NEC N8406-026 Command Reference Guide

Download

Part number: 856-127950-202-00

First edition: Oct 2008

456-01798-000

PN# 456-01798-000

NEC N8406-026 10Gb Intelligent L3 Switch

Command Reference Guide (AOS)

Legal notices

The information contained herein is subject to change without notice. The only warranties for NEC products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. NEC shall not be liable for technical or editorial errors or omissions contained herein.

Microsoft®, Windows®, and Windows NT® are U.S. registered trademarks of Microsoft Corporation.

SunOS™ and Solaris™ are trademarks of Sun Microsystems, Inc. in the U.S. and other countries.

Cisco® is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.

Part number: 856-127950-202-00

First edition: Oct 2008

Contents

Command line interface

Introduction .................................................................................................................................................................. 8

Additional references ................................................................................................................................................. 8

Connecting to the switch .......................................................................................................................................... 8

Establishing a console connection ..................................................................................................................... 8

Setting an IP address ............................................................................................................................................. 9

Establishing a Telnet connection ........................................................................................................................ 9

Establishing an SSH connection .......................................................................................................................... 9

Accessing the switch ................................................................................................................................................ 10

Idle timeout ................................................................................................................................................................. 11

Typographical conventions ..................................................................................................................................... 11

Menu basics

Introduction ................................................................................................................................................................ 13

Main Menu .................................................................................................................................................................. 13

Menu summary .......................................................................................................................................................... 13

Global commands .................................................................................................................................................... 14

Command line history and editing ........................................................................................................................ 15

Command line interface shortcuts ........................................................................................................................ 16

Command stacking ............................................................................................................................................ 16

Command abbreviation .................................................................................................................................... 16

Tab completion .................................................................................................................................................... 16

First-time configuration

Introduction ................................................................................................................................................................ 17

Configuring Simple Network Management Protocol support ..................................................................... 17

Setting passwords ...................................................................................................................................................... 18

Changing the default administrator password .............................................................................................. 18

Changing the default user password .............................................................................................................. 19

Changing the default operator password...................................................................................................... 20

Information Menu

Introduction ................................................................................................................................................................ 21

Menu overview .......................................................................................................................................................... 21

System Information Menu ........................................................................................................................................ 22

SNMPv3 Information Menu ...................................................................................................................................... 22

SNMPv3 USM User Table information ................................................................................................................ 23

SNMPv3 View Table information ....................................................................................................................... 24

SNMPv3 Access Table information ................................................................................................................... 24

SNMPv3 Group Table information ..................................................................................................................... 25

SNMPv3 Community Table information ........................................................................................................... 25

SNMPv3 Target Address Table information ..................................................................................................... 25

SNMPv3 Target Parameters Table information ............................................................................................... 26

SNMPv3 Notify Table information ...................................................................................................................... 26

SNMPv3 dump ...................................................................................................................................................... 27

System information .................................................................................................................................................... 28

Show last 100 syslog messages................................................................................................................................ 28

System user information ............................................................................................................................................ 29

Layer 2 information .................................................................................................................................................... 30

FDB information menu .............................................................................................................................................. 31

Show all FDB information .................................................................................................................................... 31

Clearing entries from the FDB ............................................................................................................................ 31

Link Aggregation Control Protocol information ................................................................................................... 32

LACP dump ........................................................................................................................................................... 32

802.1x information ..................................................................................................................................................... 33

Spanning Tree information ....................................................................................................................................... 34

Rapid Spanning Tree and Multiple Spanning Tree information ........................................................................ 36

Common Internal Spanning Tree information ...................................................................................................... 38

Trunk group information ........................................................................................................................................... 39

VLAN information ....................................................................................................................................................... 40

Layer 2 general information .................................................................................................................................... 40

Layer 3 information .................................................................................................................................................... 40

Route information ...................................................................................................................................................... 41

Show all Route information ................................................................................................................................ 42

ARP information ......................................................................................................................................................... 43

Show all ARP entry information ......................................................................................................................... 43

ARP address list information ............................................................................................................................... 43

OSPF information ....................................................................................................................................................... 44

OSPF general information .................................................................................................................................. 45

OSPF interface information ................................................................................................................................ 45

OSPF Database information .............................................................................................................................. 45

OSPF route codes information ........................................................................................................................... 47

Routing Information Protocol information............................................................................................................. 47

RIP Routes information ........................................................................................................................................ 47

RIP user configuration ......................................................................................................................................... 47

IP information.............................................................................................................................................................. 48

IGMP multicast group information ......................................................................................................................... 48

IGMP multicast router port information ................................................................................................................. 49

VRRP information ....................................................................................................................................................... 49

QoS information ......................................................................................................................................................... 50

802.1p information ..................................................................................................................................................... 50

ACL information ......................................................................................................................................................... 51

RMON Information Menu ......................................................................................................................................... 51

RMON history information ................................................................................................................................... 51

RMON alarm information ................................................................................................................................... 52

RMON event information ................................................................................................................................... 54

Link status information ............................................................................................................................................... 54

Port information.......................................................................................................................................................... 55

SFP information ........................................................................................................................................................... 56

1-1 Uplink Failure Detection information .......................................................................................................... 56

Information dump ...................................................................................................................................................... 56

Statistics Menu

Introduction ................................................................................................................................................................ 57

Menu information ...................................................................................................................................................... 57

Port Statistics Menu .................................................................................................................................................... 57

802.1x statistics ...................................................................................................................................................... 58

Bridging statistics .................................................................................................................................................. 60

Ethernet statistics .................................................................................................................................................. 60

Interface statistics ................................................................................................................................................ 62

Internet Protocol (IP) statistics ............................................................................................................................ 63

Link statistics .......................................................................................................................................................... 64

Port RMON statistics ............................................................................................................................................. 64

Layer 2 statistics .......................................................................................................................................................... 66

FDB statistics .......................................................................................................................................................... 66

LACP statistics ....................................................................................................................................................... 66

Layer 3 statistics .......................................................................................................................................................... 67

GEA Layer 3 statistics menu ............................................................................................................................... 68

GEA Layer 3 statistics ........................................................................................................................................... 68

IP statistics .............................................................................................................................................................. 68

Route statistics ...................................................................................................................................................... 69

ARP statistics .......................................................................................................................................................... 69

DNS statistics ......................................................................................................................................................... 69

ICMP statistics ....................................................................................................................................................... 70

TCP statistics .......................................................................................................................................................... 71

UDP statistics ......................................................................................................................................................... 72

IGMP Multicast Group statistics ......................................................................................................................... 72

OSPF statistics menu ............................................................................................................................................ 73

OSPF global statistics ........................................................................................................................................... 73

VRRP statistics ....................................................................................................................................................... 76

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here.

RIP statistics ............................................................................................................................................................ 77

Management Processor statistics ........................................................................................................................... 77

Packet statistics .................................................................................................................................................... 78

TCP statistics .......................................................................................................................................................... 78

UDP statistics ......................................................................................................................................................... 79

CPU statistics ......................................................................................................................................................... 79

Access Control List (ACL) statistics menu .............................................................................................................. 79

ACL statistics ......................................................................................................................................................... 80

SNMP statistics ............................................................................................................................................................ 80

NTP statistics ................................................................................................................................................................ 82

Uplink Failure Detection (UFD) statistics ................................................................................................................. 83

Statistics dump ........................................................................................................................................................... 83

Configuration Menu

Introduction ................................................................................................................................................................ 84

Menu information ...................................................................................................................................................... 84

Viewing, applying, reverting, and saving changes ............................................................................................ 84

Viewing pending changes ...................................................................................................................................... 85

Applying pending changes .................................................................................................................................... 85

Reverting changes .................................................................................................................................................... 85

Saving the configuration .......................................................................................................................................... 85

Reminders ................................................................................................................................................................... 86

System configuration ................................................................................................................................................ 86

System host log configuration ........................................................................................................................... 87

Secure Shell Server configuration ..................................................................................................................... 88

RADIUS server configuration .............................................................................................................................. 89

TACACS+ server configuration .......................................................................................................................... 90

NTP server configuration ..................................................................................................................................... 91

System SNMP configuration ............................................................................................................................... 92

SNMPv3 configuration ......................................................................................................................................... 93

User Security Model configuration .................................................................................................................... 94

SNMPv3 View configuration ............................................................................................................................... 95

View-based Access Control Model configuration ........................................................................................ 96

SNMPv3 Group configuration ............................................................................................................................ 97

SNMPv3 Community Table configuration ....................................................................................................... 97

SNMPv3 Target Address Table configuration.................................................................................................. 98

SNMPv3 Target Parameters Table configuration ........................................................................................... 98

SNMPv3 Notify Table configuration .................................................................................................................. 99

System Access configuration ............................................................................................................................ 99

Management Networks configuration ......................................................................................................... 100

User Access Control configuration ................................................................................................................ 101

User ID configuration ........................................................................................................................................ 101

HTTPS Access configuration ............................................................................................................................ 102

Port configuration ................................................................................................................................................... 103

Temporarily disabling a port ........................................................................................................................... 104

Port link configuration ...................................................................................................................................... 104

Port ACL/QoS configuration ........................................................................................................................... 105

Layer 2 configuration ............................................................................................................................................. 105

802.1x configuration ............................................................................................................................................... 106

802.1x Global configuration............................................................................................................................ 106

802.1x Port configuration ................................................................................................................................. 107

Rapid Spanning Tree Protocol / Multiple Spanning Tree Protocol configuration ....................................... 109

Common Internal Spanning Tree configuration ......................................................................................... 110

CIST bridge configuration ................................................................................................................................ 110

CIST port configuration .................................................................................................................................... 112

Spanning Tree configuration ................................................................................................................................ 113

Bridge Spanning Tree configuration .............................................................................................................. 113

Spanning Tree port configuration .................................................................................................................. 114

Forwarding Database configuration .................................................................................................................. 115

Static FDB configuration .................................................................................................................................. 115

Trunk configuration ................................................................................................................................................. 116

IP Trunk Hash configuration ................................................................................................................................... 116

Layer 2 IP Trunk Hash configuration ............................................................................................................... 117

Link Aggregation Control Protocol configuration ............................................................................................ 117

LACP Port configuration .................................................................................................................................. 118

VLAN configuration ................................................................................................................................................ 118

Layer 3 configuration ............................................................................................................................................. 119

IP interface configuration ............................................................................................................................... 120

Default Gateway configuration .................................................................................................................... 120

IP Static Route configuration ................................................................................................................................ 121

Address Resolution Protocol configuration ........................................................................................................ 121

Static ARP configuration .................................................................................................................................. 122

IP Forwarding configuration ................................................................................................................................. 122

Network Filter configuration.................................................................................................................................. 123

Route Map configuration ..................................................................................................................................... 123

IP Access List configuration .................................................................................................................................. 124

Routing Information Protocol configuration ...................................................................................................... 124

RIP Interface configuration ............................................................................................................................. 125

RIP Route Redistribution configuration .......................................................................................................... 126

Open Shortest Path First configuration ............................................................................................................... 127

OSPF Area Index configuration ...................................................................................................................... 128

OSPF Summary Range configuration ............................................................................................................ 129

OSPF Interface configuration ......................................................................................................................... 129

OSPF Virtual Link configuration ....................................................................................................................... 130

OSPF Host Entry configuration ........................................................................................................................ 130

OSPF Route Redistribution configuration ...................................................................................................... 131

OSPF MD5 Key configuration .......................................................................................................................... 131

IGMP configuration ................................................................................................................................................ 132

IGMP snooping configuration ........................................................................................................................ 132

IGMPv3 Snooping configuration .................................................................................................................... 133

IGMP static multicast router configuration .................................................................................................. 134

IGMP filtering configuration ............................................................................................................................ 134

IGMP filter definition ......................................................................................................................................... 134

IGMP filtering port configuration .................................................................................................................... 135

Domain Name System configuration ................................................................................................................. 136

Bootstrap Protocol Relay configuration ............................................................................................................. 136

Virtual Router Redundancy Protocol configuration ........................................................................................ 137

VRRP Virtual Router configuration ................................................................................................................. 137

VRRP Virtual Router Priority Tracking configuration .................................................................................... 139

VRRP Virtual Router Group configuration..................................................................................................... 140

VRRP Virtual Router Group Priority Tracking configuration ....................................................................... 141

VRRP Interface configuration ......................................................................................................................... 141

VRRP Tracking configuration .......................................................................................................................... 142

Quality of Service configuration .......................................................................................................................... 143

QoS 802.1p configuration................................................................................................................................ 143

Access Control configuration .............................................................................................................................. 143

Access Control List configuration ........................................................................................................................ 145

ACL Ethernet Filter configuration ................................................................................................................... 145

ACL IP Version 4 Filter configuration .............................................................................................................. 146

ACL TCP/UDP Filter configuration .................................................................................................................. 146

ACL Meter configuration ................................................................................................................................. 147

ACL Re-mark configuration ............................................................................................................................ 148

ACL Re-mark In-Profile configuration ............................................................................................................ 148

ACL Re-mark In-Profile Update User Priority configuration ........................................................................ 148

ACL Re-mark Out-of-Profile configuration ................................................................................................... 149

ACL Packet Format configuration ................................................................................................................. 149

ACL Group configuration ................................................................................................................................ 149

Remote Monitoring configuration ....................................................................................................................... 150

RMON history configuration ............................................................................................................................ 150

RMON event configuration ............................................................................................................................. 151

RMON alarm configuration ............................................................................................................................. 151

Port mirroring............................................................................................................................................................ 153

Port-based port mirroring ................................................................................................................................ 153

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here.

Uplink Failure Detection configuration ............................................................................................................... 154

Failure Detection Pair (FDP) configuration ................................................................................................... 154

Link to Monitor (LtM) configuration ............................................................................................................... 155

Link to Disable configuration .......................................................................................................................... 155

Configuration Dump .............................................................................................................................................. 156

Saving the active switch configuration .............................................................................................................. 156

Restoring the active switch configuration ......................................................................................................... 156

Operations Menu

Introduction ............................................................................................................................................................. 158

Menu information ................................................................................................................................................... 158

Operations-level port options ......................................................................................................................... 158

Operations-level port 802.1x options ............................................................................................................. 159

Operations-level VRRP options ....................................................................................................................... 159

Boot Options Menu

Introduction ............................................................................................................................................................. 160

Menu information ................................................................................................................................................... 160

Updating the switch software image ................................................................................................................. 160

Downloading new software to the switch ................................................................................................... 160

Selecting a software image to run ...................................................................................................................... 161

Uploading a software image from the switch .................................................................................................. 162

Selecting a configuration block .......................................................................................................................... 162

Resetting the switch ............................................................................................................................................... 164

Accessing the ISCLI ................................................................................................................................................ 164

Maintenance Menu

Introduction ............................................................................................................................................................. 165

Menu information ................................................................................................................................................... 165

System maintenance options ......................................................................................................................... 166

Forwarding Database options ........................................................................................................................ 166

Debugging options ........................................................................................................................................... 167

ARP cache options ........................................................................................................................................... 167

IP Route Manipulation options ....................................................................................................................... 168

IGMP Multicast Group options ....................................................................................................................... 168

IGMP Snooping options ................................................................................................................................... 168

IGMP Mrulticast Routers options ..................................................................................................................... 169

Technical support dump ....................................................................................................................................... 169

FTP/TFTP technical support dump put ........................................................................................................... 169

Uuencode flash dump ..................................................................................................................................... 169

FTP/TFTP system dump put ............................................................................................................................... 170

Clearing dump information ............................................................................................................................ 170

Panic command ............................................................................................................................................... 170

Unscheduled system dumps ................................................................................................................................. 171

Table 1 Console configuration parameters

Parameter

Value

Baud Rate

9600

Data Bits

Parity

None

Stop Bits

Flow Control

None

Command line interface

Introduction

The 10Gb Intelligent L3 Switch is ready to perform basic switching functions right out of the box. Some of the more advanced features, however, require some administrative configuration before they can be used effectively.

The extensive switching software included in the switch provides a variety of options for accessing and configuring the switch:

Built-in, text-based command line interfaces (AOS CLI and ISCLI) for access via a local terminal or

remote Telnet/Secure Shell (SSH) session

Simple Network Management Protocol (SNMP) support for access through network management

software such as NEC WebSAM NetvisorPro

A browser-based management interface for interactive network access through the Web browser

The command line interface is the most direct method for collecting switch information and performing switch configuration. Using a basic terminal, you can view information and statistics about the switch, and perform any necessary configuration.

This chapter explains how to access the AOS CLI to the switch.

Additional references

Additional information about installing and configuring the switch is available in the following guides, which are attached in this product.

N8406-026 10Gb Intelligent L3 Switch User’s Guide N8406-026 10Gb Intelligent L3 Switch Application Guide N8406-026 10Gb Intelligent L3 Switch Command Reference Guide (ISCLI) N8406-026 10Gb Intelligent L3 Switch Browser-based Interface Reference Guide

Connecting to the switch

You can access the command line interface in one of the following ways:

Using a console connection via the console port Using a Telnet connection over the network Using a Secure Shell (SSH) connection to securely log in over a network

Establishing a console connection

To establish a console connection with the switch, you need:

A null modem cable with a female DB-9 connector (See the N8406-026 10Gb Intelligent L3 Switch

User’s Guide for more information.)

An ASCII terminal or a computer running terminal emulation software set to the parameters shown in

the table below

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 8

To establish a console connection with the switch:

telnet <10Gb Intelligent L3 Switch IP address>

1. Connect the terminal to the console port using the null modem cable.

2. Power on the terminal.

3. Press the Enter key a few times on the terminal to establish the connection.

4. You will be required to enter a password for access to the switch. (For more information, see the

―Setting passwords‖ section in the ―First-time configuration‖ chapter.)

Setting an IP address

To access the switch via a Telnet or an SSH connection, you need to have an Internet Protocol (IP) address set for the switch. The switch can get its IP address in one of the following ways:

Management port access:

Using a Dynamic Host Control Protocol (DHCP) server—When the /cfg/sys/dhcp command is

enabled, the management interface (interface 250) requests its IP address from a DHCP server. The default value for the /cfg/sys/dhcp command is enabled.

Configuring manually—If the network does not support DHCP, you must configure the

management interface (interface 256) with an IP address. If you want to access the switch from a remote network, you also must configure the management gateway (gateway 254).

Uplink port access:

Using a Bootstrap Protocol (BOOTP) server—By default, the management interface is set up to

request its IP address from a BOOTP server. If you have a BOOTP server on the network, add the Media Access Control (MAC) address of the switch to the BOOTP configuration file located on the BOOTP server. The MAC address can be found in the System Information menu (See the

―System information‖ section in the ―Information Menu‖ chapter.) If you are using a DHCP server

that also does BOOTP, you do not have to configure the MAC address.

Configuring manually—If the network does not support BOOTP, you must configure the

management port with an IP address.

Establishing a Telnet connection

A Telnet connection offers the convenience of accessing the switch from any workstation connected to the network. Telnet provides the same options for user, operator, and administrator access as those available through the console port. By default, Telnet is enabled on the switch. The switch supports four concurrent Telnet connections.

Once the IP parameters are configured, you can access the CLI using a Telnet connection. To establish a Telnet connection with the switch, run the Telnet program on the workstation and enter the telnet command, followed by the switch IP address:

You will then be prompted to enter a password. The password entered determines the access level:

administrator, operator, or user. See the ―Accessing the switch‖ section later in this chapter for description

of default passwords.

Establishing an SSH connection

Although a remote network administrator can manage the configuration of a switch via Telnet, this method does not provide a secure connection. The Secure Shell (SSH) protocol enables you to securely log into the switch over the network.

As a secure alternative to using Telnet to manage switch configuration, SSH ensures that all data sent over the network is encrypted and secure. In order to use SSH, you must first configure it on the switch.

See the ―Secure Shell Server configuration‖ section in the ―Configuration Menu‖ chapter for information

on how to configure SSH.

The switch can perform only one session of key/cipher generation at a time. Therefore, an SSH/Secure Copy (SCP) client will not be able to log in if the switch is performing key generation at that time or if another client has just logged in before this client. Similarly, the system will fail to perform the key generation if an SSH/SCP client is logging in at that time.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 9

NOTE: The switch implementation of SSH is based on versions 1.5 and 2.0, and supports SSH clients

from version 1.0 through version 2.0. SSH clients of other versions are not supported. You may configure the client software to use protocol SSH version 1 or version 2.

>> # ssh <user>@<10Gb Intelligent L3 Switch IP address>

NOTE: The first time you run SSH from the workstation, a warning message might appear. At the

prompt, enter yes to continue.

The supported SSH encryption and authentication methods are listed below.

Server Host Authentication—Client RSA authenticates the switch in the beginning of every

connection

Key Exchange—RSA Encryption:

AES256-CBC AES192-CBC AES128-CBC 3DES-CBC 3DES ARCFOUR

User Authentication—Local password authentication; Remote Authentication Dial-in User Service

(RADIUS)

The following SSH clients are supported:

SSH 3.0.1 for Linux (freeware) SecureCRT® 4.1.8 (VanDyke Technologies, Inc.) OpenSSH_3.9 for Linux (FC 3) SCP commands for Linux (FC3) PuTTY Release 0.58 (Simon Tatham) for Windows

By default, SSH service is not enabled on the switch. Once the IP parameters are configured, you can access the command line interface to enable SSH.

To establish an SSH connection with the switch, run the SSH program on the workstation by issuing the ssh command, followed by the user account name and the switch IP address:

You will then be prompted to enter your password.

Accessing the switch

To enable better switch management and user accountability, the switch provides different levels or classes of user access. Levels of access to the CLI and Web management functions and screens increase as needed to perform various switch management tasks. The three levels of access are:

User—User interaction with the switch is completely passive; nothing can be changed on the switch.

Users may display information that has no security or privacy implications, such as switch statistics and current operational state information.

Operator—Operators can only effect temporary changes on the switch. These changes will be lost

when the switch is rebooted/reset. Operators have access to the switch management features used for daily switch operations. Because any changes an operator makes are undone by a reset of the switch, operators cannot severely impact switch operation, but do have access to the Maintenance menu.

Administrator—Only administrators can make permanent changes to the switch configuration,

changes that are persistent across a reboot/reset of the switch. Administrators can access switch functions to configure and troubleshoot problems on the switch. Because administrators can also make temporary (operator-level) changes as well, they must be aware of the interactions between temporary and permanent changes.

Access to switch functions is controlled through the use of unique usernames and passwords. Once you are connected to the switch via the local console, Telnet, or SSH, you are prompted to enter a password. The password entered determines the access level. The default user names/password for each access level is listed in the following table.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 10

NOTE: It is recommended that you change default switch passwords after initial configuration and

as regularly as required under your network security policies. For more information, see the ―Setting passwords‖ section in the ―First-time configuration‖ chapter.

Table 2 User access levels

User account

Description and tasks performed

User

The user has no direct responsibility for switch management. He or she can view all switch status information and statistics, but cannot make any configuration changes to the switch. The user account is enabled by default, and the default password is user.

Oper

The operator manages all functions of the switch. The operator can reset ports or the entire switch. By default, the operator account is disabled and has no password.

