NETGEAR M4100 ProSAFE Reference Manual

M4100 Series

Managed Switches

ProSAFE

CLI Command Reference Manual

Software Version 10.0.2

April 2015 202-11166-04

350 East Plumeria Drive San Jose, CA 95134 USA

M4100 Series ProSAFE Managed Switches

Support

Thank you for selecting NETGEAR products.

After installing your device, locate the serial number on the label of your product and use it to register your product at

https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR

recommends registering your product through the NETGEAR website.

For product updates and web support, visit http://support.netgear.com.

Phone (US & Canada only): 1-888-NETGEAR.

Phone (Other Countries): Check the list of phone numbers at http://support.netgear.com/general/contact/default.aspx.

Compliance

For regulatory compliance information, visit http://www.netgear.com/about/regulatory.

See the regulatory compliance document before connecting the power supply.

Trademarks

Revision History

Publication Part Number Publish Date Comments

202-11166-03 March 2015 First publication.

Contents

Chapter 1 Using the Command-Line Interface

Chapter 2 Switching Commands

Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Command Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Common Parameter Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Slot/Port Naming Convention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Using a Command’s “No” Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Managed Switch Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Command Completion and Abbreviation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

CLI Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

CLI Line-Editing Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Using CLI Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Accessing the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Port Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Loopback Interface Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Spanning Tree Protocol (STP) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Switch Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Double VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Voice VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Provisioning (IEEE 802.1p) Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Protected Ports Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

GARP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

GVRP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

GMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Port-Based Network Access Control Commands. . . . . . . . . . . . . . . . . . . . . . . . . 80

802.1X Supplicant Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Storm-Control Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Flow Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Port-Channel/LAG (802.3ad) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Port Mirroring Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Static MAC Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

DHCP L2 Relay Agent Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

DHCP Client Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

DHCP Snooping Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Dynamic ARP Inspection Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

M4100 Series ProSAFE Managed Switches

IGMP Snooping Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

IGMP Snooping Querier Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

MLD Snooping Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

MLD Snooping Querier Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

LLDP (802.1AB) Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

LLDP-MED Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Denial of Service Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

MAC Database Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

ISDP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Chapter 3 Multicast VLAN Registration Commands

About MVR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

MVR Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

Chapter 4 Routing Commands

Address Resolution Protocol (ARP) Commands . . . . . . . . . . . . . . . . . . . . . . . . . 228

IP Routing Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Virtual LAN Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

DHCP and BOOTP Relay Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

IP Helper Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

ICMP Throttling Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Chapter 5 Quality of Service Commands

Class of Service (CoS) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

Differentiated Services (DiffServ) Commands . . . . . . . . . . . . . . . . . . . . . . . . . 270

DiffServ Class Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

DiffServ Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

DiffServ Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

DiffServ Show Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

MAC Access Control List (ACL) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

IP Access Control List (ACL) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

IPv6 Access Control List (ACL) Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Time Range Commands for Time-Based ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . 309

AutoVoIP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

Chapter 6 Power over Ethernet Commands

About PoE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

PoE Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Chapter 7 Utility Commands

Auto Install Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Dual Image Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

System Information and Statistics Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 333

M4100 Series ProSAFE Managed Switches

Logging Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

Email Alerting and Mail Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

System Utility and Clear Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

Simple Network Time Protocol (SNTP) Commands . . . . . . . . . . . . . . . . . . . . . . 375

DHCP Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

DNS Client Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

Packet Capture Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400

Serviceability Packet Tracing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

Cable Test Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

sFlow Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

IP Address Conflict Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

RMON Stats and History Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432

UniDirectional Link Detection Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438

USB Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440

Chapter 8 Management Commands

Switch Management CPU Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

Management Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

Console Port Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .449

Telnet Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Secure Shell (SSH) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

Management Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Hypertext Transfer Protocol (HTTP) Commands . . . . . . . . . . . . . . . . . . . . . . . . 460

Access Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

User Account Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

TACACS+ Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514

Configuration Scripting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518

Pre-Login Banner and System Prompt Commands . . . . . . . . . . . . . . . . . . . . . . 520

Chapter 9 Green Ethernet Commands

Green Feature Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523

Energy-Detect Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523

Energy Efficient Ethernet (EEE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524

Green Ethernet Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524

Chapter 10 Log Messages

Core. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533

Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .535

Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537

Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541

QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547

Routing/IPv6 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548

Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551

Stacking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553

M4100 Series ProSAFE Managed Switches

Technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554

O/S Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556

Command List

1. Using the Command-Line Interface

The command-line interface (CLI) is a text-based way to manage and monitor the system. You

can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH.

