NETGEAR M4100-D10-POE, M4100-D12G, M4100-26-POE, M4100-50-POE, M4100-26G User Manual

...

ProSafe Managed Switch

Command Line Interface (CLI) User Manual

10.0.1

M7100-24X M4100-D10-POE M4100-26-POE M4100-50-POE M4100-D12G M4100-26G M4100-50G M4100-26G-POE M4100-48G-POE+

350 East Plumeria Drive San Jose, CA 95134 USA

October 2012 202-1xxxx-01

1.0

ProSafe M4100 Series Managed Switches

Support

Thank you for choosing NETGEAR. After installing your device, locate the serial number on the label of your product and use it to register your product

at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR recommends registering your product through the NETGEAR web site. For product updates and web support, visit http://support.netgear.com.

Phone (US & Canada only): 1-888-NETGEAR. Phone (Other Countries): Check the list of phone numbers at

http://support.netgear.com/general/contact/default.aspx.

NETGEAR recommends that you use only the official NETGEAR support resources.

Trademarks

NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. Other brand and product names are registered trademarks or trademarks of their respective holders. © NETGEAR, Inc. All rights reserved.

Revision History

Publication Part Number Version Publish Date Comments

202-1xxxx-01 1.0 October 2012 First publication

Contents

Chapter 1 Using the Command-Line Interface

Chapter 2 Switching Commands

Licensing and Command Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Command Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Command Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Common Parameter Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Unit/Slot/Port Naming Convention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Using a Command’s “No” Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Managed Switch Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Command Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Command Completion and Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . .17

CLI Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

CLI Line-Editing Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Using CLI Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Accessing the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Port Configuration Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Loopback Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Spanning Tree Protocol (STP) Commands . . . . . . . . . . . . . . . . . . . . . . . .29

VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

Double VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Voice VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Provisioning (IEEE 802.1p) Commands. . . . . . . . . . . . . . . . . . . . . . . . . . .64

Protected Ports Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Private VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

GARP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

GVRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

GMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

Port-Based Network Access Control Commands. . . . . . . . . . . . . . . . . . . .76

802.1X Supplicant Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90

Storm-Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Flow Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Port-Channel/LAG (802.3ad) Commands . . . . . . . . . . . . . . . . . . . . . . . .103

Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Static MAC Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121

DHCP L2 Relay Agent Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

DHCP Client Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

DHCP Snooping Configuration Commands . . . . . . . . . . . . . . . . . . . . . . .130

Dynamic ARP Inspection Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .139

ProSafe M4100 Series Managed Switches

IGMP Snooping Configuration Commands . . . . . . . . . . . . . . . . . . . . . . .146

IGMP Snooping Querier Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .154

MLD Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158

MLD Snooping Querier Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . .164

set mld querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165

set mld querier query_interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165

set mld querier timer expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166

set mld querier election participate. . . . . . . . . . . . . . . . . . . . . . . . . . . .166

show mldsnooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167

Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168

LLDP (802.1AB) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172

LLDP-MED Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180

Denial of Service Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190

MAC Database Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .200

ISDP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201

Priority-Based Flow Control Commands . . . . . . . . . . . . . . . . . . . . . . . . .207

Chapter 3 Multicast VLAN Registration (MVR)

About MVR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

MVR Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

Chapter 4 Routing Commands

Address Resolution Protocol (ARP) Commands . . . . . . . . . . . . . . . . . . .217

IP Routing Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223

Router Discovery Protocol Commands . . . . . . . . . . . . . . . . . . . . . . . . . .240

Virtual LAN Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .243

Virtual Router Redundancy Protocol Commands. . . . . . . . . . . . . . . . . . .244

DHCP and BOOTP Relay Commands. . . . . . . . . . . . . . . . . . . . . . . . . . .253

IP Helper Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255

Open Shortest Path First (OSPF) Commands . . . . . . . . . . . . . . . . . . . . .259

OSPF Graceful Restart Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . .300

nsf. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301

nsf restart-interval. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301

nsf helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302

nsf helper disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

nsf [ietf] helper strict-lsa-checking . . . . . . . . . . . . . . . . . . . . . . . . . . . .303

OSPF Interface Flap Dampening Commands . . . . . . . . . . . . . . . . . . . . .305

Routing Information Protocol (RIP) Commands. . . . . . . . . . . . . . . . . . . .307

ICMP Throttling Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314

Chapter 5 IP Multicast Commands

Multicast Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317

DVMRP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322

PIM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327

Internet Group Message Protocol (IGMP) Commands . . . . . . . . . . . . . .338

IGMP Proxy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345

ProSafe M4100 Series Managed Switches

Chapter 6 IPv6 Commands

Tunnel Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .351

IPv6 Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .353

OSPFv3 Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376

OSPFv3 Graceful Restart Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .407

DHCPv6 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409

Chapter 7 IPv6 Multicast Commands

IPv6 Multicast Forwarder Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .417