Admin

The super user administrator has complete access to all menus, information, and configuration commands on the switch, including the ability to change both the user and administrator passwords. The admin account is enabled by default, and the default password is admin.

NOTE: With the exception of the admin user, setting the password to an empty value can disable

access to each user level.

[Main Menu] info - Information Menu stats - Statistics Menu cfg - Configuration Menu

oper - Operations Command Menu boot - Boot Options Menu maint - Maintenance Menu diff - Show pending config changes [global command] apply - Apply pending config changes [global command] save - Save updated config to FLASH [global command] revert - Revert pending or applied changes [global command] exit - Exit [global command, always available]

>> Main#

Table 3 Typographic conventions

Typeface or symbol

Meaning

Example

AaBbCc123

This type depicts onscreen computer output and prompts.

Main#

AaBbCc123

This type displays in command examples and shows text that must be typed in exactly as shown.

Main# sys

Once you enter the administrator password and it is verified, you are given complete access to the switch.

After logging in, the Main Menu of the CLI is displayed. See the ―Menu basics‖ chapter for a summary of the Main Menu options.

Idle timeout

By default, the switch will disconnect the console, Telnet, or SSH session after five minutes of inactivity. This function is controlled by the idle timeout parameter, which can be set from 1 to 60 minutes. For information on changing this parameter, see the ―System configuration‖ section in the ―Configuration

Menu‖ chapter.

Typographical conventions

The following table describes the typographic styles used in this guide:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 11

Table 3 Typographic conventions

Typeface or symbol

Meaning

Example

This italicized type displays in command examples as a parameter placeholder. Replace the indicated text with the appropriate real name or value when using the command. Do not type the brackets. This also shows guide titles, special terms, or words to be emphasized.

To establish a Telnet session, enter:

host# telnet <IP address>

Read the user guide thoroughly.

[ ]

Command items shown inside brackets are optional and can be used or excluded as the situation demands. Do not type the brackets.

host# ls [-a]

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 12

Menu basics

[Main Menu] info - Information Menu stats - Statistics Menu cfg - Configuration Menu oper - Operations Command Menu boot - Boot Options Menu maint - Maintenance Menu diff - Show pending config changes [global command] apply - Apply pending config changes [global command] save - Save updated config to FLASH [global command] revert - Revert pending or applied changes [global command]

exit - Exit [global command, always available]

Introduction

The AOS CLI is used for viewing switch information and statistics. In addition, the administrator can use the CLI for performing all levels of switch configuration.

To make the CLI easy to use, the various commands have been logically grouped into a series of menus and submenus. Each menu displays a list of commands and/or submenus that are available, along with a summary of what each command will do. Below each menu is a prompt where you can enter any command appropriate to the current menu.

This chapter describes the Main Menu commands, and provides a list of commands and shortcuts that are commonly available from all the menus within the CLI.

Main Menu

The Main Menu displays after a successful connection and login. The following table shows the Main Menu for the administrator login. Some features are not available under the user login.

Menu summary

The Main Menu displays the following submenus:

Information Menu

The Information Menu provides submenus for displaying information about the current status of the switch: from basic system settings to VLANs, and more.

Statistics Menu

This menu provides submenus for displaying switch performance statistics. Included are port, IP,

ICMP, TCP, UDP, SNMP, routing, ARP, and DNS.

Configuration Menu

It includes submenus for configuring every aspect of the switch. Changes to configuration are not active until explicitly applied. Changes can be saved to non-volatile memory (NVRAM).

Operations Command Menu

Operations-level commands are used for making immediate and temporary changes to switch configuration. This menu is used for bringing ports temporarily in and out of service.

Boot Options Menu

This menu is used for upgrading switch software, selecting configuration blocks, and for resetting the switch when necessary. This menu is also used to set the switch back to factory settings.

Maintenance Menu

This menu is used for debugging purposes, enabling you to generate a technical support dump of the critical state information in the switch, and to clear entries in the Forwarding Database and the Address Resolution Protocol (ARP) and routing tables.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 13

>> Main# help

For help on a specific command, type help <command>

Global Commands: [can be issued from any menu] help up print pwd lines verbose exit quit diff apply save revert ping traceroute telnet history pushd popd who

The following are used to navigate the menu structure: . Print current menu .. Move up one menu level / Top menu if first, or command separator

! Execute command from history

Table 4 Global commands

Command

Action

? or help

Provides usage information about a specific command on the current menu. When used without the command parameter, a summary of the global commands is displayed.

. or print

Displays the current menu.

.. or up

Moves up one level in the menu structure.

If placed at the beginning of a command, displays the Main Menu. Otherwise, this is used to separate multiple commands placed on the same line.

lines

Sets the number of lines (n) that display on the screen at one time. The default is 24 lines. When used without a value, the current setting is displayed.

diff

Shows any pending configuration changes that have not been applied.

diff flash displays all pending configuration changes that have been

applied but not saved to flash memory (NVRAM), as well as those that have not been applied.

apply

Applies pending configuration changes.

save

Saves the active configuration to backup, and saves the current configuration as active.

Save n saves the current configuration as active, without saving the active

configuration to backup.

revert

Removes changes that have been made, but not applied.

Revert apply removes all changes that have not been saved.

exit or quit

Exits from the command line interface and logs out.

ping

Verifies station-to-station connectivity across the network. The format is:

ping <host name> | <IP address> [ <number of tries> [ <msec delay> ]] [-m|-mgt|-d|-data]

IP address is the hostname or IP address of the device. number of tries (optional) is the number of attempts (1-32). msec delay (optional) is the number of milliseconds between attempts.

traceroute

Identifies the route used for station-to-station connectivity across the network. The format is:

traceroute <host name> | <IP address> [<max-hops> [ <msec delay> ]]

IP address is the hostname or IP address of the target station. max-hops (optional) is the maximum distance to trace (1-16 devices) msec delay (optional) is the number of milliseconds to wait for the

response.

pwd

Displays the command path used to reach the current menu.

Global commands

Some basic commands are recognized throughout the menu hierarchy. These commands are useful for obtaining online Help, navigating through menus, and for applying and saving configuration changes.

For help on a specific command, type help. The following screen displays:

The following table describes the global commands.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 14

Table 4 Global commands

Command

Action

verbose n

Sets the level of information displayed on the screen:

0 = Quiet: Nothing displays except errors, not even prompts. 1 = Normal: Prompts and requested output are shown, but no menus. 2 = Verbose: Everything is shown. This is the default. When used without a value, the current setting is displayed.

telnet

This command is used to Telnet out of the switch. The format is:

telnet <hostname> | <IP address> [port]

history

Displays the history of the last ten commands.

pushd

Remembers the current location in the directory of menu commands.

popd

Returns to the last pushd location.

who

Displays users who are logged in.

Table 5 Command line history and editing options

Option

Description

history

Displays a numbered list of the last ten previously entered commands.

Repeats the last entered command.

Repeats the nth command shown on the history list.

<Ctrl-p> or

Up arrow key

Recalls the previous command from the history list. This can be used multiple times to work backward through the last ten commands. The recalled command can be entered as is, or edited using the options below.

<Ctrl-n> or

Down arrow key

Recalls the next command from the history list. This can be used multiple times to work forward through the last ten commands. The recalled command can be entered as is, or edited using the options below.

<Ctrl-a>

Moves the cursor to the beginning of the command line.

<Ctrl-e>

Moves the cursor to the end of the command line.

<Ctrl-b> or

Left arrow key

Moves the cursor back one position to the left.

<Ctrl-f> or

Right arrow key

Moves the cursor forward one position to the right.

<Backspace> or

Delete key

Erases one character to the left of the cursor position. <Ctrl-d>

Deletes one character at the cursor position.

<Ctrl-k>

Erases all characters from the cursor position to the end of the command line.

<Ctrl-l>

Redisplays the current line.

<Ctrl-u>

Clears the entire line.

Other keys

Inserts new characters at the cursor position.

Prints the current level menu list.

Moves to the previous directory level.

Command line history and editing

Using the command line interface, you can retrieve and modify previously entered commands with just a few keystrokes. The following options are available globally at the command line:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 15

Main# cfg/sys/ssnmp/name

Main# c/sys/ssn/n

Command line interface shortcuts

The following shortcuts allow you to enter commands quickly and easily.

Command stacking

As a shortcut, you can type multiple commands on a single line, separated by forward slashes (/). You can connect as many commands as required to access the menu option that you want.

For example, the keyboard shortcut to access the Simple Network Management Protocol (SNMP) Configuration Menu from the Main# prompt is:

Command abbreviation

Most commands can be abbreviated by entering the first characters that distinguish the command from the others in the same menu or submenu.

For example, the command shown above could also be entered as:

Tab completion

By entering the first letter of a command at any menu prompt and pressing the Tab key, the CLI will display all commands or options in that menu that begin with that letter. Entering additional letters will further refine the list of commands or options displayed.

If only one command fits the input text when the Tab key is pressed, that command will be supplied on the command line, waiting to be entered. If the Tab key is pressed without any input on the command line, the currently active menu displays.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 16

First-time configuration

Blade Network Technologies 10Gb Intelligent L3 Switch.

Enter password:

[Main Menu] info - Information Menu stats - Statistics Menu

cfg - Configuration Menu oper - Operations Command Menu boot - Boot Options Menu maint - Maintenance Menu diff - Show pending config changes [global command] apply - Apply pending config changes [global command] save - Save updated config to FLASH [global command] revert - Revert pending or applied changes [global command] exit - Exit [global command, always available]

>> Main#

Main# /cfg

[Configuration Menu] sys - System-wide Parameter Menu port - Port Menu l2 - Layer 2 Menu l3 - Layer 3 Menu qos - QOS Menu acl - Access Control List Menu rmon - RMON Menu pmirr - Port Mirroring Menu ufd - Uplink Failure Detection Menu dump - Dump current configuration to script file ptcfg - Backup current configuration to FTP/TFTP server

gtcfg - Restore current configuration from FTP/TFTP server cur - Display current configuration

>> Configuration#

NOTE: SNMP support is enabled by default.

>> # /cfg/sys/access/snmp disable|read only|read/write

>> # /cfg/sys/ssnmp/rcomm|wcomm

Introduction

This chapter describes how to perform first-time configuration and how to change system passwords.

To begin first-time configuration of the switch, perform the following steps.

1. Connect to the switch console. After connecting, the login prompt displays.

2. Enter admin as the default administrator password.

The system displays the Main Menu with administrator privileges.

3. From the Main Menu, enter the following command to access the Configuration Menu:

The Configuration Menu is displayed.

Configuring Simple Network Management Protocol support

1. Use the following command to enable SNMP:

2. Set SNMP read or write community string. By default, they are public and private respectively:

3. When prompted, enter the proper community string.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 17

>> System# apply

>> System# save

NOTE: You must not forget your administrator password. If you forget your administrator password,

contact your service representative.

Main# /cfg

>> Configuration#

>> Configuration# sys

4. Apply and save configuration .

Setting passwords

NEC recommends that you change all passwords after initial configuration and as regularly as required

under the network security policies. See the ―Accessing the switch‖ section in the ―Command line interface‖ chapter for a description of the user access levels.

To change the user, operator, or administrator password, you must log in using the administrator password. Passwords cannot be modified from the user or operator command mode.

Changing the default administrator password

The administrator has complete access to all menus, information, and configuration commands, including the ability to change the user, operator, and administrator passwords.

The default password for the administrator account is admin. To change the default password:

1. Connect to the switch and log in using the admin password.

2. From the Main Menu, use the following command to access the Configuration Menu:

The Configuration Menu is displayed.

3. From the Configuration Menu, use the following command to select the System Menu:

The System Menu is displayed.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 18

[System Menu] syslog - Syslog Menu sshd - SSH Server Menu radius - RADIUS Authentication Menu tacacs+ - TACACS+ Authentication Menu ntp - NTP Server Menu ssnmp - System SNMP Menu access - System Access Menu date - Set system date time - Set system time timezone - Set system timezone olddst - Set system DST for US dlight - Set system daylight savings idle - Set timeout for idle CLI sessions notice - Set login notice bannr - Set login banner hprompt - Enable/disable display hostname (sysName) in CLI prompt bootp - Enable/disable use of BOOTP dhcp - Enable/disable use of DHCP on Mgmt interface reminder - Enable/disable Reminders

cur - Display current system-wide parameters System# access/user/admpw

Changing ADMINISTRATOR password; validation required:

Enter current admin password:

NOTE: You must not forget your administrator password. If you forget your administrator password,

contact your service representative.

Enter new administrator password (max 128 characters):

Re-enter new admin password:

System# apply

System# save

Main# cfg

>> Configuration# sys

4. Enter the following command to set the administrator password:

5. Enter the current administrator password at the prompt:

6. Enter the new administrator password at the prompt:

7. Enter the new administrator password, again, at the prompt:

8. Apply and save the change by entering the following commands:

Changing the default user password

The user login has limited control of the switch. Through a user account, you can view switch information and statistics, but you cannot make configuration changes.

The default password for the user account is user. This password cannot be changed from the user account. Only the administrator has the ability to change passwords, as shown in the following procedure.

1. Connect to the switch and log in using the admin password.

2. From the Main Menu, use the following command to access the Configuration Menu:

3. From the Configuration Menu, use the following command to select the System Menu:

4. Enter the following command to set the user password:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 19

System# access/user/usrpw

Changing USER password; validation required:

Enter current admin password:

Enter new user password (max 128 characters):

Re-enter new user password:

System# apply

System# save

Main# cfg

>> Configuration# sys

System# access/user/opw

Changing OPERATOR password; validation required:

Enter current admin password:

Enter new operator password (max 128 characters):

Re-enter new operator password:

System# apply

System# save

5. Enter the current administrator password at the prompt.

Only the administrator can change the user password. Entering the administrator password confirms your authority.

6. Enter the new user password at the prompt:

7. Enter the new user password, again, at the prompt:

8. Apply and save the changes:.

Changing the default operator password

The operator manages all functions of the switch. The operator can reset ports or the entire switch. Operators can only effect temporary changes on the switch. These changes will be lost when the switch is rebooted/reset. Operators have access to the switch management features used for daily switch operations. Because any changes an operator makes are undone by a reset of the switch, operators cannot severely impact switch operation.

By default, the operator account is disabled and has no password. This password cannot be changed from the operator account. Only the administrator has the ability to change passwords, as shown in the following procedure.

1. Connect to the switch and log in using the admin password.

2. From the Main Menu, use the following command to access the Configuration Menu:

3. From the Configuration Menu, use the following command to select the System Menu:

4. Enter the following command to set the operator password:

5. Enter the current administrator password at the prompt.

Only the administrator can change the user password. Entering the administrator password confirms your authority.

6. Enter the new operator password at the prompt:

7. Enter the new operator password, again, at the prompt:

8. Apply and save the changes:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 20

Information Menu

[Information Menu] sys - System Information Menu l2 - Layer 2 Information Menu l3 - Layer 3 Information Menu qos - QOS Menu acl - Show ACL information rmon - Show RMON information link - Show link status port - Show port information sfp - Show External Port SFP/XFP status ufd - Show Uplink Failure Detection information dump - Dump all information

Table 6 Information Menu options

Command

Usage

sys

Displays system information.

Displays the Layer 2 Information Menu.

Displays the Layer 3 Information Menu.

qos

Displays the Quality of Service (QoS) Information Menu.

acl

Displays the Access Control List (ACL) Information Menu.

rmon

Displays the Remote Monitoring Information Menu.

link

Displays configuration information about each port, including:

Port number Port speed (10 Mb/s, 100 Mb/s, or auto) Duplex mode (half, full, or any) Flow control for transmit and receive (no, yes, or any) Link status (up or down)

port

Displays port status information, including:

Port number Whether the port uses VLAN tagging or not Port VLAN ID (PVID) Port name VLAN membership

sfp

Displays SFP module information.

ufd

Displays (UFD) Uplink Failure Detection information

dump

Dumps all switch information available from the Information Menu (10K or more, depending on your configuration).

Introduction

You can view configuration information for the switch in the user, operator, and administrator command modes. This chapter discusses how to use the CLI to display switch information.

Menu overview

Command: /info

The following table describes the Information Menu options.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 21

[System Menu] snmpv3 - SNMPv3 Information Menu general - Show general system information log - Show last 100 syslog messages user - Show current user status dump - Dump all system information

Table 7 System Information Menu options

Command

Usage

snmpv3

Displays the SNMP v3 Menu.

general

Displays system information, including:

System date and time Switch model name and number Switch name and location Time of last boot MAC address of the switch management processor IP address of IP interface Hardware version and part number Software image file and version number Configuration name Log-in banner, if one is configured

log

Displays most recent syslog messages.

user

Displays the User Access Information Menu.

dump

Dumps all switch information available from the Information Menu (10K or more, depending on your configuration).

[SNMPv3 Information Menu] usm - Show usmUser table information view - Show vacmViewTreeFamily table information access - Show vacmAccess table information group - Show vacmSecurityToGroup table information comm - Show community table information taddr - Show targetAddr table information tparam - Show targetParams table information notify - Show notify table information dump - Show all SNMPv3 information

System Information Menu

Command: /info/sys

The following table describes the System Information Menu options.

SNMPv3 Information Menu

Command: /info/sys/snmpv3

SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2 Framework by supporting the following:

a new SNMP message format security for messages access control remote configuration of SNMP parameters

For more details on the SNMPv3 architecture, see RFC2271 to RFC2276.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 22

The following table describes the SNMPv3 Information Menu options.

Table 8 SNMPv3 Information Menu options

Command

Usage

usm

Displays User Security Model (USM) table information.

view

Displays information about view name, subtrees, mask and type of view.

access

Displays View-based Access Control information.

group

Displays information about the group that includes the security model, user name, and group name.

comm

Displays information about the community table.

taddr

Displays the Target Address table.

tparam

Displays the Target parameters table.

notify

Displays the Notify table.

dump

Displays all the SNMPv3 information.

usmUser Table: User Name Protocol

-------------------------------- -------------------------------adminmd5 HMAC_MD5, DES PRIVACY adminsha HMAC_SHA, DES PRIVACY v1v2only NO AUTH, NO PRIVACY

Table 9 SNMPv3 User Table parameters

Field

Description

User Name

This is a string that represents the name of the user that you can use to access the switch.

Protocol

This indicates whether messages sent on behalf of this user are protected from disclosure using a privacy protocol. The switch software supports DES algorithm for privacy. The software also supports two authentication algorithms: MD5 and HMAC-SHA.

SNMPv3 USM User Table information

Command: /info/sys/snmpv3/usm

The User-based Security Model (USM) in SNMPv3 provides security services such as authentication and privacy of messages. This security model makes use of a defined set of user identities displayed in the USM user table. The USM user table contains information like:

the user name a security name in the form of a string whose format is independent of the Security Model an authentication protocol, which is an indication that the messages sent on behalf of the user can

be authenticated

the privacy protocol.

The following table describes the SNMPv3 User Table information.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 23

View Name Subtree Mask Type

------------------ ---------------------------- ------------- -------iso 1 included v1v2only 1 included v1v2only 1.3.6.1.6.3.15 excluded v1v2only 1.3.6.1.6.3.16 excluded v1v2only 1.3.6.1.6.3.18 excluded

Table 10 SNMPv3 View Table parameters

Field

Description

View Name

Displays the name of the view.

Subtree

Displays the MIB subtree as an OID string. A view subtree is the set of all MIB object instances which have a common Object Identifier prefix to their names.

Mask

Displays the bit mask.

Type

Displays whether a family of view subtrees is included or excluded from the MIB view.

Group Name Model Level ReadV WriteV NotifyV

---------- ------- ------------ --------- -------- ------v1v2grp snmpv1 noAuthNoPriv iso iso v1v2only admingrp usm authPriv iso iso iso

SNMPv3 View Table information

Command: /info/sys/snmpv3/view

The user can control and restrict the access allowed to a group to only a subset of the management information in the management domain that the group can access within each context by specifying the group‘s rights in terms of a particular MIB view for security reasons.

The following table describes the SNMPv3 View Table information.

SNMPv3 Access Table information

Command: /info/sys/snmpv3/access

The vacmAccessTable (View-based Access Control Model Access Table) maps a group name, security information, and a message type, which could be the read or write type of operation or notification into a MIB view.

This group‘s access rights are determined by a Read View, a Write View, and a Notify View. The Read View represents the set of object instances authorized for the group while reading the objects. The Write View represents the set of object instances authorized for the group when writing objects. The Notify View represents the set of object instances authorized for the group when sending a notification.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 24

The following table describes the SNMPv3 Access Table information.

Table 11 SNMPv3 Access Table parameters

Field

Description

Group Name

Displays the name of group.

Model

Displays the security model used, for example, SNMPv1, or SNMPv2 or USM.

Level

Displays the minimum level of security required to gain rights of access. For example, noAuthNoPriv, authNoPriv, or auth-Priv.

ReadV

Displays the MIB view to which this entry authorizes the Read access.

WriteV

Displays the MIB view to which this entry authorizes the Write access.

NotifyV

Displays the MIB view to which this entry authorizes the Notify access.

Sec Model User Name Group Name

---------- ----------------------------- ------------------------------snmpv1 v1v2only v1v2grp usm adminmd5 admingrp usm adminsha admingrp

Table 12 SNMPv3 Group Table parameters

Field

Description

Sec Model

Displays the security model used, which is any one of: USM, SNMPv1, SNMPv2, and SNMPv3.

User Name

Displays the name for the user.

Group Name

Displays the access name of the group.

Index Name User Name Tag

---------- ---------- -------------------- ---------trap1 public v1v2only v1v2trap

Table 13 SNMPv3 Community Table parameters

Field

Description

Index

Displays the unique index value of a row in this table.

Name

Displays the community string.

User Name

Displays the User Security Model (USM) user name.

Tag

Displays the community tag.

Name Transport Addr Port Taglist Params

---------- --------------- ---- ---------- --------------trap1 47.81.25.66 162 v1v2trap v1v2param

SNMPv3 Group Table information

Command: /info/sys/snmpv3/group

A group is a combination of security model and security name that defines the access rights assigned to all the security names belonging to that group. The group is identified by a group name.

The following table describes the SNMPv3 Group Table information.

SNMPv3 Community Table information

Command: /info/sys/snmpv3/comm

This command displays the community table information stored in the SNMP engine.

The following table describes the SNMPv3 Community Table information.

SNMPv3 Target Address Table information

Command: /info/sys/snmpv3/taddr

This command displays the SNMPv3 target address table information.

The following table describes the SNMPv3 Target Address Table information.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 25

Table 14 SNMPv3 Target Address Table parameters

Field

Description

Name

Displays the locally arbitrary, but unique identifier associated with this snmp TargetAddrEntry.

Transport Addr

Displays the transport addresses.

Port

Displays the SNMP UDP port number.

Taglist

This column contains a list of tag values which are used to select target addresses for a particular SNMP message.

Params

The value of this object identifies an entry in the snmpTargetParamsTable. The identified entry contains SNMP parameters to be used when generating messages to be sent to this transport address.

