AT8404 CLI Reference Manual
AdvancedTCA
M5307_TECH_2 Manual ID
2.06 Revision Index
19 March, 2010 Date of Issue
Revision History
Publication Title: AT8404 CLI Reference Manual
ID Number: M5307_TECH_2
Rev.
Index
2.00 First Release for AT8404 04 Sept. 2007
2.01 Update commands to FASTPATH 5.0.1.9 19 Dec. 2007
2.02 Update for FASTPATH 5.2, BETA Manual 15 May, 2009
2.03 Final Manual for FASTPATH 5.2 28 July, 2009
2.04 Remove sntp multicast commands, add stratum3 accurency to set
board clock commands, add comment for clear config command
2.05 Remove download frudata, download fwum commands 23 Nov, 2009
2.06 Editorial changes, remove chapter 4.7 “keying for advanced
feaures”, fixed errors in chapter 5.16,
Brief Description of Changes Date of Issue
13 Nov, 2009
19 Mar, 2010
Imprint
Kontron AG may be contacted via the following:
North America EMEA
Kontron Canada, Inc. Kontron Modular Computers GmbH
4555 Ambroise-Lafortune Sudetenstrasse 7
Boisbriand, Québec 87600 Kaufbeuren
J7H 0A4 Canada Germany
Tel: (450) 437-5682 +49 (0) 8341 803 333
(800) 354-4223
Fax: (450) 437-8053 +49 (0) 8341 803 339
E-mail: support@ca.kontron.com support-kom@kontron.com
For further information about Kontron AG, our products or services, please visit our Internet
web site: www.kontron.com
Disclaimer
Copyright © 2006 Kontron AG. All rights reserved. All data is for information purposes only and not guaranteed for
legal purposes. Information has been carefully checked and is believed to be accurate; however, no responsibility
is assumed for inaccuracies. Kontron and the Kontron logo and all other trademarks or registered trademarks are
the property of their respective owners and are recognized. Specifications are subject to change without notice.
AT8404 Preface
About This Book
This document describes command-line interface (CLI) commands you use to view and configure FASTPATH
software. You can access the CLI by using a direct connection to the serial port or by using telnet or SSH over a
remote network connection.
This document is for system administrators who configure and operate systems using FASTPATH software. It
provides an understanding of the configuration options of the FASTPATH software.
Software engineers who integrate FASTPATH software into their hardware platform can also benefit from a
description of the configuration options.
This document assumes that the reader has an understanding of the FASTPATH software base and has read the
appropriate specification for the relevant networking device platform. It also assumes that the reader has a basic
knowledge of Ethernet and networking concepts.
How to Use This Document
Chapter 1 “Using the Command-Line Interface” details the procedure to quickly become acquainted with the
FASTPATH software.
Note: Refer to the release notes for the FASTPATH application level code. The release notes
detail the platform specific functionality of the Switching, Routing, SNMP, Config, Management,
and Bandwidth Provisioning packages. The suite of features supported by the FASTPATH
packages are not available on all the platforms to which FASTPATH has been ported.
Proprietary Note
This document contains information proprietary to Kontron Modular Computers GmbH. It may not be copied or
transmitted by any means, disclosed to others, or stored in any retrieval system or media without the prior written
consent of Kontron Modular Computers GmbH or one of its authorized agents.
The information contained in this document is, to the best of our knowledge, entirely correct. However, Kontron
Modular Computers GmbH cannot accept liability for any inaccuracies or the consequences thereof, or for any
liability arising from the use or application of any circuit, product, or example shown in this document.
Kontron Modular Computers GmbH reserves the right to change, modify, or improve this document or the product
described herein, as seen fit by Kontron Modular Computers GmbH without further notice.
Trademarks
Broadcom®, the pulse logo, Connecting everything®, the Connecting everything logo, and FASTPATH® are among
the trademarks of Broadcom Corporation and/or its affiliates in the United States, certain other countries and/or the
EU. Any other trademarks or trade names mentioned are the property of their respective owners.
Linux is a registered trademark of Linus Torvalds.
RedHat is a registered trademark of RedHat
Kontron Modular Computers GmbH and the Kontron Logo are trade marks owned by Kontron Modular Computers
GmbH, Kaufbeuren (Germany). In addition, this document may include names, company logos and trademarks,
which are registered trademarks and, therefore, proprietary to their respective owners.
Page iii AT8404 CLI Reference Manual
Preface AT8404
Environmental Protection Statement
This product has been manufactured to satisfy environmental protection requirements where possible. Many of the
components used (structural parts, printed circuit boards, connectors, batteries, etc.) are capable of being recycled.
Final disposition of this product after its service life must be accomplished in accordance with applicable country,
state, or local laws or regulations.
Explanation of Symbols
CE Conformity
This symbol indicates that the product described in this manual is in compliance with all
applied CE standards. Please refer also to the section “Applied Standards” in this manual.
Caution, Electric Shock!
This symbol and title warn of hazards due to electrical shocks (> 60V) when touching products
or parts of them. Failure to observe the precautions indicated and/or prescribed by the law may
endanger your life/health and/or result in damage to your material.
Please refer also to the section “High Voltage Safety Instructions” on the following page.
Warning, ESD Sensitive Device!
This symbol and title inform that electronic boards and their components are sensitive to static
electricity. Therefore, care must be taken during all handling operations and inspections of this
product, in order to ensure product integrity at all times.
Please read also the section “Special Handling and Unpacking Instructions” on the following
page.
Warning!
This symbol and title emphasize points which, if not fully understood and taken into consideration by the reader, may endanger your health and/or result in damage to your material.
Note...
This symbol and title emphasize aspects the reader should read through carefully for his or her
own advantage.
For Your Safety
Your new Kontron product was developed and tested carefully to provide all features necessary to ensure its
compliance with electrical safety requirements. It was also designed for a long fault-free life. However, the life
expectancy of your product can be drastically reduced by improper treatment during unpacking and installation.
Therefore, in the interest of your own safety and of the correct operation of your new Kontron product, you are
requested to conform with the following guidelines.
High Voltage Safety Instructions
Warning!
All operations on this device must be carried out by sufficiently skilled personnel only.
AT8404 CLI Reference Manual Page iv
AT8404 Preface
Caution, Electric Shock!
Indicates that you must enter a value in place of the brackets and text inside them. Before
installing your new Kontron product into a system always ensure that your mains power is
switched off. This applies also to the installation of piggybacks.
Serious electrical shock hazards can exist during all installation, repair and maintenance operations with this product. Therefore, always unplug the power cable and any other cables which
provide external voltages before performing work.
Special Handling and Unpacking Instructions
ESD Sensitive Device!
Electronic boards and their components are sensitive to static electricity. Therefore, care must
be taken during all handling operations and inspections of this product, in order to ensure product integrity at all times.
Do not handle this product out of its protective enclosure while it is not used for operational purposes unless it is
otherwise protected.
Whenever possible, unpack or pack this product only at EOS/ESD safe work stations. Where a safe work station is
not guaranteed, it is important for the user to be electrically discharged before touching the product with his/her
hands or tools. This is most easily done by touching a metal part of your system housing.
It is particularly important to observe standard anti-static precautions when changing piggybacks, ROM devices,
jumper settings etc. If the product contains batteries for RTC or memory back-up, ensure that the board is not placed
on conductive surfaces, including anti-static plastics or sponges. They can cause short circuits and damage the
batteries or conductive circuits on the board.
General Instructions on Usage
In order to maintain Kontron’s product warranty, this product must not be altered or modified in any way. Changes
or modifications to the device, which are not explicitly approved by Kontron Modular Computers GmbH and
described in this manual or received from Kontron’s Technical Support as a special handling instruction, will void
your warranty.
This device should only be installed in or connected to systems that fulfill all necessary technical and specific
environmental requirements. This applies also to the operational temperature range of the specific board version,
which must not be exceeded. If batteries are present their temperature restrictions must be taken into account.
In performing all necessary installation and application operations, please follow only the instructions supplied by
the present manual.
Keep all the original packaging material for future storage or warranty shipments. If it is necessary to store or ship
the board please re-pack it as nearly as possible in the manner in which it was delivered.
Special care is necessary when handling or unpacking the product. Please, consult the special handling and
unpacking instruction on the previous page of this manual.
Two Year Warranty
Kontron Modular Computers GmbH grants the original purchaser of Kontron’s products a two year limited hardware
warranty as described in the following. However, no other warranties that may be granted or implied by anyone on
behalf of Kontron are valid unless the consumer has the express written consent of Kontron Modular Computers
GmbH.
Page v AT8404 CLI Reference Manual
Preface AT8404
Kontron Modular Computers GmbH warrants their own products, excluding software, to be free from manufacturing
and material defects for a period of 24 consecutive months from the date of purchase. This warranty is not
transferable nor extendible to cover any other users or long-term storage of the product. It does not cover products
which have been modified, altered or repaired by any other party than Kontron Modular Computers GmbH or their
authorized agents. Furthermore, any product which has been, or is suspected of being damaged as a result of
negligence, improper use, incorrect handling, servicing or maintenance, or which has been damaged as a result of
excessive current/voltage or temperature, or which has had its serial number(s), any other markings or parts thereof
altered, defaced or removed will also be excluded from this warranty.
If the customer’s eligibility for warranty has not been voided, in the event of any claim, he may return the product at
the earliest possible convenience to the original place of purchase, together with a copy of the original document of
purchase, a full description of the application the product is used on and a description of the defect. Pack the product
in such a way as to ensure safe transportation (see our safety instructions).
Kontron provides for repair or replacement of any part, assembly or sub-assembly at their own discretion, or to
refund the original cost of purchase, if appropriate. In the event of repair, refunding or replacement of any part, the
ownership of the removed or replaced parts reverts to Kontron Modular Computers GmbH, and the remaining part
of the original guarantee, or any new guarantee to cover the repaired or replaced items, will be transferred to cover
the new or repaired items. Any extensions to the original guarantee are considered gestures of goodwill, and will be
defined in the “Repair Report” issued by Kontron with the repaired or replaced item.
Kontron Modular Computers GmbH will not accept liability for any further claims resulting directly or indirectly from
any warranty claim, other than the above specified repair, replacement or refunding. In particular, all claims for
damage to any system or process in which the product was employed, or any loss incurred as a result of the product
not functioning at any given time, are excluded. The extent of Kontron Modular Computers GmbH liability to the
customer shall not exceed the original purchase price of the item for which the claim exists.
Kontron Modular Computers GmbH issues no warranty or representation, either explicit or implicit, with respect to
its products’ reliability, fitness, quality, marketability or ability to fulfil any particular application or purpose. As a
result, the products are sold “as is,” and the responsibility to ensure their suitability for any given task remains that
of the purchaser. In no event will Kontron be liable for direct, indirect or consequential damages resulting from the
use of our hardware or software products, or documentation, even if Kontron were advised of the possibility of such
claims prior to the purchase of the product or during any period since the date of its purchase.
Please remember that no Kontron Modular Computers GmbH employee, dealer or agent is authorized to make any
modification or addition to the above specified terms, either verbally or in any other form, written or electronically
transmitted, without the company’s consent.
AT8404 CLI Reference Manual Page vi
AT8404
Chapter
1
Chapter
2
Revision History .........................................................................................................ii
Imprint ........................................................................................................................ii
Disclaimer ..................................................................................................................ii
About This Book ........................................................................................................iii
How to Use This Document ..................................................................................iii
Proprietary Note ........................................................................................................iii
Trademarks ...............................................................................................................iii
Environmental Protection Statement ........................................................................iv
Explanation of Symbols ............................................................................................iv
For Your Safety .........................................................................................................iv
High Voltage Safety Instructions ...........................................................................iv
Special Handling and Unpacking Instructions .......................................................v
General Instructions on Usage ..............................................................................v
Two Year Warranty ....................................................................................................v
1. Using the Command-Line Interface ............................................................. 1 - 2
1.1 Command Syntax .................................................................................... 1 - 2
1.2 Command Conventions ........................................................................... 1 - 2
1.3 Common Parameter Values .................................................................... 1 - 3
1.4 Slot/Port Naming Convention .................................................................. 1 - 4
1.5 Using the “No” Form of a Command ....................................................... 1 - 4
1.6 FASTPATH Modules ................................................................................ 1 - 4
1.7 Command Modes .................................................................................... 1 - 5
1.8 Command Completion and Abbreviation ................................................ 1 - 7
1.9 CLI Error Messages ................................................................................ 1 - 7
1.10 CLI Line-Editing Conventions .................................................................. 1 - 7
1.11 Using CLI Help ........................................................................................ 1 - 8
1.12 Accessing the CLI ................................................................................... 1 - 8
2. Switching Commands .................................................................................. 2 - 2
Page vii AT8404 CLI Reference Manual
AT8404
2.1 Port Configuration Commands ................................................................2 - 2
2.1.1 interface ........................................................................................2 - 3
2.1.2 auto-negotiate ...............................................................................2 - 3
2.1.3 auto-negotiate all ..........................................................................2 - 3
2.1.4 advertise speed ............................................................................2 - 3
2.1.5 show advertise speed ...................................................................2 - 4
2.1.6 block .............................................................................................2 - 4
2.1.7 description ....................................................................................2 - 4
2.1.8 mtu ................................................................................................2 - 4
2.1.9 shutdown ......................................................................................2 - 5
2.1.10 shutdown all ..................................................................................2 - 5
2.1.11 speed ............................................................................................2 - 6
2.1.12 speed all .......................................................................................2 - 6
2.1.13 show port ......................................................................................2 - 6
2.1.14 show port protocol ........................................................................2 - 7
2.2 Spanning Tree Protocol (STP) Commands ..............................................2 - 7
2.2.1 spanning-tree ................................................................................2 - 7
2.2.2 spanning-tree bpdufilter ................................................................2 - 8
2.2.3 spanning-tree bpdufilter default ....................................................2 - 8
2.2.4 spanning-tree bpduflood ...............................................................2 - 8
2.2.5 spanning-tree bpduguard .............................................................2 - 9
2.2.6 spanning-tree bpdumigrationcheck ..............................................2 - 9
2.2.7 spanning-tree configuration name ................................................2 - 9
2.2.8 spanning-tree configuration revision .............................................2 - 9
2.2.9 spanning-tree edgeport ..............................................................2 - 10
2.2.10 spanning-tree forceversion .........................................................2 - 10
2.2.11 spanning-tree forward-time .........................................................2 - 11
2.2.12 spanning-tree hello-time ............................................................. 2 - 11
2.2.13 spanning-tree max-age ...............................................................2 - 11
2.2.14 spanning-tree max-hops .............................................................2 - 12
2.2.15 spanning-tree mst .......................................................................2 - 12
2.2.16 spanning-tree mst instance ........................................................2 - 13
2.2.17 spanning-tree mst priority ...........................................................2 - 13
2.2.18 spanning-tree mst vlan ...............................................................2 - 14
2.2.19 spanning-tree port mode ............................................................2 - 14
2.2.20 spanning-tree port mode all ........................................................2 - 15
2.2.21 spanning-tree port-state .............................................................2 - 15
2.2.22 spanning-tree rootguard .............................................................2 - 15
2.2.23 show spanning-tree ....................................................................2 - 16
2.2.24 show spanning-tree brief ............................................................2 - 16
2.2.25 show spanning-tree interface .....................................................2 - 17
2.2.26 show spanning-tree mst port detailed .........................................2 - 17
2.2.27 show spanning-tree mst port summary ......................................2 - 19
2.2.28 show spanning-tree mst summary ..............................................2 - 19
2.2.29 show spanning-tree summary ....................................................2 - 20
2.2.30 show spanning-tree vlan .............................................................2 - 20
AT8404 CLI Reference Manual Page viii
AT8404
2.3 VLAN Commands ................................................................................. 2 - 20
2.3.1 vlan database ............................................................................. 2 - 20
2.3.2 network mgmt_vlan .................................................................... 2 - 21
2.3.3 vlan ............................................................................................ 2 - 21
2.3.4 vlan acceptframe ........................................................................ 2 - 21
2.3.5 vlan ingressfilter ......................................................................... 2 - 22
2.3.6 vlan makestatic .......................................................................... 2 - 22
2.3.7 vlan name .................................................................................. 2 - 22
2.3.8 vlan participation ........................................................................ 2 - 23
2.3.9 vlan participation all .................................................................... 2 - 23
2.3.10 vlan port acceptframe all ............................................................ 2 - 23
2.3.11 vlan port ingressfilter all ............................................................. 2 - 24
2.3.12 vlan port pvid all ......................................................................... 2 - 24
2.3.13 vlan port tagging all .................................................................... 2 - 25
2.3.14 vlan protocol group .................................................................... 2 - 25
2.3.15 vlan protocol group add protocol ................................................ 2 - 25
2.3.16 vlan protocol group remove ....................................................... 2 - 26
2.3.17 protocol group ............................................................................ 2 - 26
2.3.18 protocol vlan group .................................................................... 2 - 26
2.3.19 protocol vlan group all ................................................................ 2 - 26
2.3.20 vlan pvid ..................................................................................... 2 - 27
2.3.21 vlan tagging ................................................................................ 2 - 27
2.3.22 vlan association subnet .............................................................. 2 - 27
2.3.23 vlan association mac .................................................................. 2 - 28
2.3.24 show vlan ................................................................................... 2 - 28
2.3.25 show vlan brief ........................................................................... 2 - 29
2.3.26 show vlan port ............................................................................ 2 - 29
2.3.27 show vlan association subnet .................................................... 2 - 30
2.3.28 show vlan association mac ........................................................ 2 - 30
2.4 Double VLAN Commands ..................................................................... 2 - 30
2.4.1 dvlan-tunnel ethertype ............................................................... 2 - 30
2.4.2 mode dot1q-tunnel ..................................................................... 2 - 31
2.4.3 mode dvlan-tunnel ..................................................................... 2 - 31
2.4.4 show dot1q-tunnel ...................................................................... 2 - 31
2.4.5 show dvlan-tunnel ...................................................................... 2 - 32
2.5 Voice VLAN Commands ........................................................................ 2 - 32
2.5.1 voice vlan (Global Config) .......................................................... 2 - 32
2.5.2 voice vlan (Interface Config) ...................................................... 2 - 33
2.5.3 voice vlan data priority ............................................................... 2 - 33
2.5.4 show voice vlan .......................................................................... 2 - 33
2.6 Provisioning (IEEE 802.1p) Commands ................................................ 2 - 34
2.6.1 vlan port priority all ..................................................................... 2 - 34
2.6.2 vlan priority ................................................................................. 2 - 34
2.7 Protected Ports Commands .................................................................. 2 - 34
2.7.1 switchport protected (Global Config) .......................................... 2 - 35
Page ix AT8404 CLI Reference Manual
AT8404
2.7.2 switchport protected (Interface Config) .......................................2 - 35
2.7.3 show switchport protected ..........................................................2 - 36
2.7.4 show interfaces switchport .........................................................2 - 36
2.8 GARP Commands .................................................................................2 - 36
2.8.1 set garp timer join .......................................................................2 - 36
2.8.2 set garp timer leave ....................................................................2 - 37
2.8.3 set garp timer leaveall ................................................................2 - 37
2.8.4 show garp ...................................................................................2 - 38
2.9 GVRP Commands .................................................................................2 - 38
2.9.1 set gvrp adminmode ...................................................................2 - 38
2.9.2 set gvrp interfacemode ...............................................................2 - 38
2.9.3 show gvrp configuration ..............................................................2 - 39
2.10 GMRP Commands .................................................................................2 - 39
2.10.1 set gmrp adminmode ..................................................................2 - 40
2.10.2 set gmrp interfacemode ..............................................................2 - 40
2.10.3 show gmrp configuration ............................................................2 - 40
2.10.4 show mac-address-table gmrp ...................................................2 - 41
2.11 Port-Based Network Access Control Commands ..................................2 - 41
2.11.1 authentication login .....................................................................2 - 41
2.11.2 clear dot1x statistics ...................................................................2 - 42
2.11.3 clear radius statistics ..................................................................2 - 42
2.11.4 dot1x default-login ......................................................................2 - 42
2.11.5 dot1x guest-vlan .........................................................................2 - 43
2.11.6 dot1x initialize .............................................................................2 - 43
2.11.7 dot1x login ..................................................................................2 - 43
2.11.8 dot1x max-req .............................................................................2 - 43
2.11.9 dot1x max-users .........................................................................2 - 44
2.11.10 dot1x port-control ........................................................................2 - 44
2.11.11 dot1x port-control all ...................................................................2 - 44
2.11.12 dot1x re-authenticate ..................................................................2 - 45
2.11.13 dot1x re-authentication ...............................................................2 - 45
2.11.14 dot1x system-auth-control ..........................................................2 - 45
2.11.15 dot1x timeout ..............................................................................2 - 46
2.11.16 dot1x unauthenticated-vlan ........................................................2 - 47
2.11.17 dot1x user ...................................................................................2 - 47
2.11.18 users defaultlogin .......................................................................2 - 47
2.11.19 users login ..................................................................................2 - 47
2.11.20 show authentication ....................................................................2 - 48
2.11.21 show authentication users ..........................................................2 - 48
2.11.22 show dot1x .................................................................................2 - 48
2.11.23 show dot1x clients ......................................................................2 - 50
2.11.24 show dot1x users ........................................................................2 - 51
2.11.25 show users authentication ..........................................................2 - 51
2.12 Storm-Control Commands .....................................................................2 - 52
2.12.1 storm-control broadcast ..............................................................2 - 52
AT8404 CLI Reference Manual Page x
AT8404
2.12.2 storm-control broadcast level ..................................................... 2 - 52
2.12.3 storm-control broadcast rate ...................................................... 2 - 53
2.12.4 storm-control broadcast all ......................................................... 2 - 53
2.12.5 storm-control broadcast all level ................................................ 2 - 54
2.12.6 storm-control broadcast all rate ................................................. 2 - 54
2.12.7 storm-control multicast ............................................................... 2 - 54
2.12.8 storm-control multicast level ...................................................... 2 - 55
2.12.9 storm-control multicast rate ........................................................ 2 - 55
2.12.10 storm-control multicast all .......................................................... 2 - 56
2.12.11 storm-control multicast all level .................................................. 2 - 56
2.12.12 storm-control multicast all rate ................................................... 2 - 56
2.12.13 storm-control unicast .................................................................. 2 - 57
2.12.14 storm-control unicast level ......................................................... 2 - 57
2.12.15 storm-control unicast rate .......................................................... 2 - 58
2.12.16 storm-control unicast all ............................................................. 2 - 58
2.12.17 storm-control unicast all level ..................................................... 2 - 58
2.12.18 storm-control unicast all rate ...................................................... 2 - 59
2.12.19 storm-control flowcontrol ............................................................ 2 - 59
2.12.20 show storm-control ..................................................................... 2 - 60
2.13 Port-Channel/LAG (802.3ad) Commands ............................................. 2 - 61
2.13.1 port-channel ............................................................................... 2 - 61
2.13.2 addport ....................................................................................... 2 - 61
2.13.3 deleteport (Interface Config) ...................................................... 2 - 62
2.13.4 deleteport (Global Config) .......................................................... 2 - 62