IPv6 PIM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .420

IPv6 MLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427

IPv6 MLD-Proxy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .433

Chapter 8 Quality of Service (QoS) Commands

Class of Service (CoS) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .439

Differentiated Services (DiffServ) Commands . . . . . . . . . . . . . . . . . . . . .447

DiffServ Class Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448

DiffServ Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .457

DiffServ Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .462

DiffServ Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463

MAC Access Control List (ACL) Commands . . . . . . . . . . . . . . . . . . . . . .469

IP Access Control List (ACL) Commands. . . . . . . . . . . . . . . . . . . . . . . . .473

IPv6 Access Control List (ACL) Commands. . . . . . . . . . . . . . . . . . . . . . .480

Time Range Commands for Time-Based ACLs. . . . . . . . . . . . . . . . . . . .484

AutoVOIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .486

iSCSI Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .490

Chapter 9 Power over Ethernet (PoE) Commands

About PoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .496

PoE Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .497

Chapter 10 Utility Commands

Auto Install Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .508

Dual Image Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .510

System Information and Statistics Commands. . . . . . . . . . . . . . . . . . . . .512

Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .528

Email Alerting and Mail Server Commands . . . . . . . . . . . . . . . . . . . . . . .534

System Utility and Clear Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .540

Simple Network Time Protocol (SNTP) Commands. . . . . . . . . . . . . . . . .550

DHCP Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .557

DNS Client Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569

Packet Capture Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573

Serviceability Packet Tracing Commands . . . . . . . . . . . . . . . . . . . . . . . .576

Cable Test Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595

sFlow Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595

ProSafe M4100 Series Managed Switches

Software License Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .600

IP Address Conflict Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .601

Link Local Protocol Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . .602

RMON Stats and History Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . .603

UDLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .609

Chapter 11 Management Commands

Configuring the Switch Management CPU. . . . . . . . . . . . . . . . . . . . . . . .614

Network Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .616

Console Port Access Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .619

Telnet Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .621

Secure Shell (SSH) Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .626

Management Security Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .629

Hypertext Transfer Protocol (HTTP) Commands . . . . . . . . . . . . . . . . . . .630

Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .637

User Account Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .637

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .661

RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .672

TACACS+ Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684

Configuration Scripting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .689

Pre-Login Banner and System Prompt Commands. . . . . . . . . . . . . . . . .691

Switch Database Management (SDM) Templates. . . . . . . . . . . . . . . . . .692

IPv6 Management Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .694

Chapter 12 Log Messages

Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .700

Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .702

Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .704

Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .708

QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .714

Routing/IPv6 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .715

Multicast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .718

Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .720

Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .721

O/S Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .723

Chapter 13 Captive Portal Commands

Captive Portal Global Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .725

Captive Portal Configuration Commands. . . . . . . . . . . . . . . . . . . . . . . . .729

Captive Portal Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .735

Captive Portal Client Connection Commands . . . . . . . . . . . . . . . . . . . . .739

Captive Portal Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .743

Captive Portal Local User Commands. . . . . . . . . . . . . . . . . . . . . . . . . . .744

Captive Portal User Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . .750

Chapter 14 Command List

Index

ProSafe M4100 Series Managed Switches

1. Using the Command-Line Interface

The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH.

This chapter describes the CLI syntax, conventions, and modes. It contains the following sections:

• Licensing and Command Support

• Command Syntax

• Command Conventions

• Common Parameter Values

• Unit/Slot/Port Naming Convention

• Using a Command’s “No” Form

• Managed Switch Modules

• Command Modes

• Command Completion and Abbreviation

• CLI Error Messages

• CLI Line-Editing Conventions

• Using CLI Help

• Accessing the CLI

Licensing and Command Support

As shown in the following table, some command groups or commands require a license and some are supported on particular switch models. For those requiring a license, license keys are available from your VAR or NETGEAR authorized e-commerce portal. License activation is described in the Software Setup Manual.

