.

Use this command to set the description on the interface.

The following example sets the description on the interface:

Switch(config)# interface eth-0-1
Switch(config-if-eth-0-1)# description Ethernet

The following example deletes the description on the interface:

Switch(config)# interface eth-0-1
Switch(config-if-eth-0-1)# no description

Related Commands

show interface description

Use this command to specify the speed of a port.

Use the no form of this command to restore the default configuration.

Command Syntax

speed (auto| 10| 100| 1000| 2.5G| 5G| 10G| 40G| 100G)

no speed

TAP Series Switch Command Line Reference

22

10

Force 10Mb/s

100

Force 100Mb/s

1000

Force 1000Mb/s

2.5G

Force 2.5Gb/s

5G

Force 5Gb/s

10G

Force 10Gb/s

40G

Force 40Gb/s

100G

Force 100Gb/s

Command Mode

1.12 duplex

Default

Usage

Examples

Interface Configuration

Auto

The command is used to set the speed on port.

This example shows how to set the speed on a port to 1000 Mb/s:

Switch(config)# interface eth-0-1
Switch(config-if-eth-0-1)# speed 1000

This example shows how to reset default value of the speed on a port:

Related Commands

Switch(config-if-eth-0-1)# no speed

show interface status

show interface

Use this command to specify the duplex mode of operation for a port.

TAP Series Switch Command Line Reference

23

Use the no form of this command to restore the default configuration.

auto

Enable auto negotiation for the duplex of a
port.

The duplex mode should depend on both local
and remote device, the port should get the
mode automatically.

full

Full mode.

half

Half mode is only supported on 10M/100M
link.

Command Syntax

duplex (auto| full| half)

no duplex

Command Mode

Interface Configuration

Default

Usage

Examples

Auto

Use this command to specify the duplex mode of operation for a port.

Use the no form of this command to restore the default configuration.

Half mode is only supported on 10M/100M link.

The following example shows how to set interface eth-0-1 to duplex mode auto:

Switch(config)# interface eth-0-1
Switch(config-if-eth-0-1)# duplex auto

The following example shows how to set interface eth-0-1 to duplex mode full:

Switch(config-if-eth-0-1)# duplex full

The following example shows how to set interface eth-0-1 to default duplex:

TAP Series Switch Command Line Reference

24

Switch(config-if-eth-0-1)# no duplex

1.13 unidirectional

enable

Enable unidirectional

disable

Disable unidirectional

rx-only

Receive only

Related Commands

show interface status

show interface

Use the command to set unidirectional function for a port.

Command Syntax

unidirectional (enable | disable | rx-only)

Command Mode

Default

Usage

Examples

Interface Configuration

Disable

Use the command to set unidirectional function for a port.

The following example shows how enable unidirectional on interface eth-0-1:

Switch(config)# interface eth-0-1
Switch(config-if-eth-0-1)# unidirectional enable

The following example shows how disable unidirectional on interface eth-0-1:

Switch(config-if-eth-0-1)# unidirectional disable

TAP Series Switch Command Line Reference

25

Related Commands

1.14 fec

enable

Enable fec

disable

Disable fec

show interface status

show interface

Use the command to set fec function for a port.

Command Syntax

fec (enable| disable)

Command Mode

Interface Configuration

Default

Disable

Usage

Use the command to set fec function for a port.

Examples

This example shows how to enable fec function:

Switch(config)# interface eth-0-1
Switch(config-if-eth-0-1)# fec enable

Related Commands

show interface status

show interface

TAP Series Switch Command Line Reference

26

1.15 static-channel-group

Use this command to assign a port to a static channel group.

AGG_GID

Channel group id. Valid minimum id is 1. Valid
maximum id is defined as blow:

for CTC5160(GreatBelt) based system: 31.

for CTC8096(GoldenGate) based system: 55

Use the no form of this command to remove it from the channel group.

Command Syntax

static-channel-group AGG_GID

no static-channel-group

Command Mode

Interface Configuration

Default

Usage

Examples

None

Use this command to assign a port to a static channel group.

Use the no form of this command to remove it from the channel group.

The valid range of channel group id is limited by hardware and is different for each model.
Using the id which is out of range is forbidden.

This example shows how to assign interface eth-0-1 to static channel group 2:

Switch(config)# interface eth-0-1
Switch(config-if-eth-0-1)# static-channel-group 2

This example shows how to remove interface eth-0-1 from static channel group:

Switch(config)# interface eth-0-1
Switch(config-if-eth-0-1)# no static-channel-group

TAP Series Switch Command Line Reference

27

Related Commands

1.16 media-type

auto

Automatically select media type of combo
port

rj45

Set media type as rj45

sfp

Set media type as sfp

show interface

Use this command to set media type of combo port.

Command Syntax

media-type (auto| rj45| sfp)

Command Mode

Default

Usage

Examples

Interface Configuration

auto

Use this command to set media type of combo port. Different media type of the combo port

cannot be active at the same time.

This example shows how to set media type of combo port:

Switch(config-if-eth-0-1) media-type auto
Switch(config-if-eth-0-1) media-type rj45
Switch(config-if-eth-0-1) media-type sfp

Related Commands

show interface

TAP Series Switch Command Line Reference

28

2 FLOW Commands

2.1 show interface flow statistics

Use this command to show statistics information which matched the flow on the interface.

IF_NAME

Specify an interface name to show flow
statistics.

This command supports physical or link
aggregation interfaces.

FLOW_SEQ_NUM

Specify sequence-number to show flow
statistics.

If the sequence-number is not specified, this
command indicates that all rules on this
interface should be shown.

Command Syntax

show interface flow statistics IF_NAME (FLOW_SEQ_NUM|)

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to show statistics information which matched the flow on the interface.

Interface name must be specified.

Examples

The following example shows how to display the flow statistic on interface eth-0-1:

TAP Series Switch Command Line Reference

29

Switch# show interface flow statistics eth-0-1

2.2 clear interface flow statistics

IF_NAME

Specify an interface name to clear flow
statistics.

This command supports physical or link
aggregation interfaces.

TAP group name: g1
flow name: f1
sequence-num 10 permit any src-ip 10.10.10.0 0.0.0.255 dst-ip any ( bytes 100 packets 1 )
sequence-num 20 deny any src-ip any dst-ip any ( bytes 86 packets 1 )
(total bytes 186 total packets 2 )

Related Commands

show flow

clear interface flow statistics

Use this command to clear statistics information which matched the flow on the interface.

Command Syntax

clear interface flow statistics IF_NAME

Command Mode

Default

Usage

Privileged EXEC

None

Use this command to clear statistics information which matched the flow on the interface.

Interface name must be specified.

TAP Series Switch Command Line Reference

30

Examples

2.3 show flow

NAME_STRING

Flow name, up to 20 characters.

If the flow name is not specified, this
command indicates that all flows should be
shown.

The following example shows how to clear statistics information which matched the flow on

the interface:

Switch# clear interface flow statistics eth-0-1

The following example shows the result after using the command in the example above:

Switch# show interface flow statistics eth-0-1
TAP group name: g1
flow name: f1
sequence-num 10 permit any src-ip 10.10.10.0 0.0.0.255 dst-ip any ( bytes 0 packets 0 )
sequence-num 20 deny any src-ip any dst-ip any ( bytes 0 packets 0 )
(total bytes 0 total packets 0 )

Related Commands

show interface flow statistics

Use this command to show the configuration of flow.

Command Syntax

show flow (NAME_STRING|)

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to show the configuration of flow.

TAP Series Switch Command Line Reference

31

If the flow name is not specified, this command indicates that all flows should be shown.

2.4 flow

NAME_STRING

Flow name, up to 20 characters

type decap

Set the flow type as tunnel decap.

Flow with “type decap” parameter can use

“inner-match” fields.

Examples

This example shows the configuration of flow:

Switch# show flow
flow f1
remark flow1ipdeny
sequence-num 10 permit any src-ip 10.10.10.0 0.0.0.255 dst-ip any
sequence-num 20 deny any src-ip any dst-ip any
flow f2
sequence-num 10 permit tcp src-port range 10 200 src-ip any dst-ip any

Related Commands

flow

Use this command to create Flow and then enter Flow configuration mode.

Use the no form of this command to delete the flow.

Command Syntax

flow NAME_STRING (type decap|)

no flow NAME_STRING

Command Mode

Global Configuration

Default

None

TAP Series Switch Command Line Reference

32

Usage

2.5 remark

Examples

Use this command to create Flow and then enter Flow configuration mode.

Use the no form of this command to delete the flow.

If the system already has a flow with the same name, this command will enter the flow

configuration mode.

When the name is not used by any flow, this command is to create the flow and then enter

the flow configuration mode. When configured with parameter”type decap”means this

flow match tunnel decap, which flow entries can configure “inner-match” fields.

Notice: Decap only supported at CTC8096 (GoldenGate) based switch.

This example shows how to create a flow named f1 and then enter the flow configuration

mode.

Switch(config)# flow f1
Switch(config-flow-f1)#

The following example shows how to delete the flow

Switch(config)# no flow f1

Related Commands

show flow

Use this command to add remarks for the flow.

Use the no form of this command to delete the remarks.

Command Syntax

remark NAME_STRING

no remark

TAP Series Switch Command Line Reference

33

NAME_STRING

Remark string for the flow, which should

begin with a-z/A-Z/0-9, valid characters are

0-9A-Za-z.-, and maximum length is 100

characters.

Command Mode

2.6 no sequence-num

Default

Usage

Examples

Flow Configuration

There is no remark of flow by default.

Use this command to add remarks for the flow.

Use the no form of this command to delete the remarks.

The remark string length is up to 100 characters. The exceed parts will not be stored and will

be truncated.

This example shows how to add a remark to describe the flow:

Switch(config-flow-f1)# remark flow1ipdeny

This example shows how to delete the remark of the flow.

Switch(config-flow-f1)# no remark

Related Commands

show flow

Use this command to delete a filter from flow.

TAP Series Switch Command Line Reference

34

Command Syntax

FLOW_SEQ_NUM

Sequence-number with the valid range 1

–

65535.

2.7 sequence-num

no sequence-num FLOW_SEQ_NUM

Command Mode

Flow Configuration.

Default

None

Usage

Use this command to delete a filter from flow or ip access-list.

Examples

This example shows how to delete a flow filter with sequence number 10 from flow f1:

Switch(config-flow-f1)# no sequence-num 10

Related Commands

show flow

sequence-num

Use this command to add a rule in a flow filter.

