Netgear XCM8810, XCM8806 Installation Manual

NETGEAR 8800 Chassis

Switch CLI Manual

Software Version 12.4

350 East Plumeria Drive San Jose, CA 95134 USA

March 2011 202-10802-01 v1.0

NETGEAR 8800 Chassis Switch CLI Manual

into any language in any form or by any means without the written permission of NETGEAR, Inc.

Techn ical Supp ort

Thank you for choosing NETGEAR. T o register your product, get the latest product updates, or get support online, visit us at http://support.netgear.com.

Phone (US and Canada only): 1-888-NETGEAR Phone (Other Countries): See Support information card.



Trademarks

NETGEAR, the NETGEAR logo, ReadyNAS, ProSafe, Smart Wizard, Auto Uplink, X-RAID2, and NeoTV are trademarks or registered trademarks of NETGEAR, Inc. Microsoft, Windows, Windows NT, and Vista are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.

Statement of Conditions

To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use, or application of, the product(s) or circuit layout(s) described herein.

Revision History

Publication Part Number Version Publish Date Comments

202-10802-01 v1.0 March 2011 First publication

2 |

Chapter 1 Command Reference Overview

Chapter 2 Commands for Accessing the Switch

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Structure of this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Understanding the Command Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Access Levels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Syntax Symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Syntax Helper. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Object Names. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Command Shortcuts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Port Numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Numerical Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Line-Editing Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Command History. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Chapter 3 Commands for Managing the Switch

SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

TFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

System Redundancy with Dual Management Modules Installed . . . . . . . .58

Power Supply Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Simple Network Time Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Chapter 4 Commands for Managing the NETGEAR 8800 Software Chapter 5 Commands for Configuring Slots and Ports on a

Switch Chapter 6 Commands for Configuring LLDP Chapter 7 PoE Commands

Summary of PoE Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . .300

Contents | 3

NETGEAR 8800 Chassis Switch CLI Manual

Chapter 8 Commands for Status Monitoring and Statistics

Event Management System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .330

sFlow Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331

Chapter 9 VLAN Commands Chapter 10 FDB Commands Chapter 11 Commands for Virtual Routers Chapter 12 Policy Manager Commands Chapter 13 ACL Commands Chapter 14 QoS Commands Chapter 15 Security Commands

SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554

SSL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554

User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554

Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555

Chapter 16 Network Login Commands Chapter 17 STP Commands

STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .737

RSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737

MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .738

Spanning Tree Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .738

Member VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .738

Carrier VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 738

Protected VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739

STPD Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .739

Encapsulation Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .740

STP Rules and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 741

Chapter 18 VRRP Commands

4 | Contents

Chapter 19 IP Unicast Commands Chapter 20 IPv6 Unicast Commands Chapter 21 RIP Commands

NETGEAR 8800 Chassis Switch CLI Manual

Chapter 22 RIPng Commands Chapter 23 OSPF Commands

OSPF Edge Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .995

Chapter 24 OSPFv3 Commands

OSPF Edge Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1037

Chapter 25 BGP Commands Chapter 26 IP Multicast Commands Chapter 27 IPv6 Multicast Commands Chapter 28 MSDP Commands Chapter 29 vMAN (PBN) Commands Appendix A Configuration and Image Commands Appendix B Troubleshooting Commands

Event Management System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1345

Command List

Contents | 5

1. Command Reference Overview

Introduction

This guide provides details of the command syntax for all NETGEAR 8800 Chassis Switch commands as of Software Version 12.4.

The guide does not provide feature descriptions, explanations of the technologies, or configuration examples. For information about the various features and technologies supported by NETGEAR switches, see the NETGEAR 8800 User Manual.

This chapter includes the following sections:

• Audience on page 6

• Structure of this Guide on page 7

• Understanding the Command Syntax on page 7

• Port Numbering on page 10

• Line-Editing Keys on page 11

• Command History on page 12

Audience

This guide is intended for use by network administrators who are responsible for installing and setting up network equipment. It assumes a basic working knowledge of the following:

• Local area networks (LANs)

• Ethernet concepts

• Ethernet switching and bridging concepts

• Routing concepts

• Internet Protocol (IP) concepts

• Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Intermediate

System-Intermediate System (IS-IS) concepts

• Border Gateway Protocol (BGP-4) concepts

• IP Multicast concepts

Chapter 1. Command Reference Overview | 6

NETGEAR 8800 Chassis Switch CLI Manual

• Protocol Independent Multicast (PIM) concepts

• Simple Network Management Protocol (SNMP)

Structure of this Guide

This guide documents each NETGEAR 8800 OS command. Related commands are grouped together and organized into chapters based on their most common usage. The chapters reflect the organization of the NETGEAR 8800 User Manual. If a specific command is relevant to a wide variety of functions and could be included in a number of different chapters, we have attempted to place the command in the most logical chapter. Within each chapter, commands appear in alphabetical order. You can use the Index of Commands to locate specific commands if they do not appear where you expect to find them.

