6.12.1 show boardinfo bootcycle ............................................................. 6 - 34
6.12.2 set board bootcycle ....................................................................... 6 - 34
6.13 Watchdog support ................................................................................. 6 - 34
6.13.1 set watchdog ................................................................................. 6 - 34
6.13.2 show watchdog ............................................................................. 6 - 35
A.Getting Help ................................................................................................A - 2
B.List of Commands ........................................................................................B - 2
xixAT8904M CLI Reference Manual
Table of ContentsAT8904M
AT8904M CLI Reference Manualxx
AT8904MPreface
About This Book
This document describes configuration commands for FASTPATH® software. The commands
can be accessed from the CLI.
Why the Document was Created
This document was created primarily for system administrators configuring and operating a
system using FASTPATH software. It is intended to provide an understanding of the configuration options of FASTPATH software.
In addition, software engineers who will be integrating FASTPATH software into their router or
switch product can benefit from a description of the configuration options.
It is assumed that the reader has an understanding of the FASTPATH software base and has
read the appropriate specification for the relevant networking device platform. It is also assumed that the reader has a basic knowledge of Ethernet and networking concepts.
How to Use This Document
Chapter 1 “” details the procedure to quickly become acquainted with the FASTPATH software.
Note
Refer to the release notes for the FASTPATH application level code. The release notes detail the platform specific functionality of the Switching, Routing,
SNMP, Config, Management, and Bandwidth Provisioning packages. The
suite of features supported by the FASTPATH packages are not available on
all the platforms to which FASTPATH has been ported.
Proprietary Note
This document contains information proprietary to Kontron Modular Computers GmbH. It may
not be copied or transmitted by any means, disclosed to others, or stored in any retrieval system or media without the prior written consent of Kontron Modular Computers GmbH or one of
its authorized agents.
The information contained in this document is, to the best of our knowledge, entirely correct.
However, Kontron Modular Computers GmbH cannot accept liability for any inaccuracies or the
consequences thereof, or for any liability arising from the use or application of any circuit, product, or example shown in this document.
Kontron Modular Computers GmbH reserves the right to change, modify, or improve this document or the product described herein, as seen fit by Kontron Modular Computers GmbH without further notice.
Kontron Modular Computers GmbH and the Kontron Logo are trade marks owned by Kontron
Modular Computers GmbH, Kaufbeuren (Germany). In addition, this document may include
names, company logos and trademarks, which are registered trademarks and, therefore, proprietary to their respective owners.
Environmental Protection Statement
This product has been manufactured to satisfy environmental protection requirements where
possible. Many of the components used (structural parts, printed circuit boards, connectors,
batteries, etc.) are capable of being recycled.
Final disposition of this product after its service life must be accomplished in accordance with
applicable country, state, or local laws or regulations.
AT8904M CLI Reference ManualPage xxii
AT8904MPreface
Explanation of Symbols
CE Conformity
This symbol indicates that the product described in this manual is in compliance with all applied CE standards. Please refer also to the section “Applied
Standards” in this manual.
Caution, Electric Shock!
This symbol and title warn of hazards due to electrical shocks (> 60V) when
touching products or parts of them. Failure to observe the precautions indicated and/or prescribed by the law may endanger your life/health and/or
result in damage to your material.
Please refer also to the section “High Voltage Safety Instructions” on the following page.
Warning, ESD Sensitive Device!
This symbol and title inform that electronic boards and their components are
sensitive to static electricity. Therefore, care must be taken during all handling operations and inspections of this product, in order to ensure product
integrity at all times.
Please read also the section “Special Handling and Unpacking Instructions”
on the following page.
Warning!
This symbol and title emphasize points which, if not fully understood and
taken into consideration by the reader, may endanger your health and/or
result in damage to your material.
Note...
This symbol and title emphasize aspects the reader should read through
carefully for his or her own advantage.
For Your Safety
Your new Kontron product was developed and tested carefully to provide all features necessary
to ensure its compliance with electrical safety requirements. It was also designed for a long
fault-free life. However, the life expectancy of your product can be drastically reduced by improper treatment during unpacking and installation. Therefore, in the interest of your own safety
and of the correct operation of your new Kontron product, you are requested to conform with
the following guidelines.
Page xxiiiAT8904M CLI Reference Manual
PrefaceAT8904M
High Voltage Safety Instructions
Warning!
All operations on this device must be carried out by sufficiently skilled personnel only.
Caution, Electric Shock!
High voltages are present inside the chassis when the unit’s power cord is
plugged into an electrical outlet. Turn off system power, turn off the power
supply, and then disconnect the power cord from its source before removing
the chassis cover. Turning off the system power switch does not remove
power to components.
Caution!
Do not look into the laser beam!
The module may have optical interfaces fitted with a class 1 or 1M laser. To
avoid possible exposure to hazardous levels of invisible laser radiation, do
not exceed maximum ratings.
Special Handling and Unpacking Instructions
ESD Sensitive Device!
Electronic boards and their components are sensitive to static electricity.
Therefore, care must be taken during all handling operations and inspections
of this product, in order to ensure product integrity at all times.
Do not handle this product out of its protective enclosure while it is not used for operational purposes unless it is otherwise protected.
Whenever possible, unpack or pack this product only at EOS/ESD safe work stations. Where
a safe work station is not guaranteed, it is important for the user to be electrically discharged
before touching the product with his/her hands or tools. This is most easily done by touching a
metal part of your system housing.
It is particularly important to observe standard anti-static precautions when changing piggybacks, ROM devices, jumper settings etc. If the product contains batteries for RTC or memory
back-up, ensure that the board is not placed on conductive surfaces, including anti-static plastics or sponges. They can cause short circuits and damage the batteries or conductive circuits
on the board.
AT8904M CLI Reference ManualPage xxiv
AT8904MPreface
General Instructions on Usage
In order to maintain Kontron’s product warranty, this product must not be altered or modified in
any way. Changes or modifications to the device, which are not explicitly approved by Kontron
Modular Computers GmbH and described in this manual or received from Kontron’s Technical
Support as a special handling instruction, will void your warranty.
This device should only be installed in or connected to systems that fulfill all necessary technical and specific environmental requirements. This applies also to the operational temperature
range of the specific board version, which must not be exceeded. If batteries are present their
temperature restrictions must be taken into account.
In performing all necessary installation and application operations, please follow only the instructions supplied by the present manual.
Keep all the original packaging material for future storage or warranty shipments. If it is necessary to store or ship the board please re-pack it as nearly as possible in the manner in which it
was delivered.
Special care is necessary when handling or unpacking the product. Please, consult the special
handling and unpacking instruction on the previous page of this manual.
Two Year Warranty
Kontron Modular Computers GmbH grants the original purchaser of Kontron’s products a two
year limited hardware warranty as described in the following. However, no other warranties that
may be granted or implied by anyone on behalf of Kontron are valid unless the consumer has
the express written consent of Kontron Modular Computers GmbH.
Kontron Modular Computers GmbH warrants their own products, excluding software, to be free
from manufacturing and material defects for a period of 24 consecutive months from the date
of purchase. This warranty is not transferable nor extendible to cover any other users or longterm storage of the product. It does not cover products which have been modified, altered or
repaired by any other party than Kontron Modular Computers GmbH or their authorized agents.
Furthermore, any product which has been, or is suspected of being damaged as a result of negligence, improper use, incorrect handling, servicing or maintenance, or which has been damaged as a result of excessive current/voltage or temperature, or which has had its serial
number(s), any other markings or parts thereof altered, defaced or removed will also be excluded from this warranty.
If the customer’s eligibility for warranty has not been voided, in the event of any claim, he may
return the product at the earliest possible convenience to the original place of purchase, together with a copy of the original document of purchase, a full description of the application the
product is used on and a description of the defect. Pack the product in such a way as to ensure
safe transportation (see our safety instructions).
Page xxvAT8904M CLI Reference Manual
PrefaceAT8904M
Kontron provides for repair or replacement of any part, assembly or sub-assembly at their own
discretion, or to refund the original cost of purchase, if appropriate. In the event of repair, refunding or replacement of any part, the ownership of the removed or replaced parts reverts to
Kontron Modular Computers GmbH, and the remaining part of the original guarantee, or any
new guarantee to cover the repaired or replaced items, will be transferred to cover the new or
repaired items. Any extensions to the original guarantee are considered gestures of goodwill,
and will be defined in the “Repair Report” issued by Kontron with the repaired or replaced item.
Kontron Modular Computers GmbH will not accept liability for any further claims resulting directly or indirectly from any warranty claim, other than the above specified repair, replacement
or refunding. In particular, all claims for damage to any system or process in which the product
was employed, or any loss incurred as a result of the product not functioning at any given time,
are excluded. The extent of Kontron Modular Computers GmbH liability to the customer shall
not exceed the original purchase price of the item for which the claim exists.
Kontron Modular Computers GmbH issues no warranty or representation, either explicit or implicit, with respect to its products’ reliability, fitness, quality, marketability or ability to fulfil any
particular application or purpose. As a result, the products are sold “as is,” and the responsibility
to ensure their suitability for any given task remains that of the purchaser. In no event will Kontron be liable for direct, indirect or consequential damages resulting from the use of our hardware or software products, or documentation, even if Kontron were advised of the possibility of
such claims prior to the purchase of the product or during any period since the date of its purchase.
Please remember that no Kontron Modular Computers GmbH employee, dealer or agent is authorized to make any modification or addition to the above specified terms, either verbally or in
any other form, written or electronically transmitted, without the company’s consent.
AT8904M CLI Reference ManualPage xxvi
Chapter1
1
AT8904M
Using the Command-Line Interface
Page 1 - 1AT8904M CLI Reference Manual
Using the Command-Line InterfaceAT8904M
1.Using the Command-Line Interface
The command-line interface (CLI) is a text-based way to manage and monitor the
system. You can access the CLI by using a direct serial connection or by using a remote
logical connection with telnet or SSH.
This chapter describes the CLI syntax, conventions, and modes. It contains the
following sections:
•1.1 “Command Syntax” on page 1 - 2
•1.2 “Command Conventions” on page 1 - 2
•1.3 “Slot/Port Naming Convention” on page 1 - 4
•1.4 “Using the “No” Form of a Command” on page 1 - 5
•1.5 “Command Modes” on page 1 - 5
•1.6 “Using CLI Help” on page 1 - 9
•1.7 “Accessing the CLI” on page 1 - 10
1.1Command Syntax
A command is one or more words that might be followed by one or more parameters.
Parameters can be required or optional values.
Some commands, such as
Other commands, such as
show network or clear vlan, do not require parameters.
network parms, require that you supply a value after the
command. You must type the parameter values in a specific order, and optional
parameters follow required parameters. The following example describes the
command syntax:
parms
Format
network parms <ipaddr> <netmask> [gateway]
network
•network parms is the command name.
<ipaddr> and <netmask> are parameters and represent required values that you
•
must enter after you type the command keywords.
•
[gateway] is an optional parameter, so you are not required to enter a value in
place of the parameter.
The CLI Reference lists each command by the command name and provides a brief
description of the command. Each command reference also contains the following
information:
•Format shows the command keywords and the required and optional parameters.
•Mode identifies the command mode you must be in to access the command.
•Default shows the default value, if any, of a configurable setting on the device.
The
show commands also contain a description of the information that the command
shows.
1.2Command Conventions
In this document, the command name is in bold font. Parameters are in italic font.
You must replace the parameter name with an appropriate value, which might be a
name or number. Parameters are order dependent.
AT8904M CLI Reference ManualPage 1 - 2
AT8904MUsing the Command-Line Interface
The parameters for a command might include mandatory values, optional values, or
keyword choices. Table 1 describes the conventions this document uses to distinguish
between value types.
Table 1. Parameter Conventions
SymbolExampleDescription
<> angle brackets
[] square brackets
{} curly braces
| Vertical bars
[{}] Braces within
square brackets
<value>
[value]
{choice1 | choice2}
choice1 | choice2
[{choice1 | choice2}]
Indicates that you must enter a value
in place of the brackets and text
inside them.
Indicates an optional parameter that
you can enter in place of the brackets
and text inside them.
Indicates that you must select a
parameter from the list of choices.
Separates the mutually exclusive
choices.
Indicates a choice within an optional
element.
1.2.1Common Parameter Values
Parameter values might be names (strings) or numbers.To use spaces as part of a name
parameter, enclose the name value in double quotes. For example, the expression
“System Name with Spaces” forces the system to accept the spaces. Empty strings (““)
are not valid user-defined strings. Table 2 describes common parameter values and
value formatting.
Table 2. Parameter Descriptions
ParameterDescription
ipaddrThis parameter is a valid IP address. You can enter the IP address in the
following formats:
a (32 bits)
a.b (8.24 bits)
a.b.c (8.8.16 bits)
a.b.c.d (8.8.8.8)
In addition to these formats, the CLI accepts decimal, hexidecimal and
octal formats through the following input formats (where n is any valid
hexidecimal, octal or decimal number):
0xn (CLI assumes hexidecimal format)
0n (CLI assumes octal format with leading zeros)
n (CLI assumes decimal format)
areaid Enter area IDs in dotted-decimal notation (for example, 0.0.0.1). An
area ID of 0.0.0.0 is reserved for the backbone. Area IDs have the same
format as IP addresses but are distinct from IP addresses. You can use
the IP network number of the sub-netted network for the area ID.
routeridEnter the value of
0.0.0.1. A router ID of 0.0.0.0 is invalid.
<routerid> in dotted-decimal notation, such as
Page 1 - 3AT8904M CLI Reference Manual
Using the Command-Line InterfaceAT8904M
Table 2. Parameter Descriptions
ParameterDescription
Interface or
slot/port
Logical InterfaceRepresents a Logical slot and port number.. This is applicable in the
Character stringsUse double quotation marks to identify character strings, for example,
1.3Slot/Port Naming Convention
FASTPATH software references physical entities such as cards and ports by using a
slot/port naming convention. The FASTPATH software also uses this convention to
identify certain logical entities, such as Port-Channel interfaces.
The slot number has two uses. In the case of physical ports, it identifies the card
containing the ports. In the case of logical and CPU ports it also identifies the type of
interface or port.
Table 3. Type of Slots
Valid slot and port number separated by forward slashes. For example,
0/1 represents slot number 0 and port number 1.
case of a port-channel (LAG). You can use the logical slot/port to configure the port-channel.
“System Name with Spaces”. An empty string (“”) is not valid.
Slot TypeDescription
Physical slot numbers Physical slot numbers begin with zero, and are allocated up to the
CPU slot numbersThe CPU slots immediately follow the logical slots.
The port identifies the specific physical port or logical interface being managed on a
given slot.
Table 4. Type of Ports
Port TypeDescription
Physical PortsThe physical ports for each slot are numbered sequentially starting
from zero.
Logical InterfacesPort-channel or Link Aggregation Group (LAG) interfaces are
logical interfaces that are only used for bridging functions.
VLAN routing interfaces are only used for routing functions.
Loopback interfaces are logical interfaces that are always up.
Tunnel interfaces are logical point-to-point links that carry encapsulated packets.
CPU portsCPU ports are handled by the driver as one or more physical enti-
ties located on physical slots.
NOTE: In the CLI, loopback and tunnel interfaces do not use the slot/port for-
mat. To specify a loopback interface, you use the loopback ID. To
specify a tunnel interface, you use the tunnel ID.
AT8904M CLI Reference ManualPage 1 - 4
AT8904MUsing the Command-Line Interface
1.4Using the “No” Form of a Command
The no keyword is a specific form of an existing command and does not represent a
new or distinct command. Almost every configuration command has a
general, use the
default. For example, the
of an interface. Use the command without the keyword
no form to reverse the action of a command or reset a value back to the
no shutdown configuration command reverses the shutdown
no to re-enable a disabled
feature or to enable a feature that is disabled by default.
no form. In
Only the configuration commands are available in the
1.5Command Modes
The CLI groups commands into modes according to the command function. Each of
the command modes supports specific FASTPATH software commands. The
commands in one mode are not available until you switch to that particular mode, with
the exception of the User EXEC mode commands. You can execute the User EXEC
mode commands in the Privileged EXEC mode.
The command prompt changes in each command mode to help you identify the current
mode. Table 5 describes the command modes and the prompts visible in that mode.