Name MP Model User Name Sec Model Sec Level

------------------- -------- -------------------- --------- ----------v1v2param snmpv2c v1v2only snmpv1 noAuthNoPriv

Table 15 SNMPv3 Target Parameters Table

Field

Description

Name

Displays the locally arbitrary, but unique identifier associated with this snmpTargeParamsEntry.

MP Model

Displays the Message Processing Model used when generating SNMP messages using this entry.

User Name

Displays the securityName, which identifies the entry on whose behalf SNMP messages will be generated using this entry.

Sec Model

Displays the security model used when generating SNMP messages using this entry.

Sec Level

Displays the level of security used when generating SNMP messages using this entry.

Name Tag

-------------------- -------------------v1v2trap v1v2trap

Table 16 SNMPv3 Notify Table

Field

Description

Name

The locally arbitrary, but unique identifier associated with this snmpNotifyEntry.

Tag

This represents a single tag value which is used to select entries in the

snmpTargetAddrTable. Any entry in the snmpTargetAddrTable that contains a

tag value equal to the value of this entry is selected. If this entry contains a value of zero length, no entries are selected.

SNMPv3 Target Parameters Table information

Command: /info/sys/snmpv3/tparam

The following table describes the SNMPv3 Target Parameters Table information.

SNMPv3 Notify Table information

Command: /info/sys/snmpv3/notify

The following table describes the SNMPv3 Notify Table information.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 26

SNMPv3 dump

Engine ID = 80:00:07:50:03:00:17:EF:EB:B0:00

usmUser Table: User Name Protocol

-------------------------------- -------------------------------adminmd5 HMAC_MD5, DES PRIVACY adminsha HMAC_SHA, DES PRIVACY v1v2only NO AUTH, NO PRIVACY

vacmAccess Table: Group Name Model Level ReadV WriteV NotifyV

---------- ------- ------------ ------- -------- -----v1v2grp snmpv1 noAuthNoPriv iso iso v1v2only admingrp usm authPriv iso iso iso

vacmViewTreeFamily Table: View Name Subtree Mask Type

-------------------- --------------- ------------ -------------iso 1 included v1v2only 1 included v1v2only 1.3.6.1.6.3.15 excluded v1v2only 1.3.6.1.6.3.16 excluded v1v2only 1.3.6.1.6.3.18 excluded

vacmSecurityToGroup Table: Sec Model User Name Group Name

---------- ------------------------------- ----------------------snmpv1 v1v2only v1v2grp usm adminmd5 admingrp usm adminsha admingrp

snmpCommunity Table: Index Name User Name Tag

---------- ---------- -------------------- ----------

snmpNotify Table: Name Tag

-------------------- --------------------

snmpTargetAddr Table: Name Transport Addr Port Taglist Params

---------- --------------- ---- ---------- ---------------

snmpTargetParams Table: Name MP Model User Name Sec Model Sec Level

-------------------- -------- ------------------ --------- -------

Command: /info/sys/snmpv3/dump

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 27

System Information at 16:06:28 Tue Mar 4, 2008

Time zone: Asia/Tokyo

Daylight Savings Time Status: Disabled

Blade Network Technologies 10Gb Intelligent L3 Switch

sysName: Groly

sysLocation:

RackName: emfw-rack

EnclosureName: Default_Chassis_Name

BayNumber: 7

System temperature: 42.5C

Switch has been up for 7 days, 19 hours, 51 minutes and 47 seconds.

Last boot: 17:25:38 Mon Jan 8, 2006 (reset from console)

MAC address: 00:17:ef:eb:b0:00 IP (If 1) address: 193.168.9.100

Management Port MAC Address: 00:17:ef:eb:b0:01

Management Port IP Address (if 250): 192.168.12.90

Revision: 0A

Switch Serial No: USP742000TC

Spare Part No: 856-850991-026-A

Software Version 1.0.0 (FLASH image1), active configuration.

System information

Command: /info/sys/gen

System information includes:

System date and time Switch model name and number Rack name and location Time of last boot MAC address of the switch management processor IP address of the switch Software image file and version number

Show last 100 syslog messages

Current configuration block (active, backup, or factory default) Login banner, if one is configured

Command: /info/sys/log

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 28

Jul 8 17:25:41 NOTICE system: link up on port 1 Jul 8 17:25:41 NOTICE system: link up on port 8 Jul 8 17:25:41 NOTICE system: link up on port 7 Jul 8 17:25:41 NOTICE system: link up on port 12 Jul 8 17:25:41 NOTICE system: link up on port 11 Jul 8 17:25:41 NOTICE system: link up on port 14 Jul 8 17:25:41 NOTICE system: link up on port 13 Jul 8 17:25:41 NOTICE system: link up on port 16 Jul 8 17:25:41 NOTICE system: link up on port 15 Jul 8 17:25:41 NOTICE system: link up on port 17 Jul 8 17:25:41 NOTICE system: link up on port 20 Jul 8 17:25:41 NOTICE system: link up on port 22 Jul 8 17:25:41 NOTICE system: link up on port 23 Jul 8 17:25:41 NOTICE system: link up on port 21 Jul 8 17:25:42 NOTICE system: link up on port 4 Jul 8 17:25:42 NOTICE system: link up on port 3 Jul 8 17:25:42 NOTICE system: link up on port 6 Jul 8 17:25:42 NOTICE system: link up on port 5 Jul 8 17:25:42 NOTICE system: link up on port 10

Jul 8 17:25:42 NOTICE system: link up on port 9

Usernames: user - enabled - offline oper - disabled - offline admin - Always Enabled – online 1 session.

Current User ID table: 1: name Kiku , ena, cos user , password valid, offline

Table 17 User Name Information menu

Field

Usage

user

Displays the status of the user access level.

oper

Displays the status of the oper (operator) access level.

admin

Displays the status of the admin (administrator) access level.

Current User ID Table

Displays the status of configured User ID.

Each message contains a date and time field and has a severity level associated with it. One of eight different prefixes is used to indicate the condition:

EMERG—indicates the system is unusable ALERT—indicates action should be taken immediately CRIT—indicates critical conditions ERR—indicates error conditions or eroded operations WARNING—indicates warning conditions NOTICE—indicates a normal but significant condition INFO—indicates an information message DEBUG—indicates a debug-level message

System user information

Command: /info/sys/user

The following table describes the User Name information.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 29

[Layer 2 Menu] fdb - Forwarding Database Information Menu lacp - Link Aggregation Control Protocol Menu 8021x - Show 802.1x information stp - Show STP information cist - Show CIST information trunk - Show Trunk Group information vlan - Show VLAN information gen - Show general information dump - Dump all layer 2 information

Table 18 Layer 2 information menu options

Command

Usage

fdb

Displays the Forwarding Database Information Menu.

lacp

Displays the Link Aggregation Control Protocol Information Menu.

8021x

Displays the 802.1x Information Menu.

stp

In addition to seeing if STP is enabled or disabled, you can view the following STP bridge

information:

Priority Hello interval Maximum age value Forwarding delay Aging time

You can also refer to the following port-specific STP information:

Port number and priority Cost State

cist

Displays Common internal Spanning Tree (CIST) bridge information, including the following:

Priority Hello interval Maximum age value Forwarding delay

You can also view port-specific CIST information, including the following:

Port number and priority Cost State

trunk

When trunk groups are configured, you can view the state of each port in the various trunk groups.

vlan

Displays VLAN configuration information, including:

VLAN Number VLAN Name Status Port membership of the VLAN

gen

Displays general Layer 2 configuration information.

dump

Dumps all switch information available from the Layer 2 menu (10K or more, depending on your configuration).

Layer 2 information

Command: /info/l2

The following table describes the Layer 2 Information menu options.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 30

FDB information menu

[Forwarding Database Menu] find - Show a single FDB entry by MAC address port - Show FDB entries on a single port vlan - Show FDB entries on a single VLAN state - Show FDB entries by state dump - Show all FDB entries

NOTE: The master forwarding database supports up to 8K MAC address entries on the

management processor (MP) per switch.

Table 19 FDB information menu

Command

Usage

find <MAC address> [<VLAN>]

Displays a single database entry by its MAC address. You are prompted to enter the MAC address of the device. Enter the MAC address using the format: xx:xx:xx:xx:xx:xx. (For example: 08:00:20:12:34:56) You can also enter the MAC address using the format: xxxxxxxxxxxx. (For example: 080020123456)

port <port number>

Displays all FDB entries for a particular port.

vlan <1-4094>

Displays all FDB entries on a single VLAN. The range is 1-4094.

Displays all FDB entries that match a particular state.

dump

Displays all entries in the Forwarding Database.

MAC address VLAN Port Trnk State

----------------- ---- ---- ---- ----- 00:02:01:00:00:00 300 1 TRK 00:02:01:00:00:01 300 23 FWD 00:02:01:00:00:02 300 23 FWD 00:02:01:00:00:03 300 23 FWD 00:02:01:00:00:04 300 23 FWD 00:02:01:00:00:05 300 23 FWD 00:02:01:00:00:06 300 23 FWD 00:02:01:00:00:07 300 23 FWD 00:02:01:00:00:08 300 23 FWD 00:02:01:00:00:09 300 23 FWD 00:02:01:00:00:0a 300 23 FWD 00:02:01:00:00:0b 300 23 FWD 00:02:01:00:00:0c 300 23 FWD

Command: /info/l2/fdb

The forwarding database (FDB) contains information that maps the media access control (MAC) address of each known device to the switch port where the device address was learned. The FDB also shows which other ports have seen frames destined for a particular MAC address.

Show all FDB information

Command: /info/l2/fdb/dump

An address that is in the forwarding (FWD) state indicates that the switch has learned it. When in the

Clearing entries from the FDB

trunking (TRK) state, the Trnk field displays the trunk group number. If the state for the port is listed as unknown (UNK), the MAC address has not yet been learned by the switch, but has only been seen as a destination address. When an address is in the unknown state, no outbound port is indicated.

To delete a static MAC address from the forwarding database (FDB), see the ―Static FDB configuration‖ section in the ―Configuration Menu‖ chapter. To clear the entire forwarding database (FDB), see the ―FDB options‖ section in the ―Maintenance Menu‖ chapter.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 31

[LACP Menu] aggr - Show LACP aggregator information for the port port - Show LACP port information dump - Show all LACP ports information

Table 20 LACP information

Command

Usage

aggr

Displays LACP aggregator information for the port.

port

Displays LACP information for the port.

dump

Displays all LACP information parameters.

>> LACP# dump

port lacp adminkey operkey selected prio attached trunk

aggr

----------------------------------------------------------------------

1 off 1 1 n 32768 -- --

2 off 2 2 n 32768 -- --

3 off 3 3 n 32768 -- --

4 off 4 4 n 32768 -- --

5 off 5 5 n 32768 -- --

6 off 6 6 n 32768 -- --

7 off 7 7 n 32768 -- --

8 off 8 8 n 32768 -- --

Link Aggregation Control Protocol information

Command: /info/l2/lacp

The following table describes the Link Aggregation Control Protocol Menu options.

LACP dump

Command: /info/l2/lacp/dump

LACP dump includes the following information for each port in the switch:

port― Displays the port number. lacp—Displays the port‘s LACP mode (active, passive, or off) adminkey—Displays the value of the port‘s adminkey. operkey—Shows the value of the port‘s operational key. selected—Indicates whether the port has been selected to be part of a Link Aggregation Group. prio—Shows the value of the port priority. attached aggr—Displays the aggregator associated with each port. trunk—This value represents the LACP trunk group number.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 32

802.1x information

System capability : Authenticator System status : disabled Protocol version : 1 Authenticator Backend Port Auth Mode Auth Status PAE State Auth State

---- ------------ ------------ -------------- ---------*1 force-auth unauthorized initialize initialize *2 force-auth unauthorized initialize initialize *3 force-auth unauthorized initialize initialize *4 force-auth unauthorized initialize initialize *5 force-auth unauthorized initialize initialize *6 force-auth unauthorized initialize initialize *7 force-auth unauthorized initialize initialize *8 force-auth unauthorized initialize initialize *9 force-auth unauthorized initialize initialize *10 force-auth unauthorized initialize initialize *11 force-auth unauthorized initialize initialize *12 force-auth unauthorized initialize initialize *13 force-auth unauthorized initialize initialize *14 force-auth unauthorized initialize initialize *15 force-auth unauthorized initialize initialize *16 force-auth unauthorized initialize initialize *17 force-auth unauthorized initialize initialize *18 force-auth unauthorized initialize initialize *19 force-auth unauthorized initialize initialize *20 force-auth unauthorized initialize initialize *21 force-auth unauthorized initialize initialize

-----------------------------------------------------------------* - Port down or disabled

Command: /info/l2/8021x

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 33

Table 21 802.1x information

Field

Description

Port

Displays each port‘s name.

Auth Mode

Displays the Access Control authorization mode for the port. The Authorization mode can be one of the following:

force-unauth auto force-auth

Auth Status

Displays the current authorization status of the port, either authorized or unauthorized.

Authenticator PAE State

Displays the Authenticator Port Access Entity State. The PAE state can be one of the following:

initialize disconnected connecting authenticating authenticated aborting held forceAuth

Backend Auth State

Displays the Backend Authorization State. The Backend Authorization state can be one of the following:

request response success fail timeout idle

------------------------------------------------------------------

upfast disabled, update 40

------------------------------------------------------------------

Spanning Tree Group 1: On (STP/PVST+) VLANs: 1

Current Root: Path-Cost Port Hello MaxAge FwdDel 8000 00:02:a5:d1:0f:ed 8 20 2 20 15

Parameters: Priority Hello MaxAge FwdDel Aging 32768 2 20 15 300

Port Priority Cost FastFwd State Designated Bridge Des Port

---- -------- ---- -------- ---------- --------------------- ------ 1 0 0 n FORWARDING * 2 0 0 n FORWARDING * 3 0 0 n FORWARDING *

The following table describes the IEEE 802.1x parameters.

Spanning Tree information

Command: /info/l2/stp

The switch software uses the IEEE 802.1d Spanning Tree Protocol (STP). If RSTP/MSTP is turned on, see the ―Rapid Spanning Tree and Multiple Spanning Tree information‖ section for Spanning Tree Group information. In addition to seeing if STP is enabled or disabled, you can view the following STP bridge information:

Status of upfast (Uplink Fast)

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 34

Current root MAC address

Table 22 STP parameters

Parameter

Description

Current Root

Shows information about the root bridge for the Spanning Tree. Information includes the priority (hex) and MAC address of the root.

Path-Cost

Path-cost is the total path cost to the root bridge. It is the summation of the path cost between bridges (up to the root bridge).

Port

The current root port refers to the port on the switch that receives data from the current root. Zero (0) indicates the root bridge of the STP.

Priority (bridge)

The bridge priority parameter controls which bridge on the network will become the STP root bridge.

Hello

The hello time parameter specifies, in seconds, how often the root bridge transmits a configuration bridge protocol data unit (BPDU). Any bridge that is not the root bridge uses the root bridge hello value.

MaxAge

The maximum age parameter specifies, in seconds, the maximum time the bridge waits without receiving a configuration bridge protocol data unit before it reconfigures the STP network.

FwdDel

The forward delay parameter specifies, in seconds, the amount of time that a bridge port has to wait before it changes from learning state to forwarding state.

Aging

The aging time parameter specifies, in seconds, the amount of time the bridge waits without receiving a packet from a station before removing the station from the Forwarding Database.

Priority (port)

The port priority parameter helps determine which bridge port becomes the designated port. In a network topology that has multiple bridge ports connected to a single segment, the port with the lowest port priority becomes the designated port for the segment.

Cost

The port path cost parameter is used to help determine the designated port for a segment. Generally speaking, the faster the port, the lower the path cost.

State

The State field shows the current state of the port. The State field can be one of the following: BLOCKING, LISTENING, LEARNING, FORWARDING, or DISABLED.

Designated bridge

Shows information about the bridge connected to each port, if applicable. Information includes the priority (hex) and MAC address of the Designated Bridge.

Designated port

The port ID of the port on the Designated Bridge to which this port is connected.

Path-Cost Port Hello interval Maximum age value Forwarding delay Aging time

You can also refer to the following port-specific STP information:

Port number and priority Cost State Port Fast Forwarding state Designated bridge Designated port

The following table describes the STP parameters.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 35

------------------------------------------------------------------

upfast disabled, update 40

------------------------------------------------------------------

Spanning Tree Group 1: On (RSTP) VLANs: 1-3 4095

Current Root: Path-Cost Port Hello MaxAge FwdDel 8000 00:00:01:00:19:00 0 0 9 20 15

Parameters: Priority Hello MaxAge FwdDel Aging 32768 9 20 15 300

Port Prio Cost State Role Designated Bridge Des Port Type

---- ---- ---- ------ ---- --------------------- -------- --- 1 0 0 DSB 2 0 0 DSB 3 0 0 DSB 4 0 0 DSB 5 0 0 DSB 6 0 0 DSB 7 0 0 DSB 8 0 0 DSB 9 0 0 DSB 10 0 0 DISC 11 0 0 FWD DESG 8000-00:00:01:00:19:00 8017 P2P2,Edge 12 0 0 FWD DESG 8000-00:00:01:00:19:00 8018 P2P

Rapid Spanning Tree and Multiple Spanning Tree information

Command: /info/l2/stp

The switch software can be set to use the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) or the IEEE

802.1s Multiple Spanning Tree Protocol (MSTP). If RSTP/MSTP is turned on, you can view the following RSTP bridge information for the Spanning Tree Group:

Status of upfast (Uplink Fast) Current root MAC address Path-Cost Port Hello interval Maximum age value Forwarding delay Aging time

You can also refer to the following port-specific RSTP information:

Port number and priority Cost State Role Designated bridge and port Link type

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 36

The following table describes the STP parameters in RSTP or MSTP mode.

Table 23 Rapid Spanning Tree parameter descriptions

Parameter

Description

Current Root

Shows information about the root bridge for the Spanning Tree. Information includes the priority (hex) and MAC address of the root.

Path-Cost

Path-cost is the total path cost to the root bridge. It is the summation of the path cost between bridges (up to the root bridge).

Port

The current root port refers to the port on the switch that receives data from the current root. Zero (0) indicates the root bridge of the STP.

Priority (bridge)

The bridge priority parameter controls which bridge on the network will become the STP root bridge.

Hello

MaxAge

The maximum age parameter specifies, in seconds, the maximum time the bridge waits without receiving a configuration bridge protocol data unit before it reconfigures the STP network.

FwdDel

The forward delay parameter specifies, in seconds, the amount of time that a bridge port has to wait before it changes from learning state to forwarding state.

Aging

The aging time parameter specifies, in seconds, the amount of time the bridge waits without receiving a packet from a station before removing the station from the Forwarding Database.

Priority (port)

Cost

The port path cost parameter is used to help determine the designated port for a segment. Generally speaking, the faster the port, the lower the path cost. A setting of zero (0) indicates that the cost will be set to the appropriate default after the link speed has been auto-negotiated.

State

Shows the current state of the port. The State field in RSTP/MSTP mode can be one of the following: Discarding (DISC), Learning (LRN), Forwarding (FWD), or

Disabled (DSB).

Role

Shows the current role of this port in the Spanning Tree. The port role can be one of the following: Designated (DESG), Root (ROOT), Alternate (ALTN), Backup (BKUP), Master (MAST), or Unknown (UNK).

Designated bridge

Shows information about the bridge connected to each port, if applicable. Information includes the priority (hex) and MAC address of the Designated Bridge.

Designated port

The port ID of the port on the Designated Bridge to which this port is connected.

Type

Type of link connected to the port, and whether the port is an edge port. Link type values are AUTO, P2P, or SHARED. MSTP: The Type field appears in /info/cist.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 37

Mstp Digest: 0xac36177f50283cd4b83821d8ab26de62

Common Internal Spanning Tree:

VLANs: 1 3-4094

Current Root: Path-Cost Port MaxAge FwdDel 8000 00:03:42:fa:3b:80 11 1 20 15

CIST Regional Root: Path-Cost 8000 00:03:42:fa:3b:80 11

Parameters: Priority MaxAge FwdDel Hops 32768 20 15 20

Port Prio Cost State Role Designated Bridge Des Port Hello Type

---- ---- ---- ------ ---- --------------------- -------- ----- --- 1 128 2000 FWD DESG 8000-00:03:42:fa:3b:80 8001 4 P2P, Edge 2 128 2000 FWD DESG 8000-00:03:42:fa:3b:80 8002 3 128 2000 DSB 4 128 2000 DSB 5 128 2000 DSB 6 128 2000 DSB 7 128 2000 DSB 8 128 2000 DSB 9 128 2000 DSB 10 128 0 DSB 11 128 2000 FWD DESG 8000-00:03:42:fa:3b:80 12 128 2000 DSB

Common Internal Spanning Tree information

Command: /info/l2/cist

In addition to seeing if Common Internal Spanning Tree (CIST) is enabled or disabled, you can view the following CIST bridge information:

Status of upfast (Uplink Fast) CIST root CIST regional root Priority Maximum age value Forwarding delay Hops

You can also refer to the following port-specific CIST information:

Port number and priority Cost State Role Designated bridge and port Hello interval Link type and port type

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 38

The following table describes the CIST parameters.

Table 24 Common Internal Spanning Tree parameter descriptions

Parameter

Description

CIST Root

Shows information about the root bridge for the Common Internal Spanning Tree (CIST). Values on this row of information refer to the CIST root.

CIST Regional Root

Shows information about the root bridge for this MSTP region. Values on this row of information refer to the regional root.

Priority (bridge)

The bridge priority parameter controls which bridge on the network will become the STP root bridge.

MaxAge

The maximum age parameter specifies, in seconds, the maximum time the bridge waits without receiving a configuration bridge protocol data unit before it reconfigures the STP network.

FwdDel

The forward delay parameter specifies, in seconds, the amount of time that a bridge port has to wait before it changes from learning state to forwarding state.

Hops

Shows the maximum number of bridge hops allowed before a packet is dropped.

Priority (port)

Cost

State

Shows the current state of the port. The state field can be one of the following: Discarding (DISC), Learning (LRN), Forwarding (FWD), or Disabled (DSB).

Role

Shows the current role of this port in the Spanning Tree. The port role can be one of the following: Designated (DESG), Root (ROOT), Alternate (ALTN), Backup (BKUP), Master (MAST), or Unknown (UNK).

Designated Bridge

Shows information about the bridge connected to each port, if applicable. Information includes the priority (hex) and MAC address of the Designated Bridge.

Designated Port

The port ID of the port on the Designated Bridge to which this port is connected. Information includes the port priority (hex) and the port number (hex).

Hello

Type

Type of link connected to the port, and whether the port is an edge port. Link type values are AUTO, P2P, or SHARED.

Trunk group 1, Enabled port state: 20: STG 1 forwarding 21: STG 1 forwarding

NOTE: If Spanning Tree Protocol on any port in the trunk group is set to forwarding, the remaining

ports in the trunk group will also be set to forwarding.

Trunk group information

Command: /info/l2/trunk

When trunk groups are configured, you can view the state of each port in the various trunk groups.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 39

VLAN Name Status Ports

---- -------------------------------- ------ ---------------1 Default VLAN ena 1-16 18 19 10 VLAN 10 ena 20 20 VLAN 20 ena 21 4095 Mgmt VLAN ena 17

STP uplink fast mode : disabled

Table 25 Layer 2 general information

Field

Description

STP uplink fast mode

Displays the status of STP Uplink Fast: enabled or disabled.