ProSafe M4100 Series Managed Switches

Command Group or Command M4100 M7100

Non-Stop Forwarding Commands Supported Supported Router Discovery Protocol Commands Not supported Not supported Virtual Router Redundancy Protocol Commands Not supported Not supported Open Shortest Path First (OSPF) Commands Not supported Not supported OSPF Graceful Restart Commands Not supported Not supported Routing Information Protocol (RIP) Commands Not supported Not supported Tunnel Interface Commands Not supported Not supported IPv6 Routing Commands Not supported Not supported OSPFv3 Commands Not supported Not supported OSPFv3 Graceful Restart Commands Not supported Not supported DHCPv6 Commands Not supported Not supported Multicast Commands Not supported Not supported DVMRP Commands Not supported Not supported PIM Commands Not supported Not supported Internet Group Message Protocol (IGMP) Commands Not supported Not supported IGMP Proxy Commands Not supported Not supported IPv6 Multicast Forwarder Commands Not supported Not supported IPv6 PIM Commands Not supported Not supported IPv6 MLD Commands Not supported Not supported IPv6 MLD-Proxy Commands Not supported Not supported PoE Commands Supported on PoE

models only

MVR Commands Supported Supported Link Local Protocol Filtering Commands Not supported Supported Priority-Based Flow Control Commands Not Supported Not Supported Captive Portal Commands Supported Supported cos-queue random-detect Supported Supported no cos-queue random-detect Supported Supported random-detect exponential weighting-constant Supported Supported no random-detect exponential weighting-constant Supported Supported

Supported on PoE models only

random-detect queue-parms Supported Supported no random-detect queue-parms Supported Supported

Using the Command-Line Interface

ProSafe M4100 Series Managed Switches

Command Syntax

A command is one or more words that might be followed by one or more parameters. Parameters can be required or optional values.

Some commands, such as show network or clear vlan, do not require parameters. Other commands, such as network parms, require that you supply a value after the command. You must type the parameter values in a specific order, and optional parameters follow required parameters. The following example describes the network parms command syntax:

Format network parms <ipaddr> <netmask> [gateway]

• network parms is the command name.

• <ipaddr> and <netmask> are parameters and represent required values that you must

enter after you type the command keywords.

• [gateway] is an optional parameter, so you are not required to enter a value in place of

the parameter.

The New Template User Manual lists each command by the command name and provides a brief description of the command. Each command reference also contains the following information:

• Format shows the command keywords and the required and optional parameters.

• Mode identifies the command mode you must be in to access the command.

• Default shows the default value, if any, of a configurable setting on the device.

The show commands also contain a description of the information that the command shows.

Command Conventions

In this document, the command name is in bold font. Parameters are in italic font. You must replace the parameter name with an appropriate value, which might be a name or number. Parameters are order dependent.

The parameters for a command might include mandatory values, optional values, or keyword choices. types.

Table 1. Parameter Conventions

Symbol Example Description

<> angle brackets

[] square brackets

Table 1 describes the conventions this document uses to distinguish between value

<value>

[value]

Indicates that you must enter a value in place of the brackets and text inside them.

Indicates an optional parameter that you can enter in place of the brackets and text inside them.

Using the Command-Line Interface

ProSafe M4100 Series Managed Switches

Table 1. Parameter Conventions

Symbol Example Description

{} curly braces

| Vertical bars [{}] Braces within

square brackets

{choice1 | choice2}

choice1 | choice2

[{choice1 | choice2}]

Indicates that you must select a parameter from the list of choices.

Separates the mutually exclusive choices. Indicates a choice within an optional element.

Common Parameter Values

Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System Name with Spaces” forces the system to accept the spaces. Empty strings (““) are not valid user-defined strings. Table 2 describes common parameter values and value formatting.

Table 2. Parameter Descriptions

Parameter Description

ipaddr This parameter is a valid IP address. You can enter the IP address in the following formats:

a (32 bits) a.b (8.24 bits) a.b.c (8.8.16 bits) a.b.c.d (8.8.8.8)

In addition to these formats, the CLI accepts decimal, hexadecimal and octal formats through the following input formats (where n is any valid hexadecimal, octal or decimal number):

0xn (CLI assumes hexadecimal format) 0n (CLI assumes octal format with leading zeros) n (CLI assumes decimal format)

ipv6-address

Interface or unit/slot/port

Logical Interface Represents a logical slot and port number. This is applicable in the case of a port-channel

Character strings Use double quotation marks to identify character strings, for example, “System Name with

FE80:0000:0000:0000:020F:24FF:FEBF:DBCB, or FE80:0:0:0:20F:24FF:FEBF:DBCB, or FE80::20F24FF:FEBF:DBCB, or FE80:0:0:0:20F:24FF:128:141:49:32

For additional information, refer to RFC 3513. Valid slot and port number separated by forward slashes. For example, 0/1 represents slot

number 0 and port number 1.

(LAG). You can use the logical unit/slot/port to configure the port-channel.

Spaces”. An empty string (“”) is not valid.