Table 5. CLI Command Modes
Command
Mode
User EXEC
Privileged EXEC
Global Config
VLAN Config
Interface Config
Switch>
Switch#
Switch (Config)#
Switch (Vlan)#
Switch (Interface <slot/port>)#
Switch (Interface Loopback <id>)#
Switch (Interface Tunnel <id>)#
no form.
PromptMode Description
Contains a limited set of
commands to view basic
system information.
Allows you to issue any
EXEC command, enter
the VLAN mode, or
enter the Global Configuration mode.
Groups general setup
commands and permits
you to make modifications to the running configuration.
Groups all the VLAN
commands.
Allows you to enable or
modify the operation of
an interface and provides
access to the router interface configuration commands.
Use this mode to set up a
physical port for a specific logical connection
operation.
Page 1 - 5AT8904M CLI Reference Manual
Using the Command-Line InterfaceAT8904M
Table 5. CLI Command Modes
Command
Mode
Line Config
Policy Map
Config
Policy Class
Config
Class Map Config
Router OSPF
Config
Router RIP Config
MAC Access-list
Config
TACACS Config
DHCP Pool
Config
PromptMode Description
Switch (line)#
Switch (Config-policy-map)#
Switch (Config-policy-class-map)#
Switch (Config-class-map)#
Switch (Config-router)#
Switch (Config-router)#
Switch (Config-mac-access-list)#
Switch (Tacacs)#
Switch (Config dhcp-pool)#
Allows you to configure
various telnet settings
and the console interface.
Allows you to access the
QoS Policy-Map configuration mode to configure the QoS Policy-Map.
Consists of class creation, deletion, and
matching commands.
The class match commands specify Layer 2,
Layer 3, and general
match criteria.
Allows you to access the
QoS Class-Map configuration mode to configure
QoS class maps.
Allows you to access the
OSPF configuration
commands.
Allows you to access the
RIP configuration commands.
Allows you to create a
MAC Access-List and to
enter the mode containing Mac Access-List
configuration commands.
Allows you to configure
properties for the
TACACS servers.
Allows you to access the
DHCP Pool configuration.
Table 6 explains how to enter or exit each mode.
Table 6. CLI Mode Access and Exit
Command
Mode
User EXECThis is the first level of access. To exit, enter
Privileged EXECFrom the User EXEC mode, enter
enable.
AT8904M CLI Reference ManualPage 1 - 6
Access Method
Exit or Access Previous
Mode
logout.
To exit to the User EXEC
mode, enter exit or press
Ctrl-Z.
AT8904MUsing the Command-Line Interface
Table 6. CLI Mode Access and Exit
Command
Mode
Access Method
Global ConfigFrom the Privileged EXEC mode, enter
configure.
VLAN ConfigFrom the Privileged EXEC mode, enter
vlan database.
Interface Config From the Global Config mode, enter
interface <slot/port> or interface loopback <id>
tunnel <id>
or interface
or
Line ConfigFrom the Global Config mode, enter
lineconfig.
Policy-Map
Config
Policy-ClassMap Config
Class-Map
Config
Router OSPF
Config
Router RIP
Config
MAC Access-list
Config
From the Global Config mode, enter
policy-map.
From the Policy Map mode enter
class.
From the Global Config mode, enter
class-map.
From the Global Config mode, enter
router ospf.
From the Global Config mode, enter
router rip.
From the Global Config mode, enter
mac access-list extended
<name>
.
TACACS ConfigFrom the Global Config mode, enter
tacacs-server host <ip-addr>,
where
<ip-addr> is the IP address of
the TACACS server on your network.
DHCP Pool
Config
From the Global Config mode, enter
ip dhcp pool <pool-name>.
Exit or Access Previous
Mode
To exit to the Privileged
EXEC mode, enter exit, or
press Ctrl-Z.
To exit to the Privileged
EXEC mode, enter exit, or
press Ctrl-Z.
To exit to the Global Config
mode, enter
exit. To return
to the Privileged EXEC
mode, enter Ctrl-Z.
To exit to the Global Config
mode, enter exit. To return
to the Privileged EXEC
mode, enter Ctrl-Z.
To exit to the Global Config
mode, enter exit. To return
to the Privileged EXEC
mode, enter Ctrl-Z.
To exit to the Policy Map
mode, enter exit. To return
to the Privileged EXEC
mode, enter Ctrl-Z.
To exit to the Global Config
mode, enter exit. To return
to the Privileged EXEC
mode, enter Ctrl-Z.
To exit to the Global Config
mode, enter exit. To return
to the Privileged EXEC
mode, enter Ctrl-Z.
To exit to the Global Config
mode, enter exit. To return
to the Privileged EXEC
mode, enter Ctrl-Z.
To exit to the Global Config
mode, enter
exit. To return
to the Privileged EXEC
mode, enter Ctrl-Z.
To exit to the Global Config
mode, enter
exit. To return
to the Privileged EXEC
mode, enter Ctrl-Z.
To exit to the Global Config
mode, enter exit. To return
to the Privileged EXEC
mode, enter Ctrl-Z.
Page 1 - 7AT8904M CLI Reference Manual
Using the Command-Line InterfaceAT8904M
1.5.1Command Completion and Abbreviation
Command completion finishes spelling the command when you type enough letters of
a command to uniquely identify the command keyword. Once you have entered
enough letters, press the SPACEBAR or TAB key to complete the word.
Command abbreviation allows you to execute a command when you have entered there
are enough letters to uniquely identify the command. You must enter all of the required
keywords and parameters before you enter the command.
1.5.2CLI Error Messages
If you enter a command and the system is unable to execute it, an error message
appears. Table 7 describes the most common CLI error messages.
Table 7. CLI Error Messages
Message TextDescription
% Invalid input detected at '^'
marker.
Command not found / Incomplete
command. Use ? to list commands.
Ambiguous command
Indicates that you entered an incorrect or
unavailable command. The carat (^) shows
where the invalid text is detected. This message also appears if any of the parameters or
values are not recognized.
Indicates that you did not enter the required
keywords or values.
Indicates that you did not enter enough letters
to uniquely identify the command.
1.5.3CLI Line-Editing Conventions
Table 8 describes the key combinations you can use to edit commands or increase the
speed of command entry. You can access this list from the CLI by entering
the User or Privileged EXEC modes.
Table 8. CLI Editing Conventions
Key SequenceDescription
DEL or BackspaceDelete previous character
Ctrl-AGo to beginning of line
Ctrl-EGo to end of line
Ctrl-FGo forward one character
Ctrl-BGo backward one character
Ctrl-DDelete current character
Ctrl-U, XDelete to beginning of line
Ctrl-KDelete to end of line
Ctrl-WDelete previous word
Ctrl-TTranspose previous character
Ctrl-PGo to previous line in history buffer
Ctrl-RRewrites or pastes the line
Ctrl-NGo to next line in history buffer
help from
AT8904M CLI Reference ManualPage 1 - 8
AT8904MUsing the Command-Line Interface
Table 8. CLI Editing Conventions
Key SequenceDescription
Ctrl-YPrints last deleted character
Ctrl-QEnables serial flow
Ctrl-SDisables serial flow
Ctrl-ZReturn to root command prompt
Tab, <SPACE>Command-line completion
ExitGo to next lower command prompt
?List available commands, keywords, or parameters
1.6Using CLI Help
Enter a question mark (?) at the command prompt to display the commands available in
the current mode.
(switch) >?
enable Enter into user privilege mode.
help Display help for various special keys.
logout Exit this session. Any unsaved changes are lost.
ping Send ICMP echo packets to a specified IP
address.
quit Exit this session. Any unsaved changes are lost.
show Display Switch Options and Settings.
telnet Telnet to a remote host.
Enter a question mark (?) after each word you enter to display available command
keywords or parameters.
(switch) #network ?
javamode Enable/Disable.
mgmt_vlan Configure the Management VLAN ID of the switch.
parms Configure Network Parameters of the router.
protocol Select DHCP, BootP, or None as the network
config
protocol.
If the help output shows a parameter in angle brackets, you must replace the parameter
with a value.
(switch) #network parms ?
<ipaddr> Enter the IP Address.
If there are no additional command keywords or parameters, or if additional parameters
are optional, the following message appears in the output:
<cr> Press Enter to execute the command
You can also enter a question mark (?) after typing one or more characters of a word to
list the available command or parameters that begin with the letters, as shown in the
following example:
(switch) #show m?
mac-addr-table mac-address-table monitor
Page 1 - 9AT8904M CLI Reference Manual
Using the Command-Line InterfaceAT8904M
1.7Accessing the CLI
You can access the CLI by using a direct console connection or by using a telnet or
SSH connection from a remote management host.
For the initial connection, you must use a direct connection to the console port. You
cannot access the system remotely until the system has an IP address, subnet mask, and
default gateway. You can set the network configuration information manually, or you
can configure the system to accept these settings from a BOOTP or DHCP server on
your network. For more information, see 6.1 “Network Interface Commands” on page
6 - 2.
AT8904M CLI Reference ManualPage 1 - 10
Chapter1
2
AT8904M
Switching Commands
Page 2 - 1AT8904M CLI Reference Manual
Switching CommandsAT8904M
2.Switching Commands
This chapter describes the switching commands available in the CLI.
The Switching Commands chapter includes the following sections:
•2.1 “Port Configuration Commands” on page 2 - 2
•2.2 “Spanning Tree Protocol (STP) Commands” on page 2 - 6
•2.3 “VLAN Commands” on page 2 - 17
•2.4 “Double VLAN Commands” on page 2 - 27
•2.5 “Provisioning (IEEE 802.1p) Commands” on page 2 - 29
•2.6 “Protected Ports Commands” on page 2 - 30
•2.7 “GARP Commands” on page 2 - 32
•2.8 “GVRP Commands” on page 2 - 33
•2.9 “GMRP Commands” on page 2 - 35
•2.10 “Port-Based Network Access Control Commands” on page 2 - 37
•2.11 “Storm-Control Commands” on page 2 - 46
•2.12 “Port-Channel/LAG (802.3ad) Commands” on page 2 - 52
•2.13 “Port Mirroring” on page 2 - 56
•2.15 “IGMP Snooping Configuration Commands” on page 2 - 59
•2.16 “Port Security Commands” on page 2 - 65
•2.17 “LLDP (802.1AB) Commands” on page 2 - 67
•2.18 “Denial of Service Commands” on page 2 - 73
•2.19 “MAC Database Commands” on page 2 - 76
CAUTION: The commands in this chapter are in one of three functional
groups:
•Show commands display switch settings, statistics, and other information.
•Configuration commands configure features and options of the switch. For every
configuration command, there is a show command that displays the configuration
setting.
•Clear commands clear some or all of the settings to factory defaults.
2.1Port Configuration Commands
This section describes the commands you use to view and configure port settings.
2.1.1interface
This command gives you access to the Interface Config mode, which allows you to
enable or modify the operation of an interface (port).
Format
Mode Global Config
2.1.2auto-negotiate
This command enables automatic negotiation on a port.
interface <slot/port>
Default enabled
Format
AT8904M CLI Reference ManualPage 2 - 2
auto-negotiate
AT8904MSwitching Commands
Mode Interface Config
2.1.2.1no auto-negotiate
This command disables automatic negotiation on a port.
NOTE: Automatic sensing is disabled when automatic negotiation is disabled.
Format
no auto-negotiate
Mode Interface Config
2.1.3auto-negotiate all
This command enables automatic negotiation on all ports.
Default enabled
Format
auto-negotiate all
Mode Global Config
2.1.3.1no auto-negotiate all
This command disables automatic negotiation on all ports.
Format
no auto-negotiate all
Mode Global Config
2.1.4description
Use this command to create an alpha-numeric description of the port.
Format
Mode Interface Config
description <description>
2.1.5mtu
Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for
frames that ingress or egress the interface. You can use the
jumbo frame support for physical and port-channel (LAG) interfaces. For the standard
FASTPATH implementation, the MTU size is a valid integer between 1522 - 9216 for
tagged packets and a valid integer between 1518 - 9216 for untagged packets.
NOTE: To receive and process packets, the Ethernet MTU must include any
Default 1518 (untagged)
Format
Mode Interface Config
2.1.5.1no mtu
This command sets the default MTU size (in bytes) for the interface.
mtu command to configure
extra bytes that Layer-2 headers might require. To configure the IP
MTU size, which is the maximum size of the IP packet (IP Header +
IP payload), see 3.2.9 “ip mtu” on page 3 - 9.
mtu <1518-9216>
Page 2 - 3AT8904M CLI Reference Manual
Switching CommandsAT8904M
Format no mtu
Mode Interface Config
2.1.6shutdown
This command disables a port.
NOTE: You can use the
(LAG) interfaces, but not on VLAN routing interfaces.
Default enabled
Format
Mode Interface Config
2.1.6.1no shutdown
This command enables a port.
Format
Mode Interface Config
2.1.7shutdown all
This command disables all ports.
NOTE: You can use the
nel (LAG) interfaces, but not on VLAN routing interfaces.
Default enabled
Format
Mode Global Config
shutdown command on physical and port-channel
shutdown
no shutdown
shutdown all command on physical and port-chan-
shutdown all
2.1.7.1no shutdown all
This command enables all ports.
Format
no shutdown all
Mode Global Config
2.1.8speed
This command sets the speed and duplex setting for the interface.
Format
Mode Interface Config
Acceptable values are:
100h 100BASE-T half duplex
100f 100BASE-T full duplex
10h 10BASE-T half duplex
10f 10BASE-T full duplex
speed {<100 | 10> <half-duplex | full-duplex>}
AT8904M CLI Reference ManualPage 2 - 4
AT8904MSwitching Commands
2.1.9speed all
This command sets the speed and duplex setting for all interfaces.
Format
Mode Global Config
Acceptable values are:
100h 100BASE-T half-duplex
100f 100BASE-T full duplex
10h 10BASE-T half duplex
10f 10BASE-T full duplex
2.1.10show port
This command displays port information.
Format
Mode Privileged EXEC
Interface Valid slot and port number separated by forward slashes.
Type If not blank, this field indicates that this port is a special type of port.
speed all {<100 | 10> <half-duplex | full-duplex>}
show port {<slot/port> | all}
The possible values are:
Mirror - this port is a monitoring port. For more information, see 2.13
“Port Mirroring” on page 2 - 56.
PC Mbr- this port is a member of a port-channel (LAG).
Probe - this port is a probe port.
Admin Mode Selects the Port control administration state. The port must be enabled
in order for it to be allowed into the network. - May be enabled or disabled. The factory default is enabled.
Physical Mode Selects the desired port speed and duplex mode. If auto-negotiation
support is selected, then the duplex mode and speed is set from the
auto-negotiation process. Note that the maximum capability of the port
(full duplex -100M) is advertised. Otherwise, this object determines
the port's duplex mode and transmission rate. The factory default is
Auto.
Physical Status Indicates the port speed and duplex mode.
Link Status Indicates whether the Link is up or down.
Link Trap This object determines whether or not to send a trap when link status
changes. The factory default is enabled.
LACP Mode Displays whether LACP is enabled or disabled on this port.
2.1.11show port protocol
This command displays the Protocol-Based VLAN information for either the entire
system, or for the indicated group.
Format
show port protocol {<groupid> | all}
Page 2 - 5AT8904M CLI Reference Manual
Switching CommandsAT8904M
Mode Privileged EXEC
Group Name Displays the group name of an entry in the Protocol-based VLAN
table.
Group ID Displays the group identifier of the protocol group.
Protocol(s) Indicates the type of protocol(s) for this group.
VLAN Indicates the VLAN associated with this Protocol Group.
Interface(s) Lists the slot/port interface(s) that are associated with this Protocol
Group.
2.2Spanning Tree Protocol (STP) Commands
This section describes the commands you use to configure Spanning Tree Protocol
(STP). STP helps prevent network loops, duplicate messages, and network instability.
NOTE: STP is disabled by default. When you enable STP on the switch, STP
is still disabled on each port.
NOTE: If STP is disabled, the system does not forward BPDU messages.
2.2.1spanning-tree
This command sets the spanning-tree operational mode to enabled.
Default disabled
Format
Mode Global Config
spanning-tree
2.2.1.1no spanning-tree
This command sets the spanning-tree operational mode to disabled. While disabled, the
spanning-tree configuration is retained and can be changed, but is not activated.