Command Syntax

(sequence-num FLOW_SEQ_NUM|) ( permit| deny) ( PROTOCOL_NUM| any | tcp (src-port

(range L4_PORT_NUM L4_PORT_NUM | eq L4_PORT_NUM | gt L4_PORT_NUM | lt

L4_PORT_NUM | any) | dst-port (range L4_PORT_NUM L4_PORT_NUM | eq L4_PORT_NUM

| gt L4_PORT_NUM | lt L4_PORT_NUM | any) |) (tcp-code (match-all | match any) (ack | fin

TAP Series Switch Command Line Reference

35

| psh | rst | syn | urg |) |) | udp (src-port (range L4_PORT_NUM1 L4_PORT_NUM2 | eq

sequence-num FLOW_SEQ_NUM

Specify a sequence number to create the

flow rule.

The valid range for sequence number is 1-

65535.

If the sequence number is not specified,

system should automatically assign one

number according to the base number and

the step length. The base number is the

maximum number in the flow (0 for empty

flow), the step length is 10.

permit

Specify the action of the flow rule. Use the

L4_PORT_NUM | gt L4_PORT_NUM | lt L4_PORT_NUM | any ) | dst-port (range

L4_PORT_NUM1 L4_PORT_NUM2 | eq L4_PORT_NUM | gt L4_PORT_NUM | lt

L4_PORT_NUM | any) | vxlan-vni ( VNI_VALUE VNI_VALUE_WILD | any )|) | icmp | igmp |

gre ( gre-key ( GRE_KEY_VALUE GRE_KEY_WILD | any )| ( erspan ( ERSPAN_KEY_VALUE

ERSPAN_KEY_WILD | any ))|) | nvgre (nvgre-vsid ( NVGRE_VSID_VALUE NVGRE_ VSID _WILD

| any )|) ) (src-ip ( IP_ADDR IP_ADDR_WILD | host IP_ADDR |any) | src-ipv6 ( IPv6_ADDR

IPv6_ADDR_WILD | host IPv6_ADDR |any)) (dst-ip ( IP_ADDR IP_ADDR_WILD | host

IP_ADDR |any) | dst-ipv6 ( IPv6_ADDR IPv6_ADDR_WILD | host IPv6_ADDR |any)) (flow-

label ( FLOW_LABEL LABEL_WILD |any)) (dscp DSCP_VALUE | ip-precedence

PRECEDENCE_VALUE|) ( first-fragment| non-first-fragment| non-fragment| non-or-first-

fragment| small-fragment | any-fragment |) (options|) (truncation|) (vlan (VLAN_ID

VLAN_WILD | any)|) (inner-vlan (VLAN_ID VLAN_WILD |any)|) (cos COS_ID|) (inner-cos

COS_ID|) (ether-type ( ETHER_TYPE_VALUE ETHER_TYPE_WILD_VALUE |any)|) (src-mac

( FLOW_MAC_ADDR FLOW_MAC_ADDR_WILD |any| host FLOW_MAC_ADDR)|) (dest-mac

( FLOW_MAC_ADDR FLOW_MAC_ADDR_WILD |any| host FLOW_MAC_ADDR)|) ( edit-

macda MAC_ADDRESS|) ( edit-macsa MAC_ADDRESS|) ( edit-ipsa IP_ADDRESS|) ( edit-ipda

IP_ADDRESS|) ( edit-ipv6sa IPv6_ADDRESS|) ( edit-ipv6da IPv6_ADDRESS|) ( edit-vlan

VLAN_ID|) ( un-tag|un-tag-outer-vlan|un-tag-inner-vlan) ( mark-source VLAN_ID|) ( strip-

header ( strip-position ( l2 | l3 | l4 )|) ( strip-offset OFFSET_VALUE |)|) (( ipv4-head | l4-

head ) UDF_VALUE UDF_VALUE_WILD UDF_OFFSET|) ( strip-inner-vxlan-header ) ( inner-

match MATCH_NAME|)

TAP Series Switch Command Line Reference

36

parameter“permit”to indicate packets

match this rule is allowed to forward.

deny

Specify the action of the flow rule. Use the

parameter “deny” to indicate packets match

this rule is not allowed to forward.

PROTOCOL_NUM | any | tcp | udp | icmp

| igmp | gre | nvgre

Specify the IP protocol number of the flow

rule.

The valid range for IP protocol number is 0-

255.

Well known IP protocols can also be

specified by name.

e.g. IP protocol 1 = icmp, 2 = igmp, 6 = tcp,

17 = udp, 47 = gre/nvgre (gre protocol

0x0800 = gre, 0x6558 = nvgre).

Parameter “any” indicates packets with any

IP protocol can match this rule.

src-port ( range L4_PORT_NUM

L4_PORT_NUM | eq L4_PORT_NUM | gt

L4_PORT_NUM | lt L4_PORT_NUM | any )

Specify the layer 4 source port of the flow

rule.

The valid range for L4 source port number is

0–65535.

This filed is valid only if the IP protocol is TCP

or UDP.

There are 4 methods to specify the L4 port:

1, eq (equal to)

2, lt (less than)

3, gt (greater than)

4, range

Parameter“any”indicates packets with any

L4 port can match this rule.

dst-port ( range L4_PORT_NUM

Specify the layer 4 destination port of the

TAP Series Switch Command Line Reference

37

L4_PORT_NUM | eq L4_PORT_NUM | gt

L4_PORT_NUM | lt L4_PORT_NUM | any )

flow rule.

The valid range for L4 destination port

number is 0–65535.

This filed is valid only if the IP protocol is TCP

or UDP.

There are 4 methods to specify the L4 port:

1, eq (equal to)

2, lt (less than)

3, gt (greater than)

4, range

Parameter“any”indicates packets with any

L4 port can match this rule.

vxlan-vni ( VNI_VALUE VNI_VALUE_WILD |

any )

Specify the vxlan vni number of the flow

rule.

This filed is valid only if the IP protocol is

UDP and L4 destination port 4789.

VNI (VXLAN Network Identifier) is the

identifier on the VXLAN network, which is

similar to the traditional VLAN. Terminals in

different VXLANs cannot connect with each

other based on L2 network. One tenant uses

one VNI (even if several terminals are in

same VNI, they are regarding as one tenant).

The valid range for VNI value is 0-16777215.

The valid range for VNI wildcard bits is range

0x0-0xFFFFFF.

VNI value and VNI wildcard bits both have

24bits. If a bit in wildcard is 0 means this bit

needs to check, otherwise this bit should be

ignored.

Parameter“any”indicates packets with any

TAP Series Switch Command Line Reference

38

VNI value can match this rule.

gre-key ( GRE_KEY_VALUE GRE_KEY_WILD

| any )

Specify the gre key of the flow rule.

This filed is valid only if the IP protocol is gre

(Generic Routing Encapsulation).

The valid range for gre key value is 0-

4294967295.

The valid range for gre key wildcard bits is

range 0x0- 0xFFFFFFFF.

Gre key value and wildcard bits both have

32bits, If a bit in wildcard is 0 means this bit

needs to check, otherwise this bit should be

ignored.

Parameter “any” indicates packets with any

gre key value can match this rule.

erspan ( ERSPAN_KEY_VALUE ERSPAN

_KEY_WILD | any )

Specify the erspan key value of the flow rule.

ERSPAN = Enhanced Remote SPAN.

Valid range for ERSPAM key value is 0-1023

Valid range for ERSPAM key wildcard bits is

0x0-0x3FF

ERSPAN key value and wildcard bits both

have 10bits, If a bit in wildcard is 0 means

this bit needs to check, otherwise this bit

should be ignored.

Parameter “any” indicates packets with any

erspan key value can match this rule.

nvgre-vsid ( NVGRE_VSID_VALUE

NVGRE_VSID_WILD | any )

Specify the nvgre vsid value of the flow rule.

Nvgre = Network Virtualization using Generic

Routing Encapsulation.

Valid range for NVGRE VSID value is 0-

16777215. Valid range for NVGRE VSID

TAP Series Switch Command Line Reference

39

wildcard bits is 0x0-0xFFFFFF

VSID is located in the low 24 bit of GRE head.

VSID value and wildcard bits both have 24

bits, If a bit in wildcard is 0 means this bit

needs to check, otherwise this bit should be

ignored.

Parameter“any”indicates packets with any

nvgre vsid value can match this rule.

src ip ( IP_ADDR IP_ADDR_WILD | any |

host IP_ADDR )

Specify the source IPv4 address of the flow

rule.

Use an IPv4 address and an IPv4 address

wildcard to specify a network (e.g.

192.168.1.1 0.0.0.255). If a bit in wildcard is

0 means this bit needs to check, otherwise

this bit should be ignored.

Use the parameter“host”and an IPv4

address to specify an exactly address.

Use the parameter“any”to indicate packets

with any source IPv4 address value can

match this rule.

dst ip ( IP_ADDR IP_ADDR_WILD | any |

host IP_ADDR )

Specify the destination IPv4 address of the

flow rule.

Use an IPv4 address and an IPv4 address

wildcard to specify a network (e.g.

192.168.1.1 0.0.0.255). If a bit in wildcard is

0 means this bit needs to check, otherwise

this bit should be ignored.

Use the parameter “host” and an IPv4

address to specify an exactly address.

Use the parameter “any” to indicate packets

with any destination IPv4 address value can

TAP Series Switch Command Line Reference

40

match this rule.

src ipv6 ( IPv6_ADDR IPv6_ADDR_WILD |

any | host IPv6_ADDR )

Specify the source IPv6 address of the flow

rule.

Use an IPv6 address and an IPv6 address

wildcard to specify a network. If a bit in

wildcard is 0 means this bit needs to check,

otherwise this bit should be ignored.

Use the parameter“host”and an IPv6

address to specify an exactly address.

Use the parameter “any” to indicate packets

with any source IPv6 address value can

match this rule.

dst ipv6 ( IPv6_ADDR IPv6_ADDR_WILD |

any | host IPv6_ADDR )

Specify the destination IPv6 address of the

flow rule.

Use an IPv6 address and an IPv6 address

wildcard to specify a network. If a bit in

wildcard is 0 means this bit needs to check,

otherwise this bit should be ignored.

Use the parameter“host”and an IPv6

address to specify an exactly address.

Use the parameter“any”to indicate packets

with any destination IPv6 address value can

match this rule.

flow-label ( FLOW_LABEL LABEL_WILD |

any )

Specify the IPv6 Flow label of the flow rule.

Valid range for flow label is 0-1048575. Valid

range for flow-label wildcard bits is 0x0-

0xFFFFF

Flow label value and wildcard bits both have

20bits, if a bit in wildcard is 0 means this bit

needs to check, otherwise this bit should be

ignored.