Using the Command-Line Interface

ProSafe M4100 Series Managed Switches

Unit/Slot/Port Naming Convention

Managed switch software references physical entities such as cards and ports by using a unit/slot/port naming convention. The software also uses this convention to identify certain logical entities, such as Port-Channel interfaces.

The slot number has two uses. In the case of physical ports, it identifies the card containing the ports. In the case of logical and CPU ports it also identifies the type of interface or port.

Table 3. Type of Slots

Slot Type Description

Physical slot numbers Physical slot numbers begin with zero, and are allocated up to the maximum

number of physical slots.

Logical slot numbers Logical slots immediately follow physical slots and identify port-channel (LAG) or

router interfaces.

CPU slot numbers The CPU slots immediately follow the logical slots.

The port identifies the specific physical port or logical interface being managed on a given slot.

Table 4. Type of Ports

Port Type Description

Physical Ports The physical ports for each slot are numbered sequentially starting from zero. Logical Interfaces Port-channel or Link Aggregation Group (LAG) interfaces are logical interfaces

that are only used for bridging functions. VLAN routing interfaces are only used for routing functions. Loopback interfaces are logical interfaces that are always up. Tunnel interfaces are logical point-to-point links that carry encapsulated packets.

CPU ports CPU ports are handled by the driver as one or more physical entities located on

physical slots.

Note: In the CLI, loopback and tunnel interfaces do not use the

unit/slot/port format. To specify a loopback interface, you use the loopback ID. To specify a tunnel interface, you use the tunnel ID.

Using a Command’s “No” Form

The no keyword is a specific form of an existing command and does not represent a new or distinct command. Almost every configuration command has a no form. In general, use the no form to reverse the action of a command or reset a value back to the default. For example,

Using the Command-Line Interface

ProSafe M4100 Series Managed Switches

the no shutdown configuration command reverses the shutdown of an interface. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default. Only the configuration commands are available in the no form.

Managed Switch Modules

Managed switch software consists of flexible modules that can be applied in various combinations to develop advanced Layer 2/3/4+ products. The commands and command modes available on your switch depend on the installed modules. Additionally, for some show commands, the output fields might change based on the modules included in the software.

The software suite includes the following modules:

• Switching (Layer 2)

• Routing (Layer 3)

• IPv6—IPv6 routing

• Multicast

• Quality of Service

• Management (CLI, Web UI, and SNMP)

• IPv6 Management—Allows management of the device through an IPv6 through an IPv6

address without requiring the IPv6 Routing package in the system. The management address can be associated with the network port (front-panel switch ports) and a routine interface (port or VLAN).

• Stacking

Not all modules are available for all platforms or software releases.

Command Modes

The CLI groups commands into modes according to the command function. Each of the command modes supports specific software commands. The commands in one mode are not available until you switch to that particular mode, with the exception of the User EXEC mode commands. You can execute the User EXEC mode commands in the Privileged EXEC mode.

The command prompt changes in each command mode to help you identify the current mode.

Table 5 describes the command modes and the prompts visible in that mode.

Note: The command modes available on your switch depend on the

software modules that are installed. For example, a switch that does not support BGPv4 does not have the Router BGPv4 Command Mode.

Using the Command-Line Interface

ProSafe M4100 Series Managed Switches

Table 5. CLI Command Modes

Command Mode Prompt Mode Description

User EXEC

Privileged EXEC

Global Config

VLAN Config

Switch>

Switch#

Switch (Config)#

Switch (Vlan)#

Contains a limited set of commands to view basic system information.

Allows you to issue any EXEC command, enter the VLAN mode, or enter the Global Configuration mode.

Groups general setup commands and permits you to make modifications to the running configuration.

Groups all the VLAN commands.

Interface Config Switch (Interface <unit/slot/port>)#

Manages the operation of an interface and provides access to the router interface

Switch (Interface Loopback <id>)#

configuration commands. Use this mode to set up a physical port for a

Switch (Interface Tunnel <id>)#

specific logical connection operation.

Line Config Switch (line)# Contains commands to configure outbound

telnet settings and console interface settings.

Policy Map Config

Policy Class Config

Switch (Config-policy-map)# Contains the QoS Policy-Map configuration

commands.

Switch (Config-policy-class-map)# Consists of class creation, deletion, and

matching commands. The class match commands specify Layer 2, Layer 3, and general match criteria.

Class Map Config Switch (Config-class-map)# Contains the QoS class map configuration

commands for IPv4.

Ipv6_Class-Map Config

Router OSPF

Switch (Config-class-map)# Contains the QoS class map configuration

commands for IPv6.

Switch (Config-router)# Contains the OSPF configuration commands.

Config Router OSPFv3

Switch (Config rtr)# Contains the OSPFv3 configuration commands.