Format
Mode Global Config
no spanning-tree
2.2.2spanning-tree bpdumigrationcheck
Use this command to force a transmission of rapid spanning tree (RSTP) and multiple
spanning tree (MSTP) BPDUs. Use the
from a specified interface, or use the
interfaces. This command forces the BPDU transmission when you execute it, so the
command does not change the system configuration or have a “no” version.
This command sets the Configuration Identifier Name for use in identifying the
configuration that this switch is currently using. The
characters.
Default base MAC address in hexadecimal notation
<name> is a string of up to 32
Format
spanning-tree configuration name <name>
Mode Global Config
2.2.3.1no spanning-tree configuration name
This command resets the Configuration Identifier Name to its default.
Format
no spanning-tree configuration name
Mode Global Config
2.2.4spanning-tree configuration revision
This command sets the Configuration Identifier Revision Level for use in identifying
the configuration that this switch is currently using. The Configuration Identifier
Revision Level is a number in the range of 0 to 65535.
Default 0
Format
spanning-tree configuration revision <0-65535>
Mode Global Config
2.2.4.1no spanning-tree configuration revision
This command sets the Configuration Identifier Revision Level for use in identifying
the configuration that this switch is currently using to the default value.
Format
no spanning-tree configuration revision
Mode Global Config
2.2.5spanning-tree edgeport
This command specifies that this port is an Edge Port within the common and internal
spanning tree. This allows this port to transition to Forwarding State without delay.
Format
spanning-tree edgeport
Mode Interface Config
2.2.5.1no spanning-tree edgeport
This command specifies that this port is not an Edge Port within the common and
internal spanning tree.
Format
Mode Interface Config
no spanning-tree edgeport
Page 2 - 7AT8904M CLI Reference Manual
Switching CommandsAT8904M
2.2.6spanning-tree forceversion
This command sets the Force Protocol Version parameter to a new value. Use 802.1d to
specify that the switch transmits ST BPDUs rather than MST BPDUs (IEEE 802.1d
functionality supported). Use 802.1w to specify that the switch transmits RST BPDUs
rather than MST BPDUs (IEEE 802.1w functionality supported). Use 802.1s to specify
that the switch transmits MST BPDUs (IEEE 802.1s functionality supported).
This command sets the Force Protocol Version parameter to the default value.
Format
no spanning-tree forceversion
Mode Global Config
2.2.7spanning-tree forward-time
This command sets the Bridge Forward Delay parameter to a new value for the
common and internal spanning tree. The forward-time value is in seconds within a
range of 4 to 30, with the value being greater than or equal to “(Bridge Max Age / 2) +
1”.
Default 15
Format
spanning-tree forward-time <4-30>
Mode Global Config
2.2.7.1no spanning-tree forward-time
This command sets the Bridge Forward Delay parameter for the common and internal
spanning tree to the default value.
Format
no spanning-tree forward-time
Mode Global Config
2.2.8spanning-tree hello-time
This command sets the Admin Hello Time parameter to a new value for the common
and internal spanning tree. The hello time
of 1 to 10, with the value being less than or equal to (Bridge Max Age / 2) - 1.
Default 2
Format
spanning-tree hello-time <1-10>
Mode Interface Config
2.2.8.1no spanning-tree hello-time
This command sets the admin Hello Time parameter for the common and internal
spanning tree to the default value.
AT8904M CLI Reference ManualPage 2 - 8
<value> is in whole seconds within a range
AT8904MSwitching Commands
Format no spanning-tree hello-time
Mode Interface Config
2.2.9spanning-tree max-age
This command sets the Bridge Max Age parameter to a new value for the common and
internal spanning tree. The max-age value is in seconds within a range of 6 to 40, with
the value being less than or equal to 2 x (Bridge Forward Delay - 1).
Default 20
Format
spanning-tree max-age <6-40>
Mode Global Config
2.2.9.1no spanning-tree max-age
This command sets the Bridge Max Age parameter for the common and internal
spanning tree to the default value.
Format
no spanning-tree max-age
Mode Global Config
2.2.10spanning-tree max-hops
This command sets the MSTP Max Hops parameter to a new value for the common
and internal spanning tree. The max-hops value is a range from 1 to 127.
Default 20
Format
spanning-tree max-hops <1-127>
Mode Global Config
2.2.10.1no spanning-tree max-hops
This command sets the Bridge Max Hops parameter for the common and internal
spanning tree to the default value.
Format
no spanning-tree max-hops
Mode Global Config
2.2.11spanning-tree mst
This command sets the Path Cost or Port Priority for this port within the multiple
spanning tree instance or in the common and internal spanning tree. If you specify an
<mstid> parameter that corresponds to an existing multiple spanning tree instance, the
configurations are done for that multiple spanning tree instance. If you specify 0
(defined as the default CIST ID) as the
common and internal spanning tree instance.
If you specify the cost option, the command sets the path cost for this port within a
multiple spanning tree instance or the common and internal spanning tree instance,
depending on the
range of 1 to 200000000 or auto. If you select auto the path cost value is set based on
Link Speed.
<mstid> parameter. You can set the path cost as a number in the
<mstid>, the configurations are done for the
Page 2 - 9AT8904M CLI Reference Manual
Switching CommandsAT8904M
If you specify the external-cost option, this command sets the external-path cost for
MST instance ‘0’ i.e. CIST instance. You can set the external cost as a number in the
range of 1 to 200000000 or auto. If you specify auto, the external path cost value is set
based on Link Speed.
If you specify the port-priority option, this command sets the priority for this port
within a specific multiple spanning tree instance or the common and internal spanning
tree instance, depending on the
in the range of 0 to 240 in increments of 16.
Default cost—auto
external-cost—auto
port-priority—128
<mstid> parameter. The port-priority value is a number
This command sets the Path Cost or Port Priority for this port within the multiple
spanning tree instance, or in the common and internal spanning tree to the respective
default values. If you specify an
multiple spanning tree instance, you are configuring that multiple spanning tree
instance. If you specify 0 (defined as the default CIST ID) as the
configuring the common and internal spanning tree instance.
If the you specify cost, this command sets the path cost for this port within a multiple
spanning tree instance or the common and internal spanning tree instance, depending
<mstid> parameter, to the default value, i.e. a path cost value based on the Link
on the
Speed.
If you specify external-cost, this command sets the external path cost for this port for
mst ‘0’ instance, to the default value, i.e. a path cost value based on the Link Speed.
If you specify port-priority, this command sets the priority for this port within a
specific multiple spanning tree instance or the common and internal spanning tree
instance, depending on the
<mstid> parameter that corresponds to an existing
<mstid>, you are
<mstid> parameter, to the default value.
Format
no spanning-tree mst <mstid> <cost | external-cost | portpriority>
Mode Interface Config
2.2.12spanning-tree mst instance
This command adds a multiple spanning tree instance to the switch. The parameter
<mstid> is a number within a range of 1 to 4094, that corresponds to the new instance
ID to be added. The maximum number of multiple instances supported by the switch is
4.
Default none
Format
AT8904M CLI Reference ManualPage 2 - 10
spanning-tree mst instance <mstid>
AT8904MSwitching Commands
Mode Global Config
2.2.12.1no spanning-tree mst instance
This command removes a multiple spanning tree instance from the switch and
reallocates all VLANs allocated to the deleted instance to the common and internal
spanning tree. The parameter
existing multiple spanning tree instance to be removed.
<mstid> is a number that corresponds to the desired
Format
no spanning-tree mst instance <mstid>
Mode Global Config
2.2.13spanning-tree mst priority
This command sets the bridge priority for a specific multiple spanning tree instance.
The parameter
<mstid> is a number that corresponds to the desired existing multiple
spanning tree instance. The priority value is a number within a range of 0 to 61440 in
increments of 4096.
If you specify 0 (defined as the default CIST ID) as the
Bridge Priority parameter to a new value for the common and internal spanning tree.
The bridge priority value is a number within a range of 0 to 61440. The twelve least
significant bits are masked according to the 802.1s specification. This causes the
priority to be rounded down to the next lower valid priority.
Default 32768
Format
spanning-tree mst priority <mstid> <0-61440>
Mode Global Config
2.2.13.1no spanning-tree mst priority
This command sets the bridge priority for a specific multiple spanning tree instance to
the default value. The parameter
existing multiple spanning tree instance.
<mstid>, this command sets the
<mstid> is a number that corresponds to the desired
If 0 (defined as the default CIST ID) is passed as the
Bridge Priority parameter for the common and internal spanning tree to the default
value.
Format
spanning-tree mst priority <mstid>
Mode Global Config
2.2.14spanning-tree mst vlan
This command adds an association between a multiple spanning tree instance and a
VLAN so that the VLAN is no longer associated with the common and internal
spanning tree. The parameter
existing multiple spanning tree instance. The
VLAN ID.
Format
Mode Global Config
spanning-tree mst vlan <mstid> <vlanid>
<mstid>, this command sets the
<mstid> is a number that corresponds to the desired
<vlanid> corresponds to an existing
Page 2 - 11AT8904M CLI Reference Manual
Switching CommandsAT8904M
2.2.14.1no spanning-tree mst vlan
This command removes an association between a multiple spanning tree instance and a
VLAN so that the VLAN is again be associated with the common and internal
spanning tree. The parameter
existing multiple spanning tree instance. The
VLAN ID.
<mstid> is a number that corresponds to the desired
<vlanid> corresponds to an existing
Format
no spanning-tree mst vlan <mstid> <vlanid>
Mode Global Config
2.2.15spanning-tree port mode
This command sets the Administrative Switch Port State for this port to enabled.
Default disabled
Format
spanning-tree port mode
Mode Interface Config
2.2.15.1no spanning-tree port mode
This command sets the Administrative Switch Port State for this port to disabled.
Format
no spanning-tree port mode
Mode Interface Config
2.2.16spanning-tree port mode all
This command sets the Administrative Switch Port State for all ports to enabled.
Default disabled
Format
spanning-tree port mode all
Mode Global Config
2.2.16.1no spanning-tree port mode all
This command sets the Administrative Switch Port State for all ports to disabled.
Format
no spanning-tree port mode all
Mode Global Config
2.2.17show spanning-tree
This command displays spanning tree settings for the common and internal spanning
tree. The following details are displayed.
Format
Modes Privileged EXEC
Bridge Priority Specifies the bridge priority for the Common and Internal Spanning
show spanning-tree
User EXEC
tree (CST). The value lies between 0 and 61440. It is displayed in multiples of 4096.
AT8904M CLI Reference ManualPage 2 - 12
AT8904MSwitching Commands
Bridge Identifier The bridge identifier for the CST. It is made up using the bridge pri-
ority and the base MAC address of the bridge.
Time Since Topology Change Time in seconds.
Topology Change Count Number of times changed.
Topology Change Boolean value of the Topology Change parameter for the switch
indicating if a topology change is in progress on any port assigned to
the common and internal spanning tree.
Designated Root The bridge identifier of the root bridge. It is made up from the
bridge priority and the base MAC address of the bridge.
Root Path Cost Value of the Root Path Cost parameter for the common and internal
spanning tree.
Root Port Identifier Identifier of the port to access the Designated Root for the CST.
Root Port Max Age Derived value.
Root Port Bridge Forward Delay Derived value.
Hello Time Configured value of the parameter for the CST.
Bridge Hold Time Minimum time between transmission of Configuration Bridge
Protocol Data Units (BPDUs)
Bridge Max Hops
CST Regional Root Bridge Identifier of the CST Regional Root. It is made up using
Regional Root Path Cost Path Cost to the CST Regional Root.
Associated FIDs List of forwarding database identifiers currently associated with this
Associated VLANs List of VLAN IDs currently associated with this instance.
Bridge max-hops count for the device.
the bridge priority and the base MAC address of the bridge.
instance.
2.2.18show spanning-tree brief
This command displays spanning tree settings for the bridge. The following
information appears.
Format
Modes Privileged EXEC
Bridge Priority Configured value.
show spanning-tree brief
User EXEC
Bridge Identifier The bridge identifier for the selected MST instance. It is made up
using the bridge priority and the base MAC address of the bridge.
Bridge Max Age Configured value.
Bridge Max Hops Bridge max-hops count for the device.
Bridge Hello Time Configured value.
Bridge Forward Delay Configured value.
Bridge Hold Time Minimum time between transmission of Configuration Bridge
Protocol Data Units (BPDUs)
Page 2 - 13AT8904M CLI Reference Manual
Switching CommandsAT8904M
2.2.19show spanning-tree interface
This command displays the settings and parameters for a specific switch port within
the common and internal spanning tree. The
following details are displayed on execution of the command.
<slot/port> is the desired switch port. The
Format
show spanning-tree interface <slot/port>
Modes Privileged EXEC
User EXEC
Hello Time Admin hello time for this port.
Port mode Enabled or disabled.
Port Up Time Since Counters Last Cleared Time since port was reset, displayed in
days, hours, minutes, and seconds.
STP BPDUs Transmitted Spanning Tree Protocol Bridge Protocol Data Units sent
STP BPDUs Received Spanning Tree Protocol Bridge Protocol Data Units received.
RST BPDUs Transmitted Rapid Spanning Tree Protocol Bridge Protocol Data Units
sent
RST BPDUs Received Rapid Spanning Tree Protocol Bridge Protocol Data Units
received.
MSTP BPDUs Transmitted Multiple Spanning Tree Protocol Bridge Protocol Data
Units sent
MSTP BPDUs Received Multiple Spanning Tree Protocol Bridge Protocol Data
Units received.
2.2.20show spanning-tree mst port detailed
This command displays the detailed settings and parameters for a specific switch port
within a particular multiple spanning tree instance. The parameter
that corresponds to the desired existing multiple spanning tree instance. The
<mstid> is a number
<slot/
port> is the desired switch port.
Format
show spanning-tree mst port detailed <mstid> <slot/port>
Mode Privileged EXEC
User EXEC
MST Instance ID The ID of the existing MST instance.
Port Identifier The port identifier for the specified port within the selected MST
instance. It is made up from the port priority and the interface number
of the port.
Port Priority The priority for a particular port within the selected MST instance.
The port priority is displayed in multiples of 16.
Port Forwarding State Current spanning tree state of this port.
Port Role Each enabled MST Bridge Port receives a Port Role for each spanning
tree. The port role is one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master Port or Disabled Port
AT8904M CLI Reference ManualPage 2 - 14
AT8904MSwitching Commands
Auto-Calculate Port Path Cost This indicates whether auto calculation for port path
cost is enabled.
Port Path Cost Configured value of the Internal Port Path Cost parameter.
Auto-Calculate External Port Path Cost This indicates whether auto calculation for
external port path cost is enabled.
External Port Path Cost Configured value of the external Port Path Cost parameter.
Designated Root The Identifier of the designated root for this port.
Designated Port Cost Path Cost offered to the LAN by the Designated Port
Designated Bridge
Bridge Identifier of the bridge with the Designated Port.
Designated Port Identifier Port on the Designated Bridge that offers the lowest cost
to the LAN.
If you specify 0 (defined as the default CIST ID) as the
<mstid>, this command
displays the settings and parameters for a specific switch port within the common and
internal spanning tree. The
<slot/port> is the desired switch port. In this case, the
following are displayed.
Port Identifier The port identifier for this port within the CST.
Port Priority The priority of the port within the CST.
Port Forwarding State The forwarding state of the port within the CST.
Port Role The role of the specified interface within the CST.
Port Path Cost The configured path cost for the specified interface.
Designated Root Identifier of the designated root for this port within the CST.
Designated Port Cost Path Cost offered to the LAN by the Designated Port.
Designated Bridge The bridge containing the designated port
Designated Port Identifier Port on the Designated Bridge that offers the lowest cost
to the LAN
Topology Change Acknowledgement Value of flag in next Configuration Bridge
Protocol Data Unit (BPDU) transmission indicating if a topology
change is in progress for this port.
Hello Time The hello time in use for this port.
Edge Port The configured value indicating if this port is an edge port.
Edge Port Status The derived value of the edge port status. True if operating as an
edge port; false otherwise.
Point To Point MAC Status Derived value indicating if this port is part of a point to
point link
.