TAP Series Switch Command Line Reference

41

Parameter“any”indicates ipv6 packets with

any flow label value can match this rule.

dscp DSCP_VALUE

Specify the DSCP in IPv4 packets value of the

flow rule.

DSCP = Differentiated Services Code Point.

Valid range of DSCP value is 0 – 63.

ip-precedence PRECEDENCE_VALUE

Specify the IP precedence in IPv4 packets of

the flow rule.

Valid range of IP precedence value is 0 – 7.

DSCP & ip precedence configurations are

exclusive

first-fragment

Match packets with first fragment

non-first-fragment

Match packets with non first fragment

non-fragment

Match packets with non fragment

non-or-first-fragment

Match packets with non first fragment

small-fragment

Match packets with small fragment

any-fragment

Match packets with any fragment

options

Match packets with IP options

truncation

Use this parameter to truncate the packets

matched this rule.

The length of truncation is configured by the

“truncation” command in global

configuration mode.

vlan ( VLAN_ID VLAN_WILD | any )

Specify the outer vlan id of the flow rule.

The valid range for vlan id is 0-4095.

The valid range for vlan id wildcard bits is

0x0-0xFFF.

Vlan id and wildcard bits both have 12bits, if

TAP Series Switch Command Line Reference

42

a bit in wildcard is 0 means this bit needs to

check, otherwise this bit should be ignored.

Parameter“any”indicates packets with any

outer vlan id can match this rule.

inner-vlan ( VLAN_ID VLAN_WILD | any )

Specify the inner vlan id of the flow rule.

The valid range for vlan id is 0-4095.

The valid range for vlan id wildcard bits is

0x0-0xFFF.

Vlan id and wildcard bits both have 12bits, if

a bit in wildcard is 0 means this bit needs to

check, otherwise this bit should be ignored.

Parameter “any” indicates packets with any

inner vlan id can match this rule.

cos COS_ID

Specify the outer CoS value of the flow rule.

CoS = Class of Service.

The valid range of Cos is 0 to 7.

inner-cos COS_ID

Specify the inner CoS value of the flow rule.

CoS = Class of Service.

The valid range of Cos is 0 to 7.

ether-type ( ETHER_TYPE_VALUE

ETHER_TYPE_WILD_VALUE | any )

Specify the ether-type of the flow rule.

The valid range for ether-type is 0x600-

0xFFFF.

The valid range for wildcard bits is 0x600-

0xFFFF.

Ether-type value and wildcard bits both

have 16bits, if a bit in wildcard is 0 means

this bit needs to check, otherwise this bit

should be ignored.

Parameter“any”indicates packets with any

ethertype value can match this rule.

TAP Series Switch Command Line Reference

43

src-mac ( FLOW_MAC_ADDR

FLOW_MAC_ADDR_WILD | any | host

FLOW_MAC_ADDR )

Specify the source mac address in

HHHH.HHHH.HHHH format.

Use a mac address and wildcard bits to

specify a batch of mac addresses. If a bit in

wildcard is 0 means this bit needs to check,

otherwise this bit should be ignored.

Use the parameter “host” and a mac address

to specify an exactly mac address.

Use the parameter“any”to indicate packets

with any source mac address value can

match this rule.

dest-mac ( FLOW_MAC_ADDR

FLOW_MAC_ADDR_WILD | any| host

FLOW_MAC_ADDR )

Specify the destination mac address in

HHHH.HHHH.HHHH format.

Use a mac address and wildcard bits to

specify a batch of mac addresses. If a bit in

wildcard is 0 means this bit needs to check,

otherwise this bit should be ignored.

Use the parameter “host” and a mac address

to specify an exactly mac address.

Use the parameter“any”to indicate packets

with any destination mac address value can

match this rule.

edit-macda MAC_ADDRESS

Specify the destination mac address of the

outgoing packets in HHHH.HHHH.HHHH

format.

edit-macsa MAC_ADDRESS

Specify the source mac address of the

outgoing packets in HHHH.HHHH.HHHH

format.。

edit-ipsa IP_ADDRESS

Specify the source IP address of the outgoing

packets in A.B.C.D format.。

TAP Series Switch Command Line Reference

44

edit-ipda IP_ADDRESS

Specify the destination IP address of the

outgoing packets in A.B.C.D format.。

edit-ipv6sa IPv6_ADDRESS

Specify the source IPv6 address of the

outgoing packets.

edit-ipv6da IPv6_ADDRESS

Specify the destination IPv6 address of the

outgoing packets.

edit-vlan VLAN_ID

Specify the vlan id of the outgoing packets.

The valid range for vlan id is 1 – 4094.

un-tag

Remove vlan tags of the packets.

un-tag-outer-vlan

Remove outer vlan tag of the packets.

un-tag-inner-vlan

Remove inner vlan tag of the packets.

mark-source VLAN_ID

Specify additional outer vlan id of the

outgoing packets.

The valid range for vlan id is 1 – 4094.

strip-header [ strip-position ( l2 | l3 | l4 ) ]

[ strip-offset OFFSET_VALUE ]

Remove the outer header of the tunnel

packets.

This parameter is only valid when the packet

is gre/nvgre/vxlan.

The parameter“strip-position”specifies the

begging of the outer header.“l2”means

begin with the layer 2 tunnel header. “l3”

means begin with the layer 3 tunnel header.

“l4”

means begin with the layer 4 tunnel

header.

The parameter “strip-offset” specifies the

user- defined offset to strip the tunnel outer

header. The valid range for strip-offset is 0-

30.

strip-inner-vxlan-header

Remove the inner vxlan header in the erspan

TAP Series Switch Command Line Reference

45

packets.

This parameter is only valid when the packet

is ERSPAN + VXLAN.

( ipv4-head | l4-head ) UDF_VALUE

UDF_VALUE_WILD UDF_OFFSET

UDF = User Define Format.

The parameter“ipv4-head”indicates the

packet is parsed at the beginning with the

IPv4 header.

The parameter“l4-head”indicates the

packet is parsed at the beginning with the

layer4 header.

Udf value and wildcard bits both have 32

bits, If a bit in wildcard is 0 means this bit

needs to check, otherwise this bit should be

ignored.

The parameter“UDF_OFFSET”specifies the

offset bits from the beginning. The valid

range of the offset is 0 -60.

inner-match MATCH_NAME

Specify the inner match profile of the flow

rule.

The inner-match profile is created by “inner-

match” command in global configuration

mode.

Command Mode

Flow Configuration Mode

Default

None

TAP Series Switch Command Line Reference

46

Usage

Examples

Wildcard bits in this command are used as reversed. That means value and wildcard bits have

same length, If a bit in wildcard is 0 means this bit needs to check, otherwise this bit should

be ignored.

E.g. IP address 10.10.10.0 wildcard 0.0.0.255 means 256 ip addresses from 10.10.10.0 to

10.10.10.255.

Layer 4 information（e.g. tcp/udp port）and fragment information are exclusive.

Notice:

The parameters“gre, gre-key, nvgre, nvgre-vsid, vxlan-vni, truncation, strip-header, edit-ipsa,

ipv4-head, l4-head, inner-match” are not supported on CTC5160 (GreatBelt) based switch.

This example shows how to add a flow filter with sequence number 10 to flow f1:

Switch(config)# flow f1
Switch(config-flow-f1)# sequence-num 10 permit any src-ip 10.10.10.0 0.0.0.255 dst-ip any

Related Commands

no sequence-num

TAP Series Switch Command Line Reference

47

3 INNER-MATCH Commands

3.1 show inner-match

Use this command to show the configuration of inner-match.

INNER_MATCH_NAME

Specify an inner-match name to display.

The inner match name should begin with a­z/A-Z/0-9, valid characters are 0-9A-Za-z.-, and
maximum length is 20 characters.

If the parameter“INNER_MATCH_NAME”is
not specified, the command indicates that all
inner-matches on this device should be
displayed; otherwise only the specified one
should be displayed

Command Syntax

show inner-match (INNER_MATCH_NAME |)

Command Mode

Privileged EXEC

Default

None

Usage

The inner-match name can be specified or not.

This command is not supported on CTC5160 (GreatBelt) based switch.

Examples

This example shows the configuration of all inner-match:

TAP Series Switch Command Line Reference

48

Switch# show inner-match

3.2 inner-match

NAME_STRING

Specify an inner-match name to create and

enter the mode.

The inner match name should begin with a-

z/A-Z/0-9, valid characters are 0-9A-Za-z.-,

and maximum length is 20 characters.

inner-match im1

sequence-num 1 match icmp src-ip any dst-ip any vlan any

inner-match im2

sequence-num 1 match udp dst-port eq 4758 src-ip any dst-ip host 2.2.2.2

Related Commands

inner-match

Use this command to create inner-match and then enter Inner-match configuration mode.

Use the no form of this command to delete the inner-match.

Command Syntax

inner-match INNER_MATCH_NAME

Command Mode

Default

Usage

no inner-match INNER_MATCH_NAME

Global Configuration

None

If the system already has an inner-match with the same name, this command will enter the

inner-match configuration mode.

TAP Series Switch Command Line Reference

49

When the name is not used by any inner-match, this command is to create the inner-match

3.3 remark

NAME_STRING

Remark string for the inner-match, which
should begin with a-z/A-Z/0-9, valid characters
are 0-9A-Za-z.-, maximum length is 100
characters.

firstly and then enter the inner-match configuration mode.

This command dose not supported on CTC5160 (GreatBelt) based switch.

Examples

This example shows how to create a inner-match named im1 and then enter the inner-match
configuration mode.
Switch(config)# inner-match im1
Switch(config-inner-match-im1)#

Related Commands

show inner-match

Use this command to add remarks for the inner-match.

Command Syntax

remark NAME_STRING

no remark

Command Mode

Inner-match Configuration

Default

Default is no remarks of inner-match.

Usage

The remarks are up to 100 characters.

TAP Series Switch Command Line Reference

50

This command does not supported on CTC5160 (GreatBelt) based switch.

3.4 no sequence-num

MATCH_SEQ_NUM

Sequence-number with the valid range 1 –

65535.

Examples

This example shows how to add a remark to describe the inner-match:

Switch(config-inner-match-im1)# remark inner-match-1

This example shows how to delete the remark of the inner-match.

Switch(config-inner-match-im1)# no remark

Related Commands

show inner-match

Use this command to delete a filter from inner-match.

Command Syntax

no sequence-num MATCH_SEQ_NUM

Command Mode

Inner-match Configuration

Default

None

Usage

Use this command to delete a filter from inner-match.

This command does not supported on CTC5160(GreatBelt) based switch.