2.13.5 lacp admin key ........................................................................... 2 - 62
2.13.6 lacp collector max-delay ............................................................ 2 - 62
2.13.7 lacp actor admin ......................................................................... 2 - 63
2.13.8 lacp actor admin key .................................................................. 2 - 63
2.13.9 lacp actor admin state ................................................................ 2 - 63
2.13.10 lacp actor admin state individual ................................................ 2 - 64
2.13.11 lacp actor admin state longtimeout ............................................ 2 - 64
2.13.12 lacp actor admin state passive ................................................... 2 - 65
2.13.13 lacp actor port ............................................................................ 2 - 65
2.13.14 lacp actor port priority ................................................................ 2 - 65
2.13.15 lacp actor system priority ........................................................... 2 - 65
2.13.16 lacp partner admin key ............................................................... 2 - 66
2.13.17 lacp partner admin state ............................................................. 2 - 66
2.13.18 lacp partner admin state individual ............................................. 2 - 67
2.13.19 lacp partner admin state longtimeout ......................................... 2 - 67
2.13.20 lacp partner admin state passive ............................................... 2 - 67
2.13.21 lacp partner port id ..................................................................... 2 - 68
2.13.22 lacp partner port priority ............................................................. 2 - 68
2.13.23 lacp partner system-id ................................................................ 2 - 69
2.13.24 lacp partner system priority ........................................................ 2 - 69
2.13.25 port-channel static ...................................................................... 2 - 69
2.13.26 port lacpmode ............................................................................ 2 - 70
Page xi AT8404 CLI Reference Manual
AT8404
2.13.27 port lacpmode all ........................................................................2 - 70
2.13.28 port lacptimeout (Interface Config) .............................................2 - 70
2.13.29 port lacptimeout (Global Config) .................................................2 - 71
2.13.30 port-channel adminmode ............................................................2 - 71
2.13.31 port-channel linktrap ...................................................................2 - 72
2.13.32 port-channel load-balance ..........................................................2 - 72
2.13.33 port-channel hash multicast ........................................................2 - 73
2.13.34 port-channel name ......................................................................2 - 73
2.13.35 port-channel system priority .......................................................2 - 73
2.13.36 show lacp actor ...........................................................................2 - 73
2.13.37 show lacp partner .......................................................................2 - 74
2.13.38 show port-channel brief ..............................................................2 - 74
2.13.39 show port-channel ......................................................................2 - 75
2.13.40 show port-channel system priority ..............................................2 - 75
2.13.41 show port-channel hash multicast ..............................................2 - 75
2.14 Port Mirroring .........................................................................................2 - 75
2.14.1 monitor session ..........................................................................2 - 75
2.14.2 no monitor ...................................................................................2 - 76
2.14.3 show monitor session .................................................................2 - 76
2.15 Static MAC Filtering ...............................................................................2 - 77
2.15.1 macfilter ......................................................................................2 - 77
2.15.2 macfilter adddest ........................................................................2 - 78
2.15.3 macfilter adddest all ....................................................................2 - 78
2.15.4 macfilter addsrc ..........................................................................2 - 78
2.15.5 macfilter addsrc all ......................................................................2 - 79
2.15.6 show mac-address-table static ...................................................2 - 79
2.15.7 show mac-address-table staticfiltering .......................................2 - 80
2.16 DHCP Snooping Configuration Commands ...........................................2 - 80
2.16.1 ip dhcp snooping ........................................................................2 - 80
2.16.2 ip dhcp snooping vlan .................................................................2 - 80
2.16.3 ip dhcp snooping verify mac-address .........................................2 - 81
2.16.4 ip dhcp snooping database .........................................................2 - 81
2.16.5 ip dhcp snooping database write-delay ......................................2 - 81
2.16.6 ip dhcp snooping binding ............................................................2 - 82
2.16.7 ip verify binding ...........................................................................2 - 82
2.16.8 ip dhcp snooping limit .................................................................2 - 82
2.16.9 ip dhcp snooping log-invalid .......................................................2 - 83
2.16.10 ip dhcp snooping trust ................................................................2 - 83
2.16.11 ip verify source ...........................................................................2 - 83
2.16.12 show ip dhcp snooping ...............................................................2 - 84
2.16.13 show ip dhcp snooping binding ..................................................2 - 84
2.16.14 show ip dhcp snooping database ...............................................2 - 85
2.16.15 show ip dhcp snooping statistics ................................................2 - 85
2.16.16 clear ip dhcp snooping binding ...................................................2 - 86
2.16.17 clear ip dhcp snooping statistics .................................................2 - 86
AT8404 CLI Reference Manual Page xii
AT8404
2.16.18 show ip verify source ................................................................. 2 - 86
2.16.19 show ip source binding .............................................................. 2 - 87
2.17 Dynamic ARP Inspection Commands ................................................... 2 - 88
2.17.1 ip arp inspection vlan ................................................................. 2 - 88
2.17.2 ip arp inspection validate ........................................................... 2 - 88
2.17.3 ip arp inspection vlan logging ..................................................... 2 - 88
2.17.4 ip arp inspection trust ................................................................. 2 - 89
2.17.5 ip arp inspection limit ................................................................. 2 - 89
2.17.6 ip arp inspection filter ................................................................. 2 - 90
2.17.7 arp access-list ............................................................................ 2 - 90
2.17.8 permit ip host mac host .............................................................. 2 - 90
2.17.9 show ip arp inspection ............................................................... 2 - 91
2.17.10 show ip arp inspection statistics ................................................. 2 - 91
2.17.11 clear ip arp inspection statistics ................................................. 2 - 92
2.17.12 show ip arp inspection interfaces ............................................... 2 - 92
2.17.13 show arp access-list ................................................................... 2 - 93
2.18 IGMP Snooping Configuration Commands ........................................... 2 - 93
2.18.1 set igmp ..................................................................................... 2 - 93
2.18.2 set igmp interfacemode .............................................................. 2 - 94
2.18.3 set igmp fast-leave ..................................................................... 2 - 95
2.18.4 set igmp groupmembership-interval ........................................... 2 - 95
2.18.5 set igmp maxresponse ............................................................... 2 - 96
2.18.6 set igmp mcrtrexpiretime ............................................................ 2 - 96
2.18.7 set igmp mrouter ........................................................................ 2 - 97
2.18.8 set igmp mrouter interface ......................................................... 2 - 97
2.18.9 show igmpsnooping ................................................................... 2 - 97
2.18.10 show igmpsnooping mrouter interface ....................................... 2 - 98
2.18.11 show igmpsnooping mrouter vlan .............................................. 2 - 99
2.18.12 show mac-address-table igmpsnooping ..................................... 2 - 99
2.19 IGMP Snooping Querier Commands .................................................... 2 - 99
2.19.1 set igmp querier ....................................................................... 2 - 100
2.19.2 set igmp querier query-interval ................................................ 2 - 100
2.19.3 set igmp querier timer expiry .................................................... 2 - 101
2.19.4 set igmp querier version ........................................................... 2 - 101
2.19.5 set igmp querier election participate ........................................ 2 - 101
2.19.6 show igmpsnooping querier ..................................................... 2 - 102
2.20 MLD Snooping Commands ................................................................. 2 - 102
2.20.1 set mld ..................................................................................... 2 - 103
2.20.2 set mld interfacemode .............................................................. 2 - 103
2.20.3 set mld fast-leave ..................................................................... 2 - 104
2.20.4 set mld groupmembership-interval ........................................... 2 - 104
2.20.5 set mld maxresponse ............................................................... 2 - 105
2.20.6 set mld mcrtexpiretime ............................................................. 2 - 105
2.20.7 set mld mrouter ........................................................................ 2 - 105
2.20.8 set mld mrouter interface ......................................................... 2 - 106
Page xiii AT8404 CLI Reference Manual
AT8404
2.20.9 show mldsnooping ....................................................................2 - 106
2.20.10 show mldsnooping mrouter interface ........................................2 - 107
2.20.11 show mldsnooping mrouter vlan ...............................................2 - 107
2.20.12 show mac-address-table mldsnooping .....................................2 - 107
2.21 MLD Snooping Querier Commands .....................................................2 - 108
2.21.1 set mld querier ..........................................................................2 - 108
2.21.2 set mld querier query_interval ..................................................2 - 108
2.21.3 set mld querier timer expiry ......................................................2 - 109
2.21.4 set mld querier election participate ...........................................2 - 109
2.21.5 show mldsnooping querier ........................................................2 - 110
2.22 Port Security Commands ..................................................................... 2 - 111
2.22.1 port-security .............................................................................. 2 - 111
2.22.2 port-security max-dynamic ....................................................... 2 - 111
2.22.3 port-security max-static ............................................................ 2 - 111
2.22.4 port-security mac-address ........................................................2 - 112
2.22.5 port-security mac-address move ..............................................2 - 112
2.22.6 show port-security ....................................................................2 - 112
2.22.7 show port-security dynamic ......................................................2 - 113
2.22.8 show port-security static ........................................................... 2 - 113
2.22.9 show port-security violation ......................................................2 - 113
2.23 LLDP (802.1AB) Commands ...............................................................2 - 113
2.23.1 lldp transmit ..............................................................................2 - 113
2.23.2 lldp receive ...............................................................................2 - 114
2.23.3 lldp timers .................................................................................2 - 114
2.23.4 lldp transmit-tlv .........................................................................2 - 114
2.23.5 lldp transmit-mgmt .................................................................... 2 - 115
2.23.6 lldp notification .......................................................................... 2 - 115
2.23.7 lldp notification-interval ............................................................. 2 - 116
2.23.8 clear lldp statistics .................................................................... 2 - 116
2.23.9 clear lldp remote-data ...............................................................2 - 116
2.23.10 show lldp ...................................................................................2 - 116
2.23.11 show lldp interface ....................................................................2 - 117
2.23.12 show lldp statistics ....................................................................2 - 117
2.23.13 show lldp remote-device ...........................................................2 - 118
2.23.14 show lldp remote-device detail ................................................. 2 - 118
2.23.15 show lldp local-device ...............................................................2 - 119
2.23.16 show lldp local-device detail .....................................................2 - 120
2.24 LLDP-MED Commands .......................................................................2 - 120
2.24.1 lldp med ....................................................................................2 - 120
2.24.2 lldp med confignotification ........................................................2 - 121
2.24.3 lldp med transmit-tlv .................................................................2 - 121
2.24.4 lldp med all ...............................................................................2 - 122
2.24.5 lldp med confignotification all ....................................................2 - 122
2.24.6 lldp med faststartrepeatcount ...................................................2 - 122
2.24.7 lldp med transmit-tlv all .............................................................2 - 122
AT8404 CLI Reference Manual Page xiv
AT8404
2.24.8 show lldp med .......................................................................... 2 - 123
2.24.9 show lldp med interface ........................................................... 2 - 123
2.24.10 show lldp med local-device detail ............................................. 2 - 124
2.24.11 show lldp med remote-device .................................................. 2 - 125
2.24.12 show lldp med remote-device detail ......................................... 2 - 125
2.25 Denial of Service Commands .............................................................. 2 - 126
2.25.1 dos-control all ........................................................................... 2 - 127
2.25.2 dos-control sipdip ..................................................................... 2 - 127
2.25.3 dos-control firstfrag .................................................................. 2 - 127
2.25.4 dos-control tcpfrag ................................................................... 2 - 128
2.25.5 dos-control tcpflag .................................................................... 2 - 128
2.25.6 dos-control l4port ..................................................................... 2 - 129
2.25.7 dos-control icmp ....................................................................... 2 - 129
2.25.8 show dos-control ...................................................................... 2 - 129
2.26 MAC Database Commands ................................................................. 2 - 130
2.26.1 bridge aging-time ..................................................................... 2 - 130
2.26.2 show forwardingdb agetime ..................................................... 2 - 130
2.26.3 show mac-address-table multicast ........................................... 2 - 131
2.26.4 show mac-address-table stats ................................................. 2 - 131
2.27 ISDP Commands ................................................................................ 2 - 131
2.27.1 isdp run .................................................................................... 2 - 131
2.27.2 isdp holdtime ............................................................................ 2 - 132
2.27.3 isdp timer ................................................................................. 2 - 132
2.27.4 isdp advertise-v2 ...................................................................... 2 - 132
2.27.5 isdp enable ............................................................................... 2 - 132
2.27.6 clear isdp counters ................................................................... 2 - 133
2.27.7 clear isdp table ......................................................................... 2 - 133
2.27.8 show isdp ................................................................................. 2 - 133
2.27.9 show isdp interface .................................................................. 2 - 134
2.27.10 show isdp entry ........................................................................ 2 - 134
2.27.11 show isdp neighbors ................................................................ 2 - 134
2.27.12 show isdp traffic ....................................................................... 2 - 135
2.27.13 debug isdp packet .................................................................... 2 - 136
2.28 Multicast Handling Commands ........................................................... 2 - 136
2.28.1 multicast (interface) .................................................................. 2 - 136
2.28.2 show port multicast .................................................................. 2 - 136
2.28.3 multicast (VLAN) ...................................................................... 2 - 137
2.28.4 show vlan multicast .................................................................. 2 - 137
2.28.5 set igmp proxy-report interfacemode ....................................... 2 - 137
2.29 Port Bridging Commands .................................................................... 2 - 138
2.29.1 L2-port-bridge .......................................................................... 2 - 138
Page xv AT8404 CLI Reference Manual
AT8404
Chapter
3
3. Quality of Service (QoS) Commands ...........................................................3 - 2
3.1 Class of Service (CoS) Commands .........................................................3 - 2
3.1.1 classofservice dot1p-mapping ......................................................3 - 2
3.1.2 classofservice ip-dscp-mapping ...................................................3 - 3
3.1.3 classofservice trust .......................................................................3 - 3
3.1.4 cos-queue min-bandwidth ............................................................3 - 3
3.1.5 cos-queue strict ............................................................................3 - 4
3.1.6 traffic-shape ..................................................................................3 - 4
3.1.7 show classofservice dot1p-mapping .............................................3 - 4
3.1.8 show classofservice ip-precedence-mapping ...............................3 - 5
3.1.9 show classofservice ip-dscp-mapping ..........................................3 - 5
3.1.10 show classofservice trust ..............................................................3 - 5
3.1.11 show interfaces cos-queue ...........................................................3 - 6
3.1.12 show interface cos-counter ...........................................................3 - 6
3.1.13 show packet-memory ...................................................................3 - 6
3.1.14 packet-memory (configure) ...........................................................3 - 7
3.1.15 packet-memory (interface) ............................................................3 - 7
3.1.16 show protection-group ..................................................................3 - 7
3.1.17 protection-group (configure) .........................................................3 - 7
3.1.18 protection-group (interface) ..........................................................3 - 8
3.2 Differentiated Services (DiffServ) Commands .........................................3 - 8
3.2.1 diffserv ..........................................................................................3 - 9
3.3 DiffServ Class Commands .......................................................................3 - 9
3.3.1 class-map ...................................................................................3 - 10
3.3.2 class-map rename ......................................................................3 - 10
3.3.3 match ethertype ..........................................................................3 - 10
3.3.4 match any ................................................................................... 3 - 11
3.3.5 match class-map ........................................................................3 - 11
3.3.6 match cos ...................................................................................3 - 12
3.3.7 match secondary-cos .................................................................3 - 12
3.3.8 match destination-address mac ..................................................3 - 12
3.3.9 match dstip .................................................................................3 - 13
3.3.10 match dstip6 ...............................................................................3 - 13
3.3.11 match dstl4port ...........................................................................3 - 13
3.3.12 match ip dscp .............................................................................3 - 13
3.3.13 match ip precedence ..................................................................3 - 14
3.3.14 match ip tos ................................................................................3 - 14
3.3.15 match protocol ............................................................................3 - 15
3.3.16 match source-address mac ........................................................3 - 15
3.3.17 match srcip .................................................................................3 - 15
AT8404 CLI Reference Manual Page xvi
AT8404
3.3.18 match srcip6 ............................................................................... 3 - 16
3.3.19 match srcl4port .......................................................................... 3 - 16
3.3.20 match vlan .................................................................................. 3 - 16
3.3.21 match secondary-vlan ................................................................ 3 - 16
3.4 DiffServ Policy Commands .................................................................... 3 - 17
3.4.1 assign-queue ............................................................................. 3 - 17
3.4.2 drop ............................................................................................ 3 - 17
3.4.3 mirror .......................................................................................... 3 - 17
3.4.4 redirect ....................................................................................... 3 - 18
3.4.5 conform-color ............................................................................. 3 - 18
3.4.6 class ........................................................................................... 3 - 18
3.4.7 mark cos .................................................................................... 3 - 19
3.4.8 mark ip-precedence ................................................................... 3 - 19
3.4.9 police-simple .............................................................................. 3 - 20
3.4.10 policy-map .................................................................................. 3 - 20
3.4.11 policy-map rename .................................................................... 3 - 21
3.5 DiffServ Service Commands ................................................................. 3 - 21
3.5.1 service-policy ............................................................................. 3 - 21
3.6 DiffServ Show Commands .................................................................... 3 - 22
3.6.1 show class-map ......................................................................... 3 - 22
3.6.2 show diffserv .............................................................................. 3 - 23
3.6.3 show policy-map ........................................................................ 3 - 23
3.6.4 show diffserv service .................................................................. 3 - 25
3.6.5 show diffserv service brief .......................................................... 3 - 25
3.6.6 show policy-map interface ......................................................... 3 - 25
3.6.7 show service-policy .................................................................... 3 - 26
3.7 MAC Access Control List (ACL) Commands ......................................... 3 - 26
3.7.1 mac access-list extended ........................................................... 3 - 27
3.7.2 mac access-list extended rename ............................................. 3 - 27
3.7.3 {deny | permit} (MAC ACL) ......................................................... 3 - 27
3.7.4 mac access-group ...................................................................... 3 - 29
3.7.5 show mac access-lists ............................................................... 3 - 29
3.8 IP Access Control List (ACL) Commands ............................................. 3 - 30
3.8.1 access-list .................................................................................. 3 - 30
3.8.2 ip access-list .............................................................................. 3 - 31
3.8.3 ip access-list rename ................................................................. 3 - 32
3.8.4 {deny | permit} (IP ACL) ............................................................. 3 - 32
3.8.5 ip access-group .......................................................................... 3 - 33
3.8.6 acl-trapflags ............................................................................... 3 - 33
3.8.7 show acl-traptimer ...................................................................... 3 - 34
3.8.8 acl-traptimer ............................................................................... 3 - 34
3.8.9 show ip access-lists ................................................................... 3 - 34
3.8.10 show access-lists ....................................................................... 3 - 35
3.9 IPv6 Access Control List (ACL) Commands ......................................... 3 - 35
Page xvii AT8404 CLI Reference Manual
AT8404
Chapter
4
3.9.1 ipv6 access-list ...........................................................................3 - 35
3.9.2 ipv6 access-list rename ..............................................................3 - 36
3.9.3 {deny | permit} (IPv6) ..................................................................3 - 36
3.9.4 ipv6 traffic-filter ...........................................................................3 - 37
3.9.5 show ipv6 access-lists ................................................................3 - 37
3.10 Auto-Voice over IP Commands ..............................................................3 - 38
3.10.1 auto-voip all ................................................................................3 - 38
3.10.2 auto-voip .....................................................................................3 - 39
3.10.3 show auto-voip ...........................................................................3 - 39
4. Utility Commands .........................................................................................4 - 2
4.1 Commands for update and startup Configuration ....................................4 - 2
4.1.1 download ipmifw ...........................................................................4 - 2
4.1.2 download amcipmifw ....................................................................4 - 2
4.2 Dual Image Commands ...........................................................................4 - 3
4.2.1 delete ............................................................................................4 - 3
4.2.2 boot system ..................................................................................4 - 3
4.2.3 show bootvar ................................................................................4 - 3
4.2.4 filedescr ........................................................................................4 - 3
4.3 ATCA commands .....................................................................................4 - 3
4.3.1 set board sensor threshold ...........................................................4 - 3
4.3.2 set board device-id .......................................................................4 - 4
4.3.3 show atca ekeying ........................................................................4 - 4
4.3.4 ekeying (interface) ........................................................................4 - 4
4.3.5 ekeying all (configure) ..................................................................4 - 4
4.4 System Information and Statistics Commands ........................................4 - 5
4.4.1 show arp switch ............................................................................4 - 5
4.4.2 show eventlog ...............................................................................4 - 5
4.4.3 show hardware .............................................................................4 - 6
4.4.4 show version .................................................................................4 - 6
4.4.5 show interface ..............................................................................4 - 6
4.4.6 show interface ethernet ................................................................4 - 7
4.4.7 show mac-addr-table ..................................................................4 - 13
4.4.8 show process cpu .......................................................................4 - 14
4.4.9 show running-config ...................................................................4 - 15
4.4.10 show sysinfo ...............................................................................4 - 16
4.4.11 show tech-support ......................................................................4 - 16
4.4.12 terminal length ............................................................................4 - 16
4.4.13 show terminal length ...................................................................4 - 17
4.4.14 show boardinfo post-status .........................................................4 - 17
4.4.15 show boardinfo sensors ..............................................................4 - 17
AT8404 CLI Reference Manual Page xviii
AT8404
4.4.16 show boardinfo event-log ........................................................... 4 - 17
4.4.17 show boardinfo update-status .................................................... 4 - 18
4.4.18 show boardinfo version .............................................................. 4 - 18
4.4.19 show boardinfo address ............................................................. 4 - 18
4.4.20 show boardinfo fru ..................................................................... 4 - 18
4.4.21 show boardinfo ipmidev ............................................................. 4 - 19