CST Regional Root The regional root identifier in use for this port.
CST Port Cost The configured path cost for this port.
Page 2 - 15AT8904M CLI Reference Manual
Switching CommandsAT8904M
2.2.21show spanning-tree mst port summary
This command displays the settings of one or all ports within the specified multiple
spanning tree instance. The parameter
The parameter {
<slot/port> | all} indicates the desired switch port or all ports.
<mstid> indicates a particular MST instance.
If you specify 0 (defined as the default CIST ID) as the
displays for one or all ports within the common and internal spanning tree.
Format
show spanning-tree mst port summary <mstid> {<slot/port> |
all}
Modes Privileged EXEC
User EXEC
MST Instance ID The MST instance associated with this port.
Interface Valid slot and port number separated by forward slashes.
Type Currently not used.
STP State The forwarding state of the port in the specified spanning tree instance
Port Role The role of the specified port within the spanning tree.
Link Status The operational status of the link. Possible values are “Up” or
“Down”.
Link Trap The link trap configuration for the specified interface.
2.2.22show spanning-tree mst summary
This command displays summary information about all multiple spanning tree
instances in the switch. On execution, the following details are displayed.
<mstid>, the status summary
Format
show spanning-tree mst summary
Modes Privileged EXEC
User EXEC
MST Instance ID List List of multiple spanning trees IDs currently configured.
For each MSTID:
Associated FIDs List of forwarding database identifiers associated with this instance.
Associated VLANs List of VLAN IDs associated with this instance.
2.2.23show spanning-tree summary
This command displays spanning tree settings and parameters for the switch. The
following details are displayed on execution of the command.
Format
Modes Privileged EXEC
Spanning Tree Adminmode Enabled or disabled.
Spanning Tree Version Version of 802.1 currently supported (IEEE 802.1s, IEEE
show spanning-tree summary
User EXEC
802.1w, or IEEE 802.1d) based upon the Force Protocol Version
parameter.
AT8904M CLI Reference ManualPage 2 - 16
AT8904MSwitching Commands
Configuration Name Identifier used to identify the configuration currently being
used.
Configuration Revision Level Identifier used to identify the configuration currently
being used.
Configuration Digest Key Identifier used to identify the configuration currently
being used.
MST Instances List of all multiple spanning tree instances configured on the switch
2.2.24show spanning-tree vlan
This command displays the association between a VLAN and a multiple spanning tree
instance. The
<vlanid> corresponds to an existing VLAN ID.
Format
Modes Privileged EXEC
VLAN Identifier The VLANs associated with the selected MST instance.
Associated Instance Identifier for the associated multiple spanning tree instance or
show spanning-tree vlan <vlanid>
User EXEC
“CST” if associated with the common and internal spanning tree.
2.3VLAN Commands
This section describes the commands you use to configure VLAN settings.
2.3.1vlan database
This command gives you access to the VLAN Config mode, which allows you to
configure VLAN characteristics.
Format
Mode Privileged EXEC
2.3.2network mgmt_vlan
This command configures the Management VLAN ID.
vlan database
Default 1
Format
Mode Privileged EXEC
network mgmt_vlan <1-4069>
2.3.2.1no network mgmt_vlan
This command sets the Management VLAN ID to the default.
Format
Mode Privileged EXEC
no network mgmt_vlan
Page 2 - 17AT8904M CLI Reference Manual
Switching CommandsAT8904M
2.3.3vlan
This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN
identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-4094.
Format
vlan <2-4094>
Mode VLAN Config
2.3.3.1no vlan
This command deletes an existing VLAN. The ID is a valid VLAN identification
number (ID 1 is reserved for the default VLAN). The VLAN range is 2-4094.
Format
no vlan <2-4094>
Mode VLAN Config
2.3.4vlan acceptframe
This command sets the frame acceptance mode per interface. For VLAN Only mode,
untagged frames or priority frames received on this interface are discarded. For Admit
All mode, untagged frames or priority frames received on this interface are accepted
and assigned the value of the interface VLAN ID for this port. With either option,
VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN
Specification.
Default all
Format
Mode Interface Config
vlan acceptframe {vlanonly | all}
2.3.4.1no vlan acceptframe
This command sets the frame acceptance mode per interface to Admit All. For Admit
All mode, untagged frames or priority frames received on this interface are accepted
and assigned the value of the interface VLAN ID for this port. With either option,
VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN
Specification.
Format
vlan acceptframe {vlanonly | all}
Mode Interface Config
2.3.5vlan ingressfilter
This command enables ingress filtering. If ingress filtering is disabled, frames received
with VLAN IDs that do not match the VLAN membership of the receiving interface
are admitted and forwarded to ports that are members of that VLAN.
Default disabled
Format
Mode Interface Config
vlan ingressfilter
AT8904M CLI Reference ManualPage 2 - 18
AT8904MSwitching Commands
2.3.5.1no vlan ingressfilter
This command disables ingress filtering. If ingress filtering is disabled, frames
received with VLAN IDs that do not match the VLAN membership of the receiving
interface are admitted and forwarded to ports that are members of that VLAN.
Format
no vlan ingressfilter
Mode Interface Config
2.3.6vlan makestatic
This command changes a dynamically created VLAN (one that is created by GVRP
registration) to a static VLAN (one that is permanently configured and defined). The
ID is a valid VLAN identification number. VLAN range is 2-4094.
Format
vlan makestatic <2-4094>
Mode VLAN Config
2.3.7vlan name
This command changes the name of a VLAN. The name is an alphanumeric string of
up to 32 characters, and the ID is a valid VLAN identification number. ID range is 1-
4094.
Default VLAN ID 1 - default
other VLANS - blank string
Format
Mode VLAN Config
vlan name <2-4094> <name>
2.3.7.1no vlan name
This command sets the name of a VLAN to a blank string.
Format
no vlan name <2-4094>
Mode VLAN Config
2.3.8vlan participation
This command configures the degree of participation for a specific interface in a
VLAN. The ID is a valid VLAN identification number, and the interface is a valid
interface number
Format vlan participation {exclude | include | auto} <1-4094>
Mode Interface Config
Participation options are:
include The interface is always a member of this VLAN. This is equivalent to
exclude The interface is never a member of this VLAN. This is equivalent to
.
registration fixed.
registration forbidden.
Page 2 - 19AT8904M CLI Reference Manual
Switching CommandsAT8904M
auto The interface is dynamically registered in this VLAN by GVRP. The
interface will not participate in this VLAN unless a join request is
received on this interface. This is equivalent to registration normal.
2.3.9vlan participation all
This command configures the degree of participation for all interfaces in a VLAN. The
ID is a valid VLAN identification number. You can use the following participation
options:
•include—The interface is always a member of this VLAN. This is equivalent to
registration fixed.
•exclude—The interface is never a member of this VLAN. This is equivalent to registration forbidden.
•auto—The interface is dynamically registered in this VLAN by GVRP. The interface will not participate in this VLAN unless a join request is received on this
interface. This is equivalent to registration normal.
Format
Mode Global Config
vlan participation all {exclude | include | auto} <1-4094>
2.3.10vlan port acceptframe all
This command sets the frame acceptance mode for all interfaces. The modes defined as
follows:
•VLAN Only mode - Untagged frames or priority frames received on this interface
are discarded.
•Admit All mode - Untagged frames or priority frames received on this interface are
accepted and assigned the value of the interface VLAN ID for this port.
With either option, VLAN tagged frames are forwarded in accordance with the IEEE
802.1Q VLAN Specification.
Default all
Format
Mode Global Config
vlan port acceptframe all {vlanonly | all}
2.3.10.1no vlan port acceptframe all
This command sets the frame acceptance mode for all interfaces to Admit All. For
Admit All mode, untagged frames or priority frames received on this interface are
accepted and assigned the value of the interface VLAN ID for this port. With either
option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q
VLAN Specification.
Format
Mode Global Config
no vlan port acceptframe all
2.3.11vlan port ingressfilter all
This command enables ingress filtering for all ports. If ingress filtering is disabled,
frames received with VLAN IDs that do not match the VLAN membership of the
AT8904M CLI Reference ManualPage 2 - 20
AT8904MSwitching Commands
receiving interface are admitted and forwarded to ports that are members of that
VLAN.
Default disabled
Format
vlan port ingressfilter all
Mode Global Config
2.3.11.1no vlan port ingressfilter all
This command disables ingress filtering for all ports. If ingress filtering is disabled,
frames received with VLAN IDs that do not match the VLAN membership of the
receiving interface are admitted and forwarded to ports that are members of that
VLAN.
Format
no vlan port ingressfilter all
Mode Global Config
2.3.12vlan port pvid all
This command changes the VLAN ID for all interface.
Default 1
Format
vlan port pvid all <1-4094>
Mode Global Config
2.3.12.1no vlan port pvid all
This command sets the VLAN ID for all interfaces to 1.
Format
no vlan port pvid all
Mode Global Config
2.3.13vlan port tagging all
This command configures the tagging behavior for all interfaces in a VLAN to
enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is
disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN
identification number.
Format.
vlan port tagging all <1-4094>
Mode Global Config
2.3.13.1no vlan port tagging all
This command configures the tagging behavior for all interfaces in a VLAN to
disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a
valid VLAN identification number.
Format
Mode Global Config
no vlan port tagging all
Page 2 - 21AT8904M CLI Reference Manual
Switching CommandsAT8904M
2.3.14vlan protocol group
This command adds protocol-based VLAN groups to the system. The <groupName> is
a character string of 1 to 16 characters. When it is created, the protocol group will be
assigned a unique number that will be used to identify the group in subsequent
commands.
Format
vlan protocol group <groupname>
Mode Global Config
2.3.15vlan protocol group add protocol
This command adds the <protocol> to the protocol-based VLAN identified by
<groupid>. A group may have more than one protocol associated with it. Each
interface and protocol combination can only be associated with one group. If adding a
protocol to a group causes any conflicts with interfaces currently associated with the
group, this command fails and the protocol is not added to the group. The possible
values for protocol are
vlan protocol group add protocol <groupid> <protocol>
Mode Global Config
2.3.15.1no vlan protocol group add protocol
This command removes the <protocol> from this protocol-based VLAN group that is
identified by this <
Format
groupid>. The possible values for protocol are ip, arp, and ipx.
no vlan protocol group add protocol <groupid> <protocol>
Mode Global Config
2.3.16vlan protocol group remove
This command removes the protocol-based VLAN group that is identified by this
<groupid>.
Format
vlan protocol group remove <groupid>
Mode Global Config
2.3.17protocol group
This command attaches a <vlanid> to the protocol-based VLAN identified by
<groupid>. A group may only be associated with one VLAN at a time, however the
VLAN association can be changed.
The referenced VLAN should be created prior to the creation of the protocol-based
VLAN except when GVRP is expected to create the VLAN.
Default none
Format
Mode VLAN Config
protocol group <groupid> <vlanid>
AT8904M CLI Reference ManualPage 2 - 22
AT8904MSwitching Commands
2.3.17.1no protocol group
This command removes the <vlanid> from this protocol-based VLAN group that is
identified by this
<groupid>.
Format
no protocol group <groupid> <vlanid>
Mode VLAN Config
2.3.18protocol vlan group
This command adds the physical interface to the protocol-based VLAN identified by
<groupid>. You can associate multiple interfaces with a group, but you can only
associate each interface and protocol combination with one group. If adding an
interface to a group causes any conflicts with protocols currently associated with the
group, this command fails and the interface(s) are not added to the group.
You should create the referenced VLAN before you create the protocol-based VLAN
except when you configure GVRP to create the VLAN.
Default none
Format
protocol vlan group <groupid>
Mode Interface Config
2.3.18.1no protocol vlan group
This command removes the interface from this protocol-based VLAN group that is
identified by this
Format
<groupid>.
no protocol vlan group <groupid>
Mode Interface Config
2.3.19protocol vlan group all
This command adds all physical interfaces to the protocol-based VLAN identified by
<groupid>. You can associate multiple interfaces with a group, but you can only
associate each interface and protocol combination with one group. If adding an
interface to a group causes any conflicts with protocols currently associated with the
group, this command will fail and the interface(s) will not be added to the group.
You should create the referenced VLAN before you create the protocol-based VLAN
except when you configure GVRP to create the VLAN.
Default none
Format
protocol vlan group all <groupid>
Mode Global Config
2.3.19.1no protocol vlan group all
This command removes all interfaces from this protocol-based VLAN group that is
identified by this
Format
Mode Global Config
<groupid>.
no protocol vlan group all <groupid>
Page 2 - 23AT8904M CLI Reference Manual
Switching CommandsAT8904M
2.3.20vlan pvid
This command changes the VLAN ID per interface.
Default 1
Format
vlan pvid <1-4094>
Mode Interface Config
2.3.20.1no vlan pvid
This command sets the VLAN ID per interface to 1.
Format
no vlan pvid
Mode Interface Config
2.3.21vlan tagging
This command configures the tagging behavior for a specific interface in a VLAN to
enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is
disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN
identification number.
Format
vlan tagging <1-4094>
Mode Interface Config
2.3.21.1no vlan tagging
This command configures the tagging behavior for a specific interface in a VLAN to
disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a
valid VLAN identification number.
Format
no vlan tagging <1-4094>
Mode Interface Config
2.3.22vlan association subnet
This command associates a VLAN to a specific IP-subnet.
Format
vlan association subnet <ipaddr> <netmask> <vlanid>
Mode VLAN Config
2.3.22.1no vlan association subnet
This command removes association of a specific IP-subnet to a VLAN.
Format
no vlan association subnet <ipaddr> <netmask>
Mode VLAN Config
2.3.23vlan association mac
This command associates a MAC address to a VLAN.
Format
vlan association mac <macaddr> <vlanid>
AT8904M CLI Reference ManualPage 2 - 24
AT8904MSwitching Commands
Mode VLAN database
2.3.23.1no vlan association mac
This command removes the association of a MAC address to a VLAN.
Format
Mode VLAN database
2.3.24show vlan
This command displays detailed information, including interface information, for a
specific VLAN. The ID is a valid VLAN identification number.
Format
Modes Privileged EXEC
VLAN ID There is a VLAN Identifier (VID) associated with each VLAN. The
VLAN Name A string associated with this VLAN as a convenience. It can be up to
VLAN Type Type of VLAN, which can be Default (VLAN ID = 1) or static (one
Interface Valid slot and port number separated by forward slashes. It is possible
no vlan association mac <macaddr>
show vlan <vlanid>
User EXEC
range of the VLAN ID is 1 to 4094.
32 alphanumeric characters long, including blanks. The default is
blank. VLAN ID 1 always has a name of “Default.” This field is
optional.
that is configured and permanently defined), or Dynamic (one that is
created by GVRP registration).
to set the parameters for all ports by using the selectors on the top line.
Current Determines the degree of participation of this port in this VLAN. The
permissible values are:
Include - This port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE 802.1Q standard.
Exclude - This port is never a member of this VLAN. This is equivalent to registration forbidden in the IEEE 802.1Q standard.
Autodetect - Specifies to allow the port to be dynamically registered
in this VLAN via GVRP. The port will not participate in this VLAN
unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard.
Configured Determines the configured degree of participation of this port in this
VLAN. The permissible values are:
Include - This port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE 802.1Q standard.
Exclude - This port is never a member of this VLAN. This is equivalent to registration forbidden in the IEEE 802.1Q standard.
Autodetect - Specifies to allow the port to be dynamically registered in
this VLAN via GVRP. The port will not participate in this VLAN
Page 2 - 25AT8904M CLI Reference Manual
Switching CommandsAT8904M
unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard.
Tag gin g Select the tagging behavior for this port in this VLAN.
Tag ged - specifies to transmit traffic for this VLAN as tagged frames.
Untagged - specifies to transmit traffic for this VLAN as untagged
frames.
2.3.25show vlan brief
This command displays a list of all configured VLANs.
Format
Modes Privileged EXEC
VLAN ID There is a VLAN Identifier (vlanid) associated with each VLAN. The
VLAN Name A string associated with this VLAN as a convenience. It can be up to
VLAN Type Type of VLAN, which can be Default (VLAN ID = 1) or static (one
show vlan brief
User EXEC
range of the VLAN ID is 1 to 4094.