TAP Series Switch Command Line Reference

51

Examples

3.5 sequence-num

sequence-num MATCH_SEQ_NUM

Specify a sequence number to create the
inner-match rule.

The valid range for sequence number is 1-

This example shows how to delete an inner-match filter with sequence number 10 from im1:

Switch(config-inner-match-im1)# no sequence-num 10

Related Commands

show inner-match

match

Use this command to set matching rules for the inner-match filter.

Command Syntax

(sequence-num MATCH_SEQ_NUM|) match ( PROTOCOL_NUM| any | tcp (src-port (range

L4_PORT_NUM L4_PORT_NUM | eq L4_PORT_NUM | gt L4_PORT_NUM | lt L4_PORT_NUM

| any) | dst-port (range L4_PORT_NUM L4_PORT_NUM | eq L4_PORT_NUM | gt

L4_PORT_NUM | lt L4_PORT_NUM | any) |) (tcp-code (match-all | match any) (ack | fin |

psh | rst | syn | urg |) |) | udp (src-port (range L4_PORT_NUM1 L4_PORT_NUM2 | eq

L4_PORT_NUM | gt L4_PORT_NUM | lt L4_PORT_NUM | any ) | dst-port (range

L4_PORT_NUM1 L4_PORT_NUM2 | eq L4_PORT_NUM | gt L4_PORT_NUM | lt

L4_PORT_NUM | any) | icmp | igmp ) (src-ip ( IP_ADDR IP_ADDR_WILD | host IP_ADDR |any)

| src-ipv6 ( IPv6_ADDR IPv6_ADDR_WILD | host IPv6_ADDR |any)) (dst-ip ( IP_ADDR

IP_ADDR_WILD | host IP_ADDR |any) | dst-ipv6 ( IPv6_ADDR IPv6_ADDR_WILD | host

IPv6_ADDR |any)) (flow-label ( FLOW_LABEL LABEL_WILD |any)) (dscp DSCP_VALUE | ip-

precedence PRECEDENCE_VALUE|) ( first-fragment| non-first-fragment| non-fragment|

non-or-first-fragment| small-fragment | any-fragment|) (options|) (vlan (VLAN_ID

VLAN_ID_WILD | any)|) (inner-vlan (VLAN_ID VLAN_ID_WILD |any)|) (cos COS_ID|) (inner-

cos COS_ID|) (ether-type ( ETHER_TYPE_VALUE ETHER_TYPE_WILD_VALUE |any)|) (src-mac

( MATCH_MAC_ADDR MATCH_MAC_ADDR_WILD |any| host MATCH_MAC_ADDR)|) (dest-

mac ( MATCH_MAC_ADDR MATCH_MAC_ADDR_WILD |any| host MATCH_MAC_ADDR)|)

TAP Series Switch Command Line Reference

52

65535.

If the sequence number is not specified,
system should automatically assign one
number according to the base number and the
step length. The base number is the
maximum number in the inner-match (0 for
empty inner-match), the step length is 10.

match

Match the packets according to the rule

PROTOCOL_NUM | any | tcp | udp | icmp |
igmp

Specify the IP protocol number of the inner­match rule.

The valid range for IP protocol number is 0-

255.

Well known IP protocols can also be specified
by name.

e.g. IP protocol 1 = icmp, 2 = igmp, 6 = tcp, 17
= udp.

Parameter“any”indicates packets with any IP
protocol can match this rule.

src-port ( range L4_PORT_NUM
L4_PORT_NUM | eq L4_PORT_NUM | gt
L4_PORT_NUM | lt L4_PORT_NUM | any )

Specify the layer 4 source port of the inner­match rule.

The valid range for L4 source port number is 0
– 65535.

This filed is valid only if the IP protocol is TCP
or UDP.

There are 4 methods to specify the L4 port:

1, eq (equal to)

2, lt (less than)

3, gt (greater than)

4, range

Parameter “any” indicates packets with any L4
port can match this rule.

dst-port ( range L4_PORT_NUM
L4_PORT_NUM | eq L4_PORT_NUM | gt
L4_PORT_NUM | lt L4_PORT_NUM | any )

Specify the layer 4 destination port of the
inner-match rule.

The valid range for L4 destination port
number is 0 – 65535.

This filed is valid only if the IP protocol is TCP
or UDP.

There are 4 methods to specify the L4 port:

1, eq (equal to)

2, lt (less than)

3, gt (greater than)

4, range

Parameter“any”indicates packets with any L4
port can match this rule.

src-ip ( IP_ADDR IP_ADDR_WILD | any | host
IP_ADDR )

Specify the source IPv4 address of the inner­match rule.

TAP Series Switch Command Line Reference

53

Use an IPv4 address and an IPv4 address
wildcard to specify a network (e.g.

192.168.1.1 0.0.0.255). If a bit in wildcard is 0
means this bit needs to check, otherwise this
bit should be ignored.

Use the parameter “host” and an IPv4 address
to specify an exactly address.

Use the parameter“any”to indicate packets
with any source IPv4 address value can match
this rule.

dst-ip ( IP_ADDR IP_ADDR_WILD | any | host
IP_ADDR )

Specify the destination IPv4 address of the
inner-match rule.

Use an IPv4 address and an IPv4 address
wildcard to specify a network (e.g.

192.168.1.1 0.0.0.255). If a bit in wildcard is 0
means this bit needs to check, otherwise this
bit should be ignored.

Use the parameter “host” and an IPv4 address
to specify an exactly address.

Use the parameter“any”to indicate packets
with any destination IPv4 address value can
match this rule.

src-ipv6 ( IPv6_ADDR IPv6_ADDR_WILD | any |
host IPv6_ADDR )

Specify the source IPv6 address of the inner­match rule.

Use an IPv6 address and an IPv6 address
wildcard to specify a network. If a bit in
wildcard is 0 means this bit needs to check,
otherwise this bit should be ignored.

Use the parameter “host” and an IPv6 address
to specify an exactly address.

Use the parameter “any” to indicate packets
with any source IPv6 address value can match
this rule.

dst-ipv6 ( IPv6_ADDR IPv6_ADDR_WILD | any
| host IPv6_ADDR )

Specify the destination IPv6 address of the
inner-match rule.

Use an IPv6 address and an IPv6 address
wildcard to specify a network. If a bit in
wildcard is 0 means this bit needs to check,
otherwise this bit should be ignored.

Use the parameter “host” and an IPv6 address
to specify an exactly address.

Use the parameter “any” to indicate packets
with any destination IPv6 address value can
match this rule.

flow-label ( FLOW_LABEL LABEL_WILD | any )

Specify the IPv6 Flow label of the inner-match
rule.

Valid range for flow label is 0-1048575. Valid
range for flow-label wildcard bits is 0x0­0xFFFFF

TAP Series Switch Command Line Reference

54

Flow label value and wildcard bits both have
20bits, if a bit in wildcard is 0 means this bit
needs to check, otherwise this bit should be
ignored.

Parameter“any”indicates ipv6 packets with
any flow label value can match this rule.

dscp DSCP_VALUE

Specify the DSCP in IPv4 packets value of the
inner-match rule.

DSCP = Differentiated Services Code Point.

Valid range of DSCP value is 0 – 63.

ip-precedence PRECEDENCE_VALUE

Specify the IP precedence in IPv4 packets of
the inner-match rule.

Valid range of IP precedence value is 0–7.

DSCP & ip precedence configurations are
exclusive

first-fragment

Match packets with first fragment

non-first-fragment

Match packets with non first fragment

non-fragment

Match packets with non fragment

non-or-first-fragment

Match packets with non first fragment

small-fragment

Match packets with small fragment

any-fragment

Match packets with any fragment

options

Match packets with IP options

vlan ( VLAN_ID VLAN_WILD | any )

Specify the outer vlan id of the inner-match
rule.

The valid range for vlan id is 0-4095.

The valid range for vlan id wildcard bits is 0x0­0xFFF.

Vlan id and wildcard bits both have 12bits, if a
bit in wildcard is 0 means this bit needs to
check, otherwise this bit should be ignored.

Parameter “any” indicates packets with any
outer vlan id can match this rule.

inner-vlan ( VLAN_ID VLAN_WILD | any )

Specify the inner vlan id of the inner-match
rule.

The valid range for vlan id is 0-4095.

The valid range for vlan id wildcard bits is 0x0­0xFFF.

Vlan id and wildcard bits both have 12bits, if a
bit in wildcard is 0 means this bit needs to
check, otherwise this bit should be ignored.

Parameter“any”indicates packets with any
inner vlan id can match this rule.

cos COS_ID

Specify the outer CoS value of the inner-match
rule.

TAP Series Switch Command Line Reference

55

CoS = Class of Service.

The valid range of Cos is 0 to 7.

inner-cos COS_ID

Specify the inner CoS value of the inner-match
rule.

CoS = Class of Service.

The valid range of Cos is 0 to 7.

ether-type ( ETHER_TYPE_VALUE
ETHER_TYPE_WILD_VALUE | any )

Specify the ether-type of the inner-match rule.

The valid range for ether-type is 0x600­0xFFFF.

The valid range for wildcard bits is 0x600­0xFFFF.

Ether-type value and wildcard bits both have
16bits, if a bit in wildcard is 0 means this bit
needs to check, otherwise this bit should be
ignored.

Parameter“any”indicates packets with any
ethertype value can match this rule.

src-mac ( MATCH_MAC_ADDR
MATCH_MAC_ADDR_WILD | any | host
MATCH_MAC_ADDR )

Specify the source mac address in
HHHH.HHHH.HHHH format.

Use a mac address and wildcard bits to specify
a batch of mac addresses. If a bit in wildcard is
0 means this bit needs to check, otherwise
this bit should be ignored.

Use the parameter“host”and a mac address
to specify an exactly mac address.

Use the parameter “any” to indicate packets
with any source mac address value can match
this rule.

dest-mac ( MATCH_MAC_ADDR
MATCH_MAC_ADDR_WILD | any| host
MATCH_MAC_ADDR )

Specify the destination mac address in
HHHH.HHHH.HHHH format.

Use a mac address and wildcard bits to specify
a batch of mac addresses. If a bit in wildcard is
0 means this bit needs to check, otherwise
this bit should be ignored.

Use the parameter“host”and a mac address
to specify an exactly mac address.

Use the parameter “any” to indicate packets
with any destination mac address value can
match this rule.

Command Mode

Inner-match Configuration

TAP Series Switch Command Line Reference

56

Default

Usage

None

Wildcard bits in this command are used as reversed. That means value and wildcard bits have

same length, If a bit in wildcard is 0 means this bit needs to check, otherwise this bit should

be ignored.