[Layer 3 Menu] route - IP Routing Information Menu arp - ARP Information Menu ospf - OSPF Routing Information Menu rip - RIP Routing Information Menu ip - Show IP information igmp - Show IGMP Snooping Multicast Group information vrrp - Show Virtual Router Redundancy Protocol information dump - Dump all layer 3 information

VLAN information

Command: /info/l2/vlan

This information display includes all configured VLANs and all member ports that have an active link state.

VLAN information includes:

VLAN Number VLAN Name Status Port membership of the VLAN

Layer 2 general information

Command: /info/l2/gen

The following table describes the Layer 2 general information.

Layer 3 information

Command: /info/l3

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 40

The following table describes the Layer 3 Information Menu options.

Table 26 Layer 3 information menu options

Command

Usage

route

Displays the IP Routing Menu. Using the options of this menu, the system displays the following for each configured or learned route:

Route destination IP address, subnet mask, and gateway address Type of route Tag indicating origin of route Metric for RIP tagged routes, specifying the number of hops to the destination (1-

15 hops, or 16 for infinite hops)

The IP interface that the route uses

arp

Displays the Address Resolution Protocol (ARP) Information Menu.

ospf

Displays OSPF routing Information Menu.

rip

Displays Routing Information Protocol Menu.

Displays IP Information. IP information, includes:

IP interface information: Interface number, IP address, subnet mask, VLAN

number, and operational status.

Default gateway information: Metric for selecting which configured gateway to

use, gateway number, IP address, and health status

IP forwarding information: Enable status, lnet and lmask Port status

igmp

Displays IGMP Information Menu.

vrrp

Displays the VRRP Information Menu.

dump

Dumps all switch information available from the Layer 3 Menu (10K or more, depending on your configuration).

[IP Routing Menu] find - Show a single route by destination IP address gw - Show routes to a single gateway type - Show routes of a single type tag - Show routes of a single tag if - Show routes on a single interface dump - Show all routes

Table 27 Route Information menu options

Command

Usage

find <IP address>

Displays a single route by IP address. For example: 100.10.1.1

gw <IP address>

Displays routes to a single gateway. For example: 100.10.1.2

type indirect|direct|local|

broadcast|martian|multicast

Displays routes of a single type.

broadcast|martian|multicast

Displays routes of a single tag.

if <1-250>

Displays routes on a single interface.

dump

Displays all routes configured in the switch.

Route information

Command: /info/l3/route

Using the commands listed below, you can display all or a portion of the IP routes currently held in the switch.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 41

Status code: * - best Destination Mask Gateway Type Tag Metr If

--------------- --------------- --------------- --------- --------- ---- -* 11.0.0.0 255.0.0.0 11.0.0.1 direct fixed 211 * 11.0.0.1 255.255.255.255 11.0.0.1 local addr 211 * 11.255.255.255 255.255.255.255 11.255.255.255 broadcast broadcast 211 * 12.0.0.0 255.0.0.0 12.0.0.1 direct fixed 12 * 12.0.0.1 255.255.255.255 12.0.0.1 local addr 12 * 12.255.255.255 255.255.255.255 12.255.255.255 broadcast broadcast 12 * 13.0.0.0 255.0.0.0 11.0.0.2 indirect ospf 2 211 * 47.0.0.0 255.0.0.0 47.133.88.1 indirect static 24 * 47.133.88.0 255.255.255.0 47.133.88.46 direct fixed 24 * 172.30.52.223 255.255.255.255 172.30.52.223 broadcast broadcast 2 * 224.0.0.0 224.0.0.0 0.0.0.0 martian martian * 224.0.0.5 255.255.255.255 0.0.0.0 multicast addr

Table 28 IP Routing Type information

Field

Description

indirect

The next hop to the host or subnet destination will be forwarded through a router at the Gateway address.

direct

Packets will be delivered to a destination host or subnet attached to the switch.

local

Indicates a route to one of the switch‘s IP interfaces.

broadcast

Indicates a broadcast route.

martian

The destination belongs to a host or subnet which is filtered out. Packets to this destination are discarded.

multicast

Indicates a multicast route.

Table 29 IP Routing Tag information

Field

Description

fixed

The address belongs to a host or subnet attached to the switch.

static

The address is a static route which has been configured on the Switch.

addr

The address belongs to one of the switch‘s IP interfaces.

rip

The address was learned by the Routing Information Protocol (RIP).

ospf

The address was learned by Open Shortest Path First (OSPF).

broadcast

Indicates a broadcast address.

multicast

Indicates a multicast address

martian

The address belongs to a filtered group.

Show all Route information

Command: /info/l3/route/dump

The following table describes the Type parameter.

The following table describes the Tag parameter.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 42

ARP information

[Address Resolution Protocol Menu] find - Show a single ARP entry by IP address port - Show ARP entries on a single port vlan - Show ARP entries on a single VLAN addr - Show ARP entries for switch's interface dump - Show all ARP entries

Table 30 ARP information

Command

Usage

find <IP address>

Displays a single ARP entry by IP address. For example: 192.4.17.101

port <port number>

Displays the ARP entries on a single port.

vlan <1-4095>

Displays the ARP entries on a single VLAN.

dump

Displays all ARP entries, including:

IP address and MAC address of each entry Address status flag The VLAN and port to which the address belongs

The ports which have referenced the address (empty if no port has routed traffic to the IP address shown)

addr

Displays the ARP address list: IP address, IP mask, MAC address, and VLAN flags.

IP address Flags MAC address VLAN Port

--------------- ----- ----------------- ---- ----

192.168.2.4 00:50:8b:b2:32:cb 1 18

192.168.2.19 00:0e:7f:25:89:b5 1 17

192.168.2.61 P 00:0f:6a:ed:46:00 1

Table 31 ARP dump flag parameters

Flag

Description

Permanent entry created for switch IP interface.

Indirect route entry.

Unresolved ARP entry. The MAC address has not been learned.

IP address IP mask MAC address VLAN Flags

--------------- --------------- ----------------- ---- -----

205.178.18.66 255.255.255.255 00:70:cf:03:20:04 P

205.178.50.1 255.255.255.255 00:00:cf:03:20:06 1

205.178.50.1 255.255.255.255 00:70:cf:03:20:04 1

Command: /info/arp

The Address Resolution Protocol (ARP) information includes IP address and MAC address of each entry, address status flags, VLAN, and port for the address, and port referencing information.

The following table describes the Address Resolution Protocol Menu options.

Show all ARP entry information

Command: /info/arp/dump

The Flag field provides additional information about an entry. If no flag displays, the entry is normal.

ARP address list information

Command: /info/arp/addr

This screen displays all entries in the ARP cache.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 43

[OSPF Information Menu] general - Show general information aindex - Show area(s) information if - Show interface(s) information virtual - Show details of virtual links nbr - Show neighbor(s) information dbase - Database Menu sumaddr - Show summary address list nsumadd - Show NSSA summary address list routes - Show OSPF routes dump - Show OSPF information

Table 32 OSPF information

Command

Usage

general

Displays general OSPF information.

aindex <0-2>

Displays area information for a particular area index. If no parameter is supplied, it displays area information for all the areas.

if <1-249>

Displays interface information for a particular interface. If no parameter is supplied, it displays information for all the interfaces.

virtual

Displays information about all the configured virtual links.

nbr <nbr router-id (A.B.C.D)>

Displays the status of a neighbor with a particular router ID. If no router ID is supplied, it displays the information about all the current neighbors.

dbase

Displays OSPF database menu.

sumaddr <0-2>

Displays the list of summary ranges belonging to non-NSSA areas.

nsumadd <0-2>

Displays the list of summary ranges belonging to NSSA areas.

routes

Displays OSPF routing table.

dump

Displays all OSPF information.

OSPF information

Command: /info/l3/ospf

The following table describes the OSPF Menu options.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 44

OSPF general information

OSPF Version 2 Router ID: 10.10.10.1 Started at 1663 and the process uptime is 4626 Area Border Router: yes, AS Boundary Router: no LS types supported are 6 External LSA count 0 External LSA checksum sum 0x0 Number of interfaces in this router is 2 Number of virtual links in this router is 1 16 new lsa received and 34 lsa originated from this router Total number of entries in the LSDB 10 Database checksum sum 0x0 Total neighbors are 1, of which 2 are >=INIT state, 2 are >=EXCH state, 2 are =FULL state Number of areas is 2, of which 3-transit 0-nssa Area Id : 0.0.0.0 Authentication : none Import ASExtern : yes Number of times SPF ran : 8 Area Border Router count : 2 AS Boundary Router count : 0 LSA count : 5 LSA Checksum sum : 0x2237B Summary : no Summary

Ip Address 10.10.12.1, Area 0.0.0.1, Admin Status UP Router ID 10.10.10.1, State DR, Priority 1 Designated Router (ID) 10.10.10.1, Ip Address 10.10.12.1 Backup Designated Router (ID) 10.10.14.1, Ip Address 10.10.12.2 Timer intervals, Hello 10, Dead 40, Wait 1663, Retransmit 5, Transit delay 1 Neighbor count is 1 If Events 4, Authentication type none

[OSPF Database Menu] advrtr - LS Database info for an Advertising Router asbrsum - ASBR Summary LS Database info dbsumm - LS Database summary ext - External LS Database info nw - Network LS Database info nssa - NSSA External LS Database info rtr - Router LS Database info self - Self Originated LS Database info summ - Network-Summary LS Database info all - All

Command: /info/l3/ospf/general

OSPF interface information

Command: /info/l3/ospf/if <1-249>

OSPF Database information

Command: /info/l3/ospf/dbase

The following table describes the OSPF Database information menu options.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 45

Table 33 OSPF Database information

Command

Usage

advrtr <router-id (A.B.C.D)>

Takes advertising router as a parameter. Displays all the Link State Advertisements (LSAs) in the LS database that have the advertising router with the specified router ID, for example: 20.1.1.1.

asbrsum <adv-rtr (A.B.C.D)>| <link_state_id (A.B.C.D>|<self>

Displays ASBR summary LSAs. The usage of this command is as follows:

a. asbrsum adv-rtr 20.1.1.1 displays ASBR summary

LSAs having the advertising router 20.1.1.1.

b. asbrsum link_state_id 10.1.1.1 displays ASBR

summary LSAs having the link state ID 10.1.1.1.

c. asbrsum self displays the self advertised ASBR

summary LSAs.

d. asbrsum with no parameters displays all the

ASBR summary LSAs.

dbsumm

Displays the following information about the LS database in a table format:

a. The number of LSAs of each type in each area. b. The total number of LSAs for each area. c. The total number of LSAs for each LSA type for

all areas combined.

d. The total number of LSAs for all LSA types for all

areas combined.

No parameters are required.

ext <adv-rtr (A.B.C.D)>| <link_state_id (A.B.C.D)>|<self>

Displays the AS-external (type 5) LSAs with detailed information of each field of the LSAs. The usage of this command is the same as the usage of the command

asbrsum.

nw <adv-rtr (A.B.C.D)>| <link_state_id (A.B.C.D)>|<self>

Displays the network (type 2) LSAs with detailed information of each field of the LSA.network LS database. The usage of this command is the same as the usage of the command asbrsum.

nssa <adv-rtr (A.B.C.D)>| <link_state_id (A.B.C.D)>|<self>

Displays the NSSA (type 7) LSAs with detailed information of each field of the LSAs. The usage of this command is the same as the usage of the command

asbrsum.

rtr <adv-rtr (A.B.C.D)>| <link_state_id (A.B.C.D)>|<self>

Displays the router (type 1) LSAs with detailed information of each field of the LSAs. The usage of this command is the same as the usage of the command

asbrsum.

self

Displays all the self-advertised LSAs. No parameters are required.

summ <adv-rtr (A.B.C.D)>| <link_state_id (A.B.C.D)>|<self>

Displays the network summary (type 3) LSAs with detailed information of each field of the LSAs. The usage of this command is the same as the usage of the command asbrsum.

all

Displays all the LSAs.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 46

OSPF route codes information

Codes: IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 IA 10.10.0.0/16 via 200.1.1.2 IA 40.1.1.0/28 via 20.1.1.2 IA 80.1.1.0/24 via 200.1.1.2 IA 100.1.1.0/24 via 20.1.1.2 IA 140.1.1.0/27 via 20.1.1.2 IA 150.1.1.0/28 via 200.1.1.2 E2 172.18.1.1/32 via 30.1.1.2 E2 172.18.1.2/32 via 30.1.1.2 E2 172.18.1.3/32 via 30.1.1.2 E2 172.18.1.4/32 via 30.1.1.2 E2 172.18.1.5/32 via 30.1.1.2 E2 172.18.1.6/32 via 30.1.1.2 E2 172.18.1.7/32 via 30.1.1.2 E2 172.18.1.8/32 via 30.1.1.2

[RIP Information Menu] routes - Show RIP routes dump - Show RIP user's configuration

Table 34 RIP information

Command

Usage

routes

Displays information about RIP routes.

dump <0-249>

Displays RIP user‘s configuration. Enter 0 (zero) for all interfaces.

>> IP Routing# /info/l3/rip/routes

3.0.0.0/8 via 30.1.1.11 metric 4

4.0.0.0/16 via 30.1.1.11 metric 16

10.0.0.0/8 via 30.1.1.2 metric 3

20.0.0.0/8 via 30.1.1.2 metric 2

RIP USER CONFIGURATION : RIP on updat 30 RIP Interface 2 : 102.1.1.1, enabled version 2, listen enabled, supply enabled, default none poison disabled, trigg enabled, mcast enabled, metric 1 auth none,key none RIP Interface 3 : 103.1.1.1, enabled version 2, listen enabled, supply enabled, default none poison disabled, trigg enabled, mcast enabled, metric 1

Command: /info/l3/ospf/routes

Routing Information Protocol information

Command: /info/l3/rip

The following table describes the Routing Information Protocol information menu options.

RIP Routes information

Command: /info/l3/rip/routes

This table contains all dynamic routes learned through RIP, including the routes that are undergoing garbage collection with metric = 16. This table does not contain directly connected routes and locally configured static routes.

RIP user configuration

Command: /info/l3/rip/dump <0-249>

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 47

Interface information: 1: 47.80.23.243 255.255.254.0 47.80.23.255, vlan 1, up

Default gateway information: metric strict 1: 198.168.9.1, vian any, active 2: 192.168.12.235, vian any, active

Current BOOTP relay settings: OFF

0.0.0.0, 0.0.0.0

Current IP forwarding settings: OFF, dirbr disabled

Current network filter settings:

none

Current route map settings:

[IGMP Multicast Menu] mrouter - Show IGMP Snooping Multicast Router Port information find - Show a single group by IP group address vlan - Show groups on a single vlan port - Show groups on a single port trunk - Show groups on a single trunk detail - Show detail of a single group by IP group address dump - Show all groups

Table 35 IGMP Multicast Group menu options

Command

Usage

mrouter

Displays the Multicast Router Menu.

find <IP address>

Displays a single IGMP multicast group by its IP address.

vlan <1-4094>

Displays all IGMP multicast groups on a single VLAN.

port <port number>

Displays all IGMP multicast groups on a single port.

trunk <1-40>

Displays all IGMP multicast groups on a single trunk group.

Detail <IP adress>

Displays details about IGMP multicast groups, including source and timer information.

dump

Displays information for all multicast groups.

IP information

Command: /info/l3/ip

The following interface and default gateway information is displayed:

Interface number IP address IP mask IP broadcast address Operational status Bootp relay settings Network filter settings Route map settings

IGMP multicast group information

Command: /info/l3/igmp

The following table describes the commands used to display information about IGMP groups learned by the switch.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 48

IGMP multicast router port information

[IGMP Multicast Router Menu]

vlan - Show all multicast router ports on a single vlan dump - Show all multicast router ports

Table 36 IGMP Multicast Router menu options

Command

Usage

vlan <1-4094>

Displays information for all multicast groups on a single VLAN.

dump

Displays information for all multicast groups learned by the switch.

VRRP information:

1: vrid 2, 205.178.18.210, if 1, renter, prio 100, master, server 2: vrid 1, 205.178.18.202, if 1, renter, prio 100, backup 3: vrid 3, 205.178.18.204, if 1, renter, prio 100, master, proxy

Command: /info/l3/igmp/mrouter

The following table describes the commands used to display information about multicast routers learned through IGMP Snooping.

VRRP information

Virtual Router Redundancy Protocol (VRRP) support on the switch provides redundancy between routers in a LAN. This is accomplished by configuring the same virtual router IP address and ID number on each participating VRRP-capable routing device. One of the virtual routers is then elected as the master, based on a number of priority criteria, and assumes control of the shared virtual router IP address. If the master fails, one of the backup virtual routers will assume routing authority and take control of the virtual router IP address.

Command: /info/vrrp

When virtual routers are configured, you can view the status of each virtual router using this command. VRRP information includes:

Virtual router number Virtual router ID and IP address Interface number Ownership status

owner identifies the preferred master virtual router. A virtual router is the owner when the IP

address of the virtual router and its IP interface are the same.

renter identifies virtual routers which are not owned by this device Priority value. During the election process, the virtual router with the highest priority becomes master. Activity status

master identifies the elected master virtual router.

backup identifies that the virtual router is in backup mode.

init identifies that the virtual router is waiting for a startup event. Once it receives a startup

event, it transitions to master if its priority is 255, (the IP address owner), or transitions to backup if it is not the IP address owner.

Server status. The server state identifies virtual routers. Proxy status. The proxy state identifies virtual proxy routers, where the virtual router shares the same IP

address as a proxy IP address. The use of virtual proxy routers enables redundant switches to share the same IP address, minimizing the number of unique IP addresses that must be configured.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 49

[QoS Menu]

8021p - Show QOS 802.1p information

Table 37 QoS menu options

Command

Usage

8021p

Displays the QoS 802.1p Information Menu.

Current priority to COS queue information: Priority COSq Weight

-------- ---- ----- 0 0 1 1 0 1 2 0 1 3 0 1 4 1 2 5 1 2 6 1 2 7 1 2

Current port priority information: Port Priority COSq Weight

----- -------- ---- ----- 1 0 0 1 2 0 0 1 3 0 0 1 4 0 0 1 … 20 0 0 1 21 0 0 1

Table 38 802.1p Priority to COS Queue information

Field

Description

Priority

Displays the 802.1p Priority level.

Cosq

Displays the Class of Service queue.

Weight

Displays the scheduling weight of the COS queue.

Table 39 802.1p Port Priority information

Field

Description

Port

Displays the port number.

Priority

Displays the 802.1p Priority level.

Cosq

Displays the Class of Service (COS) queue.

Weight

Displays the scheduling weight.

QoS information

Command: /info/qos

The following table describes the commands used to display Quality of Service (QoS) information.

802.1p information

Command: /info/qos/8021p

The following table describes the IEEE 802.1p priority to COS queue information.

The following table describes the IEEE 802.1p port priority information.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 50

ACL information

Current ACL information:

------------------------

Filter 1 profile:

Ethernet

- VID : 1/0xfff

Actions : Set COS to 0

Filter 2 profile:

Ethernet

- VID : 1/0xfff

Actions : Permit

No ACL groups configured.

[RMON Information Menu] hist - Show RMON History group information alarm - Show RMON Alarm group information event - Show RMON Event group information dump - Show all RMON information

Table 40 RMON History Information Menu /info/rmon/hist

Command

Usage

hist

Displays the RMON History Information menu.

alarm

Displays the RMON Alarm Information menu.

event

Displays the RMON Event Information menu.

dump

Displays all RMON Information parameters.

RMON History group configuration:

Index IFOID Interval Rbnum Gbnum

----- ------------------------------ -------- ----- -----

1 1.3.6.1.2.1.2.2.1.1.24 30 5 5

2 1.3.6.1.2.1.2.2.1.1.24 30 5 5

3 1.3.6.1.2.1.2.2.1.1.18 30 5 5

4 1.3.6.1.2.1.2.2.1.1.19 30 5 5

5 1.3.6.1.2.1.2.2.1.1.24 1800 5 5

Table 41 RMON History Information Menu /info/rmon/hist

Command

Usage

Index

Displays the index number that identifies each history instance.

IFOID

Displays the MIB Object Identifier.

Interval

Displays the time interval for each for each sampling bucket.

Rbnum

Displays the number of requested buckets, which is the number of data slots into which data is to be saved.

Command: /info/acl

Access Control List (ACL) information provides configuration parameters for each Access Control List. It also shows which ACLs are included in each ACL Group.

RMON Information Menu

Command: /info/rmon

The following table describes the RMON Information parameters.

RMON history information

Command: /info/rmon/hist

The following table describes the RMON History Information parameters.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 51

Table 41 RMON History Information Menu /info/rmon/hist

Command

Usage

Gbnum

Displays the number of granted buckets that may hold sampled data.

RMON Alarm group configuration:

Index Interval Type rLimit fLimit rEvtIdx fEvtIdx last value

----- -------- ---- -------- -------- ------- ------- ----------

1 30 abs 10 0 1 0 0

2 900 abs 0 10 0 2 0

3 300 abs 10 20 0 0 0

4 1800 abs 10 0 1 0 0

5 1800 abs 10 0 1 0 0

8 1800 abs 10 0 1 0 56344540

10 1800 abs 10 0 1 0 0

11 1800 abs 10 0 1 0 0

15 1800 abs 10 0 1 0 0

18 1800 abs 10 0 1 0 0

100 1800 abs 10 0 1 0 0

Index OID

----- ------------------------------

1 1.3.6.1.2.1.2.2.1.10.257

2 1.3.6.1.2.1.2.2.1.11.258

3 1.3.6.1.2.1.2.2.1.12.259

4 1.3.6.1.2.1.2.2.1.13.260

5 1.3.6.1.2.1.2.2.1.14.261

8 1.3.6.1.2.1.2.2.1.10.280

10 1.3.6.1.2.1.2.2.1.15.262

11 1.3.6.1.2.1.2.2.1.16.263

15 1.3.6.1.2.1.2.2.1.19.266

18 1.3.6.1.2.1.2.2.1.10.279

100 1.3.6.1.2.1.2.2.1.17.264

Table 42 RMON Alarm Information Menu /info/rmon/alarm

Command

Index

Displays the index number that identifies each alarm instance.

Interval

Displays the time interval over which data is sampled and compared with the rising and falling thresholds.

Type

Displays the method of sampling the selected variable and calculating the value to be compared against the thresholds, as follows: abs: absolute value, the value of the selected variable is compared directly with the thresholds at the end of the sampling interval. delta: delta value, the value of the selected variable at the last sample is subtracted from the current value, and the difference compared with the thresholds.

rLimit

Displays the rising threshold for the sampled statistic.

fLimit

Displays the falling threshold for the sampled statistic.

rEvtIdx

Displays the rising alarm event index that is triggered when a rising threshold is crossed.

fEvtIdx

Displays the falling alarm event index that is triggered when a falling threshold is crossed.

Last value

Displays the last sampled value.