32 alphanumeric characters long, including blanks. The default is
blank. VLAN ID 1 always has a name of “Default.” This field is
optional.
that is configured and permanently defined), or a Dynamic (one that is
created by GVRP registration).
2.3.26show vlan port
This command displays VLAN port information.
Format
Modes Privileged EXEC
Interface Valid slot and port number separated by forward slashes. It is possible
show vlan port {<slot/port> | all}
User EXEC
to set the parameters for all ports by using the selectors on the top line.
Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority
tagged frames received on this port. The value must be for an existing
VLAN. The factory default is 1.
Acceptable Frame Types Specifies the types of frames that may be received on this
port. The options are 'VLAN only' and 'Admit All'. When set to
'VLAN only', untagged frames or priority tagged frames received on
this port are discarded. When set to 'Admit All', untagged frames or
priority tagged frames received on this port are accepted and assigned
the value of the Port VLAN ID for this port. With either option, VLAN
tagged frames are forwarded in accordance to the 802.1Q VLAN specification.
Ingress Filtering May be enabled or disabled. When enabled, the frame is discarded
if this port is not a member of the VLAN with which this frame is
associated. In a tagged frame, the VLAN is identified by the VLAN ID
AT8904M CLI Reference ManualPage 2 - 26
AT8904MSwitching Commands
in the tag. In an untagged frame, the VLAN is the Port VLAN ID specified for the port that received this frame. When disabled, all frames
are forwarded in accordance with the 802.1Q VLAN bridge specification. The factory default is disabled.
GVRP
Default Priority The 802.1p priority assigned to tagged packets arriving on the port.
May be enabled or disabled.
2.3.27show vlan association subnet
This command displays the VLAN associated with a specific configured IP-Address
and net mask. If no IP Address and net mask are specified, the VLAN associations of
all the configured IP-subnets are displayed.
Format
Mode Privileged EXEC
IP Address The IP address assigned to each interface.
Net Mask The subnet mask
VLAN ID There is a VLAN Identifier (VID) associated with each VLAN.
show vlan association subnet [<ipaddr> <netmask>]
2.3.28show vlan association mac
This command displays the VLAN associated with a specific configured MAC
address. If no MAC address is specified, the VLAN associations of all the configured
MAC addresses are displayed.
Format
show vlan association mac [<macaddr>]
Mode Privileged EXEC
Mac Address
A MAC address for which the switch has forwarding and or filtering information. The format is 6 or 8 two-digit hexadecimal
numbers that are separated by colons, for example
01:23:45:67:89:AB. In an IVL system the MAC address will be
displayed as 8 bytes.
VLAN ID There is a VLAN Identifier (VID) associated with each VLAN.
2.4Double VLAN Commands
This section describes the commands you use to configure double VLAN (DVLAN).
Double VLAN tagging is a way to pass VLAN traffic from one customer domain to
another through a Metro Core in a simple and cost effective manner. The additional tag
on the traffic helps differentiate between customers in the MAN while preserving the
VLAN identification of the individual customers when they enter their own 802.1Q
domain.
2.4.1dvlan-tunnel ethertype
This command configures the ether-type for all interfaces. The ether-type may have the
values of
value of the custom ether type must be set to a value from 0 to 65535.
802.1Q, vMAN, or custom. If the ether-type has a value of custom, the optional
This command configures the ether-type for all interfaces to the default value.
Format
no dvlan-tunnel ethertype
Mode Global Config
2.4.2mode dot1q-tunnel
This command is used to enable Double VLAN Tunneling on the specified interface.
Default disabled
Format
mode dot1q-tunnel
Mode Interface Config
2.4.2.1no mode dot1q-tunnel
This command is used to disable Double VLAN Tunneling on the specified interface.
By default, Double VLAN Tunneling is disabled.
Format
no mode dot1q-tunnel
Mode Interface Config
2.4.3mode dvlan-tunnel
Use this command to enable Double VLAN Tunneling on the specified interface.
NOTE: When you use the
becomes a service provider port. Ports that do not have double VLAN
tunneling enabled are customer ports.
Default disabled
Format
mode dvlan-tunnel
Mode Interface Config
2.4.3.1no mode dvlan-tunnel
This command is used to disable Double VLAN Tunneling on the specified interface.
By default, Double VLAN Tunneling is disabled.
Format
no mode dvlan-tunnel
Mode Interface Config
2.4.4show dot1q-tunnel
mode dvlan-tunnel command on an interface, it
Use this command without the optional parameters to display all interfaces enabled for
Double VLAN Tunneling. Use the optional parameters to display detailed information
about Double VLAN Tunneling for the specified interface or all interfaces.
AT8904M CLI Reference ManualPage 2 - 28
AT8904MSwitching Commands
Format show dot1q-tunnel [interface {<slot/port> | all}]
Modes Privileged EXEC
User EXEC
Interface Valid slot and port number separated by forward slashes.
Mode This field specifies the administrative mode through which Double
VLAN Tunneling can be enabled or disabled. The default value for
this field is disabled.
EtherType This field represents a 2-byte hex EtherType to be used as the first 16
bits of the DVLAN tunnel. There are three different EtherType tags.
The first is 802.1Q, which represents the commonly used value of
0x8100. The second is vMAN, which represents the commonly used
value of 0x88A8. If EtherType is not one of these two values, then it is
a custom tunnel value, representing any value in the range of 0 to
65535.
2.4.5show dvlan-tunnel
Use this command without the optional parameters to display all interfaces enabled for
Double VLAN Tunneling. Use the optional parameters to display detailed information
about Double VLAN Tunneling for the specified interface or all interfaces.
Format
Modes Privileged EXEC
Interface Valid slot and port number separated by forward slashes.
Mode This field specifies the administrative mode through which Double
EtherType This field represents a 2-byte hex EtherType to be used as the first 16
show dvlan-tunnel [interface {<slot/port> | all}]
User EXEC
VLAN Tunneling can be enabled or disabled. The default value for
this field is disabled.
bits of the DVLAN tunnel. There are three different EtherType tags.
The first is 802.1Q, which represents the commonly used value of
0x8100. The second is vMAN, which represents the commonly used
value of 0x88A8. If EtherType is not one of these two values, then it is
a custom tunnel value, representing any value in the range of 0 to
65535.
2.5Provisioning (IEEE 802.1p) Commands
This section describes the commands you use to configure provisioning, which allows
you to prioritize ports.
2.5.1vlan port priority all
This command configures the port priority assigned for untagged packets for all ports
presently plugged into the device. The range for the priority is 0-7. Any subsequent per
port configuration will override this configuration setting.
Format
vlan port priority all <priority>
Page 2 - 29AT8904M CLI Reference Manual
Switching CommandsAT8904M
Mode Global Config
2.5.2vlan priority
This command configures the default 802.1p port priority assigned for untagged
packets for a specific interface. The range for the priority is 0-7
Default 0
Format
Mode Interface Config
vlan priority <priority>
2.6Protected Ports Commands
This section describes commands you use to configure and view protected ports on a
switch. Protected ports do not forward traffic to each other, even if they are on the same
VLAN. However, protected ports can forward traffic to all unprotected ports in their
group. Unprotected ports can forward traffic to both protected and unprotected ports.
Ports are unprotected by default.
If an interface is configured as a protected port, and you add that interface to a Port
Channel or Link Aggregation Group (LAG), the protected port status becomes
operationally disabled on the interface, and the interface follows the configuration of
the LAG port. However, the protected port configuration for the interface remains
unchanged. Once the interface is no longer a member of a LAG, the current
configuration for that interface automatically becomes effective.
2.6.1switchport protected (Global Config)
Use this command to create a protected port group. The <groupid> parameter
identifies the set of protected ports. Use the
protected port group. The name can be up to 32 alphanumeric characters long,
including blanks. The default is blank.
name <name> pair to assign a name to the
NOTE: Port protection occurs within a single switch. Protected port configura-
tion does not affect traffic between ports on two different switches. No
traffic forwarding is possible between two protected ports.
Default unprotected
Format
Mode Global Config
switchport protected <groupid> [name <name>]
2.6.1.1no switchport protected (Global Config)
Use this command to remove a protected port group. The groupid parameter identifies
the set of protected ports. Use the
Format
Mode Global Config
AT8904M CLI Reference ManualPage 2 - 30
no switchport protected <groupid> [name]
name keyword to remove the name from the group.
AT8904MSwitching Commands
2.6.2switchport protected (Interface Config)
Use this command to add an interface to a protected port group. The <groupid>
parameter identifies the set of protected ports to which this interface is assigned. You
can only configure an interface as protected in one group.
NOTE: Port protection occurs within a single switch. Protected port configura-
tion does not affect traffic between ports on two different switches. No
traffic forwarding is possible between two protected ports.
Default unprotected
Format
switchport protected <groupid>
Mode Interface Config
2.6.2.1no switchport protected (Interface Config)
Use this command to configure a port as unprotected. The groupid parameter
identifies the set of protected ports to which this interface is assigned.
Format
no switchport protected <groupid>
Mode Interface Config
2.6.3show switchport protected
This command displays the status of all the interfaces, including protected and
unprotected interfaces.
Format
Modes Privileged EXEC
Group ID The number that identifies the protected port group.
Name An optional name of the protected port group. The name can be up to
show switchport protected <groupid>
User EXEC
32 alphanumeric characters long, including blanks. The default is
blank.
List of Physical Ports List of ports, which are configured as protected for the group
identified with
<groupid>. If no port is configured as protected for
this group, this field is blank.
2.6.4show interfaces switchport
This command displays the status of the interface (protected/unprotected) under the
groupid.
Format
Mode User EXEC
Name A string associated with this group as a convenience. It can be up to 32
show interfaces switchport <slot/port> <groupid>
Privileged EXEC
alphanumeric characters long, including blanks. The default is blank.
This field is optional.
Page 2 - 31AT8904M CLI Reference Manual
Switching CommandsAT8904M
Protected Indicates whether the interface is protected or not. It shows TRUE or
FALSE. If the group is a multiple groups then it shows TRUE in
Group
2.7GARP Commands
This section describes the commands you use to configure Generic Attribute
Registration Protocol (GARP) and view GARP status. The commands in this section
affect both GARP VLAN Registration Protocol (GVRP) and Garp Multicast
Registration Protocol (GMRP). GARP is a protocol that allows client stations to
register with the switch for membership in VLANS (by using GVMP) or multicast
groups (by using GVMP).
2.7.1set garp timer join
This command sets the GVRP join time for one port (Interface Config mode) or all
(Global Config mode) and per GARP. Join time is the interval between the
transmission of GARP Protocol Data Units (PDUs) registering (or re-registering)
membership for a VLAN or multicast group. This command has an effect only when
GVRP is enabled. The time is from 10 to 100 (centiseconds). The value 20
centiseconds is 0.2 seconds.
<groupid>
Default 20
Format
Modes Interface Config
set garp timer join <10-100>
Global Config
2.7.1.1no set garp timer join
This command sets the GVRP join time (for one or all ports and per GARP) to the
default and only has an effect when GVRP is enabled.
Format
Modes Interface Config
no set garp timer join
Global Config
2.7.2set garp timer leave
This command sets the GVRP leave time for one port (Interface Config mode) or all
ports (Global Config mode) and only has an effect when GVRP is enabled. Leave time
is the time to wait after receiving an unregister request for a VLAN or a multicast
group before deleting the VLAN entry. This can be considered a buffer time for
another station to assert registration for the same attribute in order to maintain
uninterrupted service. The leave time is 20 to 600 (centiseconds). The value 60
centiseconds is 0.6 seconds.
Default 60
Format
Modes Interface Config
AT8904M CLI Reference ManualPage 2 - 32
set garp timer leave <20-600>
Global Config
AT8904MSwitching Commands
2.7.2.1no set garp timer leave
This command sets the GVRP leave time on all ports or a single port to the default and
only has an effect when GVRP is enabled.
Format
Modes Interface Config
no set garp timer leave
Global Config
2.7.3set garp timer leaveall
This command sets how frequently Leave All PDUs are generated. A Leave All PDU
indicates that all registrations will be unregistered. Participants would need to rejoin in
order to maintain registration. The value applies per port and per GARP participation.
The time may range from 200 to 6000 (centiseconds). The value 1000 centiseconds is
10 seconds. You can use this command on all ports (Global Config mode) or a single
port (Interface Config mode), and it only has an effect only when GVRP is enabled.
Default 1000
Format
Modes Interface Config
set garp timer leaveall <200-6000>
Global Config
2.7.3.1no set garp timer leaveall
This command sets how frequently Leave All PDUs are generated the default and only
has an effect when GVRP is enabled.
Format
no set garp timer leaveall
Modes Interface Config
Global Config
2.7.4show garp
This command displays GARP information.
Format
Modes Privileged EXEC
GMRP Admin Mode This displays the administrative mode of GARP Multicast Reg-
GVRP Admin Mode This displays the administrative mode of GARP VLAN Regis-
show garp
User EXEC
istration Protocol (GMRP) for the system.
tration Protocol (GVRP) for the system
2.8GVRP Commands
This section describes the commands you use to configure and view GARP VLAN
Registration Protocol (GVRP) information. GVRP-enabled switches exchange VLAN
configuration information, which allows GVRP to provide dynamic VLAN creation on
trunk ports and automatic VLAN pruning.
Page 2 - 33AT8904M CLI Reference Manual
Switching CommandsAT8904M
NOTE: If GVRP is disabled, the system does not forward GVRP messages.
2.8.1set gvrp adminmode
This command enables GVRP on the system.
Default disabled
Format
set gvrp adminmode
Mode Privileged EXEC
2.8.1.1no set gvrp adminmode
This command disables GVRP.
Format
no set gvrp adminmode
Mode Privileged EXEC
2.8.2set gvrp interfacemode
This command enables GVRP on a single port (Interface Config mode) or all ports
(Global Config mode).
Default disabled
Format
set gvrp interfacemode
Modes Interface Config
Global Config
2.8.2.1no set gvrp interfacemode
This command disables GVRP on a single port (Interface Config mode) or all ports
(Global Config mode). If GVRP is disabled, Join Time, Leave Time and Leave All
Time have no effect.
Format
no set gvrp interfacemode
Modes Interface Config
Global Config
2.8.3show gvrp configuration
This command displays Generic Attributes Registration Protocol (GARP) information
for one or all interfaces.
Format
Modes Privileged EXEC
Interface Valid slot and port number separated by forward slashes.
Join Timer Specifies the interval between the transmission of GARP PDUs regis-
show gvrp configuration {<slot/port> | all}
User EXEC
tering (or re-registering) membership for an attribute. Current
attributes are a VLAN or multicast group. There is an instance of this
timer on a per-Port, per-GARP participant basis. Permissible values
are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is
AT8904M CLI Reference ManualPage 2 - 34
AT8904MSwitching Commands
20 centiseconds (0.2 seconds). The finest granularity of specification
is one centisecond (0.01 seconds).
Leave Timer Specifies the period of time to wait after receiving an unregister
request for an attribute before deleting the attribute. Current attributes
are a VLAN or multicast group. This may be considered a buffer time
for another station to assert registration for the same attribute in order
to maintain uninterrupted service. There is an instance of this timer on
a per-Port, per-GARP participant basis. Permissible values are 20 to
600 centiseconds (0.2 to 6.0 seconds). The factory default is 60 centiseconds (0.6 seconds).
LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are
generated. A LeaveAll PDU indicates that all registrations will shortly
be deregistered. Participants will need to rejoin in order to maintain
registration. There is an instance of this timer on a per-Port, per-GARP
participant basis. The Leave All Period Timer is set to a random value
in the range of LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60 seconds). The factory default
is 1000 centiseconds (10 seconds).
Port GMRP Mode Indicates the GMRP administrative mode for the port, which is
enabled or disabled (default). If this parameter is disabled, Join Time,
Leave Time and Leave All Time have no effect.
2.9GMRP Commands
This section describes the commands you use to configure and view GARP Multicast
Registration Protocol (GMRP) information. Like IGMP snooping, GMRP helps
control the flooding of multicast packets.GMRP-enabled switches dynamically register
and de-register group membership information with the MAC networking devices
attached to the same segment. GMRP also allows group membership information to
propagate across all networking devices in the bridged LAN that support Extended
Filtering Services.
NOTE: If GMRP is disabled, the system does not forward GMRP messages.