E.g.: ip address 10.10.10.0 wildcard 0.0.0.255 means 256 ip addresses from 10.10.10.0 to

10.10.10.255.

Layer 4 information （e.g. tcp/udp port）and fragment information are exclusive.

Notice:

This command does not supported on CTC5160 (GreatBelt) based switch.

Examples

This example shows how to add an inner-match filter with sequence number 10 to im1:

Switch(config)# inner-match im1
Switch(config-inner-match-im1)# sequence-num 10 match icmp src-ip 10.10.10.0 0.0.0.255 dst-ip
any

Related Commands

no sequence-num

TAP Series Switch Command Line Reference

57

4 ACL Commands

4.1 show interface egress ip access-list

Use this command to show egress statistics of ip access-list on an interface.

IF_NAME

Specify the interface name to show IP ACL
statistics.

This command supports physical or link
aggregation interfaces.

Command Syntax

show interface egress ip access-list statistics IF_NAME

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to show egress statistics of ip access-list. The interface name must be

specified.

Examples

This example shows the egress ip access-list statistic of interface eth-0-1:

Switch# show interface egress ip access-list statistics eth-0-1
egress flow f2
sequence-num 10 permit tcp src-port range 10 200 src-ip any dst-ip any ( bytes 124 packets 1 )
(total bytes 124 total packets 1 )

TAP Series Switch Command Line Reference

58

Related Commands

4.2 clear interface egress ip access-list

IF_NAME

Specify the interface name to clear IP ACL
statistics.

This command supports physical or link
aggregation interfaces.

clear interface egress ip access-list

Use this command to clear egress statistics of ip access-list on an interface.

Command Syntax

clear interface egress ip access-list statistics IF_NAME

Command Mode

Default

Usage

Examples

Privileged EXEC

None

Use this command to clear egress statistics of ip access-list. The interface name must be

specified.

This example shows how to clear the egress ip access-list statistic of interface eth-0-1:

Switch# clear interface egress ip access-list statistics eth-0-1

This example shows the egress ip access-list statistic of interface eth-0-1:

Switch# show interface egress ip access-list statistics eth-0-1
egress flow f2
sequence-num 10 permit tcp src-port range 10 200 src-ip any dst-ip any ( bytes 0 packets 0 )
(total bytes 0 total packets 0 )

TAP Series Switch Command Line Reference

59

Related Commands

4.3 show ip access-list

NAME_STRING

Ip access-list name, up to 20 characters

show interface egress ip access-list

Use this command to show the configuration of ip access-list.

Command Syntax

show ip access-list (NAME_STRING|)

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to show the configuration of ip access-list.

If the parameter“NAME_STRING”is not specified, the command indicates that all ip access-

list on this device should be displayed; otherwise only the specified one should be displayed.

Examples

This example shows the configuration of ip access-list:

Switch# show ip access-list
ip access-list f2

sequence-num 10 permit tcp src-port range 10 200 src-ip any dst-ip any

Related Commands

ip access-list

TAP Series Switch Command Line Reference

60

4.4 ip access-list

Use this command to create IP ACL and then enter IP ACL configuration mode.

NAME_STRING

IP access-list name string, which should begin
with a-z/A-Z/0-9, valid characters are 0-9A-Za­z.-, and maximum length is 20 characters.

Use the no form of this command to delete the IP ACL.

Command Syntax

ip access-list NAME_STRING

Command Mode

Global Configuration

Default

None

Usage

If the system already has an IP ACL with the same name, this command will enter the IP ACL

configuration mode

When the name is not used by any ACL, this command is to create the IP ACL firstly and then

enter the IP ACL configuration mode.

Examples

This example shows how to create an IP ACL named f1 and then enter the IP ACL

configuration mode:

Switch(config)# ip access-list f1
Switch(config-acl-f1)#

Related Commands

show ip access-list

TAP Series Switch Command Line Reference

61

4.5 remark

Use this command to add remarks for the flow or ip access-list.

NAME_STRING

Remark string for the IP ACL which should

begin with a-z/A-Z/0-9, valid characters are

0-9A-Za-z.-, maximum length is 100

characters.

Command Syntax

remark NAME_STRING

Command Mode

ACL Configuration

Default

Default is no remarks of flow or ip access-list.

Usage

The remarks are up to 100 characters. The exceed parts will not be stored and will be

truncated.

Examples

This example shows how to add a remark to describe the IP ACL:

Switch(config-acl-acl1)# remark acl1ipdeny

This example shows how to remove the remark:

Switch(config-acl-acl1)# no remark

Related Commands

show ip access-list

TAP Series Switch Command Line Reference

62

4.6 no sequence-num

Use this command to delete a filter from ip access-list.

ACL_SEQ_NUM

Sequence-number with the valid range 1

–

65535.

4.7 sequence-num acl_seq

Command Syntax

no sequence-num ACL_SEQ_NUM

Command Mode

ACL Configuration

Default

None

Usage

Use this command to delete a filter from ip access-list.

Examples

This example shows how to delete a flow filter with sequence number 10 from ip acl acl1:

Switch(config-acl-acl1)# no sequence-num 10

Related Commands

show ip access-list

sequence-num

Use this command to permit or deny packets matching the ip access-list filter.

TAP Series Switch Command Line Reference

63

Command Syntax

sequence-num ACL_SEQ_NUM

Specify a sequence number to create the acl
rule.

The valid range for sequence number is 1-

65535.

If the sequence number is not specified,
system should automatically assign one
number according to the base number and the
step length. The base number is the
maximum number in the flow (0 for empty
flow), the step length is 10.

permit

Specify the action of the acl rule. Use the
parameter “permit” to indicate packets match
this rule is allowed to forward.

deny

Specify the action of the acl rule. Use the
parameter “deny” to indicate packets match
this rule is not allowed to forward.

PROTOCOL_NUM | any | tcp | udp | icmp |
igmp | gre | nvgre

Specify the IP protocol number of the acl rule.

The valid range for IP protocol number is 0-

255.

Well known IP protocols can also be specified

(sequence-num ACL_SEQ_NUM|) ( permit| deny) ( PROTOCOL_NUM| any | tcp (src-port

(range L4_PORT_NUM L4_PORT_NUM | eq L4_PORT_NUM | gt L4_PORT_NUM | lt

L4_PORT_NUM | any) | dst-port (range L4_PORT_NUM L4_PORT_NUM | eq L4_PORT_NUM

| gt L4_PORT_NUM | lt L4_PORT_NUM | any) |) (tcp-code (match-all | match any) (ack | fin

| psh | rst | syn | urg |) |) | udp (src-port (range L4_PORT_NUM1 L4_PORT_NUM2 | eq

L4_PORT_NUM | gt L4_PORT_NUM | lt L4_PORT_NUM | any ) | dst-port (range

L4_PORT_NUM1 L4_PORT_NUM2 | eq L4_PORT_NUM | gt L4_PORT_NUM | lt

L4_PORT_NUM | any) | icmp | igmp ) (src-ip ( IP_ADDR IP_ADDR_WILD | host IP_ADDR |any)

| src-ipv6 ( IPv6_ADDR IPv6_ADDR_WILD | host IPv6_ADDR |any)) (dst-ip ( IP_ADDR

IP_ADDR_WILD | host IP_ADDR |any) | dst-ipv6 ( IPv6_ADDR IPv6_ADDR_WILD | host

IPv6_ADDR |any)) (flow-label ( FLOW_LABEL LABEL_WILD |any)) (dscp DSCP_VALUE | ip-

precedence PRECEDENCE_VALUE|) ( first-fragment| non-first-fragment| non-fragment|

non-or-first-fragment| small-fragment | any-fragment|) (options|) (vlan (VLAN_ID

VLAN_WILD | any)|) (inner-vlan (VLAN_ID VLAN_WILD |any)|) (cos COS_ID|) (inner-cos

COS_ID|) (ether-type (ETHER_TYPE_VALUE ETHER_TYPE_WILD_VALUE |any)|) (src-mac

(ACL_MAC_ADDR ACL_MAC_ADDR_WILD |any| host ACL_MAC_ADDR)|) (dest-mac

( ACL_MAC_ADDR ACL_MAC_ADDR_WILD|any| host ACL_MAC_ADDR)|) (( ipv4-head | l4-

head ) UDF_VALUE UDF_VALUE_WILD UDF_OFFSET|)

TAP Series Switch Command Line Reference

64

by name.

e.g. IP protocol 1 = icmp, 2 = igmp, 6 = tcp, 17
= udp, 47 = gre/nvgre (gre protocol 0x0800 =
gre, 0x6558 = nvgre).

Parameter“any”indicates packets with any IP
protocol can match this rule.

src-port ( range L4_PORT_NUM

L4_PORT_NUM | eq L4_PORT_NUM | gt
L4_PORT_NUM | lt L4_PORT_NUM | any )

Specify the layer 4 source port of the acl rule.

The valid range for L4 source port number is 0

–

65535.

This filed is valid only if the IP protocol is TCP
or UDP.

There are 4 methods to specify the L4 port:

1, eq (equal to)

2, lt (less than)

3, gt (greater than)

4, range

Parameter “any” indicates packets with any L4
port can match this rule.

dst-port ( range L4_PORT_NUM

L4_PORT_NUM | eq L4_PORT_NUM | gt
L4_PORT_NUM | lt L4_PORT_NUM | any )

Specify the layer 4 destination port of the acl
rule.

The valid range for L4 destination port number
is 0 – 65535.

This filed is valid only if the IP protocol is TCP
or UDP.

There are 4 methods to specify the L4 port:

1, eq (equal to)

2, lt (less than)

3, gt (greater than)

4, range

Parameter “any” indicates packets with any L4
port can match this rule.

src-ip ( IP_ADDR IP_ADDR_WILD | any | host
IP_ADDR )

Specify the source IPv4 address of the acl rule.

Use an IPv4 address and an IPv4 address
wildcard to specify a network (e.g. 192.168.1.1

0.0.0.255). If a bit in wildcard is 0 means this
bit needs to check, otherwise this bit should
be ignored.

Use the parameter“host”and an IPv4 address
to specify an exactly address.

Use the parameter“any”to indicate packets
with any source IPv4 address value can match
this rule.

dst-ip ( IP_ADDR IP_ADDR_WILD | any | host
IP_ADDR )

Specify the destination IPv4 address of the acl
rule.

Use an IPv4 address and an IPv4 address
wildcard to specify a network (e.g. 192.168.1.1

0.0.0.255). If a bit in wildcard is 0 means this

TAP Series Switch Command Line Reference

65

bit needs to check, otherwise this bit should
be ignored.