OID

Displays the MIB Object Identifier for each alarm index.

RMON alarm information

Command: /info/rmon/alarm

The following table describes the RMON Alarm Information parameters.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 52

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 53

RMON Event group configuration:

Index Type Last Sent Description

----- ---- ---------------- ---------------------------------

1 both 0D: 0H: 1M:20S Event_1

2 none 0D: 0H: 0M: 0S Event_2

3 log 0D: 0H: 0M: 0S Event_3

4 trap 0D: 0H: 0M: 0S Event_4

5 both 0D: 0H: 0M: 0S Log and trap event for Link Down

10 both 0D: 0H: 0M: 0S Log and trap event for Link Up

11 both 0D: 0H: 0M: 0S Send log and trap for icmpInMsg

15 both 0D: 0H: 0M: 0S Send log and trap for icmpInEchos

100 both 0D: 0H: 0M: 0S Event_100

Table 43 RMON Event Information Menu /info/rmon/event

Command

Usage

Index

Displays the index number that identifies each event instance.

Type

Displays the type of notification provided for this event, as follows: none, log, trap, both.

Last Sent

Displays the time that passed since the last switch reboot, when the most recent event was triggered. This value is cleared when the switch reboots.

Description

Displays a text description of the event.

-----------------------------------------------------------------Port Speed Duplex Flow Ctrl Link

----- ----- -------- --TX-----RX-- ----- 1 10000 full yes yes disabled 2 10000 full yes yes disabled 3 10000 full yes yes disabled 4 10000 full yes yes disabled 5 10000 full yes yes disabled 6 10000 full yes yes disabled 7 10000 full yes yes disabled 8 10000 full yes yes disabled 9 10000 full yes yes disabled 10 10000 full yes yes disabled 11 10000 full yes yes disabled 12 10000 full yes yes disabled 13 10000 full yes yes disabled 14 10000 full yes yes disabled 15 10000 full yes yes disabled 16 10000 full yes yes disabled 17 any any yes yes up 18 10000 full yes yes down 19 10000 full yes yes down 20 10000 full yes yes down 21 10000 full yes yes down

RMON event information

Command: /info/rmon/event

The following table describes the RMON Event Information parameters.

Link status information

Command: /info/link

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 54

Use this command to display link status information about each port on a switch, including:

Port Tag RMON PVID NAME VLAN(s)

---- --- ---- ---- -------------- ------------------------------ 1 n d 1 Downlink1 1 2 n d 1 Downlink2 1 3 n d 1 Downlink3 1 4 n d 1 Downlink4 1 5 n d 1 Downlink5 1 6 n d 1 Downlink6 1 7 n d 1 Downlink7 1 8 n d 1 Downlink8 1 9 n d 1 Downlink9 1 10 n d 1 Downlink10 1 11 n d 1 Downlink11 1 12 n d 1 Downlink12 1 13 n d 1 Downlink13 1 14 n d 1*Downlink14 1 15 n d 1*Downlink15 1 16 n d 1*Downlink16 1 17 n d 4095 Mgmt 4095 18 n d 1*Uplink1 1 19 n d 1*Uplink2 1 20 n d 1*Uplink3 1 21 n d 1*Uplink4 1 * = PVID is tagged.

Port number Port speed (10 Mb/s, 100 Mb/s, 10000 Mb/s, or any) Duplex mode (half, full, or any) Flow control for transmit and receive (no, yes, or any) Link status (up or down)

Port information

Command: /info/port

Port information includes:

Port number Whether the port uses VLAN tagging or not (y or n) Whether Remote Monitoring (RMON) is enabled or disabled (e or d) Port VLAN ID (PVID) Port name VLAN membership

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 55

Port Device TX-Enable RX-Signal TX-Fault

------ ------ --------- --------- -------SFP21 FI-SFP **** NOT Installed **** SFP22 FI-SFP **** NOT Installed **** SFP23 FI-SFP enabled ok none SFP24 FI-SFP enabled ok none

Uplink Failure Detection 1: Enabled LtM status: Down Member STG STG State Link Status

--------- --- ------------ -----------

port 20 down 1 DISABLED 10 DISABLED * 15 DISABLED * * = STP turned off for this port.

LtD status: Auto Disabled Member Link Status

--------- -----------

port 1 disabled port 2 disabled port 3 disabled port 4 disabled

Uplink Failure Detection 2: Disabled

Uplink Failure Detection 3: Disabled

Uplink Failure Detection 4: Disabled

SFP information

Command: /info/sfp

This command displays the status of the Small Form Pluggable (SFP) module on each Fiber External Port.

Uplink Failure Detection information

Command: /info/ufd

UFD (Uplink Failure Detection) information includes:

UFD status, either enabled or disabled LtM status and member ports

Information dump

Spanning Tree status for LtM ports LtD status and member ports

Command: /info/dump

Use the dump command to dump all switch information available from the Information Menu (10K or more, depending on your configuration). This data is useful for tuning and debugging switch performance.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 56

Statistics Menu

[Statistics Menu] port - Port Stats Menu clrports – Clear stats for all ports l2 - Layer 2 Stats Menu l3 - Layer 3 Stats Menu mp - MP-specific Stats Menu acl - ACL Stats Menu snmp - Show SNMP stats ntp - Show NTP stats ufd - Show Uplink Failure Detection stats clrmp - Clear all MP related stats dump - Dump all stats

Table 44 Statistics Menu options

Command

Usage

port <port number>

Displays the Port Statistics Menu for the specified port. Use this command to display traffic statistics on a port-by-port basis. Traffic statistics are included in SNMP Management Information Base (MIB) objects.

clrports

Clear statistics counters for all ports.

Displays the Layer 2 Statistics Menu.

Displays the Layer 3 Statistics Menu.

Displays the Management Processor Statistics Menu.

acl

Displays the Access Control List Statistics Menu.

snmp

Displays SNMP statistics.

ntp <clear>

Displays Network Time Protocol (NTP) Statistics. Add the argument, clear, to clear NTP statistics.

ufd <clear>

Displays Uplink Failure Detection statistics. Add the argument, clear, to clear UFD statistics.

clrmp

Clears all Management Processor Statistics.

dump

Dumps all switch statistics. Use this command to gather data for tuning and debugging switch performance. If you want to capture dump data to a file, set your communication software on your workstation to capture session data prior to issuing the dump command.

[Port Statistics Menu]

8021x - Show 802.1x stats brg - Show bridging ("dot1") stats ether - Show Ethernet ("dot3") stats if - Show interface ("if") stats ip - Show Internet Protocol ("IP") stats link - Show link stats rmon - Show RMON stats clear - Clear all port stats

Introduction

You can view switch performance statistics in the user, operator, and administrator command modes. This chapter discusses how to use the CLI to display switch statistics.

Menu information

Command: /stats

The following table describes the Statistics Menu options.

Port Statistics Menu

Command: /stats/port <port number>

This menu displays traffic statistics on a port-by-port basis.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 57

Table 45 Port Statistics Menu options

Command

Usage

8021x

Displays IEEE 802.1x statistics

brg

Displays bridging (―dot1‖) statistics for the port.

ether

Displays Ethernet (―dot3‖) statistics for the port.

Displays interface statistics for the port.

Displays Internet Protocol statistics for the port.

link

Displays link statistics for the port.

rmon

Displays Remote Monitoring (RMON) statistics for the port.

clear

Clears all the statistics on the port.

Authenticator Statistics: eapolFramesRx = 0 eapolFramesTx = 0 eapolStartFramesRx = 0 eapolLogoffFramesRx = 0 eapolRespIdFramesRx = 0 eapolRespFramesRx = 0 eapolReqIdFramesTx = 0 eapolReqFramesTx = 0 invalidEapolFramesRx = 0 eapLengthErrorFramesRx = 0 lastEapolFrameVersion = 0 lastEapolFrameSource = 00:00:00:00:00:00

Authenticator Diagnostics: authEntersConnecting = 0 authEapLogoffsWhileConnecting = 0 authEntersAuthenticating = 0 authSuccessesWhileAuthenticating = 0 authTimeoutsWhileAuthenticating = 0 authFailWhileAuthenticating = 0 authReauthsWhileAuthenticating = 0 authEapStartsWhileAuthenticating = 0 authEapLogoffWhileAuthenticating = 0 authReauthsWhileAuthenticated = 0 authEapStartsWhileAuthenticated = 0 authEapLogoffWhileAuthenticated = 0 backendResponses = 0 backendAccessChallenges = 0 backendOtherRequestsToSupplicant = 0 backendNonNakResponsesFromSupplicant = 0 backendAuthSuccesses = 0 backendAuthFails = 0

Table 46 802.1x statistics for port

Statistics

Description

Authenticator Diagnostics

authEntersConnecting

Total number of times that the state machine transitions to the CONNECTING state from any other state.

authEapLogoffsWhileConnecting

Total number of times that the state machine transitions from CONNECTING to DISCONNECTED as a result of receiving an EAPOL-Logoff message.

authEntersAuthenticating

Total number of times that the state machine transitions from CONNECTING to AUTHENTICATING, as a result of an EAPResponse/ Identity message being received from the Supplicant.

The following table describes the Port Statistics Menu options:

802.1x statistics

Command: /stats/port <port number>/8021x

The following table describes the 802.1x authenticator diagnostics for a selected port:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 58

Table 46 802.1x statistics for port

Statistics

Description

authSuccessesWhile Authenticating

Total number of times that the state machine transitions from AUTHENTICATING to AUTHENTICATED, as a result of the Backend Authentication state machine indicating successful authentication of the Supplicant.

authTimeoutsWhileAuthenticating

Total number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating authentication timeout.

authFailWhileAuthenticating

Total number of times that the state machine transitions from AUTHENTICATING to HELD, as a result of the Backend Authentication state machine indicating authentication failure.

authReauthsWhileAuthenticating

Total number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of a re-authentication request

authEapStartsWhileAuthenticating

Total number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of an EAPOL-Start message being received from the Supplicant.

authEapLogoffWhileAuthenticating

Total number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of an EAPOL-Logoff message being received from the Supplicant.

authReauthsWhileAuthenticated

Total number of times that the state machine transitions from AUTHENTICATED to CONNECTING, as a result of a reauthentication request.

authEapStartsWhileAuthenticated

Total number of times that the state machine transitions from AUTHENTICATED to CONNECTING, as a result of an EAPOL-Start message being received from the Supplicant.

authEapLogoffWhileAuthenticated

Total number of times that the state machine transitions from AUTHENTICATED to DISCONNECTED, as a result of an EAPOLLogoff message being received from the Supplicant.

backendResponses

Total number of times that the state machine sends an initial Access-Request packet to the Authentication server. Indicates that the Authenticator attempted communication with the Authentication Server.

backendAccessChallenges

Total number of times that the state machine receives an initial Access-Challenge packet from the Authentication server. Indicates that the Authentication Server has communication with the Authenticator.

backendOtherRequestsToSupplicant

Total number of times that the state machine sends an EAPRequest packet (other than an Identity, Notification, Failure, or Success message) to the Supplicant. Indicates that the Authenticator chose an EAP-method.

backendNonNakResponsesFrom Supplicant

Total number of times that the state machine receives a response from the Supplicant to an initial EAP-Request, and the response is something other than EAP-NAK. Indicates that the Supplicant can respond to the Authenticators chosen EAP-method.

backendAuthSuccesses

Total number of times that the state machine receives an Accept message from the Authentication Server. Indicates that the Supplicant has successfully authenticated to the Authentication Server.

backendAuthFails

Total number of times that the state machine receives a Reject message from the Authentication Server. Indicates that the Supplicant has not authenticated to the Authentication Server.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 59

Bridging statistics for port 1: dot1PortInFrames: 63242584 dot1PortOutFrames: 63277826 dot1PortInDiscards: 0 dot1TpLearnedEntryDiscards: 0 dot1StpPortForwardTransitions: 0

Table 47 Bridging statistics for port

Statistics

Description

dot1PortInFrames

The number of frames that have been received by this port from its segment. A frame received on the interface corresponding to this port is counted by this object, if and only if, it is for a protocol being processed by the local bridging function, including bridge management frames.

dot1PortOutFrames

The number of frames that have been transmitted by this port to its segment. A frame transmitted on the interface corresponding to this port is counted by this object, if and only if, it is for a protocol being processed by the local bridging function, including bridge management frames.

dot1PortInDiscards

Count of valid frames received which were discarded (that is, filtered) by the forwarding process.

dot1TpLearnedEntryDiscards

The total number of Forwarding Database entries, which have been or would have been learned, but have been discarded due to a lack of space to store them in the Forwarding Database. If this counter is increasing, it indicates that the Forwarding Database is regularly becoming full (a condition which has adverse performance effects on the sub network). If this counter has a significant value but is not presently increasing, it indicates that the problem has been occurring but is not persistent.

dot1StpPortForwardTransitions

The number of times this port has transitioned from the Learning state to the Forwarding state.

Ethernet statistics for port 1: dot3StatsAlignmentErrors: 0 dot3StatsFCSErrors: 0 dot3StatsSingleCollisionFrames: 0 dot3StatsMultipleCollisionFrames: 0 dot3StatsLateCollisions: 0 dot3StatsExcessiveCollisions: 0 dot3StatsInternalMacTransmitErrors: NA dot3StatsFrameTooLongs: 0 dot3StatsInternalMacReceiveErrors: 0

Bridging statistics

Command: /stats/port <port number>/brg

The following table describes the bridging statistics for a selected port:

Ethernet statistics

Command: /stats/port <port number>/ether

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 60

Table 48 Ethernet statistics for port

Statistics

Description

dot3StatsAlignmentErrors

A count of frames received on a particular interface that are not an integral number of octets in length and do not pass the Frame Check Sequence (FCS) check. The count represented by an instance of this object is incremented when the alignmentError status is returned by the MAC service to the Logical Link Control (LLC) (or other MAC user). Received frames for which multiple error conditions obtained are, according to the conventions of IEEE 802.3 Layer Management, counted exclusively according to the error status presented to the LLC.

dot3StatsFCSErrors

A count of frames received on a particular interface that are an integral number of octets in length but do not pass the Frame Check Sequence (FCS) check. The count represented by an instance of this object is incremented when the frameCheckError status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions obtained are, according to the conventions of IEEE 802.3 Layer Management, counted exclusively according to the error status presented to the LLC.

dot3StatsSingleCollisionFrames

A count of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision. A frame that is counted by an instance of this object is also counted by the corresponding instance of the ifOutUcastPkts, ifOutMulticastPkts, or ifOutBroadcastPkts, and is not counted by the corresponding instance of the dot3StatsMultipleCollisionFrame object.

dot3StatsMultipleCollisionFrames

A count of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision. A frame that is counted by an instance of this object is also counted by the corresponding instance of either the ifOutUcastPkts, ifOutMulticastPkts, or ifOutBroadcastPkts, and is not counted by the corresponding instance of the dot3StatsSingleCollisionFrames object.

dot3StatsLateCollisions

The number of times that a collision is detected on a particular interface later than 512 bit-times into the transmission of a packet. Five hundred and twelve bit-times corresponds to 51.2 microseconds on a 10 Mbit/s system. A (late) collision included in a count represented by an instance of this object is also considered as a (generic) collision for purposes of other collision-related statistics.

dot3StatsExcessiveCollisions

A count of frames for which transmission on a particular interface fails due to excessive collisions.

The following table describes the Ethernet statistics for a selected port:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 61

Table 48 Ethernet statistics for port

Statistics

Description

dot3StatsInternalMacTransmitErrors

A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error. A frame is only counted by an instance of this object if it is not counted by the corresponding instance of either the dot3StatsLateCollisions object, the dot3StatsExcessiveCollisions object, or the dot3StatsCarrierSenseErrors object. The precise meaning of the count represented by an instance of this object is implementation specific. In particular, an instance of this object may represent a count of transmission errors on a particular interface that are not otherwise counted.

dot3StatsFrameTooLongs

A count of frames received on a particular interface that exceeds the maximum permitted frame size. The count represented by an instance of this object is incremented when the frameTooLong status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions obtained are, according to the conventions of IEEE 802.3 Layer Management, counted exclusively according to the error status presented to the LLC.

dot3StatsInternalMacReceiveErrors

A count of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error. A frame is only counted by an instance of this object if it is not counted by the corresponding instance of the dot3StatsFrameTooLongs object, the dot3StatsAlignmentErrors object, or the dot3StatsFCSErrors object. The precise meaning of the count represented by an instance of this object is implementation specific. In particular, an instance of this object may represent a count of received errors on a particular interface that are not otherwise counted.

Interface statistics for port 1: ifHCIn Counters ifHCOut Counters Octets: 51697080313 51721056808 UcastPkts: 65356399 65385714 BroadcastPkts: 0 6516 MulticastPkts: 0 0 Discards: 0 0 Errors: 0 21187

Interface statistics

Command: /stats/port <port number>/if

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 62

Table 49 Interface statistics for port

Statistics

Description

Octets—IfHCIn

The total number of octets received on the interface, including framing characters.

UcastPkts—IfHCIn

The number of packets, delivered by this sublayer to a higher sublayer, which were not addressed to a multicast or broadcast address at this sublayer.

BroadcastPkts—IfHCIn

The number of packets, delivered by this sublayer to a higher sublayer, which were addressed to a broadcast address at this sublayer.

MulticastPkts—IfHCIn

The total number of packets, delivered by this sublayer. These are the packets that higher-level protocols requested to be transmitted, and which were addressed to a multicast address at this sublayer, including those that were discarded or not sent. For a MAC layer protocol, this includes both group and functional addresses.

Discards—IfHCIn

The number of inbound packets which were chosen to be discarded even though no errors were detected to prevent their being delivered to a higherlayer protocol.

Errors—IfHCIn

For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being delivered to a higher-layer protocol.

Octets—IfHCOut

The total number of octets transmitted out of the interface, including framing characters.

UcastPkts—IfHCOut

The total number of packets that higher-level protocols requested to be transmitted, and which were not addressed to a multicast or broadcast address at this sublayer, including those that were discarded or not sent.

BroadcastPkts—IfHCOut

The total number of packets that higher-level protocols requested to be transmitted, and which were addressed to a broadcast address at this sublayer, including those that were discarded or not sent.

MulticastPkts—IfHCOut

The total number of packets that higher-level protocols requested to be transmitted, and which were addressed to a multicast address at this sublayer, including those that were discarded or not sent.

Discards—IfHCOut

The number of outbound packets that were chosen to be discarded even though no errors had been detected to prevent their being transmitted.

Errors—IfHCOut

For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. .

GEA IP statistics for port 1:

ipInReceives : 0 ipInHeaderError: 0 ipInDiscards : 0

The following table describes the interface (IF) statistics for a selected port:

Internet Protocol (IP) statistics

Command: /stats/port <port number>/ip

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 63

Table 50 IP statistics for port

Statistics

Description

ipInReceives

The total number of input datagrams received from interfaces, including those received in error.

ipInHeaderError

The number of input datagrams discarded because the IP address in their IP header's destination field was not a valid address to be received at this entity (the switch).

ipInDiscards

The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting re-assembly.

Link statistics for port 1:

linkStateChange: 2

Table 51 Link statistics for port

Statistic

Description

linkStateChange

The total number of link state changes.

RMON statistics for port 1: etherStatsDropEvents: NA etherStatsOctets: 0 etherStatsPkts: 0 etherStatsBroadcastPkts: 0 etherStatsMulticastPkts: 0 etherStatsCRCAlignErrors: 0 etherStatsUndersizePkts: 0 etherStatsOversizePkts: 0 etherStatsFragments: 0 etherStatsJabbers: 0 etherStatsCollisions: 0 etherStatsPkts64Octets: 0 etherStatsPkts65to127Octets: 0 etherStatsPkts128to255Octets: 0 etherStatsPkts256to511Octets: 0 etherStatsPkts512to1023Octets: 0 etherStatsPkts1024to1518Octets: 0

The following table describes the Internet Protocol (IP) statistics for a selected port:

Link statistics

Command: /stats/port <port number>/link

The following table describes the link statistics for a selected port:

Port RMON statistics

Command: /stats/port <port number>/rmon

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 64

Table 52 RMON statistics

Statistic

Description

etherStatsDropEvents

The total number of packets received that were dropped because of system resource constraints.

etherStatsOctets

The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets).

etherStatsPkts

The total number of packets (including bad packets, broadcast packets, and multicast packets) received.

etherStatsBroadcastPkts

The total number of good packets received that were directed to the broadcast address.

etherStatsMulticastPkts

The total number of good packets received that were directed to a multicast address.

etherStatsCRCAlignErrors

The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).

etherStatsUndersizePkts

The total number of packets received that were less than 64 octets long (excluding framing bits but including FCS octets) and were otherwise well formed.

etherStatsOversizePkts

The total number of packets received that were longer than 1518 octets (excluding framing bits but including FCS octets) and were otherwise well formed.

etherStatsFragments

The total number of packets received that were less than 64 octets in length (excluding framing bits but including FCS octets) and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).

etherStatsJabbers

The total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). Jabber is defined as the condition where any packet exceeds 20 ms. The allowed range to detect jabber is between 20 ms and 150 ms.

etherStatsCollisions

The best estimate of the total number of collisions on this Ethernet segment.

etherStatsPkts64 Octets

The total number of packets (including bad packets) received that were less than or equal to 64 octets in length (excluding framing bits but including FCS octets).

etherStatsPkts65to127 Octets

The total number of packets (including bad packets) received that were greater than 64 octets in length (excluding framing bits but including FCS octets).

etherStatsPkts128to255 Octets

The total number of packets (including bad packets) received that were greater than 127 octets in length (excluding framing bits but including FCS octets).

etherStatsPkts256to511 Octets

The total number of packets (including bad packets) received that were greater than 255 octets in length (excluding framing bits but including FCSoctets).

etherStatsPkts512to1023 Octets

The total number of packets (including bad packets) received that were greater than 511 octets in length (excluding framing bits but including FCS octets).

etherStatsPkts1024to1518 Octets

The total number of packets (including bad packets) received that were greater than 1023 octets in length (excluding framing bits but including FCS octets).

The following table describes the Remote Monitoring (RMON) statistics of the selected port:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 65

[Layer 2 Statistics Menu] fdb - Show FDB stats lacp - Show LACP stats

Table 53 Layer 2 statistics menu options

Command

Usage

fdb

Displays the Forwarding Database statistics.

lacp

Displays the Link Aggregation Control Protocol (LACP) statistics.

FDB statistics:

current: 91 hiwat: 91

Table 54 Forwarding Database statistics

Statistic

Description

current

Current number of entries in the Forwarding Database.

hiwat

Highest number of entries recorded at any given time in the Forwarding Database.

Valid LACPDUs received - 0 Valid Marker PDUs received - 0 Valid Marker Rsp PDUs received - 0 Unknown version/TLV type - 0 Illegal subtype received - 0 LACPDUs transmitted - 0 Marker PDUs transmitted - 0 Marker Rsp PDUs transmitted - 0

Layer 2 statistics

Command: /stats/l2

The following table describes the Layer 2 statistics menu options.