4.4.22 show boardinfo amc connection ................................................ 4 - 19
4.4.23 show boardinfo amc fru .............................................................. 4 - 19
4.4.24 show boardinfo amc ipmidev ..................................................... 4 - 19
4.4.25 show boardinfo led ..................................................................... 4 - 19
4.4.26 show boardinfo cpu-load ............................................................ 4 - 19
4.4.27 show boardinfo memory-usage .................................................. 4 - 20
4.5 Logging Commands .............................................................................. 4 - 20
4.5.1 logging buffered ......................................................................... 4 - 20
4.5.2 logging buffered wrap ................................................................ 4 - 20
4.5.3 logging cli-command .................................................................. 4 - 20
4.5.4 logging console .......................................................................... 4 - 21
4.5.5 logging host ................................................................................ 4 - 21
4.5.6 logging host remove ................................................................... 4 - 21
4.5.7 logging port ................................................................................ 4 - 22
4.5.8 logging syslog ............................................................................ 4 - 22
4.5.9 show logging .............................................................................. 4 - 22
4.5.10 show logging buffered ................................................................ 4 - 23
4.5.11 show logging hosts .................................................................... 4 - 23
4.5.12 show logging traplogs ................................................................ 4 - 23
4.5.13 clear board event-log ................................................................. 4 - 24
4.5.14 show logging backtrace ............................................................. 4 - 24
4.5.15 show logging errcounter ............................................................. 4 - 24
4.5.16 clear errcounter .......................................................................... 4 - 24
4.5.17 show logging persistent ............................................................. 4 - 24
4.6 System Utility and Clear Commands .................................................... 4 - 25
4.6.1 traceroute ................................................................................... 4 - 25
4.6.2 clear config ................................................................................. 4 - 26
4.6.3 clear counters ............................................................................ 4 - 26
4.6.4 clear igmpsnooping .................................................................... 4 - 26
4.6.5 clear pass ................................................................................... 4 - 26
4.6.6 clear port-channel ...................................................................... 4 - 27
4.6.7 clear traplog ............................................................................... 4 - 27
4.6.8 clear vlan .................................................................................... 4 - 27
4.6.9 enable passwd ........................................................................... 4 - 27
4.6.10 enable passwd encrypted <password> ...................................... 4 - 27
4.6.11 logout ......................................................................................... 4 - 27
4.6.12 ping ............................................................................................ 4 - 28
4.6.13 quit ............................................................................................. 4 - 29
4.6.14 reload ......................................................................................... 4 - 29
4.6.15 reload fast .................................................................................. 4 - 29
Page xix AT8404 CLI Reference Manual
AT8404
4.6.16 copy ............................................................................................4 - 29
4.6.17 delete nvram:extra-profile ...........................................................4 - 31
4.6.18 set bootstopkey ..........................................................................4 - 31
4.7 Simple Network Time Protocol (SNTP) Commands ..............................4 - 32
4.7.1 sntp broadcast client poll-interval ...............................................4 - 32
4.7.2 sntp client mode .........................................................................4 - 32
4.7.3 sntp client port ............................................................................4 - 32
4.7.4 sntp unicast client poll-interval ....................................................4 - 33
4.7.5 sntp unicast client poll-timeout ...................................................4 - 33
4.7.6 sntp unicast client poll-retry ........................................................4 - 33
4.7.7 sntp server ..................................................................................4 - 34
4.7.8 show sntp ...................................................................................4 - 34
4.7.9 show sntp client ..........................................................................4 - 34
4.7.10 show sntp server ........................................................................4 - 35
4.8 DHCP Server Commands ......................................................................4 - 35
4.8.1 ip dhcp pool ................................................................................4 - 35
4.8.2 client-identifier ............................................................................4 - 36
4.8.3 client-name .................................................................................4 - 36
4.8.4 default-router ..............................................................................4 - 36
4.8.5 dns-server ...................................................................................4 - 37
4.8.6 hardware-address .......................................................................4 - 37
4.8.7 host .............................................................................................4 - 37
4.8.8 lease ...........................................................................................4 - 38
4.8.9 network (DHCP Pool Config) ......................................................4 - 38
4.8.10 bootfile ........................................................................................4 - 38
4.8.11 domain-name ..............................................................................4 - 39
4.8.12 netbios-name-server ...................................................................4 - 39
4.8.13 netbios-node-type .......................................................................4 - 39
4.8.14 next-server ..................................................................................4 - 40
4.8.15 option ..........................................................................................4 - 40
4.8.16 ip dhcp excluded-address ...........................................................4 - 41
4.8.17 ip dhcp ping packets ...................................................................4 - 41
4.8.18 service dhcp ...............................................................................4 - 41
4.8.19 ip dhcp bootp automatic .............................................................4 - 42
4.8.20 ip dhcp conflict logging ...............................................................4 - 42
4.8.21 clear ip dhcp binding ...................................................................4 - 42
4.8.22 clear ip dhcp server statistics .....................................................4 - 42
4.8.23 clear ip dhcp conflict ...................................................................4 - 43
4.8.24 show ip dhcp binding ..................................................................4 - 43
4.8.25 show ip dhcp global configuration ..............................................4 - 43
4.8.26 show ip dhcp pool configuration .................................................4 - 43
4.8.27 show ip dhcp server statistics .....................................................4 - 44
4.8.28 show ip dhcp conflict ..................................................................4 - 45
4.9 DHCP Filtering .......................................................................................4 - 45
4.9.1 ip dhcp filtering ...........................................................................4 - 45
AT8404 CLI Reference Manual Page xx
AT8404
4.9.2 ip dhcp filtering trust ................................................................... 4 - 46
4.9.3 show ip dhcp filtering ................................................................. 4 - 46
4.10 DNS Client Commands ......................................................................... 4 - 46
4.10.1 ip domain lookup ........................................................................ 4 - 46
4.10.2 ip domain name ......................................................................... 4 - 47
4.10.3 ip domain list .............................................................................. 4 - 47
4.10.4 ip name server ........................................................................... 4 - 47
4.10.5 ip host ........................................................................................ 4 - 48
4.10.6 ip domain retry ........................................................................... 4 - 48
4.10.7 ip domain timeout ....................................................................... 4 - 48
4.10.8 clear host ................................................................................... 4 - 49
4.10.9 show hosts ................................................................................. 4 - 49
4.11 Serviceability Packet Tracing Commands ............................................. 4 - 50
4.11.1 debug arp ................................................................................... 4 - 50
4.11.2 debug auto-voip ......................................................................... 4 - 50
4.11.3 debug clear ................................................................................ 4 - 51
4.11.4 debug console ............................................................................ 4 - 51
4.11.5 debug dot1x packet .................................................................... 4 - 51
4.11.6 debug igmpsnooping packet ...................................................... 4 - 51
4.11.7 debug igmpsnooping packet transmit ........................................ 4 - 52
4.11.8 debug igmpsnooping packet receive .......................................... 4 - 53
4.11.9 debug ip acl ................................................................................ 4 - 53
4.11.10 debug ip igmp packet ................................................................. 4 - 54
4.11.11 debug ip mcache packet ............................................................ 4 - 54
4.11.12 debug lacp packet ...................................................................... 4 - 54
4.11.13 debug mldsnooping packet ........................................................ 4 - 55
4.11.14 debug ping packet ...................................................................... 4 - 55
4.11.15 debug sflow packet .................................................................... 4 - 56
4.11.16 debug spanning-tree bpdu ......................................................... 4 - 56
4.11.17 debug spanning-tree bpdu receive ............................................ 4 - 57
4.11.18 debug spanning-tree bpdu transmit ........................................... 4 - 57
4.11.19 logging persistent ....................................................................... 4 - 58
4.12 Cable Test Command ............................................................................ 4 - 58
4.12.1 cablestatus ................................................................................. 4 - 58
4.13 sFlow Commands ................................................................................. 4 - 59
4.13.1 sflow receiver ............................................................................. 4 - 59
4.13.2 sflow sampler ............................................................................. 4 - 60
4.13.3 sflow poller ................................................................................. 4 - 60
4.13.4 show sflow agent ....................................................................... 4 - 61
4.13.5 show sflow receivers .................................................................. 4 - 62
4.13.6 show sflow samplers .................................................................. 4 - 62
Page xxi AT8404 CLI Reference Manual
AT8404
Chapter
5
5. Management Commands .............................................................................5 - 2
5.1 Network Interface Commands .................................................................5 - 2
5.1.1 enable (Privileged EXEC access) .................................................5 - 2
5.1.2 serviceport ip ................................................................................5 - 2
5.1.3 serviceport protocol ......................................................................5 - 3
5.1.4 network parms ..............................................................................5 - 3
5.1.5 network protocol ...........................................................................5 - 3
5.1.6 network mac-address ...................................................................5 - 3
5.1.7 network mac-type .........................................................................5 - 4
5.1.8 show network ................................................................................5 - 4
5.1.9 show serviceport ...........................................................................5 - 5
5.2 Console Port Access Commands ............................................................5 - 5
5.2.1 configuration .................................................................................5 - 6
5.2.2 lineconfig ......................................................................................5 - 6
5.2.3 serial baudrate ..............................................................................5 - 6
5.2.4 serial timeout ................................................................................5 - 6
5.2.5 show serial ....................................................................................5 - 7
5.3 Telnet Commands ....................................................................................5 - 7
5.3.1 ip telnet server enable ..................................................................5 - 7
5.3.2 telnet .............................................................................................5 - 7
5.3.3 transport input telnet .....................................................................5 - 8
5.3.4 transport output telnet ...................................................................5 - 8
5.3.5 session-limit ..................................................................................5 - 9
5.3.6 session-timeout ............................................................................5 - 9
5.3.7 telnetcon maxsessions .................................................................5 - 9
5.3.8 telnetcon timeout ........................................................................5 - 10
5.3.9 show telnet .................................................................................5 - 10
5.3.10 show telnetcon ............................................................................5 - 10
5.4 Secure Shell (SSH) Commands ............................................................5 - 11
5.4.1 ip ssh ..........................................................................................5 - 11
5.4.2 ip ssh protocol ............................................................................ 5 - 11
5.4.3 ip ssh server enable ................................................................... 5 - 11
5.4.4 sshcon maxsessions ..................................................................5 - 12
5.4.5 sshcon timeout ...........................................................................5 - 12
5.4.6 show ip ssh .................................................................................5 - 12
5.5 Management Security Commands ........................................................5 - 13
AT8404 CLI Reference Manual Page xxii
5.5.1 crypto certificate generate ..........................................................5 - 13
5.5.2 crypto key generate rsa ..............................................................5 - 13
5.5.3 crypto key generate dsa .............................................................5 - 14
AT8404
5.6 Access Commands ............................................................................... 5 - 14
5.6.1 disconnect .................................................................................. 5 - 14
5.6.2 show loginsession ...................................................................... 5 - 14
5.7 User Account Commands ..................................................................... 5 - 15
5.7.1 users name ................................................................................ 5 - 15
5.7.2 users name <username> unlock ................................................ 5 - 15
5.7.3 users passwd ............................................................................. 5 - 15
5.7.4 users passwd <username> encrypted <password> ................... 5 - 16
5.7.5 users snmpv3 accessmode ....................................................... 5 - 16
5.7.6 users snmpv3 authentication ..................................................... 5 - 17
5.7.7 users snmpv3 encryption ........................................................... 5 - 17
5.7.8 show users ................................................................................. 5 - 18
5.7.9 show users accounts ................................................................. 5 - 18
5.7.10 passwd ....................................................................................... 5 - 18
5.7.11 passwords min-length ................................................................ 5 - 19
5.7.12 passwords history ...................................................................... 5 - 19
5.7.13 passwords aging ........................................................................ 5 - 19
5.7.14 passwords lock-out .................................................................... 5 - 20
5.7.15 show passwords configuration ................................................... 5 - 20
5.7.16 write memory ............................................................................. 5 - 20
5.8 SNMP Commands ................................................................................ 5 - 20
5.8.1 snmp-server ............................................................................... 5 - 21
5.8.2 snmp-server community ............................................................. 5 - 21
5.8.3 snmp-server community ipaddr .................................................. 5 - 21
5.8.4 snmp-server community ipmask ................................................ 5 - 22
5.8.5 snmp-server community mode ................................................... 5 - 22
5.8.6 snmp-server community ro ........................................................ 5 - 22
5.8.7 snmp-server enable traps violation ............................................ 5 - 23
5.8.8 snmp-server enable traps .......................................................... 5 - 23
5.8.9 snmp-server enable traps linkmode ........................................... 5 - 24
5.8.10 snmp-server enable traps multiusers ......................................... 5 - 24
5.8.11 snmp-server enable traps pll ...................................................... 5 - 24
5.8.12 snmp-server enable traps stpmode ........................................... 5 - 25
5.8.13 snmptrap .................................................................................... 5 - 25
5.8.14 snmptrap snmpversion ............................................................... 5 - 26
5.8.15 snmptrap ipaddr ......................................................................... 5 - 26
5.8.16 snmptrap mode .......................................................................... 5 - 26
5.8.17 snmp trap link-status .................................................................. 5 - 26
5.8.18 snmp trap link-status all ............................................................. 5 - 27
5.8.19 show snmpcommunity ...............................................................5 - 27
5.8.20 show snmptrap ........................................................................... 5 - 28
5.8.21 show trapflags ............................................................................ 5 - 28
5.8.22 snmptrap notification .................................................................. 5 - 29
5.8.23 snmp-server engine-id ............................................................... 5 - 29
5.8.24 show snmp-engine-id ................................................................. 5 - 29
5.8.25 set board snmp site .................................................................... 5 - 29
Page xxiii AT8404 CLI Reference Manual
AT8404
5.8.26 show boardinfo snmp site ...........................................................5 - 30
5.8.27 set board snmp ipmi-trap ............................................................5 - 30
5.8.28 set board snmp ipmi-trap interval ...............................................5 - 30
5.8.29 set board snmp ipmi-trap filter ....................................................5 - 30
5.8.30 enable (filter) ...............................................................................5 - 31
5.8.31 disable (filter) ..............................................................................5 - 31
5.8.32 ipmb (filter) ..................................................................................5 - 31
5.8.33 type (filter) ...................................................................................5 - 31
5.8.34 status (filter) ................................................................................5 - 31
5.8.35 assert (filter) ................................................................................5 - 31
5.8.36 show boardinfo snmp ipmi-trap ..................................................5 - 32
5.9 RADIUS Commands ..............................................................................5 - 32
5.9.1 authorization network radius .......................................................5 - 32
5.9.2 radius accounting mode .............................................................5 - 32
5.9.3 radius server attribute .................................................................5 - 32
5.9.4 radius server host .......................................................................5 - 33
5.9.5 radius server key ........................................................................5 - 34
5.9.6 radius server msgauth ................................................................5 - 35
5.9.7 radius server primary ..................................................................5 - 35
5.9.8 radius server retransmit ..............................................................5 - 36
5.9.9 radius server timeout ..................................................................5 - 36
5.9.10 show radius ................................................................................5 - 36
5.9.11 show radius servers ....................................................................5 - 37
5.9.12 show radius accounting ..............................................................5 - 39
5.9.13 show radius accounting statistics ...............................................5 - 40
5.9.14 show radius statistics ..................................................................5 - 41
5.10 TACACS+ Commands ...........................................................................5 - 42
5.10.1 tacacs-server host ......................................................................5 - 42
5.10.2 tacacs-server key .......................................................................5 - 43
5.10.3 tacacs-server timeout .................................................................5 - 43
5.10.4 key ..............................................................................................5 - 44
5.10.5 port .............................................................................................5 - 44
5.10.6 priority .........................................................................................5 - 44
5.10.7 timeout ........................................................................................5 - 44
5.10.8 show tacacs ................................................................................5 - 44
5.11 Configuration Scripting Commands .......................................................5 - 45
5.11.1 script apply .................................................................................5 - 46
5.11.2 script delete ................................................................................5 - 46
5.11.3 script list ......................................................................................5 - 46
5.11.4 script show ..................................................................................5 - 46
5.11.5 script validate ..............................................................................5 - 46
5.12 Pre-login Banner and System Prompt Commands ................................5 - 47
5.12.1 copy (pre-login banner) ..............................................................5 - 47
5.12.2 set prompt ...................................................................................5 - 47
5.13 Diagnostics Commands .........................................................................5 - 47
AT8404 CLI Reference Manual Page xxiv
AT8404
Appendix
A
Appendix
B
5.13.1 diagnostics ................................................................................. 5 - 47
5.13.2 show logging diag-report ............................................................ 5 - 47
5.14 PCI express Commands ....................................................................... 5 - 47
5.14.1 show boardinfo pcie ................................................................... 5 - 47
5.15 Storage Commands .............................................................................. 5 - 48
5.15.1 set board storage connect ......................................................... 5 - 48
5.15.2 show boardinfo storage .............................................................. 5 - 48
5.16 Clock support commands ...................................................................... 5 - 48
5.16.1 set board pcie clock ................................................................... 5 - 48
5.16.2 set board pll ............................................................................... 5 - 48
5.16.3 show boardinfo pll status ........................................................... 5 - 49
5.16.4 show boardinfo pll config ........................................................... 5 - 49
5.16.5 set board clock bpl ..................................................................... 5 - 49
5.16.6 set board clock mux-amc ........................................................... 5 - 49
5.16.7 set board clock mux-bpl ............................................................. 5 - 49
5.16.8 set board clock override ............................................................. 5 - 50
5.16.9 set board clock receiver ............................................................. 5 - 50
5.16.10 set board clock source ............................................................... 5 - 50
5.16.11 show boardinfo clock bpl ............................................................ 5 - 50
5.16.12 show boardinfo clock amc .......................................................... 5 - 51
A. Getting Help ................................................................................................A - 2
B. FASTPATH Log Messages ..........................................................................B - 2
B.1 Core ........................................................................................................B - 2
B.2 Utilities .....................................................................................................B - 3
B.3 Management ...........................................................................................B - 5
B.4 Switching .................................................................................................B - 7
B.5 QoS .......................................................................................................B - 12
B.6 Technologies .........................................................................................B - 13
B.7 O/S Support ..........................................................................................B - 14
Page xxv AT8404 CLI Reference Manual
AT8404
Appendix
C
C. List of Commands ....................................................................................... C - 2
AT8404 CLI Reference Manual Page xxvi
Chapter 1
1
AT8404
Using the Command-Line Interface
Page 1 - 1 AT8404 CLI Reference Manual
Using the Command-Line Interface AT8404
1. Using the Command-Line Interface
The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the CLI
by using a direct serial connection or by using a remote logical connection with telnet or SSH.
This chapter describes the CLI syntax, conventions, and modes. It contains the following sections:
• 1.1 “Command Syntax” on page 1 - 2
• 1.2 “Command Conventions” on page 1 - 2
• 1.3 “Common Parameter Values” on page 1 - 3
• 1.4 “Slot/Port Naming Convention” on page 1 - 4
• 1.5 “Using the “No” Form of a Command” on page 1 - 4
• 1.6 “FASTPATH Modules” on page 1 - 4
• 1.7 “Command Modes” on page 1 - 5
• 1.8 “Command Completion and Abbreviation” on page 1 - 7
• 1.9 “CLI Error Messages” on page 1 - 7
• 1.10 “CLI Line-Editing Conventions” on page 1 - 7
• 1.11 “Using CLI Help” on page 1 - 8
• 1.12 “Accessing the CLI” on page 1 - 8
1.1 Command Syntax
A command is one or more words that might be followed by one or more parameters. Parameters can be required
or optional values.
Some commands, such as show network or clear vlan, do not require parameters. Other commands, such
as network parms, require that you supply a value after the command. You must type the parameter values in a
specific order, and optional parameters follow required parameters. The following example describes the network
parms command syntax:
Format network parms <ipaddr> <netmask> [gateway]
• network parms is the command name.
• <ipaddr> and <netmask> are parameters and represent required values that you must enter after you type
the command keywords.
• [gateway] is an optional parameter, so you are not required to enter a value in place of the parameter.
The CLI Command Reference lists each command by the command name and provides a brief description of the
command. Each command reference also contains the following information:
• Format shows the command keywords and the required and optional parameters.
• Mode identifies the command mode you must be in to access the command.
• Default shows the default value, if any, of a configurable setting on the device.
The show commands also contain a description of the information that the command shows.
1.2 Command Conventions
In this document, the command name is in bold font. Parameters are in italic font. You must replace the
parameter name with an appropriate value, which might be a name or number. Parameters are order dependent.
AT8404 CLI Reference Manual Page 1 - 2
AT8404 Using the Command-Line Interface
The parameters for a command might include mandatory values, optional values, or keyword choices. Table 1
describes the conventions this document uses to distinguish between value types.
Table 1: Parameter Conventions
Symbol Example Description
<> angle brackets <value> Indicates that you must enter a value in place of the
brackets and text inside them.
[] square brackets [value] Indicates an optional parameter that you can enter in place
of the brackets and text inside them.
{} curly braces {choice1 | choice2} Indicates that you must select a parameter from the list of
choices.
| Vertical bars choice1 | choice2 Separates the mutually exclusive choices.
[{}] Braces within
square brackets
1.3 Common Parameter Values
[{choice1 | choice2}] Indicates a choice within an optional element.
Parameter values might be names (strings) or numbers.To use spaces as part of a name parameter, enclose the
name value in double quotes. For example, the expression “System Name with Spaces” forces the system to accept
the spaces. Empty strings (““) are not valid user-defined strings. Table 2 describes common parameter values and
value formatting.