Use the parameter “host” and an IPv4 address
to specify an exactly address.

Use the parameter“any”to indicate packets
with any destination IPv4 address value can
match this rule.

src-ipv6 ( IPv6_ADDR IPv6_ADDR_WILD | any
| host IPv6_ADDR )

Specify the source IPv6 address of the acl rule.

Use an IPv6 address and an IPv6 address
wildcard to specify a network. If a bit in
wildcard is 0 means this bit needs to check,
otherwise this bit should be ignored.

Use the parameter “host” and an IPv6 address
to specify an exactly address.

Use the parameter“any”to indicate packets
with any source IPv6 address value can match
this rule.

dst-ipv6 ( IPv6_ADDR IPv6_ADDR_WILD | any
| host IPv6_ADDR )

Specify the destination IPv6 address of the acl
rule.

Use an IPv6 address and an IPv6 address
wildcard to specify a network. If a bit in
wildcard is 0 means this bit needs to check,
otherwise this bit should be ignored.

Use the parameter“host”and an IPv6 address
to specify an exactly address.

Use the parameter “any” to indicate packets
with any destination IPv6 address value can
match this rule.

flow-label ( FLOW_LABEL LABEL_WILD | any )

Specify the IPv6 Flow label of the acl rule.

Valid range for flow label is 0-1048575. Valid
range for flow-label wildcard bits is 0x0­0xFFFFF

Flow label value and wildcard bits both have
20bits, if a bit in wildcard is 0 means this bit
needs to check, otherwise this bit should be
ignored.

Parameter “any” indicates ipv6 packets with
any flow label value can match this rule.

dscp DSCP_VALUE

Specify the DSCP in IPv4 packets value of the
acl rule.

DSCP = Differentiated Services Code Point.

Valid range of DSCP value is 0 – 63.

ip-precedence PRECEDENCE_VALUE

Specify the IP precedence in IPv4 packets of
the acl rule.

Valid range of IP precedence value is 0 – 7.

DSCP & ip precedence configurations are
exclusive

TAP Series Switch Command Line Reference

66

first-fragment

Match packets with first fragment

non-first-fragment

Match packets with non first fragment

non-fragment

Match packets with non fragment

non-or-first-fragment

Match packets with non first fragment

small-fragment

Match packets with small fragment

any-fragment

Match packets with any fragment

options

Match packets with IP options

vlan ( VLAN_ID VLAN_WILD | any )

Specify the outer vlan id of the acl rule.

The valid range for vlan id is 0-4095.

The valid range for vlan id wildcard bits is 0x0­0xFFF.

Vlan id and wildcard bits both have 12bits, if a
bit in wildcard is 0 means this bit needs to
check, otherwise this bit should be ignored.

Parameter“any”indicates packets with any
outer vlan id can match this rule.

inner-vlan ( VLAN_ID VLAN_WILD | any )

Specify the inner vlan id of the acl rule.

The valid range for vlan id is 0-4095.

The valid range for vlan id wildcard bits is 0x0­0xFFF.

Vlan id and wildcard bits both have 12bits, if a
bit in wildcard is 0 means this bit needs to
check, otherwise this bit should be ignored.

Parameter“any”indicates packets with any
inner vlan id can match this rule.

cos COS_ID

Specify the outer CoS value of the acl rule.

CoS = Class of Service.

The valid range of Cos is 0 to 7.

inner-cos COS_ID

Specify the inner CoS value of the acl rule.

CoS = Class of Service.

The valid range of Cos is 0 to 7.

ether-type ( ETHER_TYPE_VALUE
ETHER_TYPE_WILD_VALUE | any )

Specify the ether-type of the acl rule.

The valid range for ether-type is 0x600-0xFFFF.

The valid range for wildcard bits is 0x600­0xFFFF.

Ether-type value and wildcard bits both have
16bits, if a bit in wildcard is 0 means this bit
needs to check, otherwise this bit should be
ignored.

Parameter “any” indicates packets with any
ethertype value can match this rule.

src-mac ( ACL_MAC_ADDR
ACL_MAC_ADDR_WILD | any | host

Specify the source mac address in
HHHH.HHHH.HHHH format.

TAP Series Switch Command Line Reference

67

ACL_MAC_ADDR )

Use a mac address and wildcard bits to specify
a batch of mac addresses. If a bit in wildcard is
0 means this bit needs to check, otherwise this
bit should be ignored.

Use the parameter“host”and a mac address
to specify an exactly mac address.

Use the parameter “any” to indicate packets
with any source mac address value can match
this rule.

dest-mac ( ACL_MAC_ADDR
ACL_MAC_ADDR_WILD | any| host
ACL_MAC_ADDR )

Specify the destination mac address in
HHHH.HHHH.HHHH format.

Use a mac address and wildcard bits to specify
a batch of mac addresses. If a bit in wildcard is
0 means this bit needs to check, otherwise this
bit should be ignored.

Use the parameter“host”and a mac address
to specify an exactly mac address.

Use the parameter “any” to indicate packets
with any destination mac address value can
match this rule.

( ipv4-head | l4-head ) UDF_VALUE

UDF_VALUE_WILD UDF_OFFSET

UDF = User Define Format.

The parameter “ipv4-head” indicates the
packet is parsed at the beginning with the IPv4
header.

The parameter “l4-head” indicates the packet
is parsed at the beginning with the layer4
header.

Udf value and wildcard bits both have 32 bits,
If a bit in wildcard is 0 means this bit needs to
check, otherwise this bit should be ignored.

The parameter“UDF_OFFSET”specifies the
offset bits from the beginning. The valid range
of the offset is 0 -60.

Command Mode

ACL Configuration Mode

Default

None

TAP Series Switch Command Line Reference

68

Usage

4.8 egress

NAME_STRING

IP access-list name string, which should begin
with a-z/A-Z/0-9, valid characters are 0-9A-Za-

Examples

Wildcard bits in this command are used as reversed. That means value and wildcard bits have

same length, If a bit in wildcard is 0 means this bit needs to check, otherwise this bit should

be ignored.

E.g.: ip address 10.10.10.0 wildcard 0.0.0.255 means 256 ip addresses from 10.10.10.0 to

10.10.10.255.

Layer 4 information（e.g. tcp/udp port）and fragment information are exclusive.

Notice:

The parameters“ipv4-head, l4-head”are not supported on CTC5160 (GreatBelt) based

switch.

This example shows how to add an acl filter with sequence number 10 to acl test1:

Switch(config)# ip access-list test1
Switch(config-acl-test1)# sequence-num 10 permit any src-ip 10.10.10.0 0.0.0.255 dst-ip any

Related Commands

no sequence-num

show ip access-list

Use this command to apply IPv4 access list on the outbound direction of an interface

Use the no form of this command to remove the IPv4 access list.

Command Syntax

egress NAME_STRING

no egress

TAP Series Switch Command Line Reference

69

z.-, maximum length is 20 characters.

Command Mode

Default

Usage

Examples

Interface Configuration

None.

Use this command to apply IPv4 access list on the outbound direction of an interface

Use the no form of this command to remove the IPv4 access list.

This command supports physical or link aggregation interfaces.

The example shows how to apply the access list f1 to egress direction eth-0-9

Switch(config)# interface eth-0-19
Switch(config-if-eth-0-19)# egress f1

Related Commands

ip access-list

TAP Series Switch Command Line Reference

70

5 TAP Commands

5.1 tap-group

Use this command to create a TAP group and enter the tap configuration mode.

TAPNAME

Tap Group Name string, which should begin

with a-z/A-Z, valid characters are 0-9A-Za-z.-

, maximum length is 20 characters.

NUM

Tap Group ID, range 1-512

Use the no form of this command to delete the TAP group.

Command Syntax

tap-group TAPNAME (NUM |)

no tap-group TAPNAME

Command Mode

Global Configuration

Default

None

Usage

Use this command to create a TAP group and enter the tap configuration mode.

Use the no form of this command to delete the TAP group.

This device supports at most 512 TAP groups.

TAP Series Switch Command Line Reference

71

Examples

5.2 description

LINE

TAP group description string, which should
begin with a-z/A-Z, valid characters are 0-9A­Za-z.-, maximum length is 80 characters.

The following example shows how to create a tap-group:

Switch(config)# tap-group tap1
Switch(config-tap-tap1)#

The following example shows how to delete a tap-group:

Switch(config)# no tap-group tap1
Switch(config)#

Related Commands

show tap-group

Use this command to set the description of the TAP group.

Use the no form of this command to delete the description.

Command Syntax

description LINE

no description

Command Mode

configure-tap-view

Default

The TAP group has no description by default.

Usage

Use this command to set the description of the TAP group.

TAP Series Switch Command Line Reference

72

Use the no form of this command to delete the description.

5.3 ingress

IF_NAME

Specify the interface name.

This command supports physical or link
aggregation interfaces.

un-tag

Remove vlan tags of the packets.

Examples

The following example shows how to config description:

Switch(config)# tap-group test001
Switch(config-tap-test001)# description test
Switch(config-tap-test001)#

Related Commands

tap-group

show tap-group

Use this command to add a physical or link aggregation interface to the ingress direction of

the TAP group.

This command can specify Vlan id and edit actions to the packets.

Use the no form of this command to remove the interface.

Command Syntax

ingress IF_NAME (un-tag | un-tag-outer-vlan | un-tag-inner-vlan | mark-source VLAN_ID |)

( truncation |) ( edit-macda MAC_ADDRESS|) ( edit-macsa MAC_ADDRESS |) (edit-ipsa

IP_ADDRESS |) (edit-ipda IP_ADDRESS |)( edit-ipv6sa IPv6_ADDRESS |)( edit-ipv6da

IPv6_ADDRESS |)( edit-vlan VLAN_ID |)

no ingress IF_NAME

ingress IF_NAME flow FLOW_NAME (un-tag | un-tag-outer-vlan | un-tag-inner-vlan |mark-

source VLAN_ID)

no ingress IF_NAME flow FLOW_NAME

TAP Series Switch Command Line Reference

73

un-tag-outer-vlan

Remove outer vlan tag of the packets.

un-tag-inner-vlan

Remove inner vlan tag of the packets.

mark-source VLAN_ID

Specify additional outer vlan id of the
outgoing packets.

The valid range for vlan id is 1 – 4094.

truncation

To truncate the packet.

edit-macda MAC_ADDRESS

Specify the destination mac address of the
outgoing packets in HHHH.HHHH.HHHH
format.

edit-macsa MAC_ADDRESS

Specify the source mac address of the
outgoing packets in HHHH.HHHH.HHHH
format.。

edit-ipsa IP_ADDRESS

Specify the source IP address of the outgoing
packets in A.B.C.D format.。

edit-ipda IP_ADDRESS

Specify the destination IP address of the
outgoing packets in A.B.C.D format.。

edit-vlan VLAN_ID

Specify the vlan id of the outgoing packets.