This chapter describes the CLI syntax, conventions, and modes. It contains the following sections:

• Command Syntax

• Command Conventions

• Common Parameter Values

• Slot/Port Naming Convention

• Using a Command’s “No” Form

• Managed Switch Modules

• Command Modes

• Command Completion and Abbreviation

• CLI Error Messages

• CLI Line-Editing Conventions

• Using CLI Help

• Accessing the CLI

Note: For more information about the topics covered in this manual, visit the

support website at support.netgear.com.

Note: Firmware updates with new features and bug fixes are made

available from time to time at products can regularly check the site and download new firmware, or you can check for and download new firmware manually. If the features or behavior of your product does not match what is described in this guide, you might need to update your firmware.

downloadcenter.netgear.com. Some

M4100 Series ProSAFE Managed Switches

Command Syntax

A command is one or more words that might be followed by one or more parameters.

Parameters can be required or optional values. Some commands, such as show network and clear vlan, do not require parameters.

Other commands, such as network parms, require that you supply a value after the command. You must type the parameter values in a specific order, and optional parameters follow required parameters. The following example describes the network parms command syntax:

Format network parms <ipaddr> <netmask> [gateway]

• network parms is the command name.

• <ipaddr> and <netmask> are parameters and represent required values that you must

enter after you type the command keywords.

• [gateway] is an optional keyword, so you are not required to enter a value in place of

the keyword.

This command line reference manual lists each command by the command name and provides a brief description of the command. Each command reference also contains the following information:

• Format shows the command keywords and the required and optional parameters.

• Mode identifies the command mode you must be in to access the command.

• Default shows the default value, if any, of a configurable setting on the device.

The show commands also contain a description of the information that the command shows.

Command Conventions

In this document, the command name is in bold font. Parameters are in <italic font> between angle brackets. You must replace the parameter name with an appropriate value, which might be a name or number. Parameters are order-dependent. Keyword choices are in bold font.

The parameters for a command might include mandatory values, optional values, or keyword choices. The following table describes the conventions this document uses to distinguish between value types.

Table 1. Parameter Conventions

Symbol Example Description

italic font in angle brackets

[ ] square brackets [keyword] Indicates an optional parameter.

<value> or [<value>] Indicates a variable value. You must replace the

italicized text within angle brackets with a name or number.

Using the Command-Line Interface

M4100 Series ProSAFE Managed Switches

Table 1. Parameter Conventions (continued)

Symbol Example Description

{ } curly braces {choice1 | choice2} Indicates that you must select a parameter from the

list of choices.

| Vertical bars choice1 | choice2 Separates the mutually exclusive choices.

[{ }] Braces within square brackets

[{choice1 | choice2}] Indicates a choice within an optional element. This

format is used mainly for complicated commands

Common Parameter Values

Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System Name with Spaces” forces the system to accept the spaces. Empty strings (““) are not valid user-defined strings. The following table describes common parameter values and value formatting.

Table 2. Parameter Descriptions

Parameter Description

ipaddr This parameter is a valid IPv4 address. You can enter the IP address in the following

formats:

• a (32 bits)

• a.b (8.24 bits)

• a.b.c (8.8.16 bits)

• a.b.c.d (8.8.8.8)

In addition to these formats, the CLI accepts decimal, hexadecimal and octal formats through the following input formats (where n is any valid hexadecimal, octal or decimal number):

• 0xn (CLI assumes hexadecimal format.)

• 0n (CLI assumes octal format with leading zeros.)

• n (CLI assumes decimal format.)

ipv6-address This parameter is a valid IPv6 address. You can enter the IP address in the following

formats:

• FE80:0000:0000:0000:020F:24FF:FEBF:DBCB

• FE80:0:0:0:20F:24FF:FEBF:DBCB

• FE80::20F24FF:FEBF:DBCB

• FE80:0:0:0:20F:24FF:128:141:49:32

For additional information, refer to RFC 3513.