2.9.1set gmrp adminmode
This command enables GARP Multicast Registration Protocol (GMRP) on the system.
Default disabled
Format
Mode Privileged EXEC
set gmrp adminmode
2.9.1.1no set gmrp adminmode
This command disables GARP Multicast Registration Protocol (GMRP) on the system.
Format
Mode Privileged EXEC
no set gmrp adminmode
Page 2 - 35AT8904M CLI Reference Manual
Switching CommandsAT8904M
2.9.2set gmrp interfacemode
This command enables GARP Multicast Registration Protocol on a single interface
(Interface Config mode) or all interfaces (Global Config mode). If an interface which
has GARP enabled is enabled for routing or is enlisted as a member of a port-channel
(LAG), GARP functionality is disabled on that interface. GARP functionality is
subsequently re-enabled if routing is disabled and port-channel (LAG) membership is
removed from an interface that has GARP enabled.
Default disabled
Format
Modes Interface Config
set gmrp interfacemode
Global Config
2.9.2.1no set gmrp interfacemode
This command disables GARP Multicast Registration Protocol on a single interface or
all interfaces. If an interface which has GARP enabled is enabled for routing or is
enlisted as a member of a port-channel (LAG), GARP functionality is disabled. GARP
functionality is subsequently re-enabled if routing is disabled and port-channel (LAG)
membership is removed from an interface that has GARP enabled.
Format
Modes Interface Config
no set gmrp interfacemode
Global Config
2.9.3show gmrp configuration
This command displays Generic Attributes Registration Protocol (GARP) information
for one or all interfaces.
Format
Modes Privileged EXEC
show gmrp configuration {<slot/port> | all}
User EXEC
Interface This displays the slot/port
describes.
Join Timer Specifies the interval between the transmission of GARP PDUs regis-
tering (or re-registering) membership for an attribute. Current
attributes are a VLAN or multicast group. There is an instance of this
timer on a per-port, per-GARP participant basis. Permissible values
are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is
20 centiseconds (0.2 seconds). The finest granularity of specification
is 1 centisecond (0.01 seconds).
Leave Timer Specifies the period of time to wait after receiving an unregister
request for an attribute before deleting the attribute. Current attributes
are a VLAN or multicast group. This may be considered a buffer time
for another station to assert registration for the same attribute in order
to maintain uninterrupted service. There is an instance of this timer on
a per-Port, per-GARP participant basis. Permissible values are 20 to
AT8904M CLI Reference ManualPage 2 - 36
of the interface that this row in the table
AT8904MSwitching Commands
600 centiseconds (0.2 to 6.0 seconds). The factory default is 60 centiseconds (0.6 seconds).
LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are
generated. A LeaveAll PDU indicates that all registrations will shortly
be deregistered. Participants will need to rejoin in order to maintain
registration. There is an instance of this timer on a per-Port, per-GARP
participant basis. The Leave All Period Timer is set to a random value
in the range of LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60 seconds). The factory default
is 1000 centiseconds (10 seconds).
Port GMRP Mode Indicates the GMRP administrative mode for the port. It may be
enabled or disabled. If this parameter is disabled, Join Time, Leave
Time and Leave All Time have no effect.
2.9.4show mac-address-table gmrp
This command displays the GMRP entries in the Multicast Forwarding Database
(MFDB) table.
Format
Mode Privileged EXEC
Mac Address A unicast MAC address for which the switch has forwarding and or
Type Displays the type of the entry. Static entries are those that are config-
Description The text description of this multicast table entry.
Interfaces The list of interfaces that are designated for forwarding (Fwd:) and fil-
show mac-address-table gmrp
filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In
an IVL system the MAC address is displayed as 8 bytes.
ured by the end user. Dynamic entries are added to the table as a result
of a learning process or protocol.
tering (Flt:).
2.10Port-Based Network Access Control Commands
This section describes the commands you use to configure port-based network access
control (802.1x). Port-based network access control allows you to permit access to
network services only to and devices that are authorized and authenticated.
2.10.1authentication login
This command creates an authentication login list. The <listname> is any character
string and is not case sensitive. Up to 10 authentication login lists can be configured on
the switch. When a list is created, the authentication method “local” is set as the first
method.
When the optional parameters “Option1”, “Option2” and/or “Option3” are used, an
ordered list of methods are set in the authentication login list. If the authentication
login list does not exist, a new authentication login list is first created and then the
authentication methods are set in the authentication login list. The maximum number
Page 2 - 37AT8904M CLI Reference Manual
Switching CommandsAT8904M
of authentication login methods is three. The possible method values are local,
radius
and reject.
The value of
local indicates that the user’s locally stored ID and password are used for
authentication. The value of
authenticated using the RADIUS server. The value of
never authenticated.
To authenticate a user, the first authentication method in the user’s login
(authentication login list) is attempted. FASTPATH software does not utilize multiple
entries in the user’s login. If the first entry returns a timeout, the user authentication
attempt fails.
NOTE: The default login list included with the default configuration can not
This command deletes the specified authentication login list. The attempt to delete fails
if any of the following conditions are true:
•The login list name is invalid or does not match an existing authentication login list
•The specified authentication login list is assigned to any user or to the non configured user for any component
•The login list is the default login list included with the default configuration and
was not created using ‘authentication login’. The default login list cannot be
deleted.
radius indicates that the user’s ID and password will be
reject indicates the user is
Format
no authentication login <listname>
Mode Global Config
2.10.2clear dot1x statistics
This command resets the 802.1x statistics for the specified port or for all ports.
Format
clear dot1x statistics {<slot/port> | all}
Mode Privileged EXEC
2.10.3clear radius statistics
This command is used to clear all RADIUS statistics.
Format
clear radius statistics
Mode Privileged EXEC
2.10.4dot1x defaultlogin
This command assigns the authentication login list to use for non-configured users for
802.1x port security. This setting is over-ridden by the authentication login list
AT8904M CLI Reference ManualPage 2 - 38
AT8904MSwitching Commands
assigned to a specific user if the user is configured locally. If this value is not
configured, users will be authenticated using local authentication only.
Format
dot1x defaultlogin <listname>
Mode Global Config
2.10.5dot1x initialize
This command begins the initialization sequence on the specified port. This command
is only valid if the control mode for the specified port is 'auto'. If the control mode is
not 'auto' an error will be returned.
Format
dot1x initialize <slot/port>
Mode Privileged EXEC
2.10.6dot1x login
This command assigns the specified authentication login list to the specified user for
802.1x port security. The
<listname> parameter must be a configured authentication login list.
Format
dot1x login <user> <listname>
Mode Global Config
2.10.7dot1x max-req
This command sets the maximum number of times the authenticator state machine on
this port will transmit an EAPOL EAP Request/Identity frame before timing out the
supplicant. The
<count> value must be in the range 1 - 10.
<user> parameter must be a configured user and the
Default 2
Format
dot1x max-req <count>
Mode Interface Config
2.10.7.1no dot1x max-req
This command sets the maximum number of times the authenticator state machine on
this port will transmit an EAPOL EAP Request/Identity frame before timing out the
supplicant.
Format
no dot1x max-req
Mode Interface Config
2.10.8dot1x port-control
This command sets the authentication mode to use on the specified port. Select force-
unauthorized
port to unauthorized. Select
unconditionally sets the controlled port to authorized. Select
authenticator PAE sets the controlled port mode to reflect the outcome of the
authentication exchanges between the supplicant, authenticator and the authentication
server.
to specify that the authenticator PAE unconditionally sets the controlled
force-authorized to specify that the authenticator PAE
This command sets the authentication mode on the specified port to the default value.
Format
no dot1x port-control
Mode Interface Config
2.10.9dot1x port-control all
This command sets the authentication mode to use on all ports. Select force-
unauthorized
port to unauthorized. Select
unconditionally sets the controlled port to authorized. Select
authenticator PAE sets the controlled port mode to reflect the outcome of the
authentication exchanges between the supplicant, authenticator and the authentication
server.
Default auto
Format
to specify that the authenticator PAE unconditionally sets the controlled
dot1x port-control all {force-unauthorized | force-authorized | auto}
force-authorized to specify that the authenticator PAE
auto to specify that the
Mode Global Config
2.10.9.1no dot1x port-control all
This command sets the authentication mode on all ports to the default value.
Format
no dot1x port-control all
Mode Global Config
2.10.10dot1x re-authenticate
This command begins the re-authentication sequence on the specified port. This
command is only valid if the control mode for the specified port is 'auto'. If the control
mode is not 'auto' an error will be returned.
Format
dot1x re-authenticate <slot/port>
Mode Privileged EXEC
2.10.11dot1x re-authentication
This command enables re-authentication of the supplicant for the specified port.
Default disabled
Format
dot1x re-authentication
Mode Interface Config
AT8904M CLI Reference ManualPage 2 - 40
AT8904MSwitching Commands
2.10.11.1no dot1x re-authentication
This command disables re-authentication of the supplicant for the specified port.
Format
Mode Interface Config
no dot1x re-authentication
2.10.12dot1x system-auth-control
Use this command to enable the dot1x authentication support on the switch. While
disabled, the dot1x configuration is retained and can be changed, but is not activated.
Default disabled
Format
Mode Global Config
dot1x system-auth-control
2.10.12.1no dot1x system-auth-control
This command is used to disable the dot1x authentication support on the switch.
Format.
Mode Global Config
no dot1x system-auth-control
2.10.13dot1x timeout
This command sets the value, in seconds, of the timer used by the authenticator state
machine on this port. Depending on the token used and the value (in seconds) passed,
various timeout configurable parameters are set. The following tokens are supported.
reauth-period: Sets the value, in seconds, of the timer used by the authenticator state
machine on this port to determine when re-authentication of the supplicant takes place.
The reauth-period must be a value in the range 1 - 65535.
quiet-period: Sets the value, in seconds, of the timer used by the authenticator state
machine on this port to define periods of time in which it will not attempt to acquire a
supplicant. The quiet-period must be a value in the range 0 - 65535.
tx-period: Sets the value, in seconds, of the timer used by the authenticator state
machine on this port to determine when to send an EAPOL EAP Request/Identity
frame to the supplicant. The quiet-period must be a value in the range 1 - 65535.
supp-timeout: Sets the value, in seconds, of the timer used by the authenticator state
machine on this port to timeout the supplicant. The supp-timeout must be a value in the
range 1 - 65535.
server-timeout: Sets the value, in seconds, of the timer used by the authenticator state
machine on this port to timeout the authentication server. The supp-timeout must be a
value in the range 1 - 65535.
This command sets the value, in seconds, of the timer used by the authenticator state
machine on this port to the default values. Depending on the token used, the
corresponding default values are set.
This command adds the specified user to the list of users with access to the specified
port or all ports. The
Format
<user> parameter must be a configured user.
dot1x user <user> {<slot/port> | all}
Mode Global Config
2.10.14.1no dot1x user
This command removes the user from the list of users with access to the specified port
or all ports.
Format
no dot1x user <user> {<slot/port> | all}
Mode Global Config
2.10.15users defaultlogin
This command assigns the authentication login list to use for non-configured users
when attempting to log in to the system. This setting is overridden by the
authentication login list assigned to a specific user if the user is configured locally. If
this value is not configured, users will be authenticated using local authentication only.
Format
users defaultlogin <listname>
Mode Global Config
2.10.16users login
This command assigns the specified authentication login list to the specified user for
system login. The
a configured login list.
If the user is assigned a login list that requires remote authentication, all access to the
interface from all CLI, web, and telnet sessions will be blocked until the authentication
is complete.
Note that the login list associated with the ‘admin’ user can not be changed to prevent
accidental lockout from the switch.
AT8904M CLI Reference ManualPage 2 - 42
<user> must be a configured <user> and the <listname> must be
AT8904MSwitching Commands
Format users login <user> <listname>
Mode Global Config
2.10.17show authentication
This command displays the ordered authentication methods for all authentication login
lists.
Format
show authentication
Mode Privileged EXEC
Authentication Login List This displays the authentication login listname.
Method 1 This displays the first method in the specified authentication login list,
if any.
Method 2 This displays the second method in the specified authentication login
list, if any.
Method 3 This displays the third method in the specified authentication login
list, if any.
2.10.18show authentication users
This command displays information about the users assigned to the specified
authentication login list. If the login is assigned to non-configured users, the user
“default” will appear in the user column.
Format
Mode Privileged EXEC
User This field displays the user assigned to the specified authentication
Component This field displays the component (User or 802.1x) for which the
show authentication users <listname>
login list.
authentication login list is assigned.
2.10.19show dot1x
This command is used to show a summary of the global dot1x configuration, summary
information of the dot1x configuration for a specified port or all ports, the detailed
dot1x configuration for a specified port and the dot1x statistics for a specified port depending on the tokens used.
Format
Mode Privileged EXEC
If you do not use any of the optional parameters, the global dot1x configuration
summary is displayed.
Administrative mode Indicates whether authentication control on the switch is
If you use the optional parameter
configuration for the specified port or all ports are displayed.
Port The interface whose configuration is displayed.
Control Mode The configured control mode for this port. Possible values are force-
unauthorized | force-authorized | auto.
Operating Control Mode The control mode under which this port is operating. Possi-
ble values are authorized | unauthorized.
Reauthentication Enabled Indicates whether re-authentication is enabled on this
port.
Key Transmission Enabled Indicates if the key is transmitted to the supplicant for
the specified port.
If the optional parameter 'detail
for the specified port are displayed.
Port The interface whose configuration is displayed.
Protocol Version The protocol version associated with this port. The only possible
value is 1, corresponding to the first version of the dot1x specification.
PAE Capabilities The port access entity (PAE) functionality of this port. Possible val-
ues are Authenticator or Supplicant.
Authenticator PAE State Current state of the authenticator PAE state machine. Possi-
ble values are Initialize, Disconnected, Connecting, Authenticating,
Authenticated, Aborting, Held, ForceAuthorized, and ForceUnauthorized.
Backend Authentication State Current state of the backend authentication state
machine. Possible values are Request, Response, Success, Fail, Timeout, Idle, and Initialize.
Quiet Period The timer used by the authenticator state machine on this port to
define periods of time in which it will not attempt to acquire a supplicant. The value is expressed in seconds and will be in the range 0 and
65535.
Transmit Period The timer used by the authenticator state machine on the specified
port to determine when to send an EAPOL EAP Request/Identity
frame to the supplicant. The value is expressed in seconds and will be
in the range of 1 and 65535.
<slot/port>' is used, the detailed dot1x configuration
Supplicant Timeout The timer used by the authenticator state machine on this port to
timeout the supplicant. The value is expressed in seconds and will be
in the range of 1 and 65535.
Server Timeout The timer used by the authenticator on this port to timeout the
authentication server. The value is expressed in seconds and will be in
the range of 1 and 65535.
Maximum Requests The maximum number of times the authenticator state machine
on this port will retransmit an EAPOL EAP Request/Identity before
timing out the supplicant. The value will be in the range of 1 and 10.
Reauthentication Period The timer used by the authenticator state machine on this
port to determine when reauthentication of the supplicant takes place.
AT8904M CLI Reference ManualPage 2 - 44
AT8904MSwitching Commands
The value is expressed in seconds and will be in the range of 1 and
65535.
Reauthentication Enabled Indicates if reauthentication is enabled on this port. Possi-
ble values are ‘True” or “False”.
Key Transmission Enabled Indicates if the key is transmitted to the supplicant for
the specified port. Possible values are True or False.
Control Direction Indicates the control direction for the specified port or ports. Possi-
ble values are both or in.
If you use the optional parameter
statistics for the specified port appear.
Port The interface whose statistics are displayed.
EAPOL Frames Received The number of valid EAPOL frames of any type that have
been received by this authenticator.
EAPOL Frames Transmitted The number of EAPOL frames of any type that have
been transmitted by this authenticator.
EAPOL Start Frames Received The number of EAPOL start frames that have been
received by this authenticator.
EAPOL Logoff Frames Received The number of EAPOL logoff frames that have
been received by this authenticator.
Last EAPOL Frame Version The protocol version number carried in the most
recently received EAPOL frame.
Last EAPOL Frame Source The source MAC address carried in the most recently
received EAPOL frame.
EAP Response/Id Frames Received The number of EAP response/identity frames
that have been received by this authenticator.