The valid range for vlan id is 1 – 4094.

edit-ipv6sa IPv6_ADDRESS

Specify the source IPv6 address of the
outgoing packets.

edit-ipv6da IPv6_ADDRESS

Specify the destination IPv6 address of the

outgoing packets.

flow FLOW_NAME

Specify the name of flow to apply to tap
group’s ingress direction.

Command Mode

Default

Usage

configure-tap-view

None

One interface without configuring a flow can only add to one TAP group.

Same interface with and without configuring a flow cannot exist in one TAP group.

Parameters “truncation edit-ipsa” are not supported on CTC5160 (GreatBelt) based switch.

TAP Series Switch Command Line Reference

74

Examples

The following example shows how to add an ingress-interface with mark-source 100:

Switch(config)# tap-group test001
Switch(config-tap-test001)# ingress eth-0-1 mark-source 100
Switch(config-tap-test001)#

The following example shows how to add an ingress-interface with un-tag:

Switch(config)# tap-group test001
Switch(config-tap-test001)# ingress eth-0-1 un-tag
Switch(config-tap-test001)#

The following example shows how to add an ingress-interface with flow flow001:

Switch(config)# tap-group test001
Switch(config-tap-test001)# ingress eth-0-1 flow flow001
Switch(config-tap-test001)#

The following example shows how to add an ingress interface eth-0-1:

Switch(config)# tap-group tap1
Switch(config-tap-tap1)# ingress eth-0-1

The following example shows how to add an ingress interface agg1:

Switch(config)# interface eth-0-2
Switch(config-if-eth-0-2)# static-channel-group 1
Switch(config-if-eth-0-2)# exit
Switch(config)# tap-group tap1
Switch(config-tap-tap1)# ingress agg1

The following example shows how to add an ingress interface eth-0-1 and remark source vlan

id as 300:

Switch(config)# tap-group tap1
Switch(config-tap-tap1)# ingress eth-0-1 mark-source 300

Related Commands

tap-group

egress

TAP Series Switch Command Line Reference

75

5.4 egress

Use this command to add a physical or link aggregation interface to the egress direction of

IF_NAME
Specify the interface name.

This command supports physical or link aggregation interfaces.

the TAP group.

Use the no form of this command to remove the interface.

Command Syntax

egress IF_NAME (timestamp|)

no egress IF_NAME

Command Mode

configure-tap-view

Default

Usage

Examples

None

None

The following example shows how to add an egress-interface eth-0-9:

Switch(config)# tap-group tap1
Switch(config-tap-tap1)# egress eth-0-9

The following example shows how to add an egress-interface agg1:

Switch(config)# interface eth-0-10
Switch(config-if-eth-0-10)# static-channel-group 1
Switch(config)# interface eth-0-11
Switch(config-if-eth-0-11)# static-channel-group 1
Switch(config)# tap-group tap1
Switch(config-tap-tap1)# egress agg1

TAP Series Switch Command Line Reference

76

Related Commands

5.5 show tap-group

TAPNAME

Specify a TAP group name to display.

If the parameter “TAPNAME” is not specified,
the command indicates that all TAP groups on
this device should be displayed.

tap-group

This command displays the TAP group configurations.

Command Syntax

show tap-group (TAPNAME |)

Command Mode

Default

Usage

Examples

Privileged EXEC

None

This command displays the TAP group configurations.

The following example shows the configuration of tap-group:

Switch# show tap-group
truncation : 144
timestamp-over-ether : 0000.0000.0000 0000.0000.0000 0x0000

TAP-group tap1

ID: 1
Ingress:

eth-0-1 flow f1

Egress:

eth-0-9

TAP-group tap2

TAP Series Switch Command Line Reference

77

ID: 2
Ingress:

Egress:

Related Commands

tap-group

ingress

egress

eth-0-21

eth-0-22

TAP Series Switch Command Line Reference

78

6 TIMESTAMP Commands

6.1 timestamp-over-ether

Use this command to configure the TAP timestamp outer header information.

MAC_ADDR_DA

Ethernet destination MAC address

MAC_ADDR_SA

Ethernet source MAC address

ETHTYPE_ID

Ethertype in hexadecimal, range is [0x0-0xffff]

Use the no form of this command to remove the TAP timestamp configuration.

Command Syntax

timestamp-over-ether MAC_ADDR_DA MAC_ADDR_SA ETHTYPE_ID

no timestamp-over-ether

Command Mode

Global Configuration

Default

None

Usage

TAP timestamp is global configuration. TAP timestamp MUST be configured before using the

TAP groups.

This command is not supported on CTC5160 (GreatBelt) based switch.

Examples

The following example shows how to configure timestamp-over-ether

TAP Series Switch Command Line Reference

79

Switch# configure terminal

6.2 show timestamp sync

Switch(config)# timestamp-over-ether 1.1.1 2.2.2 0xff12

The following example shows how add timestamp for packets going out from tap1/interface

eth-0-10:

Switch(config)# tap-group tap1
Switch(config-tap-tap1)# ingress eth-0-1
Switch(config-tap-tap1)# egress eth-0-10 timestamp
Switch(config-tap-tap1)# exit

Related Commands

tap-group

egress

Use this command configure to display timestamp sync information.

Command Syntax

show timestamp sync

Command Mode

Privileged EXEC

Default

None

Usage

This command is not supported on CTC5160 (GreatBelt) based switch.

Examples

The following example shows how to display timestamp information:

DUT1# show timestamp sync
Sync Type : Disabled

TAP Series Switch Command Line Reference

80

Sync Count : 0

6.3 timestamp sync

systime

Use the system time as time source.

none

Use the chip time as time source.

Last Sync Time : Fri Mar 10 09:02:11 2017

Related Commands

timestamp sync

Use this command configure to timestamp sync.

Use the no form of this command to restore the default value.

Command Syntax

timestamp sync (systime | none)

no timestamp sync

Command Mode

Default

Usage

Examples

Global Configuration

The default value is“none”.

When configured systime means sync from system time.

This command is not supported on CTC5160 (GreatBelt) based switch.

The following example shows how to config timestamp sync:

DUT1(config)# timestamp sync systime

TAP Series Switch Command Line Reference

81

Related Commands

show timestamp sync

TAP Series Switch Command Line Reference

82

7 TRUNCATION Commands

7.1 truncation

Use this command to configure the truncation length information.

TRUNCATION_LEN

Truncation length.

Valid range is 64-144.

Use the no form of this command to restore the default value.

Command Syntax

truncation TRUNCATION_LEN

Command Mode

Global Configuration

Default

Truncation length is 144 by default.

Usage

Examples

CRC should be re-calculating after packet is truncated. The truncation length include CRC

field.

This command is not supported on CTC5160 (GreatBelt) based switch.

The following example shows how to set truncation length as 64:

Switch(config)# truncation 64
Enable truncation for TAP group tap1:
Switch(config)# tap-group tap1

TAP Series Switch Command Line Reference

83

Switch(config-tap-tap1)# ingress eth-0-1 truncation
Switch(config-tap-tap1)# egress eth-0-10

Related Commands

tap-group

ingress

TAP Series Switch Command Line Reference

84

8 SSH Commands

8.1 show ip ssh server status

To display the version and configuration data for Secure Shell (SSH), use the show ip ssh

server status command in Privileged EXEC mode.

Command Syntax

show ip ssh server status

Command Mode

Privileged EXEC

Default

None

Usage

Use the show ip ssh server status command to view the version and configuration data.

Examples

The following example shows the current SSH configurations:

Switch# show ip ssh server status

SSH server enabled
Version: v2
Authentication timeout: 33 second(s)
Authentication retries: 6 time(s)
Server key lifetime: 60 minute(s)
Authentication type: password, public-key

TAP Series Switch Command Line Reference

85

Related Commands

8.2 ssh

NAME_STRING

Login name

RSAKEYNAME

Specify key name

L4_PORT_NUM

Port of remote system

SSHPINPROMPTS

Number of password prompts

IP_ADDR

Specify IP address of remote system

STRING

Specify hostname of remote system

ssh

To connect to the remote SSH server, use the ssh command in Privileged EXEC mode.

Command Syntax

ssh -l NAME_STRING(-i RSAKEYNAME|) (-p L4_PORT_NUM|) (-v ( 1| 2) |) (-c (3des|) (des|)

(3des-cbc|) (aes128-cbc|) (aes192-cbc|) aes256-cbc|) (-m (hmac-md5-128|) (hmac-md5-

96|) (hmac-sha1-160|) hmac-sha1-96|) (-o number-of-password-prompts SSHPINPROMPTS

|) (mgmt-if|) ( IP_ADDR| STRING)

Command Mode

Default

Usage

Examples

Privileged EXEC

None

To connect to the remote SSH server, use this command in Privileged EXEC mode.

The following example displays the usage of this command:

Switch# ssh -l aaa 1.1.1.1
aaa@1.1.1.1's password:

TAP Series Switch Command Line Reference

86

Switch#

8.3 ip ssh server enable

8.4 ip ssh server disable

Related Commands

ip ssh server enable

To enable SSH service, use ip ssh server enable command in global configuration mode.

Command Syntax

ip ssh server enable

Command Mode

Global Configuration

Default

SSH service is enabled.

Usage

To enable SSH service, use ip ssh server enable command in global configuration mode.

Examples

The following example enables the SSH service on your switch:

Switch(config)# ip ssh server enable

Related Commands

ip ssh server disable

To disable SSH service, use ip ssh server disable command.

TAP Series Switch Command Line Reference

87

Command Syntax

8.5 ip ssh server version

v1

Support SSH version 1

ip ssh server disable

Command Mode

Global Configuration

Default

SSH service is enabled.

Usage

None

Examples

The following example disable the SSH service on your switch:

Switch(config)# ip ssh server disable

Related Commands

ip ssh server enable

To configure Secure Shell (SSH) version on your switch, use the ip ssh server version

command in global configuration mode.

Use the no form of this command to restore the default value.

Command Syntax

ip ssh server version ( v1 | v2 | all )

no ip ssh server version

TAP Series Switch Command Line Reference

88

v2

Support SSH version 2

all

Support SSH version 1 and 2

Command Mode

8.6 ip ssh server authentication-retries

Default

Usage

Examples

Global Configuration

The default SSH version is v2.

SSH server and client will negotiate about the version when connecting. Server and client

should select a higher version both supported.