Config Router RIP Config Switch (Config-router)# Contains the RIP configuration commands. MAC Access-list

Switch (Config-mac-access-list)# Allows you to create a MAC Access-List and to

Config

TACACS Config Switch (Tacacs)# Contains commands to configure properties for

DHCP Pool

Switch (Config dhcp-pool)# Contains the DHCP server IP address pool

Config

enter the mode containing MAC Access-List configuration commands.

the TACACS servers.

configuration commands.

Using the Command-Line Interface

ProSafe M4100 Series Managed Switches

Table 5. CLI Command Modes (Continued)

Command Mode Prompt Mode Description

DHCPv6 Pool Config

Stack Global Config Mode

ARP Access-List Config Mode

Switch (Config dhcp6-pool)# Contains the DHCPv6 server IPv6 address pool

configuration commands.

Switch (Config stack)# Allows you to access the Stack Global Config

Mode.

Switch (Config-arp-access-list)# Contains commands to add ARP ACL rules in

an ARP Access List.

Table 6 explains how to enter or exit each mode.

Table 6. CLI Mode Access and Exit

Command Mode Access Method Exit or Access Previous Mode

User EXEC This is the first level of access. To exit, enter logout. Privileged EXEC From the User EXEC mode, enter

enable.

Global Config From the Privileged EXEC mode,

enter configure.

VLAN Config From the Privileged EXEC mode,

enter vlan database.

Interface Config From the Global Config mode,

enter interface <unit/slot/port> or interface loopback <id> or interface tunnel <id>

To exit to the User EXEC mode, enter exit or press Ctrl-Z.

To exit to the Privileged EXEC mode, enter exit, or press Ctrl-Z.

To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z.

Line Config From the Global Config mode,

enter lineconfig.

Policy-Map Config

Policy-Class-Map Config

Class-Map Config

From the Global Config mode, enter policy-map <name> in.

From the Policy Map mode enter class.

From the Global Config mode, enter class-map, and specify the optional keyword ipv4 to specify the Layer 3 protocol for this class. See class-map on page 466 for more information.

Using the Command-Line Interface

To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z.

To exit to the Policy Map mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z.

To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z.

ProSafe M4100 Series Managed Switches

Table 6. CLI Mode Access and Exit (Continued)

Command Mode Access Method Exit or Access Previous Mode

Ipv6-Class-Map Config

Router OSPF Config

Router OSPFv3 Config

Router RIP Config

MAC Access-list Config

TACACS Config From the Global Config mode,

From the Global Config mode, enter class-map and specify the optional keyword ipv6 to specify the Layer 3 protocol for this class. See class-map on page 466 for more information.

From the Global Config mode, enter router ospf.

From the Global Config mode, enter ipv6 router ospf.

From the Global Config mode, enter router rip.

From the Global Config mode, enter

mac access-list extended

<name>.

enter tacacs-server host <ip-addr>, where <ip-addr> is the IP address of the TACACS server on your network.

To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z.

DHCP Pool Config

DHCPv6 Pool Config

Stack Global Config Mode

ARP Access-List Config Mode

From the Global Config mode, enter ip dhcp pool <pool-name>.

From the Global Config mode, enter ip dhcpv6 pool <pool-name>.

From the Global Config mode, enter the stack command.

From the Global Config mode, enter the

command.

arp access-list

To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z.

To exit to the Global Config mode, enter the command. To return to the Privileged EXEC mode, enter Ctrl-Z.

To exit to the Global Config mode, enter the

exit

exit command. To return to the Privileged

EXEC mode, enter

Ctrl-Z.

Command Completion and Abbreviation

Command completion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. Once you have entered enough letters, press the SPACEBAR or TAB key to complete the word.

Using the Command-Line Interface

ProSafe M4100 Series Managed Switches

Command abbreviation allows you to execute a command when you have entered there are enough letters to uniquely identify the command. You must enter all of the required keywords and parameters before you enter the command.

CLI Error Messages

If you enter a command and the system is unable to execute it, an error message appears.

Table 7 describes the most common CLI error messages.

Table 7. CLI Error Messages

Message Text Description

% Invalid input detected at '^' marker. Indicates that you entered an incorrect or unavailable command.

The carat (^) shows where the invalid text is detected. This message also appears if any of the parameters or values are not recognized.

Command not found / Incomplete command. Use ? to list commands.

Ambiguous command Indicates that you did not enter enough letters to uniquely identify

Indicates that you did not enter the required keywords or values.

the command.

CLI Line-Editing Conventions

Table 8 describes the key combinations you can use to edit commands or increase the speed

of command entry. You can access this list from the CLI by entering help from the User or Privileged EXEC modes.