For each command, the following information is provided:

• Command Syntax—The actual syntax of the command. The syntax conventions (the

use of braces, for example) are defined in the section

Syntax on page 7.

Understanding the Command

• Description—A brief one sentence summary of what the command does.

• Syntax Description—The definition of any keywords and options used in the command.

• Default—The defaults, if any, for this command. The default can be the default action of

the command if optional arguments are not provided, or it can be the default state of the switch (such as for an enable/disable command).

• Usage Guidelines—Information to help you use the command. This may include

prerequisites, prohibitions, and related commands, as well as other information.

• Example—Examples of the command usage, including output, if relevant.

Understanding the Command Syntax

This section covers the following topics:

• Access Levels on page 7

• Syntax Symbols on page 8

• Syntax Helper on page 8

• Object Names on page 9

• Command Shortcuts on page 10

Access Levels

When entering a command at the prompt, ensure that you have the appropriate privilege level. Most configuration commands require you to have the administrator privilege level.

Chapter 1. Command Reference Overview | 7

NETGEAR 8800 Chassis Switch CLI Manual

Syntax Symbols

You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, but you do not type them as part of the command itself.

Table 1 summarizes the command syntax symbols.

Note: NETGEAR 8800 software does not support the ampersand (&), left

angle bracket (<), or right angle bracket (>), because they are reserved characters with special meaning in XML.

Table 1. Command Syntax Symbols

Symbol Description

angle brackets < > Enclose a variable or value. You must specify the variable or value. For example, in the

syntax

configure vlan <vlan_name> ipaddress <ip_address>

you must supply a VLAN name for <vlan_name> and an address for <ip_address> when entering the command. Do not type the angle brackets and do not include spaces within angle brackets.

square brackets [ ] Enclose a required value or list of required arguments. One or more values or arguments

can be specified. For example, in the syntax

use image [primary | secondary]

you must specify either the primary or secondary image when entering the command. Do not type the square brackets.

vertical bar | Separates mutually exclusive items in a list, one of which must be entered. For example, in

the syntax

configure snmp community [readonly | readwrite] <alphanumeric_string>

you must specify either the read or write community string in the command. Do not type the vertical bar.

braces { } Enclose an optional value or a list of optional arguments. One or more values or

arguments can be specified. For example, in the syntax

reboot {time <month> <day> <year> <hour> <min> <sec>} {cancel} {msm <slot_id>} {slot <slot-number> | node-address <node-address> | stack-topology {as-standby} }

you can specify either a particular date and time combination, or the keyword cancel to cancel a previously scheduled reboot. (In this command, if you do not specify an argument, the command will prompt asking if you want to reboot the switch now.) Do not type the braces.

Syntax Helper

The CLI has a built-in syntax helper. If you are unsure of the complete syntax for a particular command, enter as much of the command as possible and press TAB. The syntax helper

8 | Chapter 1. Command Reference Overview

NETGEAR 8800 Chassis Switch CLI Manual

provides a list of options for the remainder of the command, and places the cursor at the end of the command you have entered so far, ready for the next option.

If the command is one where the next option is a named component, such as a VLAN, access profile, or route map, the syntax helper also lists any currently configured names that might be used as the next option. In situations where this list might be very long, the syntax helper lists only one line of names, followed by an ellipses (...) to indicate that there are more names than can be displayed.

Some values (such as the <node-address>) are lengthy, but limited in number. The NETGEAR 8800 places these values into a “namespace.” This allows command completion on these values.

The syntax helper also provides assistance if you have entered an incorrect command.

Abbreviated Syntax

Abbreviated syntax is the shortest unambiguous allowable abbreviation of a command or parameter. Typica lly, this is the first three letters of the command. If you do not enter enough letters to allow the switch to determine which command you mean, the syntax helper provides a list of the options based on the portion of the command you have entered.