Table 2: Parameter Descriptions
Parameter Description
ipaddr This parameter is a valid IP address. You can enter the IP address in the following
formats:
a (32 bits)
a.b (8.24 bits)
a.b.c (8.8.16 bits)
a.b.c.d (8.8.8.8)
In addition to these formats, the CLI accepts decimal, hexidecimal and octal formats
through the following input formats (where n is any valid hexidecimal, octal or decimal
number):
0xn (CLI assumes hexidecimal format)
0n (CLI assumes octal format with leading zeros)
n (CLI assumes decimal format)
ipv6-address FE80:0000:0000:0000:020F:24FF:FEBF:DBCB, or
FE80:0:0:0:20F:24FF:FEBF:DBCB, or
FE80::20F24FF:FEBF:DBCB, or
FE80:0:0:0:20F:24FF:128:141:49:32
For additional information, refer to RFC 3513.
Interface or
slot/port
Valid slot and port number separated by a forward slash. For example, 0/1 represents
slot number 0 and port number 1.
Logical Interface Represents a logical slot and port number. This is applicable in the case of a port-
channel (LAG). You can use the logical slot/port to configure the port-channel.
Character strings Use double quotation marks to identify character strings, for example, “System Name
with Spaces”. An empty string (“”) is not valid.
Page 1 - 3 AT8404 CLI Reference Manual
Using the Command-Line Interface AT8404
1.4 Slot/Port Naming Convention
FASTPATH software references physical entities such as cards and ports by using a slot/port naming convention.
The FASTPATH software also uses this convention to identify certain logical entities, such as Port-Channel
interfaces.
The slot number has two uses. In the case of physical ports, it identifies the card containing the ports. In the case
of logical and CPU ports it also identifies the type of interface or port.
Table 3: Type of Slots
Slot Type Description
Physical slot numbers Physical slot numbers begin with zero, and are allocated up to the maximum
Logical slot numbers Logical slots immediately follow physical slots and identify port-channel (LAG)
CPU slot numbers The CPU slots immediately follow the logical slots.
number of physical slots.
or router interfaces.
The port identifies the specific physical port or logical interface being managed on a given slot.
Table 4: Type of Ports
Port Type Description
Physical Ports The physical ports for each slot are numbered sequentially starting from zero.
Logical Interfaces Port-channel or Link Aggregation Group (LAG) interfaces are logical interfaces
CPU ports CPU ports are handled by the driver as one or more physical entities located on
Note: In the CLI, loopback and tunnel interfaces do not use the slot/port format. To specify a loopback
interface, you use the loopback ID. To specify a tunnel interface, you use the tunnel ID.
that are only used for bridging functions.
VLAN routing interfaces are only used for routing functions.
Loopback interfaces are logical interfaces that are always up.
Tunnel interfaces are logical point-to-point links that carry encapsulated
packets.
physical slots.
1.5 Using the “No” Form of a Command
The no keyword is a specific form of an existing command and does not represent a new or distinct command.
Almost every configuration command has a no form. In general, use the no form to reverse the action of a command
or reset a value back to the default. For example, the no shutdown configuration command reverses the shutdown
of an interface. Use the command without the keyword no to re-enable a disabled feature or to enable a feature
that is disabled by default. Only the configuration commands are available in the no form.
1.6 FASTPATH Modules
FASTPATH software consists of flexible modules that can be applied in various combinations to develop advanced
Layer 2/3/4+ products. The commands and command modes available on your switch depend on the installed
AT8404 CLI Reference Manual Page 1 - 4
AT8404 Using the Command-Line Interface
modules. Additionally, for some show commands, the output fields might change based on the modules included in
the FASTPATH software.
The FASTPATH software suite includes the following modules:
• Switching (Layer 2)
• Quality of Service
• Management (CLI and SNMP)
Not all modules are available for all platforms or software releases.
1.7 Command Modes
The CLI groups commands into modes according to the command function. Each of the command modes supports
specific FASTPATH software commands. The commands in one mode are not available until you switch to that
particular mode, with the exception of the User EXEC mode commands. You can execute the User EXEC mode
commands in the Privileged EXEC mode.
The command prompt changes in each command mode to help you identify the current mode. Table 5 describes
the command modes and the prompts visible in that mode.
Note: The command modes available on your switch depend on the software modules that are installed.
Table 5: CLI Command Modes
Command Mode Prompt Mode Description
User EXEC Switch> Contains a limited set of commands to view
basic system information.
Privileged EXEC Switch# Allows you to issue any EXEC command,
enter the VLAN mode, or enter the Global
Configuration mode.
Global Config Switch (Config)# Groups general setup commands and
VLAN Config Switch (Vlan)# Groups all the VLAN commands.
Interface Config Switch (Interface <slot/port>)#
Switch (Interface Loopback <id>)#
Switch (Interface Tunnel <id>)#
Line Config Switch (line)# Contains commands to configure outbound
Policy Map
Config
Policy Class
Config
Class Map Config Switch (Config-class-map)# Contains the QoS class map configuration
Switch (Config-policy-map)# Contains the QoS Policy-Map configuration
Switch (Config-policy-class-map)# Consists of class creation, deletion, and
permits you to make modifications to the
running configuration.
Manages the operation of an interface and
provides access to the router interface
configuration commands.
Use this mode to set up a physical port for a
specific logical connection operation.
telnet settings and console interface settings.
commands.
matching commands. The class match
commands specify Layer 2, Layer 3, and
general match criteria.
commands for IPv4.
Page 1 - 5 AT8404 CLI Reference Manual
Using the Command-Line Interface AT8404
Table 5: CLI Command Modes (Continued)
Command Mode Prompt Mode Description
MAC Access-list
Config
TACACS Config Switch (Tacacs)# Contains commands to configure properties
DHCP Pool
Config
Table 6 explains how to enter or exit each mode.
Command Mode Access Method Exit or Access Previous Mode
User EXEC This is the first level of access. To exit, enter logout.
Privileged EXEC From the User EXEC mode, enter
Global Config From the Privileged EXEC mode, enter
VLAN Config From the Privileged EXEC mode, enter
Interface Config From the Global Config mode, enter
Line Config From the Global Config mode, enter
Policy-Map
Config
Policy-Class-Map
Config
Class-Map
Config
MAC Access-list
Config
TACACS Config From the Global Config mode, enter
DHCP Pool
Config
Switch (Config-mac-access-list)# Allows you to create a MAC Access-List and
Switch (Config dhcp-pool)# Contains the DHCP server IP address pool
Table 6: CLI Mode Access and Exit
enable.
configure.
vlan database.
interface <slot/port> or
interface loopback <id> or
interface tunnel <id>
lineconfig.
From the Global Config mode, enter
policy-map.
From the Policy Map mode enter class. To exit to the Policy Map mode, enter exit. To
From the Global Config mode, enter
class-map, and specify the optional
keyword ipv4 to specify the Layer 3
protocol for this class. See 3.3.1 “classmap” on page 3 - 10 for more information.
From the Global Config mode, enter
mac access-list extended <name>.
tacacs-server host <ip-addr>,
where <ip-addr> is the IP address of the
TACACS server on your network.
From the Global Config mode, enter
ip dhcp pool <pool-name>.
to enter the mode containing MAC AccessList configuration commands.
for the TACACS servers.
configuration commands.
To exit to the User EXEC mode, enter exit or
press Ctrl-Z.
To exit to the Privileged EXEC mode, enter exit,
or press Ctrl-Z.
To exit to the Privileged EXEC mode, enter exit,
or press Ctrl-Z.
To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter Ctrl-
Z.
To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter Ctrl-
Z.
To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter Ctrl-
Z.
return to the Privileged EXEC mode, enter Ctrl-
Z.
To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter Ctrl-
Z.
To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter Ctrl-
Z.
To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter Ctrl-
Z.
To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter Ctrl-
Z.
AT8404 CLI Reference Manual Page 1 - 6
AT8404 Using the Command-Line Interface
1.8 Command Completion and Abbreviation
Command completion finishes spelling the command when you type enough letters of a command to uniquely
identify the command keyword. Once you have entered enough letters, press the SPACEBAR or TAB key to
complete the word.
Command abbreviation allows you to execute a command when you have entered there are enough letters to
uniquely identify the command. You must enter all of the required keywords and parameters before you enter the
command.
1.9 CLI Error Messages
If you enter a command and the system is unable to execute it, an error message appears. Table 7 describes the
most common CLI error messages.
Table 7: CLI Error Messages
Message Text Description
% Invalid input detected at '^'
marker.
Command not found / Incomplete
command. Use ? to list commands.
Ambiguous command Indicates that you did not enter enough letters to uniquely identify
Indicates that you entered an incorrect or unavailable command.
The carat (^) shows where the invalid text is detected. This
message also appears if any of the parameters or values are not
recognized.
Indicates that you did not enter the required keywords or values.
the command.
1.10 CLI Line-Editing Conventions
Table 8 describes the key combinations you can use to edit commands or increase the speed of command entry.
You can access this list from the CLI by entering help from the User or Privileged EXEC modes.
Table 8: CLI Editing Conventions
Key Sequence Description
DEL or Backspace Delete previous character
Ctrl-A Go to beginning of line
Ctrl-E Go to end of line
Ctrl-F Go forward one character
Ctrl-B Go backward one character
Ctrl-D Delete current character
Ctrl-U, X Delete to beginning of line
Ctrl-K Delete to end of line
Ctrl-W Delete previous word
Ctrl-T Transpose previous character
Ctrl-P Go to previous line in history buffer
Ctrl-R Rewrites or pastes the line
Ctrl-N Go to next line in history buffer
Ctrl-Y Prints last deleted character
Ctrl-Q Enables serial flow
Page 1 - 7 AT8404 CLI Reference Manual
Using the Command-Line Interface AT8404
Table 8: CLI Editing Conventions (Continued)
Key Sequence Description
Ctrl-S Disables serial flow
Ctrl-Z Return to root command prompt
Tab, <SPACE> Command-line completion
Exit Go to next lower command prompt
? List available commands, keywords, or parameters
1.11 Using CLI Help
Enter a question mark (?) at the command prompt to display the commands available in the current mode.
(switch) >?
enable Enter into user privilege mode.
help Display help for various special keys.
logout Exit this session. Any unsaved changes are lost.
ping Send ICMP echo packets to a specified IP address.
quit Exit this session. Any unsaved changes are lost.
show Display Switch Options and Settings.
telnet Telnet to a remote host.
Enter a question mark (?) after each word you enter to display available command keywords or parameters.
(switch) #network ?
javamode Enable/Disable.
mgmt_vlan Configure the Management VLAN ID of the switch.
parms Configure Network Parameters of the router.
protocol Select DHCP, BootP, or None as the network config
protocol.
If the help output shows a parameter in angle brackets, you must replace the parameter with a value.
(switch) #network parms ?
<ipaddr> Enter the IP address.
If there are no additional command keywords or parameters, or if additional parameters are optional, the following
message appears in the output:
<cr> Press Enter to execute the command
You can also enter a question mark (?) after typing one or more characters of a word to list the available command
or parameters that begin with the letters, as shown in the following example:
(switch) #show m?
mac-addr-table mac-address-table monitor
1.12 Accessing the CLI
You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote
management host.
AT8404 CLI Reference Manual Page 1 - 8
AT8404 Using the Command-Line Interface
For the initial connection, you must use a direct connection to the console port. You cannot access the system
remotely until the system has an IP address, subnet mask, and default gateway. You can set the network
configuration information manually, or you can configure the system to accept these settings from a BOOTP or
DHCP server on your network. For more information, see 5.1 “Network Interface Commands” on page 5 - 2.
Page 1 - 9 AT8404 CLI Reference Manual
Using the Command-Line Interface AT8404
AT8404 CLI Reference Manual Page 1 - 10
Chapter 1
2
AT8404
Switching Commands
Page 2 - 1 AT8404 CLI Reference Manual
Switching Commands AT8404
2. Switching Commands
This chapter describes the switching commands available in the FASTPATH CLI.
The Switching Commands chapter includes the following sections:
• 2.1 “Port Configuration Commands” on page 2 - 2
• 2.2 “Spanning Tree Protocol (STP) Commands” on page 2 - 7
• 2.3 “VLAN Commands” on page 2 - 20
• 2.4 “Double VLAN Commands” on page 2 - 30
• 2.5 “Voice VLAN Commands” on page 2 - 32
• 2.6 “Provisioning (IEEE 802.1p) Commands” on page 2 - 34
• 2.7 “Protected Ports Commands” on page 2 - 34
• 2.8 “GARP Commands” on page 2 - 36
• 2.9 “GVRP Commands” on page 2 - 38
• 2.10 “GMRP Commands” on page 2 - 39
• 2.11 “Port-Based Network Access Control Commands” on page 2 - 41
• 2.12 “Storm-Control Commands” on page 2 - 52
• 2.13 “Port-Channel/LAG (802.3ad) Commands” on page 2 - 61
• 2.14 “Port Mirroring” on page 2 - 75
• 2.15 “Static MAC Filtering” on page 2 - 77
• 2.16 “DHCP Snooping Configuration Commands” on page 2 - 80
• 2.17 “Dynamic ARP Inspection Commands” on page 2 - 88
• 2.18 “IGMP Snooping Configuration Commands” on page 2 - 93
• 2.19 “IGMP Snooping Querier Commands” on page 2 - 99
• 2.20 “MLD Snooping Commands” on page 2 - 102
• 2.21 “MLD Snooping Querier Commands” on page 2 - 108
• 2.22 “Port Security Commands” on page 2 - 111
• 2.23 “LLDP (802.1AB) Commands” on page 2 - 113
• 2.24 “LLDP-MED Commands” on page 2 - 120
• 2.25 “Denial of Service Commands” on page 2 - 126
• 2.26 “MAC Database Commands” on page 2 - 130
• 2.27 “ISDP Commands” on page 2 - 131
• 2.28 “Multicast Handling Commands” on page 2 - 136
• 2.29 “Port Bridging Commands” on page 2 - 138
Caution! The commands in this chapter are in one of three functional groups:
• Show commands display switch settings, statistics, and other information.
• Configuration commands configure features and options of the switch. For every configuration
command, there is a show command that displays the configuration setting.
• Clear commands clear some or all of the settings to factory defaults.
2.1 Port Configuration Commands
This section describes the commands you use to view and configure port settings.
AT8404 CLI Reference Manual Page 2 - 2
AT8404 Switching Commands
2.1.1 interface
This command gives you access to the Interface Config mode, which allows you to enable or modify the operation
of an interface (port).
Format interface <slot/port>
Mode Global Config
2.1.2 auto-negotiate
This command enables automatic negotiation on a port.
Default enabled
Format auto-negotiate
Mode Interface Config
2.1.2.1 no auto-negotiate
This command disables automatic negotiation on a port.
Note: Automatic sensing is disabled when automatic negotiation is disabled.
Format no auto-negotiate
Mode Interface Config
2.1.3 auto-negotiate all
This command enables automatic negotiation on all ports.
Default enabled
Format auto-negotiate all
Mode Global Config
2.1.3.1 no auto-negotiate all
This command disables automatic negotiation on all ports.
Format no auto-negotiate all
Mode Global Config
2.1.4 advertise speed
This command sets auto-negotiation advertised speed parameters. If full/half-duplex is not specified the speed is
valid for both modes.
Format advertise speed <1000 | 100 | 10> [<half-duplex | full-duplex>]
Mode Interface Config
Page 2 - 3 AT8404 CLI Reference Manual
Switching Commands AT8404
2.1.4.1 no advertise speed
This command resets auto-negotiation advertised speed parameters.
Format no advertise speed <1000 | 100 | 10> [<half-duplex | full-duplex>]
Mode Interface Config
2.1.5 show advertise speed
This command lists the auto-negotiation advertised speed parameters. The values are listed for a specified
interface.
Format show advertise speed <slot/port>
Mode Privileged Exec
2.1.6 block
This command sets a port in blocking mode. A blocking port will not receive or forward data frames. The command
is only allowed if no spanning tree is enabled because the spanning tree is setting the port states itself. If the port is
currently disabled, the state is not changed until it will become enabled. The state of the ports can be listed (spanning
tree) by “
show spanning-tree mst port summary 0 all”
Format block
Mode Interface Config
2.1.6.1 no block
This command resets a port in non-blocking mode.
Format no block
Mode Interface Config
2.1.7 description
Use this command to create an alpha-numeric description of the port.
Format description <description>
Mode Interface Config
2.1.8 mtu
Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or egress
the interface. You can use the mtu command to configure jumbo frame support for physical and port-channel (LAG)
interfaces. For the standard FASTPATH implementation, the MTU size is a valid integer between 1522 - 9216 for
tagged packets and a valid integer between 1518 - 9216 for untagged packets.
Note: To receive and process packets, the Ethernet MTU must include any extra bytes that Layer-2
headers might require.
Default 1518 (untagged)
AT8404 CLI Reference Manual Page 2 - 4
AT8404 Switching Commands
Format mtu <1518-9216>
Mode Interface Config
2.1.8.1 no mtu
This command sets the default MTU size (in bytes) for the interface.
Format no mtu
Mode Interface Config
2.1.9 shutdown
This command disables a port.
Note: You can use the shutdown command on physical and port-channel (LAG) interfaces, but not on
VLAN routing interfaces.
Default enabled
Format shutdown
Mode Interface Config
2.1.9.1 no shutdown
This command enables a port.
Format no shutdown
Mode Interface Config
2.1.10 shutdown all
This command disables all ports.
Note: You can use the shutdown all command on physical and port-channel (LAG) interfaces, but
not on VLAN routing interfaces.
Default enabled
Format shutdown all
Mode Global Config
2.1.10.1 no shutdown all
This command enables all ports.
Format no shutdown all
Mode Global Config
Page 2 - 5 AT8404 CLI Reference Manual
Switching Commands AT8404
2.1.11 speed
This command sets the speed and duplex setting for the interface.
Format speed {<100 | 10> <half-duplex | full-duplex>}
Mode Interface Config
Acceptable Values Definition
100h 100BASE-T half duplex
100f 100BASE-T full duplex
10h 10BASE-T half duplex
10f 10BASE-T full duplex
2.1.12 speed all
This command sets the speed and duplex setting for all interfaces.
Format speed all {<100 | 10> <half-duplex | full-duplex>}
Mode Global Config
Acceptable Values Definition
100h 100BASE-T half duplex
100f 100BASE-T full duplex
10h 10BASE-T half duplex
10f 10BASE-T full duplex
2.1.13 show port
This command displays port information.
Format show port {<slot/port> | all}
Mode Privileged EXEC
Term Definition
Interface Valid slot and port number separated by a forward slash.
Type If not blank, this field indicates that this port is a special type of port. The possible values are:
• Mirror - this port is a monitoring port. For more information, see 2.14 “Port Mirroring” on
page 2 - 75.
•PC Mbr- this port is a member of a port-channel (LAG).
•Probe - this port is a probe port.
Admin Mode The Port control administration state. The port must be enabled in order for it to be allowed
into the network. - May be enabled or disabled. The factory default is enabled.
Physical Mode The desired port speed and duplex mode. If auto-negotiation support is selected, then the
duplex mode and speed is set from the auto-negotiation process. Note that the maximum
capability of the port (full duplex -100M) is advertised. Otherwise, this object determines the
port's duplex mode and transmission rate. The factory default is Auto.
Physical Status The port speed and duplex mode.
Link Status The Link is up or down.
AT8404 CLI Reference Manual Page 2 - 6
AT8404 Switching Commands
Term Definition
Link Trap This object determines whether or not to send a trap when link status changes. The factory
LACP Mode LACP is enabled or disabled on this port.
2.1.14 show port protocol
This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group.
Format show port protocol {<groupid> | all}
Mode Privileged EXEC
Term Definition
Group Name The group name of an entry in the Protocol-based VLAN table.
Group ID The group identifier of the protocol group.
Protocol(s) The type of protocol(s) for this group.
VLAN The VLAN associated with this Protocol Group.
Interface(s) Lists the slot/port interface(s) that are associated with this Protocol Group.
default is enabled.
2.2 Spanning Tree Protocol (STP) Commands
This section describes the commands you use to configure Spanning Tree Protocol (STP). STP helps prevent
network loops, duplicate messages, and network instability.
Note: STP is disabled by default. When you enable STP on the switch, STP is still disabled on each port.
Note: If STP is disabled, the system does not forward BPDU messages.
2.2.1 spanning-tree
This command sets the spanning-tree operational mode to enabled.
Default disabled
Format spanning-tree
Mode Global Config
2.2.1.1 no spanning-tree
This command sets the spanning-tree operational mode to disabled. While disabled, the spanning-tree configuration
is retained and can be changed, but is not activated.
Format no spanning-tree
Mode Global Config
Page 2 - 7 AT8404 CLI Reference Manual
Switching Commands AT8404
2.2.2 spanning-tree bpdufilter
Use this command to enable BPDU Filter on the interface.
Default disabled
Format spanning-tree bpdufilter
Mode Interface Config
2.2.2.1 no spanning-tree bpdufilter
Use this command to disable BPDU Filter on the interface.
Default disabled
Format no spanning-tree bpdufilter
Mode Interface Config
2.2.3 spanning-tree bpdufilter default
Use this command to enable BPDU Filter on all the edge port interfaces.
Default disabled
Format spanning-tree bpdufilter
Mode Global Config
2.2.3.1 no spanning-tree bpdufilter default
Use this command to disable BPDU Filter on all the edge port interfaces.
Default disabled
Format no spanning-tree bpdufilter default
Mode Global Config
2.2.4 spanning-tree bpduflood
Use this command to enable BPDU Flood on the interface.
Default disabled
Format spanning-tree bpduflood
Mode Interface Config
2.2.4.1 no spanning-tree bpduflood
Use this command to disable BPDU Flood on the interface.
Default disabled
Format no spanning-tree bpduflood
Mode Interface Config
AT8404 CLI Reference Manual Page 2 - 8
AT8404 Switching Commands
2.2.5 spanning-tree bpduguard
Use this command to enable BPDU Guard on the switch.
Default disabled
Format spanning-tree bpduguard
Mode Global Config
2.2.5.1 no spanning-tree bpduguard
Use this command to disable BPDU Guard on the switch.