FDB statistics

Command: /stats/l2/fdb

This menu option enables you to display statistics regarding the use of the forwarding database, including the number of current entries and the maximum number of entries ever recorded.

The following table describes the Forwarding Database (FDB) statistics:

LACP statistics

Command: /stats/l2/lacp <port number> <clear>

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 66

[Layer 3 Statistics Menu] geal3 - GEA Layer 3 Stats Menu ip - Show IP stats route - Show route stats arp - Show ARP stats dns - Show DNS stats icmp - Show ICMP stats tcp - Show TCP stats udp - Show UDP stats igmp - Show IGMP stats ospf - OSPF stats vrrp - Show VRRP stats clvrrp - Clear VRRP stats igmpgrps – Total number of IGMP groups ipmcgrps – Total number of IPMC groups clrigmp - Clear IGMP stats ipclear - Clear IP stats ripclear – Clear RIP stats ospfclear – Clear all OSPF stats dump - Dump layer 3 stats

Table 55 Layer 3 statistics menu options

Command

Usage

geal3

Displays the GEA statistics menu.

IP statistics.

route

Displays route statistics.

arp <clear>

Displays Address Resolution Protocol (ARP) statistics. Add the argument, clear, to clear ARP statistics.

dns

Displays Domain Name System (DNS) statistics.

icmp

Displays ICMP statistics.

tcp

Displays Transmission Control Protocol (TCP) statistics. Add the argument, clear, to clear TCP statistics.

udp

Displays User Datagram Protocol (UDP) statistics. Add the argument, clear, to clear UDP statistics.

igmp

Displays IGMP statistics.

ospf

Displays OSPF statistics menu.

vrrp

When virtual routers are configured, you can display the following

Advertisements received (vrrpInAdvers) Advertisements transmitted (vrrpOutAdvers) Advertisements received, but ignored (vrrpBadAdvers)

clrvrrp

Clears all VRRP statistics.

rip

Displays Routing Information Protocol (RIP) statistics

igmpgrps

Displays the total number of Internet Group Management Protocol (IGMP) groups registered the switch.

ipmcgrps

Displays the total number of Internet Protocol Multicast (IPMC) groups registered on the switch.

clrigmp <1-4095>|all

Clears all IGMP statistics for the selected VLANs.

ipclear

Clears IP statistics. Use this command with caution as it will delete all the IP statistics.

dump

Displays all Layer 3 statistics.

Layer 3 statistics

Command: /stats/l3

The following table describes the Layer 3 statistics menu options.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 67

[GEA Layer 3 Statistics Menu]

l3bucket - Show GEA L3 bucket for an IP address dump - Dump GEA layer 3 stats counter

Table 56 Layer 3 GEA statistics menu options

Command

Usage

l3bucket

Displays GEA statistics for a specific IP address.

Dump

Displays all GEA statistics.

GEA L3 statistics: Max L3 table size : 4096 Number of L3 entries used : 4

Max LPM table size : 512 Number of LPM entries used : 1

IP statistics: ipInReceives: 36475 ipInHdrErrors: 0 ipInAddrErrors: 905 ipInUnknownProtos: 0 ipInDiscards: 0 ipInDelivers: 4103 ipOutRequests: 30974 ipOutDiscards: 0 ipDefaultTTL: 255

Table 57 IP statistics

Statistics

Description

ipInReceives

The total number of input datagrams received from interfaces, including those received in error.

ipInHdrErrors

The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, timeto-live exceeded, errors discovered in processing their IP options, and so on.

ipInAddrErrors

The number of input datagrams discarded because the IP address in their IP header destination field was not a valid address to be received at this switch. This count includes invalid addresses (for example, 0.0.0.0) and addresses of unsupported classes (for example, Class E). For entities which are not IP gateways and therefore do not forward datagrams, this counter includes datagrams discarded because the destination address was not a local address.

ipInUnknownProtos

The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol.

ipInDiscards

The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded This counter does not include any datagrams discarded while awaiting reassembly.

ipInDelivers

The total number of input datagrams successfully delivered to IP user-protocols (including ICMP).

GEA Layer 3 statistics menu

Command: /stats/l3/geal3

The following table describes the Layer 3 GEA statistics menu options.

GEA Layer 3 statistics

Command: /stats/l3/geal3/dump

IP statistics

Command: /stats/l3/ip

The following table describes the IP statistics:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 68

Table 57 IP statistics

Statistics

Description

ipOutRequests

The total number of IP datagrams that local IP user-protocols (including ICMP) supplied to IP in requests for transmission. This counter does not include any datagrams counted in ipForwDatagrams.

ipOutDiscards

The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination, but which were discarded This counter would include datagrams counted in ipForwDatagrams if any such packets met this (discretionary) discard criterion.

ipDefaultTTL

The default value inserted into the Time-To-Live (TTL) field of the IP header of datagrams originated at this switch, whenever a TTL value is not supplied by the transport layer protocol.

Route statistics: ipRoutesCur: 7 ipRoutesHighWater: 7 ipRoutesMax: 1024

Table 58 Route statistics

Statistics

Description

ipRoutesCur

The total number of outstanding routes in the route table.

ipRoutesMax

The maximum number of supported routes.

ipRoutesHighWater

The highest number of routes ever recorded in the route table.

ARP statistics: arpEntriesCur: 4 arpEntriesHighWater: 6

arpEntriesMax: 4095

Table 59 ARP statistics

Statistic

Description

arpEntriesCur

The total number of outstanding ARP entries in the ARP table.

arpEntriesMax

The maximum number of ARP entries that are supported.

arpEntriesHighWater

The highest number of ARP entries ever recorded in the ARP table.

DNS statistics: dnsInRequests: 0 dnsOutRequests: 0 dnsBadRequests: 0

Table 60 DNS statistics

Statistic

Description

dnsInRequests

The total number of DNS request packets that have been received.

dnsOutRequests

The total number of DNS response packets that have been transmitted.

dnsBadRequests

The total number of DNS request packets received that were dropped.

Route statistics

Command: /stats/l3/route

The following table describes the Route statistics:

ARP statistics

Command: /stats/l3/arp

The following table describes the Address Resolution Protocol (ARP) statistics:

DNS statistics

Command: /stats/l3/dns

The following table describes the Domain Name System (DNS) statistics:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 69

ICMP statistics: icmpInMsgs: 0 icmpInErrors: 0 icmpInDestUnreachs: 0 icmpInTimeExcds: 0 icmpInParmProbs: 0 icmpInSrcQuenchs: 0 icmpInRedirects: 0 icmpInEchos: 0 icmpInEchoReps: 0 icmpInTimestamps: 0 icmpInTimestampReps: 0 icmpInAddrMasks: 0 icmpInAddrMaskReps: 0 icmpOutMsgs: 702746 icmpOutErrors: 0 icmpOutDestUnreachs: 0 icmpOutTimeExcds: 0 icmpOutParmProbs: 0 icmpOutSrcQuenchs: 0 icmpOutRedirects: 0 icmpOutEchos: 702746 icmpOutEchoReps: 0 icmpOutTimestamps: 0 icmpOutTimestampReps: 0 icmpOutAddrMasks: 0 icmpOutAddrMaskReps: 0

Table 61 ICMP statistics

Statistics

Description

icmpInMsgs

The total number of ICMP messages which the switch received. Note that this counter includes all those counted by icmpInErrors.

icmpInErrors

The number of ICMP messages which the switch received but determined as having ICMP specific errors (for example bad ICMP checksums and bad length).

icmpInDestUnreachs

The number of ICMP Destination Unreachable messages received.

icmpInTimeExcds

The number of ICMP Time Exceeded messages received.

icmpInParmProbs

The number of ICMP Parameter Problem messages received.

icmpInSrcQuenchs

The number of ICMP Source Quench (buffer almost full, stop sending data) messages received.

icmpInRedirects

The number of ICMP Redirect messages received.

icmpInEchos

The number of ICMP Echo (request) messages received.

icmpInEchoReps

The number of ICMP Echo Reply messages received.

icmpInTimestamps

The number of ICMP Timestamp (request) messages received.

icmpInTimestampReps

The number of ICMP Timestamp Reply messages received.

icmpInAddrMasks

The number of ICMP Address Mask Request messages received.

icmpInAddrMaskReps

The number of ICMP Address Mask Reply messages received.

icmpOutMsgs

The total number of ICMP messages which this switch attempted to send. Note that this counter includes all those counted by icmpOutErrors.

icmpOutErrors

The number of ICMP messages that this switch did not send due to problems discovered within ICMP such as a lack of buffer. This value should not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram. In some implementations there may be no types of errors that contribute to this counter's value.

icmpOutDestUnreachs

The number of ICMP Destination Unreachable messages sent.

icmpOutTimeExcds

The number of ICMP Time Exceeded messages sent.

icmpOutParmProbs

The number of ICMP Parameter Problem messages sent.

icmpOutSrcQuenchs

The number of ICMP Source Quench (buffer almost full, stop sending data) messages sent.

icmpOutRedirects

The number of ICMP Redirect messages sent.

icmpOutEchos

The number of ICMP Echo (request) messages sent.

icmpOutEchoReps

The number of ICMP Echo Reply messages sent.

icmpOutTimestamps

The number of ICMP Timestamp (request) messages sent.

icmpOutTimestampReps

The number of ICMP Timestamp Reply messages sent.

icmpOutAddrMasks

The number of ICMP Address Mask Request messages sent.

icmpOutAddrMaskReps

The number of ICMP Address Mask Reply messages sent.

ICMP statistics

Command: /stats/l3/icmp

The following table describes the Internet Control Messaging Protocol (ICMP) statistics:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 70

TCP statistics

TCP statistics: tcpRtoAlgorithm: 4 tcpRtoMin: 0 tcpRtoMax: 240000 tcpMaxConn: 2048 tcpActiveOpens: 0 tcpPassiveOpens: 0 tcpAttemptFails: 0 tcpEstabResets: 0 tcpInSegs: 0 tcpOutSegs: 0 tcpRetransSegs: 0 tcpInErrs: 0 tcpCurrEstab: 0 tcpCurConn: 5 tcpOutRsts: 0

Table 62 TCP statistics

Statistics

Description

tcpRtoAlgorithm

The algorithm used to determine the timeout value used for retransmitting unacknowledged octets.

tcpRtoMin

The minimum value permitted by a TCP implementation for the retransmission timeout, measured in milliseconds. More refined semantics for objects of this type depend upon the algorithm used to determine the retransmission timeout. In particular, when the timeout algorithm is rsre(3), an object of this type has the semantics of the LBOUND quantity described in Request For Comments (RFC) 793.

tcpRtoMax

The maximum value permitted by a TCP implementation for the retransmission timeout, measured in milliseconds. More refined semantics for objects of this type depend upon the algorithm used to determine the retransmission timeout. In particular, when the timeout algorithm is rsre(3), an object of this type has the semantics of the UBOUND quantity described in RFC 793.

tcpMaxConn

The limit on the total number of TCP connections the switch can support.

tcpActiveOpens

The number of times TCP connections have made a direct transition to the SYN-SENT state from the CLOSED state.

tcpPassiveOpens

The number of times TCP connections have made a direct transition to the SYN-RCVD state from the LISTEN state.

tcpAttemptFails

The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN-SENT state or the SYN-RCVD state, plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN-RCVD state.

tcpEstabResets

The number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE- WAIT state.

tcpInSegs

The total number of segments received, including those received in error. This count includes segments received on currently established connections.

tcpOutSegs

The total number of segments sent, including those on current connections but excluding those containing only retransmitted octets.

tcpRetransSegs

The total number of segments retransmitted, that is, the number of TCP segments transmitted containing one or more previously transmitted octets.

tcpInErrs

The total number of segments received in error (for example, bad TCP checksums).

tcpCurrEstab

The total number of outstanding memory allocations from heap by TCP protocol stack.

tcpCurConn

The total number of outstanding TCP sessions that are currently opened.

tcpOutRsts

The number of TCP segments sent containing the reset (RST) flag.

Command: /stats/l3/tcp

The following table describes the Transmission Control Protocol (TCP) statistics:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 71

UDP statistics: udpInDatagrams: 0 udpOutDatagrams: 12 udpInErrors: 0 udpNoPorts: 0

Table 63 UDP statistics

Statistics

Description

udpInDatagrams

The total number of UDP datagrams delivered to the switch.

udpOutDatagrams

The total number of UDP datagrams sent from this switch.

udpInErrors

The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port.

udpNoPorts

The total number of received UDP datagrams for which there was no application at the destination port.

IGMP Snoop vlan 1 statistics:

------------------------------------------------------------------

rxIgmpValidPkts: 0 rxIgmpInvalidPkts: 0

rxIgmpGenQueries: 0 rxIgmpGrpSpecificQueries: 0

rxIgmpGroupSrcSpecificQueries: 0

rxIgmpLeaves: 0 rxIgmpReports: 0

txIgmpReports: 0 txIgmpGrpSpecificQueries: 0

txIgmpLeaves: 0 rxIgmpV3CurrentStateRecords: 0

rxIgmpV3SourceListChangeRecords: 0 rxIgmpV3FilterChangeRecords: 0

Table 64 IGMP statistics

Statistic

Description

rxIgmpValidPkts

Total number of valid IGMP packets received

rxIgmpInvalidPkts

Total number of invalid packets received

rxIgmpGenQueries

Total number of General Membership Query packets received

rxIgmpGrpSpecificQueries

Total number of Membership Query packets received from specific groups

rxIgmpGroupSrcSpecific Queries

Total number of Group Source-Specific Queries (GSSQ) received

rxIgmpLeaves

Total number of Leave requests received

rxIgmpReports

Total number of Membership Reports received

txIgmpReports

Total number of Membership reports transmitted

txIgmpGrpSpecificQueries

Total number of Membership Query packets transmitted to specific groups

txIgmpLeaves

Total number of Leave messages transmitted

rxIgmpV3CurrentState Records

Total number of Current State records received

rxIgmpV3SourceListChange Records

Total number of Source List Change records received

rxIgmpV3FilterChange Records

Total number of Filter Change records received.

UDP statistics

Command: /stats/l3/udp

The following table describes the User Datagram Protocol (UDP) statistics:

IGMP Multicast Group statistics

Command: /stats/l3/igmp

This menu option enables you to display statistics regarding the use of the IGMP Multicast Groups.

The following table describes the IGMP statistics:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 72

OSPF statistics menu

[OSPF stats Menu] general - Show global stats aindex - Show area(s) stats if - Show interface(s) stats

Table 65 OSPF statistics menu options

Command

Usage

general

Displays OSPF global statistics.

aindex <0-2>

Displays area index statistics.

if <1-249>

Displays interface statistics.

OSPF stats

----------

Rx/Tx Stats: Rx Tx

-------- --------

Pkts 0 0 hello 23 518 database 4 12 ls requests 3 1 ls acks 7 7 ls updates 9 7 Nbr change stats: Intf change Stats: hello 2 up 4 start 0 down 2 n2way 2 loop 0 adjoint ok 2 unloop 0 negotiation done 2 wait timer 2 exchange done 2 backup 0 bad requests 0 nbr change 5 bad sequence 0 loading done 2 n1way 0 rst_ad 0 down 1 Timers kickoff hello 514 retransmit 1028 lsa lock 0 lsa ack 0 dbage 0 summary 0 ase export 0

Command: /stats/l3/ospf

The following table describes the OSPF statistics menu options.

OSPF global statistics

Command: /stats/l3/ospf/general

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 73

Table 66 OSPF global statistics

Statistic

Description

Rx Tx stats:

Rx Pkts

The sum total of all OSPF packets received on all OSPF areas and interfaces.

Tx Pkts

The sum total of all OSPF packets transmitted on all OSPF areas and interfaces.

Rx Hello

The sum total of all Hello packets received on all OSPF areas and interfaces.

Tx Hello

The sum total of all Hello packets transmitted on all OSPF areas and interfaces.

Rx Database

The sum total of all Database Description packets received on all OSPF areas and interfaces.

Tx Database

The sum total of all Database Description packets transmitted on all OSPF areas and interfaces.

Rx ls Requests

The sum total of all Link State Request packets received on all OSPF areas and interfaces.

Tx ls Requests

The sum total of all Link State Request packets transmitted on all OSPF areas and interfaces.

Rx ls Acks

The sum total of all Link State Acknowledgement packets received on all OSPF areas and interfaces.

Tx ls Acks

The sum total of all Link State Acknowledgement packets transmitted on all OSPF areas and interfaces.

Rx ls Updates

The sum total of all Link State Update packets received on all OSPF areas and interfaces.

Tx ls Updates

The sum total of all Link State Update packets transmitted on all OSPF areas and interfaces.

Nbr change stats:

hello

The sum total of all Hello packets received from neighbors on all OSPF areas and interfaces.

Start

The sum total number of neighbors in this state (that is, an indication that Hello packets should now be sent to the neighbor at intervals of

HelloInterval seconds) across all OSPF areas and interfaces.

n2way

The sum total number of bidirectional communication establishment between this router and other neighboring routers.

adjoint ok

The sum total number of decisions to be made (again) as to whether an adjacency should be established/maintained with the neighbor across all OSPF areas and interfaces.

negotiation done

The sum total number of neighbors in this state wherein the Master/slave relationship has been negotiated, and sequence numbers have been exchanged, across all OSPF areas and interfaces.

exchange done

The sum total number of neighbors in this state (that is, in an adjacency's final state) having transmitted a full sequence of Database Description packets, across all OSPF areas and interfaces.

bad requests

The sum total number of Link State Requests which have been received for a link state advertisement not contained in the database across all interfaces and OSPF areas.

The following table describes the OSPF global statistics:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 74

Table 66 OSPF global statistics

Statistic

Description

bad sequence

The sum total number of Database Description packets which have been received that either: a) Has an unexpected DD sequence number b) Unexpectedly has the init bit set c) Has an options field differing from the last Options field received in a Database Description packet.

loading done

The sum total number of link state updates received for all out-of-date portions of the database across all OSPF areas and interfaces.

n1way

The sum total number of Hello packets received from neighbors, in which this router is not mentioned across all OSPF interfaces and areas.

rst_ad

The sum total number of times the Neighbor adjacency has been reset across all OPSF areas and interfaces.

down

The total number of Neighboring routers down (that is, in the initial state of a neighbor conversation) across all OSPF areas and interfaces.

Intf Change Stats:

The sum total number of interfaces up in all OSPF areas.

down

The sum total number of interfaces down in all OSPF areas.

loop

The sum total of interfaces no longer connected to the attached network across all OSPF areas and interfaces.

unloop

The sum total number of interfaces, connected to the attached network in all OSPF areas.

wait timer

The sum total number of times the Wait Timer has been fired, indicating the end of the waiting period that is required before electing a (Backup) Designated Router across all OSPF areas and interfaces.

backup

The sum total number of Backup Designated Routers on the attached network for all OSPF areas and interfaces.

nbr change

The sum total number of changes in the set of bidirectional neighbors associated with any interface across all OSPF areas.

Timers Kickoff:

hello

The sum total number of times the Hello timer has been fired (which triggers the send of a Hello packet) across all OPSF areas and interfaces.

retransmit

The sum total number of times the Retransmit timer has been fired across all OPSF areas and interfaces.

lsa lock

The sum total number of times the Link State Advertisement (LSA) lock timer has been fired across all OSPF areas and interfaces.

lsa ack

The sum total number of times the LSA Ack timer has been fired across all OSPF areas and interfaces.

dbage

The total number of times the data base age (Dbage) has been fired.

summary

The total number of times the Summary timer has been fired.

ase export

The total number of times the Autonomous System Export (ASE) timer has been fired.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 75

>> Layer 3 Statistics# vrrp VRRP statistics: vrrpInAdvers: 0 vrrpBadAdvers: 0 vrrpOutAdvers: 0 vrrpBadVersion: 0 vrrpBadVrid: 0 vrrpBadAddress: 0 vrrpBadData: 0 vrrpBadPassword: 0 vrrpBadInterval: 0

Table 67 VRRP statistics

Field

Description

vrrpInAdvers

The total number of VRRP advertisements that have been received.

vrrpOutAdvers

The total number of VRRP advertisements that have been sent.

vrrpBadVersion

The total number of VRRP advertisements that had a bad version number.

vrrpBadAddress

The total number of VRRP advertisements that had a bad address.

vrrpBadPassword

The total number of VRRP advertisements that had a bad password.

vrrpBadAdvers

The total number of VRRP advertisements received that were dropped.

vrrpBadVrid

The total number of VRRP advertisements that had a bad virtual router ID.

vrrpBadData

The total number of VRRP advertisements that had bad data.

vrrpBadInterval

The total number of VRRP advertisements that had a bad interval.

VRRP statistics

One of the virtual routers is then elected as the master, based on a number of priority criteria, and assumes control of the shared virtual router IP address. If the master fails, one of the backup virtual routers will assume routing authority and take control of the virtual router IP address.

When virtual routers are configured, you can display the following protocol statistics for VRRP:

Advertisements received (vrrpInAdvers) Advertisements transmitted (vrrpOutAdvers) Advertisements received, but ignored (vrrpBadAdvers)

Command: /stats/l3/vrrp

The following table describes the VRRP statistics.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 76

RIP statistics

RIP ALL STATS INFORMATION: RIP packets received = 12 RIP packets sent = 75 RIP request received = 0 RIP response received = 12 RIP request sent = 3 RIP response sent = 72 RIP route timeout = 0 RIP bad size packet received = 0 RIP bad version received = 0 RIP bad zeros received = 0 RIP bad src port received = 0 RIP bad src IP received = 0 RIP packets from self received = 0

Table 68 RIP Statistics

Statistics

Description

RIP packets received

The total number of RIP packets received.

RIP packets sent

The total number of RIP packets transmitted.

RIP request received

The total number of RIP requests received.

RIP response received

The total number of RIP response received.

RIP request sent

The total number of RIP requests transmitted.

RIP response sent

The total number of RIP responses transmitted.

RIP route timeout

The total number of RIP route timeouts.

RIP bad size packet received

The total number of bad size RIP packets received.

RIP bad version received

The total number of RIP bad versions received.

RIP bad zeros received

The total number of RIP bad zeros (RIPv1 packets with non-zero unused fields) received.

RIP bad source port received

The total number of RIP bad source port received.

RIP bad source IP received

The total number of RIP bad source IP received.

RIP packets from self received

The total number of RIP packets from self received.

[MP-specific Statistics Menu]

pkt - Show Packet stats tcb - Show All TCP control blocks in use ucb - Show All UDP control blocks in use cpu - Show CPU utilization

Table 69 MP-specific Statistics Menu

Command

Usage

pkt

Displays packet statistics, to check for leads and load.

tcb

Displays all Transmission Control Protocol (TCP) control blocks (TCB) that are in use.

ucb

Displays all User Datagram Protocol (UDP) control blocks (UCB) that are in use.

cpu

Displays CPU utilization for periods of up to 1, 4, and 64 seconds.