Table 8. CLI Editing Conventions

Key Sequence Description

DEL or Backspace Delete previous character Ctrl-A Go to beginning of line Ctrl-E Go to end of line Ctrl-F Go forward one character Ctrl-B Go backward one character Ctrl-D Delete current character Ctrl-U, X Delete to beginning of line Ctrl-K Delete to end of line Ctrl-W Delete previous word Ctrl-T Transpose previous character

Using the Command-Line Interface

ProSafe M4100 Series Managed Switches

Table 8. CLI Editing Conventions (Continued)

Key Sequence Description

Ctrl-P Go to previous line in history buffer Ctrl-R Rewrites or pastes the line Ctrl-N Go to next line in history buffer Ctrl-Y Prints last deleted character Ctrl-Q Enables serial flow Ctrl-S Disables serial flow Ctrl-Z Return to root command prompt Tab, <SPACE> Command-line completion Exit Go to next lower command prompt ? List available commands, keywords, or parameters

Using CLI Help

Enter a question mark (?) at the command prompt to display the commands available in the current mode.

(switch) >?

enable Enter into user privilege mode. help Display help for various special keys. logout Exit this session. Any unsaved changes are lost. ping Send ICMP echo packets to a specified IP address. quit Exit this session. Any unsaved changes are lost. show Display Switch Options and Settings. telnet Telnet to a remote host.

Enter a question mark (?) after each word you enter to display available command keywords or parameters.

(switch) #network ?

javamode Enable/Disable. mgmt_vlan Configure the Management VLAN ID of the switch. parms Configure Network Parameters of the router. protocol Select DHCP, BootP, or None as the network config protocol.

If the help output shows a parameter in angle brackets, you must replace the parameter with a value.

(switch) #network parms ?

<ipaddr> Enter the IP address.

Using the Command-Line Interface

ProSafe M4100 Series Managed Switches

If there are no additional command keywords or parameters, or if additional parameters are optional, the following message appears in the output:

<cr> Press Enter to execute the command

You can also enter a question mark (?) after typing one or more characters of a word to list the available command or parameters that begin with the letters, as shown in the following example:

(switch) #show m?

mac-addr-table mac-address-table monitor

Accessing the CLI

You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote management host.

For the initial connection, you must use a direct connection to the console port. You cannot access the system remotely until the system has an IP address, subnet mask, and default gateway. You can set the network configuration information manually, or you can configure the system to accept these settings from a BOOTP or DHCP server on your network. For more information, see

Network Interface Commands on page 616.

Using the Command-Line Interface

2. Switching Commands

This chapter describes the switching commands available in the managed switch CLI. This chapter contains the following sections:

• Port Configuration Commands

• Loopback Interface Commands

• Spanning Tree Protocol (STP) Commands

• VLAN Commands

• Double VLAN Commands

• Voice VLAN Commands

• Provisioning (IEEE 802.1p) Commands

• Protected Ports Commands

• Private VLAN

• GARP Commands

• GVRP Commands

• GMRP Commands

• Port-Based Network Access Control Commands

• 802.1X Supplicant Commands

• Storm-Control Commands

• Flow Control Commands

• Port Mirroring

• Static MAC Filtering

• DHCP L2 Relay Agent Commands

• DHCP Client Commands

• DHCP Snooping Configuration Commands

• Dynamic ARP Inspection Commands

• IGMP Snooping Configuration Commands

• IGMP Snooping Querier Commands

• MLD Snooping Commands

• MLD Snooping Querier Commands

ProSafe Managed Switch

• Port Security Commands

• LLDP (802.1AB) Commands

• LLDP-MED Commands

• Denial of Service Commands

• MAC Database Commands

• ISDP Commands

• Priority-Based Flow Control Commands

The commands in this chapter are in three functional groups:

• Show commands display switch settings, statistics, and other information.

• Configuration commands configure features and options of the switch. For every

configuration command, there is a show command that displays the configuration setting.

• Clear commands clear some or all of the settings to factory defaults.

Port Configuration Commands

This section describes the commands you use to view and configure port settings.

interface

This command gives you access to the Interface Config mode, which allows you to enable or modify the operation of an interface (port).

Format interface <unit/slot/port> Mode

Global Config

interface vlan

This command gives you access to the vlan virtual interface mode, which allows certain port configurations (for example, the IP address) to be applied to the VLAN interface. Type a question mark (?) after entering the interface configuration mode to see the available options.