Default disabled
Format no spanning-tree bpduguard
Mode Global Config
2.2.6 spanning-tree bpdumigrationcheck
Use this command to force a transmission of rapid spanning tree (RSTP) and multiple spanning tree (MSTP)
BPDUs. Use the <slot/port> parameter to transmit a BPDU from a specified interface, or use the all keyword
to transmit BPDUs from all interfaces. This command forces the BPDU transmission when you execute it, so the
command does not change the system configuration or have a “no” version.
Format spanning-tree bpdumigrationcheck {<slot/port> | all}
Mode Global Config
2.2.7 spanning-tree configuration name
This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is
currently using. The <name> is a string of up to 32 characters.
Default base MAC address in hexadecimal notation
Format spanning-tree configuration name
Mode Global Config
<name>
2.2.7.1 no spanning-tree configuration name
This command resets the Configuration Identifier Name to its default.
Format no spanning-tree configuration name
Mode Global Config
2.2.8 spanning-tree configuration revision
This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch
is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535.
Default 0
Format spanning-tree configuration revision
Page 2 - 9 AT8404 CLI Reference Manual
<0-65535>
Switching Commands AT8404
Mode Global Config
2.2.8.1 no spanning-tree configuration revision
This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch
is currently using to the default value.
Format no spanning-tree configuration revision
Mode Global Config
2.2.9 spanning-tree edgeport
This command specifies that this port is an Edge Port within the common and internal spanning tree. This allows
this port to transition to Forwarding State without delay.
Format spanning-tree edgeport
Mode Interface Config
2.2.9.1 no spanning-tree edgeport
This command specifies that this port is not an Edge Port within the common and internal spanning tree.
Format no spanning-tree edgeport
Mode Interface Config
2.2.10 spanning-tree forceversion
This command sets the Force Protocol Version parameter to a new value.
Default 802.1s
Format spanning-tree forceversion <802.1d | 802.1s | 802.1w>
Mode Global Config
• Use 802.1d to specify that the switch transmits ST BPDUs rather than MST BPDUs (IEEE 802.1d functionality
supported).
• Use 802.1s to specify that the switch transmits MST BPDUs (IEEE 802.1s functionality supported).
• Use 802.1w to specify that the switch transmits RST BPDUs rather than MST BPDUs (IEEE 802.1w
functionality supported).
2.2.10.1 no spanning-tree forceversion
This command sets the Force Protocol Version parameter to the default value.
Format no spanning-tree forceversion
Mode Global Config
AT8404 CLI Reference Manual Page 2 - 10
AT8404 Switching Commands
2.2.11 spanning-tree forward-time
This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree.
The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to “(Bridge
Max Age / 2) + 1”.
Default 15
Format spanning-tree forward-time
Mode Global Config
2.2.11.1 no spanning-tree forward-time
This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to the default
value.
Format no spanning-tree forward-time
Mode Global Config
<4-30>
2.2.12 spanning-tree hello-time
This command sets the Admin Hello Time parameter to a new value for the common and internal spanning tree. The
hello time <value> is in whole seconds within a range of 1 to 10, with the value being less than or equal to (Bridge
Max Age / 2) - 1.
Default 2
Format spanning-tree hello-time <1-10>
Mode Interface Config
2.2.12.1 no spanning-tree hello-time
This command sets the admin Hello Time parameter for the common and internal spanning tree to the default value.
Format no spanning-tree hello-time
Mode Interface Config
2.2.13 spanning-tree max-age
This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree. The
max-age value is in seconds within a range of 6 to 40, with the value being less than or equal to 2 x (Bridge Forward
Delay - 1).
Default 20
Format spanning-tree max-age
Mode Global Config
<6-40>
2.2.13.1 no spanning-tree max-age
This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value.
Page 2 - 11 AT8404 CLI Reference Manual
Switching Commands AT8404
Format no spanning-tree max-age
Mode Global Config
2.2.14 spanning-tree max-hops
This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. The
max-hops value is a range from 1 to 127.
Default 20
Format spanning-tree max-hops <1-127>
Mode Global Config
2.2.14.1 no spanning-tree max-hops
This command sets the Bridge Max Hops parameter for the common and internal spanning tree to the default value.
Format no spanning-tree max-hops
Mode Global Config
2.2.15 spanning-tree mst
This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the
common and internal spanning tree. If you specify an <mstid> parameter that corresponds to an existing multiple
spanning tree instance, the configurations are done for that multiple spanning tree instance. If you specify 0 (defined
as the default CIST ID) as the <mstid>, the configurations are done for the common and internal spanning tree
instance.
If you specify the cost option, the command sets the path cost for this port within a multiple spanning tree instance
or the common and internal spanning tree instance, depending on the <mstid> parameter. You can set the path
cost as a number in the range of 1 to 200000000 or auto. If you select auto the path cost value is set based on Link
Speed.
If you specify the external-cost option, this command sets the external-path cost for MST instance ‘0’ i.e. CIST
instance. You can set the external cost as a number in the range of 1 to 200000000 or auto. If you specify auto, the
external path cost value is set based on Link Speed.
If you specify the port-priority option, this command sets the priority for this port within a specific multiple spanning
tree instance or the common and internal spanning tree instance, depending on the <mstid> parameter. The portpriority value is a number in the range of 0 to 240 in increments of 16.
Default • cost—auto
• external-cost—auto
• port-priority—128
Format spanning-tree mst
<1-200000000> | auto} | port-priority <0-240>}
Mode Interface Config
<mstid> {{cost <1-200000000> | auto} | {external-cost
AT8404 CLI Reference Manual Page 2 - 12
AT8404 Switching Commands
2.2.15.1 no spanning-tree mst
This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance, or in the
common and internal spanning tree to the respective default values. If you specify an <mstid> parameter that
corresponds to an existing multiple spanning tree instance, you are configuring that multiple spanning tree instance.
If you specify 0 (defined as the default CIST ID) as the <mstid>, you are configuring the common and internal
spanning tree instance.
If the you specify cost, this command sets the path cost for this port within a multiple spanning tree instance or the
common and internal spanning tree instance, depending on the <mstid> parameter, to the default value, i.e. a path
cost value based on the Link Speed.
If you specify external-cost, this command sets the external path cost for this port for mst ‘0’ instance, to the default
value, i.e. a path cost value based on the Link Speed.
If you specify port-priority, this command sets the priority for this port within a specific multiple spanning tree
instance or the common and internal spanning tree instance, depending on the <mstid> parameter, to the default
value.
Format no spanning-tree mst <mstid> <cost | external-cost | port-priority>
Mode Interface Config
2.2.16 spanning-tree mst instance
This command adds a multiple spanning tree instance to the switch. The parameter <mstid> is a number within a
range of 1 to 4094, that corresponds to the new instance ID to be added. The maximum number of multiple instances
supported by the switch is 4.
Default none
Format spanning-tree mst instance <mstid>
Mode Global Config
2.2.16.1 no spanning-tree mst instance
This command removes a multiple spanning tree instance from the switch and reallocates all VLANs allocated to
the deleted instance to the common and internal spanning tree. The parameter <mstid> is a number that
corresponds to the desired existing multiple spanning tree instance to be removed.
Format no spanning-tree mst instance <mstid>
Mode Global Config
2.2.17 spanning-tree mst priority
This command sets the bridge priority for a specific multiple spanning tree instance. The parameter <mstid> is a
number that corresponds to the desired existing multiple spanning tree instance. The priority value is a number
within a range of 0 to 61440 in increments of 4096.
If you specify 0 (defined as the default CIST ID) as the <mstid>, this command sets the Bridge Priority parameter
to a new value for the common and internal spanning tree. The bridge priority value is a number within a range of 0
Page 2 - 13 AT8404 CLI Reference Manual
Switching Commands AT8404
to 61440. The twelve least significant bits are masked according to the 802.1s specification. This causes the priority
to be rounded down to the next lower valid priority.
Default 32768
Format spanning-tree mst priority
Mode Global Config
2.2.17.1 no spanning-tree mst priority
This command sets the bridge priority for a specific multiple spanning tree instance to the default value. The
parameter <mstid> is a number that corresponds to the desired existing multiple spanning tree instance.
If 0 (defined as the default CIST ID) is passed as the <mstid>, this command sets the Bridge Priority parameter for
the common and internal spanning tree to the default value.
<mstid> <0-61440>
Format no spanning-tree mst priority
Mode Global Config
<mstid>
2.2.18 spanning-tree mst vlan
This command adds an association between a multiple spanning tree instance and one or more VLANs so that the
VLAN(s) are no longer associated with the common and internal spanning tree. The parameter <mstid> is a
number that corresponds to the desired existing multiple spanning tree instance. The vlan range can be specified
as a list or as a range of values. To specify a list of VLANs, enter a list of VLAN IDs, each separated by a comma
with no spaces in between. To specify a range of VLANs, separate the beginning and ending VLAN ID with a dash
("-").
Format spanning-tree mst vlan <mstid> <vlanid>
Mode Global Config
2.2.18.1 no spanning-tree mst vlan
This command removes an association between a multiple spanning tree instance and one or more VLANs so that
the VLAN(s) are again associated with the common and internal spanning tree.
Format no spanning-tree mst vlan <mstid> <vlanid>
Mode Global Config
2.2.19 spanning-tree port mode
This command sets the Administrative Switch Port State for this port to enabled.
Default disabled
Format spanning-tree port mode
Mode Interface Config
AT8404 CLI Reference Manual Page 2 - 14
AT8404 Switching Commands
2.2.19.1 no spanning-tree port mode
This command sets the Administrative Switch Port State for this port to disabled.
Format no spanning-tree port mode
Mode Interface Config
2.2.20 spanning-tree port mode all
This command sets the Administrative Switch Port State for all ports to enabled.
Default disabled
Format spanning-tree port mode all
Mode Global Config
2.2.20.1 no spanning-tree port mode all
This command sets the Administrative Switch Port State for all ports to disabled.
Format no spanning-tree port mode all
Mode Global Config
2.2.21 spanning-tree port-state
This command sets the state of a port used by a MST instance. The command sets the spanning tree state (forward/
block) of a port for incoming (ingress) or outgoing (egress) traffic or both for an existing MST instance (1..4094).
Default state is forwarding. The state of the port can be seen only via “show running-config”. If the state is blocked,
the command is displayed (otherwise not).
Default forwarding
Format spanning-tree mst <mst-id> port-state ingress <forward | block>
spanning-tree mst <mst-id> port-state egress <forward | block>
spanning-tree mst <mst-id> port-state both <forward | block>
Mode Interface Config
2.2.22 spanning-tree rootguard
Use this command to enable root BPDU Guard on the interface.
Default disabled
Format spanning-tree rootguard
Mode Interface Config
2.2.22.1 no spanning-tree rootguard
Use this command to disable root BPDU Guard on the interface.
Format no spanning-tree rootguard
Mode Interface Config
Page 2 - 15 AT8404 CLI Reference Manual
Switching Commands AT8404
2.2.23 show spanning-tree
This command displays spanning tree settings for the common and internal spanning tree. The following details are
displayed.
Format show spanning-tree
Mode • Privileged EXEC
• User EXEC
Term Definition
Bridge Priority Specifies the bridge priority for the Common and Internal Spanning tree (CST). The value lies
between 0 and 61440. It is displayed in multiples of 4096.
Bridge Identifier The bridge identifier for the CST. It is made up using the bridge priority and the base MAC
address of the bridge.
Time Since
Topology Change
Topology Change
Count
Topology Change Boolean value of the Topology Change parameter for the switch indicating if a topology
Designated Root The bridge identifier of the root bridge. It is made up from the bridge priority and the base MAC
Root Path Cost Value of the Root Path Cost parameter for the common and internal spanning tree.
Root Port Identifier Identifier of the port to access the Designated Root for the CST
Root Port Max Age Derived value.
Root Port Bridge
Forward Delay
Hello Time Configured value of the parameter for the CST.
Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs).
Bridge Max Hops Bridge max-hops count for the device.
CST Regional Root Bridge Identifier of the CST Regional Root. It is made up using the bridge priority and the base
Regional Root
Path Cost
Associated FIDs List of forwarding database identifiers currently associated with this instance.
Associated VLANs List of VLAN IDs currently associated with this instance.
Time in seconds.
Number of times changed.
change is in progress on any port assigned to the common and internal spanning tree.
address of the bridge.
Derived value
MAC address of the bridge.
Path Cost to the CST Regional Root.
2.2.24 show spanning-tree brief
This command displays spanning tree settings for the bridge. The following information appears.
Format show spanning-tree brief
Mode • Privileged EXEC
• User EXEC
Term Definition
Bridge Priority Configured value.
Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority and
AT8404 CLI Reference Manual Page 2 - 16
the base MAC address of the bridge.
AT8404 Switching Commands
Term Definition
Bridge Max Age Configured value.
Bridge Max Hops Bridge max-hops count for the device.
Bridge Hello Time Configured value.
Bridge Forward
Delay
Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs).
2.2.25 show spanning-tree interface
This command displays the settings and parameters for a specific switch port within the common and internal
spanning tree. The <slot/port> is the desired switch port. The following details are displayed on execution of the
command.
Configured value.
Format show spanning-tree interface
Mode • Privileged EXEC
• User EXEC
Term Definition
Hello Time Admin hello time for this port.
Port Mode Enabled or disabled.
BPDU Filter Enabled or disabled.
BPDU Flood Enabled or disabled.
BPDU Guard Enabled or disabled.
Root Guard Enabled or disabled.
Port Up Time Since
Counters Last
Cleared
STP BPDUs
Transmitted
STP BPDUs
Received
RST BPDUs
Transmitted
RST BPDUs
Received
MSTP BPDUs
Transmitted
MSTP BPDUs
Received
Time since port was reset, displayed in days, hours, minutes, and seconds.
Spanning Tree Protocol Bridge Protocol Data Units sent.
Spanning Tree Protocol Bridge Protocol Data Units received.
Rapid Spanning Tree Protocol Bridge Protocol Data Units sent.
Rapid Spanning Tree Protocol Bridge Protocol Data Units received.
Multiple Spanning Tree Protocol Bridge Protocol Data Units sent.
Multiple Spanning Tree Protocol Bridge Protocol Data Units received.
<slot/port>
2.2.26 show spanning-tree mst port detailed
This command displays the detailed settings and parameters for a specific switch port within a particular multiple
spanning tree instance. The parameter <mstid> is a number that corresponds to the desired existing multiple
spanning tree instance. The <slot/port> is the desired switch port.
Format show spanning-tree mst port detailed <mstid> <slot/port>
Page 2 - 17 AT8404 CLI Reference Manual
Switching Commands AT8404
Mode • Privileged EXEC
• User EXEC
Term Definition
MST Instance ID The ID of the existing MST instance.
Port Identifier The port identifier for the specified port within the selected MST instance. It is made up from
the port priority and the interface number of the port.
Port Priority The priority for a particular port within the selected MST instance. The port priority is displayed
in multiples of 16.
Port Forwarding
State
Port Role Each enabled MST Bridge Port receives a Port Role for each spanning tree. The port role is
Auto-Calculate
Port Path Cost
Port Path Cost Configured value of the Internal Port Path Cost parameter.
Auto-Calculate
External Port Path
Cost
External Port Path
Cost
Designated Root The Identifier of the designated root for this port.
Designated Port
Cost
Designated Bridge Bridge Identifier of the bridge with the Designated Port.
Designated Port
Identifier
Current spanning tree state of this port.
one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master
Port or Disabled Port
Indicates whether auto calculation for port path cost is enabled.
Indicates whether auto calculation for external port path cost is enabled.
Configured value of the external Port Path Cost parameter.
Path Cost offered to the LAN by the Designated Port.
Port on the Designated Bridge that offers the lowest cost to the LAN.
If you specify 0 (defined as the default CIST ID) as the <mstid>, this command displays the settings and
parameters for a specific switch port within the common and internal spanning tree. The <slot/port> is the
desired switch port. In this case, the following are displayed.
Term Definition
Port Identifier The port identifier for this port within the CST.
Port Priority The priority of the port within the CST.
Port Forwarding
State
Port Role The role of the specified interface within the CST.
Port Path Cost The configured path cost for the specified interface.
Designated Root Identifier of the designated root for this port within the CST.
Designated Port
Cost
Designated Bridge The bridge containing the designated port.
Designated Port
Identifier
Topology Change
Acknowledgement
Hello Time The hello time in use for this port.
Edge Port The configured value indicating if this port is an edge port.
The forwarding state of the port within the CST.
Path Cost offered to the LAN by the Designated Port.
Port on the Designated Bridge that offers the lowest cost to the LAN.
Value of flag in next Configuration Bridge Protocol Data Unit (BPDU) transmission indicating
if a topology change is in progress for this port.
AT8404 CLI Reference Manual Page 2 - 18
AT8404 Switching Commands
Term Definition
Edge Port Status The derived value of the edge port status. True if operating as an edge port; false otherwise.
Point To Point
MAC Status
CST Regional Root The regional root identifier in use for this port.
CST Port Cost The configured path cost for this port.
2.2.27 show spanning-tree mst port summary
This command displays the settings of one or all ports within the specified multiple spanning tree instance. The
parameter <mstid> indicates a particular MST instance. The parameter {<slot/port> | all} indicates the
desired switch port or all ports.
If you specify 0 (defined as the default CIST ID) as the <mstid>, the status summary displays for one or all ports
within the common and internal spanning tree.
Derived value indicating if this port is part of a point to point link.
Format show spanning-tree mst port summary
Mode • Privileged EXEC
• User EXEC
Term Definition
MST Instance ID The MST instance associated with this port.
Interface Valid slot and port number separated by a forward slash.
STP Mode Indicates whether spanning tree is enabled or disabled on the port.
Type Currently not used.
STP State The forwarding state of the port in the specified spanning tree instance.
Port Role The role of the specified port within the spanning tree.
Desc Indicates whether the port is in loop inconsistent state or not. This field is blank if the loop
guard feature is not available.
<mstid> {<slot/port> | all}
2.2.28 show spanning-tree mst summary
This command displays summary information about all multiple spanning tree instances in the switch. On execution,
the following details are displayed.
Format show spanning-tree mst summary
Mode • Privileged EXEC
• User EXEC
Term Definition
MST Instance ID
List
For each MSTID:
• Associated FIDs
• Associated
VLANs
List of multiple spanning trees IDs currently configured.
• List of forwarding database identifiers associated with this instance.
• List of VLAN IDs associated with this instance.
Page 2 - 19 AT8404 CLI Reference Manual
Switching Commands AT8404
2.2.29 show spanning-tree summary
This command displays spanning tree settings and parameters for the switch. The following details are displayed
on execution of the command.
Format show spanning-tree summary
Mode • Privileged EXEC
• User EXEC
Term Definition
Spanning Tree
Adminmode
Spanning Tree
Version
BPDU Guard Mode Enabled or disabled.
BPDU Filter Mode Enabled or disabled.
Configuration
Name
Configuration
Revision Level
Configuration
Digest Key
MST Instances List of all multiple spanning tree instances configured on the switch.
Enabled or disabled.
Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based
upon the Force Protocol Version parameter.
Identifier used to identify the configuration currently being used.
Identifier used to identify the configuration currently being used.
Identifier used to identify the configuration currently being used.
2.2.30 show spanning-tree vlan
This command displays the association between a VLAN and a multiple spanning tree instance. The <vlanid>
corresponds to an existing VLAN ID.
Format show spanning-tree vlan <vlanid>
Mode • Privileged EXEC
• User EXEC
Term Definition
VLAN Identifier The VLANs associated with the selected MST instance.
Associated
Instance
Identifier for the associated multiple spanning tree instance or “CST” if associated with the
common and internal spanning tree.
2.3 VLAN Commands
This section describes the commands you use to configure VLAN settings.
2.3.1 vlan database
This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics.
Format vlan database
Mode Privileged EXEC
AT8404 CLI Reference Manual Page 2 - 20
AT8404 Switching Commands
2.3.2 network mgmt_vlan
This command configures the Management VLAN ID.
Default 1
Format network mgmt_vlan <1-4069>
Mode Privileged EXEC
2.3.2.1 no network mgmt_vlan
This command sets the Management VLAN ID to the default.
Format no network mgmt_vlan
Mode Privileged EXEC
2.3.3 vlan
This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is
reserved for the default VLAN). VLAN range is 2-4094.
Format vlan <2-4094>
Mode VLAN Config
2.3.3.1 no vlan
This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the
default VLAN). The VLAN range is 2-4094.
Format no vlan <2-4094>
Mode VLAN Config
2.3.4 vlan acceptframe
This command sets the frame acceptance mode per interface. For VLAN Only mode, untagged frames or priority
frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on
this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN
tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
Default all
Format vlan acceptframe {vlanonly | all}
Mode Interface Config
2.3.4.1 no vlan acceptframe
This command resets the frame acceptance mode for the interface to the default value.
Format no vlan acceptframe
Mode Interface Config
Page 2 - 21 AT8404 CLI Reference Manual
Switching Commands AT8404
2.3.5 vlan ingressfilter
This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not
match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of
that VLAN.
Default disabled
Format vlan ingressfilter
Mode Interface Config
2.3.5.1 no vlan ingressfilter
This command disables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not
match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of
that VLAN.
Format no vlan ingressfilter
Mode Interface Config
2.3.6 vlan makestatic
This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN
(one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-
4094.
Format vlan makestatic <2-4094>
Mode VLAN Config
2.3.7 vlan name
This command changes the name of a VLAN. The name is an alphanumeric string of up to 32 characters, and the
ID is a valid VLAN identification number. ID range is 1-4094.
Default • VLAN ID 1 - default
• other VLANS - blank string
Format vlan name <2-4094> <name>
Mode VLAN Config
2.3.7.1 no vlan name
This command sets the name of a VLAN to a blank string.
Format no vlan name <2-4094>
Mode VLAN Config
AT8404 CLI Reference Manual Page 2 - 22
AT8404 Switching Commands
2.3.8 vlan participation
This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN
identification number, and the interface is a valid interface number.