Command: /stats/l3/rip

The following table describes the basic Routing Information Protocol (RIP) statistics :

Management Processor statistics

Command: /stats/mp

The following table describes the MP-specific Statistics Menu options:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 77

Packet counts:

allocs: 1174328 frees: 1174326

mediums: 0 mediums hi-watermark: 10

jumbos: 0 jumbos hi-watermark: 0

smalls: 2 smalls hi-watermark: 3

failures: 0

Table 70 MP specific packet statistics

Description

Example statistic

allocs

Total number of packet allocations from the packet buffer pool by the TCP/IP protocol stack.

frees

Total number of times the packet buffers are freed (released) to the packet buffer pool by the TCP/IP protocol stack.

mediums

Total number of packet allocations with size between 128 to 1536 bytes from the packet buffer pool by the TCP/IP protocol stack.

mediums hi-watermark

The highest number of packet allocation with size between 128 to 1536 bytes from the packet buffer pool by the TCP/IP protocol stack.

jumbos

Total number of packet allocations with more than 1536 bytes from the packet buffer pool by the TCP/IP protocol stack.

jumbos hi-watermark

The highest number of packet allocation with more than 1536 bytes from the packet buffer pool by the TCP/IP protocol stack.

smalls

Total number of packet allocations with size less than 128 bytes from the packet buffer pool by the TCP/IP protocol stack.

smalls hi-watermark

The highest number of packet allocation with size less than 128 bytes from the packet buffer pool by the TCP/IP protocol stack.

failures

Total number of packet allocation failures from the packet buffer pool by the TCP/IP protocol stack.

All TCP allocated control blocks: 10ad41e8: 0.0.0.0 0 <=> 0.0.0.0 80 listen 10ad5790: 47.81.27.5 1171 <=> 47.80.23.243 23 established

Table 71 TCP statistics

Description

Example statistic

Memory

10ad41e8/10ad5790

Destination IP address

0.0.0.0/47.81.27.5

Destination port

0/1171

Source IP

0.0.0.0/47.80.23.243

Source port

80/23

State

listen/established

Packet statistics

Command: /stats/mp/pkt

The following table describes the packet statistics.

TCP statistics

Command: /stats/mp/tcb

The following table describes the Transmission Control Protocol (TCP) control block (TCB) statistics shown in this example:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 78

All UDP allocated control blocks: 161: listen

Table 72 UDP statistics

Description

Example Statistic

Control block

161

State

listen

CPU utilization: cpuUtil1Second: 8% cpuUtil4Seconds: 9% cpuUtil64Seconds: 8%

Table 73 CPU statistics

Statistics

Description

cpuUtil1Second

The utilization of MP CPU over 1 second. This is shown as a percentage.

cpuUtil4Seconds

The utilization of MP CPU over 4 seconds. This is shown as a percentage.

cpuUtil64Seconds

The utilization of MP CPU over 64 seconds. This is shown as a percentage.

[ACL Menu] acl - Display ACL stats dump - Display all available ACL stats clracl - Clear ACL stats

Table 74 ACL statistics menu options

Command

Usage

acl <1-384>

Displays the Access Control List Statistics for a specific ACL.

dump

Displays all ACL statistics.

clracl

Clear all ACL statistics.

UDP statistics

Command: /stats/mp/ucb

The following table describes the User Datagram Protocol (UDP) control block (UCB) statistics shown in this example:

CPU statistics

Command: /stats/mp/cpu

The following table describes the management port CPU utilization statistics:

Access Control List (ACL) statistics menu

Command: /stats/acl

The following table describes the Access Control List (ACL) Statistics menu options:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 79

Hits for ACL 1: 26057515 Hits for ACL 2: 26057497

SNMP statistics: snmpInPkts: 282392 snmpInBadVersions: 0 snmpInBadC'tyNames: 0 snmpInBadC'tyUses: 0 snmpInASNParseErrs: 0 snmpEnableAuthTraps: 2 snmpOutPkts: 282392 snmpInBadTypes: 0 snmpInTooBigs: 0 snmpInNoSuchNames: 0 snmpInBadValues: 0 snmpInReadOnlys: 0 snmpInGenErrs: 0 snmpInTotalReqVars: 564784 snmpInTotalSetVars: 0 snmpInGetRequests: 282392 snmpInGetNexts: 0 snmpInSetRequests: 0 snmpInGetResponses: 0 snmpInTraps: 0 snmpOutTooBigs: 0 snmpOutNoSuchNames: 0 snmpOutBadValues: 0 snmpOutReadOnlys: 0 snmpOutGenErrs: 0 snmpOutGetRequests: 0 snmpOutGetNexts: 0 snmpOutSetRequests: 0 snmpOutGetResponses: 282392 snmpOutTraps: 0 snmpSilentDrops: 0 snmpProxyDrops: 0

Table 75 SNMP statistics

Statistics

Description

snmpInPkts

The total number of messages delivered to the SNMP entity from the transport service.

snmpInBadVersions

The total number of SNMP messages, which were delivered to the SNMP protocol entity and were for an unsupported SNMP version.

snmpInBadC'tyNames

The total number of SNMP messages delivered to the SNMP entity that used an SNMP community name not known to the switch.

snmpInBadC'tyUses

The total number of SNMP messages delivered to the SNMP protocol entity that represented an SNMP operation which was not allowed by the SNMP community named in the message.

snmpInASNParseErrs

The total number of ASN.1 (Abstract Syntax Notation One) or BER (Basic Encoding Rules), errors encountered by the SNMP protocol entity when decoding SNMP messages received. The Open Systems Interconnection (OSI) method of specifying abstract objects is called ASN.1 (Abstract Syntax Notation One, defined in X.208), and one set of rules for representing such objects as strings of ones and zeros is called the BER (Basic Encoding Rules, defined in X.209). ASN.1 is a flexible notation that allows one to define a variety of data types, from simple types such as integers and bit strings to structured types such as sets and sequences. BER describes how to represent or encode values of each ASN.1 type as a string of eight-bit octets.

snmpEnableAuthTraps

An object to enable or disable the authentication traps generated by this switch.

snmpOutPkts

The total number of SNMP messages which were passed from the SNMP protocol entity to the transport service.

snmpInBadTypes

The total number of SNMP messages which failed ASN.1 parsing.

snmpInTooBigs

The total number of SNMP Protocol Data Units (PDUs) that were delivered to the SNMP protocol entity and for which the value of the error-status field is too big.

ACL statistics

Command: /stats/acl/dump

SNMP statistics

Command: /stats/snmp

The following table describes the Simple Network Management Protocol (SNMP) statistics:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 80

Table 75 SNMP statistics

Statistics

Description

snmpInNoSuchNames

The total number of SNMP Protocol Data Units (PDUs) that were delivered to the SNMP protocol entity and for which the value of the error-status field is noSuchName.

snmpInBadValues

The total number of SNMP Protocol Data Units (PDUs) that were delivered to the SNMP protocol entity and for which the value of the error-status field is badValue.

snmpInReadOnlys

The total number of valid SNMP Protocol Data Units (PDUs), which were delivered to the SNMP protocol entity and for which the value of the errorstatus field is read-only.

snmpInGenErrs

The total number of SNMP Protocol Data Units (PDUs), which were delivered to the SNMP protocol entity and for which the value of the error-status field is genErr.

snmpInTotalReqVars

The total number of MIB objects which have been retrieved successfully by the SNMP protocol entity as a result of receiving valid SNMP Get-Request and GetNext Protocol Data Units (PDUs).

snmpInTotalSetVars

The total number of MIB objects, which have been altered successfully by the SNMP protocol entity as a result of receiving valid SNMP Set-Request Protocol Data Units (PDUs).

snmpInGetRequests

The total number of SNMP Get-Request Protocol Data Units (PDUs), which have been accepted and processed by the SNMP protocol entity.

snmpInGetNexts

The total number of SNMP Get-Next Protocol Data Units (PDUs), which have been accepted and processed by the SNMP protocol entity.

snmpInSetRequests

The total number of SNMP Set-Request Protocol Data Units (PDUs), which have been accepted and processed by the SNMP protocol entity.

snmpInGetResponses

The total number of SNMP Get-Response Protocol Data Units (PDUs), which have been accepted and processed by the SNMP protocol entity.

snmpInTraps

The total number of SNMP Trap Protocol Data Units (PDUs), which have been accepted and processed by the SNMP protocol entity.

snmpOutTooBigs

The total number of SNMP Protocol Data Units (PDUs), which were generated by the SNMP protocol entity and for which the value of the error-status field is too big.

snmpOutNoSuchNames

The total number of SNMP Protocol Data Units (PDUs), which were generated by the SNMP protocol entity and for which the value of the error-status is noSuchName.

snmpOutBadValues

The total number of SNMP Protocol Data Units (PDUs), which were generated by the SNMP protocol entity and for which the value of the error-status field is badValue.

snmpOutReadOnlys

Not in use.

snmpOutGenErrs

The total number of SNMP Protocol Data Units (PDUs), which were generated by the SNMP protocol entity and for which the value of the error-status field is genErr.

snmpOutGetRequests

The total number of SNMP Get-Request Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity.

snmpOutGetNexts

The total number of SNMP Get-Next Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity.

snmpOutSetRequests

The total number of SNMP Set-Request Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity.

snmpOutGetResponses

The total number of SNMP Get-Response Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity.

snmpOutTraps

The total number of SNMP Trap Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity.

snmpSilentDrops

The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the size of a reply containing an alternate Response-PDU with an empty variable-bindings field was too large.

snmpProxyDrops

The total number of GetRequest-PDUs, GetNextRequest-PDUs,GetBulkRequestPDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the transmission of the message to a proxy target failed in a manner (other than a time-out) such that no ResponsePDU could be returned.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 81

NTP statistics: Primary Server via mgt port: Requests Sent: 0 Responses Received: 0 Updates: 0 Secondary Server via mgt port: Requests Sent: 0 Responses Received: 0 Updates: 0

Table 76 NTP statistics

Statistics

Description

Primary Server

Requests Sent: The total number of NTP requests the switch sent to the primary NTP server to synchronize time. Responses Received: The total number of NTP responses received from the primary NTP server. Updates: The total number of times the switch updated its time based on the NTP responses received from the primary NTP server.

Secondary Server

Requests Sent: The total number of NTP requests the switch sent to the secondary NTP server to synchronize time. Responses Received: The total number of NTP responses received from the secondary NTP server. Updates: The total number of times the switch updated its time based on the NTP responses received from the secondary NTP server.

NTP statistics

Command: /stats/ntp

The switch uses NTP (Network Timing Protocol) version 3 to synchronize the switch‘s internal clock with an

atomic time-calibrated NTP server. With NTP enabled, the switch can accurately update its internal clock to be consistent with other devices on the network and generates accurate syslogs.

The following table describes the NTP statistics:

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 82

Uplink Failure Detection (UFD) statistics

Uplink Failure Detection statistics:

FDP number: 1

Number of times LtM link failure: 1

Number of times LtM link in Blocking State: 0

Number of times LtD got auto disabled: 1

FDP number: 2

Number of times LtM link failure: 0

Number of times LtM link in Blocking State: 0

Number of times LtD got auto disabled: 0

FDP number: 3

Number of times LtM link failure: 0

Number of times LtM link in Blocking State: 0

Number of times LtD got auto disabled: 0

FDP number: 4

Number of times LtM link failure: 0

Number of times LtM link in Blocking State: 0

Number of times LtD got auto disabled: 0

Table 77 Uplink Failure Detection statistics

Statistic

Description

Number of times LtM link failure

The total numbers of times that link failures were detected on the uplink ports in the Link to Monitor group.

Number of times LtM link in Blocking State

The total number of times that Spanning Tree Blocking state was detected on the uplink ports in the Link to Monitor group.

Number of times LtD got auto disabled

The total numbers of times that downlink ports in the Link to Disable group were automatically disabled because of a failure in the Link to Monitor group.

This menu option allows you to display Uplink Failure Detection (UFD) statistics. To reset UFD statistics, follow the command /stats/ufd with the following argument: clear.

Command: /stats/ufd <clear>

The following table describes the Uplink Failure Detection (UFD) statistics:

Statistics dump

Command: /stats/dump

Use the dump command to dump all switch statistics available from the Statistics Menu (40K or more, depending on your configuration).

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 83

Table 78 Configuration Menu options

Command

Usage

sys

Displays the System Configuration Menu.

port <port number>

Displays the Port Configuration Menu.

Displays the Layer 2 Configuration Menu.

Displays the Layer 3 Configuration Menu.

qos

Displays the Quality of Service Configuration Menu.

acl

Displays the Access Control List Configuration Menu.

rmon

Displays the RMON Configuration Menu.

pmirr

Displays the Mirroring Configuration Menu.

ufd

Displays the Uplink Failure Detection Configuration Menu.

dump

Dumps current configuration to a script file.

ptcfg <host name or IP address of FTP/TFTP server> <filename on host>

Backs up current configuration to FTP/TFTP server.

gtcfg <host name or IP address of FTP/TFTP server> <filename on host>

Restores current configuration from FTP/TFTP server.

cur

Displays the current configuration parameters.

Configuration Menu

Introduction

The Configuration Menu is only available from an administrator login. It includes submenus for configuring every aspect of the switch. Changes to configuration are not active until explicitly applied. Changes can be saved to non-volatile memory (NVRAM).

Menu information

Command: /cfg

The following table describes the Configuration Menu options.

Viewing, applying, reverting, and saving changes

As you use the configuration menus to set switch parameters, the changes you make do not take effect immediately. All changes are considered pending until you explicitly apply them. Also, any changes are lost the next time the switch boots unless the changes are explicitly saved.

While configuration changes are in the pending state, you can:

View the pending changes Apply the pending changes Revert to restore configuration parameters set with the last apply command Save the changes to flash memory

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 84

Viewing pending changes

# diff

# diff flash

# apply

NOTE: All configuration changes take effect immediately when applied.

# revert

IMPORTANT: If you do not save the changes, they will be lost the next time the system is

rebooted.

# save

# save n

You can view all pending configuration changes by entering diff at any CLI prompt:

You can view all pending configuration changes that have been applied but not saved to flash memory by entering diff flash at any CLI prompt:

Applying pending changes

To make your configuration changes active, you must apply them. To apply configuration changes, enter the following command at any prompt:

Reverting changes

The revert command removes configuration changes that have been made, but not applied. Enter revert apply to remove all changes that have not been saved:

Saving the configuration

In addition to applying the configuration changes, you can save them to flash memory on the switch.

To save the new configuration, enter the following command at any prompt:

When you save configuration changes, the changes are saved to the active configuration block. The configuration being replaced by the save is first copied to the backup configuration block. If you do not want the previous configuration block copied to the backup configuration block, enter the following instead:

You can decide which configuration you want to run the next time you reset the switch. Your options include:

The active configuration block The backup configuration block Factory default configuration block

You can view all pending configuration changes that have been applied but not saved to flash memory using the diff flash command. It is a global command that can be executed from any prompt.

For instructions on selecting the configuration to run at the next system reset, see the ―Selecting a configuration block‖ section in the ―Boot Options Menu‖ chapter.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 85

>> Layer 2# vlan 5

VLAN number 5 with name "VLAN 5" created.

Reminder: VLAN 5 needs to be enabled.

>> VLAN 5# add 9

Port 9 is an UNTAGGED port and its current PVID is 1.

Confirm changing PVID from 1 to 5 [y/n]: y

Current ports for VLAN 5: empty

Pending new ports for VLAN 5: 9

Reminder: Port 9 needs to be enabled.

Reminder: VLAN 5 needs to be enabled.

olddst - Set system DST for US

dlight - Set system daylight savings idle - Set timeout for idle CLI sessions notice - Set login notice bannr - Set login banner hprompt - Enable/disable display hostname (sysName) in CLI prompt bootp - Enable/disable use of BOOTP dhcp - Enable/disable use of DHCP on Mgmt interface reminders - Enable/disable Reminders cur - Display current system-wide parameters

Reminders

CLI reminders prompt users to complete configuration tasks that require multiple steps. The default setting for CLI reminders is enabled. Use the following command to disable CLI reminders: /cfg/sys/reminders dis

The following is an example of a configuration task performed with CLI reminders enabled.

System configuration

Command: /cfg/sys

This menu provides configuration of switch management parameters such as user and administrator privilege mode passwords, browser-based management settings, and management access list.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 86

Table 79 System Configuration Menu options

Command

Usage

syslog

Displays the Syslog Menu.

sshd

Displays the SSH Server Menu.

radius

Displays the RADIUS Authentication Menu.

tacacs+

Displays the TACACS+ AuthenticationMenu.

ntp

Displays the Network Time Protocol (NTP) Server Menu.

ssnmp

Displays the System SNMP Menu.

access

Displays the System Access Menu.

date

Prompts the user for the system date.

time

Configures the system time using a 24-hour clock format.

timezone

Configures the time zone where the switch resides. You are prompted to select your location (continent, country, region) by the timezone wizard.

olddst disable|enable

Enables or disables use of the Daylight Saving Time (DST) rules in effect prior to the year 2007. The default value is disabled.

dlight disable|enable

Disables or enables daylight saving time in the system clock. When enabled, the switch will add an extra hour to the system clock so that it is consistent with the local clock. By default, this option is disabled.

idle <1-60>

Sets the idle timeout for CLI sessions, from 1 to 60 minutes. The default is 5 minutes. This setting affects both the console port and Telnet port.

notice <1-1024 character multiline> <'-' to end>

Displays login notice immediately before the ―Enter password:‖ prompt. This notice can contain up to 1024

characters and new lines.

bannr <1-80 characters>

Configures a login banner of up to 80 characters. When a user or administrator logs into the switch, the login banner is displayed.

hprompt disable|enable

Enables or disables displaying of the host name (system administrator‘s name) in the command line interface.

bootp disable|enable

Enables or disables the use of BOOTP. If you enable BOOTP, the switch will query its BOOTP server for all of the switch IP parameters. The default value is enabled.

dhcp disable|enable

Enables or disables Dynamic Host Control Protocol for setting the management IP address on interface 256. When enabled, the IP address obtained from the DHCP server overrides the static IP address. The default value is enabled.

reminders disable|enable

Enables or disables reminder messages in the CLI. The default value is enabled.

cur

Displays the current system parameters.

[Syslog Menu] host - Set IP address of first syslog host host2 - Set IP address of second syslog host sever - Set the severity of first syslog host sever2 - Set the severity of second syslog host facil - Set facility of first syslog host facil2 - Set facility of second syslog host console - Enable/disable console output of syslog messages log - Enable/disable syslogging of features cur - Display current syslog settings

The following table describes the System Configuration Menu options.

System host log configuration

Command: /cfg/sys/syslog

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 87

Table 80 Syslog Configuration Menu options

Command

Description

host <IP address> <-mgt|-data>

Sets the IP address of the first syslog host. For example,

100.10.1.1

host2 <IP address> <-mgt|-data>

Sets the IP address of the second syslog host. For example,

100.10.1.2

sever <0-7>

Sets the severity level of the first syslog host displayed. The default is 7, which means log all the severity levels.

sever2 <0-7>

Sets the severity level of the second syslog host displayed. The default is 7, which means log all the severity levels.

facil <0-7>

This option sets the facility level of the first syslog host displayed. The range is 0-7. The default is 0.

facil2 <0-7>

This option sets the facility level of the second syslog host displayed. The range is 0-7. The default is 0.

console disable|enable

Enables or disables delivering syslog messages to the console. When necessary, disabling console ensures the switch is not affected by syslog messages. It is enabled by default.

log <feature|all> <enable|disable>

Displays a list of features for which syslog messages can be generated. You can choose to enable/disable specific features or enable/disable syslog on all available features. Features include:

console system mgmt cli stg vlan ssh vrrp ntp ip web ospf rmon ufd

802.1x cfg

cur

Displays the current syslog settings.

[SSHD Menu] interval– Set Interval for generating the RSA server key scpadm – Set SCP-only admin password hkeygen - Generate the RSA host key skeygen - Generate the RSA server key sshport - Set SSH server port number ena - Enable the SCP apply and save dis - Disable the SCP apply and save on - Turn SSH server ON off - Turn SSH server OFF cur - Display current SSH server configuration

The following table describes the Syslog Configuration Menu options.

Secure Shell Server configuration

Command: /cfg/sys/sshd

Telnet traffic on the network is not secure. This menu enables Secure Shell (SSH) access from any SSH client. The SSH program securely logs into another computer over a network and executes commands in a secure environment. All data using SSH is encrypted.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 88

Secure Shell can be configured on the switch using the console port and Telnet only. The menu options

NOTE: See the N8406-026 10Gb Intelligent L3 Switch Application Guide for information on SSH.

Table 81 SSHD Configuration Menu options

Command

Description

intrval <0-24>

Defines interval for auto-generating the RSA server key. The switch will auto-generate the RSA server key at the interval defined in this command. The value of zero (0) means the RSA server key autogeneration is disabled. If the switch has been busy performing any other key generation and the assigned time of interval expires, the RSA server will skip generating the key.

scpadm

Defines the administrator password that is for Secure Copy (SCP) only. The username for this SCP administrator is scpadmin. Typically, SCP is used to copy files securely from one machine to another. In the switch, SCP is used to download and upload the switch configuration using secure channels.

hkeygen

Generates the RSA host keys manually. The switch creates this key automatically while configuring the switch with Secure Shell (SSH). But you can generate the key manually by using this command if you need to overwrite the key for security reasons. The command will take effect immediately without executing the apply command.

skeygen

Generates the RSA server key. The switch creates this key automatically while configuring the switch with Secure Shell (SSH). You can generate the key manually by using this command if you need to overwrite the key for security reasons. The command will take effect immediately without executing the apply command.

sshport <TCP port number>

Sets the SSH server port number.

ena

Enables the SCP apply and save.

dis

Disables the SCP apply and save. This is the default for SCP.

Enables the SSH server.

off

Disables the SSH server. This is the default for the SSH server.

cur

Displays the current SSH server configuration.

[RADIUS Server Menu] prisrv - Set primary RADIUS server address secsrv - Set secondary RADIUS server address secret - Set primary RADIUS server secret secret2 - Set secondary RADIUS server secret port - Set RADIUS port retries - Set RADIUS server retries timeout - Set RADIUS server timeout

bckdoor - Enable/disable RADIUS backdoor for telnet/ssh/http/https secbd - Enable/disable RADIUS secure backdoor for telnet/ssh/http/https on - Turn RADIUS authentication ON off - Turn RADIUS authentication OFF cur - Display current RADIUS configuration

NOTE: See the N8406-026 10Gb Intelligent L3 Switch Application Guide for information on RADIUS.

do not display if you access the switch using the Browser-based Interface (BBI).

The following table describes the SSHD Configuration Menu options.

RADIUS server configuration

Command: /cfg/sys/radius

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 89

Table 82 RADIUS Server Configuration Menu options

Command

Description

prisrv <IP address> <-mgt|-data>

Sets the primary RADIUS server address.

secsrv <IP address> <-mgt|-data>

Sets the secondary RADIUS server address.

secret <1-32 characters>

This is the shared secret between the switch and the RADIUS server(s).

secret2 <1-32 characters>

This is the secondary shared secret between the switch and the RADIUS server(s).

port <UDP port number>

Enter the number of the User Datagram Protocol (UDP) port to be configured, between 1500-3000. The default is 1645.

retries <1-3>

Sets the number of failed authentication requests before switching to a different RADIUS server. The range is 1-3 requests The default is 3 requests.

timeout <1-10>

Sets the amount of time, in seconds, before a RADIUS server authentication attempt is considered to have failed. The range is 1-10 seconds. The default is 3 seconds.

bckdoor enable|disable

Enables or disables the RADIUS back door for telnet/SSH/ HTTP/HTTPS. The default value is disabled. This command does not apply when secure backdoor (secbd) is enabled.

secbd enable|disable

Enables or disables the RADIUS back door using secure password for telnet/SSH/ HTTP/HTTPS. The default value is disabled. This command does not apply when backdoor (telnet) is enabled.