Note: When using abbreviated syntax, you must enter enough characters

to make the command unambiguous and distinguishable to the switch.

Object Names

All named components within a category of the switch configuration, such as VLAN, must be given a unique object name. Object names must begin with an alphabetical character and may contain alphanumeric characters and underscores (_), but they cannot contain spaces. The maximum allowed length for a name is 32 characters.

Object names can be reused across categories (for example, STPD and VLAN names). If the software encounters any ambiguity in the components within your command, it generates a message requesting that you clarify the object you specified.

Note: If you use the same name across categories, NETGEAR

recommends that you specify the identifying keyword as well as the actual name. If you do not use the keyword, the system may return an error message.

Chapter 1. Command Reference Overview | 9

NETGEAR 8800 Chassis Switch CLI Manual

Reserved Keywords

Keywords such as vlan, stp, and other 2nd level keywords, are determined to be reserved keywords and cannot be used as object names. This restriction applies to the specific word (vlan) only, while expanded versions (vlan2) can be used.

A complete list of the reserved keywords for NETGEAR 8800 12.4 and later software is displayed in Table can be used as an object name.

8 of the NETGEAR 8800 User Manual. Any keyword that is not on this list

Command Shortcuts

Components are typically named using the create command. When you enter a command to configure a named component, you do not need to use the keyword of the component. For example, to create a VLAN, enter a VLAN name:

create vlan engineering

Once you have created the VLAN with a unique name, you can then eliminate the keyword vlan from all other commands that require the name to be entered (unless you used the same name for another category, such as STPD). For example, instead of entering the command:

configure vlan engineering delete port 1:3,4:6

you could enter the following shortcut:

configure engineering delete port 1:3,4:6

Port Numbering

Commands that require you to enter one or more port numbers use the parameter <port_list> in the syntax.

Note: The keyword all acts on all possible ports; it continues on all ports

even if one port in the sequence fails.

Numerical Ranges

On the NETGEAR 8800, the port number is a combination of the slot number and the port number. The nomenclature for the port number is as follows:

slot:port

For example, if an I/O module that has a total of fou r port s is inst alled in slot 2 of the chassis, the following ports are valid:

• 2:1

10 | Chapter 1. Command Reference Overview

NETGEAR 8800 Chassis Switch CLI Manual

• 2:2

• 2:3

• 2:4

You can also use wildcard combinations (*) to specify multiple modular slot and port combinations. The following wildcard combinations are allowed:

• slot:*—Specifies all ports on a particular I/O module.

• slot:x-slot:y—Specifies a contiguous series of ports on a particular I/O module.

• slot:x-y—Specifies a contiguous series of ports on a particular I/O module.

• slota:x-slotb:y—Specifies a contiguous series of ports that begin o n one I/O module

or node and end on another node.

Line-Editing Keys

Table 2 describes the line-editing keys available using the CLI.

Table 2. Line-Editing Keys

Key(s) Description

Left arrow or [Ctrl] + B Moves the cursor one character to the left. Right arrow or [Ctrl] + F Moves the cursor one character to the right. [Ctrl] + H or Backspace Deletes character to left of cursor and shifts remainder of line to left. Delete or [Ctrl] + D Deletes character under cursor and shifts remainder of line to left. [Ctrl] + K Deletes characters from under cursor to end of line. Insert Toggles on and off. When toggled on, inserts text and shifts previous text to right. [Ctrl] + A Moves cursor to first character in line. [Ctrl] + E Moves cursor to last character in line. [Ctrl] + L Clears screen and movers cursor to beginning of line. [Ctrl] + P or

Up Arrow [Ctrl] + N or

Down Arrow [Ctrl] + U Clears all characters typed from cursor to beginning of line.

Displays previous command in command history buffer and places cursor at end of command.

Displays next command in command history buffer and places cursor at end of command.

[Ctrl] + W Deletes previous word. [Ctrl] + C Interrupts the current CLI command execution.

Chapter 1. Command Reference Overview | 11

NETGEAR 8800 Chassis Switch CLI Manual

Command History

The NETGEAR 8800 saves the commands you enter. You can display a list of these commands by using the following command:

history

If you use a command more than once, consecutively, the history will list only the first instance.

