Command Guide
WGSW-50040
50-Port 10/100/1000Mbps
with 4 Shared SFP
Managed Gigabit Switch
Content
CHAPTER 1 COMMANDS FOR BASIC SWITCH CONFI GURATION ...... 1-21
1.1 COMMANDS FOR BASIC CONFIGURATION ..................................................................... 1-21
1.1.1 Authe nti cat ion lin e ........................................................................................................ 1-21
1.1.2 clock set ....................................................................................................................... 1-22
1.1.3 config ........................................................................................................................... 1-22
1.1.4 debug ssh-server ......................................................................................................... 1-23
1.1.5 enable .......................................................................................................................... 1-23
1.1.6 enable password .......................................................................................................... 1-24
1.1.7 exec-timeout ................................................................................................................ 1-24
1.1.8 end ............................................................................................................................... 1-25
1.1.9 exit ............................................................................................................................... 1-25
1.1.10 help ............................................................................................................................ 1-26
1.1.11 hostname ................................................................................................................... 1-27
1.1.12 ip host ........................................................................................................................ 1-27
1.1.13 ipv6 host .................................................................................................................... 1-28
1.1.14 ip http server .............................................................................................................. 1-28
1.1.15 language .................................................................................................................... 1-29
1.1.16 login ........................................................................................................................... 1-29
1.1.17 password ................................................................................................................... 1-30
1.1.18 reload ......................................................................................................................... 1-30
1.1.19 service passw ord-encryption ..................................................................................... 1-31
1.1.20 service terminal-length ............................................................................................... 1-31
1.1.21 sysContact ................................................................................................................. 1-32
1.1.22 sysLocation ................................................................................................................ 1-32
1.1.23 set default .................................................................................................................. 1-33
1.1.24 setup .......................................................................................................................... 1-33
1.1.25 show clock ................................................................................................................. 1-34
1.1.26 show temperature ...................................................................................................... 1-34
1.1.27 show tech-support ..................................................................................................... 1-35
1.1.28 show version .............................................................................................................. 1-35
1.1.29 username ................................................................................................................... 1-35
1.1.30 web language ............................................................................................................ 1-36
1.1.31 write ........................................................................................................................... 1-37
1.2 COMMANDS FOR TELNET ............................................................................................ 1-37
1.2.1 authentication ip access-class ..................................................................................... 1-37
1.2.2 authentication ipv6 access-class ................................................................................. 1-38
1.2.3 authentication line login ............................................................................................... 1-38
1.2.4 authentication security ip .............................................................................................. 1-39
1.2.5 authentication security ip v 6 ........................................................................................... 1-40
1.2.6 authentication .............................................................................................................. 1-41
1.2.7 terminal length ............................................................................................................. 1-42
1.2.8 terminal monitor ........................................................................................................... 1-42
1.2.9 telnet ............................................................................................................................ 1-43
1.2.10 telnet server enable ................................................................................................... 1-44
1.2.11 telnet-server max-connection ..................................................................................... 1-44
1.2.12 ssh-server authentication-retries ................................................................................ 1-45
1.2.13 ssh-server enable ...................................................................................................... 1-45
1.2.14 ssh-server host-key create rsa ................................................................................... 1-46
1.2.15 ssh-server max-connection ........................................................................................ 1-46
1.2.16 ssh-server timeout ..................................................................................................... 1-47
1.2.17 show ssh-server ......................................................................................................... 1-47
1.2.18 show telnet login ........................................................................................................ 1-48
1.3 COMMANDS FOR CONFIGURING SWITCH IP .................................................................. 1-48
1.3.1 interface vlan ............................................................................................................... 1-48
1.3.2 ip address .................................................................................................................... 1-49
1.3.3 ipv6 address ................................................................................................................ 1-50
1.3.4 ip bootp-client enable ................................................................................................... 1-50
1.3.5 ip dhcp-client enable .................................................................................................... 1-51
1.4 COMMANDS FOR SNMP ............................................................................................. 1-52
1.4.1 debug snmp mib .......................................................................................................... 1-52
1.4.2 debug snmp kernel ...................................................................................................... 1-52
1.4.3 rmon enable ................................................................................................................. 1-53
1.4.4 show snmp ................................................................................................................... 1-53
1.4.5 show snmp engineid .................................................................................................... 1-55
1.4.6 show snmp group ........................................................................................................ 1-55
1.4.7 show snmp mib ............................................................................................................ 1-56
1.4.8 show snmp status ........................................................................................................ 1-56
1.4.9 show snmp user ........................................................................................................... 1-57
1.4.10 show snmp view ........................................................................................................ 1-57
1.4.11 snmp-server community ............................................................................................. 1-58
1.4.12 snmp-server enable ................................................................................................... 1-59
1.4.13 snmp-server enable traps .......................................................................................... 1-60
1.4.14 snmp-server engineid ................................................................................................ 1-60
1.4.15 snmp-server group ..................................................................................................... 1-61
1.4.16 snmp-server host ....................................................................................................... 1-62
1.4.17 snmp-server secur ity ip ............................................................................................... 1-63
1.4.18 snmp-server secur ity ip ............................................................................................... 1-64
1.4.19 snmp-server view ....................................................................................................... 1-64
1.4.20 snmp-server user ....................................................................................................... 1-65
1.5 COMMANDS FOR SWITCH UPGRADE ............................................................................ 1-66
1.5.1 copy(FTP) ............................................................................................................... 1-66
1.5.2 copy(TFTP) ............................................................................................................. 1-67
1.5.3 ftp-dir
1.5.4 ftp-server enable .......................................................................................................... 1-69
1.5.5 ftp-server timeout ......................................................................................................... 1-69
1.5.6 ip ftp ............................................................................................................................. 1-70
1.5.7 show ftp ....................................................................................................................... 1-71
1.5.8 show tftp ...................................................................................................................... 1-71
1.5.9 tftp-server enable ......................................................................................................... 1-72
1.5.10 tftp-server retransmission-number ............................................................................. 1-72
1.5.11 tftp-server transmission-timeout ................................................................................. 1-73
CHAPTER 2 COMMANDS FOR CLUSTER .............................................. 2-74
2.1 CLEAR CLUSTER NODES .............................................................................................. 2-74
2.2
CLUSTER AUTO-ADD .................................................................................................... 2-74
2.3
CLUSTER COMMANDER ................................................................................................ 2-75
2.4
CLUSTER IP-POOL ....................................................................................................... 2-76
............................................................................................................................ 1-68
2.5
CLUSTER KEEPALIVE INTERVAL .................................................................................... 2-76
2.6
CLUSTER KEEPALIVE LOSS-COUNT ............................................................................... 2-77
2.7
CLUSTER MEMBER ...................................................................................................... 2-78
2.8
CLUSTER MEMBER AUTO-TO-USER ............................................................................... 2-79
2.9
CLUSTER RESET MEMBER ............................................................................................ 2-80
2.10
CLUSTER RUN ........................................................................................................... 2-80
2.11
CLUSTER UPDATE MEMBER ........................................................................................ 2-81
2.12
DEBUG CLUSTER ....................................................................................................... 2-82
2.13 DEBUG CLUSTER PACKETS ........................................................................................ 2-83
2.14
SHOW CLUSTER ........................................................................................................ 2-83
2.15
SHOW CLUSTER MEMBERS ........................................................................................ 2-84
2.16
SHOW CLUSTER CANDIDATES .................................................................................... 2-85
2.17
SHOW CLUSTER TOPOLOGY ....................................................................................... 2-86
2.18
RCOMMAND COMMANDER .......................................................................................... 2-88
2.19
RCOMMAND MEMBER ................................................................................................ 2-89
CHAPTER 3 COMMANDS FOR NETWORK PORT CONFIGURATION .. 3-90
3.1 COMMANDS FOR ETHERNET PORT CONFIGURATION ..................................................... 3-90
3.1.1 bandwidth .................................................................................................................... 3-90
3.1.2 combo-forced-mode ..................................................................................................... 3-91
3.1.3 clear counters interface ................................................................................................ 3-92
3.1.4 flow control ................................................................................................................... 3-93
3.1.5 interface ethernet ......................................................................................................... 3-93
3.1.6 loopback ...................................................................................................................... 3-94
3.1.7 mdi ............................................................................................................................... 3-94
3.1.8 name ............................................................................................................................ 3-95
3.1.9 negotiation ................................................................................................................... 3-96
3.1.10 port-scan-mode .......................................................................................................... 3-96
3.1.11 rate-suppression ........................................................................................................ 3-97
3.1.12 rate-violation .............................................................................................................. 3-98
3.1.13 show interface ............................................................................................................ 3-99
3.1.14 shutdown ................................................................................................................. 3-102
3.1.15 speed-duplex ........................................................................................................... 3-103
CHAPTER 4 COMMANDS FOR PORT LOOPBACK DETECTION
FUNCTION ...................................................................... 4-105
4.1 LOOPBACK-DETECTION CONTROL .............................................................................. 4-105
4.2
LOOPBACK-DETECTION SPECIFIED-VLAN .................................................................... 4-106
4.3
LOOPBACK-DETECTION INTERVAL-TIME ...................................................................... 4-106
4.4
LOOPBACK-DETECTION CONTROL-RECOVERY TIMEOUT ............................................... 4-107
4.5
SHOW L OOPBACK-DETECTION ................................................................................... 4-108
4.6 DEBUG LOOPBACK-DETECTION .................................................................................. 4-108
CHAPTER 5 COMMANDS FOR PORT CHANNEL ................................. 5-110
5.1 DEBUG LACP ............................................................................................................ 5-110
5.2
INTERFACE PORT-CHANNEL ....................................................................................... 5-110
5.3
PORT-GROUP ............................................................................................................ 5-111
5.4
PORT-GROUP MODE .................................................................................................. 5-112
5.5
SHOW PORT-GROUP .................................................................................................. 5-113
CHAPTER 6 COMMANDS FOR JUMBO ................................................. 6-117
6.1 JUMBO ENABLE ........................................................................................................ 6-117
CHAPTER 7 VLAN CONFIGURATION .................................................... 7-118
7.1 COMMANDS FOR VLAN CONFIGURATION .................................................................. 7-118
7.1.1 debug gvrp .................................................................................................................. 7-118
7.1.2 dot1q-tunnel enable .................................................................................................... 7-118
7.1.3 dot1q-tunnel tpid ......................................................................................................... 7-119
7.1.4 gvrp ............................................................................................................................ 7-120
7.1.5 garp timer hold ........................................................................................................... 7-121
7.1.6 garp timer join ............................................................................................................ 7-121
7.1.7 garp timer leave ......................................................................................................... 7-122
7.1.8 garp timer leaveall ..................................................................................................... 7-122
7.1.9 name .......................................................................................................................... 7-123
7.1.10 private-vlan .............................................................................................................. 7-124
7.1.11 private-vlan association ............................................................................................ 7-125
7.1.12 show dot1q-tunnel ................................................................................................... 7-126
7.1.13 show garp ................................................................................................................ 7-126
7.1.14 show gvrp ................................................................................................................ 7-127
7.1.15 show vlan ................................................................................................................. 7-127
7.1.16 switchport access vlan ............................................................................................. 7-128
7.1.17 switchport interface .................................................................................................. 7-129
7.1.18 switchport mode ....................................................................................................... 7-130
7.1.19 switchport trunk allowed vlan ................................................................................... 7-130
7.1.20 switchport trunk native vlan ...................................................................................... 7-131
7.1.21 vlan .......................................................................................................................... 7-132
7.1.22 vlan ingress enable .................................................................................................. 7-132
7.2 COMMANDS FOR DYNAMIC VLAN CONFIGURATION .................................................... 7-133
7.2.1 dynamic-vlan mac-vlan prefer .................................................................................... 7-133
7.2.2 dynamic-vlan subnet-vlan prefer ................................................................................ 7-134
7.2.3 mac-vlan .................................................................................................................... 7-134
7.2.4 mac-vlan vlan ............................................................................................................. 7-135
7.2.5 protocol-vlan .............................................................................................................. 7-135
7.2.6 show dynamic-vlan prefer .......................................................................................... 7-136
7.2.7 show mac-vlan ........................................................................................................... 7-137
7.2.8 show mac-vlan interface ............................................................................................ 7-137
7.2.9 show protocol-vlan ..................................................................................................... 7-138
7.2.10 show subnet-vlan ..................................................................................................... 7-138
7.2.11 show subnet-vlan interface ...................................................................................... 7-139
7.2.12 subnet-vlan .............................................................................................................. 7-139
7.2.13 switchport mac-vlan enable ..................................................................................... 7-140
7.2.14 switchport subnet-vlan enable ................................................................................. 7-141
7.3 COMMANDS FOR VOICE VLAN CONFIGURATION ........................................................ 7-142
7.3.1 show voice-vlan ......................................................................................................... 7-142
7.3.2 switchport voice-vlan en able ...................................................................................... 7-142
7.3.3 voice-vlan ................................................................................................................... 7-143
7.3.4 voice-vlan vlan ........................................................................................................... 7-144
CHAPTER 8 COM MANDS FOR M AC ADDRESS TABLE CONFIGURATION
8.1 COMMANDS FOR MAC ADDRESS TABLE CONFIGURATION .......................................... 8-145
8.1.1 mac-address-table aging-time ................................................................................... 8-145
8.1.2 mac-address-table static|blac kho le ............................................................................ 8-145
8.1.3 show mac-address-table ............................................................................................ 8-146
8.2 COMMANDS FOR MAC ADDRESS BINDING CONFIGURATION ......................................... 8-147
8.2.1 clear port-security dynamic ........................................................................................ 8-147
8.2.2 show port-security ...................................................................................................... 8-148
8.2.3 show port-security address ........................................................................................ 8-149
......................................................................................... 8-145
8.2.4 show port-security interface ....................................................................................... 8-150
8.2.5 switchport port-security .............................................................................................. 8-151
8.2.6 switchport port-security convert ................................................................................. 8-151
8.2.7 switchport port-security lock ....................................................................................... 8-152
8.2.8 switchport port-security mac-address ........................................................................ 8-152
8.2.9 switchport port-security maximum ............................................................................. 8-153
8.2.10 switchport port-security timeout ............................................................................... 8-153
8.2.11 switchport port-security violation .............................................................................. 8-154
CHAPTER 9 COMMANDS FOR MSTP ................................................... 9-156
9.1 COMMANDS FOR MSTP ............................................................................................ 9-156
9.1.1 abort .......................................................................................................................... 9-156
9.1.2 exit ............................................................................................................................. 9-156
9.1.3 instance vlan .............................................................................................................. 9-157
9.1.4 name .......................................................................................................................... 9-157
9.1.5 revision-level .............................................................................................................. 9-158
9.1.6 spanning-tree ............................................................................................................. 9-159
9.1.7 spanning-tree forward-time ........................................................................................ 9-159
9.1.8 spanning-tr ee hello-time ............................................................................................ 9-160
9.1.9 spanning-tree link-type p2p ........................................................................................ 9-160
9.1.10 spanning-tree maxage ............................................................................................. 9-161
9.1.11 spanning-tree max-hop ............................................................................................ 9-162
9.1.12 spanning-tree mch ec k .............................................................................................. 9-162
9.1.13 spanning-tree mod e ................................................................................................. 9-163
9.1.14 spanning-tree mst confi gurat i on ............................................................................... 9-164
9.1.15 spanning-tr ee mst cost ............................................................................................. 9-164
9.1.16 spanning-tree mst port-priority ................................................................................. 9-165
9.1.17 spanning-tree mst prior i ty ........................................................................................ 9-166
9.1.18 spanning-tree mst rootguard .................................................................................... 9-167
9.1.19 spanning-tree portfast .............................................................................................. 9-167
9.1.20 spanning-tree priority ............................................................................................... 9-168
9.1.21 spanning-tree format ................................................................................................ 9-169
9.1.22 spanning-tree digest-snooping ................................................................................. 9-170
9.1.23 spanning-tree tcflush (Global mode) ........................................................................ 9-170
9.1.24 spanning-tree tcflush (Port mode) ............................................................................ 9-171
9.2 COMMANDS FOR MONITOR AND DEBUG ..................................................................... 9-172
9.2.1 show spanning-tree .................................................................................................... 9-172
9.2.2 show spanning-tre e mst config .................................................................................. 9-175
9.2.3 show mst-pending ...................................................................................................... 9-175
9.2.4 debug spanning-tree .................................................................................................. 9-176
CHAPTER 10 COMMANDS FOR QOS ................................................. 10-178
10.1 ACCOUNTING ........................................................................................................ 10-178
10.2
CLASS .................................................................................................................. 10-178
10.3
CLASS-MAP .......................................................................................................... 10-179
10.4
CLASS MLS QOS STATISTICS .................................................................................. 10-180
10.5
MATCH ................................................................................................................. 10-180
10.6
MLS QOS COS ....................................................................................................... 10-182
10.7
MLS QOS MAP ....................................................................................................... 10-182
10.8
MLS QOS QUEUE ALGORITHM ................................................................................. 10-184
10.9
MLS QOS QUEUE WRR WEIGHT ............................................................................... 10-184
10.10
MLS QOS QUEUE WDRR WEIGHT ........................................................................... 10-185
10.11
MLS QOS QUEUE BANDWIDTH ............................................................................... 10-186
10.12
MLS QOS TRUST .................................................................................................. 10-187
10.13
POLICY ............................................................................................................... 10-187
10.14
POLICY AGGREGATE ............................................................................................ 10-189
10.15
POLICY-MAP ....................................................................................................... 10-190
10.16
SET .................................................................................................................... 10-191
10.17
SERVICE-POLICY INPUT ....................................................................................... 10-192
10.18
SERVICE-POLICY INPUT VLAN ............................................................................... 10-192
10.19
SHOW CLASS-MAP .............................................................................................. 10-193
10.20
SHOW POLICY-MAP ............................................................................................. 10-194
10.21
SHOW MLS QOS INTERFACE ................................................................................. 10-195
10.22
SHOW MLS QOS MA PS ......................................................................................... 10-198
10.23
SHOW MLS QOS VLAN .......................................................................................... 10-200
CHAPTER 11 COMMANDS FOR FLOW-BASED REDIRECTION ........ 11-201
11.1 ACCESS-GROUP REDIRECT TO INTERFACE ETHERNET .............................................. 11-201
11.2 SHOW FLOW-BASED-REDIRECT .............................................................................. 11-201
CHAPTER 12 COMMANDS FOR LAYER 3 FORWARDING ................ 12-203
12.1 COMMANDS FOR LAYER 3 INTERFACE .................................................................... 12-203
12.1.1 interface vlan ......................................................................................................... 12-203
12.1.2 ip address .............................................................................................................. 12-203
12.1.3 ip default-gatway .................................................................................................... 12-204
12.1.4 debug ip packet ..................................................................................................... 12-205
12.1.5 show ip traffic ......................................................................................................... 12-205
12.1.6 show ip route ......................................................................................................... 12-208
12.2 COMMANDS FOR IPV6 CONFIGURATION ................................................................. 12-209
12.2.1 clear ipv6 neighbor ................................................................................................ 12-209
12.2.2 debug ipv6 packet .................................................................................................. 12-209
12.2.3 debug ipv6 icmp ..................................................................................................... 12-210
12.2.4 debug ipv6 nd ......................................................................................................... 12-211
12.2.5 ipv6 default-gateway ............................................................................................... 12-211
12.2.6 ipv6 address .......................................................................................................... 12-212
12.2.7 ipv6 redirect ........................................................................................................... 12-213
12.2.8 ipv6 nd dad attempts .............................................................................................. 12-213
12.2.9 ipv6 nd ns-interval .................................................................................................. 12-214
12.2.10 ipv6 nd suppress-ra ............................................................................................. 12-214
12.2.11 ipv6 nd ra-lifetime ................................................................................................. 12-215
12.2.12 ipv6 nd min-ra-interval ......................................................................................... 12-216
12.2.13 ipv6 nd max-ra-interval ........................................................................................ 12-216
12.2.14 ipv6 nd prefix ....................................................................................................... 12-217
12.2.15 ipv6 neighbor ....................................................................................................... 12-218
12.2.16 show ipv6 interface .............................................................................................. 12-218
12.2.17 show ipv6 route .................................................................................................... 12-220
12.2.18 show ipv6 neighbors ............................................................................................ 12-221
12.2.19 show ipv6 traffic ................................................................................................... 12-222
12.2.20 show ipv6 enable ................................................................................................. 12-223
12.2.21 show ipv6 redirect ................................................................................................ 12-224
12.3 COMMANDS FOR ARP CONFIGURATION ................................................................. 12-224
12.3.1 arp ......................................................................................................................... 12-224
12.3.2 clear arp-cache ...................................................................................................... 12-225
12.3.3 debug arp ............................................................................................................... 12-225
12.3.4 show arp ................................................................................................................ 12-226
12.3.5 show arp traffic ...................................................................................................... 12-227
CHAPTER 13 COMMANDS FOR ARP SCANNING PREVENTION ......... 13-1
13.1 ANTI-ARPSCAN ENABLE ............................................................................................. 13-1
13.2
ANTI-ARPSCAN PORT-BASED THRESHOLD ................................................................... 13-1
13.3
ANTI-ARPSCAN IP-BASED THRESHO L D ........................................................................ 13-2
13.4
ANTI-ARPSCAN TRUST ............................................................................................... 13-3
13.5
ANTI-ARPSCAN TRUST IP ........................................................................................... 13-3
13.6
ANTI-ARPSCAN RECOVERY ENABLE ............................................................................ 13-4
13.7
ANTI-ARPSCAN RECOVERY TIME ................................................................................. 13-5
13.8
ANTI-ARPSCAN LOG ENABLE ...................................................................................... 13-5
13.9
ANTI-ARPSCAN TRAP ENABLE .................................................................................... 13-6
13.10
SHOW ANTI-ARPSCAN .............................................................................................. 13-6
13.11
DEBUG ANTI-ARPSCAN ............................................................................................ 13-8
CHAPTER 14 COMMAND FOR ARP GUARD .......................................... 14-9
14.1 ARP-GUARD IP .......................................................................................................... 14-9
CHAPTER 15 COMMANDS FOR DHCP ................................................ 15-10
15.1 COMMANDS FOR DHCP SERVER CONFIGURATION ................................................... 15-10
15.1.1 bootfile ..................................................................................................................... 15-10
15.1.2 clear ip dhcp binding ................................................................................................ 15-10
15.1.3 clear ip dhcp conflict ................................................................................................. 15-11
15.1.4 clear ip dhcp server statisti cs ................................................................................... 15-12
15.1.5 client-identifier .......................................................................................................... 15-12
15.1.6 debug ip dhcp server ............................................................................................... 15-13
15.1.7 default-router ........................................................................................................... 15-13
15.1.8 dns-server ................................................................................................................ 15-14
15.1.9 domain-name ........................................................................................................... 15-14
15.1.10 hardware-address .................................................................................................. 15-15
15.1.11 host ........................................................................................................................ 15-16
15.1.12 ip dhcp conflict logging ........................................................................................... 15-17
15.1.13 ip dhcp excluded-address ...................................................................................... 15-17
15.1.14 ip dhcp pool ........................................................................................................... 15-18
15.1.15 ip dhcp conflict ping-detection enable .................................................................... 15-18
15.1.16 ip dhcp ping packets .............................................................................................. 15-19
15.1.17 ip dhcp ping timeout ............................................................................................... 15-20
15.1.18 lease ...................................................................................................................... 15-20
15.1.19 netbios-name-server .............................................................................................. 15-21
15.1.20 netbios-node-type .................................................................................................. 15-22
15.1.21 network-address .................................................................................................... 15-22
15.1.22 next-server ............................................................................................................. 15-23
15.1.23 option ..................................................................................................................... 15-24
15.1.24 service dhcp ........................................................................................................... 15-24
15.1.25 show ip dhcp binding ............................................................................................. 15-25
15.1.26 show ip dhcp conflict .............................................................................................. 15-25
15.1.27 show ip dhcp server statist ic s ................................................................................ 15-26
CHAPTER 16 COMMANDS FOR DHCP SNOOPING ............................ 16-28
16.1 DEBUG IP DHCP SNOOPING PACKET INTERFACE ........................................................ 16-28
16.2
DEBUG IP DHCP SNOOPING PACKET .......................................................................... 16-28
16.3
DEBUG IP DHCP SNOOPING UPDATE .......................................................................... 16-29
16.4
DEBUG IP DHCP SNOOPING EVENT ............................................................................ 16-29
16.5
DEBUG IP DHCP SNOOPING BINDING ......................................................................... 16-29
16.6
IP DHCP SNOOPING ................................................................................................. 16-30
16.7 IP DHCP SNOOPING BINDING .................................................................................... 16-30
16.8
IP DHCP SNOOPING BINDING USER ............................................................................ 16-31
16.9
IP DHCP SNOOPING BINDING ARP .............................................................................. 16-32
16.10
IP DHCP SNOOPING BINDING DOT1X ........................................................................ 16-33
16.11
IP DHCP SNOOPING BINDING USER-CONTROL .......................................................... 16-33
16.12
IP DHCP SNOOPING BINDING USER-CONTROL MAX-USER .......................................... 16-34
16.13
IP DHCP SNOOPING TRUST ..................................................................................... 16-35
16.14
IP DHCP SNOOPING ACTION .................................................................................... 16-35
16.15
IP DHCP SNOOPING ACTION MAXNUM ..................................................................... 16-36
16.16 IP DHCP SNOOPING LIMIT-RATE .............................................................................. 16-37
16.17
IP DHCP SNOOPING INFORMATION ENABLE .............................................................. 16-37
16.18
IP DHCP SNOOPING OPTION82 ENABLE ................................................................... 16-38
16.19
ENABLE TRUSTVIEW KEY ....................................................................................... 16-39
16.20
IP USER PRIVATE PACKET VERSION TWO ................................................................. 16-40
16.21
IP USER HELPER-ADDRESS .................................................................................... 16-40
16.22
SHOW TRUSTVIEW STATUS ..................................................................................... 16-41
16.23
SHOW IP DHCP SNOOPING ...................................................................................... 16-42
16.24
SHOW IP DHCP SNOOPING BINDING ALL .................................................................. 16-45
CHAPTER 17 COMMANDS FOR DHCP SNOOPING OPTION 82 ......... 17-47
17.1 IP DHCP SNOOPING INFORMATION ENABLE ................................................................ 17-47
CHAPTER 18 IPV4 MULTICAST PROTOCOL ....................................... 18-48
18.1 COMMANDS FOR DCSCM ....................................................................................... 18-48
18.1.1 access-list (Multicast Destination Control) ............................................................... 18-48
18.1.2 access-list (Multicast Source Control) ...................................................................... 18-49
18.1.3 ip multicast destination-control access-group .......................................................... 18-50
18.1.4 ip multicast destination-control access-group (sip) .................................................. 18-50
18.1.5 ip multicast destination-control access-group (vmac) .............................................. 18-51
18.1.6 ip multicast policy ..................................................................................................... 18-52
18.1.7 ip multicast sou rc e -control ....................................................................................... 18-52
18.1.8 ip multicast source-control access-group ................................................................. 18-53
18.1.9 multicast destination-control .................................................................................... 18-54
18.1.10 show ip multicast destination-control ..................................................................... 18-54
18.1.11 show ip multicast destination-control access-list .................................................... 18-55
18.1.12 show ip multicast policy ......................................................................................... 18-55
18.1.13 show ip multicast source-control ............................................................................ 18-56
18.1.14 show ip multicast source-control access-list .......................................................... 18-57
18.2 COMMANDS FOR IGMP SNOOPING .......................................................................... 18-57
18.2.1 clear ip igmp snooping vlan ..................................................................................... 18-57
18.2.2 clear ip igmp snooping vlan <1-4094> mrouter-port ................................................ 18-58
18.2.3 debug igmp snooping all/packet/event/timer/mfc ..................................................... 18-58
18.2.4 ip igmp snooping ...................................................................................................... 18-59
18.2.5 ip igmp snooping vlan .............................................................................................. 18-59
18.2.6 ip igmp snooping vlan immediat e-leave ................................................................... 18-60
18.2.7 ip igmp snooping vlan l2-general-querier ................................................................. 18-60
18.2.8 ip igmp snooping vlan l2-general-querier-source ..................................................... 18-61
18.2.9 ip igmp snooping vlan l2-general-querier-version .................................................... 18-62
18.2.10 ip igmp snooping vlan limit ..................................................................................... 18-62
18.2.11 ip igmp snooping vlan mrouter-port interface ......................................................... 18-63
18.2.12 ip igmp snooping vlan mrpt .................................................................................... 18-64
18.2.13 ip igmp snooping vlan query-interval ...................................................................... 18-64
18.2.14 ip igmp snooping vlan query-mrsp ......................................................................... 18-65
18.2.15 ip igmp snooping vlan query-robustness ................................................................ 18-65
18.2.16 ip igmp snooping vlan report sour ce-address ........................................................ 18-66
18.2.17 ip igmp snooping vlan stat ic-group ......................................................................... 18-66
18.2.18 ip igmp snooping vlan suppres sio n-query-time ...................................................... 18-67
18.2.19 show ip igmp snooping .......................................................................................... 18-68
CHAPTER 19 IPV6 MULTICAST PROTOCOL ....................................... 19-70
19.1 COMMANDS FOR MLD SNOOPING CONFIGURATION .................................................. 19-70
19.1.1 clear ipv6 mld snooping vlan .................................................................................... 19-70
19.1.2 clear ipv6 mld snooping vlan <1-4094> mrouter-port ............................................... 19-70
19.1.3 debug mld snooping all/pac ket/event/timer/mfc ....................................................... 19-71
19.1.4 ipv6 mld snooping .................................................................................................... 19-71
19.1.5 ipv6 mld snooping vlan ............................................................................................ 19-72
19.1.6 ipv6 mld snooping vlan immediate-leave ................................................................. 19-73
19.1.7 ipv6 mld snooping vlan l2-general-querier ............................................................... 19-73
19.1.8 ipv6 mld snooping vlan limit ..................................................................................... 19-74
19.1.9 ipv6 mld snooping vlan mrouter -port interface ......................................................... 19-75
19.1.10 ipv6 mld snooping vlan mrpt .................................................................................. 19-75
19.1.11 ipv6 mld snooping vlan query-interval .................................................................... 19-76
19.1.12 ipv6 mld snooping vlan query-mrsp ....................................................................... 19-76
19.1.13 ipv6 mld snooping vlan query-robustness .............................................................. 19-77
19.1.14 ipv6 mld snooping vlan static-group ....................................................................... 19-78
19.1.15 ipv6 mld snooping vlan static-group ....................................................................... 19-78
19.1.16 show ipv6 mld snooping ......................................................................................... 19-79
CHAPTER 20 COMMANDS FOR MULTICAST VLAN ........................... 20-82
20.1 MULTICAST-VLAN .................................................................................................... 20-82
20.2
MULTICAST-VLAN ASSOCIATION ............................................................................... 20-82
CHAPTER 21 COMMANDS FOR ACL ................................................... 21-84
21.1 ABSOLUTE-PERIODIC/PERIODIC ................................................................................ 21-84
21.2
ABSOLUTE START ................................................................................................... 21-85
21.3
ACCESS-LIST (IP EXTEN DED) .................................................................................... 21-86
21.4
ACCESS-LIST (IP STA NDARD) ................................................................................... 21-88
21.5
ACCESS-LIST(MAC EXTENDED) ................................................................................ 21-88
21.6
ACCESS-LIST(MAC-IP EXTENDED) ............................................................................. 21-89
21.7
ACCESS-LIST(MAC STANDARD) ................................................................................ 21-92
21.8
CLEAR ACCESS-GROUP STATISTIC INTERFACE .......................................................... 21-93
21.9
FIREWALL ............................................................................................................... 21-93
21.10
FIREWALL DEFAULT ............................................................................................... 21-94
21.11
IP ACC ESS EXTENDED ............................................................................................ 21-94
21.12
IP ACCESS STA NDARD ........................................................................................... 21-95
21.13
IPV6 ACCESS-LIST ................................................................................................. 21-96
21.14
IPV6 ACCESS STANDARD ....................................................................................... 21-96
21.15
{IP|IPV6|MAC|MAC-IP} ACCESS-GROUP ................................................................... 21-97
21.16
MAC ACCESS EXTENDED ........................................................................................ 21-98
21.17 MAC-IP ACCESS EXTENDED .................................................................................... 21-99
21.18
PERMIT | DENY (IP EXTENDED) ............................................................................... 21-99
21.19
PERMIT | DENY(IP STANDARD) .............................................................................. 21-101
21.20
PERMIT | DENY(IPV6 STANDARD) .......................................................................... 21-101
21.21
PERMIT | DENY(MAC EXTENDED) .......................................................................... 21-102
21.22
PERMIT | DENY(MAC-IP EXTENDED) ...................................................................... 21-104
21.23
SHOW ACCESS-LISTS .......................................................................................... 21-106
21.24 SHOW ACCESS-GROUP ........................................................................................ 21-107
21.25
SHOW FIREWALL ................................................................................................. 21-108
21.26
SHOW IPV6 ACCESS-LISTS ................................................................................... 21-108
21.27
SHOW TIME-RANGE ............................................................................................. 21-109
21.28
TIME-RANGE ....................................................................................................... 21-110
CHAPTER 22 COMMANDS FOR 802.1X .............................................. 22-111
22.1 DEBUG DOT1X DETAIL ........................................................................................... 22-111
22.2
DEBUG DOT1X ERROR ........................................................................................... 22-111
22.3
DEBUG DOT1X FSM ............................................................................................... 22-112
22.4
DEBUG DOT1X PACKET .......................................................................................... 22-113
22.5
DOT1X ACCEPT-MAC ............................................................................................. 22-113
22.6
DOT1X EAPOR ENABLE .......................................................................................... 22-114
22.7
DOT1X ENABLE ..................................................................................................... 22-115
22.8
DOT1X IPV6 PASSTHROUGH ................................................................................... 22-115
22.9
DOT1X GUEST-VLAN .............................................................................................. 22-116
22.10
DOT1X MACFILTER ENABLE ................................................................................. 22-117
22.11
DOT1X MAX-REQ ................................................................................................. 22-118
22.12
DOT1X USER FREE-RESOURCE ............................................................................ 22-118
22.13
DOT1X MAX-USER MACBASED ............................................................................. 22-119
22.14
DOT1X MAX-USER USERBASED ............................................................................ 22-120
22.15
DOT1X PORT-CONTROL ....................................................................................... 22-120
22.16
DOT1X PORT-METHOD ......................................................................................... 22-121
22.17
DOT1X PRIVATECLIENT ENABLE ........................................................................... 22-122
22.18
DOT1X RE-AUTHENTICATE ................................................................................... 22-123
22.19
DOT1X RE-AUTHENTICATION ................................................................................ 22-123
22.20
DOT1X TIMEOUT QUIET-PERIOD ............................................................................ 22-124
22.21 DOT1X TIMEOUT RE-AUTHPERIOD ........................................................................ 22-124
22.22
DOT1X TIMEO U T TX-PERIOD ................................................................................. 22-125
22.23
DOT1X UNICAST ENABLE ..................................................................................... 22-126
22.24
DOT1X WEB AUTH EN TICATION ENABLE ................................................................. 22-126
22.25
DOT1X WEB AUTH EN TICATION IPV6 PASSTHROUGH ............................................... 22-127
22.26
DOT1X WEB REDIRECT ........................................................................................ 22-127
22.27
DOT1X WEB REDIRECT ENABLE ............................................................................ 22-128
22.28
SHOW DOT1X ...................................................................................................... 22-129
CHAPTER 23 COMMANDS FOR THE NUMBER LIMITATION FUNCTION
OF PORT, MAC IN VLAN AND IP ................................. 23-132
23.1 SWITCHPORT MAC-ADDRESS DYNAMIC MAXIMUM .................................................... 23-132
23.2
VLAN MAC-ADDRESS DYNAMIC MAXIMUM ................................................................ 23-133
23.3
MAC-ADDRESS QUERY TIMEOUT ............................................................................. 23-134
23.4
SHOW MAC-ADDRESS DYNAMIC COUNT .................................................................. 23-134
23.5
DEBUG SWITCHPORT MAC COUNT .......................................................................... 23-135
23.6
DEBUG VLAN MAC COUNT ...................................................................................... 23-136
CHAPTER 24 COMMANDS FOR AM CONFIGURATION .................... 24-137
24.1 AM EN ABLE .......................................................................................................... 24-137
24.2
AM PORT .............................................................................................................. 24-137
24.3
AM IP-POOL .......................................................................................................... 24-138
24.4
AM MAC-IP-POOL .................................................................................................. 24-138
24.5
NO AM ALL ............................................................................................................ 24-139
24.6
SHOW AM ............................................................................................................. 24-139
CHAPTER 25 COMMANDS FOR SECURITY FEATURE ..................... 25-141
25.1 DOSATTACK-CHECK SRCIP-EQUAL-DSTIP ENABLE ................................................... 25-141
25.2
DOSATTACK-CHECK IPV4-FIRST-FRAGMENT ENABLE ............................................... 25-141
25.3 DOSATTACK-CHECK TCP-FLAGS ENABLE ................................................................ 25-142
25.4
DOSATTACK-CHECK SRCPORT-EQUAL-DSTPORT ENABLE ........................................ 25-142
25.5
DOSATTACK-CHECK TCP-FR AGME NT E NABLE ......................................................... 25-143
25.6
DOSATTACK-CHECK TCP-SEGMENT ........................................................................ 25-143
25.7
DOSATTACK-CHECK ICMP-ATTACKING ENABLE ........................................................ 25-144
25.8
DOSATTACK-CHECK ICMPV4-SIZE ........................................................................... 25-145
25.9
DOSATTACK-CHECK ICMPV6-SIZE ........................................................................... 25-145
CHAPTER 26 COMMANDS FOR TACACS+ ........................................ 26-146
26.1 TACACS-SERVER AUTH EN TICATION HOST ................................................................ 26-146
26.2
TACACS-SERVER KEY ............................................................................................ 26-147
26.3
TACACS-SERVER NAS-IPV4 .................................................................................... 26-147
26.4
TACACS-SERVER TIMEOUT ..................................................................................... 26-148
26.5
DEBUG TACACS-SERVER ....................................................................................... 26-149
CHAPTER 27 COMMANDS FOR RADIUS ............................................... 27-1
27.1 AAA ENABLE ............................................................................................................. 27-1
27.2
AAA-ACCOUNTING ENABLE ........................................................................................ 27-1
27.3
AAA-ACCOUNTING UPDATE ........................................................................................ 27-2
27.4
DEBUG AAA PACKET .................................................................................................. 27-2
27.5
DEBUG AAA DETAIL ATTRIBUTE .................................................................................. 27-3
27.6
DEBUG AAA DETAIL CONNECTION ............................................................................... 27-4
27.7 DEBUG AAA DETAIL EVENT ......................................................................................... 27-4
27.8
DEBUG AAA ERROR ................................................................................................... 27-5
27.9
RADIUS NAS-IPV4 ...................................................................................................... 27-5
27.10
RADIUS NAS-IPV6 .................................................................................................... 27-6
27.11
RADIUS-SERVER ACCOUNTING HOST ........................................................................ 27-7
27.12
RADIUS-SERVER A U T HEN TICATION HOST .................................................................. 27-8
27.13 RADIUS-SERVER DEAD-TIME .................................................................................... 27-9
27.14
RADIUS-SERVER KEY ............................................................................................. 27-10
27.15
RADIUS-SERVER RETRANSMIT ................................................................................ 27-10
27.16
RADIUS-SERVER TIMEOUT ...................................................................................... 27-11
27.17
RADIUS-SERVER ACCOUNTING-INTERIM-UPDATE TIMEOUT ....................................... 27-12
27.18
SHOW AAA AUTHENTICATED-USER ......................................................................... 27-13
27.19
SHOW AAA AUTHENTICATING-USER ........................................................................ 27-13
27.20
SHOW AAA CONFIG ................................................................................................ 27-14
27.21
SHOW RADIUS COUNT ............................................................................................ 27-15
CHAPTER 28 COMMANDS FOR MRPP ................................................ 28-16
28.1 CONTROL-VLAN ...................................................................................................... 28-16
28.2
CLEAR MRPP STATISTICS ......................................................................................... 28-17
28.3
DEBUG MRPP .......................................................................................................... 28-17
28.4
ENABLE .................................................................................................................. 28-18
28.5
FAIL-TIMER ............................................................................................................. 28-19
28.6
HELLO-TIMER .......................................................................................................... 28-19
28.7
MRPP ENABLE ......................................................................................................... 28-20
28.8
MRPP RING ............................................................................................................. 28-21
28.9
MRPP RING PRIMARY-PORT ...................................................................................... 28-21
28.10
MRPP RING SECONDARY-PORT ............................................................................... 28-22
28.11
NODE-MODE ......................................................................................................... 28-22
28.12
SHOW MRPP ......................................................................................................... 28-23
28.13
SHOW MRPP STATISTICS ........................................................................................ 28-23
CHAPTER 29 COMMANDS FOR MIRRORING CONFIGURATION ....... 29-24
29.1 MONITOR SESSION SOURCE INTE RFACE .................................................................... 29-24
29.2
MONITOR SESSION SOURCE INTERFACE ACCESS-LIST ................................................ 29-25
29.3 MONITOR SESSIO N D ESTINATION INTERFACE ............................................................. 29-26
29.4
SHOW MONITOR ...................................................................................................... 29-27
CHAPTER 30 COMMANDS FOR SFLOW .............................................. 30-27
30.1 SFLOW D E STINATION ............................................................................................... 30-27
30.2
SFLOW AGENT-ADDRESS ......................................................................................... 30-28
30.3
SFLOW PRIORITY ..................................................................................................... 30-29
30.4
SFLOW HEADER-LEN ............................................................................................... 30-29
30.5
SFLOW DATA-LEN .................................................................................................... 30-30
30.6
SFLOW COUNTER-INTERVAL ..................................................................................... 30-30
30.7
SFLOW RATE ........................................................................................................... 30-31
30.8
SHOW SFLOW ......................................................................................................... 30-32
CHAPTER 31 COMMANDS FOR SNTP ................................................. 31-33
31.1 DEBUG SNTP ........................................................................................................... 31-33
31.2
SNTP SERVER ......................................................................................................... 31-34
31.3
SNTP POL LTIME ....................................................................................................... 31-35
31.4
SNTP TIMEZONE ...................................................................................................... 31-35
31.5
SHOW SNTP ............................................................................................................ 31-36
CHAPTER 32 COMMANDS FOR SHOW ............................................... 32-37
32.1 CLEAR LOGGING ..................................................................................................... 32-37
32.2
LOGGING ................................................................................................................ 32-37
32.3
LOGGING LOGHOST SEQUENCE-NUMBER .................................................................. 32-38
32.4 PING ...................................................................................................................... 32-39
32.5
PING6 .................................................................................................................... 32-41
32.6
SHOW DEBUGGING .................................................................................................. 32-43
32.7
SHOW FLASH .......................................................................................................... 32-43
32.8
SHOW HISTORY ....................................................................................................... 32-44
32.9 SHOW LOGGING BUFFERED ..................................................................................... 32-44
32.10
SHOW MEMORY ..................................................................................................... 32-45
32.11
SHOW RUNNING-CONFIG ........................................................................................ 32-46
32.12
SHOW STARTUP-CONFIG ........................................................................................ 32-46
32.13
SHOW SWITCHPORT INTERFACE ............................................................................. 32-47
32.14
SHOW TCP ............................................................................................................ 32-48
32.15
SHOW TELNET LOGIN ............................................................................................ 32-48
32.16
SHOW TECH-SUPPORT ........................................................................................... 32-49
32.17
SHOW UDP ............................................................................................................ 32-49
32.18
SHOW VERSION ..................................................................................................... 32-50
32.19
TRACEROUTE ....................................................................................................... 32-50
32.20
TRACEROUTE6 ..................................................................................................... 32-51
CHAPTER 33 COMMANDS FOR RELOAD SWITCH AFTER SPECIFIED
TIME .................................................................................. 33-1
33.1 RELOAD AFTER ......................................................................................................... 33-1
33.2
RELOAD CANCEL ...................................................................................................... 33-1
33.3
SHOW RELOAD .......................................................................................................... 33-2
CHAPTER 34 COMMANDS FOR DEBUGGING AND DIAGNOSIS FOR
P A CKETS RECEIVED AND SENT BY CPU ..................... 34-1
34.1 CPU-RX-RATELIMIT TOTAL .......................................................................................... 34-1
34.2
CPU-RX-RATELIMIT QUEU E-LENGTH ............................................................................ 34-1
34.3
CPU-RX-RATELIMIT PROTOCOL ................................................................................... 34-2
34.4
CLEAR CPU-RX-STAT PROTOCOL ................................................................................ 34-3
34.5
SHOW CPU-RX PROTOCOL ......................................................................................... 34-3
34.6
DEBUG DRIVER ......................................................................................................... 34-4
Chapter 1 Commands for
Basic Switch Configuration
1.1 Commands for Basic Conf igur a tion
1.1.1 Authentication line
Command:
authentication line {console | vty | web} login {local | radius | tacos}
No authentication line {console | vty | web} login
Function:
Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the
authentication mode for the login user. The no form command restores the default authentication
mode.
Default:
No configuration is enabled for the console login method by default. Local authentication is enabled
for the VTY and Web login method by default.
Command Mode:
Global Mode.
Usage Guide:
The authentication method for Console, VTY and Web login can be configured respectively. And
authentication method can be any one or combination of Local, RADIUS or TACCACS. When login
method is configuration in combination, the preference goes from left to right. If the users have
passed the authen tic ati on method, authentication m etho d o f l ower preferences will be ign or ed. To be
mentioned, if the user receives correspond protocol’s answer whether refuse or incept, it will not
attempt the next authentication method (Exception: if the local authentication method failed, it will
attempt the next authentication method); it will attempt the next authentication method if it receives
nothing. And AAA function RADIUS server should be configured before the RADIUS configuration
method can be used. And TACACS server should be configured before the TACACS configuration
method can be used.
The authentication line console login command is exclusive with the login command. The
authentication line console login command configures the sw itch to use the Console login method.
And the login com mand m akes the Console login to use the pas swords c onfigur ed by the password
command for authentication.
If local authentication is co nfi g ur ed w hile no local users are config ured, us er s w ill be a ble to login the
switch via the Console method.
Example:
To configure the Telnet and ssh login method to use RADIUS authentication method.
Switch(config)# authentication line vty login local radius
Relative Command:
aaa enable, radius-server authentication host, tacacs-server authentication host,
tacacs-server key
1.1.2 clock set
Command:
clock set <HH:MM:SS> <YYYY.MM.DD>
Function:
Set system date and time.
Parameter:
<HH:MM:SS>is the current time, and the valid scope for HH is 0 to 23, MM and SS 0 to 59;
<YYYY.MM.DD> is the current year, month and date, and the valid scope for YYYY is 1970~2038,
MON meaning month, and DD between 1 to 31.
Command mode:
Admin Mode.
Default:
upon first time start-up, it is defaulted to 2001.1.1 0: 0: 0.
Usage guide:
The switch can not continue timing with power off, hence the current date and time must be first set
at environments where exact time is required.
Example:
To set the switch current date and time to 2002.8.1 23: 0: 0:
Switch#clock set 23:0:0 2002.8.1
1.1.3 config
Command:
config [terminal]
Function:
Enter Global Mode from Admin Mode.
Parameter:
[terminal] indicates terminal configuration.
Command mode:
Admin Mode.
Example:
Switch#config
1.1.4 debug ssh-server
Command:
debug ssh-server
no debug ssh-server
Function:
Display SSH server debugging information; the “no debug ssh-server” command stops displaying
SSH server debugging information.
Default:
This function is disabled by default.
Command mode:
Admin Mode.
Example:
Switch#debug ssh-server
1.1.5 enable
Command:
enable
disable
Function:
Enter Admin Mode from User Mode.
Command mode:
User Mode/ Admin Mode.
Usage Guide:
To prevent unauthorized access of non-admin user, user authentication is required (i.e. Admin user
password is required) when entering Admin Mode from User Mode. If the correct Admin user
password is entered, Admin Mode a cce ss is gr ant ed; if 3 consecutive entry of Admin user password
are all wrong, it remains in the User Mode. Set the Admin user password under Global Mode with
“enable passw ord” command.
Example:
Switch>enable
Switch#
1.1.6 enable password
Command:
enable password [0|7] <password>
no enable password
Function:
Configure the password used for enter Admin Mode from the User Mode.
The “no enable password” command deletes this passw ord.
Parameter:
password is the password for the user. If input option 0 on p assw or d setting, the password is not
encrypted; if input option 7, the password is encrypted.
Command mode:
Global Mode
Default:
This password is empty by system default
Usage Guide:
Configure this password to prevent unauthorized entering Ad min Mode. It is recommended to set
the password at the initial switch configuration. Also, it is recommended to exit Admin Mode with
“exit” command when the administrator needs to leave the terminal for a long time.
Example:
Set the Admin user password to “admin”.
Switch(config)# enable p ass word 0 admi n
1.1.7 exec-timeout
Command:
exec-timeout <minutes> [<seconds>]
no exec-timeout
Function:
Configure the timeout o f exiting admin mode. The “no exec-timeout” command re stores th e default
value.
Parameters:
<minute> is the time value shown in minute and ranges between 0~35791.<seconds> is the time
value shown in seconds and ranges between 0~2147483.
Command mode:
Global mode
Default:
Default timeout is 10 minutes.
Usage guide:
To secure the switch, as well to prevent malicious actions from unauthorized user, the time will be
count from the last configuration the admin had made, and the system will exit the admin mode at
due time. It is required to enter admin code and password to enter the admin mode again. The
timeout timer will be disabled when the timeout is set to 0.
Example:
Set the admin mode timeout value to 6 minutes
Switch(config)#exec-timeout 6
Set the admin mode timeout value to 5 minutes, 30 seconds
Switch(config)#exec-timeout 5 30
1.1.8 end
Command:
end
Function:
Quit current mode and return to Admin mode when not at User Mode/ Admin Mode.
Command mode:
Except User Mode/ Admin Mode
Example:
Quit VLAN mode and return to Admin mode.
Switch(config-vlan1)#end
Switch#
1.1.9 exit
Command:
exit
Function:
Quit current mode and return to it’s previous mode.
Command mode:
All Modes
Usage Guide:
This command is to quit current mode and return to it’s previous mode.
Example:
Quit global mode to it’s previous mode
Switch#exit
Switch#
1.1.10 help
Command:
help
Function:
Output brief description of the command interpreter help system.
Command mode:
All configuration modes.
Usage Guide:
An instant online help provided by the switch. Help command displays information about the whole
help system, including complete help and partial help. The user can type in ? any time to get online
help.
Example:
switch(config)#help
PLANETOS CLI provides advanced help feature. When you need help, any tim e at the comma nd
line please press '?'. If nothing matches, the help list will be empty and you must backup until
entering a '?' shows the available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter acommand argument (e.g. 'show ?') and
describes each possible argument.
2. Partial help is provided when an abbreviated argument is entered and you want to know what
arguments match the input (e.g. 'show ve?'.)
1.1.11 hostname
Command:
hostname <hostname>
no hostname
Function:
Set the prompt in the switch command line interface. The no operation cancels the configuration.
Parameter:
<hostname> is the string for the prompt, up to 30 characters are allowed.
Command mode:
Global Mode
Default:
The default prompt is relatived with the switch.
Usage Guide:
With this command, the user can set the CLI prompt of the switch according to their own
requirements.
Example:
Set the prompt to “Test”.
Switch(config)#hostname Test
Test(config)#
1.1.12 ip host
Command:
ip host <hostname> <ip_addr>
no ip host {<hostname>|all}
Function:
Set the mapping relationship between the host and IP address; the “no ip host” parameter of this
command will delete the mapping.
Parameter:
<hostname> is the host name, up to 15 characters are allowed;
<ip_addr> is the corresponding IP address for the host name, takes a dot decimal format; all is all
of the host name.
Command mode:
Global Mode
Usage Guide:
Set the association between host and IP address, which can be used in commands like “ping
<host>“.
Example:
Set IP address of a host with the hostname of “beijing” to 200.121.1.1.
Switch(config)#ip host beijing 200.121.1.1
Command related:
telnet, ping, traceroute
1.1.13 ipv6 host
Command:
ipv6 host <hostname> <ipv6_addr>
no ipv6 host {<hostname>|all}
Function:
Configure the mapping relationship between the IPv6 address and the host; the “no ipv6 host
<hostname>” command deletes this mapping relationship.
Parameter:
<hostname> is the name of the host, containing max 15 characters;
<ipv6_addr> is the IPv6 address corresponding to the host name.<all> is all the host address.
Command Mode:
Global Mode
Usage Guide:
Configure a fixed corresponding relationship between the host and the IPv6 address, applicable in
commands such as “traceroute6 <host>”, etc.
Example:
Set the IPv6 address of the host named beijing to 2001:1:2:3::1
Switch(config)#ipv6 host beijing 2001:1:2:3::1
Command related:
ping6,traceroute6
1.1.14 ip http server
Command:
ip http server
no ip http server
Function:
Enable Web configuration; the “no ip http server” command disables Web configuration
Command mode:
Global mode
Usage guide:
Web configuation is for supplying a interface configured with HTTP for the user, which is straight
and visual, esay to understand.
Example:
Enable Web Server function and enable Web configurations.
Switch(config)#ip http server
1.1.15 language
Command:
language {chinese | english}
Function:
Set the language for displaying the help information.
Parameter:
chinese for Chinese display;
english for English display.
Command mode:
Admin and Config Mode.
Default:
The default setting is English display.
Usage Guide:
Switch provides help information in two languages, the user can select the language according to
their preference. After the system restart, the help information display will revert to English.
1.1.16 login
Command:
login
no login
Function:
login enable password authentication, no login command cancels the login configuration.
Command mode:
Global mode
Default:
No login by default
Usage guide:
By using this command, users have to enter the password set by password command to enter
normal user mode with console; no login cancels this restriction.
Example:
Enable password
Switch(config)#login
1.1.17 password
Command:
password [0|7] <password>
no password
Function:
Configure the password used for enter normal user mode on the console. The “no password”
command deletes this password.
Parameter:
password is the configured code. Encryption will be performed by entering 8.
Command mode:
Global mode
Default:
This password is empty by system default
Usage guide:
When both this password and login command are con figured, users have to enter the password set
by password command to enter normal user mode on console.
Example:
Switch(config)#password 0 test
Switch(config)#login
1.1.18 reload
Command:
reload
Function:
Warm reset the switch.
Command mode:
Admin Mode.
Usage Guide:
The user can use this command to restart the switch without power off.
1.1.19 service password-encryption
Command:
service password-encryption
no service password-encryption
Function:
Encrypt system password. T he “no serv ice password-encryption” command cancels the
encryption.
Command mode:
Global Mode
Default:
No service password-encryption by system default
Usage guide:
The current unencrypted passwords as well as the coming passwords configured by password,
enable password and username command will be encrypted by executed this command. no service
password-encryption cancels this function however encrypted passwords remain unchanged.
Example:
Encrypt system passwords
Switch(config)#service password-encryption
1.1.20 service terminal-length
Command:
service terminal-length <0-512>
no service terminal-length
Function:
Configure the columns of characters displayed in each screen on terminal (vty). The “no service
terminal-length” command cancels the screen shifting operation.
Parameter:
Columns of characters displayed on each screen of vty, ranging between 0-512.
Command mode:
Global Mode
Usage guide:
Configure the columns of characters displayed on each screen of the terminal. The columns of
characters displayed on each screen on the telent.ssh client and the Console will be following this
configuration.
Example:
Set the number of vty threads to 20.
Switch(config)#service terminal-length 20
1.1.21 sysContact
Command:
sysContact <LINE>
no sysContact
Function:
Set the factory contact mode, the “no sysContact” command reset the switch to factory settings.
Parameter:
<LINE> is the prompt character string, range from 0 to 255 characters.
Command mode:
Global Mode
Default:
The factory settings.
Usage guide:
The user can set the factory contact mode bases the fact instance.
Example:
Set the factory contact mode to test.
Switch(config)#sysContact test
1.1.22 sysLocation
Command:
sysLocation <LINE>
no sysLocation
Function:
Set the factory address, the “no sysLocation” command reset the switch to factory settings.
Parameter:
<LINE> is the prompt character string, range from 0 to 255 characters.
Command mode:
Global Mode
Default:
The factory settings.
Usage guide:
The user can set the factory address bases the fact instance.
Example:
Set the factory address to test.
Switch(config)#sysLocation test
1.1.23 set default
Command:
set default
Function:
Reset the switch to factory settings.
Command mode:
Admin Mode.
Usage Guide:
Reset the switch to factory settings. That is to say, all configurations made by the user to the switch
will disappear. When the switch is restarted, the prompt will be the same as when the switch was
powered on for the first time.
Note:
After the command, “ write” command mu st be executed to save the operation. The switch will reset
to factory settings after restart.
Example:
Switch#set default
Are you sure? [Y/N] = y
Switch#write
Switch#reload
1.1.24 setup
Command:
setup
Function:
Enter the Setup Mode of the switch.
Command mode:
Admin Mode.
Usage Guide:
Switch provides a Setup Mode, in which the user can configure IP addresses, etc.
1.1.25 show clock
Command:
show clock
Function:
Display the curre nt syst e m cl o ck.
Command mode:
Admin and Configuration Mode.
Usage Guide:
If the system clock is inaccurate, user can adjust the time by examining the system date and clock.
Example:
Switch#show clock
Current time is TUE AUG 22 11:00:01 2002
Command related:
clock set
1.1.26 show temperature
Command:
show temperature
Function:
Display the current temputerature of the switch CPU.
Command mode:
All mode.
Usage Guide:
This command is used to monitor the temperature of the switch CPU.
Example:
Display the current temperature of the switch CPU.
Switch(Config)#show temperature
Temperature: 47.0625 ℃
1.1.27 show tech-support
Command:
show tech-support
Function:
Display the operational information and the task status of the switch. The technique specialist use
this command to diagnose whether the switch operate normally.
Command mode:
Admin and Configuration Mode.
Usage Guide:
This command is used to collect the relative information when the switch operation is
malfunctioned.
Example:
Switch#show tech-support
1.1.28 show version
Command:
show version
Function:
Display the version information of the switch.
Command mode:
Admin and Configuration Mode.
Usage Guide:
this command is used to show the version information of the switch, including the hardware version
and the software version information.
Example:
Switch#show version.
1.1.29 username
Command:
username <username> [privilege <privilege>] [password <0|7> <password>]
no username <username>
Function:
Configure local login username and password along with its privilege level.
Parameter:
<username> is the name of the user.
<privilege> is the maximum privilege level of the commands that the user is able to execute, its
value is limited between 1 and 15, and 1 by default.
<password> is the password for the user. If input option 7 on password setting, the password is
encrypted; if input option 0, the password is not processed.
Command Mode:
Global Mode.
Usage Guide:
There are two available c hoi ce s for the preferences of the register ed co mmand s in th e switch. They
are 1 and 15. Preference of 1 is for the commands of the normal user configuration mode.
Preference of 15 is for the commands registered in modes other than the normal user configuration
modes. 16 local users at most can be configured through this command, and the maximum length
of the password should be no less than 32.
Notice:
The user can log in user and priority after the command configures, before issuing the command
authentication line console lo gin local, it should be made sure t hat at one u ser ha s be conf igured as
preference level of 15, in order to login the switch and make configuration changes in privileged
mode and global mode. If there are no configured local users with preference level of 15, while only
Local authentication is configured for the Console login method, the switch can be login without any
authentication. When usi ng the HTTP metho d t o login the switch, o nly u ser s w ith preference level of
15 can login the switch, users with preference level other than 15 will be denied.
Example:
Configure an administrator acc ount nam ed admi n, w ith the pr eferen ce lev el as 1 5. An d confi gure tw o
normal accounts with its preference level as 1. Then enable local authentication method.
Above all the configurations, only the admin user is able to login the switch in privileged mode
through Telnet or Console login method, user1 and user2 can only login the switch in normal user
mode through the telnet and c onso le l ogin method. For HTTP logi n m etho d, on ly the admin user can
pass the authentication configuration, user1 and user2 will be denied.
Switch(config)#username admin privilege 15 password 0 admin
Switch(config)# username user1 privilege 1 password 7 user1
Switch(config)# username user2 password 0 user2
Switch(config)# authentication line console login local
1.1.30 web language
Command:
web language {chinese | english}
Function:
Set the language for displaying the HTTP Server information.
Parameter:
chinese for Chinese display;
english for English display.
Command mode:
Admin Mode
Default:
The default setting is English display.
Usage Guide:
The user can select the language according to their preference.
1.1.31 write
Command:
write
Function:
Save the currently configured p aram eters to the Flash memory.
Command mode:
Admin Mode.
Usage Guide:
After a set of configuration with desired functions, the setting should be saved to the Flash memory,
so that the system can revert to the saved configuration automatically in the case of accidentally
powered off or power failure. This is the equivalent to the copy running-config startup-config
command.
1.2 Commands for Telnet
1.2.1 authentication ip access-class
Command:
authentication ip access-class {<num-std>|<name>}
no authentication ip access-class
Function:
Binding standard IP ACL protocol to login with Telnet/SSH/Web; the no form command will cancel
the binding ACL.
Paramters:
<num-std> is the access-class number for standard numeric ACL, ranging between 1-99;
<name> is the access-class name for standard ACL, the character string length is ranging between
1-32.
Default:
The binding ACL to Telnet/SSH/Web function is closed by default.
Command Mode:
Global Mode.
Example:
Binding standard IP ACL protocol to access-class 1.
Switch(config)#authentication ip access-cla ss 1
1.2.2 authentication ipv6 access-class
Command:
authentication ipv6 access-class {<num-std>|<name>}
no authentication ipv6 access-class
Function:
Binding standard IPv6 ACL protocol to login with Telnet/SSH/Web; the no form command will cancel
the binding ACL.
Parameters:
<num-std> is the access-class number for standard numeric ACL, ranging between 500-599;
<name> is the access-class name for standard ACL, the character string length is ranging between
1-32.
Default:
The binding ACL to Telnet/SSH/Web function is closed by default.
Command Mode:
Global Mode.
Example:
Binding standard IP ACL protocol to access-class 500.
Switch(config)#authentication ipv6 access-class 500
1.2.3 authentication line login
Command:
authentication line {console | vty | web} login {local | radius | tacacs}
no authentication line {console | vty | web} login
Function:
Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the
authentication mode for the login user. The no form command restores the default authentication
mode.
Default:
No configuration is enabled for the console login method by default. Local authentication is enabled
for the VTY and Web login method by default.
Command Mode:
Global Mode.
Usage Guide:
The authentication method for Console, VTY and Web login can be configured respectively. And
authentication method can be any one or combination of Local, RADIUS or TACACS. When login
method is configuration in combination, the preference goes from left to right. If the users have
passed the authentication met hod, authe ntication method of lower preferences will be ignor ed. To
be mentioned, if the user receives correspond protocol’s answer whether refuse or incept, it will not
attempt the next authentication method (Exception: if the local authentication method failed, it will
attempt the next authentication method); it will attempt the next authentication method if it receives
nothing. And AAA function RADIUS server should be configured before the RADIUS configuration
method can be used. And TACACS server should be configured before the TACACS configuration
method can be used.
The authentication line console login command is exclusive with the “login” command. The
authentication line console login command configures the switch to use the Cons ole log i n
method. And the login command makes the Console login to use the passwords configured by the
password command for authentication.
If local authentication is configured while no local users are configured, users will be able to login
the switch via the Console method.
Example:
Configure the remote login authentication mode to radius.
Switch(config)#authentication login radius
Relative Command:
aaa enable, radius-server authentication host, tacacs-server authentication host,
tacacs-server key
1.2.4 authentication securityip
Command:
authentication securityip <ip
no authentication securityip <ip-addr>
Function:
To configure the tr uste d IP add ress for Telnet and HTTP login meth od. T he no form of th is command
will remove the trusted IP address configuration.
Parameters:
<ip-addr> is the trusted IP address of the cli ent i n do t ted de cim al f orma t which can login the switch .
Default:
No trusted IP address is configured by default.
Command Mode:
Global Mode.
Usage Guide:
IP address of the client which can login the switch is not restricted before the trusted IP address is
not configured. After the trusted IP address is configured, only clients with trusted IP addresses are
able to login the switch. Up to 32 trusted IP addresses can be configured in the switch.
Example:
To configure 192.168.1.21 as the trusted IP address.
Switch(config)# authentication securityip 192.168.1.21
1.2.5 authentication securityipv6
Command:
authentication securityipv6 <ipv6-addr>
no authentication securityipv6 <ipv6-addr>
Function:
To configure the trusted IPv6 address for Telnet and HTTP login method. The no form of this
command will remove the specified configuration.
Parameters:
<ipv6-addr> is the trusted IPv6 address which can login the sw itch.
Default:
No trusted IPv6 addresses are configured by default.
Command Mode:
Global Mode.
Usage Guide:
IPv6 address of the client which can login the switch is not restricted before the trusted IPv6
address is not configured. After the trusted IPv6 address is c onfig ured, only clients with tru s ted I Pv 6
addresses are able to login the switch. Up to 32 trusted IPv6 addresses can be configured in the
switch.
Example:
Configure the secure IPv6 address is 2001:da8:123:1::1.
Switch(config)# authentication securityipv6 2001:da8:123:1::1
1.2.6 authentication
Command:
authorization line {console | vty | web} exec {local | radius | tacacs}
no authorization line {console | vty | web} exec
Function:
Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the
authorization mode for the login user. The no form command restores the default authorization
mode.
Default:
There is no authorization mode.
Command Mode:
Global Mode.
Usage Guide:
The authorization method for Console, VTY and Web login can be configured respectively. And
authorization method can be any one or combination of Local, RADIUS or TACACS. When login
method is configuration in combination, the preference goes from left to right. If the users have
passed the authorization method, authorization method of lower preferences will be ignored. To be
mentioned, if the user receives correspond protocol’s answer whether refuse or incept, it will not
attempt the next authorization method; it will attempt the next authorization method if it receives
nothing. And AAA function RADIUS server should be configured before the RADIUS configuration
method can be used. And TACACS server should be configured before the TACACS configuration
method can be used.
The local users adopt username command permission while authorization command is not
configured, the users login the switch via RADIUS/TACACS method and works under common
mode.
Example:
Configure the telnet authentication mode to RADIUS.
Switch(config)# authorization line vty exec radius
1.2.7 terminal length
Command:
terminal length <0-512>
terminal no length
Function:
Set columns of characters displayed in each screen on terminal; the “terminal no length” cancel s
the screen switching operation and display content once in all.
Parameter:
Columns of characters displayed in each screen, ranging between 0-512 (0 refers to non-stop
display).
Command mode:
Admin Mode.
Default:
Default columns is 25.
Usage Guide:
Set columns of characters displayed in each screen on terminal, so that the-More-message will be
shown when displayed information exceeds the screen. Press any key to show information in next
screen. 25 columns by default.
Example:
Configure treads in each display to 20.
Switch#terminal length 20
1.2.8 terminal monitor
Command:
terminal monitor
terminal no monitor
Function:
Copy debugging messages to current display terminal; the “terminal no monitor” command
restores to the default value.
Command mode:
Admin Mode.
Usage Guide:
Configures whether the current debugging messages is displayed on this terminal. If this command
is configured on telnet or SSH clients, debug messages will be sent to that client. The debug
message is displayed on console by default.
Example:
Switch#terminal monitor
1.2.9 telnet
Command:
telnet {<ip-addr> | <ipv6-addr> | host <hostname>} [<port>]
Function:
Log on the remote host by Telnet
Parameter:
<ip-addr> is the IP address of the remote host, shown in dotted decimal notation;
<ipv6-addr> is the IPv6 address of the remote host;
<hostname> is the name of the remote host, containing max 30 characters;
<port> is the port number, ranging between 0~ 655 35.
Command Mode:
Admin Mode.
Usage Guide:
This command is used when the switch is applied as Telnet client, for logging on remote host to
configure. When a sw itch i s applie d as a Telnet client, it can only est ablish one TCP connection with
the remote host. To connect to another remote host, the current TCP connection must be
disconnected with a hotkey “CTRL+ \”. To telnet a host name, mapping relatio ns hip between the
host name and the IP/IPv6 address should be previously configured. For required commands
please refer to ip host and ipv6 host. In case a host corresponds to both an IPv4 and an IPv6
addresses, the IPv6 should be preferred when telneting this host name.
Example:
The switch Telnets to a remote host whose IP address is 20.1.1.1.
Switch#telnet 20.1.1.1 23
Connecting Host 20.1.1.1 Port 23
Service port is 23
Connected to 20.1.1.1
login:123
password:***
WGSW-50040>
1.2.10 telnet server enable
Command:
telnet server enable
no telnet server enable
Function:
Enable the Telnet server function in the switch: the “no telnet server enable” command disables the
Telnet function in the switch.
Default:
Telnet server function is enab l ed by default .
Command mode:
Global Mode
Usage Guide:
This command is available in Console only. The administrator can use this command to enable or
disable the Telnet client to login to the switch.
Example:
Disable the Telnet server function in the switch.
Switch(config)#no telnet server enable
1.2.11 telnet-server max-connection
Command:
telnet-server max-connection {<max-connection-number> | default}
Function:
Configure the max connection number supported by the Telnet service of the switch.
Parameters:
<max-connection-number>: the max connection number supported by the Telnet service, ranging
from 5 to 16. The default option will restore the default configuration.
Default:
The system default value of the max connection number is 5.
Command Mode:
Global Mode
Usage Guide:
None.
Example:
Set the max connection number supported by the Telnet service as 10.
Switch(config)#telnet-server max-connection 10
1.2.12 ssh-server authentication-retries
Command:
ssh-server authentication-retries <authentication-retries>
no ssh-server authentication-retries
Function:
Configure the number of times for retrying SSH authentication; the “no ssh-server
authentication-retries” command restores the default number of times for retrying SSH
authentication.
Parameter:
<authentication-retries> is the number of times for retrying authentication; valid range is 1 to 10.
Command mode:
Global Mode
Default:
The number of times for retrying SSH authentication is 3 by default.
Example:
Set the number of times for retrying SSH authentication to 5.
Switch(config)#ssh-server authentication-retries 5
1.2.13 ssh-server enable
Command:
ssh-server enable
no ssh-server enable
Function:
Enable SSH function on the switch; the “no ssh-server enable” command disables SSH function.
Command mode:
Global Mode
Default:
SSH function is disabled by default.
Usage Guide:
In order that the SSH client can log on the switch, the users need to configure the SSH user and
enable SSH function on the switch.
Example:
Enable SSH function on the switch.
Switch(config)#ssh-server enable
1.2.14 ssh-server host-key create rsa
Command:
ssh-server host-key create rsa [modulus < modulus >]
Function:
Generate new RSA host key .
Parameter:
modulus is the modulus which is used to compute the host key; valid range is 768 to 2048. The
default value is 1024.
Command mode:
Global Mode
Default:
The system uses the key generated when the ssh-server is started at the first time.
Usage Guide:
This command is used to generate the new host key. When SSH client logs on the server, the new
host key is used for authentication. After the new host key is generated and “write” command is
used to save the configuration, the system uses this key for authentication all the time. Because it
takes quite a long time to compute the new key and some clients are not compatible with the key
generated by the modulus 204 8, it is re commended t o use t he key w hich is gen erated by the defau lt
modulus 1024.
Example:
Generate new host key.
Switch(config)#ssh-server host-key create rsa
1.2.15 ssh-server max-connection
Command:
ssh-server max-connection { <max-connection-number>|default}
Function:
Configure the max connection number supported by the SSH service of the switch.
Parameters:
<max-connection-number>: the max connection number supported by the SSH service, ranging
from 5 to 16. The default option will restore the default configuration.
Default:
The system default value of the max connection number is 5.
Command Mode:
Global Mode
Usage Guide:
None.
Example:
Set the max connection number supported by the SSH service as 10.
Switch(config)#ssh-server max-connection 10
1.2.16 ssh-server timeout
Command:
ssh-server timeout <timeout>
no ssh-server timeout
Function:
Configure timeout value for SSH authentication; the “no ssh-server timeout” command restores
the default timeout value for SSH authentication.
Parameter:
<timeout> is timeout value; valid range is 10 to 600 seconds.
Command mode:
Global Mode
Default:
SSH authentication timeout is 180 seconds by default.
Example:
Set SSH authentication timeout to 240 seconds.
Switch(config)#ssh-server timeout 240
1.2.17 show ssh-server
Command:
show ssh-server
Function:
Display SSH state and users which log on currently.
Command mode:
Admin Mode.
Example:
aa
Switch#show ssh-server
ssh server is enabled
ssh-server timeout 180s
ssh-server authentication-retries 3
ssh-server max-connection number 6
ssh-server login user number 2
1.2.18 show telnet login
Command:
show telnet login
Function:
Display the information of th e Telnet client which currently establishes a Telnet connection with the
switch.
Command Mode:
Admin and Configuration Mode.
Usage Guide:
Check the Telnet client messages connected through Telnet with the switch.
Example:
Switch#show telnet login
Authenticate login by local
Login user:
1.3 Commands for Configuring Switch IP
1.3.1 interface vlan
Command:
interface vlan <vlan-id>
no interface vlan <vlan-id>
Function:
Enter the VLAN interface configuration mode; the no operation of this command will delete the
existing VLAN interface.
Parameters:
<vlan-id> is the VLAN ID of an existing VLAN, ranging from 1 to 4094.
Command Mode:
Global Configuration Mode.
Usage Guide:
Users should first make sure the existence of a VLAN before configuring it. User “exit” command to
quit the VLAN interface configuration mode back to the global configurat ion mode.
Example:
Enter the VLAN interface configuration mode of VLAN1.
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#
1.3.2 ip address
Command:
ip address <ip-address> <mask> [secondary]
no ip address [<ip-address> <mask>] [secondary]
Function:
Set the IP address and mask for the specified VLAN inter fa c e; the “no ip address <ip address>
<mask> [secondary]” command deletes the specified IP address setting.
Parameter:
<ip-address> is the IP address in dot decimal format;
<mask> is the subnet mask in dot decimal format;
[secondary] indicates the IP configured is a secondary IP address.
Default:
No IP address is configured upon switch shipment.
Command mode:
VLAN Interface Mode
Usage Guide:
A VLAN interface must be created first before the user can assign an IP addres s to the sw itch.
Example:
Set 10.1.128.1/24 as the IP address of VLAN1 interface.
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip address 10.1.128.1 255.255.255.0
Switch(Config-if-Vlan1)#exit
Switch(config)#
Relative Command:
ip bootp-client enable, ip dhcp-client enable
1.3.3 ipv6 address
Command:
ipv6 address <ipv6address | prefix-length> [eui-64]
no ipv6 address <ipv6address | prefix-length> [eui-64]
Function:
Configure aggregatable global unicast address, site-local address and link-local address for the
interface.
Parameters:
<ipv6address> is the prefix of an IPV6 address;
<prefix-length>is the length of the prefix of an IPV6 address, ranging from 3 to 128;
eui-64 means that the eui64 interface id of the interface will automatically create an IPV6 address.
Command Mode:
Interface Configuration Mode.
Default
None.
Usage Guide:
The prefix of an IPV6 address should not be a mul tic ast addr ess, or other kin ds of IPV6 ad dres ses
with specific usage. Different layer-three VLAN interfaces are forbidden to share a same address
prefix. As for any global unicast address, the prefix should be limited in the range from 2001:: to
3fff ::,with a length no shorter than 3. And the prefix length of a site-local address or a link-local
address should not be shorter than 10.
Examples:
Configure an IPV6 address at the layer-three interface of VLAN1: set the prefix as 2001:3f:ed8::99,
the length of which is 64.
Switch(Config-if-Vlan1)#ipv6 address 2001:3f:ed8::99/64
1.3.4 ip bootp-client enable
Command:
ip bootp-client enable
no ip bootp-client enable
Function:
Enable the switch to be a BootP Client and obtain IP address and gateway address through BootP
negotiation; the “no ip bootp-client enable” command disables the BootP Client function and
releases the IP address obtained in BootP.
Default:
BootP client function is disabled by default.
Command mode:
VLAN Interface Mode
Usage Guide:
Obtaining IP address through BootP, Manual configuration and DHCP are mutually exclusive,
enabling any two methods for obtaining IP address is not allowed. Note: To obtain IP address via
BootP, a DHCP server or a BootP server is required in the network.
Example:
Get IP address through BootP.
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip bootp-client enable
Switch (Config-if-Vlan1)#exit
Switch(config)#
Relative command:
ip address, ip dhcp-client enable
1.3.5 ip dhcp-client enable
Command:
ip dhcp-client enable
no ip dhcp-client enable
Function:
Enables the switch to be a DHCP client and obtain IP address and gateway address through DHCP
negotiation; the “no ip dhcp-client enable” command disables the DHCP client function and
releases the IP address obtained in DHCP. Note: To obtain IP address via DHCP, a DHCP server is
required in the network.
Default:
the DHCP client function is disabled by default.
Command mode:
VLAN Interface Mode
Usage Guide:
Obtaining IP address by DHCP, Manual configuration and BootP are mutually exclusive, enabling
any 2 methods for obtaining an IP address is not allowed.
Example:
Getting an IP address through DHCP.
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip dhcp-client enable
Switch(Config-if-Vlan1)#exit
Switch(config)#
1.4 Commands for SNMP
1.4.1 debug snmp mib
Command:
debug snmp mib
no debug snmp mib
Function:
Enable the SNMP mib debugging; the "no debug snmp mib” command disables the debugging.
Command Mode:
Admin Mode.
Usage Guide:
When user encounters problems in applying SNMP, the SNMP debugging is available to locate the
problem causes.
Example:
Switch#debug snmp mib
1.4.2 debug snmp kernel
Command:
debug snmp kernel
no debug snmp kernel
Function:
Enable the SNMP kernel debugging; the “no debug snmp kernel” command disables the
debugging function.
Command Mode:
Admin Mode.
Usage Guide:
When user encounters problems in applying SNMP, the SNMP debugging is available to locate the
problem causes.
Example:
Switch#debug snmp kernel
0 Number of requested variables
1.4.3 rmon enable
Command:
rmon enable
no rmon enable
Function:
Enable RMON; the “no rmon enable” command disables RMON.
Command mode:
Global Mode
Default:
RMON is disabled by default.
Example:
Enable RMON.
Switch(config)#rmon enable
Disable RMON.
Switch(config)#no rmon enable
1.4.4 show snmp
Command:
show snmp
Function:
Display all SNMP counter information.
Command mode:
Admin and Configuration Mode.
Example:
Switch#show snmp
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding erro rs
0 Number of altered variables
0 SNMP trap PDUs
snmp packets input
Total number of SNMP packet inputs.
unknown community name
Number of community name error packets.
packets.
encoding errors
Number of encoding error packets.
number of requested variable
Number of variables requested by NMS.
number of altered variables
Number of variables set by NMS.
get-request PDUs
Number of packets received by “get” requests.
requests.
set-request PDUs
Number of packets received by “set” requests.
snmp packets output
Total number of SNMP packet outputs.
too big errors
Number of “Too_ big” error SNMP packets.
maximum packet siz e
Maximum length of SNMP packets.
MIB objects.
bad values errors
Number of “Bad_values” error SNMP packets.
general errors
Number of “General_error s” er r or SN MP packets.
response PDUs
Number of response packets s ent.
trap PDUs
Number of Trap p ac kets sent.
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Max packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Get-response PDUs
Displayed information Explanation
bad snmp version errors Number of version information error packets.
illegal operation for community name supplied Number of permission for community name error
get-next PDUs Number of packets received by “getnext”
no such name errors Number of packets requesting for non-existent
1.4.5 show snmp engineid
SNMP engineID:3138633303f1276c Engine Boots is:1
Displayed Information
Explanation
SNMP engineID
Engine number
Engine Boots
Engine boot counts
Notify View:one
Displayed Information
Explanation
Group Name
Group name
Security level
Security level
Read View
Read view name
Write View
Write view name
Command:
show snmp engineid
Function:
Display the engine ID commands.
Command Mode:
Admin and Configuration Mode.
Example:
Switch#show snmp engineid
1.4.6 show snmp group
Command:
show snmp group
Function:
Display the group informat ion comman ds.
Command Mode:
Admin and Configuration Mode.
Example:
Switch#show snmp group
Group Name:initial Security Level:noAuthnoPriv
Read View:one
Write View:<no writeview specified>
Notify View
Notify view name
<no writeview specified>
No view name specified by the user
Security IP Information:
Displayed information
Description
Community string
Community string
Community access
Community access permission
Trap-rec-address
IP address which is used to receive Trap.
Trap enable
Enable or disable to send Trap.
access Agent
1.4.7 show snmp mib
Command:
show snmp mib
Function:
Display all MIB supported by the switch.
Command Mode:
Admin and Configuration Mode.
1.4.8 show snmp status
Command:
show snmp status
Function:
Display SNMP configuration information.
Command mode:
Admin and Configuration Mode.
Example:
Switch#show snmp status
Trap enable
RMON enable
Community Information:
V1/V2c Trap Host Information:
V3 Trap Host Information:
SecurityIP IP address of the NMS which is allowed to
Row status:active
Displayed Information
Explanation
User name
User name
Engine ID
Engine ID
Priv Protocol
Employed encryption algorithm
Auth Protocol
Employed identification algorithm
Row status
User state
1.3. Excluded active
1.4.9 show snmp user
Command:
show snmp user
Function:
Display the user information commands.
Command Mode:
Admin and Configuration Mode.
Example:
Switch#show snmp user
User name: initialsha
Engine ID: 1234567890
Auth Protocol:MD5 Priv Protocol:DES-CBC
1.4.10 show snmp view
Command:
show snmp view
Function:
Display the view information commands.
Command Mode:
Admin and Configuration Mode.
Example:
Switch#show snmp view
View Name:readview 1. -Included active
Displayed Information
Explanation
View Name
View name
1.and1.3.
OID number
Included
The view includes sub trees rooted by this OID
Excluded The view does not include sub trees rooted by
this OID
active
State
1.4.11 snmp-server community
Command:
snmp-server community {ro | rw} <string> [access {<num-std>|<name>}] [ipv6-access
{<ipv6-num-std>|<ipv6-name>}] [read <read-view-name>] [write <write-view-name>] no
snmp-server community <string> [access {<num-std>|<name>}] [ipv6-access
{<ipv6-num-std>|<ipv6-name>}]
Function:
Configure the community string for the switch; the “no snmp-server community <string> [access
{<num-std>|<name>}] [ipv6-access {<ipv6-num-std> |<ipv6-name>}] “command deletes the
configured community string.
Parameter:
<string> is the community string set;
ro | rw is the specified access mode to MIB, ro for read-only and rw for read-write.
<num-std> is the access-class number for standard numeric ACL, ranging between 1-99;
<name> is the access-class name for standard ACL, the character string length is ranging between
1-32;
<ipv6-num-std> is the access-class number for standard numeric IPv6 ACL, ranging between
500-599;
<name> is the acces s-class name for standard IPv6 ACL, the character string length is ranging
between 1-32.
<read-view-name> is the name of readable view which includes 1-32 charact ers.
<write-view-name> is the name of writable view which includes 1-32 characters.
Command mode:
Global Mode
Usage Guide:
The switch supports up to 4 community strings. It can realize the access-control for specifically
community view by binding the community name to specifically readable view or writable view.
Example:
Add a community string named “private” with read-write permission.
Switch(config)#snmp-server community private rw
Add a community string named “public” with read-only permission.
Switch(config)#snmp-server community public ro
Modify the read-write community string named “private” to read-only.
Switch(config)#snmp-server community private ro
Delete community string “private”.
Switch(config)#no snmp-server community private
Bind the read-only community str in g “public” to readable view “pviewr”.
Switch(config)#snmp-server community ro public read pviewr
Bind the read-write community string “private” to readable view “pviewr” and writable view “pvieww”.
Switch(config)#snmp-server community rw private read pviewr write pvieww
1.4.12 snmp-server enable
Command:
snmp-server enable
no snmp-server enable
Function:
Enable the SNMP proxy server function on the switch. The “no snmp-server enable” command
disables the SNMP proxy server function
Command mode:
Global mode
Default:
SNMP proxy server function is disabled by system default.
Usage guide:
To perform configuration management on the switch with network manage software, the SNMP
proxy server function has to be enabled with this command.
Example:
Enable the SNMP proxy server function on the switch.
Switch(config)#snmp-server enable
1.4.13 snmp-server enable traps
Command:
snmp-server enable traps
no snmp-server enable traps
Function:
Enable the switch to send Trap message; the “no snmp-server enable traps” command disables
the switch to send Trap message.
Command mode:
Global Mode
Default:
Trap message is disabled by default.
Usage Guide:
When Trap message is enabled, if Down/Up in device ports or of system occurs, the device will
send Trap messages to NMS that receives Trap messages.
Example:
Enable to send Trap mes sage s.
Switch(config)#snmp-server enable traps
Disable to send Trap me ssa ge s.
Switch(config)#no snmp-server enable traps
1.4.14 snmp-server engineid
Command:
snmp-server engineid <engine-string>
no snmp-server engineid
Function:
Configure the engine ID; the “no" form of this command restores to the default engine ID.
Command Mode:
Global mode
Parameter:
<engine-string> is the engine ID shown in 1-32 digit hex characters.
Default:
Default value is the company ID plus local MAC address.
Usage Guide:
None
Example:
Set current engine ID to A6 66 88999 F
Switch(config)#snmp-server engineid A 66688999F
Restore the default engine ID
Switch(config)#no snmp-server engineid
1.4.15 snmp-server group
Command:
snmp-server group <group-string> {NoauthNopriv | AuthNopriv | AuthPriv} [[read
<read-string>] [write <write-string>] [notify <notify-string>]] [access {<num-std>|<name>}]
[ipv6-access {<ipv6-num-std>|<ipv6-name>}]
no snmp-server group <group-string> {NoauthNopriv | AuthNopriv | AuthPriv} [access
{<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}]
Function:
This command is used to configure a new group; the “no” form of this command deletes this group.
Command Mode:
Global Mode
Parameter:
<group-string> group name which includes 1-32 characters
NoauthNopriv Applies the non recognizing and non encrypting safety level
AuthNopriv Applies the recognizing but non encrypting safety level
AuthPriv Applies the recognizing and encrypting safety level
read-string Name of readable view which includes 1-32 characters
write-string Name of writable view which includes 1-32 characters
notify-string Name of trappable view which includes 1-32 char act ers
<num-std> is the access-class number for standard numeric ACL, ranging between 1-99;
<name> is the access-class name for standard ACL, the character string length is ranging between
1-32;
<ipv6-num-std> is the access-class number for standard numeric IPv6 ACL, ranging between
500-599;
<name> is the access-class name for standard IPv6 ACL, the character string length is ranging
between 1-32.
Usage Guide:
There is a default view “v1defaultviewname” in the system. It is recommended to use this view as
the view name of the notification. If the read or write view name is empty, corresponding operation
will be disabled.
Example:
Create a group CompanyGroup, with the safety level of recognizing andencrypting, the read
viewname isreadview, and the writing is disabled.
Switch (config)#snmp-server group CompanyGroup AuthPriv read readview
deletet group
Switch (config)#no snmp-server group CompanyGroup Aut hPriv
1.4.16 snmp-server host
Command:
snmp-server host { <host-ipv4-address> | <host-ipv6-address> } {v1 | v2c | {v3
{NoauthNopriv | AuthNopriv | AuthPriv}}} <user-string>
no snmp-server host { <host-ipv4-address> | <host-ipv6-address> } {v1 | v2c | {v3
{NoauthNopriv | AuthNopriv | AuthPriv}}} <user-string>
Function:
As for the v1/v2c versions this command configures the IPv4 or IPv6 address and Trap community
character string of the network manage station receiving the SNMP Trap message. An d for v 3
version, this command is used for receiving the network manage station IPv4 or IPv6 address and
the Trap user name and safety level; the “no” form of this command cancels this IPv4 or IPv6
address.
Command Mode:
Global Mode.
Parameter:
<host-ipv4-addr> | <host-ipv6-addr> is the IP address of the NMS managing station which
receives T rap mes sag e.
v1 | v2c | v3 i s the version number when sending the trap.
NoauthNopriv | AuthNopriv | AuthPriv is the safety level v3 trap is applied, which may be non
encrypted and non authentication, non encrypted and authentication, encrypted and authentication .
<user-string> is the community character string applied when sending the Trap message at v1/v2,
and will be the user name at v3.
Usage Guide:
The Community character string configured in this command is the default community string of the
RMON event group. If the RMON event group has no community character string configured, the
community character string configured in this command will be applied when sending the Trap of
RMON, and if the community character string is configured, its configuration will be applied when
sending the RMON trap. This command allows configuration the IPv4 or IPv6 address of the
network manage station receiving the SNM P T rap mess age, but configure the v ersion nu mber as v 1
and v2c of the IPv4 and IPv6 address are less than 8 in all.
Example:
Configure an IP address to receive Trap
Switch(config)#snmp-server host 1.1.1.5 v1 usertrap
Delete a Trap receiving IPv6 address
Switch(config)#no snmp-server host 2001:1:2:3::1 v1 usertrap
1.4.17 snmp-server securityip
Command:
snmp-server securityip {<ipv4-address> | <ipv6-address>}
no snmp-server securityip {<ipv4-address> | <ipv6-address>}
Function:
Configure to permit to access security IPv4 or IPv6 address of the switch NMS administration
station; the no command deletes configured security IPv4 or IPv6 address.
Command Mode:
Global Mode.
Parameter:
<ipv4-address> is NMS security IPv4 address, point separated decimal format.
<ipv6-address> is NMS security IPv6 address, colon separated hex format.
Usage Guide:
It is only the consistency between NMS administration station IPv4 or IPv6 address and security
IPv4 or IPv6 address configured by the command, so it send SNMP packet could be processed b y
switch, the command only applies to SNMP. Allows configuration the IPv4 or IPv6 address of the
network manage station receiving the SNM P Trap message, but the IP addresses are less than 6 in
all.
Example:
Configure security IP address of NMS administration station
Switch(config)#snmp-server securityip 1.1.1.5
Delete security IPv6 address
Switch(config)#no snmp-server securityip 2001::1
1.4.18 snmp-server securityip
Command:
snmp-server securityip {enable | disable}
Function:
Enable/disable the safety IP address authentication on NMS manage station.
Command Mode:
Global Mode
Default:
Enable the safety IP address authentication function.
Example:
Disable the safety IP address authentication function.
Switch(config)#snmp-server securityip disable
1.4.19 snmp-server view
Command:
snmp-server view <view-string> <oid-string> {include | exclude}
no snmp-server view <view-string> [ <oid-string> ]
Function:
This command is used to create or renew the view information; the “no" form of this command
deletes the view information.
Command Mode:
Global Mode.
Parameter:
<view-string> view name, contain ing 1-32 characters.
<oid-string>is OID number or corresponding node name, containing 1-255 characters.
include | exclude, include/exclude this OID.
Usage Guide:
The command supports not only the input using the character string of the variable OID as
parameter. But also supports the input using the node nam e of the p ara met er.
Example:
Create a view, the name is readview, including iso node but not including the iso.3 node
Switch (config)#snmp-server view readview iso include
Switch (config)#snmp-server view readview iso.3 exclude
Delete the view
Switch (config)#no snmp-server view readview
1.4.20 snmp-server user
Command:
snmp-server user <use-string> <group-string> [{authPriv | authNoPriv} auth {md5 | sha}
<word>] [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}]
no snmp-server user <user-string> [access {<num-std>|<name>}] [ipv6-access
{<ipv6-num-std>|<ipv6-name>}]
Function:
Add a new user to an SNMP group; the "no” form of this command deletes this user.
Command Mode:
Global Mode.
Parameter:
<user-string> is the user name containing 1-32 characters.
<group-string> is the name of the group the user belongs to, containing 1-32 characters.
authPriv use DES for the packet encryption.
authNoPriv not use DES for the packet encryption.
auth perform packet authentication.
md5 packet authentication using HMAC MD5 algorithm.
sha packet authentication using HMAC SHA algorithm.
<word > user password, containing 8-32 character.
<num-std> is the access-class number for standard numeric ACL, ranging between 1-99;
<name> is the access-class name for standard ACL, the character string length is ranging between
1-32;
<ipv6-num-std> is the access-class number for standard numeric IPv6 ACL, ranging between
500-599;
<name> is the access-class name for standard IPv6 ACL, the character string length is ranging
between 1-32.
Usage Guide:
If the encryption and authentication is not selected, the default settings will be no encryption and no
authentication. If the encryption is selected, the authentication must be done. When deleting a user,
if correct username and incorrect group name is inputted, the user can still be deleted.
Example:
Add a new user tester in the UserGroup with an encryption safety level and HMAC md5 for
authentication, the password is hellohello
Switch (config)#snmp-server user tester UserGroup authPriv auth md5 hellohello
deletes an User
Keywords
Source or destination addresses
running-config
Running configuration fil es
startup-config
Startup configuration files
nos.img
System files
nos.rom
System startup files
Switch (config)#no snmp-server user tester
1.5 Commands for Sw itch Upgrad e
1.5.1 copy(FTP)
Command:
copy <source-url> <destination-url> [ascii | binary]
Function:
Download files to the FTP client.
Parameter:
<source-url> is the location of the source files or directories to be copied; <destination-url> is the
destination address to which the files or directories to be copied; forms of <source-url> and
<destination-url> vary depending on different locations of the files or directories. ascii indicates
the ASCII sta ndar d w ill be adopted; binary indicates that the binary system will be adop ted i n the
file transmission(defa ult tran smi ss ion met hod).When URL represents an FTP address, its form
should be:
ftp://<username>:<password>@{<ipaddress>|<ipv6address>|<hostname> }/<filename>,amongst
<username> is the FTP user name,<password> is the FTP u ser
password,<ipaddress>|<ipv6address> is the IPv4 or IPv6 address of the FTP
server/client,<hostname> is the name of the host mapping with th e IP v 6 address,it does not support
the file download and u pload w ith ho st s mapp ing with IP v4 a ddres ses,<filename> is the name of the
FTP upload/download file.
Special keywords of the filename
Command Mode:
Admin Mode.
Usage Guide:
This command supports command line hints, namely if the user can enter commands in following
forms: copy <filename> ftp:// or copy ftp:// <filename> and press Enter, following hints will be
provided by the system:
ftp server ip/ipv6 address [x.x.x.x]/[x:x::x:x] >
ftp username>
ftp password>
ftp filename>
Requesting for FTP server address, user name, password and file name
Examples:
(1) Save images in the FLASH to the FTP server of 10.1.1.1, FTP server userna me is Switch,
password is superuser
Switch#copy nos.img ftp://Switch:superuser@10.1.1.1/nos.img
(2) Obtain system file nos.img from the FTP server 10.1.1.1, the username is Switch, password is
superuser
Switch#copy ftp://Switch:superuser@10. 1.1.1/nos.img nos.img
(3) Save images in the FLASH to the FTP server of 2004:1:2:3::6
Switch#copy nos.img ftp://username:password@2004:1:2:3::6/ nos.img
(4) Obtain system file nos.img from the FTP server 2004:1:2:3::6
Switch#copy ftp:// username:password@2004:1:2:3::6/nos.img nos.img
(5) Save the running configuration files
Switch#copy running-config startup-config
Relevant Command:
Write
1.5.2 copy(TFTP)
Command:
copy <source-url> <destination-url> [ascii | binary]
Function:
Download files to the TFTP client.
Parameter:
<source-url> is the location of the source files or directories to be copied;
<destination-url> is the destination address to which the files or directories to be copied; forms of
<source-url> and <destination-url> vary depending o n dif fe rent loca tions o f the files or dir ector ies.
ascii indicates the ASCII standard will be adopted; binary indicates that the binary system will be
adopted in the file transmission(default transmiss ion met ho d).When URL represents an TFTP
address, its form should be: tftp://{<ipaddress>|<ipv6address>|<hostname>}/<filename>, amongst
<ipaddress>| <ipv6address> is the IPv4 or IPv6 address of the TFTP server/client, <hostname> is
the name of the host mapping with the IPv6 address, it does not support the file download and
upload with hosts mapping with IPv4 addresses,<filename> is the n ame of the TFTP
Keywords
Source or destination addresses
running-config
Running configuration files
startup-config
Startup configuration files
nos.img
System files
nos.rom
System startup files
upload/download file.
Special keyword of the filename
Command Mode:
Admin Mode.
Usage Guide:
This command supports command line hints, namely if the user can enter commands in following
forms: copy <filename> tftp:// or copy tftp:// <filename> and press Enter, following hints will be
provided by the system:
tftp server ip/ipv6 address[x.x.x.x]/[x:x::x:x]>
tftp filename>
Requesting for TFTP server address, file name
Example:
(1) Save images in the FLASH to the TFTP server of 10.1.1.1
Switch#copy nos.img tftp://10.1.1.1/nos.img
(2) Obtain system file nos.img from the TFTP server 10.1.1.1
Switch#copy tf tp:/ /10.1.1.1 / n os.i mg nos.img
(3) Save images in the FLASH to the TFTP server of 2004:1:2:3::6
Switch#copy nos.img tftp:// 2004:1:2:3::6/ nos.img
(4) Obtain system file nos.img from the TFTP server 2004:1:2:3::6
Switch#copy tftp:// 2004:1:2:3::6/nos.img nos.img
(5) Save the running configuration files
Switch#copy running-config startup-config
Relevant Command:
Write
1.5.3 ftp-dir
Command:
ftp-dir <ftp-server-url>
Function:
Browse the file list on the FTP server.
Parameter:
The form of <ftp-server-url> is: ftp://<username>:<password>@{ <ipv4address> |
<ipv6address> }, amongst <username> is the FTP user name, <password> is the FTP user
password, { <ipv4address> | <ipv6address> } is the IPv4 or IPv6 address of the FTP server.
Command Mode:
Admin Mode
Example:
Browse the list of the files on t he serv er with the FTP client, t he user na me is “Switch”, the password
is “superuser”
Switch#ftp-dir ftp:// Switch:superuser @10.1.1.1.
1.5.4 ftp-ser ver enable
Command:
ftp-server enable
no ftp-server enable
Function:
Start FTP server, the “no ftp-server enable” command shuts down FTP server and prevents FTP
user from logging in.
Default:
FTP server is not started by default.
Command mode:
Global Mode
Usage Guide:
When FTP server function is enabled, the switch can still perform ftp client functions. FTP server is
not started by default.
Example:
enable FTP server service.
Switch#config
Switch(config)# ftp-server enable
Relative command:
ip ftp
1.5.5 ftp-ser ver timeout
Command:
ftp-server timeout <seconds>
Function:
Set data connection idle time.
Parameter:
<seconds> is the idle time threshold (in seconds) for FTP connection, the valid range is 5 to 3600.
Default:
The system default is 600 seconds.
Command mode:
Global Mode
Usage Guide:
When FTP data connection idle time exceeds this limit, the FTP management connection will be
disconnected.
Example:
Modify the idle threshold to 100 seconds.
Switch#config
Switch(config)#ftp-server timeout 100
1.5.6 ip ftp
Command:
ip ftp username <username> password [0 | 7] <password>
no ip ftp username <username>
Function:
Configure the username and password for logging in to the FTP; the no operation of this command
will delete the configured username and password simultaneously.
Parameters:
<username> is the username of the FTP link, no longer than 16 characters;
0 | 7 represent displaying the password in ciphertext or plaintext;
<password> is the password of the FTP link, no longer than 16 characters.
Default Settings:
the system uses anonymous FTP links by default.
Command Mode:
Global Configuration Mode.
Examples:
Configure the username as Switch and the password as superuser.
Switch#
Timeout : 600
Displayed information
Description
Timeout
Timeout time.
Switch#config
Switch(config)#ip ftp username Switch password 0 superuser
Switch(config)#
1.5.7 show ftp
Command:
show ftp
Function:
Display the parameter settings for the FTP server.
Command mode:
Admin and Configuration Mode.
Default:
No display by default.
Example:
Switch#show ftp
1.5.8 show tftp
Command:
show tftp
Function:
Display the parameter settings for the TFTP server.
Default:
No display by default.
Command mode:
Admin and Configuration Mode.
Example:
Switch#show tftp
Timeout : 60
Retry Times : 10
Displayed information
Explanation
Timeout
Timeout time.
Retry T imes
Retransmission times.
1.5.9 tftp-server enable
Command:
tftp-server enable
no tftp-server enable
Function:
Start TFTP server, the “no ftp-server enable” command shuts down TFTP server and prevents
TFTP user from logging in.
Default:
TFTP server is not started by default.
Command mode:
Global Mode
Usage Guide:
When TFTP serv er funct ion is enabled, the switch can still p e rfor m t ftp client function s. T FT P server
is not started by default.
Example:
Enable TFTP server service.
Switch#config
Switch(config)#tftp-server enable
Relative Command:
tftp-server timeout
1.5.10 tftp-server retransmission-number
Command:
tftp-server retransmission-number <number>
Function:
Set the retransmission time for TFTP server.
Parameter:
<number> is the time to re-transfer, the valid range is 1 to 20.
Default:
The default value is 5 retransmission.
Command mode:
Global Mode
Example:
Modify the retransmission to 10 times.
Switch#config
Switch(config)#tftp-server retransmission-number 10
1.5.11 tftp-server transmission-timeout
Command:
tftp-server transmission-timeout <seconds>
Function:
Set the transmission timeout value for TFTP server.
Parameter:
<seconds> is the timeout value, the valid range is 5 to 3600s.
Default:
The system default timeout setting is 600 seconds.
Command mode:
Global Mode
Example:
Modify the timeout value to 60 seconds.
Switch#config
Switch(config)#tftp-server transmission-timeout 60
Chapter 2 Commands for
Cluster
2.1 clear cluster nodes
Command:
clear cluster nodes [nodes-sn <candidate-sn-list> | mac-address <mac-addr>]
Function:
Clear the nodes in the candidate list found by the commander switch.
Parameters: c
andidate-sn-list: sn of candidate switches, ranging from 1 to 256. More than one candidate can be
specified.
mac-address: mac address of the switches (including all candidates, members and other
switches).
Default:
No parameter means to clear information of all switches.
Command Mode:
Admin Mode.
Usage Guide:
After executing this command, the information of this node will be deleted from the chain list saved
on commander switch. In 30 seconds, the commander will recreate a cluster topo logy and re-add
this node. But after being readded, the candidate id of the switch might change. The command can
only be executed on commander switches
Example:
Clear all candidate switch lists found by the comma nder sw it c h.
Switch#clear cluster nodes
2.2 cluster auto-add
Command:
cluster auto-add
no cluster auto-add
Function:
When this command is executed in the commander switch, the newly discovered candidate
switches will be added to the cluster as a member switch automatically; the “no cluster auto-add”
command disables this function.
Command mode:
Global Mode
Default:
This function is disabled by default. That means that the candidate switches are not automatically
added to the cluster.
Usage Guide:
After enabling this command on a commander switch, candidate switches will be automatically
added as members.
Example:
Enable the auto adding function in the commander switch.
Switch(config)#cluster auto-add
2.3 cluster commander
Command:
cluster commander [<cluster-name>]
no cluster commander
Function:
Set the switch as a commander switch, and create a cluster.
Parameter:
<cluster-name> is the cluster’s name, no longer than 32 characters.
Command mode:
Global Mode
Default:
Default setting is no comm and er sw itch. cl uster _na me is nul l by default.
Usage Guide:
This command sets the role of a switch as commander switch and creates a cluster , which can only
be executed on non commander switches. The cluster_name cannot be changed after the switch
becoming a commander, and “no cluster commander” should be executed first to do that. The no
operation of this command will cancel the commander configuration of the switch.
Example:
Set the current switch as the commander switch and name the cluster as switch.
Switch(config)#cluster commander switch
2.4 cluster ip-pool
Command:
cluster ip-pool <commander-ip>
no cluster ip-pool
Function:
Configure private IP address pool for member switches of the cluster.
Parameters:
commander-ip:
cluster IP address pool for allocating internal IP addresses of the cluster commander-ip is the head
address of the address pool, of which the valid format is 10.x.x.x, in dotted-decimal notation; the
address pool should be big enough to hold 128 members, which requires the last byte of addresses
to be less than 126(254 – 12 8 = 126). IP address pool sh ould n ev er be changed with commander
configured. The change can only be done after the “no cluster commander” command bein g
executed.
Command mode:
Global Mode
Default:
The default address pool is 10.254.254.1.
Usage Guide:
When candidate switches becomes cluster members, the commander switch allocates a private IP
address to each member for the communication within the cluster, and thus to realized its
management and maintenance of cluster me mber s. This command can only be used on
non-commander switches. Once the cluster established, users can not modify its IP address pool.
The NO command of this command will restore the address pool back to default value, which is
10.254.254.1.
Example:
Set the private IP address pool used by cluster member dev ices as 10.254.254.10
Switch(config)#cluster ip-pool 10.254.254.10
2.5 cluster keepalive interval
Command:
cluster keepalive interval <second>
no cluster keepalive interval
Function:
Configure the time interval of keepalive messages within the cluster.
Parameters:
<second>: keepalive time interval, in seconds, ranging from 3 to 30.
Default:
The default value is 30 seconds.
Command Mode:
Global Configuration Mode.
Usage Guide:
After executing this command on a commander switch, the value of the parameter will be distributed
to all member switches via the TCP connections between the commander and members.
After executing it on a non commander switch, the configuration value will be saved but not used
until the switch beco me s a co mma nder. Before t hat, i t s k eepalive interval is the one dis tr ib u ted by its
commander.
Commander will send DP messages withi n t he clu ster once in every keepalive interval. Members will
respond to the received DP messages with DR messages.
The no operation of this command will restore the keepalive interval in the cluster back to its default
value.
Example:
Set the keepalive interval in the cluster to 10 seconds.
Switch(config)#cluster keepalive interval 10
2.6 cluster keepalive loss-count
Command:
cluster keepalive loss-count<loss-count>
no cluster keepalive loss-count
Function:
Configure the max number of lost keepalive messages in a cluster that can be tolerated.
Parameters:
loss-count: the tolerable max number of lost messages, ranging from 1 to 10.
Default:
The default value is 3.
Command Mode:
Global Configuration Mode
Usage Guide:
After executing this command on a commander switch, the value of the parameter will be distributed
to all member switches via the TCP connections between the commander and members.
After executing it on a non commander switch, the configuration value will be saved but not used
until the switch becomes a commander. Before that, its loss-count value is the one distributed by its
commander.
commander calculates the loss-count after sending each DP message by adding 1 to the loss-count
of each switch and clearing that of a switch after receiving a DR message from the latter. When a
loss-count reaches the configured value (3 by default) without receiving any DR message, the
commander will delete the switch from its candidate chain list.
If the time that a member fails to receive DP messages from the commander reaches loss-count, it
will change its st at us to cand id ate.
The no operation of this command will restore the tolerable max number of lost keepalive messages
in the cluster back to its default value: 3.
Example:
Set the tolerable max number of lost keepalive messages in the cluster to 5.
Switch(config)#cluster keepalive loss-count 5
2.7 cluster member
Command:
cluster member {nodes-sn <candidate-sn-list> | mac-address <mac-addr> [id <member-id>]}
no cluster member {id <member-id> | mac-address <mac-addr>}
Function:
On a commander switch, manually add candidate switches into the cluster created by it.
Parameters:
nodes-sn:all cluster member switches as r ecorde d in a chai n list, eac h with a node sn w hich ca n be
viewed by “show cluster candidates” command. One or more candidates can be added as member
at one time. The valid range of candidate-sn-list is 1~256.
mac-address:the CPU Mac of candidate switches
member-id:A member id can be spec ifi ed to a candid ate as it becomes a memb er, ranging f rom 1 to
128, increasing from 1 by default.
nodes-sn is the automatically generated sn, which may change after the candidate becomes a
member. Members added this way will be actually treated as those added in mac-addr mode with all
config files in mac-addr mode.
If more than one switch is added as member simultaneously, no member-id is allowed; neither when
using nodes-sn mode.
Default:
None.
Command Mode:
Global Mode
Usage Guide:
After executing this command, the switch will add those identified in <nodes-sn> or
<mac-address>into the cluster it belongs to. One or more candidates are allowed at one time,
linked with ‘-‘ or ‘;’. A switch can on ly be member or commander of on e clu ster, ex clus ively. Attempts
to execute the command on a non commander switch will return error. The no operation of this
command will delete the specified member switch, and turn it back to a candidate.
Example:
In the commander switch, add the candidate switch which has the sequence number as 1. In the
commander switch, add the switch whose the mac address is 11-22-33-44-55-66 to member, and
the member-id is 5.
Switch(config)#cluster member nodes-sn 1
Switch(config)#cluster member mac-address 11-22-33-44-55-66 id 5
2.8 cluster member auto-to-user
Command:
cluster member auto-to-user
Function:
All members will be deleted when configuring no cluster aut o-add. Users need to change
automatically added members to manually added ones to keep them.
Parameter:
None.
Default:
None.
Command Mode:
Global Mode.
Usage Guide:
Execute this command on a switch to change automatically added members to manually added
ones.
Example:
change automatically added members to manually added ones.
Switch(config)#cluster member auto-to-user
2.9 cluster reset member
Command:
cluster reset member [id <member-id> | mac-address <mac-addr>]
Function:
In the commander switch, this command can be used to reset the member switch.
Parameter:
member-id: ranging from 1 to 128. Use hyphen “-” or semicolon “;” to specify more than one
member; if no value is provided, it means to reboot all member switches.
Default:
Boot all member switches.
Command mode:
Admin Mode.
Instructions:
In the commander switch, users can use this command to reset a member switch. If this command
is executed in a non-commander switch, an error will be displayed.
Example:
In the commander switch, reset the member switch 1.
Switch#cluster reset member 1
2.10 cluster run
Command:
cluster run [key <WORD>][ vid <VID>]
no cluster run
Function:
Enable cluster function; the “no cluster run” command disables cluster function.
Parameter:
key:all keys in one cluster should be the same, no longer than 16 characters.
vid:vlan id of the cluster, whose range is 1-4094.
Command mode:
Global Mode
Default:
Cluster function is disabled by default, key: NULL(\0) vid:1.
Instructions:
Keywords
source or destination address
startup-config
start the configuration file
nos.img
system file
This command enables cluster function. Cluster functi on ha s to be enabled before implementing any
other cluster commands. The “no cluster run” disables c luster function. It is recommended that
users allocate an exclusive vlan for cluster(such as vlan100)
Note:Routing protocols should be disabled on the layer-3 interface where cluster vlan locates to
avoid broadcasting private route of the cluster.
Example:
Disable cluster function in the local switch.
Switch (config)#no cluster run
2.11 cluster update member
Command:
cluster update member <member-id> <src-url> <dst-filename> [ascii | binary]
Function:
Remotely upgrade member switches from the co mma nder switch.
Parameters:
member-id:ranging from 1 to 128. Use hyphen “-” or semicolon “;” to specify more than one
member;
src-url:the location of source files to be copied;
dst-filename:the specified filename for saving the file in the switch flash;
ascii means that the file transmission follows ASCII standard; binary m ean s that th e fil e t r ans mis si on
follows binary standard, which is de default mode.
when src-url is a FTP address, its form will be:
ftp://<username>:<password>@<ipadress>/<filename>,in which <username> is the FTP
username <password> is the FTP password <ipadress> is the IP address of the FTP
server,<filename> is the name of the file to be downloaded via FTP.
when src-url is a TFTP address, its form will be: tftp://<ipadress>/<filename>,in which <ipadress>is
the IP address of the TFTP server <filename> is the name of the file to be downloaded via.
Special keywords used in filename:
Command mode:
Admin Mode
Usage Guide:
The commander distributes the remote upgrade command to members via the TCP connections
between them, causing the number to implement the remote upgrade and reboot. Trying to execute
this command on a non-commander switch will return error s . If users want to upgrade more than
one member, the se sw itches should be the same type to avoid boot failure induced by mismatched
IMG files.
Example:
Remotely upgrade a member sw itch from t he com mander switch, w ith the member-id being 1, src-ul
being ftp://admin:admin@192.168.1.1/nos.img, and dst-url being nos.img
Switch#cluster update member 1 ftp://admin:admin@192.168.1.1/nos.img nos.img
2.12 debug cluster
Command:
debug cluster {statemachine | application | tcp}
no debug cluster {statemachine | application | tcp}
Function:
Enable the application debug of cluster; the no operation of this command will disable that.
Parameters:
statemachine: print debug information when the switch status changes.
application: print debug information when there are users trying to configure the switch after logging
onto it via SNMP, WEB.
tcp: the TCP connection information between the commander members.
Default:
None.
Command Mode:
Admin Mode.
Usage Guide:
None.
Example:
Enable the debug information of status change on the switch.
Swtich#debug cluster statemachine
2.13 debug cluster packets
Status: Enabled
Command:
debug cluster packets {DP | DR | CP} {receive | send}
no debug cluster packets {DP | DR | CP} {receive | send}
Function:
Enable the debug information; the no command disables the debug switch.
Parameters:
DP: discovery messages.
DR: responsive messages.
CP: command messages.
receive: receive messages.
send: send messages.
Default:
None.
Command Mode:
Admin Mode.
Usage Guide:
Enable the debug information of cluster messages. After ena bling classification, all DP, DR and CP
messages sent or received in the cluster will be printed.
Example:
Enable the debug information of receiving DP messages.
Switch#debug cluster packets DP receive
2.14 show cluster
Command:
show cluster
Function:
Display cluster information of the switch.
Command Mode:
Admin and Configuration Mode.
Example:
Execute this command on switches of different roles.
Switch#show cluster
Cluster VLAN: 1
Status: Disabled
Role: commander
IP pool: 10.254.254.1
Cluster name: MIS_zebra
Keepalive interval: 30
Keepalive loss-count: 3
Auto add: Disabled
Number of Members: 0
Number of Candidates: 3
----in a member ---------------------------Switch#show cluster
Status: Enabled
Cluster VLAN: 1
Role: Member
Commander Ip Address: 10.254.254.1
Internal Ip Address: 10.254.254.2
Commamder Mac Address: 00-12-cf-39-1d-90
---- a candidate ---------------------------Switch#show cluster
Status: Enabled
Cluster VLAN: 1
Role: Candidate
---- disabled ---------------------------Switch#show cluster
2.15 show cluster members
Command:
show cluster members [id <member-id> | mac-address <mac-addr>]
Function:
Display member information of a cluster. This command can only apply to comman der switches.
Parameters:
member-id: member id of the switch.
mac-addr: the CPU mac addresses of member switches.
Default:
No parameters means to display information of all member switches.
Command Mode:
Admin and Configuration Mode.
Usage Guide:
Executing this command on a commander switch will display the configuration information of all
cluster member sw i tches.
Example:
Execute this command on a commander switch to display the configuration information of all and
specified cluster member switches.
Switch#show cluster members
Member From : User config(U); Auto member (A)
ID From Status Mac Hostname Description Internal IP
--- - ----------- ----------------- ------------ ------------ --------------xxx x xxxxxxxxxx12 xx-xx-xx-xx-xx-xx xxxxxxxxxx12 xxxxxxxxxx12 xxx.xxx.xxx.xxx
1 U Inactive 00-01-02-03-04-05 MIS_zebra WGSW-50040 10.254.254.2
2 A Active 00-01-02-03-04-05 MIS_bison WGSW-50040 10.254.254.3
3 U Active 00-01-02-03-04-05 SRD_jaguar WGSW-50040 10.254.254.4
4 A Inactive 00-01-02-03-04-05 HRD_puma WGSW-50040 10.254.254.5
---Switch#show cluster members id 1
Cluster Members:
ID: 1
Member status: Inactive member (user_config)
IP Address: 10.254.254.2
MAC Address: 00-01-02-03-04-06
Description: WGSW-50040
Hostname: 102
2.16 show cluster candidates
Command:
show cluster candidates [nodes-sn <candidate-sn-list> | mac-address <mac-addr>]
Function:
Display the statistic information of the candidate member switches on the command switch
Parameter:
candidate-sn-list:candidate switch sn, ranging from 1 to 256. More than one switch can be
specified.
mac-address: mac address of the candidate switch
Default:
No parameters means to display information of all member switches.
Command Mode:
Admin and Configuration Mode.
Usage Guide:
Executing this command on the switch will display the information of the candidate member
switches.
Example:
Display configuration information of all cluster candidate switches.
Switch#show cluster candidates
Cluster Candidates:
SN Mac Description Hostname
--- ----------------- ------------------------ -----------------------xxx xx-xx-xx-xx-xx-xx xxxxxxxxxxxxxxxxxxxxxx24 xxxxxxxxxxxxxxxxxxxxxx24
1 00-01-02-03-04-06 WGSW-50040
2 01-01-02-03-04-05 WGSW-50040 MIS_zebra
2.17 show cluster topology
Command:
show cluster topology [root-sn <starting-node-sn> | nodes-sn <node-sn-list> | mac-address
<mac-addr>]
Function:
Display cluster topology information. This command only applies to commander switches.
Parameters:
starting-node-sn:the starting node of the topology.
node-sn-list:the switch node sn.
mac-addr:the CPU mac address of the switch.
No parameters means to display all topology information.
Command Mode:
Admin and Configuration Mode.
Usage Guide:
Executing this command on the commander switch will display the topology information with its
starting node specified.
Example:
Description: WGSW-50040
Execute this command on the com man der switch to display the topology information under differ ent
conditions.
Switch#show cluster topology
Role: commander(CM);Member(M);Candidate(CA);Other commander(OC);Other member(OM)
LV SN Description Hostname Role MAC_ADDRESS Upstream Upstream
leaf
local-port remote-port node
== ============ ============ == ================= ============ ============ =
x xxx xxxxxxxxxx12 xxxxxxxxxx12 xx xx-xx-xx-xx-xx-xx xxxxxxxxxx12 xxxxxxxxxx12 x
1 1 WGSW-50040 LAB_SWITCH_1 CM 01-02-03-04-05-01 -root- -root- -
2 WGSW-50040 LAB_SWITCH_2 M 01-02-03-04-05-02 eth 1/1 eth 1/2 N
3 WGSW-50040 LAB_SWITCH_3 CA 01-02-03-04-05-03 eth 1/1 eth 1/3 Y
4 WGSW-50040 LAB_SWITCH_4 CA 01-02-03-04-05-04 eth 1/1 eth 1/4 Y
................................................................................
2 2 WGSW-50040 LAB_SWITCH_2 M 01-02-03-04-05-02 eth 1/1 eth 1/2 5 WGSW-50040 LAB_SWITCH_1 OC 01-02-03-04-05-13 eth 1/1 eth 1/2 Y
6 WGSW-50040 LAB_SWITCH_1 OM 01-02-03-04-05-14 eth 1/1 eth 1/3 Y
----------------------------------------------------------
Switch#show cluster topology root-sn 2
Role: commander(CM);Member(M);Candidate(CA);Other commander(OC);Other member(OM)
SN Description Hostname Role MAC_ADDRESS Upstream Upstream
leaf
local-port remote-port node
== ============ ============ == ================= ============ ============ =
* 2 WGSW-50040 LAB_SWITCH_2 M 01-02-03-04-05-02 eth 1/1 eth 1/2 5 WGSW-50040 LAB_SWITCH_1 OC 01-02-03-04-05-13 eth 1/1 eth 1/2 Y
6 WGSW-50040 LAB_SWITCH_1 OM 01-02-03-04-05-14 eth 1/1 eth 1/3 Y
----------------------------------------------
Switch#show cluster topology nodes-sn 2
Toplogy role: Member
Member status: Active member (user-config)
SN: 2
MAC Address: 01-02-03-04-05-02
Hostname : LAB_SWITCH_2
Upstream local-port: eth 1/1
Upstream node: 01-02-03-04-05-01
Upstream remote-port:eth 1/2
Upstream speed: 100full
Switch#
---------------------------------------------Switch#show cluster topology mac-address 01-02-03-04-05-02
Toplogy role: Member
Member status: Active member (user-config)
SN: 2
MAC Address: 01-02-03-04-05-02
Description: WGSW-50040
Hostname : LAB_SWITCH_2
Upstream local-port: eth 1/1
Upstream node: 01-02-03-04-05-01
Upstream remote-port:eth 1/2
Upstream speed: 100full
2.18 rcommand commander
Command:
rcommand commander
Function:
In the member switch, use this command to configure the commander switch.
Command mode:
Admin Mode.
Instructions:
This command is used to configure the commander switch remotely. Users have to telnet the
commander switch by passing the authentication. The command “exit” is used to quit the
configuration interface of the commander switch. This command can only be executed on member
switches.
Example:
In the member switch, enter the configuration interface of the commander switch.
Switch#rcommand comman der
2.19 rcommand member
Command:
rcommand member <mem-id>
Function:
In the commander switch, this command is used to remotely manage the member switches in the
cluster.
Parameter:
<mem-id> commander the member id allocated by commander to each member, whose range is
1~128.
Command mode:
Admin Mode.
Usage Guide:
After executing this command, users will remotely login to a member switch and enter Admin Mode
on the latter. Use exit to quit the configuration interface of the member. Because of the use of
internal private IP, telnet authentication will be omitted on member switches. This command can
only be executed on commander switches.
Example:
In the commander switch, enter the configuration interface of the member switch with mem-id 1.
Switch#rcommand member 1
Chapter 3 Commands for
Switch(Config-If-Port-Range)#bandwidth control 40000 both
Network Port Configuration
3.1 Commands for Ethernet Port Configuration
3.1.1 bandwidth
Command:
bandwidth control <bandwidth> {transmit | receive | both}
no bandwidth control
Function:
Enable the bandwidth li mit functio n on the port; the no command disables this function.
Parameter:
<bandwidth> is the bandwidth limit, which is shown in Mbps ranging between 1-1000000K;
both refers to the bandwidth limit when the port receives and sends data,
receive refers to the bandwidth limit will only performed when the switch receives dat a fro m o ut side,
while transmit refers to the function will be perform on sending only.
Command Mode:
Port Mode.
Default:
Bandwidth limit disabled by default.
Usage Guide:
When the bandwidth limit is enabled with a size set, the max bandwidth of the port is determined by
this size other than by 10/100/1000M. If [both | receive | transmit] keyword is not specified, the
default is both.
The bandwidth limit can not exceed the physic maximum speed possible on the port. For
example, an 10/100M Ethernet port can not be set to a bandwidth limit at 101000K (or
higher), but applicable on a 10/100/1000 port working at a speed of 100M.
Example:
Set the bandwidth limit of 1/1-8 port is 40000K.
Switch(config)#interface ethernet 1/1-8
3.1.2 combo-forced-mode
forced
preferred
not connected
port
port
port
port
not connected
port
port
port
port
Command:
combo-forced-mode {copper-forced | copper-preferred-auto | sfp-forced |
sfp-preferred-auto }
Function:
Sets to combo port mode (combo ports only).
Parameters:
copper-forced forces use of copper cable port;
copper-preferred-auto for copper cable port first;
sfp-forced forces use of fiber cable port;
sfp-preferred-auto for fiber cable port first.
Command mode:
Port Mode.
Default:
The default setting for combo mode of combo ports is fiber cable port first.
Usage Guide:
The combo mode of combo ports and the port conne cti on co nditi on determines the active port of the
combo ports. A combo port consists of one fiber port and a copper cable port. It should be noted that
the speed-duplex command applies to the copper cable port while the negotiation command applies
to the fiber cable port, they should not conflict. For combo ports, only one, a fiber cable port or a
copper cable port, can be active at a time, and only this port can send and receive data normally.
For the determination of the a c t iv e port i n a combo port, see the tab le b elow. The headline row in the
table indicates the combo mode of the combo port, while the first column indicates the connection
conditions of the combo port, in which “connected” refers to a good connection of fiber cable port or
copper cable port to the other devices.
Fiber connected, copper
Copper connected, fiber
Both fiber and copper are
connected
Copper
Copper cable
Copper cable
Copper cable
port
Copper
Fiber cable
Copper cable
Copper cable
port
SFP forced SFP preferred
Fiber cable
Fiber cable
Fiber cable
port
Fiber cable
Copper cable
Fiber cable
port
Neither fiber nor copper
are connected
Copper cable
port
Fiber cable
port
Fiber cable
port
Fiber cable
port
1. Combo port is a conception involving the physical layer and the LLC sublayer of the
sublayer of the datalink layer and upper layers. If the bandwidth limit for a combo port
is 1Mbps, then this 1Mbps applies to the active port of this combo port, regardless of
If a combo port connects to another combo por t, it i s re co mm ended for both parties to
Hardware is Gigabit-combo, active is fiber.
Switch(Config-Port-Range)#combo-forced-mode sfp-forced
datalink layer. The status of a combo port will not affect any operation in the MAC
Example:
Setting ports 1/21-24 to fiber-forced.
Switch(config)#interface ethernet 1/21-24
the port type being copper or fiber.
2.
use copper-forced or fiber-forced mode.
Run show interface under Admin Mode to check for the active port of a combo port .The
following result indicates if the active port for a combo port is the fiber cable port:
3.1.3 clear counters interface
Command:
clear counters interface [{ethernet <interface-list> | vlan <vlan-id> | port-channel
<port-channel-number> | <interface-name>}]
Function:
Clears the statistics of the specifi ed port.
Parameters:
<interface-list> stands for the Ethernet port number;
<vlan-id> stands for the VLAN interface number;
<port-channel-number> for trunk interface number;
<interface-name> for interface name, such as port-channel 1.
Command mode:
Admin Mode.
Default:
Port statistics are not cleared by default.
Usage Guide:
If no port is specified, then statistics of all ports will be cleared.
Example:
Clearing the statistics for Ethernet port1/1.
Switch#clear counters interface ethernet 1/1
3.1.4 flow control
cards in the switch. When enable the port f low con tr ol fun cti o n, s peed an d d uplex mode of
both ends should be the same.
Switch(Config-Port-Range)#flow control
Command:
flow control
no flow control
Function:
Enables the flow control function for the port: the “no flow control” command disables the flow
control function for the port.
Command mode:
Port Mode.
Default:
Port flow control is disabled by default.
Usage Guide:
After the flow control function is enabled, the port will notify the sending device to slow down the
sending speed to prevent packet loss when traffic received exceeds the capacity of port cache.
Ports support IEEE802.3X flow control; the ports work in half-dupl ex mode, supporting
back-pressure flow control. If flow control results in serious HOL, the switch will automatically start
HOL control (discarding some packets in the COS queue that may result in HOL) to prevent drastic
degradation of network performance.
Port flow control function is not recommended unless the users need a slow speed, low
performance network with low packet loss. Flow control will not work between different
Example:
Enabling the flow control function in ports1/1-8.
Switch(config)#interface ethernet 1/1-8
3.1.5 interface ethernet
Command:
interface ethernet <interface-list>
Function:
Enters Ethernet Port Mode from Global Mode.
Parameters:
<interface-list> stands for port number.
Command mode:
Global Mode
Usage Guide:
Run the exit command to exit the Ethernet Port Mode to Global Mode.
Example:
Entering the Ethernet Port Mode for ports1/1, 1/4-5, 1/8.
Switch(config)#interface ethernet 1/1, 1/4-5, 1/8
Switch(Config-Port-Range)#
3.1.6 loopback
Command:
loopback
no loopback
Function:
Enables the loopback test function in an Ethernet port; the “no loopback” command disables the
loopback test on an Ethernet port.
Command mode:
Port Mode.
Default:
Loopback test is disabled in Ethernet port by default.
Usage Guide:
Loopback test can be used to verify the Ethernet ports are working normally. After loopback has
been enabled, the port will assume a connection established to itself, and all traffic sent from the
port will be received at the very same port.
Example:
Enabling loopback test in Ethernet ports 1/1-8.
Switch(config)#interface ethernet 1/1-8
Switch(Config-If-Port-Range)#loopback
3.1.7 mdi
Command:
mdi { auto | across | normal }
no mdi
Function:
Sets the cable types supported by the Ethernet port; the “no mdi” command sets the cable type to
auto-identification. This command is not supported on combo ports and fiber ports.
Parameters:
auto indicates auto identification of cable types;
across indicates crossover cable suppor t only ;
normal indicates straight-through cable support only.
Command mode:
Port Mode.
Default:
Port cable type is set to auto-identification by default.
Usage Guide:
Auto-identification is recommended. Generally, straight-through cable is used for switch-PC
connection and crossover cable is used for switch-switch connection.
Example:
Setting the cable type support of Ethernet ports 1/1-8 to straight-through cable only.
Switch(config)#interface ethernet 1/1-8
Switch(Config-Port-Range)#mdi normal
3.1.8 name
Command:
name <string>
no name
Function:
Set name for specified port; the “no name” command cancel s this conf igur atio n.
Parameter:
<string> is a character string, which should not exceeds 32 charac ters .
Command Mode:
Port Mode.
Default:
No port name by default.
Usage Guide:
This command is for helping the user manage switches, such as the user assign names according
to the port application, e.g. financial as the name of 1/1-2 ports which is used by financial
department, engineering as the name of 1/9 ports which belongs to the engineering department,
while the name of 1/12 ports i s ass ign ed w ith S erv er, which is because they connect ed t o t h e serv er.
In this way the port distribution state will be brought to the table.
Example:
Specify the name of 1/1-2 port as financial.
Switch(config)#interface ethernet 1/1-2
Switch(Config-If-Port-Range)#name financial
3.1.9 negotiation
Command:
negotiation {on|off}
Function:
Enables/Disables the auto-negotiation function of a 1000Base-FX port.
Parameters:
on: enables the auto-negotiation;
off: disable the auto-negotiation.
Command mode:
Port configuration Mode.
Default:
Auto-negotiation is enabled by default.
Usage Guide:
This command applies to 1000 B ase-FX interface only. The negotiation command is not available
for 1000Base-TX or 100Base-TX interface. For combo port, this command applies to the
1000Base-FX port only but has no effect on the 1000Base-TX port. T o cha nge the negotiation mode,
speed and duplex mode of 1000Base-TX port, use speed-duplex command instead.
Example:
Port 1 of Switch1 is connect ed to por t 1 of Switch2, the following will disable the negotiation for bot h
ports.
Switch1(config)#int erface ethernet1/1
Switch1(Config-If-Ethernet1/1)#negotiation off
Switch2(config)#int erface ethernet1/1
Switch2(Config-If-Ethernet1/1)#negotiation off
3.1.10 port-scan-mode
Command:
port-scan-mode {interrupt | poll}
no port-scan-mode
Function:
Configure the scan mode of the port as “interrupt” or “poll”, the no command restores the default
scan mode.
Parameters:
interrupt: the interrupt mode;
poll: the poll mode.
Command mode:
Global Mode.
Default:
Poll mode.
Usage Guide:
There are two modes that can respond up/down event of the port. The interrupt mod e mean s that
interrupt hardware to announce the up/down change, the poll mode means that software poll can
obtain the port event, the first mode is rapid. If using poll mode, the convergence time of MRPP is
several hundred milliseconds, if using interrupt mode, the convergence time is less than 50
milliseconds.
The scan mode of the port usually configured as poll mode, the interrupt mode is only
used to the environment of the good performance, but the security of the poll mode is
better.
Example:
Configure the scan mode of the port as interrupt mode.
Switch(config)#port-scan-mode interrupt
3.1.11 rate-suppression
Command:
rate-suppression {dlf | broadcast | multicast} <packets>
no rate-suppression {dlf | broadcast | multicast}
Function:
Sets the traffic limit for broadcasts, multicasts and unknown destination unicasts on all ports in the
switch; the no command disables this traffic throttle function on all ports in the switch, i.e., enables
broadcasts, multicasts and unknown destination unicasts to pass through the switch at line speed.
Parameters:
use dlf to limit unicast traffic for unknown destination; multicast to limit multicast traffic; broadcast to
limit broadcast tr affic. <packets> is the limit of packet nu mbe r, ranging from 1 to 1488905. For
non-10GB ports, the unit of <packets> is PPS, that is, the value of <packets> is the number of
packets allowed to pass per second; for 10GB ports, the unit is KPPS, that is, the value of
<packets> multiplie s 1000 ma kes the num ber of packets allowed, so the value should be less than
14880.
Command mode:
Port Mode.
Default:
No limit is set by default. So, broadcasts, multicasts and unknown destination unicasts are allowed
to pass at line speed.
Usage Guide:
All ports in the switch belong to a same broadcast domain if no VLAN has been set. The switch will
send the above mentioned three traffics to all ports in the broadcast domain, which may result in
broadcast storm and so may greatly degrade the switch performance. Enabling Broadcast Storm
Control can better protect the switch from broadcast storm. Note the difference of this command in
10Gb ports and other ports. If the allowed traffic is set to 3, this means allow 3,120 packets per
second and discard the rest for 10Gb ports. However, the same setting for non-10Gb ports means
to allow 3 broadcast packets per second and discard the rest.
Example:
Setting ports 8-10 (1000Mbps) allow 3 broadcast packets per second.
Switch(config)#interface ethernet 1/8-10
Switch(Config-Port-Range)#rate-suppression broadcast 3
3.1.12 rate-violation
Command:
rate-violation <packets> [recovery <time>]
no rate-violation
Function:
Enable the limit on packet rec eptio n rat e functi on, and set the packet reception rate in one sec ond,
the no command delete the function of limit on pac ket rec ept ion ra te.
The rate-violation means the packet reception rate, that is, the number of received packets per
second, regardless of their type.
Parameters:
<packets> the max number of packets allowed to pass through the port.
recovery: means after a period of time the port can recover “Shutdown” to “UP” again.
<time> is the timeout of recovery. For example, if the shutdown of a port happens after the packet
reception rate exceeding the limit, the port will be “up” again when the user-defined timeout period
expires. The default timeout is 300s, while 0 means the recovery will never happen.
Command Mode:
Switch(Config-Port-Range)#rate-violation 10000 recovery 1200
Port Mode
Default:
There is no limit on packet reception rate by default.
Usage Guide:
This command is mainly used to detect the abn orma l po r t fl o w. For example, when there are a large
number of broadcast messages caused by a loop, which affect the processing of other tasks of the
switch, the port will be shut down to guarantee the normal operation of the switch.
Example:
If users set the rate-violation of port 8-10 (GB ports) of the switch as 10000pps and the port
recovery time as 1200 seconds, when the packet reception rate exceeds 10000, the port will but
shut down, and then, after 1200 seconds, the port will be UP again.
Switch(config)#interface ethernet 1/8-10
3.1.13 show interface
Command:
show interface [ethernet <interface-number> | port-channel <port-channel-number> |
loopback <loopback-id> | vlan <vlan-id> | tunnel <tunnel-id> | <interface-name> ] [detail]
show interface ethernet status
show interface ethernet counter {packet | rate}
Function:
Show information of layer 3 or layer 2 port on the switch
Parameter:
<vlan-id> is the VLAN interface number,the value range from 1 to 4094. <tunnel-number> is the
tunnel number, the value r ange fr om 1 to 50. < loopba ck-id> is the loo p back num ber,the value r ang e
from 1 to 1024. <interface-number> is the port number of the Ethernet, status show important
information of all the layer 2 ports. counter {packet | rate} show package number or rate statistics of
all layer 2 ports.
<port-channel-number> is the number of the aggregation interface,
<interface-name> is the name of the interface such as port-channel1.
[detail] show the detail of the por t.
Command Mode:
Admin and Configuration Mode.
Default:
Information not displayed by default
Loading...