Enables the RADIUS server.

off

Disables the RADIUS server. This is the default.

cur

Displays the current RADIUS server parameters.

IMPORTANT: If RADIUS is enabled, you must login using RADIUS authentication when connecting

via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using noradius and the administrator password even if the backdoor (bckdoor) or secure backdoor (secbd) are disabled.

If Telnet backdoor is enabled (bckdoor ena), type in noradius as a backdoor to bypass RADIUS checking, and use the administrator password to log into the switch. The switch allows this even if RADIUS servers are available.

If secure backdoor is enabled (secbd ena), type in noradius as a backdoor to bypass RADIUS checking, and use the administrator password to log into the switch. The switch allows this only if RADIUS servers are not available.

[TACACS+ Server Menu] prisrv - Set IP address of primary TACACS+ server secsrv - Set IP address of secondary TACACS+ server secret - Set secret for primary TACACS+ server secret2 - Set secret for secondary TACACS+ server port - Set TACACS+ port number retries - Set number of TACACS+ server retries timeout - Set timeout value of TACACS+ server retries bckdoor - Enable/disable TACACS+ backdoor for telnet/ssh/http/hhtps secbd - Enable/disable TACACS+ secure backdoor for telnet/ssh/http/https cmap - Enable/disable TACACS+ new privilege level mapping usermap - Set user privilege mappings

on - Enable TACACS+ authentication off - Disable TACACS+ authentication cur - Display current TACACS+ settings

The following table describes the RADIUS Server Configuration Menu options.

TACACS+ server configuration

Command: /cfg/sys/tacacs+

TACACS+ (Terminal Access Controller Access Control System) is an authentication protocol that allows a remote access server to forward a user's logon password to an authentication server to determine

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 90

whether access can be allowed to a given system. TACACS+ and Remote Authentication Dial-In User

Table 83 TACACS+ Server Configuration Menu options

Command

Description

prisrv <IP address> <-mgt|-data>

Defines the primary TACACS+ server address.

secsrv <IP address> <-mgt|-data>

Defines the secondary TACACS+ server address.

secret <1-32 characters>

This is the shared secret between the switch and the TACACS+ server(s).

secret2 <1-32 characters>

This is the secondary shared secret between the switch and the TACACS+ server(s).

port <TCP port number>

Enter the number of the TCP port to be configured, between 1 - 65000. The default is 49.

retries <1-3>

Sets the number of failed authentication requests before switching to a different TACACS+ server. The range is 1-3 requests. The default is 3 requests.

timeout <4-15>

Sets the amount of time, in seconds, before a TACACS+ server authentication attempt is considered to have failed. The range is 4-15 seconds. The default is 5 seconds.

bckdoor enable|disable

Enables or disables the TACACS+ back door for telnet. The telnet command also applies to SSH/SCP connections and the Browserbased Interface (BBI). The default value is disabled. This command does not apply when secure backdoor (secbd) is enabled.

secbd enable|disable

Enables or disables the TACACS+ back door using secure password for telnet/SSH/ HTTP/HTTPS. The default value is disabled. This command does not apply when backdoor (telnet) is enabled.

cmap enable|disable

Enables or disables TACACS+ authorization-level mapping. The default value is disabled.

usermap <0-15> user|oper|admin|none

Maps a TACACS+ authorization level to this switch user level. Enter a TACACS+ authorization level (0-15), followed by the corresponding this switch user level.

Enables the TACACS+ server.

off

Disables the TACACS+ server. This is the default.

cur

Displays current TACACS+ configuration parameters.

IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when

connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using notacacs and the administrator password even if the backdoor (bckdoor) or secure backdoor (secbd) are disabled.

If Telnet backdoor is enabled (bckdoor ena), type in notacacs as a backdoor to bypass TACACS+ checking, and use the administrator password to log into the switch. The switch allows this even if TACACS+ servers are available.

If secure backdoor is enabled (secbd ena), type in notacacs as a backdoor to bypass TACACS+ checking, and use the administrator password to log into the switch. The switch allows this only if TACACS+ servers are not available.

Service (RADIUS) protocols are more secure than the TACACS encryption protocol. TACACS+ is described in RFC 1492.

TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Control Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS combines authentication and authorization in a user profile, whereas TACACS+ separates the two operations.

TACACS+ offers the following advantages over RADIUS as the authentication device:

TACACS+ is TCP-based, so it facilitates connection-oriented traffic. It supports full-packet encryption, as opposed to password-only in authentication requests. It supports decoupled authentication, authorization, and accounting.

The following table describes the TACACS+ Server Configuration Menu options.

NTP server configuration

Command: /cfg/sys/ntp

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 91

[NTP Server Menu] prisrv - Set primary NTP server address secsrv - Set secondary NTP server address intrval - Set NTP server resync interval on - Turn NTP service ON off - Turn NTP service OFF cur - Display current NTP configuration

Table 84 NTP Server Configuration Menu options

Command

Description

prisrv <IP address> mgt|data

Configures the IP addresses of the primary NTP server to which you want to synchronize the switch clock.

secsrv <IP address> mgt|data

Configures the IP addresses of the secondary NTP server to which you want to synchronize the switch clock.

intrval <1-44640>

Specifies the interval, that is, how often, in minutes (1-44640), to resynchronize the switch clock with the NTP server. The default is 1440 minutes.

Enables the NTP synchronization service.

off

Disables the NTP synchronization service. This is the default.

cur

Displays the current NTP service settings.

[SNMP Menu] snmpv3 - SNMPv3 Menu name - Set SNMP "sysName" locn - Set SNMP "sysLocation" cont - Set SNMP "sysContact" rcomm - Set SNMP read community string wcomm - Set SNMP write community string timeout - Set timeout for the SNMP state machine auth - Enable/disable SNMP "sysAuthenTrap" linkt - Enable/disable SNMP link up/down trap ufd - Enable/disable SNMP Uplink Failure Detection trap cur - Display current SNMP configuration

This menu enables you to synchronize the switch clock to a Network Time Protocol (NTP) server. By default, this option is disabled.

The following table describes the NTP Server Configuration Menu options.

System SNMP configuration

Command: /cfg/sys/ssnmp

The switch software supports SNMP-based network management. In SNMP model of network management, a management station (client/manager) accesses a set of variables known as MIBs (Management Information Base) provided by the managed device (agent). If you are running an SNMP network management station on your network, you can manage the switch using the following standard SNMP MIBs:

MIB II (RFC 1213) Ethernet MIB (RFC 1643) Bridge MIB (RFC 1493)

An SNMP agent is a software process on the managed device that listens on UDP port 161 for SNMP messages. Each SNMP message sent to the agent contains a list of management objects to retrieve or to modify.

SNMP parameters that can be modified include:

System name System location System contact Use of the SNMP system authentication trap function Read community string Write community string

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 92

Table 85 System SNMP Configuration Menu options

Command

Description

snmpv3

Displays SNMPv3 menu.

name <1-64 characters>

Configures the name for the system. The name can have a maximum of 64 characters.

locn <1-64 characters>

Configures the name of the system location. The location can have a maximum of 64 characters.

cont <1-64 characters>

Configures the name of the system contact. The contact can have a maximum of 64 characters.

rcomm <1-32 characters>

Configures the SNMP read community string. The read community string controls SNMP ―get‖ access to the switch. It can have a maximum of 32 characters. The default read community string is public.

wcomm <1-32 characters>

Configures the SNMP write community string. The write community string controls SNMP ―set‖ and ―get‖ access to the switch. It can have a maximum of 32 characters. The default write community string is private.

timeout <1-30>

Sets the timeout value for the SNMP state machine. The range is 1-30 minutes. The default value is 5 minutes.

auth disable|enable

Enables or disables the use of the system authentication trap facility. The default setting is disabled.

linkt <port> disable|enable

Enables or disables the sending of SNMP link up and link down traps. The default setting is enabled.

ufd disable|enable

Enables or disables the sending of Uplink Failure Detection traps. The default setting is disabled.

cur

Displays the current SNMP configuration.

[SNMPv3 Menu] usm - usmUser Table Menu view - vacmViewTreeFamily Table Menu access - vacmAccess Table Menu group - vacmSecurityToGroup Table Menu comm - community Table Menu taddr - targetAddr Table Menu tparam - targetParams Table Menu notify - notify Table Menu v1v2 - Enable/disable V1/V2 access cur - Display current SNMPv3 configuration

The following table describes the System SNMP Configuration Menu options.

SNMPv3 configuration

Command: /cfg/sys/ssnmp/snmpv3

SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2 Framework by supporting the following:

a new SNMP message format security for messages access control remote configuration of SNMP parameters

For more details on the SNMPv3 architecture please see RFC2271 to RFC2275.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 93

Table 86 SNMPv3 Configuration Menu options

Command

Description

usm <1-16>

Configures a user security model (USM) entry for an authorized user. You can also configure this entry through SNMP. The range is 1-16.

view <1-128>

Configures different MIB views. The range is 1-128.

access <1-32>

Configures access rights. The range is 1-32.

group <1-16>

Configures an SNMP group. A group maps the user name to the access group names and their access rights needed to access SNMP management objects. A group defines the access rights assigned to all names that belong to a particular group. The range is 1-16.

comm <1-16>

Configures a community table entry. The community table contains objects for mapping community strings and version-independent SNMP message parameters. The range is 1-16.

taddr <1-16>

Configures the destination address and user security levels for outgoing notifications. This is also called the transport endpoint. The range is 1-16.

tparam <1-16>

Configures SNMP parameters, consisting of message processing model, security model, security level, and security name information. There may be multiple transport endpoints associated with a particular set of SNMP parameters, or a particular transport endpoint may be associated with several sets of SNMP parameters.

notify <1-16>

Configures a notification index. A notification application typically monitors a system for particular events or conditions, and generates Notification-Class messages based on these events or conditions. The range is 1-16.

v1v2 disable|enable

Enables or disables the access to SNMP version 1 and version 2. This command is enabled by default.

cur

Displays the current SNMPv3 configuration.

[SNMPv3 usmUser 1 Menu] name - Set USM user name auth - Set authentication protocol authpw - Set authentication password priv - Set privacy protocol privpw - Set privacy password del - Delete usmUser entry cur - Display current usmUser configuration

The following table describes the SNMPv3 Configuration Menu options.

User Security Model configuration

Command: /cfg/sys/ssnmp/snmpv3/usm <usm number>

You can make use of a defined set of user identities using this Security Model. An SNMP engine must have the knowledge of applicable attributes of a user.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 94

Table 87 User Security Model Configuration Menu options

Command

Description

name <1-32 characters>

Configures a string up to 32 characters long that represents the name of the user. This is the login name that you need in order to access the switch.

auth md5|sha|none

Configures the authentication protocol between HMAC-MD5-96 or HMAC-SHA-96. The default algorithm except usmUser 1-2 is none.

authpw

Configures your password for authentication. If you selected an authentication algorithm using the above command, you need to provide a password; otherwise you will get an error message during validation.

priv des|none

Configures the type of privacy protocol on the switch. The privacy protocol protects messages from disclosure. The options are des (CBC-DES Symmetric Encryption Protocol) or none. If you specify des as the privacy protocol, then be sure that you have selected one of the authentication protocols (MD5 or HMACSHA-96). If you select none as the authentication protocol, you will get an error message.

privpw

Configures the privacy password.

del

Deletes the USM user entries.

cur

Displays the USM user entries.

[SNMPv3 vacmViewTreeFamily 1 Menu] name - Set view name tree - Set MIB subtree(OID) which defines a family of view subtrees mask - Set view mask type - Set view type del - Delete vacmViewTreeFamily entry cur - Display current vacmViewTreeFamily configuration

Table 88 SNMPv3 View Configuration Menu options

Command

Description

name <1-32 characters>

Defines the name for a family of view subtrees up to a maximum of 32 characters.

tree <1-64 characters>

Defines the Object Identifier (OID), a string of maximum 64 characters, which when combined with the corresponding mask defines a family of view subtrees. An example of an OID is 1.3.6.1.2.1.1.1.0

mask <1-32 characters>

Defines the bit mask, which in combination with the corresponding tree defines a family of view subtrees. The mask can have a maximum of 32 characters.

type included|excluded

Selects whether the corresponding instances of

vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask

define a family of view subtrees, which is included in or excluded from the MIB view.

del

Deletes the vacmViewTreeFamily group entry.

cur

Displays the current vacmViewTreeFamily configuration.

The following table describes the User Security Model Configuration Menu options.

SNMPv3 View configuration

Command: /cfg/sys/ssnmp/snmpv3/view <view number>

The following table describes the SNMPv3 View Configuration Menu options.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 95

[SNMPv3 vacmAccess 1 Menu] name - Set group name model - Set security model level - Set minimum level of security rview - Set read view index wview - Set write view index nview - Set notify view index del - Delete vacmAccess entry cur - Display current vacmAccess configuration

Table 89 View-based Access Control Configuration Menu options

Command

Description

name <1-32 characters>

Defines the name of the group, up to a maximum of 32 characters.

model usm|snmpv1|snmpv2

Selects the security model to be used.

level noAuthNoPriv|authN oPriv|authPriv

Defines the minimum level of security required to gain access rights. The level

noAuthNoPriv means that the SNMP message will be sent without

authentication and without using a privacy protocol. The level authNoPriv means that the SNMP message will be sent with authentication but without using a privacy protocol. The authPriv means that the SNMP message will be sent both with authentication and using a privacy protocol.

rview <1-32 characters>

Defines a 32 character long read view name that allows you read access to a particular MIB view. If the value is empty or if there is no active MIB view having this value then no access is granted.

wview <1-32 characters>

Defines a 32 character long write view name that allows you write access to the MIB view. If the value is empty or if there is no active MIB view having this value then no access is granted.

nview <1-32 characters>

Defines a 32 character long notify view name that allows you notify access to the MIB view.

del

Deletes the View-based Access Control entry.

cur

Displays the View-based Access Control configuration.

View-based Access Control Model configuration

Command: /cfg/sys/ssnmp/snmpv3/access <access number>

The view-based Access Control Model defines a set of services that an application can use for checking access rights of the user. Access control is needed when the user has to process SNMP retrieval or modification request from an SNMP entity.

The following table describes the User Access Control Configuration Menu options.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 96

[SNMPv3 vacmSecurityToGroup 1 Menu] model - Set security model uname - Set USM user name gname - Set group name del - Delete vacmSecurityToGroup entry cur - Display current vacmSecurityToGroup configuration

Table 90 SNMPv3 Group Configuration Menu options

Command

Description

model usm|snmpv1|snmpv2

Defines the security model.

uname <1-32 characters>

Sets the user name as defined in /cfg/sys/ssnmp/snmpv3/usm/name. The user name can have a maximum of 32 characters.

gname <1-32 characters>

Configures the name for the access group as defined in

/cfg/sys/ssnmp/snmpv3/access/name. The group name can have a

maximum of 32 characters.

del

Deletes the vacmSecurityToGroup entry.

cur

Displays the current vacmSecurityToGroup configuration.

[SNMPv3 snmpCommunityTable 1 Menu] index - Set community index name - Set community string uname - Set USM user name tag - Set community tag del - Delete communityTable entry cur - Display current communityTable configuration

Table 91 SNMPv3 Community Table Configuration Menu options

Command

Description

index <1-32 characters>

Configures the unique index value of a row in this table. The index can have a maximum of 32 characters.

name <1-32 characters>

Defines a readable 32 characters string that represents the corresponding value of an SNMP community name in a security model.

uname <1-32 characters>

Defines the name as defined in /cfg/sys/ssnmp/snmpv3/usm/name. The name can have a maximum of 32 characters.

tag <1-255 characters>

Configures a tag of up to 255 characters maximum. This tag specifies a set of transport endpoints to which a command responder application sends an SNMP trap.

del

Deletes the community table entry.

cur

Displays the community table configuration.

SNMPv3 Group configuration

Command: /cfg/sys/ssnmp/snmpv3/group <group number>

The following table describes the SNMPv3 Group Configuration Menu options.

SNMPv3 Community Table configuration

Command: /cfg/sys/ssnmp/snmpv3/comm <comm number>

This command is used for configuring the community table entry. The configured entry is stored in the community table list in the SNMP engine.

The following table describes the SNMPv3 Community Table Configuration Menu options.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 97

[SNMPv3 snmpTargetAddrTable 1 Menu] name - Set target address name addr - Set target transport address IP port - Set target transport address port taglist - Set tag list pname - Set targetParams name del - Delete targetAddrTable entry cur - Display current targetAddrTable configuration

Table 92 SNMPv3 Target Address Table Configuration Menu options

Command

Description

name <1-32 characters>

Configures the locally arbitrary, but unique identifier, target address name associated with this entry.

addr <transport address ip>

Configures a transport address IP that can be used in the generation of SNMP traps.

port <transport address port>

Configures a transport address port that can be used in the generation of SNMP traps.

taglist <1-255 characters>

Configures a list of tags (up to 255 characters maximum) that are used to select target addresses for a particular operation.

pname <1-32 characters>

Defines the name as defined in /cfg/sys/ssnmp/snmpv3/tparam/name.

del

Deletes the Target Address Table entry.

cur

Displays the current Target Address Table configuration.

[SNMPv3 snmpTargetParamsTable 1 Menu] name - Set targetParams name mpmodel - Set message processing model model - Set security model uname - Set USM user name level - Set minimum level of security del - Delete targetParamsTable entry cur - Display current targetParamsTable configuration

SNMPv3 Target Address Table configuration

Command: /cfg/sys/ssnmp/snmpv3/taddr <taddr number>

This menu allows you to configure an entry of a transport address that transmits SNMP traps.

The following table describes the SNMPv3 Target Address Table Configuration Menu options.

SNMPv3 Target Parameters Table configuration

Command: /cfg/sys/ssnmp/snmpv3/tparam <tparam number>

You can configure the target parameters entry and store it in the target parameters table in the SNMP engine. This table contains parameters that are used to generate a message. The parameters include the message processing model (for example: SNMPv3, SNMPv2c, SNMPv1), the security model (for example: USM), the security name, and the security level (noAuthnoPriv, authNoPriv, or authPriv).

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 98

The following table describes the SNMPv3 Target Parameters Table Configuration Menu options.

Table 93 SNMPv3 Target Parameters Table Configuration Menu options

Command

Description

name <1-32 characters>

Configures the locally arbitrary, but unique identifier that is associated with this entry.

mpmodel snmpv1|snmpv2c|snm pv3

Configures the message processing model that is used to generate SNMP messages.

model usm|snmpv1|snmpv2

Selects the security model to be used when generating the SNMP messages.

uname <1-32 characters>

Defines the name that identifies the user in the USM table, on whose behalf the SNMP messages are generated using this entry.

level noAuthNoPriv|authN oPriv|authPriv

Selects the level of security to be used when generating the SNMP messages using this entry. The level noAuthNoPriv means that the SNMP message will be sent without authentication and without using a privacy protocol. The level

authNoPriv means that the SNMP message will be sent with authentication but

without using a privacy protocol. The authPriv means that the SNMP message will be sent both with authentication and using a privacy protocol.

del

Deletes the targetParamsTable entry.

cur

Displays the current targetParamsTable configuration.

[SNMPv3 snmpNotifyTable 1 Menu] name - Set notify name tag - Set notify tag del - Delete notifyTable entry cur - Display current notifyTable configuration

Table 94 SNMPv3 Notify Table Configuration Menu options

Command

Description

name <1-32 characters>

Defines a locally arbitrary but unique identifier associated with this SNMP notify entry.

tag <1-255 characters>

Defines a tag of 255 characters maximum that contains a tag value which is used to select entries in the Target Address Table. Any entry in the

snmpTargetAddrTable, that matches the value of this tag, is selected.

del

Deletes the notify table entry.

cur

Displays the current notify table configuration.

[System Access Menu] mgmt - Management Network Definition Menu user - User Access Control Menu (passwords) http - Enable/disable HTTP (Web) access https - HTTPS Web Access Menu wport - Set HTTP (Web) server port number snmp - Set SNMP access control tsbbi - Enable/disable telnet/ssh configuration from BBI tnet - Enable/disable Telnet access tnport - Set Telnet server port number tport - Set the TFTP Port for the system cur - Display current system access configuration

SNMPv3 Notify Table configuration

Command: /cfg/sys/ssnmp/snmpv3/notify <notify number>

SNMPv3 uses Notification Originator to send out traps. A notification typically monitors a system for particular events or conditions, and generates Notification-Class messages based on these events or conditions.

The following table describes the SNMPv3 Notify Table Configuration menu options.

System Access configuration

Command: /cfg/sys/access

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 99

Table 95 System Access Configuration Menu options

Command

Description

mgmt

Displays the Management Configuration Menu.

user

Displays the User Access Control Menu.

http disable|enable

Enables or disables HTTP (Web) access to the Browser-based Interface. It is enabled by default.

https

Displays the HTTPS Menu.

wport <TCP port number>

Sets the switch port used for serving switch Web content. The default is HTTP port

80.

snmp disable|readonly|read-write

Disables or provides read-only/write-read SNMP access.

tsbbi enable|disable

Enables or disables BBI configuration controls for Telnet and SSH. It is disabled by default.

tnet disable|enable

Enables or disables telnet server. The default is enabled.

tnport <TCP port number>

Sets an optional telnet server port number for cases where the server listens for telnet sessions on a non-standard port.The default is telnet port 23.

tport <TFTP port number>

Sets an optional TFTP server port number for cases where the server listens for TFTP sessions on a non-standard port. The default is TFTP port 69.

cur

Displays the current system access parameters.

[Management Networks Menu] add - Add mgmt network definition rem - Remove mgmt network definition cur - Display current mgmt network definitions

clear - Clear current mgmt network definitions

Table 96 Management Networks Configuration menu options

Command

Description

add <IP address> <IP mask>

Adds a defined network through which switch access is allowed through Telnet, SNMP, or the browser-based interface. A range of IP addresses is produced when used with a network mask address. Specify an IP address and

mask address in dotted-decimal notation.

rem <IP address> <IP mask>

Removes a defined network, which consists of a management network address and a management network mask address.

cur

Displays the current management networks parameters.

clear

Clears the management network definitions.

The following table describes the System Access Configuration menu options.

Management Networks configuration

Command: /cfg/sys/access/mgmt

The following table describes the Management Networks Configuration menu options. You can configure up to 10 management networks on the switch.

Error! Use the Home tab to apply 見出し 1 to the text that you want to appear here. 100

NEC N8406-026 Command Reference Guide

Specifications and Main Features

Frequently Asked Questions

User Manual