12 | Chapter 1. Command Reference Overview

2. Commands for Accessing the Switch

This chapter describes commands used for:

• Accessing and configuring the switch including how to set up user accounts, passwords,

date and time settings, and software licenses

• Managing passwords

• Configuring the Domain Name Service (DNS) client

• Checking basic switch connectivity

• Enabling and displaying licenses

• Returning the switch to safe defaults mode

NETGEAR 8800 supports the following two levels of management:

• User

• Administrator

A user-level account has viewing access to all manageable parameters, with the exception of:

• User account database

• SNMP community strings

A user-level account can change the password assigned to the account name and use the ping command to test device reachability.

An administrator-level account can view and change all switch parameters. It can also add and delete users and change the password associated with any account name. The administrator can disconnect a management session that has been established by way of a Telnet connection. If this happens, the user logged on by way of the Telnet connection is notified that the session has been terminated.

The DNS client in NETGEAR 8800 augments certain commands to accept either IP addresses or host names. For example, DNS can be used during a Telnet session when you are accessing a device or when using the ping command to check the connectivity of a device.

The switch offers the following commands for checking basic connectivity:

• ping

• traceroute

Chapter 2. Commands for Accessing the Switch | 13

NETGEAR 8800 Chassis Switch CLI Manual

The ping command enables you to send Internet Control Message Protocol (ICMP) echo messages to a remote IP device. The traceroute command enables you to trace the routed path between the switch and a destination endstation.

This chapter describes commands for enabling and displaying software, security, and feature pack licenses.

clear account lockout

clear account [all | <name>] lockout

Description

This command re-enables an account that has been locked out (disabled) for exceeding the permitted number failed login attempts, which was configured by using the

account password-policy lockout-on-login-failures command.

Syntax Description

configure

all Specifies all users. name Specifies an account name.

Usage Guidelines

This command applies to sessions at the console port of the switch as well as all other sessions. You can re-enable both user and administrative accounts, once they have been disabled for exceeding the three failed login attempts.

Note: The failsafe accounts are never locked out.

This command clears only the locked-out (or disabled) condition of the account. The action of locking out accounts following the failed login attempts remains until you turn it off by issuing the

configure account [all | <name>] password-policy lockout-on-login failures off

command.

Example

The following command re-enables the account finance, which had been locked out (disabled) for exceeding 3 consecutive failed login attempts:

clear account finance lockout

clear license-info

14 | Chapter 2. Commands for Accessing the Switch

NETGEAR 8800 Chassis Switch CLI Manual

Description

This command, which should be used only in conjunction with a representative from NETGEAR, clears the licensing information from the switch.

Syntax Description

This command has no variables or parameters.

Default

N/A.

Usage Guidelines

Note: Use this command only under the guidance of an NETGEAR

representative.

This command clears licensing information from the switch. When you issue this command, the system requests a confirmation. If you answer yes, the system sends a Warning message to the log.

Example

The following command removes licensing information from the switch:

clear license-info

clear session

clear session [history | <sessId> | all]

Description

Terminates a Telnet and/or SSH2 sessions from the switch.

Syntax Description

?Default

N/A.

Usage Guidelines

An administrator-level account can disconnect a management session that has been established by way of a Telnet connection. You can determine the session number of the session you want to terminate by using the

show session command. The show session output

displays information about current Telnet and/or SSH2 sessions including:

Chapter 2. Commands for Accessing the Switch | 15

NETGEAR 8800 Chassis Switch CLI Manual

• The session number

• The login date and time

• The user name

• The type of Telnet session

• Authentication information

Depending on the software version running on your switch, additional session information may be displayed. The session number is the first number displayed in the

show session

output. When invoked to the clear the session history, the command clears the information about all

the previous sessions that were logged. The information about the active sessions remains intact.

Example

The following command terminates session 4 from the system:

clear session 4

configure account

configure account [all | <name>]

Description

Configures a password for the specified account, either user account or administrative account.

Syntax Description

all Specifies all accounts (and future users). name Specifies an account name.

Default

N/A.

Usage Guidelines

You must create a user or administrative account before you can configure that account with a password. Use the

create account command to create a user account.

The system prompts you to specify a password after you enter this command. You must enter a password for this command; passwords cannot be null and cannot include the following characters: “<“, “>”, and “?”.

16 | Chapter 2. Commands for Accessing the Switch

NETGEAR 8800 Chassis Switch CLI Manual

Note: Once you issue this command, you cannot have a null password.

However, if you want to have a null password (that is, no password on the specified account), use the create account command.

Passwords can have a minimum of 0 character and can have a maximum of 32 characters. Both passwords and user names are case-sensitive.