Format vlan participation {exclude | include | auto} <1-4094>
Mode Interface Config
Participation options are:
Participation
Options
include The interface is always a member of this VLAN. This is equivalent to registration fixed.
exclude The interface is never a member of this VLAN. This is equivalent to registration forbidden.
auto The interface is dynamically registered in this VLAN by GVRP. The interface will not
Definition
participate in this VLAN unless a join request is received on this interface. This is equivalent
to registration normal.
2.3.9 vlan participation all
This command configures the degree of participation for all interfaces in a VLAN. The ID is a valid VLAN
identification number.
Format vlan participation all {exclude | include | auto} <1-4094>
Mode Global Config
You can use the following participation options:
Participation
Options
include The interface is always a member of this VLAN. This is equivalent to registration fixed.
exclude The interface is never a member of this VLAN. This is equivalent to registration forbidden.
auto The interface is dynamically registered in this VLAN by GVRP. The interface will not
Definition
participate in this VLAN unless a join request is received on this interface. This is equivalent
to registration normal.
2.3.10 vlan port acceptframe all
This command sets the frame acceptance mode for all interfaces.
Default all
Format vlan port acceptframe all {vlanonly | all}
Mode Global Config
The modes defined as follows:
Mode Definition
VLAN Only mode Untagged frames or priority frames received on this interface are discarded.
Admit All mode Untagged frames or priority frames received on this interface are accepted and assigned the
value of the interface VLAN ID for this port.
Page 2 - 23 AT8404 CLI Reference Manual
Switching Commands AT8404
With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
2.3.10.1 no vlan port acceptframe all
This command sets the frame acceptance mode for all interfaces to Admit All. For Admit All mode, untagged frames
or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this
port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN
Specification.
Format no vlan port acceptframe all
Mode Global Config
2.3.11 vlan port ingressfilter all
This command enables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs
that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are
members of that VLAN.
Default disabled
Format vlan port ingressfilter all
Mode Global Config
2.3.11.1 no vlan port ingressfilter all
This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs
that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are
members of that VLAN.
Format no vlan port ingressfilter all
Mode Global Config
2.3.12 vlan port pvid all
This command changes the VLAN ID for all interface.
Default 1
Format vlan port pvid all <1-4094>
Mode Global Config
2.3.12.1 no vlan port pvid all
This command sets the VLAN ID for all interfaces to 1.
Format no vlan port pvid all
Mode Global Config
AT8404 CLI Reference Manual Page 2 - 24
AT8404 Switching Commands
2.3.13 vlan port tagging all
This command configures the tagging behavior for all interfaces in a VLAN to enabled. If tagging is enabled, traffic
is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid
VLAN identification number.
Format vlan port tagging all <1-4094>
Mode Global Config
2.3.13.1 no vlan port tagging all
This command configures the tagging behavior for all interfaces in a VLAN to disabled. If tagging is disabled, traffic
is transmitted as untagged frames. The ID is a valid VLAN identification number.
Format no vlan port tagging all
Mode Global Config
2.3.14 vlan protocol group
This command adds protocol-based VLAN groups to the system. The <groupName> is a character string of 1 to 16
characters. When it is created, the protocol group will be assigned a unique number that will be used to identify the
group in subsequent commands.
Format vlan protocol group <groupname>
Mode Global Config
2.3.15 vlan protocol group add protocol
This command adds the <protocol> to the protocol-based VLAN identified by <groupid>. A group may have
more than one protocol associated with it. Each interface and protocol combination can only be associated with one
group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this
command fails and the protocol is not added to the group. The possible values for protocol are ip, arp, and ipx.
Note: FASTPATH software supports IPv4 protocol-based VLANs.
Default none
Format vlan protocol group add protocol <groupid> <protocol>
Mode Global Config
2.3.15.1 no vlan protocol group add protocol
This command removes the <protocol> from this protocol-based VLAN group that is identified by this
<groupid>. The possible values for protocol are ip, arp, and ipx.
Format no vlan protocol group add protocol <groupid> <protocol>
Mode Global Config
Page 2 - 25 AT8404 CLI Reference Manual
Switching Commands AT8404
2.3.16 vlan protocol group remove
This command removes the protocol-based VLAN group that is identified by this <groupid>.
Format vlan protocol group remove <groupid>
Mode Global Config
2.3.17 protocol group
This command attaches a <vlanid> to the protocol-based VLAN identified by <groupid>. A group may only be
associated with one VLAN at a time, however the VLAN association can be changed.
Default none
Format protocol group <groupid> <vlanid>
Mode VLAN Config
2.3.17.1 no protocol group
This command removes the <vlanid> from this protocol-based VLAN group that is identified by this <groupid>.
Format no protocol group <groupid> <vlanid>
Mode VLAN Config
2.3.18 protocol vlan group
This command adds the physical interface to the protocol-based VLAN identified by <groupid>. You can associate
multiple interfaces with a group, but you can only associate each interface and protocol combination with one group.
If adding an interface to a group causes any conflicts with protocols currently associated with the group, this
command fails and the interface(s) are not added to the group.
Default none
Format protocol vlan group <groupid>
Mode Interface Config
2.3.18.1 no protocol vlan group
This command removes the interface from this protocol-based VLAN group that is identified by this <groupid>.
Format no protocol vlan group <groupid>
Mode Interface Config
2.3.19 protocol vlan group all
This command adds all physical interfaces to the protocol-based VLAN identified by <groupid>. You can associate
multiple interfaces with a group, but you can only associate each interface and protocol combination with one group.
If adding an interface to a group causes any conflicts with protocols currently associated with the group, this
command will fail and the interface(s) will not be added to the group.
Default none
AT8404 CLI Reference Manual Page 2 - 26
AT8404 Switching Commands
Format protocol vlan group all <groupid>
Mode Global Config
2.3.19.1 no protocol vlan group all
This command removes all interfaces from this protocol-based VLAN group that is identified by this <groupid>.
Format no protocol vlan group all <groupid>
Mode Global Config
2.3.20 vlan pvid
This command changes the VLAN ID per interface.
Default 1
Format vlan pvid <1-4094>
Mode Interface Config
2.3.20.1 no vlan pvid
This command sets the VLAN ID per interface to 1.
Format no vlan pvid
Mode Interface Config
2.3.21 vlan tagging
This command configures the tagging behavior for a specific interface in a VLAN to enabled. If tagging is enabled,
traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a
valid VLAN identification number.
Format vlan tagging <1-4094>
Mode Interface Config
2.3.21.1 no vlan tagging
This command configures the tagging behavior for a specific interface in a VLAN to disabled. If tagging is disabled,
traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
Format no vlan tagging <1-4094>
Mode Interface Config
2.3.22 vlan association subnet
This command associates a VLAN to a specific IP-subnet.
Format vlan association subnet <ipaddr> <netmask> <vlanid>
Mode VLAN Config
Page 2 - 27 AT8404 CLI Reference Manual
Switching Commands AT8404
2.3.22.1 no vlan association subnet
This command removes association of a specific IP-subnet to a VLAN.
Format no vlan association subnet <ipaddr> <netmask>
Mode VLAN Config
2.3.23 vlan association mac
This command associates a MAC address to a VLAN.
Format vlan association mac
Mode VLAN database
<macaddr> <vlanid>
2.3.23.1 no vlan association mac
This command removes the association of a MAC address to a VLAN.
Format no vlan association mac
Mode VLAN database
<macaddr>
2.3.24 show vlan
This command displays detailed information, including interface information, for a specific VLAN. The ID is a valid
VLAN identification number.
Format show vlan <vlanid>
Mode • Privileged EXEC
• User EXEC
Term Definition
VLAN ID There is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID is 1
to 4094.
VLAN Name A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. VLAN ID 1 always has a name of
“Default.” This field is optional.
VLAN Type Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and
Interface Valid slot and port number separated by a forward slash. It is possible to set the parameters
Current The degree of participation of this port in this VLAN. The permissible values are:
permanently defined), or Dynamic (one that is created by GVRP registration).
for all ports by using the selectors on the top line.
• Include - This port is always a member of this VLAN. This is equivalent to registration fixed
in the IEEE 802.1Q standard.
•Exclude - This port is never a member of this VLAN. This is equivalent to registration
forbidden in the IEEE 802.1Q standard.
• Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP. The
port will not participate in this VLAN unless a join request is received on this port. This is
equivalent to registration normal in the IEEE 802.1Q standard.
AT8404 CLI Reference Manual Page 2 - 28
AT8404 Switching Commands
Term Definition
Configured The configured degree of participation of this port in this VLAN. The permissible values are:
• Include - This port is always a member of this VLAN. This is equivalent to registration fixed
in the IEEE 802.1Q standard.
• Exclude - This port is never a member of this VLAN. This is equivalent to registration
forbidden in the IEEE 802.1Q standard.
• Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP. The
port will not participate in this VLAN unless a join request is received on this port. This is
equivalent to registration normal in the IEEE 802.1Q standard.
Tagging The tagging behavior for this port in this VLAN.
• Tagged - Transmit traffic for this VLAN as tagged frames.
•Untagged - Transmit traffic for this VLAN as untagged frames.
2.3.25 show vlan brief
This command displays a list of all configured VLANs.
Format show vlan brief
Mode • Privileged EXEC
• User EXEC
Term Definition
VLAN ID There is a VLAN Identifier (vlanid) associated with each VLAN. The range of the VLAN ID is
VLAN Name A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric
VLAN Type Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and
1 to 4094.
characters long, including blanks. The default is blank. VLAN ID 1 always has a name of
“Default.” This field is optional.
permanently defined), or a Dynamic (one that is created by GVRP registration).
2.3.26 show vlan port
This command displays VLAN port information.
Format show vlan port {<slot/port> | all}
Mode • Privileged EXEC
• User EXEC
Term Definition
Interface Valid slot and port number separated by a forward slash. It is possible to set the parameters
for all ports by using the selectors on the top line.
Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority tagged frames received
on this port. The value must be for an existing VLAN. The factory default is 1.
Acceptable Frame
Types
The types of frames that may be received on this port. The options are 'VLAN only' and 'Admit
All'. When set to 'VLAN only', untagged frames or priority tagged frames received on this port
are discarded. When set to 'Admit All', untagged frames or priority tagged frames received on
this port are accepted and assigned the value of the Port VLAN ID for this port. With either
option, VLAN tagged frames are forwarded in accordance to the 802.1Q VLAN specification.
Page 2 - 29 AT8404 CLI Reference Manual
Switching Commands AT8404
Term Definition
Ingress Filtering May be enabled or disabled. When enabled, the frame is discarded if this port is not a member
GVRP May be enabled or disabled.
Default Priority The 802.1p priority assigned to tagged packets arriving on the port.
2.3.27 show vlan association subnet
This command displays the VLAN associated with a specific configured IP-Address and net mask. If no IP address
and net mask are specified, the VLAN associations of all the configured IP-subnets are displayed.
Format show vlan association subnet [<ipaddr> <netmask>]
Mode Privileged EXEC
of the VLAN with which this frame is associated. In a tagged frame, the VLAN is identified by
the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID specified for the
port that received this frame. When disabled, all frames are forwarded in accordance with the
802.1Q VLAN bridge specification. The factory default is disabled.
Term Definition
IP Address The IP address assigned to each interface.
Net Mask The subnet mask.
VLAN ID There is a VLAN Identifier (VID) associated with each VLAN.
2.3.28 show vlan association mac
This command displays the VLAN associated with a specific configured MAC address. If no MAC address is
specified, the VLAN associations of all the configured MAC addresses are displayed.
Format show vlan association mac [<macaddr>]
Mode Privileged EXEC
Term Definition
Mac Address A MAC address for which the switch has forwarding and or filtering information. The format is
6 or 8 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes.
VLAN ID There is a VLAN Identifier (VID) associated with each VLAN.
2.4 Double VLAN Commands
This section describes the commands you use to configure double VLAN (DVLAN). Double VLAN tagging is a way
to pass VLAN traffic from one customer domain to another through a Metro Core in a simple and cost effective
manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving the
VLAN identification of the individual customers when they enter their own 802.1Q domain.
2.4.1 dvlan-tunnel ethertype
This command configures the ether-type for all interfaces. The ether-type may have the values of 802.1Q, vMAN,
or custom. If the ether-type has a value of custom, the optional value of the custom ether type must be set to a
value from 0 to 65535.
AT8404 CLI Reference Manual Page 2 - 30
AT8404 Switching Commands
Default vman
Format dvlan-tunnel ethertype {802.1Q | vman | custom} [0-65535]
Mode Global Config
2.4.2 mode dot1q-tunnel
This command is used to enable Double VLAN Tunneling on the specified interface.
Default disabled
Format mode dot1q-tunnel
Mode Interface Config
2.4.2.1 no mode dot1q-tunnel
This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN
Tunneling is disabled.
Format no mode dot1q-tunnel
Mode Interface Config
2.4.3 mode dvlan-tunnel
Use this command to enable Double VLAN Tunneling on the specified interface.
Note: When you use the mode dvlan-tunnel command on an interface, it becomes a service provider
port. Ports that do not have double VLAN tunneling enabled are customer ports.
Default disabled
Format mode dvlan-tunnel
Mode Interface Config
2.4.3.1 no mode dvlan-tunnel
This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN
Tunneling is disabled.
Format no mode dvlan-tunnel
Mode Interface Config
2.4.4 show dot1q-tunnel
Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling.
Use the optional parameters to display detailed information about Double VLAN Tunneling for the specified interface
or all interfaces.
Format show dot1q-tunnel [interface {<slot/port> | all}]
Page 2 - 31 AT8404 CLI Reference Manual
Switching Commands AT8404
Mode • Privileged EXEC
• User EXEC
Term Definition
Interface Valid slot and port number separated by a forward slash.
Mode The administrative mode through which Double VLAN Tunneling can be enabled or disabled.
The default value for this field is disabled.
EtherType A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three
different EtherType tags. The first is 802.1Q, which represents the commonly used value of
0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If
EtherType is not one of these two values, then it is a custom tunnel value, representing any
value in the range of 0 to 65535.
2.4.5 show dvlan-tunnel
Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling.
Use the optional parameters to display detailed information about Double VLAN Tunneling for the specified interface
or all interfaces.
Format show dvlan-tunnel [interface {<slot/port> | all}]
Mode • Privileged EXEC
• User EXEC
Term Definition
Interface Valid slot and port number separated by a forward slash.
Mode The administrative mode through which Double VLAN Tunneling can be enabled or disabled.
The default value for this field is disabled.
EtherType A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three
different EtherType tags. The first is 802.1Q, which represents the commonly used value of
0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If
EtherType is not one of these two values, then it is a custom tunnel value, representing any
value in the range of 0 to 65535.
2.5 Voice VLAN Commands
This section describes the commands you use for Voice VLAN. Voice VLAN enables switch ports to carry voice
traffic with defined priority so as to enable separation of voice and data traffic coming onto the port. The benefits of
using Voice VLAN is to ensure that the sound quality of an IP phone could be safeguarded from deteriorating when
the data traffic on the port is high.
Also the inherent isolation provided by VLANs ensures that inter-VLAN traffic is under management control and that
network- attached clients cannot initiate a direct attack on voice components. QoS-based on IEEE 802.1P class of
service (CoS) uses classification and scheduling to sent network traffic from the switch in a predictable manner. The
system uses the source MAC of the traffic traveling through the port to identify the IP phone data flow.
2.5.1 voice vlan (Global Config)
Use this command to enable the Voice VLAN capability on the switch.
AT8404 CLI Reference Manual Page 2 - 32
AT8404 Switching Commands
Default disabled
Format voice vlan
Mode Global Config
2.5.1.1 no voice vlan (Global Config)
Use this command to disable the Voice VLAN capability on the switch.
Format no voice vlan
Mode Global Config
2.5.2 voice vlan (Interface Config)
Use this command to enable the Voice VLAN capability on the interface.
Default disabled
Format voice vlan {vlanid <id> | dot1p <priority> | none | untagged}
Mode Interface Config
You can configure Voice VLAN in one of four different ways:
Parameter Description
vlan-id Configure the IP phone to forward all voice traffic through the specified VLAN. Valid VLAN ID’s
are from 1 to 4094 (the max supported by the platform).
dot1p Configure the IP phone to use 802.1p priority tagging for voice traffic and to use the default
native VLAN (VLAN 0) to carry all traffic. Valid <priority> range is 0 to 7.
none Allow the IP phone to use its own configuration to send untagged voice traffic.
untagged Configure the phone to send untagged voice traffic.
2.5.2.1 no voice vlan (Interface Config)
Use this command to disable the Voice VLAN capability on the interface.
Format no voice vlan
Mode Interface Config
2.5.3 voice vlan data priority
Use this command to either trust or untrust the data traffic arriving on the Voice VLAN port.
Default trust
Format voice vlan data priority untrust | trust
Mode Interface Config
2.5.4 show voice vlan
Format show voice vlan [interface {<slot/port> | all}]
Page 2 - 33 AT8404 CLI Reference Manual
Switching Commands AT8404
Mode Privileged EXEC
When the interface parameter is not specified, only the global mode of the Voice VLAN is displayed.
Term Definition
Administrative
Mode
When the interface is specified:
Term Definition
Voice VLAN Mode The admin mode of the Voice VLAN on the interface.
Voice VLAN ID The Voice VLAN ID
Voice VLAN
Priority
Voice VLAN
Untagged
Voice VLAN CoS
Override
Voice VLAN Status The operational status of Voice VLAN on the port.
The Global Voice VLAN mode.
.
The do1p priority for the Voice VLAN on the port.
The tagging option for the Voice VLAN traffic.
The Override option for the voice traffic arriving on the port.
2.6 Provisioning (IEEE 802.1p) Commands
This section describes the commands you use to configure provisioning, which allows you to prioritize ports.
2.6.1 vlan port priority all
This command configures the port priority assigned for untagged packets for all ports presently plugged into the
device. The range for the priority is 0-7. Any subsequent per port configuration will override this configuration setting.
Format vlan port priority all <priority>
Mode Global Config
2.6.2 vlan priority
This command configures the default 802.1p port priority assigned for untagged packets for a specific interface. The
range for the priority is 0–7.
Default 0
Format vlan priority <priority>
Mode Interface Config
2.7 Protected Ports Commands
This section describes commands you use to configure and view protected ports on a switch. Protected ports do not
forward traffic to each other, even if they are on the same VLAN. However, protected ports can forward traffic to all
unprotected ports in their group. Unprotected ports can forward traffic to both protected and unprotected ports. Ports
are unprotected by default.
AT8404 CLI Reference Manual Page 2 - 34
AT8404 Switching Commands
If an interface is configured as a protected port, and you add that interface to a Port Channel or Link Aggregation
Group (LAG), the protected port status becomes operationally disabled on the interface, and the interface follows
the configuration of the LAG port. However, the protected port configuration for the interface remains unchanged.
Once the interface is no longer a member of a LAG, the current configuration for that interface automatically
becomes effective.
2.7.1 switchport protected (Global Config)
Use this command to create a protected port group. The <groupid> parameter identifies the set of protected ports.
Use the name <name> pair to assign a name to the protected port group. The name can be up to 32 alphanumeric
characters long, including blanks. The default is blank.
Note: Port protection occurs within a single switch. Protected port configuration does not affect traffic
between ports on two different switches. No traffic forwarding is possible between two protected ports.
Default unprotected
Format switchport protected <groupid> name <name>
Mode Global Config
2.7.1.1 no switchport protected (Global Config)
Use this command to remove a protected port group. The groupid parameter identifies the set of protected ports.
Use the name keyword to remove the name from the group.
Format NO switchport protected <groupid> name
Mode Global Config
2.7.2 switchport protected (Interface Config)
Use this command to add an interface to a protected port group. The <groupid> parameter identifies the set of
protected ports to which this interface is assigned. You can only configure an interface as protected in one group.
Note: Port protection occurs within a single switch. Protected port configuration does not affect traffic
between ports on two different switches. No traffic forwarding is possible between two protected ports.
Default unprotected
Format switchport protected <groupid>
Mode Interface Config
2.7.2.1 no switchport protected (Interface Config)
Use this command to configure a port as unprotected. The groupid parameter identifies the set of protected ports
to which this interface is assigned.
Format no switchport protected <groupid>
Mode Interface Config
Page 2 - 35 AT8404 CLI Reference Manual
Switching Commands AT8404
2.7.3 show switchport protected
This command displays the status of all the interfaces, including protected and unprotected interfaces.
Format show switchport protected <groupid>
Mode • Privileged EXEC
• User EXEC
Term Definition
Group ID The number that identifies the protected port group.
Name An optional name of the protected port group. The name can be up to 32 alphanumeric
characters long, including blanks. The default is blank.
List of Physical
Ports
2.7.4 show interfaces switchport
List of ports, which are configured as protected for the group identified with <groupid>. If no
port is configured as protected for this group, this field is blank.
This command displays the status of the interface (protected/unprotected) under the groupid.
Format show interfaces switchport <slot/port> <groupid>
Mode • Privileged EXEC
• User EXEC
Term Definition
Name A string associated with this group as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. This field is optional.
Protected Indicates whether the interface is protected or not. It shows TRUE or FALSE. If the group is a
multiple groups then it shows TRUE in Group <groupid>.
2.8 GARP Commands
This section describes the commands you use to configure Generic Attribute Registration Protocol (GARP) and view
GARP status. The commands in this section affect both GARP VLAN Registration Protocol (GVRP) and Garp
Multicast Registration Protocol (GMRP). GARP is a protocol that allows client stations to register with the switch for
membership in VLANS (by using GVMP) or multicast groups (by using GVMP).
2.8.1 set garp timer join
This command sets the GVRP join time for one port (Interface Config mode) or all (Global Config mode) and per
GARP. Join time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or reregistering) membership for a VLAN or multicast group. This command has an effect only when GVRP is enabled.
The time is from 10 to 100 (centiseconds). The value 20 centiseconds is 0.2 seconds.
Default 20
Format set garp timer join <10-100>
Mode • Interface Config
• Global Config
AT8404 CLI Reference Manual Page 2 - 36
AT8404 Switching Commands
2.8.1.1 no set garp timer join
This command sets the GVRP join time (for one or all ports and per GARP) to the default and only has an effect
when GVRP is enabled.