EAP Response Frames Received The number of valid EAP response frames (other
than resp/id frames) that have been received by this authenticator.
statistics <slot/port>, the following dot1x
EAP Request/Id Frames Transmitted The number of EAP request/identity frames
that have been transmitted by this authenticator.
EAP Request Frames Transmitted The number of EAP request frames (other than
request/identity frames) that have been transmitted by this authenticator.
Invalid EAPOL Frames Received The number of EAPOL frames that have been
received by this authenticator in which the frame type is not recognized.
EAP Length Error Frames Received The number of EAPOL frames that have been
received by this authenticator in which the frame type is not recognized.
2.10.20show dot1x users
This command displays 802.1x port security user information for locally configured
users.
Page 2 - 45AT8904M CLI Reference Manual
Switching CommandsAT8904M
Format show dot1x users <slot/port>
Mode Privileged EXEC
User Users configured locally to have access to the specified port.
2.10.21show users authentication
This command displays all user and all authentication login information. It also
displays the authentication login list assigned to the default user.
Format
Mode Privileged EXEC
User Lists every user that has an authentication login list assigned.
System Login Displays the authentication login list assigned to the user for system
802.1x Port Security This field displays the authentication login list assigned to the
show users authentication
login.
user for 802.1x port security.
2.11Storm-Control Commands
This section describes commands you use to configure storm control and view stormcontrol configuration information. The Storm Control feature allows you to limit the
rate of specific types of packets through the switch on a per-port, per-type, basis. The
Storm Control feature can help maintain network performance.
2.11.1storm-control broadcast
Use this command to enable broadcast storm recovery mode for a specific interface. If
the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast
traffic ingressing on an interface increases beyond the configured threshold, the traffic
will be dropped. Therefore, the rate of broadcast traffic will be limited to the
configured threshold.
Default disabled
Format
Mode Interface Config
storm-control broadcast
2.11.1.1no storm-control broadcast
Use this command to disable broadcast storm recovery mode for a specific interface.
Format
Mode Interface Config
no storm-control broadcast
2.11.2storm-control broadcast level
Use this command to configure the broadcast storm recovery threshold for an interface.
When you use this command, broadcast storm recovery mode is enabled on the
interface and broadcast storm recovery is active. If the rate of L2 broadcast traffic
AT8904M CLI Reference ManualPage 2 - 46
AT8904MSwitching Commands
ingressing on an interface increases beyond the configured threshold, the traffic is
dropped. Therefore, the rate of broadcast traffic is limited to the configured threshold.
Default 5
Format
storm-control broadcast level <0-100>
Mode Interface Config
2.11.2.1no storm-control broadcast level
This command sets the broadcast storm recovery threshold to the default value for an
interface and disables broadcast storm recovery.
Format
no storm-control broadcast level
Mode Interface Config
2.11.3storm-control broadcast all
This command enables broadcast storm recovery mode for all interfaces. If the mode is
enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic
ingressing on an interface increases beyond the configured threshold, the traffic will be
dropped. Therefore, the rate of broadcast traffic will be limited to the configured
threshold.
Default disabled
Format
Mode Global Config
storm-control broadcast all
2.11.3.1no storm-control broadcast all
This command disables broadcast storm recovery mode for all interfaces.
Format
no storm-control broadcast all
Mode Global Config
2.11.4storm-control broadcast all level
This command configures the broadcast storm recovery threshold for all interfaces. If
the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast
traffic ingressing on an interface increases beyond the configured threshold, the traffic
will be dropped. Therefore, the rate of broadcast traffic will be limited to the
configured threshold.This command also enables broadcast storm recovery mode for
all interfaces.
Default 5
Format
storm-control broadcast all level <0-100>
Mode Global Config
2.11.4.1no storm-control broadcast all level
This command sets the broadcast storm recovery threshold to the default value for all
interfaces and disables broadcast storm recovery.
Page 2 - 47AT8904M CLI Reference Manual
Switching CommandsAT8904M
Format no storm-control broadcast all level
Mode Global Config
2.11.5storm-control multicast
This command enables multicast storm recovery mode for an interface. If the mode is
enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic
ingressing on an interface increases beyond the configured threshold, the traffic will be
dropped. Therefore, the rate of multicast traffic will be limited to the configured
threshold.
Default disabled
Format
Mode Interface Config
storm-control multicast
2.11.5.1no storm-control multicast
This command disables multicast storm recovery mode for an interface.
Format
Mode Interface Config
no storm-control multicast
2.11.6storm-control multicast level
This command configures the multicast storm recovery threshold for an interface and
enables multicast storm recovery mode. If the mode is enabled, multicast storm
recovery is active, and if the rate of L2 multicast traffic ingressing on an interface
increases beyond the configured threshold, the traffic will be dropped. Therefore, the
rate of multicast traffic will be limited to the configured threshold.
Default 5
Format
Mode Interface Config
storm-control multicast level <0-100>
2.11.6.1no storm-control multicast level
This command sets the multicast storm recovery threshold to the default value for an
interface and disables multicast storm recovery.
Format
Mode Interface Config
no storm-control multicast level
2.11.7storm-control multicast all
This command enables multicast storm recovery mode for all interfaces. If the mode is
enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic
ingressing on an interface increases beyond the configured threshold, the traffic will be
dropped. Therefore, the rate of multicast traffic will be limited to the configured
threshold.
Default disabled
AT8904M CLI Reference ManualPage 2 - 48
AT8904MSwitching Commands
Format storm-control multicast all
Mode Global Config
2.11.7.1no storm-control multicast all
This command disables multicast storm recovery mode for all interfaces.
Format
no storm-control multicast all
Mode Global Config
2.11.8storm-control multicast all level
This command configures the multicast storm recovery threshold for all interfaces and
enables multicast storm recovery mode. If the mode is enabled, multicast storm
recovery is active, and if the rate of L2 multicast traffic ingressing on an interface
increases beyond the configured threshold, the traffic will be dropped. Therefore, the
rate of multicast traffic will be limited to the configured threshold.
Default 5
Format
storm-control multicast all level <0-100>
Mode Global Config
2.11.8.1no storm-control multicast all level
This command sets the multicast storm recovery threshold to the default value for all
interfaces and disables multicast storm recovery.
Format.
Mode Global Config
no storm-control multicast all level
2.11.9storm-control unicast
This command enables unicast storm recovery mode for an interface. If the mode is
enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast
(destination lookup failure) traffic ingressing on an interface increases beyond the
configured threshold, the traffic will be dropped. Therefore, the rate of unknown
unicast traffic will be limited to the configured threshold.
Default disabled
Format
storm-control unicast
Mode Interface Config
2.11.9.1no storm-control unicast
This command disables unicast storm recovery mode for an interface.
Format
Mode Interface Config
no storm-control unicast
Page 2 - 49AT8904M CLI Reference Manual
Switching CommandsAT8904M
2.11.10storm-control unicast level
This command configures the unicast storm recovery threshold for an interface and
enables unicast storm recovery. If the mode is enabled, unicast storm recovery is
active, and if the rate of unknown L2 unicast (destination lookup failure) traffic
ingressing on an interface increases beyond the configured threshold, the traffic will be
dropped. Therefore, the rate of unknown unicast traffic will be limited to the
configured threshold.This command also enables unicast storm recovery mode for an
interface.
Default 5
Format
storm-control unicast level <0-100>
Mode Interface Config
2.11.10.1no storm-control unicast level
This command sets the unicast storm recovery threshold to the default value for an
interface and disables unicast storm recovery.
Format
no storm-control unicast level
Mode Interface Config
2.11.11storm-control unicast all
This command enables unicast storm recovery mode for all interfaces. If the mode is
enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast
(destination lookup failure) traffic ingressing on an interface increases beyond the
configured threshold, the traffic will be dropped. Therefore, the rate of unknown
unicast traffic will be limited to the configured threshold.
Default disabled
Format
Mode Global Config
storm-control unicast all
2.11.11.1no storm-control unicast all
This command disables unicast storm recovery mode for all interfaces.
Format
no storm-control unicast all
Mode Global Config
2.11.12storm-control unicast all level
This command configures the unicast storm recovery threshold and enables unicast
storm recovery for all interfaces. If the mode is enabled, unicast storm recovery is
active, and if the rate of unknown L2 unicast (destination lookup failure) traffic
ingressing on an interface increases beyond the configured threshold, the traffic will be
dropped. Therefore, the rate of unknown unicast traffic will be limited to the
configured threshold.
Default 5
Format
AT8904M CLI Reference ManualPage 2 - 50
storm-control unicast all level <0-100>
AT8904MSwitching Commands
Mode Global Config
2.11.12.1no storm-control unicast all level
This command returns the unicast storm recovery threshold to the default value and
disables unicast storm recovery for all interfaces.
Format
no storm-control unicast all level
Mode Global Config
2.11.13storm-control flowcontrol
This command enables 802.3x flow control for the switch and only applies to fullduplex mode ports.
NOTE: 802.3x flow control works by pausing a port when the port becomes
oversubscribed and dropping all traffic for small bursts of time during
the congestion condition. This can lead to high-priority and/or network
control traffic loss.
Default disabled
Format
storm-control flowcontrol
Mode Global Config
2.11.13.1no storm-control flowcontrol
This command disables 802.3x flow control for the switch.
NOTE: This command only applies to full-duplex mode ports.
Format
no storm-control flowcontrol
Mode Global Config
2.11.14show storm-control
This command displays switch configuration information. If you do not use any of the
optional parameters, this command displays global storm control configuration
parameters. Use the
all interfaces, or specify the slot/port to display information about a specific interface.
Format
Mode Privileged EXEC
Bcast Mode Shows whether the broadcast storm control mode is enabled or dis-
Bcast Level Shows the broadcast storm control level.
Mcast Mode Shows whether the multicast storm control mode is enabled or dis-
Mcast Level Shows the multicast storm control level.
Ucast Mode Shows whether the Unknown Unicast or DLF (Destination Lookup
all keyword to display the per-port configuration parameters for
show storm-control [all | <slot/port>]
abled.
abled.
Failure) storm control mode is enabled or disabled.
Page 2 - 51AT8904M CLI Reference Manual
Switching CommandsAT8904M
Ucast Level Shows the Unknown Unicast or DLF (Destination Lookup Failure)
storm control level
2.12Port-Channel/LAG (802.3ad) Commands
This section describes the commands you use to configure port-channels, which are
also known as link aggregation groups (LAGs). Link aggregation allows you to
combine multiple full-duplex Ethernet links into a single logical link. Network devices
treat the aggregation as if it were a single link, which increases fault tolerance and
provides load sharing. The LAG feature initially load shares traffic based upon the
source and destination MAC address.Assign the port-channel (LAG) VLAN
membership after you create a port-channel. If you do not assign VLAN membership,
the port-channel might become a member of the management VLAN which can result
in learning and switching issues.
A port-channel (LAG) interface can be either static or dynamic, but not both. All
members of a port channel must participate in the same protocols.) A static portchannel interface does not require a partner system to be able to aggregate its member
ports.
NOTE: If you configure the maximum number of dynamic port-channels
(LAGs) that your platform supports, additional port-channels that you
configure are automatically static.
2.12.1port-channel
This command configures a new port-channel (LAG) and generates a logical slot/port
number for the port-channel. The
dash “-” character as well as alphanumeric characters. Use the
command to display the slot/port number for the logical interface.
NOTE: Before you include a port in a port-channel, set the port physical
mode. For more information, see 2.1.8 “speed” on page 2 - 4.
Format
Mode Global Config
port-channel <name>
2.12.1.1no port-channel
This command deletes a port-channel (LAG).
Format
Mode Global Config
no port-channel {<logical slot/port> | all}
<name> field is a character string which allows the
show port channel
2.12.2addport
This command adds one port to the port-channel (LAG). The first interface is a Logical
slot and port number. of a configured port-channel.
NOTE: Before adding a port to a port-channel, set the physical mode of the
port. For more information, see 2.1.8 “speed” on page 2 - 4.
Format
AT8904M CLI Reference ManualPage 2 - 52
addport <logical slot/port>
AT8904MSwitching Commands
Mode Interface Config
2.12.3deleteport (Interface Config)
This command deletes the port from the port-channel (LAG). The interface is a Logical
slot and port number. of a configured port-channel.
Format
Mode Interface Config
deleteport <logical slot/port>
2.12.4deleteport (Global Config)
This command deletes all configured ports from the port-channel (LAG). The interface
is a Logical slot and port number. of a configured port-channel. To clear the port
channels, see 5.5.6 “clear port-channel” on page 5 - 25
Format
Mode Global Config
deleteport {<logical slot/port> | all}
2.12.5port-channel static
This command enables the static mode on a port-channel (LAG) interface. By default
the static mode for a new port-channel is disabled, which means the port-channel is
dynamic. However if the maximum number of allowable dynamic port-channels are
already present in the system, the static mode for a new port-channel enabled, which
means the port-channel is static.You can only use this command on port-channel
interfaces.
Default disabled
Format
port-channel static
Mode Interface Config
2.12.5.1no port-channel static
This command sets the static mode on a particular port-channel (LAG) interface to the
default value. This command will be executed only for interfaces of type port-channel
(LAG).
Format
Mode Interface Config
no port-channel static
2.12.6port lacpmode
This command enables Link Aggregation Control Protocol (LACP) on a port.
Default enabled
Format port lacpmode
Mode Interface Config
2.12.6.1no port lacpmode
This command disables Link Aggregation Control Protocol (LACP) on a port.
Page 2 - 53AT8904M CLI Reference Manual
Switching CommandsAT8904M
Format no port lacpmode
Mode Interface Config
2.12.7port lacpmode all
This command enables Link Aggregation Control Protocol (LACP) on all ports.
Format
port lacpmode all
Mode Global Config
2.12.7.1no port lacpmode all
This command disables Link Aggregation Control Protocol (LACP) on all ports.
Format
no port lacpmode all
Mode Global Config
2.12.8port-channel adminmode
This command enables a port-channel (LAG). The option all sets every configured
port-channel with the same administrative mode setting.
Format
port-channel adminmode [all]
Mode Global Config
2.12.8.1no port-channel adminmode
This command disables a port-channel (LAG). The option all sets every configured
port-channel with the same administrative mode setting.
Format
no port-channel adminmode [all]
Mode Global Config
2.12.9port-channel linktrap
This command enables link trap notifications for the port-channel (LAG). The
interface is a logical slot/port for a configured port-channel. The option
configured port-channel with the same administrative mode setting.
Default enabled
Format
port-channel linktrap {<logical slot/port> | all}
Mode Global Config
2.12.9.1no port-channel linktrap
This command disables link trap notifications for the port-channel (LAG). The
interface is a logical slot and port for a configured port-channel. The option
every configured port-channel with the same administrative mode setting.
Format
Mode Global Config
no port-channel linktrap {<logical slot/port> | all}
all sets every
all sets
AT8904M CLI Reference ManualPage 2 - 54
AT8904MSwitching Commands
2.12.10port-channel name
This command defines a name for the port-channel (LAG). The interface is a logical
slot/port for a configured port-channel, and
characters.
<name> is an alphanumeric string up to 15
Format
port-channel name {<logical slot/port> | all | <name>}
Mode Global Config
2.12.11show port-channel brief
This command displays a summary of individual port-channel (LAG) interfaces.
Format
show port-channel brief
Modes Privileged EXEC
User EXEC
For each port-channel the following information is displayed:
Logical Interface Shows the slot/port of the logical interface.
Port-channel Name Shows the name of port-channel (LAG) interface.
Link-State Shows whether the link is up or down.
Type Shows whether the port-channel is statically or dynamically main-
tained.
Mbr Ports Shows the members of this port-channel
Active Ports Shows ports that are actively participating in the port-channel
2.12.12show port-channel
This command displays an overview of all port-channels (LAGs) on the switch.
Format
show port-channel {<logical slot/port> | all}
Modes Privileged EXEC
User EXEC
Logical Interface Valid slot and port number separated by forward slashes.
Port-Channel Name The name of this port-channel (LAG). You may enter any string
of up to 15 alphanumeric characters.
Link State Indicates whether the Link is up or down.
Admin Mode May be enabled or disabled. The factory default is enabled.