Interface or

slot/port

Logical Interface Represents a logical slot and port number. This is applicable in the case of a port-channel

Character strings Use double quotation marks to identify character strings, for example, “System Name with

V alid slot and port number separated by forward slashes. For example, 0/1 represents slot number 0 and port number 1.

(LAG). You can use the logical slot/port to configure the port-channel.

Spaces”. An empty string (“”) is not valid.

Using the Command-Line Interface

M4100 Series ProSAFE Managed Switches

Slot/Port Naming Convention

Managed switch software references physical entities such as cards and ports by using a slot/port naming convention. The software also uses this convention to identify certain logical entities, such as port-channel interfaces.

The slot number has two uses. In the case of physical ports, it identifies the card containing the ports. In the case of logical and CPU ports it also identifies the type of interface or port.

Table 3. Type of slots

Slot Type Description

Physical slot numbers Physical slot numbers begin with zero, and are allocated up to the maximum

number of physical slots.

Logical slot numbers Logical slots immediately follow physical slots and identify port-channel (LAG) or

router interfaces.

CPU slot numbers The CPU slots immediately follow the logical slots.

The port identifies the specific physical port or logical interface being managed on a slot.

Table 4. Type of ports

Port Type Description

Physical Ports The physical ports for each slot are numbered sequentially starting from zero. Logical Interfaces Port-channel or link aggregation group (LAG) interfaces are logical interfaces that

are only used for bridging functions. VLAN routing interfaces are only used for routing functions. Loopback interfaces are logical interfaces that are always up. Tunnel interfaces are logical point-to-point links that carry encapsulated packets.

CPU ports CPU ports are handled by the driver as one or more physical entities located on

physical slots.

Note: In the CLI, loopback and tunnel interfaces do not use the slot/port

format. To specify a loopback interface, you use the loopback ID. To specify a tunnel interface, you use the tunnel ID.

Using a Command’s “No” Form

The no keyword is a specific form of an existing command and does not represent a new or distinct command. Almost every configuration command has a no form. In general, use the no form to reverse the action of a command or reset a value back to the default. For example, the no shutdown configuration command reverses the shutdown of an interface. Use the

Using the Command-Line Interface

M4100 Series ProSAFE Managed Switches

command without the keyword no to reenable a disabled feature or to enable a feature that is disabled by default. Only the configuration commands are available in the no form.

Managed Switch Modules

Managed switch software consists of flexible modules that can be applied in various combinations to develop advanced Layer 2/3/4+ products. The commands and command modes available on your switch depend on the installed modules. Additionally, for some show commands, the output fields might change based on the modules included in the software.

The software suite includes the following modules:

• Switching (Layer 2)

• Routing (Layer 3)

• Quality of Service

• Management (CLI, web UI, and SNMP)

Command Modes

The CLI groups commands into modes according to the command function. Each of the command modes supports specific software commands. The commands in one mode are not available until you switch to that particular mode, except for the User EXEC mode commands. You can execute the User EXEC mode commands in the Privileged EXEC mode.

The command prompt changes in each command mode to help you identify the current mode. The following table describes the command modes and the prompts visible in that mode.

Note: The command modes available on your switch depend on the software

modules that are installed. For example, a switch that does not support BGPv4 does not provide the Router BGPv4 Command Mode.

Table 5. CLI Command Modes

Command Mode Prompt Mode Description

User EXEC Switch> Contains a limited set of commands to view

basic system information.

Privileged EXEC Switch# Allows you to issue any EXEC command,

enter the VLAN mode, or enter the Global Configuration mode.

Using the Command-Line Interface

M4100 Series ProSAFE Managed Switches

Table 5. CLI Command Modes (continued)

Command Mode Prompt Mode Description

Global Config Switch (Config)# Groups general setup commands and

permits you to make modifications to the

running configuration. VLAN Config Switch (Vlan)# Groups all the VLAN commands. Interface Config Switch (Interface <slot/port>)#

Switch (Interface Loopback <id>)#

Switch (Interface Tunnel <id>)#

Line Config Switch (line)# Contains commands to configure outbound

Policy Map Config

Policy Class Config

Class Map Config Switch (Config-class-map)# Contains the QoS class map configuration

Ipv6_Class-Map Config

MAC Access-list Config

Switch (Config-policy-map)# Contains the QoS Policy-Map configuration

Switch (Config-policy-class-map)#

Switch (Config-class-map)# Contains the QoS class map configuration

Switch (Config-mac-access-list)# Allows you to create a MAC Access-List and

Manages the operation of an interface and

provides access to the router interface

configuration commands.