The following example shows that only SSH Version 1 support is configured:

Switch(config)# ip ssh server version v1

The following example shows that only SSH Version 2 support is configured:

Switch(config)# ip ssh server version v2

The following example shows that restore the default configuration:

Switch(config)# no ip ssh server version

Related Commands

show ip ssh server status

To configure Secure Shell (SSH) authentication retry times on your switch, use the ip ssh

server authentication-retries command in global configuration mode.

Uses the no form of this command to restore the default value of Secure Shell (SSH)

authentication retry times on your switch

TAP Series Switch Command Line Reference

89

Command Syntax

SSHAUTHRETRIES

Retry times(default: 6)

8.7 ip ssh server authentication-timeout

ip ssh server authentication-retries SSHAUTHRETRIES

no ip ssh server authentication-retries

Command Mode

Global Configuration

Default

The default retry time is 6.

Usage

To configure Secure Shell (SSH) authentication retry times on your switch, use the ip ssh

server authentication-retries command in global configuration mode.

Uses the no form of this command to restore the default value of Secure Shell (SSH)

authentication retry times on your switch

Examples

The following examples configure SSH authentication retry times on your switch:

Switch(config)# ip ssh server authentication-retries 3

The following examples restore SSH authentication retry times to the default value:

Switch(config)# no ip ssh server authentication-retries

Related Commands

show ip ssh server status

To configure Secure Shell (SSH) authentication timeout on your switch, use the ip ssh server

authentication-timeout command in global configuration mode.

TAP Series Switch Command Line Reference

90

Use the no form of this command to restore the default value of Secure Shell (SSH)

SSHAUTHTIMEOUT

Timeout seconds(default: 120)

8.8 ip ssh server authentication-type

authentication timeout on your switch

Command Syntax

ip ssh server authentication-timeout SSHAUTHTIMEOUT

no ip ssh server authentication-timeout

Command Mode

Global Configuration

Default

The default value is 120 seconds.

Usage

None

Examples

The following examples configure SSH authentication timeout on your switch:

Switch(config)# ip ssh server authentication-timeout 100

The following examples restore SSH authentication timeout to default value on your switch:

Switch(config)# no ip ssh server authentication-timeout

Related Commands

show ip ssh server status

To configure Secure Shell (SSH) authentication type on your switch, use the ip ssh server

authentication-type command in global configuration mode.

TAP Series Switch Command Line Reference

91

Use the no form of this command to restore the default value of Secure Shell (SSH)

all

Enable all authentication type

password

Enable password

public-key

Enable public key

rsa

Enable rsa

authentication type on your switch.

Command Syntax

ip ssh server authentication-type ( all | ( password | public-key | rsa ) )

no ip ssh server authentication-type

Command Mode

Default

Usage

Examples

Global Configuration

The default authentication type is public-key and password.

To configure Secure Shell (SSH) authentication type on your switch, use the ip ssh server

authentication-type command in global configuration mode.

Use the no form of this command to restore the default value of Secure Shell (SSH)

authentication type on your switch.

The following examples configure SSH authentication type on your switch:

Switch(config)# ip ssh server authentication-type password

TAP Series Switch Command Line Reference

92

The following examples restore SSH authentication type to default value:

8.9 ip ssh server rekey-interval

SSHREKEYINTVL

Rekey interval(minute(s), default 60)

Switch(config)# no ip ssh server authentication-type

Related Commands

show ip ssh server status

To configure Secure Shell (SSH) rekey interval on your switch, use the ip ssh server rekey-

interval command in global configuration mode.

Use the no form of this command to restore the default value of Secure Shell (SSH) rekey

interval on your switch.

Command Syntax

ip ssh server rekey-interval SSHREKEYINTVL

Command Mode

Default

Usage

no ip ssh server rekey-interval

Global Configuration

The default interval is 60 minutes.

To configure Secure Shell (SSH) rekey interval on your switch, use the ip ssh server rekey-

interval command in global configuration mode.

Use the no form of this command to restore the default value of Secure Shell (SSH) rekey

interval on your switch.

TAP Series Switch Command Line Reference

93

Examples

8.10 ip ssh server host-key

RSAKEYNAME

Key Name

The following examples configure SSH rekey interval on your switch:

Switch(config)# ip ssh server rekey-interval 30

The following examples restore SSH rekey interval to default value:

Switch(config)# no ip ssh server rekey-interval

Related Commands

show ip ssh server status

To configure Secure Shell (SSH) host-key on your switch, use the ip ssh server host-key rsa key

command in global configuration mode.

Use the no form of this command to restore the default value of Secure Shell (SSH) host-key

on your switch.

Command Syntax

ip ssh server host-key rsa key RSAKEYNAME

no ip ssh server host-key

Command Mode

Global Configuration

Default

There is no host-key by default.

Usage

To configure Secure Shell (SSH) host-key on your switch, use the ip ssh server host-key rsa key

command in global configuration mode.

TAP Series Switch Command Line Reference

94

Use the no form of this command to restore the default value of Secure Shell (SSH) host-key

on your switch.

Examples

The following example shows how to configure SSH host key on the switch:

Switch(config)# ip ssh server host-key rsa key KEY1

The following example shows how to remove SSH host key on the switch:

Switch(config)# no ip ssh server host-key

Related Commands

show ip ssh server status

TAP Series Switch Command Line Reference

95

9 LACP Commands

9.1 show channel-group

Use show channel-group summary command to display a summary of all of the channel

AGG_GID

Channel group id. Valid minimum ID is 1. Valid
maximum id is defined as blow:

for CTC5160 (GreatBelt) based system: 31.

for CTC8096(GoldenGate) based system: 55

groups, or a specified channel group. Use show channel-group detail command to display

detailed information of all of the channel groups, or a specified channel group. Use show

channel-group port command to display port information of all of the channel groups, or a

specified channel group.

Command Syntax

show channel-group (AGG_GID|) (summary| detail| port)

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to display the channel group information.

If the AGG_GID is not specified, this command indicates that all channel groups on this

device should be shown.

TAP Series Switch Command Line Reference

96

Examples

This example shows how to display detailed information of the channel group 10:

Switch# show channel-group 10 detail

Group: 10

---------------------------­Mode : switch
Ports : 2 Maxports : 16
Bundle Ports : 0
Protocol : static

Port : eth-0-3

----------------------------

State : Down Out-Bundle
Channel group : 10
Protocol : static
Port index : 3

Port : eth-0-4

----------------------------

State : Down Out-Bundle
Channel group : 10
Protocol : static
Port index : 4

This example shows how to display information of all channel groups:

Switch# show channel-group summary
port-channel load-balance hash-arithmetic: xor
port-channel load-balance tunnel-hash-mode: both
Port-channel load-balance hash-field-select:

src-ip dst-ip src-port-l4 dst-port-l4

Flags: s - suspend T - standby

w - wait B - in Bundle
R - Layer3 S - Layer2
D - down/admin down U - in use

Mode: SLB - static load balance

DLB - dynamic load balance
RR - round robin load balance

Aggregator Mode Protocol Ports

----------+----+--------+----------------------------------------------------

agg5(SD) SLB Static eth-0-5(D)
agg10(SD) SLB Static eth-0-3(D) eth-0-4(D)
This example shows how to display summary information of the channel group 10:
Switch# show channel-group 10 summary
port-channel load-balance hash-arithmetic: xor
port-channel load-balance tunnel-hash-mode: both
Port-channel load-balance hash-field-select:

src-ip dst-ip src-port-l4 dst-port-l4

TAP Series Switch Command Line Reference

97

Flags: s - suspend T - standby

9.2 show channel-group interface

IF_NAME

Specify the interface name to show.

This command supports physical interfaces.

Mode: SLB - static load balance

Aggregator Mode Protocol Ports

----------+----+--------+----------------------------------------------------

agg10(SD) SLB Static eth-0-3(D) eth-0-4(D)

Related Commands

static-channel-group

Use this command to display interface link stats of the channel groups.

w - wait B - in Bundle
R - Layer3 S - Layer2
D - down/admin down U - in use

DLB - dynamic load balance
RR - round robin load balance

Command Syntax

show channel-group interface IF_NAME

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to display interface link stats of the channel groups.

Examples

This example shows how to display interface link stats of the channel groups:

TAP Series Switch Command Line Reference

98

Switch# show channel-group interface eth-0-3

9.3 show port-channel load-balance

Port : eth-0-3

---------------------------­State : Down Out-Bundle
Channel group : 10
Protocol : static
Port index : 3

Related Commands

static-channel-group

Use this command to show the load balance type for the Link Aggregation Control Protocol

(LACP).

Command Syntax

show port-channel load-balance

Command Mode

Default

Usage

Examples

Privileged EXEC

None

Use this command to show the load balance type for the Link Aggregation Control Protocol

(LACP)

This example shows the load balance type for the Link Aggregation:

Switch# show port-channel load-balance
Port-channel load-balance hash fields:

--------------------------------------

src-ip
dst-ip

TAP Series Switch Command Line Reference

99

src-port-l4

9.4 no port-channel

AGG_GID

Channel group id. Valid minimum ID is 1. Valid
maximum id is defined as blow:

for CTC5160 (GreatBelt) based system: 31.

for CTC8096(GoldenGate) based system: 55

dst-port-l4

Related Commands

port-channel load-balance set

Use this command to set port-channel load balance mode to default static mode which is

supported at CTC8096 (GoldenGate) based switch.

Command Syntax

no port-channel AGG_GID load-balance-mode

Command Mode

Global Configuration

Default

Static mode

Usage

This command is not supported on CTC5160 (GreatBelt) based switch.

Examples

This example shows how to set port-channel load balance mode to the default setting:

Switch(config)# no port-channel 9 load-balance-mode

Related Commands

port-channel load-balance-mode

TAP Series Switch Command Line Reference

100

9.5 port-channel load-balance-mode

Use this command to set port-channel load balance mode from static to round-robin 。

AGG_GID

Channel group id. Valid minimum ID is 1. Valid
maximum id is 55.

9.6 port-channel load-balance hash-arithmetic

Command Syntax

port-channel AGG_GID load-balance-mode round-robin

Command Mode

Global Configuration

Default

Round-robin is disabled by default.

Usage

Set port-channel load balance mode to round-robin.

This command is not supported on CTC5160 (GreatBelt) based switch.

Examples

This example shows how to set port-channel load balance mode to round-robin:

Switch(config)# port-channel 9 load-balance-mode round-robin

Related Commands

no port-channel

Use this command to configure the load balance hash algorithm for the Link Aggregation

Control Protocol (LACP).

Use the no form of this command to restore the default value.