Link Trap Mode This object determines whether or not to send a trap when link sta-
tus changes. The factory default is enabled.
STP Mode The Spanning Tree Protocol Administrative Mode associated with the
port or port-channel (LAG). The possible values are:
Disable - Spanning tree is disabled for this port.
Enable - Spanning tree is enabled for this port.
Page 2 - 55AT8904M CLI Reference Manual
Switching CommandsAT8904M
Mbr Ports A listing of the ports that are members of this port-channel (LAG), in
slot/port notation. There can be a maximum of eight ports assigned to
a given port-channel (LAG).
Port Speed Speed of the port-channel port.
Type This field displays the status designating whether a particular port-
channel (LAG) is statically or dynamically maintained.
Static - The port-channel is statically maintained.
Dynamic - The port-channel is dynamically maintained.
Active Ports This field lists ports that are actively participating in the port-channel
(LAG).
2.13Port Mirroring
Port mirroring, which is also known as port monitoring, selects network traffic that you
can analyze with a network analyzer, such as a SwitchProbe device or other Remote
Monitoring (RMON) probe.
2.13.1monitor session
This command configures a probe port and a monitored port for monitor session (port
monitoring). Use the
to monitor. Use
rx to monitor only ingress packets, or use tx to monitor only egress
packets. If you do not specify an
ingress and egress packets. Use the
the interface to receive the monitored traffic. Use the
administrative mode of the session. If enabled, the probe port monitors all the traffic
received and transmitted on the physical monitored port.
Use this command without optional parameters to remove the monitor session (port
monitoring) designation from the source probe port, the destination monitored port and
all VLANs. Once the port is removed from the VLAN, you must manually add the port
to any desired VLANs. Use the
destination interface <slot/port> to remove the specified interface from the port
monitoring session. Use the
session.
source interface <slot/port> parameter to specify the interface
{rx | tx} option, the destination port monitors both
destination interface <slot/port> to specify
mode parameter to enabled the
source interface <slot/port> parameter or
mode parameter to disable the administrative mode of the
NOTE: Since the current version of FASTPATH only supports one session, if
you do not supply optional parameters, the behavior of this command
is similar to the behavior of the
This command removes all the source ports and a destination port for the and restores
the default value for mirroring session mode for all the configured sessions.
NOTE: This is a stand-alone “no” command. This command does not have a
“normal” form.
Default enabled
Format
no monitor
Mode Global Config
2.13.3show monitor session
This command displays the Port monitoring information for a particular mirroring
session.
NOTE: The
<session-id> parameter is an integer value used to identify the
session. In the current version of the software, the
parameter is always one (1).
Format
show monitor session <session-id>
Mode Privileged EXEC
Session ID An integer value used to identify the session. Its value can be anything
between 1 and the maximum number of mirroring sessions allowed on
the platform.
Monitor Session Mode I
ndicates whether the Port Mirroring feature is enabled or
disabled for the session identified with
values are Enabled and Disabled
Probe Port Probe port (destination port) for the session identified with
id>. If probe port is not set then this field is blank.
<session-id>
<session-id>. The possible
.
<session-
Source Port The
port, which is configured as mirrored port (source port) for the
session identified with
ured for the session then this field is blank.
Type Direction in which source port configured for port mirroring.Types
are tx for transmitted packets and rx for receiving packets.
2.14Static MAC Filtering
The commands in this section describe how to configure static MAC filtering.
2.14.1macfilter
This command adds a static MAC filter entry for the MAC address <macaddr> on the
VLAN <
number in the format of b1:b2:b3:b4:b5:b6. The restricted MAC Addresses are:
00:00:00:00:00:00, 01:80:C2:00:00:00 to 01:80:C2:00:00:0F, 01:80:C2:00:00:20 to
01:80:C2:00:00:21, and FF:FF:FF:FF:FF:FF. The <
valid VLAN. You can create up to 100 static MAC filters.
vlanid>. The value of the <macaddr> parameter is a 6-byte hexadecimal
<session-id>. If no source port is config-
vlanid> parameter must identify a
Page 2 - 57AT8904M CLI Reference Manual
Switching CommandsAT8904M
Format macfilter <macaddr> <vlanid>
Mode Global Config
2.14.1.1no macfilter
This command removes all filtering restrictions and the static MAC filter entry for the
MAC address
specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
<vlanid> parameter must identify a valid VLAN.
The
<macaddr> on the VLAN <vlanid>. The <macaddr> parameter must be
Format
no macfilter <macaddr> <vlanid>
Mode Global Config
2.14.2macfilter addsrc
This command adds the interface to the source filter set for the MAC filter with the
MAC address of <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must
be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The
<vlanid> parameter must identify a valid VLAN.
Format
macfilter addsrc <macaddr> <vlanid>
Mode Interface Config
2.14.2.1no macfilter addsrc
This command removes a port from the source filter set for the MAC filter with the
MAC address of
<macaddr> and VLAN of <vlanid>. The <macaddr> parameter
must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
The
<vlanid> parameter must identify a valid VLAN.
Format
no macfilter addsrc <macaddr> <vlanid>
Mode Interface Config
2.14.3macfilter addsrc all
This command adds all interfaces to the source filter set for the MAC filter with the
MAC address of
<macaddr> and <vlanid>. You must specify the <macaddr>
parameter as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The
<vlanid> parameter must identify a valid VLAN.
Format
macfilter addsrc all <macaddr> <vlanid>
Mode Global Config
2.14.3.1no macfilter addsrc all
This command removes all interfaces to the source filter set for the MAC filter with the
MAC address of
parameter as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
<vlanid> parameter must identify a valid VLAN.
The
Format
AT8904M CLI Reference ManualPage 2 - 58
<macaddr> and VLAN of <vlanid>. You must specify the <macaddr>
no macfilter addsrc all <macaddr> <vlanid>
AT8904MSwitching Commands
Mode Global Config
2.14.4show mac-address-table static
This command displays the Static MAC Filtering information for all Static MAC
Filters. If you select
you supply a value for
system displays Static MAC Filter information only for that MAC address and VLAN.
<all>, all the Static MAC Filters in the system are displayed. If
<macaddr>, you must also enter a value for <vlanid>, and the
Format
Mode Privileged EXEC
MAC Address Is the MAC Address of the static MAC filter entry.
VLAN ID Is the VLAN ID of the static MAC filter entry.
Source Port(s) Indicates the source port filter set's slot and port(s).
show mac-address-table static {<macaddr> <vlanid> | all}
2.14.5show mac-address-table staticfiltering
This command displays the Static Filtering entries in the Multicast Forwarding
Database (MFDB) table.
Format
Mode Privileged EXEC
Mac Address A unicast MAC address for which the switch has forwarding and or
Type Displays the type of the entry. Static entries are those that are config-
Description The text description of this multicast table entry.
show mac-address-table staticfiltering
filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In
an IVL system the MAC address will be displayed as 8 bytes.
ured by the end user. Dynamic entries are added to the table as a result
of a learning process or protocol.
Interfaces The list of interfaces that are designated for forwarding (Fwd:) and fil-
tering (Flt:).
2.15IGMP Snooping Configuration Commands
This section describes the commands you use to configure IGMP snooping.
FASTPATH supports IGMP Versions 1, 2, and 3. The IGMP snooping feature can help
conserve bandwidth because it allows the switch to forward IP multicast traffic only to
connected hosts that request multicast traffic. IGMPv3 adds source filtering
capabilities to IGMP versions 1 and 2.
2.15.1set igmp
This command enables IGMP Snooping on the system (Global Config Mode) or an
interface (Interface Config Mode). This command also enables IGMP snooping on a
particular VLAN and can enable IGMP snooping on all interfaces participating in a
VLAN.
Page 2 - 59AT8904M CLI Reference Manual
Switching CommandsAT8904M
If an interface has IGMP Snooping enabled and you enable this interface for routing or
enlist it as a member of a port-channel (LAG), IGMP Snooping functionality is
disabled on that interface. IGMP Snooping functionality is re-enabled if you disable
routing or remove port-channel (LAG) membership from an interface that has IGMP
Snooping enabled.
The IGMP application supports the following activities:
•Validation of the IP header checksum (as well as the IGMP header checksum) and
discarding of the frame upon checksum error.
•Maintenance of the forwarding table entries based on the MAC address versus the
IP address.
•Flooding of unregistered multicast data packets to all ports in the VLAN.
Default disabled
Format
Modes Global Config
set igmp <vlanid>
Interface Config
VLAN Mode
2.15.1.1no set igmp
This command disables IGMP Snooping on the system.
Format
Modes Global Config
no set igmp <vlanid>
Interface Config
VLAN Mode
2.15.2set igmp interfacemode
This command enables IGMP Snooping on all interfaces. If an interface has IGMP
Snooping enabled and you enable this interface for routing or enlist it as a member of a
port-channel (LAG), IGMP Snooping functionality is disabled on that interface. IGMP
Snooping functionality is re-enabled if you disable routing or remove port-channel
(LAG) membership from an interface that has IGMP Snooping enabled.
Default disabled
Format
Mode Global Config
set igmp interfacemode
2.15.2.1no set igmp interfacemode
This command disables IGMP Snooping on all interfaces.
Format
Mode Global Config
no set igmp interfacemode
2.15.3set igmp fast-leave
This command enables or disables IGMP Snooping fast-leave admin mode on a
selected interface or VLAN. Enabling fast-leave allows the switch to immediately
AT8904M CLI Reference ManualPage 2 - 60
AT8904MSwitching Commands
remove the layer 2 LAN interface from its forwarding table entry upon receiving an
IGMP leave message for that multicast group without first sending out MAC-based
general queries to the interface.
You should enable fast-leave admin mode only on VLANs where only one host is
connected to each layer 2 LAN port. This prevents the inadvertent dropping of the
other hosts that were connected to the same layer 2 LAN port but were still interested
in receiving multicast traffic directed to that group. Also, fast-leave processing is
supported only with IGMP version 2 hosts.
Default disabled
Format
Modes Interface Config
set igmp fast-leave <vlanid>
VLAN Mode
2.15.3.1no set igmp fast-leave
This command disables IGMP Snooping fast-leave admin mode on a selected
interface.
Format
Modes Interface Config
no set igmp fast-leave <vlanid>
VLAN Mode
2.15.4set igmp groupmembership-interval
This command sets the IGMP Group Membership Interval time on a VLAN, one
interface or all interfaces. The Group Membership Interval time is the amount of time
in seconds that a switch waits for a report from a particular group on a particular
interface before deleting the interface from the entry. This value must be greater than
the IGMPv3 Maximum Response time value. The range is 2 to 3600 seconds.
Default 260 seconds
Format
set igmp groupmembership-interval <vlanid> <2-3600>
Modes Interface Config
Global Config
VLAN Mode
2.15.4.1no set igmp groupmembership-interval
This command sets the IGMPv3 Group Membership Interval time to the default value.
Format
Modes Interface Config
no set igmp groupmembership-interval
Global Config
VLAN Mode
2.15.5set igmp maxresponse
This command sets the IGMP Maximum Response time for the system, on a particular
interface or VLAN. The Maximum Response time is the amount of time in seconds
that a switch will wait after sending a query on an interface because it did not receive a
Page 2 - 61AT8904M CLI Reference Manual
Switching CommandsAT8904M
report for a particular group in that interface. This value must be less than the IGMP
Query Interval time value. The range is 1 to 3599 seconds.
Default 10 seconds
Format
set igmp maxresponse <1-3599>
Modes Global Config
Interface Config
VLAN Mode
2.15.5.1no set igmp maxresponse
This command sets the max response time (on the interface or VLAN) to the default
value.
Format
no set igmp maxresponse
Modes Global Config
Interface Config
VLAN Mode
2.15.6set igmp mcrtexpiretime
This command sets the Multicast Router Present Expiration time. The time is set for
the system, on a particular interface or VLAN. This is the amount of time in seconds
that a switch waits for a query to be received on an interface before the interface is
removed from the list of interfaces with multicast routers attached. The range is 0 to
3600 seconds. A value of 0 indicates an infinite time-out, i.e. no expiration.
Default 0
Format
set igmp mcrtexpiretime <vlanid> <0-3600>
Modes Global Config
Interface Config
2.15.6.1no set igmp mcrtexpiretime
This command sets the Multicast Router Present Expiration time to 0. The time is set
for the system, on a particular interface or a VLAN.
Format
no set igmp mcrtexpiretime <vlanid>
Modes Global Config
Interface Config
2.15.7set igmp mrouter
This command configures the VLAN ID for the VLAN that has the multicast router
mode enabled.
Format
set igmp mrouter <vlanid>
Mode Interface Config
2.15.7.1no set igmp mrouter
This command disables multicast router mode for a VLAN with a particular VLAN ID.
AT8904M CLI Reference ManualPage 2 - 62
AT8904MSwitching Commands
Format no set igmp mrouter <vlanid>
Mode Interface Config
2.15.8set igmp mrouter interface
This command configures the interface as a multicast router interface. When
configured as a multicast router interface, the interface is treated as a multicast router
interface in all VLANs.
Default disabled
Format
set igmp mrouter interface
Mode Interface Config
2.15.8.1no set igmp mrouter interface
This command disables the status of the interface as a statically configured multicast
router interface.
Format
no set igmp mrouter interface
Mode Interface Config
2.15.9show igmpsnooping
This command displays IGMP Snooping information. Configured information is
displayed whether or not IGMP Snooping is enabled.
Format
Mode Privileged EXEC
When the optional arguments
displays the following information:
Admin Mode This indicates whether or not IGMP Snooping is active on the switch.
Interfaces Enabled for IGMP Snooping Interfaces on which IGMP Snooping is
show igmpsnooping [<slot/port> | <vlanid>]
<slot/port> or <vlanid> are not used, the command
enabled.
Multicast Control Frame Count This displays the number of multicast control
frames that are processed by the CPU.
VLANS Enabled for IGMP Snooping VLANS on which IGMP Snooping is
enabled.
When you specify the
<slot/port> values, the following information displays:
IGMP Snooping Admin Mode ndicates whether IGMP Snooping is active on the
interface.
Fast Leave Mode Indicates whether IGMP Snooping Fast-leave is active on the
VLAN.
Group Membership Interval Shows the amount of time in seconds that a switch will
wait for a report from a particular group on a particular interface,
which is participating in the VLAN, before deleting the interface from
the entry.This value may be configured
Page 2 - 63AT8904M CLI Reference Manual
Switching CommandsAT8904M
Max Response Time Displays the amount of time the switch waits after it sends a
query on an interface, participating in the VLAN, because it did not
receive a report for a particular group on that interface. This value may
be configured.
Multicast Router Present Expiration Time Displays the amount of time to wait
before removing an interface that is participating in the VLAN from
the list of interfaces with multicast routers attached. The interface is
removed if a query is not received. This value may be configured.
When you specify a value for
<vlanid>, the following additional information appears:
VLAN Admin Mode Indicates whether IGMP Snooping is active on the VLAN.
2.15.10show igmpsnooping mrouter interface
This command displays information about statically configured ports.
Format
show igmpsnooping mrouter interface <slot/port>
Mode Privileged EXEC
Interface Shows the port on which multicast router information is being dis-
played.
Multicast Router Attached Indicates whether multicast router is statically enabled
on the interface.
VLAN ID Displays the list of VLANs of which the interface is a member.
2.15.11show igmpsnooping mrouter vlan
This command displays information about statically configured ports.
Format
Mode Privileged EXEC
Interface Shows the port on which multicast router information is being dis-
show igmpsnooping mrouter vlan <slot/port>
played.
VLAN ID Displays the list of VLANs of which the interface is a member.
2.15.12show mac-address-table igmpsnooping
This command displays the IGMP Snooping entries in the MFDB table.
Format
Mode Privileged EXEC
MAC Address A multicast MAC address for which the switch has forwarding or fil-
Type Displays the type of the entry, which is either static (added by the user)
AT8904M CLI Reference ManualPage 2 - 64
show mac-address-table igmpsnooping
tering information. The format is two-digit hexadecimal numbers that
are separated by colons, for example 01:23:45:67:89:AB. In an IVL
system the MAC address is displayed as a MAC address and VLAN
ID combination of 8 bytes.
or dynamic (added to the table as a result of a learning process or protocol).
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.