Format interface vlan <vlan id> Mode

Global Config

interface lag

This command gives you access to the LAG (link aggregation, or port channel) virtual interface, which allows certain port configurations to be applied to the LAG interface. Type a question mark (?) after entering the interface configuration mode to see the available options.

Switching Commands

ProSafe Managed Switch

Note: The IP address cannot be assigned to a LAG virtual interface. The

interface must be put under a VLAN group and an IP address assigned to the VLAN group.

Format interface lag <lag id> Mode

Global Config

auto-negotiate

This command enables automatic negotiation on a port.

Default Format auto-negotiate

Mode

enabled

Interface Config

no auto-negotiate

This command disables automatic negotiation on a port.

Note: Automatic sensing is disabled when automatic negotiation is

disabled.

auto-negotiate all

This command enables automatic negotiation on all ports.

Default Format auto-negotiate all

Mode

enabled

Global Config

no auto-negotiate all

This command disables automatic negotiation on all ports.

Format no auto-negotiate all Mode

Global Config

Switching Commands

ProSafe Managed Switch

description

Use this command to create an alpha-numeric description of the port.

Format description <description> Mode

Interface Config

mtu

Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or egress the interface. You can use the mtu command to configure jumbo frame support for physical and port-channel (LAG) interfaces. For the standard 7000 series implementation, the MTU size is a valid integer between 1522 - 9216 for tagged packets and a valid integer between 1518 - 9216 for untagged packets.

Note: To receive and process packets, the Ethernet MTU must include any

extra bytes that Layer-2 headers might require. To configure the IP MTU size, which is the maximum size of the IP packet (IP Header + IP payload), see ip mtu on page 229.

Default Format mtu <1518-9216>

Mode

1518 (untagged)

Interface Config

no mtu

This command sets the default MTU size (in bytes) for the interface.

Format no mtu Mode

Interface Config

shutdown

This command disables a port.

Note: You can use the shutdown command on physical and port-channel

(LAG) interfaces, but not on VLAN routing interfaces.

Switching Commands

Format shutdown Mode

Interface Config

no shutdown

This command enables a port.

Format no shutdown Mode

Interface Config

shutdown all

This command disables all ports.

Note: You can use the shutdown all command on physical and

port-channel (LAG) interfaces, but not on VLAN routing interfaces.

ProSafe Managed Switch

Format shutdown all Mode

Global Config

no shutdown all

This command enables all ports.

Format no shutdown all Mode

Global Config

speed

This command sets the speed and duplex setting for the interface.

Format speed {<100 | 10> <half-duplex | full-duplex>} Mode

Acceptable Values

100h 100f

Interface Config

Definition

100BASE-T half duplex 100BASE-T full duplex

Switching Commands

ProSafe Managed Switch

Acceptable Values

10h 10f

Definition

10BASE-T half duplex 10BASE-T full duplex

speed all

This command sets the speed and duplex setting for all interfaces.

Format speed all {<100 | 10> <half-duplex | full-duplex>} Mode

Acceptable Values

100h 100f 10h 10f

Global Config

Definition

100BASE-T half duplex 100BASE-T full duplex 10BASE-T half duplex 10BASE-T full duplex

show port

This command displays port information.

Format show port {<unit/slot/port> | all} Mode

Term Definition Interface

Type

Admin Mode

Physical Mode

Physical Status

Privileged EXEC

Valid slot and port number separated by forward slashes. If not blank, this field indicates that this port is a special type of port. The possible

values are:

• Mirror - this port is a monitoring port. For more information, see Port Mirroring on page 119.

• PC Mbr- this port is a member of a port-channel (LAG).

• Probe - this port is a probe port.

The Port control administration state. The port must be enabled in order for it to be allowed into the network. - May be enabled or disabled. The factory default is enabled.

The desired port speed and duplex mode. If auto-negotiation support is selected, then the duplex mode and speed is set from the auto-negotiation process. Note that the maximum capability of the port (full duplex -100M) is advertised. Otherwise, this object determines the port's duplex mode and transmission rate. The factory default is Auto.

The port speed and duplex mode.

Switching Commands

ProSafe Managed Switch

Term Definition Link Status

Link Trap

LACP Mode

The Link is up or down. This object determines whether or not to send a trap when link status changes. The

factory default is enabled. LACP is enabled or disabled on this port.

show port protocol

This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group.

Format show port protocol {<groupid> | all} Mode

Privileged EXEC

Term Definition Group Name

Group ID Protocol(s) VLAN Interface(s)

The group name of an entry in the Protocol-based VLAN table. The group identifier of the protocol group. The type of protocol(s) for this group. The VLAN associated with this Protocol Group. Lists the unit/slot/port interface(s) that are associated with this Protocol Group.

show port description

This command displays the port description for every port.