Note: If the account is configured to require a specific password format,

the minimum is 8 characters. See

password-policy char-validation for more information.

configure account

You must have administrator privileges to change passwords for accounts other than your own.

Example

The following command defines a new password green for the account marketing:

configure account marketing

The switch responds with a password prompt:

password: green

Your keystrokes will not be echoed as you enter the new password. After you enter the password, the switch will then prompt you to reenter it.

Reenter password: green

Assuming you enter it successfully a second time, the password is now changed.

configure account encrypted

configure account [all | <name>] encrypted <e-password>

Description

Encrypts the password that is entered in plain text for the specified account, either user account or administrative account.

Syntax Description

all Specifies all accounts (and future users). name Specifies an account name. e-password Enter in plain text the string you for an encrypted password. See Usage

Guidelines for more information.

Chapter 2. Commands for Accessing the Switch | 17

NETGEAR 8800 Chassis Switch CLI Manual

Default

N/A.

Usage Guidelines

You must create a user or administrative account before you can configure that account with a password. Use the

create account account command to create a user account.

When you use this command, the following password that you spe cif y in plain text is entered and displayed by the switch in an encrypted format. Administrators should enter the password in plain text. The encrypted password is then used by the switch once it encrypts the plain text password. The encrypted command should be used by the switch only to show, store, and load a system-generated encrypted p assword in configuration; this applies with the following commands:

save configuration, show configuration, and use configuration.

Note: Once you issue this command, you cannot have a null password.

However, if you want to have a null password (that is, no password on the specified account), use the create account command.

Passwords can have a minimum of 0 character and can have a maximum of 32 characters. Both passwords and user names are case-sensitive.

Note: If the account is configured to require a specific password format,

the minimum is 8 characters. See

password-policy char-validation for more information.

configure account

You must have administrator privileges to change passwords for accounts other than your own.

Example

The following command encrypts the password red for the account marketing:

configure account marketing encrypted red

configure account password-policy char-validation

configure account [all | <name>] password-policy char-validation [none | all-char-groups]

Description

Requires that the user include an upper-case letter, a lower-case letter, a digit, and a symbol in the password.

18 | Chapter 2. Commands for Accessing the Switch

NETGEAR 8800 Chassis Switch CLI Manual

Syntax Description

all Specifies all users (and future users). name Specifies an account name. none Resets password to accept all formats. all-char-groups Specifies that the password must contain at least two characters from each of

the four groups.

Note: The password minimum length will be 8 characters if you

specify this option.

Default

N/A.

Usage Guidelines

This feature is disabled by default. Once you issue this command, each password must include at least two characters of each

of the following four types:

• Upper-case A-Z

• Lower-case a-z

• 0-9

• !, @, #, $, %, ^, *, (, )

The minimum number of characters for these specifically formatted passwords is 8 characters and the maximum is 32 characters.

Use the none option to reset the password to accept all formats.

Example

The following command requires all users to use this specified format for all passwords:

configure account all password-policy char-validation all-char-groups

configure account password-policy history

configure account [all | <name>] password-policy history [<num_passwords> | none]

Description

Configures the switch to verify the specified number of previous passwords for the account. The user is prevented from changing the password on a user or administrative account to any of these previously saved passwords.

Chapter 2. Commands for Accessing the Switch | 19

NETGEAR 8800 Chassis Switch CLI Manual

Syntax Description

all Specifies all accounts (and future users). name Specifies an account name. num_passwords Specifies the number of previous passwords the system verifies for each

account. The range is 1 to 10 passwords.

none Resets the system to not remember any previous passwords.

Default

N/A.

Usage Guidelines

Use this command to instruct the system to verify new passwords against a list of all previously used passwords, once an account successfully changes a password. The limit is the number of previous passwords that the system checks against in the record to verify the new password.

If this parameter is configured, the system returns an error message if a user attempts to change the password to one that is saved by the system (up to the configured limit) for that account; this applies to both user and administrative accounts. This also applies to a configured password on the default admin account on the switch.

The limit of previous passwords that the system checks for previous use is configurable from 1 to 10. Using the

none option disables previous password tracking and returns the syste m to

the default state of no record of previous passwords.

Example

The following command instructs the system to verify that the new password has not been used as a password in the previous 5 passwords for the account engineering:

configure account engineering password-policy history 5

configure account password-policy lockout-on-login-failures

configure account [all | <name>] password-policy lockout-on-login-failures [on | off]

Description

Disables an account after the user has 3 consecutive failed login attempts.

Syntax Description

all Specifies all users (and future users). name Specifies an account name.

20 | Chapter 2. Commands for Accessing the Switch

NETGEAR 8800 Chassis Switch CLI Manual

on Specifies an account name. off Resets the password to never lockout the user.

Default

N/A.

Usage Guidelines

If you are not working on SSH, you can configure the number of failed logins that trigger lockout, using the

configure cli max-failed-logins <num-of-logins> command.

This command applies to sessions at the console port of the switch as well as all other sessions and to user-level and administrator-level accounts. This command locks out the user after 3 consecutive failed login attempts; the user’s account must be specifically re-enabled by an administrator.

Using the off option resets the account to allow innumerable consecutive failed login attempts, which is the system default. The system default is that 3 failed consecutive login attempts terminate the particular session, but the user may launch another session; there is no lockout feature by default.

Note: The failsafe accounts are never locked out, no matter how many

consecutive failed login attempts.

Example

The following command enables the account finance for lockout. After 3 consecutive failed login attempts, the account is subsequently locked out:

configure account finance password-policy lockout-on-login-failures on

configure account password-policy max-age

configure account [all | <name>] password-policy max-age [<num_days> | none]

Description

Configures a time limit for the passwords for specified accounts. The passwords for the default admin account and the failsafe account do not age out.

Syntax Description

all Specifies all accounts (and future users). name Specifies an account name.

Chapter 2. Commands for Accessing the Switch | 21

NETGEAR 8800 Chassis Switch CLI Manual

num_days Specifies the length of time that a password can be used. The range is 1 to

365 days.

none Resets the password to never expire.

Default

N/A.

Usage Guidelines

The passwords for the default admin account and the failsafe account never expire. The time limit is specified in days, from 1 to 365 days. Existing sessions are not closed when

the time limit expires; it will not open the next time the user attempts to log in. When a user logs into an account with an expired password, the system first verifies that the

entered password had been valid prior to expiring and then prompts the user to change the password.

Note: This is the sole time that a user with a user-level (opposed to an

administrator-level) account can make any changes to the user-level account.

Using the none option prevents the pa ssword for th e sp ecified account from ever expiring (it resets the password to the system default of no time limit).

Example

The following command sets a 3-month time limi t for the p assword for the account ma rketing:

configure account marketing password-policy max-age 90

configure account password-policy min-length

configure account [all | <name>] password-policy min-length [<num_characters> | none]

Description

Requires a minimum number of characters for passwords.

Syntax Description

all Specifies all accounts (and future users). name Specifies an account name.

22 | Chapter 2. Commands for Accessing the Switch

NETGEAR 8800 Chassis Switch CLI Manual

num_characters Specifies the minimum number of characters required for the password. The

range is 1 to 32 characters.

Note: If you configure the configure account

password-policy char-validation parameter, the

minimum length is 8 characters.

none Resets password to accept a minimum of 0 characters.

Note: If you configure the configure account encrypted

parameter, the minimum length is 8 characters.

Default

N/A.

Usage Guidelines

Use this command to configure a minimum length restriction for all passwords for specified accounts. This command affects the minimum allowed length for the next password; the current password is unaffected.

The minimum password length is configurable from 1 to 32 characters. Using the none option disables the requirement of minimum password length and returns the system to the default state (password minimum is 0 by default).

Note: If the account is configured to require a specific password format,

the minimum is 8 characters. See

password-policy char-validation for more information.

configure account

Example

The following command requires a minimum of 8 letters for the password for the account management:

configure account management password-policy min-length 8

configure banner

configure banner {acknowledge)

Description

Configures the banner string that is displayed at the beginning of each login prompt of each session.

Chapter 2. Commands for Accessing the Switch | 23

NETGEAR 8800 Chassis Switch CLI Manual

Syntax Description

acknowledge Specifies that the system return the user-defined message after the banner is

displayed. The user must then press a key (any key) to accept before the login displays. Certain systems require this configuration (for example, the U.S. Department of Defense).

Default

N/A.

Usage Guidelines

Press [Return] at the beginning of a line to terminate the command and apply the banner. To clear the banner , press [Return] at the beginn ing of the first line. You can enter up to 24 rows of 79-column text that is displayed before the login prompt of each session. To disable the acknowledgement feature, use the

configure banner command omitting the acknowledge

parameter.

Note: The system does not wait for a keypress when you use SSH for

access; this only applies to the serial console login sessions and telnet sessions.

Example

The following command adds a banner, Welcome to the switch, before the login prompt:

configure banner [Return] Welcome to the switch

configure cli max-sessions

configure cli max-sessions <num-of-sessions>

Description

Limits number of simultaneous CLI sessions on the switch.

Syntax Description

num-of-sessions Specifies the maximum number of concurrent sessions permitted. The range

is 1 to 16.

Default

The default is eight sessions.

24 | Chapter 2. Commands for Accessing the Switch

NETGEAR 8800 Chassis Switch CLI Manual

Usage Guidelines

The value must be greater than 0; the range is 1 to 16.

Example

The following command limits the number of simultaneous CLI sessions to ten:

configure cli max-sessions 10

configure cli max-failed-logins

configure cli max-failed-logins <num-of-logins>

Description

Establishes the maximum number of failed logins permitted before the session is terminated.

Syntax Description

num-of-logins Specifies the maximum number of failed logins permitted; the range is 1 to 10.

Default

The default is three logins.

Usage Guidelines

The value must be greater than 0; the range is 1 to 10.

Example

The following command sets the maximum number of failed logins to five:

configure cli max-failed-logins 5

configure dns-client add

configure dns-client add [domain-suffix <domain_name> | name-server <ip_address> {vr <vr_name>}]

Description

Adds a domain suffix to the domain suffix list or a name server to the available server list for the DNS client.

Syntax Description

domain-suffix Specifies adding a domain suffix. domain_name Specifies a domain name.

Chapter 2. Commands for Accessing the Switch | 25

NETGEAR 8800 Chassis Switch CLI Manual

name-server Specifies adding a name server. ip_address Specifies an IP address for the name server. vr Specifies use of a virtual router.

Note: User-created VRs are supported only on the platforms listed for this

feature in Appendix A of the NETGEAR 8800 User Manual.

vr_name Specifies a virtual router.

Default

N/A.

Usage Guidelines

The domain suffix list can include up to six items. If the use of all previous names fails to resolve a name, the most recently added entry on the domain suffix list will be the last name used during name resolution. This command will not overwrite any exiting entries. If a null string is used as the last suffix in the list, and all other lookups fail, the name resolver will attempt to look up the name with no suffix.

Up to eight DNS name servers can be configured. The default value for the virtual router used by the DNS client option is VR-Default.

Examples

The following command configures a domain name and adds it to the domain suffix list:

configure dns-client add domain-suffix xyz_inc.com

The following command specifies that the switch use the DNS server 10.1.2.1:

configure dns-client add name-server 10.1.2.1

The following command specifies that the switch use the virtual router Management:

configure dns-client add name-server 10.1.2.1 vr “VR-Mgmt”

configure dns-client default-domain

configure dns-client default-domain <domain_name>

Description

Configures the domain that the DNS client uses if a fully qualified domain name is not entered.

Syntax Description

domain_name Specifies a default domain name.

26 | Chapter 2. Commands for Accessing the Switch

NETGEAR 8800 Chassis Switch CLI Manual

Default

N/A.

Usage Guidelines

The default domain name will be used to create a fully qualified host name when a domain name is not specified. For example, if the default domain name is set to “ a command like “

dog.food.com

ping dog” is entered, the ping will actually be executed as “ping

”.

food.com” then when

Example

The following command configures the default domain name for the server:

configure dns-client default-domain xyz_inc.com

configure dns-client delete

configure dns-client delete [domain-suffix <domain_name> | name-server <ip_address> {vr <vr_name>}]

Description

Deletes a domain suffix from the domain suffix list or a name server from the available server list for the DNS client.

Syntax Description

domain-suffix Specifies deleting a domain suffix. domain_name Specifies a domai n na me . name-server Specifies deleting a name server. ip_address Specifies an IP address for the name server. vr Specifies deleting a virtual router.

Note: User-created VRs are supported only on the platforms listed for this

feature in Appendix A of the NETGEAR 8800 User Manual.

vr_name Specifies a virtual router.

Default

N/A.

Usage Guidelines

Specifying a domain suffix removes an entry from the domain suffix list. If the deleted item was not the last entry in the list, all items that had been added later are moved up in the list. If no entries in the list match the domain name specified, an error message will be displayed.

Chapter 2. Commands for Accessing the Switch | 27

NETGEAR 8800 Chassis Switch CLI Manual

The default value for the virtual router used by the DNS client option is VR-Default.

Examples

The following command deletes a domain name from the domain suffix list:

configure dns-client delete domain-suffix xyz_inc.com

The following command removes a DNS server from the list:

configure dns-client delete name-server 10.1.2.1

configure failsafe-account

configure failsafe-account {[deny | permit]

{vr <vr-name>} | telnet {vr <vr-name>}]}

Description

Configures a name and password for the failsafe account, or restricts access to specified connection types.

[all | control | serial | ssh 

Syntax Description

deny Prohibits failsafe account usage over the specified connection type(s). permit Allows a failsafe account to be used over the specified connection type(s). all Specifies all connection types. control Specifies internal access between nodes in a NETGEAR 8800 or between

MSMs/MMs in a chassis. serial Specifies access over the switch console port. ssh Specifies access using SSH on specified or all virtual routers. telnet Specifies access using Telnet on specified or all virtual routers.

Default

The failsafe account is always configured. The default connection types over which failsafe account access is permitted are the same as if “permit all” is configured.

Usage Guidelines

The failsafe account is the account of last resort to access your switch. If you use the command with no parameters, you are prompted for the failsaf e account name

and prompted twice to specify the password for the account. The password does not appear on the display at any time. You are not required to know the current failsafe account and password in order to change it.

28 | Chapter 2. Commands for Accessing the Switch

NETGEAR 8800 Chassis Switch CLI Manual

If you use the command with the permit or deny parameter, the permitted connection types are altered as specified.

The failsafe account or permitted connection types are immediately saved to NVRAM on all MSMs/MMs or active nodes.

Note: The information that you use to configure the failsafe account

cannot be recovered by NETGEAR. Technical support cannot retrieve passwords or account names for this account. Protect this information carefully.

Once you enter the failsafe account name, you are prompted to enter the password. Once you successfully log in to the failsafe account, you are logged in to an admin-level account.

Example

The following command changes the failsafe account: username to blue5green and the password to

red5yellow.

XCM8806.1 # configure failsafe-account enter failsafe user name: blue5green enter failsafe password: enter password again: XCM8806.2

The following example restricts usage of the failsafe account to the series console po rt and to access between MSMs.

XCM8810 XCM8810 XCM8810 XCM8810

.1 # configure failsafe-account deny all .2 # configure failsafe-account permit serial .3 # configure failsafe-account permit control .4 #

configure idletimeout

configure idletimeout <minutes>

Description

Configures the time-out for idle console, SSH2, and Telnet sessions.

Syntax Description

minutes Specifies the time-out interval, in minutes. Range is 1 to 240 (1 minute to 4

hours).

Chapter 2. Commands for Accessing the Switch | 29

NETGEAR 8800 Chassis Switch CLI Manual

Default

The default time-out is 20 minutes.

Usage Guidelines

This command configures the length of time the switch will wait before disconnecting idle console, SSH2, or Telnet sessions. The idletimeout feature must be enabled for this command to have an effect (the idletimeout feature is enabled by default).

Example

The following command sets the time-out for idle login and console sessions to 10 minutes:

configure idletimeout 10

configure safe-default-script

Description

Allows you to change management access to your device and to enhance security.

Syntax Description

This command has no arguments or variables.

Default

N/A.

Usage Guidelines

This command runs an interactive script that prompts you to choose to enable or disable SNMP, Telnet, and enabled ports. Refer to the “Safe Defaults Setup Method” section in the NETGEAR 8800 User Manual for complete information on the safe default mode.

Once you issue this command, the system presents you with the following interactive script:

Telnet is enabled by default. Telnet is unencrypted and has been the target of security exploits in the past.

Would you like to disable Telnet? [y/N]:

SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be configured to eliminate this problem.

Would you like to disable SNMP? [y/N]:

All ports are enabled by default. In some secure applications, it maybe more

30 | Chapter 2. Commands for Accessing the Switch

+ 1363 hidden pages

Netgear XCM8810, XCM8806 Installation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

1. Command Reference Overview

Introduction

Audience

Structure of this Guide

Understanding the Command Syntax

Access Levels

Syntax Symbols

Syntax Helper

Object Names

Command Shortcuts

Port Numbering

Numerical Ranges

Line-Editing Keys

Command History

2. Commands for Accessing the Switch