Use this mode to set up a physical port for a

specific logical connection operation.

telnet settings and console interface settings.

commands.

Consists of class creation, deletion, and

matching commands. The class match

commands specify Layer 2, Layer 3, and

general match criteria.

commands for IPv4.

commands for IPv6.

to enter the mode containing MAC

Access-List configuration commands. TACACS Config Switch (Tacacs)# Contains commands to configure properties

for the TACACS servers. DHCP Pool

Config ARP Access-List

Config Mode

Switch (Config dhcp-pool)# Contains the DHCP server IP address pool

configuration commands.

Switch (Config-arp-access-list)# Contains commands to add ARP ACL rules

in an ARP Access List.

The following table explains how to enter or exit each mode.

Table 6. CLI Mode Access and Exit

Command Mode Access Method Exit or Access Previous Mode

User EXEC This is the first level of access. To exit, enter logout. Privileged EXEC From the User EXEC mode, enter

enable.

Using the Command-Line Interface

To exit to the User EXEC mode, enter exit or press Ctrl-Z.

M4100 Series ProSAFE Managed Switches

Table 6. CLI Mode Access and Exit (continued)

Command Mode Access Method Exit or Access Previous Mode

Global Config From the Privileged EXEC mode,

enter configure.

VLAN Config From the Privileged EXEC mode,

enter vlan database.

Interface Config From the Global Config mode,

enter

interface <slot/port> or interface loopback <id> or interface tunnel <id>

Line Config From the Global Config mode,

enter lineconfig.

Policy-Map Config From the Global Config mode,

enter policy-map <name>.

Policy-Class-Map Config

Class-Map Config From the Global Config mode,

From the Policy Map mode enter class.

enter class-map, and specify the optional keyword ipv4 to specify the Layer 3 protocol for this class. See class-map on page 272 for more information.

To exit to the Privileged EXEC mode, enter exit, or press Ctrl-Z.

To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z.

Ipv6-Class-Map Config

MAC Access-list Config

TACACS Config From the Global Config mode,

DHCP Pool Config From the Global Config mode,

ARP Access-List Config Mode

From the Global Config mode, enter class-map and specify the optional keyword ipv6 the Layer 3 protocol for this class. See class-map on page 272 for more information.

From the Global Config mode, enter mac access-list extended <name>.

enter tacacs-server host <ip-addr>, in which <ip-addr> is the IP address of the TACACS server on your network.

enter ip dhcp pool <pool-name>.

From the Global Config mode, enter arp access-list.

to specify

To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z.

Using the Command-Line Interface

M4100 Series ProSAFE Managed Switches

Command Completion and Abbreviation

Command completion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. Once you have entered enough letters, press the SPACEBAR or TAB key to complete the word.

Command abbreviation allows you to execute a command when you have entered there are enough letters to uniquely identify the command.

You must enter all of the required keywords

and parameters before you enter the command.

CLI Error Messages

If you enter a command and the system is unable to execute it, an error message appears. The following table describes the most common CLI error messages.

Table 7. CLI Error Messages

Message Text Description

% Invalid input detected at '^' marker. Indicates that you entered an incorrect or unavailable command.

The carat (^) shows where the invalid text is detected. This message also appears if any of the parameters or values are not recognized.

Command not found / Incomplete command. Use a question mark (?) to list commands.

Ambiguous command Indicates that you did not enter enough letters to uniquely identify

Indicates that you did not enter the required keywords or values.

the command.

CLI Line-Editing Conventions

The following table describes the key combinations you can use to edit commands or increase the speed of command entry . You can access this list from the CLI by entering help from the User or Privileged EXEC modes.

Table 8. CLI Editing Conventions

Key Sequence Description

DEL or Backspace Delete previous character Ctrl-A Go to beginning of line Ctrl-E Go to end of line Ctrl-F Go forward one character Ctrl-B Go backward one character

Using the Command-Line Interface

M4100 Series ProSAFE Managed Switches

Table 8. CLI Editing Conventions (continued)

Key Sequence Description

Ctrl-D Delete current character Ctrl-U, X Delete to beginning of line Ctrl-K Delete to end of line Ctrl-W Delete previous word Ctrl-T Transpose previous character Ctrl-P Go to previous line in history buffer Ctrl-R Rewrites or pastes the line Ctrl-N Go to next line in history buffer Ctrl-Y Prints last deleted character Ctrl-Q Enables serial flow Ctrl-S Disables serial flow Ctrl-Z Return to root command prompt Tab, <SPACE> Command-line completion Exit Go to next lower command prompt ? List available commands, keywords, or parameters

Using CLI Help

Enter a question mark (?) at the command prompt to display the commands available in the current mode.

(NETGEAR Switch) >?

enable Enter into user privilege mode. help Display help for various special keys. logout Exit this session. Any unsaved changes are lost. ping Send ICMP echo packets to a specified IP address. quit Exit this session. Any unsaved changes are lost. show Display Switch Options and Settings. telnet Telnet to a remote host.

Using the Command-Line Interface

M4100 Series ProSAFE Managed Switches

Enter a question mark (?) after each word you enter to display available command keywords or parameters.

(NETGEAR Switch) #network ?

javamode Enable/Disable. mgmt_vlan Configure the Management VLAN ID of the switch. parms Configure Network Parameters of the router. protocol Select DHCP, BootP, or None as the network config protocol.

If the help output shows a parameter in angle brackets, you must replace the parameter with a value.

(NETGEAR Switch) #network parms ?

<ipaddr> Enter the IP address.

If there are no additional command keywords or parameters, or if more parameters are optional, the following message appears in the output:

<cr> Press Enter to execute the command

You can also enter a question mark (?) after typing one or more characters of a word to list the available command or parameters that begin with the letters, as shown in the following example:

(NETGEAR Switch) #show m?

mac-addr-table mac-address-table monitor

Accessing the CLI

You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote management host.

For the initial connection, you must use a direct connection to the console port. You cannot access the system remotely until the system has an IP address, subnet mask, and default gateway. You can set the network configuration information manually, or you can configure the system to accept these settings from a BOOTP or DHCP server on your network. For more information, see

Management Interface Commands on page 446.

Using the Command-Line Interface

2. Switching Commands

This chapter describes the switching commands available in the managed switch CLI. The chapter contains the following sections:

• Port Configuration Commands

• Loopback Interface Commands

• Spanning Tree Protocol (STP) Commands

• VLAN Commands

• Switch Port Commands

• Double VLAN Commands

• Voice VLAN Commands

• Provisioning (IEEE 802.1p) Commands

• Protected Ports Commands

• Private VLAN Commands

• GARP Commands

• GVRP Commands

• GMRP Commands

• Port-Based Network Access Control Commands

• 802.1X Supplicant Commands

• Storm-Control Commands

• Flow Control Commands

• Port Mirroring Commands

• Static MAC Filtering Commands

• DHCP L2 Relay Agent Commands

• DHCP Client Commands

• DHCP Snooping Configuration Commands

• Dynamic ARP Inspection Commands

• IGMP Snooping Configuration Commands

• IGMP Snooping Querier Commands

• MLD Snooping Commands

M4100 Series ProSAFE Managed Switches

• MLD Snooping Querier Commands

• Port Security Commands

• LLDP (802.1AB) Commands

• LLDP-MED Commands

• Denial of Service Commands

• MAC Database Commands

• ISDP Commands

The commands in this chapter are in three functional groups:

• Show commands display switch settings, statistics, and other information.

• Configuration commands configure features and options of the switch. Every switch

command has a show command that displays the configuration setting.

• Clear commands clear some or all of the settings to factory defaults.

Switching Commands

M4100 Series ProSAFE Managed Switches

Port Configuration Commands

This section describes the commands you use to view and configure port settings.

interface

This command gives you access to the Interface Config mode, which allows you to enable or modify the operation of an interface (port).

Format interface <slot/port> Mode Global Config

interface vlan

This command gives you access to the vlan virtual interface mode, which allows certain port configurations (for example, the IP address) to be applied to the VLAN interface. Type a question mark (?) after entering the interface configuration mode to see the available options.

Format interface vlan <vlan id> Mode Global Config

interface lag

This command gives you access to the LAG (link aggregation, or port channel) virtual interface, which allows certain port configurations to be applied to the LAG interface. Type a question mark (?) after entering the interface configuration mode to see the available options.

Note: The IP address cannot be assigned to a LAG virtual interface. The

interface must be put under a VLAN group and an IP address assigned to the VLAN group.

Format interface lag <lag id> Mode Global Config

auto-negotiate

This command enables automatic negotiation on a port.

Default enabled Format auto-negotiate Mode Interface Config

Switching Commands

M4100 Series ProSAFE Managed Switches

no auto-negotiate

This command disables automatic negotiation on a port.

Note: Automatic sensing is disabled when automatic negotiation is disabled.

auto-negotiate all

This command enables automatic negotiation on all ports.

Default enabled Format auto-negotiate all Mode Global Config

no auto-negotiate all

This command disables automatic negotiation on all ports.

Format no auto-negotiate all Mode Global Config

description

Use this command to create an alpha-numeric description of the port.

Format description <description> Mode Interface Config

mtu

Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or egress the interface. You can use the mtu command to configure jumbo frame support for physical and port-channel (LAG) interfaces. The MTU size is a valid integer between 1522–9216 for tagged packets and a valid integer between 1518–9216 for untagged packets.

Note: To receive and process packets, the Ethernet MTU must include any

extra bytes that Layer-2 headers might require. To configure the IP MTU size, which is the maximum size of the IP packet (IP Header + IP payload), see ip mtu on page 239.

Switching Commands

M4100 Series ProSAFE Managed Switches

Default 1518 (untagged) Format mtu <1518-9216> Mode Interface Config

no mtu

This command sets the default MTU size (in bytes) for the interface.

Format no mtu Mode Interface Config

shutdown

This command disables a port.

Note: You can use the shutdown command on physical and port-channel

(LAG) interfaces, but not on VLAN routing interfaces.

Format shutdown Mode Interface Config

no shutdown

This command enables a port.

Format no shutdown Mode Interface Config

shutdown all

This command disables all ports.

Note: You can use the shutdown all command on physical and

port-channel (LAG) interfaces, but not on VLAN routing interfaces.

Switching Commands

M4100 Series ProSAFE Managed Switches

Format shutdown all Mode Global Config

no shutdown all

This command enables all ports.

Format no shutdown all Mode Global Config

speed

This command sets the speed and duplex setting for the interface.

Format speed [auto] [{<100 | 10 | 10G> {<half-duplex | full-duplex>}}] Mode Interface Config

Acceptable

Values

100h 100BASE-T half duplex 100f 100BASE-T full duplex 10h 10BASE-T half duplex 10f 10BASE-T full duplex 10Gh 10GBase-T full duplex 10Gf 10Gbase-T half duplex

Definition

speed all

This command sets the speed and duplex setting for all interfaces.

Format speed all [auto] [{<100 | 10> {<half-duplex | full-duplex>}}] Mode Global Config

Acceptable

Values

Definition

100h 100BASE-T half duplex 100f 100BASE-T full duplex 10h 10BASE-T half duplex

Switching Commands

M4100 Series ProSAFE Managed Switches

Acceptable Values

10f 10BASE-T full duplex 10Gh 10GBase-T full duplex 10Gf 10Gbase-T half duplex

Definition

show port advertise

Use this command to display the local administrative link advertisement configuration, local operational link advertisement, and the link partner advertisement for an interface. It also displays priority Resolution for speed and duplex as per 802.3 Annex 28B.3. It displays the autonegotiation state, Phy Master/Slave Clock configuration, and Link state of the port.

If the link is down, the Clock is displayed as No Link, and a dash is displayed against the Oper Peer advertisement, and Priority Resolution. If autonegotiation is disabled, the admin Local Link advertisement, operational local link advertisement, operational peer advertisement, and Priority resolution fields are not displayed.

If this command is executed without the optional slot/port parameter, it displays the autonegotiation state and operational Local link advertisement for all the ports. Operational link advertisement will display speed only if it is supported by both local as well as link partner. If autonegotiation is disabled, operational local link advertisement is not displayed.

Format show port advertise [slot/port] Mode Privileged EXEC

Command example:

The following commands show the command output with and without the optional parameter:

(NETGEAR Switch)#show port advertise 0/1

Port: 0/1 Type: Gigabit - Level Link State: Down Auto Negotiation: Enabled Clock: Auto 1000f 1000h 100f 100h 10f 10h

----- ----- ---- ---- --- --Admin Local Link Advertisement no no yes no yes no Oper Local Link Advertisement no no yes no yes no Oper Peer Advertisement no no yes yes yes yes Priority Resolution - - yes - - -

Switching Commands

M4100 Series ProSAFE Managed Switches

(NETGEAR Switch)#show port advertise

Port Type Neg Operational Link Advertisement

--------- ------------------------------ ----------- ------------------------------

0/1 Gigabit - Level Enabled 1000f, 100f, 100h, 10f, 10h 0/2 Gigabit - Level Enabled 1000f, 100f, 100h, 10f, 10h 0/3 Gigabit - Level Enabled 1000f, 100f, 100h, 10f, 10h

show port

This command displays port information.

Format show port {<slot/port> | all} Mode Privileged EXEC

Term Definition

Interface Valid slot and port number separated by forward slashes.

Type If not blank, this field indicates that this port is a special type of port. The possible

values are:

• Mirror. This port is a monitoring port. For more information, see Port Mirroring

Commands on page 125.

• PC Mbr.

• Probe. This

Admin Mode The Port control administration state. The port must be enabled in order for it to be

allowed into the network. - May be enabled or disabled. The factory default is enabled.

Physical Mode The desired port speed and duplex mode. If autonegotiation support is selected, the

duplex mode and speed is set from the auto-negotiation process. Note that the maximum capability of the port (full-duplex -100M) is advertised. Otherwise, this object

determines the port's duplex mode and transmission rate. The factory default is Auto. Physical Status The port speed and duplex mode. Link Status The Link is up or down. Link Trap This object determines whether to send a trap when link status changes. The factory

default is enabled. LACP Mode LACP is enabled or disabled on this port.

This port is a member of a port-channel (LAG).

port is a probe port.

show port protocol

This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group.

Format show port protocol {<groupid> | all} Mode Privileged EXEC

Switching Commands

M4100 Series ProSAFE Managed Switches

Term Definition

Group Name The group name of an entry in the Protocol-based VLAN table. Group ID The group identifier of the protocol group. Protocol(s) The type of protocol(s) for this group. VLAN The VLAN associated with this Protocol Group. Interface(s) Lists the slot/port interface(s) that are associated with this Protocol Group.

show port description

This command displays the port description for every port.

Format show port description <slot/port> Mode Privileged EXEC

Term Definition

Interface Valid slot and port number separated by forward slashes Description Shows the port description configured via the “description” command

show port status

This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group.

Format show port status {<slot/port> | all} Mode Privileged EXEC

Term Definition

Interface Valid slot and port number separated by forward slashes. Media Type “Copper” or “Fiber” for combo port. STP Mode Indicate the spanning tree mode of the port. Physical Mode Either “Auto” or fixed speed and duplex mode. Physical Status The actual speed and duplex mode. Link Status Whether the link is Up or Down. Loop Status Whether the port is in loop state or not. Partner Flow

Control

Whether the remote side is using flow control or not.

Switching Commands

M4100 Series ProSAFE Managed Switches

Loopback Interface Commands

The commands in this section describe how to create, delete, and manage loopback interfaces. A loopback interface is always expected to be up. This interface can provide the source address for sent packets and can receive both local and remote packets. The loopback interface is typically used by routing protocols.

To assign an IP address to the loopback interface, see ip address on page 234.

interface loopback

Use this command to enter the Interface Config mode for a loopback interface. The range of the loopback ID is 0–7.

Format interface loopback <loopback-id> Mode Global Config

no interface loopback

This command removes the loopback interface and associated configuration parameters for the specified loopback interface.

Format no interface loopback <loopback-id> Mode Global Config

show interface loopback

This command displays information about configured loopback interfaces.

Format show interface loopback [<loopback-id>] Mode Privileged EXEC

If you do not specify a loopback ID, the following information appears for each loopback interface on the system:

Term Definition

Loopback ID The loopback ID associated with the rest of the information in the row. Interface The interface name. IP Address The IPv4 address of the interface. Received

Packets Sent Packets The number of packets transmitted from this interface. IPv6 Address The IPv6 address of this interface.

The number of packets received on this interface.

Switching Commands

M4100 Series ProSAFE Managed Switches

If you specify a loopback ID, the following information appears:

Term Definition

Interface Link Status

IP Address The IPv4 address of the interface. IPv6 is enabled

(disabled) IPv6 Prefix is The IPv6 address of the interface. MTU size The maximum transmission size for packets on this interface, in bytes.

Shows whether the link is up or down.

Shows whether IPv6 is enabled on the interface.

Spanning Tree Protocol (STP) Commands

This section describes the commands you use to configure Spanning Tree Protocol (STP). STP helps prevent network loops, duplicate messages, and network instability.

spanning-tree

This command sets the spanning-tree operational mode to enabled.

Default enabled Format spanning-tree Mode Global Config

no spanning-tree

This command sets the spanning-tree operational mode to disabled. While disabled, the spanning-tree configuration is retained and can be changed, but is not activated.

Format no spanning-tree Mode Global Config

spanning-tree auto-edge

This command enables auto-edge on the interface or range of interfaces. When enabled, the interface becomes an edge port if it does not see BPDUs for edge delay time.

Default enabled Format spanning-tree auto-edge Mode Interface Config

Switching Commands

M4100 Series ProSAFE Managed Switches

no spanning-tree auto-edge

This command disables auto-edge on the interface or range of interfaces.

Format no spanning-tree auto-edge Mode Interface Config

spanning-tree bpdufilter

Use this command to enable BPDU Filter on an interface or range of interfaces.

Default disabled Format spanning-tree bpdufilter Mode Interface Config

no spanning-tree bpdufilter

Use this command to disable BPDU Filter on the interface or range of interfaces.

Default disabled Format no spanning-tree bpdufilter Mode Interface Config

spanning-tree bpdufilter default

Use this command to enable BPDU Filter on all the edge port interfaces.

Default disabled Format spanning-tree bpdufilter Mode Global Config

no spanning-tree bpdufilter default

Use this command to disable BPDU Filter on all the edge port interfaces.

Default enabled Format no spanning-tree bpdufilter default Mode Global Config

Switching Commands

M4100 Series ProSAFE Managed Switches

spanning-tree bpduflood

Use this command to enable BPDU Flood on the interface.

Default disabled Format spanning-tree bpduflood Mode Interface Config

no spanning-tree bpduflood

Use this command to disable BPDU Flood on the interface.

Format no spanning-tree bpduflood Mode Interface Config

spanning-tree bpduguard

Use this command to enable BPDU Guard on the switch.

Default disabled Format spanning-tree bpduguard Mode Global Config

no spanning-tree bpduguard

Use this command to disable BPDU Guard on the switch.

Format no spanning-tree bpduguard Mode Global Config

spanning-tree bpdumigrationcheck

Use this command to force a transmission of rapid spanning tree (RSTP) and multiple spanning tree (MSTP) BPDUs. Use the <slot/port> parameter to transmit a BPDU from a specified interface, or use the all keyword to transmit BPDUs from all interfaces. This command forces the BPDU transmission when you execute it, so the command does not change the system configuration or have a “no” version.

Format spanning-tree bpdumigrationcheck {<slot/port> | all} Mode Global Config

Switching Commands

M4100 Series ProSAFE Managed Switches

spanning-tree configuration name

This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using. The <name> is a string of up to 32 characters.

Default base MAC address in hexadecimal notation Format spanning-tree configuration name <name> Mode Global Config

no spanning-tree configuration name

This command resets the Configuration Identifier Name to its default.

Format no spanning-tree configuration name Mode Global Config

spanning-tree configuration revision

This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0–65535.

Default 0 Format spanning-tree configuration revision <0-65535> Mode Global Config

no spanning-tree configuration revision

This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value.

Format no spanning-tree configuration revision Mode Global Config

spanning-tree edgeport

This command specifies that this port is an Edge Port within the Common and Internal Spanning Tree. This allows this port to transition to Forwarding State without delay.

Default Enabled Format spanning-tree edgeport Mode Interface Config

Switching Commands

+ 548 hidden pages

NETGEAR M4100 ProSAFE Reference Manual

Specifications and Main Features

Frequently Asked Questions

User Manual