Format no set garp timer join
Mode • Interface Config
• Global Config
2.8.2 set garp timer leave
This command sets the GVRP leave time for one port (Interface Config mode) or all ports (Global Config mode) and
only has an effect when GVRP is enabled. Leave time is the time to wait after receiving an unregister request for a
VLAN or a multicast group before deleting the VLAN entry. This can be considered a buffer time for another station
to assert registration for the same attribute in order to maintain uninterrupted service. The leave time is 20 to 600
(centiseconds). The value 60 centiseconds is 0.6 seconds.
Default 60
Format set garp timer leave <20-600>
Mode • Interface Config
• Global Config
2.8.2.1 no set garp timer leave
This command sets the GVRP leave time on all ports or a single port to the default and only has an effect when
GVRP is enabled.
Format no set garp timer leave
Mode • Interface Config
• Global Config
2.8.3 set garp timer leaveall
This command sets how frequently Leave All PDUs are generated. A Leave All PDU indicates that all registrations
will be unregistered. Participants would need to rejoin in order to maintain registration. The value applies per port
and per GARP participation. The time may range from 200 to 6000 (centiseconds). The value 1000 centiseconds is
10 seconds. You can use this command on all ports (Global Config mode) or a single port (Interface Config mode),
and it only has an effect only when GVRP is enabled.
Default 1000
Format set garp timer leaveall <200-6000>
Mode • Interface Config
• Global Config
2.8.3.1 no set garp timer leaveall
This command sets how frequently Leave All PDUs are generated the default and only has an effect when GVRP
is enabled.
Format no set garp timer leaveall
Page 2 - 37 AT8404 CLI Reference Manual
Switching Commands AT8404
Mode • Interface Config
• Global Config
2.8.4 show garp
This command displays GARP information.
Format show garp
Mode • Privileged EXEC
• User EXEC
Term Definition
GMRP Admin
Mode
GVRP Admin Mode The administrative mode of GARP VLAN Registration Protocol (GVRP) for the system.
The administrative mode of GARP Multicast Registration Protocol (GMRP) for the system.
2.9 GVRP Commands
This section describes the commands you use to configure and view GARP VLAN Registration Protocol (GVRP)
information. GVRP-enabled switches exchange VLAN configuration information, which allows GVRP to provide
dynamic VLAN creation on trunk ports and automatic VLAN pruning.
Note: If GVRP is disabled, the system does not forward GVRP messages.
2.9.1 set gvrp adminmode
This command enables GVRP on the system.
Default disabled
Format set gvrp adminmode
Mode Privileged EXEC
2.9.1.1 no set gvrp adminmode
This command disables GVRP.
Format no set gvrp adminmode
Mode Privileged EXEC
2.9.2 set gvrp interfacemode
This command enables GVRP on a single port (Interface Config mode) or all ports (Global Config mode).
Default disabled
Format set gvrp interfacemode
Mode • Interface Config
• Global Config
AT8404 CLI Reference Manual Page 2 - 38
AT8404 Switching Commands
2.9.2.1 no set gvrp interfacemode
This command disables GVRP on a single port (Interface Config mode) or all ports (Global Config mode). If GVRP
is disabled, Join Time, Leave Time and Leave All Time have no effect.
Format no set gvrp interfacemode
Mode • Interface Config
• Global Config
2.9.3 show gvrp configuration
This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces.
Format show gvrp configuration {<slot/port> | all}
Mode • Privileged EXEC
• User EXEC
Term Definition
Interface Valid slot and port number separated by a forward slash.
Join Timer The interval between the transmission of GARP PDUs registering (or re-registering)
membership for an attribute. Current attributes are a VLAN or multicast group. There is an
instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to
100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2 seconds).
The finest granularity of specification is one centisecond (0.01 seconds).
Leave Timer The period of time to wait after receiving an unregister request for an attribute before deleting
the attribute. Current attributes are a VLAN or multicast group. This may be considered a
buffer time for another station to assert registration for the same attribute in order to maintain
uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant
basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds). The factory default
is 60 centiseconds (0.6 seconds).
LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU
indicates that all registrations will shortly be deregistered. Participants will need to rejoin in
order to maintain registration. There is an instance of this timer on a per-Port, per-GARP
participant basis. The Leave All Period Timer is set to a random value in the range of
LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60
seconds). The factory default is 1000 centiseconds (10 seconds).
Port GMRP Mode The GMRP administrative mode for the port, which is enabled or disabled (default). If this
parameter is disabled, Join Time, Leave Time and Leave All Time have no effect.
2.10 GMRP Commands
This section describes the commands you use to configure and view GARP Multicast Registration Protocol (GMRP)
information. Like IGMP snooping, GMRP helps control the flooding of multicast packets.GMRP-enabled switches
dynamically register and de-register group membership information with the MAC networking devices attached to
the same segment. GMRP also allows group membership information to propagate across all networking devices
in the bridged LAN that support Extended Filtering Services.
Note: If GMRP is disabled, the system does not forward GMRP messages.
Page 2 - 39 AT8404 CLI Reference Manual
Switching Commands AT8404
2.10.1 set gmrp adminmode
This command enables GARP Multicast Registration Protocol (GMRP) on the system.
Default disabled
Format set gmrp adminmode
Mode Privileged EXEC
2.10.1.1 no set gmrp adminmode
This command disables GARP Multicast Registration Protocol (GMRP) on the system.
Format no set gmrp adminmode
Mode Privileged EXEC
2.10.2 set gmrp interfacemode
This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode) or all
interfaces (Global Config mode). If an interface which has GARP enabled is enabled for routing or is enlisted as a
member of a port-channel (LAG), GARP functionality is disabled on that interface. GARP functionality is
subsequently re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface
that has GARP enabled.
Default disabled
Format set gmrp interfacemode
Mode • Interface Config
• Global Config
2.10.2.1 no set gmrp interfacemode
This command disables GARP Multicast Registration Protocol on a single interface or all interfaces. If an interface
which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP
functionality is disabled. GARP functionality is subsequently re-enabled if routing is disabled and port-channel (LAG)
membership is removed from an interface that has GARP enabled.
Format no set gmrp interfacemode
Mode • Interface Config
• Global Config
2.10.3 show gmrp configuration
This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces.
Format show gmrp configuration {<slot/port> | all}
Mode • Privileged EXEC
• User EXEC
Term Definition
Interface The slot/port of the interface that this row in the table describes.
AT8404 CLI Reference Manual Page 2 - 40
AT8404 Switching Commands
Term Definition
Join Timer The interval between the transmission of GARP PDUs registering (or re-registering)
Leave Timer The period of time to wait after receiving an unregister request for an attribute before deleting
LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU
Port GMRP Mode The GMRP administrative mode for the port. It may be enabled or disabled. If this parameter
membership for an attribute. Current attributes are a VLAN or multicast group. There is an
instance of this timer on a per-port, per-GARP participant basis. Permissible values are 10 to
100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2 seconds).
The finest granularity of specification is 1 centisecond (0.01 seconds).
the attribute. Current attributes are a VLAN or multicast group. This may be considered a
buffer time for another station to assert registration for the same attribute in order to maintain
uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant
basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds). The factory default
is 60 centiseconds (0.6 seconds).
indicates that all registrations will shortly be deregistered. Participants will need to rejoin in
order to maintain registration. There is an instance of this timer on a per-Port, per-GARP
participant basis. The Leave All Period Timer is set to a random value in the range of
LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60
seconds). The factory default is 1000 centiseconds (10 seconds).
is disabled, Join Time, Leave Time and Leave All Time have no effect.
2.10.4 show mac-address-table gmrp
This command displays the GMRP entries in the Multicast Forwarding Database (MFDB) table.
Format show mac-address-table gmrp
Mode Privileged EXEC
Term Definition
Mac Address A unicast MAC address for which the switch has forwarding and or filtering information. The
format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB. In an IVL system the MAC address is displayed as 8 bytes.
Type The type of the entry. Static entries are those that are configured by the end user. Dynamic
Description The text description of this multicast table entry.
Interfaces The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
entries are added to the table as a result of a learning process or protocol.
2.11 Port-Based Network Access Control Commands
This section describes the commands you use to configure port-based network access control (802.1x). Port-based
network access control allows you to permit access to network services only to and devices that are authorized and
authenticated.
2.11.1 authentication login
This command creates an authentication login list. The <listname> is any character string and is not case
sensitive. Up to 10 authentication login lists can be configured on the switch. When a list is created, the
authentication method “local” is set as the first method.
When the optional parameters “Option1”, “Option2” and/or “Option3” are used, an ordered list of methods are set in
the authentication login list. If the authentication login list does not exist, a new authentication login list is first created
Page 2 - 41 AT8404 CLI Reference Manual
Switching Commands AT8404
and then the authentication methods are set in the authentication login list. The maximum number of authentication
login methods is three. The possible method values are local, radius and reject.
The value of local indicates that the user’s locally stored ID and password are used for authentication. The value
of radius indicates that the user’s ID and password will be authenticated using the RADIUS server. The value of
reject indicates the user is never authenticated.
To authenticate a user, the first authentication method in the user’s login (authentication login list) is attempted.
FASTPATH software does not utilize multiple entries in the user’s login. If the first entry returns a timeout, the user
authentication attempt fails.
Note: The default login list included with the default configuration can not be changed.
Format authentication login
Mode Global Config
<listname> [<method1> [<method2> [<method3>]]]
2.11.1.1 no authentication login
This command deletes the specified authentication login list. The attempt to delete fails if any of the following
conditions are true:
• The login list name is invalid or does not match an existing authentication login list
• The specified authentication login list is assigned to any user or to the non configured user for any component
• The login list is the default login list included with the default configuration and was not created using
‘authentication login’. The default login list cannot be deleted.
Format no authentication login <listname>
Mode Global Config
2.11.2 clear dot1x statistics
This command resets the 802.1x statistics for the specified port or for all ports.
Format clear dot1x statistics
Mode Privileged EXEC
{<slot/port> | all}
2.11.3 clear radius statistics
This command is used to clear all RADIUS statistics.
Format clear radius statistics
Mode Privileged EXEC
2.11.4 dot1x default-login
This command assigns the authentication login list to use for non-configured users for 802.1x port security. This
setting is over-ridden by the authentication login list assigned to a specific user if the user is configured locally. If this
value is not configured, users will be authenticated using local authentication only.
AT8404 CLI Reference Manual Page 2 - 42
AT8404 Switching Commands
Format dot1x default-login <listname>
Mode Global Config
2.11.5 dot1x guest-vlan
This command configures VLAN as guest vlan on a per port basis. The command specifies an active VLAN as an
IEEE 802.1x guest VLAN. The range is 1 to the maximumVLAN ID supported by the platform.
Default disabled
Format dot1x guest-vlan <vlan-id>
Mode Interface Config
2.11.5.1 no dot1x guest-vlan
This command disables Guest VLAN on the interface.
Default disabled
Format no dot1x guest-vlan
Mode Interface Config
2.11.6 dot1x initialize
This command begins the initialization sequence on the specified port. This command is only valid if the control
mode for the specified port is 'auto'. If the control mode is not 'auto' or an error will be returned.
Format dot1x initialize
Mode Privileged EXEC
<slot/port>
2.11.7 dot1x login
This command assigns the specified authentication login list to the specified user for 802.1x port security. The
<user> parameter must be a configured user and the <listname> parameter must be a configured authentication
login list.
Format dot1x login <user> <listname>
Mode Global Config
2.11.8 dot1x max-req
This command sets the maximum number of times the authenticator state machine on this port will transmit an
EAPOL EAP Request/Identity frame before timing out the supplicant. The <count> value must be in the range 1 -
10.
Default 2
Format dot1x max-req
Mode Interface Config
<count>
Page 2 - 43 AT8404 CLI Reference Manual
Switching Commands AT8404
2.11.8.1 no dot1x max-req
This command sets the maximum number of times the authenticator state machine on this port will transmit an
EAPOL EAP Request/Identity frame before timing out the supplicant.
Format no dot1x max-req
Mode Interface Config
2.11.9 dot1x max-users
Use this command to set the maximum number of clients supported on the port when MAC-based dot1x
authentication is enabled on the port. The maximum users supported per port is dependent on the product. The
<count> value is in the range 1 - 16.
Default 16
Format dot1x max-users
Mode Interface Config
<count>
2.11.9.1 no dot1x max-users
This command resets the maximum number of clients allowed per port to its default value.
Format no dot1x max-req
Mode Interface Config
2.11.10 dot1x port-control
This command sets the authentication mode to use on the specified port. Select force-unauthorized to specify
that the authenticator PAE unconditionally sets the controlled port to unauthorized. Select force-authorized to
specify that the authenticator PAE unconditionally sets the controlled port to authorized. Select auto to specify that
the authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between
the supplicant, authenticator and the authentication server.
Default auto
Format dot1x port-control {force-unauthorized | force-authorized | auto}
Mode Interface Config
2.11.10.1 no dot1x port-control
This command sets the 802.1x port control mode on the specified port to the default value.
Format no dot1x port-control
Mode Interface Config
2.11.11 dot1x port-control all
This command sets the authentication mode to use on all ports. Select force-unauthorized to specify that the
authenticator PAE unconditionally sets the controlled port to unauthorized. Select force-authorized to specify
that the authenticator PAE unconditionally sets the controlled port to authorized. Select auto to specify that the
AT8404 CLI Reference Manual Page 2 - 44
AT8404 Switching Commands
authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the
supplicant, authenticator and the authentication server.
Default auto
Format dot1x port-control all {force-unauthorized | force-authorized | auto}
Mode Global Config
2.11.11.1 no dot1x port-control all
This command sets the authentication mode on all ports to the default value.
Format no dot1x port-control all
Mode Global Config
2.11.12 dot1x re-authenticate
This command begins the re-authentication sequence on the specified port. This command is only valid if the control
mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned.
Format dot1x re-authenticate <slot/port>
Mode Privileged EXEC
2.11.13 dot1x re-authentication
This command enables re-authentication of the supplicant for the specified port.
Default disabled
Format dot1x re-authentication
Mode Interface Config
2.11.13.1 no dot1x re-authentication
This command disables re-authentication of the supplicant for the specified port.
Format no dot1x re-authentication
Mode Interface Config
2.11.14 dot1x system-auth-control
Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x configuration
is retained and can be changed, but is not activated.
Default disabled
Format dot1x system-auth-control
Mode Global Config
Page 2 - 45 AT8404 CLI Reference Manual
Switching Commands AT8404
2.11.14.1 no dot1x system-auth-control
This command is used to disable the dot1x authentication support on the switch.
Format no dot1x system-auth-control
Mode Global Config
2.11.15 dot1x timeout
This command sets the value, in seconds, of the timer used by the authenticator state machine on this port.
Depending on the token used and the value (in seconds) passed, various timeout configurable parameters are set.
The following tokens are supported:
Tokens Definition
reauth-period The value, in seconds, of the timer used by the authenticator state machine on this port to
determine when re-authentication of the supplicant takes place. The reauth-period must be a
value in the range 1 - 65535.
quiet-period The value, in seconds, of the timer used by the authenticator state machine on this port to
define periods of time in which it will not attempt to acquire a supplicant. The quiet-period must
be a value in the range 0 - 65535.
tx-period The value, in seconds, of the timer used by the authenticator state machine on this port to
supp-timeout The value, in seconds, of the timer used by the authenticator state machine on this port to
server-timeout The value, in seconds, of the timer used by the authenticator state machine on this port to
determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The quietperiod must be a value in the range 1 - 65535.
timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535.
timeout the authentication server. The supp-timeout must be a value in the range 1 - 65535.
Default • guest-vlan-period: 90 seconds
• reauth-period: 3600 seconds
• quiet-period: 60 seconds
• tx-period: 30 seconds
• supp-timeout: 30 seconds
• server-timeout: 30 seconds
Format dot1x timeout {{guest-vlan-period <seconds>} | {reauth-period <seconds>}
| {quiet-period <seconds>} | {tx-period <seconds>} | {supp-timeout
<seconds>} | {server-timeout <seconds>}}
Mode Interface Config
2.11.15.1 no dot1x timeout
This command sets the value, in seconds, of the timer used by the authenticator state machine on this port to the
default values. Depending on the token used, the corresponding default values are set.
Format no dot1x timeout {guest-vlan-period | reauth-period | quiet-period | tx-
period | supp-timeout | server-timeout}
Mode Interface Config
AT8404 CLI Reference Manual Page 2 - 46
AT8404 Switching Commands
2.11.16 dot1x unauthenticated-vlan
Use this command to configure the unauthenticated VLAN associated with that port. The unauthenticated VLAN ID
can be a valid VLAN ID from 0-Maximum supported VLAN ID. The unauthenticated VLAN must be statically
configured in the VLAN database to be operational. By default, the unauthenticated VLAN is 0, i.e. invalid and not
operational.
Default 0
Format dot1x unauthenticated-vlan <vlan id>
Mode Interface Config
2.11.16.1 no dot1x unauthenticated-vlan
This command resets the unauthenticated-vlan associated with the port to its default value.
Format no dot1x unauthenticated-vlan
Mode Interface Config
2.11.17 dot1x user
This command adds the specified user to the list of users with access to the specified port or all ports. The <user>
parameter must be a configured user.
Format dot1x user <user> {<slot/port> | all}
Mode Global Config
2.11.17.1 no dot1x user
This command removes the user from the list of users with access to the specified port or all ports.
Format no dot1x user <user> {<slot/port> | all}
Mode Global Config
2.11.18 users defaultlogin
This command assigns the authentication login list to use for non-configured users when attempting to log in to the
system. This setting is overridden by the authentication login list assigned to a specific user if the user is configured
locally. If this value is not configured, users will be authenticated using local authentication only.
Format users defaultlogin <listname>
Mode Global Config
2.11.19 users login
This command assigns the specified authentication login list to the specified user for system login. The <user> must
be a configured <user> and the <listname> must be a configured login list.
If the user is assigned a login list that requires remote authentication, all access to the interface from all CLI, web,
and telnet sessions will be blocked until the authentication is complete.
Page 2 - 47 AT8404 CLI Reference Manual
Switching Commands AT8404
Note that the login list associated with the ‘admin’ user can not be changed to prevent accidental lockout from the
switch.
Format users login
Mode Global Config
<user> <listname>
2.11.20 show authentication
This command displays the ordered authentication methods for all authentication login lists.
Format show authentication
Mode Privileged EXEC
Term Definition
Authentication
Login List
Method 1 The first method in the specified authentication login list, if any.
Method 2 The second method in the specified authentication login list, if any.
Method 3 The third method in the specified authentication login list, if any.
The authentication login listname.
2.11.21 show authentication users
This command displays information about the users assigned to the specified authentication login list. If the login is
assigned to non-configured users, the user “default” will appear in the user column.
Format show authentication users <listname>
Mode Privileged EXEC
Term Definition
User The user assigned to the specified authentication login list.
Component The component (User or 802.1x) for which the authentication login list is assigned.
2.11.22 show dot1x
This command is used to show a summary of the global dot1x configuration, summary information of the dot1x
configuration for a specified port or all ports, the detailed dot1x configuration for a specified port and the dot1x
statistics for a specified port - depending on the tokens used.
Format show dot1x
statistics <slot/port>]
Mode Privileged EXEC
If you do not use the optional parameters <slot/port> or <vlanid>, the command displays the global dot1x
mode and the VLAN Assignment mode.
Term Definition
Administrative
Mode
Indicates whether authentication control on the switch is enabled or disabled.
[{summary {<slot/port> | all} | detail <slot/port> |
AT8404 CLI Reference Manual Page 2 - 48
AT8404 Switching Commands
Term Definition
VLAN Assignment
Mode
If you use the optional parameter summary {<slot/port> | all}, the dot1x configuration for the specified port
or all ports are displayed.
Term Definition
Interface The interface whose configuration is displayed.
Control Mode The configured control mode for this port. Possible values are force-unauthorized | force-
Operating Control
Mode
Reauthentication
Enabled
Port Status Indicates whether the port is authorized or unauthorized. Possible values are authorized |
Indicates whether assignment of an authorized port to a RADIUS assigned VLAN is allowed
(enabled) or not (disabled).
authorized | auto | authorized | unauthorized.
The control mode under which this port is operating. Possible values are authorized |
unauthorized.
Indicates whether re-authentication is enabled on this port.
unauthorized.
If you use the optional parameter 'detail <slot/port>', the detailed dot1x configuration for the specified port is
displayed.
Term Definition
Port The interface whose configuration is displayed.
Protocol Version The protocol version associated with this port. The only possible value is 1, corresponding to
the first version of the dot1x specification.
PAE Capabilities The port access entity (PAE) functionality of this port. Possible values are Authenticator or
Supplicant.
Authenticator PAE
State
Backend
Authentication
State
Quiet Period The timer used by the authenticator state machine on this port to define periods of time in
Transmit Period The timer used by the authenticator state machine on the specified port to determine when to
Guest-VLAN ID The guest VLAN identifier configured on the interface.
Guest-Vlan
Operational Mode
Supplicant
Timeout
Server Timeout The timer used by the authenticator on this port to timeout the authentication server. The
Maximum
Requests
Vlan-assigned The VLAN assigned to the port by the radius server.
Current state of the authenticator PAE state machine. Possible values are Initialize,
Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held, ForceAuthorized,
and ForceUnauthorized.
Current state of the backend authentication state machine. Possible values are Request,
Response, Success, Fail, Timeout, Idle, and Initialize.
which it will not attempt to acquire a supplicant. The value is expressed in seconds and will
be in the range 0 and 65535.
send an EAPOL EAP Request/Identity frame to the supplicant. The value is expressed in
seconds and will be in the range of 1 and 65535.
Indicates whether guest-vlan operational mode is enabled or disabled.
The timer used by the authenticator state machine on this port to timeout the supplicant. The
value is expressed in seconds and will be in the range of 1 and 65535.
value is expressed in seconds and will be in the range of 1 and 65535.
The maximum number of times the authenticator state machine on this port will retransmit an
EAPOL EAP Request/Identity before timing out the supplicant. The value will be in the range
of 1 and 10.
Page 2 - 49 AT8404 CLI Reference Manual
Switching Commands AT8404
Term Definition
Reauthentication
Period
Reauthentication
Enabled
Key Transmission
Enabled
Control Direction The control direction for the specified port or ports. Possible values are both or in.
If you use the optional parameter statistics <slot/port>, the following dot1x statistics for the specified port
appear.
Term Definition
Port The interface whose statistics are displayed.
EAPOL Frames
Received
EAPOL Frames
Transmitted
EAPOL Start
Frames Received
EAPOL Logoff
Frames Received
Last EAPOL Frame
Version
Last EAPOL Frame
Source
EAP Response/Id
Frames Received
EAP Response
Frames Received
EAP Request/Id
Frames
Transmitted
EAP Request
Frames
Transmitted
Invalid EAPOL
Frames Received
EAP Length Error
Frames Received
The timer used by the authenticator state machine on this port to determine when
reauthentication of the supplicant takes place. The value is expressed in seconds and will be
in the range of 1 and 65535.
Indicates if reauthentication is enabled on this port. Possible values are ‘True” or “False”.
Indicates if the key is transmitted to the supplicant for the specified port. Possible values are
True or False.
The number of valid EAPOL frames of any type that have been received by this authenticator.
The number of EAPOL frames of any type that have been transmitted by this authenticator.
The number of EAPOL start frames that have been received by this authenticator.
The number of EAPOL logoff frames that have been received by this authenticator.
The protocol version number carried in the most recently received EAPOL frame.
The source MAC address carried in the most recently received EAPOL frame.
The number of EAP response/identity frames that have been received by this authenticator.
The number of valid EAP response frames (other than resp/id frames) that have been
received by this authenticator.
The number of EAP request/identity frames that have been transmitted by this authenticator.
The number of EAP request frames (other than request/identity frames) that have been
transmitted by this authenticator.
The number of EAPOL frames that have been received by this authenticator in which the
frame type is not recognized.
The number of EAPOL frames that have been received by this authenticator in which the
frame type is not recognized.
2.11.23 show dot1x clients
This command displays 802.1x client information.
Format show dot1x clients {<slot/port> | all}
Mode Privileged EXEC
AT8404 CLI Reference Manual Page 2 - 50
AT8404 Switching Commands
Term Definition
Logical Interface The logical port number associated with a client.
Interface The physical port to which the supplicant is associated.
User Name The user name used by the client to authenticate to the server.
Supplicant MAC
Address
Session Time The time since the supplicant is logged on.
Filter ID Identifies the Filter ID returned by the RADIUS server when the client was authenticated. This
VLAN ID The VLAN assigned to the port.
VLAN Assigned The reason the VLAN identified in the VLAN ID field has been assigned to the port. Possible
Session Timeout This value indicates the time for which the given session is valid. The time period in seconds
Session
Termination Action
The supplicant device MAC address.
is a configured DiffServ policy name on the switch.
values are RADIUS, Unauthenticated VLAN, or Default. When the VLAN Assigned reason is
Default, it means that the VLAN was assigned to the port because the PVID of the port was
that VLAN ID.
is returned by the RADIUS server on authentication of the port. This value is valid for the port
only when the port-control mode is not MAC-based.
This value indicates the action to be taken once the session timeout expires. Possible values
are Default and Radius-Request. If the value is Default, the session is terminated and client
details are cleared. If the value is Radius-Request, then a reauthentication of the client is
performed.
2.11.24 show dot1x users
This command displays 802.1x port security user information for locally configured users.
Format show dot1x users <slot/port>
Mode Privileged EXEC
Term Definition
Users Users configured locally to have access to the specified port.
2.11.25 show users authentication
This command displays all user and all authentication login information. It also displays the authentication login list
assigned to the default user.
Format show users authentication
Mode Privileged EXEC
Term Definition
User Lists every user that has an authentication login list assigned.
System Login The authentication login list assigned to the user for system login.
802.1x Port
Security
The authentication login list assigned to the user for 802.1x port security.
Page 2 - 51 AT8404 CLI Reference Manual
Switching Commands AT8404
2.12 Storm-Control Commands
This section describes commands you use to configure storm-control and view storm-control configuration
information. A traffic storm is a condition that occurs when incoming packets flood the LAN, which creates
performance degredation in the network. The Storm-Control feature protects against this condition.
FASTPATH provides broadcast, multicast, and unicast story recovery for individual interfaces. Unicast StormControl protects against traffic whose MAC addresses are not known by the system. For broadcast, multicast, and
unicast storm-control, if the rate of traffic ingressing on an interface increases beyond the configured threshold for
that type, the traffic is dropped.
To configure storm-control, you will enable the feature for all interfaces or for individual interfaces, and you will set
the threshold (storm-control level) beyond which the broadcast, multicast, or unicast traffic will be dropped. The
Storm-Control feature allows you to limit the rate of specific types of packets through the switch on a per-port, pertype, basis.
Configuring a storm-control level also enables that form of storm-control. Disabling a storm-control level (using the
“no” version of the command) sets the storm-control level back to the default value and disables that form of stormcontrol. Using the “no” version of the “storm-control” command (not stating a “level”) disables that form of stormcontrol but maintains the configured “level” (to be active the next time that form of storm-control is enabled.)
Note: The actual rate of ingress traffic required to activate storm-control is based on the size of incoming
packets and the hard-coded average packet size of 512 bytes - used to calculate a packet-per-second
(pps) rate - as the forwarding-plane requires pps versus an absolute rate kbps. For example, if the
configured limit is 10%, this is converted to ~25000 pps, and this pps limit is set in forwarding plane
(hardware). You get the approximate desired output when 512bytes packets are used.
2.12.1 storm-control broadcast
Use this command to enable broadcast storm recovery mode for a specific interface. If the mode is enabled,
broadcast storm recovery is active and if the rate of L2 broadcast traffic ingressing on an interface increases beyond
the configured threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the
configured threshold.
Default disabled
Format storm-control broadcast
Mode Global Config
Interface Config
2.12.1.1 no storm-control broadcast
Use this command to disable broadcast storm recovery mode for a specific interface.
Format no storm-control broadcast
Mode Interface Config
2.12.2 storm-control broadcast level
Use this command to configure the broadcast storm recovery threshold for an interface as a percentage of link speed
and enable broadcast storm recovery. If the mode is enabled, broadcast storm recovery is active, and if the rate of
AT8404 CLI Reference Manual Page 2 - 52
AT8404 Switching Commands
L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped.
Therefore, the rate of broadcast traffic is limited to the configured threshold.
Default 5
Format storm-control broadcast level <0-100>
Mode Interface Config
2.12.2.1 no storm-control broadcast level
This command sets the broadcast storm recovery threshold to the default value for an interface and disables
broadcast storm recovery.
Format no storm-control broadcast level
Mode Interface Config
2.12.3 storm-control broadcast rate
Use this command to configure the broadcast storm recovery threshold for an interface in packets per second. If the
mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface
increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited
to the configured threshold.
Default 0
Format storm-control broadcast rate <0-33554431>
Mode Interface Config
2.12.3.1 no storm-control broadcast rate
This command sets the broadcast storm recovery threshold to the default value for an interface and disables
broadcast storm recovery.
Format no storm-control broadcast rate
Mode Interface Config
2.12.4 storm-control broadcast all
This command enables broadcast storm recovery mode for all interfaces. If the mode is enabled, broadcast storm
recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured
threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the configured
threshold.
Default disabled
Format storm-control broadcast all
Mode Global Config
2.12.4.1 no storm-control broadcast all
This command disables broadcast storm recovery mode for all interfaces.
Page 2 - 53 AT8404 CLI Reference Manual
Switching Commands AT8404
Format no storm-control broadcast all
Mode Global Config
2.12.5 storm-control broadcast all level
This command configures the broadcast storm recovery threshold for all interfaces as a percentage of link speed
and enables broadcast storm recovery. If the mode is enabled, broadcast storm recovery is active, and if the rate of
L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Therefore, the rate of broadcast traffic will be limited to the configured threshold.This command also enables
broadcast storm recovery mode for all interfaces.
Default 5
Format storm-control broadcast all level
Mode Global Config
2.12.5.1 no storm-control broadcast all level
<0-100>
This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables
broadcast storm recovery.
Format no storm-control broadcast all level
Mode Global Config
2.12.6 storm-control broadcast all rate
Use this command to configure the broadcast storm recovery threshold for all interfaces in packets per second. If
the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an
interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is
limited to the configured threshold.
Default 0
Format storm-control broadcast rate <0-33554431>
Mode Global Config
2.12.6.1 no storm-control broadcast all rate
This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables
broadcast storm recovery.
Format no storm-control broadcast all rate
Mode Global Config
2.12.7 storm-control multicast
This command enables multicast storm recovery mode for an interface. If the mode is enabled, multicast storm
recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured
threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold.
Default disabled
AT8404 CLI Reference Manual Page 2 - 54
AT8404 Switching Commands
Format storm-control multicast
Mode Interface Config
2.12.7.1 no storm-control multicast
This command disables multicast storm recovery mode for an interface.
Format no storm-control multicast
Mode Interface Config
2.12.8 storm-control multicast level
This command configures the multicast storm recovery threshold for an interface as a percentage of link speed and
enables multicast storm recovery mode. If the mode is enabled, multicast storm recovery is active, and if the rate of
L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Therefore, the rate of multicast traffic will be limited to the configured threshold.
Default 5
Format storm-control multicast level <0-100>
Mode Interface Config
2.12.8.1 no storm-control multicast level
This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast
storm recovery.
Format no storm-control multicast level <0-100>
Mode Interface Config
2.12.9 storm-control multicast rate
Use this command to configure the multicast storm recovery threshold for an interface in packets per second. If the
mode is enabled, multicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface
increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of multicast traffic is limited to
the configured threshold.
Default 0
Format storm-control multicast rate <0-33554431>
Mode Interface Config
2.12.9.1 no storm-control multicast rate
This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast
storm recovery.
Format no storm-control multicast rate
Mode Interface Config
Page 2 - 55 AT8404 CLI Reference Manual
Switching Commands AT8404
2.12.10 storm-control multicast all
This command enables multicast storm recovery mode for all interfaces. If the mode is enabled, multicast storm
recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured
threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold.
Default disabled
Format storm-control multicast all
Mode Global Config
2.12.10.1 no storm-control multicast all
This command disables multicast storm recovery mode for all interfaces.
Format no storm-control multicast all
Mode Global Config
2.12.11 storm-control multicast all level
This command configures the multicast storm recovery threshold for all interfaces as a percentage of link speed and
enables multicast storm recovery mode. If the mode is enabled, multicast storm recovery is active, and if the rate of
L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Therefore, the rate of multicast traffic will be limited to the configured threshold.
Default 5
Format storm-control multicast all level
Mode Global Config
<0-100>
2.12.11.1 no storm-control multicast all level
This command sets the multicast storm recovery threshold to the default value for all interfaces and disables
multicast storm recovery.
Format no storm-control multicast all level
Mode Global Config
2.12.12 storm-control multicast all rate
Use this command to configure the multicast storm recovery threshold for all interfaces in packets per second. If the
mode is enabled, multicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface
increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of multicast traffic is limited to
the configured threshold.
Default 0
Format storm-control multicast rate <0-33554431>
Mode Global Config
AT8404 CLI Reference Manual Page 2 - 56
AT8404 Switching Commands
2.12.12.1 no storm-control multicast all rate
This command sets the multicast storm recovery threshold to the default value for all interfaces and disables
multicast storm recovery.
Format no storm-control multicast all rate
Mode Global Config
2.12.13 storm-control unicast
This command enables unicast storm recovery mode for an interface. If the mode is enabled, unicast storm recovery
is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases
beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be
limited to the configured threshold.
Default disabled
Format storm-control unicast
Mode Interface Config
2.12.13.1 no storm-control unicast
This command disables unicast storm recovery mode for an interface.
Format no storm-control unicast
Mode Interface Config
2.12.14 storm-control unicast level
This command configures the unicast storm recovery threshold for an interface as a percentage of link speed, and
enables unicast storm recovery. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown
L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold,
the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured
threshold.This command also enables unicast storm recovery mode for an interface.
Default 5
Format storm-control unicast level <0-100>
Mode Interface Config
2.12.14.1 no storm-control unicast level
This command sets the unicast storm recovery threshold to the default value for an interface and disables unicast
storm recovery.
Format no storm-control unicast level
Mode Interface Config
Page 2 - 57 AT8404 CLI Reference Manual
Switching Commands AT8404
2.12.15 storm-control unicast rate
Use this command to configure the unicast storm recovery threshold for an interface in packets per second. If the
mode is enabled, unicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface
increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of unicast traffic is limited to
the configured threshold.
Default 0
Format storm-control unicast rate <0-33554431>
Mode Interface Config
2.12.15.1 no storm-control uniicast rate
This command sets the unicast storm recovery threshold to the default value for an interface and disables unicast
storm recovery.
Format no storm-control unicast rate
Mode Interface Config
2.12.16 storm-control unicast all
This command enables unicast storm recovery mode for all interfaces. If the mode is enabled, unicast storm
recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface
increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic
will be limited to the configured threshold.
Default disabled
Format storm-control unicast all
Mode Global Config
2.12.16.1 no storm-control unicast all
This command disables unicast storm recovery mode for all interfaces.
Format no storm-control unicast all
Mode Global Config
2.12.17 storm-control unicast all level
This command configures the unicast storm recovery threshold for all interfaces as a percentage of link speed and
enables unicast storm recovery. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown
L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold,
the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold.
Default 5
Format storm-control unicast all level <0-100>
Mode Global Config
AT8404 CLI Reference Manual Page 2 - 58
AT8404 Switching Commands
2.12.17.1 no storm-control unicast all level
This command sets the unicast storm recovery threshold to the default value and disables unicast storm recovery
for all interfaces.
Format no storm-control unicast all level
Mode Global Config
2.12.18 storm-control unicast all rate
Use this command to configure the unicast storm recovery threshold for all interfaces in packets per second. If the
mode is enabled, unicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface
increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of unicast traffic is limited to
the configured threshold.
Default 0
Format storm-control unicast all rate <0-33554431>
Mode Global Config
2.12.18.1 no storm-control unicast all rate
This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast
storm recovery.
Format no storm-control unicast all rate
Mode Global Config
2.12.19 storm-control flowcontrol
This command enables 802.3x flow control for the switch and only applies to full-duplex mode ports.
Note: 802.3x flow control works by pausing a port when the port becomes oversubscribed and dropping
all traffic for small bursts of time during the congestion condition. This can lead to high-priority and/or
network control traffic loss.
Default disabled
Format storm-control flowcontrol
Mode Global Config
2.12.19.1 no storm-control flowcontrol
This command disables 802.3x flow control for the switch.
Note: This command only applies to full-duplex mode ports.
Format no storm-control flowcontrol
Mode Global Config
Page 2 - 59 AT8404 CLI Reference Manual
Switching Commands AT8404
2.12.20 show storm-control
This command displays switch configuration information. If you do not use any of the optional parameters, this
command displays global storm control configuration parameters:
• Broadcast Storm Recovery Mode may be enabled or disabled. The factory default is disabled.
• 802.3x Flow Control Mode may be enabled or disabled. The factory default is disabled.
Use the all keyword to display the per-port configuration parameters for all interfaces, or specify the slot/port
to display information about a specific interface.
Format show storm-control [all | <slot/port>]
Mode Privileged EXEC
Term Definition
Bcast Mode Shows whether the broadcast storm control mode is enabled or disabled. The factory default
is disabled.
Bcast Level The broadcast storm control level.
Mcast Mode Shows whether the multicast storm control mode is enabled or disabled.
Mcast Level The multicast storm control level.
Ucast Mode Shows whether the Unknown Unicast or DLF (Destination Lookup Failure) storm control mode
Ucast Level The Unknown Unicast or DLF (Destination Lookup Failure) storm control level.
is enabled or disabled.
Example: The following shows example CLI display output for the command.
(Broadcom FASTPATH Routing) #show storm-control
802.3x Flow Control Mode....................... Disable
Example: The following shows example CLI display output for the command.
(Broadcom FASTPATH Routing) #show storm-control 1/0/1
Bcast Bcast Mcast Mcast Ucast Ucast
Intf Mode Level Mode Level Mode Level
------ ------- -------- ------- -------- ------- -------1/0/1 Disable 5% Disable 5% Disable 5%
Example: The following shows an example of part of the CLI display output for the command.
(Broadcom FASTPATH Routing) #show storm-control all
Bcast Bcast Mcast Mcast Ucast Ucast
Intf Mode Level Mode Level Mode Level
------ ------- -------- ------- -------- ------- -------1/0/1 Disable 5% Disable 5% Disable 5%
1/0/2 Disable 5% Disable 5% Disable 5%
1/0/3 Disable 5% Disable 5% Disable 5%
1/0/4 Disable 5% Disable 5% Disable 5%
1/0/5 Disable 5% Disable 5% Disable 5%
AT8404 CLI Reference Manual Page 2 - 60
AT8404 Switching Commands
2.13 Port-Channel/LAG (802.3ad) Commands
This section describes the commands you use to configure port-channels, which are also known as link aggregation
groups (LAGs). Link aggregation allows you to combine multiple full-duplex Ethernet links into a single logical link.
Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load
sharing. The LAG feature initially load shares traffic based upon the source and destination MAC address. Assign
the port-channel (LAG) VLAN membership after you create a port-channel.
A port-channel (LAG) interface can be either static or dynamic, but not both. All members of a port channel must
participate in the same protocols.) A static port-channel interface does not require a partner system to be able to
aggregate its member ports.
Note: If you configure the maximum number of dynamic port-channels (LAGs) that your platform
supports, additional port-channels that you configure are automatically static.
2.13.1 port-channel
This command configures a new port-channel (LAG) and generates a logical slot/port number for the port-channel.
The <name> field is a character string which allows the dash “-” character as well as alphanumeric characters. Use
the show port channel command to display the slot/port number for the logical interface.
Note: Before you include a port in a port-channel, set the port physical mode. For more information, see
2.1.11 “speed” on page 2 - 6.
Format port-channel <name>
Mode Global Config
2.13.1.1 no port-channel
This command deletes a port-channel (LAG).
Format no port-channel {<logical slot/port> | all}
Mode Global Config
2.13.2 addport
This command adds one port to the port-channel (LAG). The first interface is a logical slot/port number of a
configured port-channel.
Note: Before adding a port to a port-channel, set the physical mode of the port. For more information,
see 2.1.11 “speed” on page 2 - 6.
Format addport <logical slot/port>
Mode Interface Config
Page 2 - 61 AT8404 CLI Reference Manual
Switching Commands AT8404
2.13.3 deleteport (Interface Config)
This command deletes the port from the port-channel (LAG). The interface is a logical slot/port number of a
configured port-channel.
Format deleteport <logical slot/port>
Mode Interface Config
2.13.4 deleteport (Global Config)
This command deletes all configured ports from the port-channel (LAG). The interface is a logical slot/port number
of a configured port-channel. To clear the port channels, see 4.6.6 “clear port-channel” on page 4 - 27
Format deleteport {<logical slot/port> | all}
Mode Global Config
2.13.5 lacp admin key
.
Use this command to configure the administrative value of the key for the port-channel. The value range of <key>
is 0 to 65535.
Default 0x8000
Format lacp admin key <key>
Mode Interface Config
Note: This command is only applicable to port-channel interfaces.
2.13.5.1 no lacp admin key
Use this command to configure the default administrative value of the key for the port-channel.
Format no lacp admin key
Mode Interface Config
2.13.6 lacp collector max-delay
Use this command to configure the port-channel collector max delay. The valid range of <delay> is 0-65535.
Default 0x8000
Format lacp collector max delay <delay>
Mode Interface Config
Note: This command is only applicable to port-channel interfaces.
AT8404 CLI Reference Manual Page 2 - 62
AT8404 Switching Commands
2.13.6.1 no lacp collector max delay
Use this command to configure the default port-channel collector max delay.
Format no lacp collector max delay
Mode Interface Config
2.13.7 lacp actor admin
Use this command to configure the LACP actor admin parameters.
2.13.8 lacp actor admin key
Use this command to configure the administrative value of the LACP actor admin key. The valid range for <key> is
0-65535.
Default Internal Interface Number of this Physical Port
Format lacp actor admin key <key>
Mode Interface Config
Note: This command is only applicable to physical interfaces.
2.13.8.1 no lacp actor admin key
Use this command to configure the default administrative value of the key.
Format no lacp actor admin key
Mode Interface Config
2.13.9 lacp actor admin state
Use this command to configure the administrative value of actor state as transmitted by the Actor in LACPDUs. The
valid value range is 0x00-0xFF.
Default 0x07
Format lacp actor admin state {individual|longtimeout|passive}
Mode Interface Config
Note: This command is only applicable to physical interfaces.
Page 2 - 63 AT8404 CLI Reference Manual
Switching Commands AT8404
2.13.9.1 no lacp actor admin state
Use this command the configure the default administrative values of actor state as transmitted by the Actor in
LACPDUs.
Format no lacp actor admin state {individual|longtimeout|passive}
Mode Interface Config
2.13.10 lacp actor admin state individual
Use this command to set LACP actor admin state to individual.
Format lacp actor admin state individual
Mode Interface Config
Note: This command is only applicable to physical interfaces.
2.13.10.1 no lacp actor admin state individual
Use this command to set the LACP actor admin state to aggregation.
Format no lacp actor admin state individual
Mode Interface Config
2.13.11 lacp actor admin state longtimeout
Use this command to set LACP actor admin state to longtimeout.
Format lacp actor admin state longtimeout
Mode Interface Config
Note: This command is only applicable to physical interfaces.
2.13.11.1 no lacp actor admin state longtimeout
Use this command to set the LACP actor admin state to short timeout.
Format no lacp actor admin state longtimeout
Mode Interface Config
Note: This command is only applicable to physical interfaces.
AT8404 CLI Reference Manual Page 2 - 64
Loading...