Format show port description <unit/slot/port> Mode

Term Definition Interface

Description

Privileged EXEC

Valid slot and port number separated by forward slashes Shows the port description configured via the “description” command

show port status

This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group.

Format show port status {<unit/slot/port> | all} Mode

Privileged EXEC

Switching Commands

ProSafe Managed Switch

Term Definition Interface

Media Type STP Mode Physical Mode Physical Status Link Status Loop Status Partner Flow

Control

Valid slot and port number separated by forward slashes. “Copper” or “Fiber” for combo port. Indicate the spanning tree mode of the port. Either “Auto” or fixed speed and duplex mode. The actual speed and duplex mode. Whether the link is Up or Down. Whether the port is in loop state or not. Whether the remote side is using flow control or not.

Loopback Interface Commands

The commands in this section describe how to create, delete, and manage loopback interfaces. A loopback interface is always expected to be up. This interface can provide the source address for sent packets and can receive both local and remote packets. The loopback interface is typically used by routing protocols.

To assign an IP address to the loopback interface, see ip address on page 224. To assign an IPv6 address to the loopback interface, see ipv6 address on page 355.

interface loopback

Use this command to enter the Interface Config mode for a loopback interface. The range of the loopback ID is 0 to 7.

Format interface loopback <loopback-id> Mode

no interface loopback

This command removes the loopback interface and associated configuration parameters for the specified loopback interface.

Format no interface loopback <loopback-id> Mode

Global Config

Switching Commands

ProSafe Managed Switch

show interface loopback

This command displays information about configured loopback interfaces.

Format show interface loopback [<loopback-id>] Mode

If you do not specify a loopback ID, the following information appears for each loopback interface on the system:

Term Definition Loopback ID

Interface IP Address Received

Packets Sent Packets

IPv6 Address

Privileged EXEC

The loopback ID associated with the rest of the information in the row. The interface name. The IPv4 address of the interface. The number of packets received on this interface.

The number of packets transmitted from this interface. The IPv6 address of this interface.

If you specify a loopback ID, the following information appears:

Term Definition Interface Link

Status IP Address

IPv6 is enabled (disabled)

IPv6 Prefix is MTU size

Shows whether the link is up or down.

The IPv4 address of the interface. Shows whether IPv6 is enabled on the interface.

The IPv6 address of the interface. The maximum transmission size for packets on this interface, in bytes.

Switching Commands

ProSafe Managed Switch

Spanning Tree Protocol (STP) Commands

This section describes the commands you use to configure Spanning Tree Protocol (STP). STP helps prevent network loops, duplicate messages, and network instability.

spanning-tree

This command sets the spanning-tree operational mode to enabled.

Default Format spanning-tree

Mode

enabled

Global Config

no spanning-tree

This command sets the spanning-tree operational mode to disabled. While disabled, the spanning-tree configuration is retained and can be changed, but is not activated.

Format no spanning-tree Mode

Global Config

spanning-tree auto-edge

This command enables auto-edge on the interface or range of interfaces. When enabled, the interface becomes an edge port if it does not see BPDUs for edge delay time.

Default Format spanning-tree auto-edge

Mode

enabled

Interface Config

no spanning-tree auto-edge

This command disables auto-edge on the interface or range of interfaces.

Format no spanning-tree auto-edge Mode

Interface Config

spanning-tree bpdufilter

Use this command to enable BPDU Filter on an interface or range of interfaces.

Default Format spanning-tree bpdufilter

Mode

disabled

Interface Config

Switching Commands

ProSafe Managed Switch

no spanning-tree bpdufilter

Use this command to disable BPDU Filter on the interface or range of interfaces.

Default Format no spanning-tree bpdufilter

Mode

disabled

Interface Config

spanning-tree bpdufilter default

Use this command to enable BPDU Filter on all the edge port interfaces.

Default Format spanning-tree bpdufilter

Mode

no spanning-tree bpdufilter default

Use this command to disable BPDU Filter on all the edge port interfaces.

Default Format no spanning-tree bpdufilter default

Mode

disabled

Global Config

enabled

Global Config

spanning-tree bpduflood

Use this command to enable BPDU Flood on the interface.

Default Format spanning-tree bpduflood

Mode

no spanning-tree bpduflood

Use this command to disable BPDU Flood on the interface.

Format no spanning-tree bpduflood Mode

disabled

Interface Config

Switching Commands

+ 746 hidden pages

NETGEAR M4100-D10-POE, M4100-D12G, M4100-26-POE, M4100-50-POE, M4100-26G User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual