Intelligent Ethernet Switches
Versions: 3.79, 3.80, 3.90, 4.00, 4.10
Edition 3, 02/2014
Quick Start Guide
CLI Reference Guide
Default Login Details
Out-Of-Band Mgt Port |
http://192.168.0.1 |
|
|
In-Band Ports |
http://192.168.1.1 |
|
|
User Name |
admin |
|
|
Password |
1234 |
|
|
Copyright © 2011
Copyright © 2013 ZyXEL Communications Corporation
ZyXEL Communications Corporation
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a Reference Guide for a series of products. Not all products support all firmware features. Screenshots, graphics and commands in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Related Documentation
•User’s Guide
The User’s Guide explains how to use the Web Configurator to configure the Switch.
It is recommended you use the Web Configurator to configure the Switch.
About This CLI Reference Guide
Intended Audience
This manual is intended for people who want to configure ZyXEL Switches via Command Line Interface (CLI).
The version number on the cover page refers to the latest firmware version supported by the ZyXEL Switches. This guide applies to version 3.79, 3.80, 3.90, 4.00 and 4.10 at the time of writing.
This guide is intended as a command reference for a series of products.
Therefore many commands in this guide may not be available in your product. See your User’s Guide for a list of supported features and details about feature implementation.
Please refer to www.zyxel.com for product specific User Guides and product certifications.
How To Use This Guide
•Read the How to Access the CLI chapter for an overview of various ways you can get to the command interface on your Switch.
•Use the Reference section in this guide for command syntax, description and examples. Each chapter describes commands related to a feature.
•To find specific information in this guide, use the Contents Overview, the Index of Commands, or search the PDF file. E-mail techwriters@zyxel.com.tw if you cannot find the information you require.
Ethernet Switch CLI Reference Guide
3 |
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this CLI Reference Guide.
Warnings tell you about things that could harm you or your device. See your User’s Guide for product specific warnings.
Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
4 |
Syntax Conventions
This manual follows these general conventions:
•ZyXEL’s switches may be referred to as the “Switch”, the “device”, the “system” or the “product” in this Reference Guide.
•Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
Command descriptions follow these conventions:
• |
Commands are in courier new font. |
• |
Required input values are in angle brackets <>; for example, ping <ip> means that you |
|
must specify an IP address for this command. |
• |
Optional fields are in square brackets []; for instance show logins [name], the name |
|
field is optional. |
|
The following is an example of a required field within an optional field: snmp-server |
|
[contact <system contact>], the contact field is optional. However, if you |
|
use contact, then you must provide the system contact information. |
•Lists (such as <port-list>) consist of one or more elements separated by commas. Each element might be a single value (1, 2, 3, ...) or a range of values (1-2, 3-5, ...) separated by a dash.
•The | (bar) symbol means “or”.
•italic terms represent user-defined input values; for example, in snmp-server [contact <system contact>], system contact can be replaced by the administrator’s name.
•A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “Enter” or “Return” key on your keyboard.
Ethernet Switch CLI Reference Guide
Document Conventions
•<cr> means press the [ENTER] key.
•An arrow (-->) indicates that this line is a continuation of the previous line.
Command summary tables are organized as follows:
Table 1 Example: Command Summary Table
COMMAND |
DESCRIPTION |
M |
P |
show vlan |
Displays the status of all VLANs. |
E |
3 |
vlan <1-4094> |
Enters config-vlan mode for the specified VLAN. Creates the |
C |
13 |
|
VLAN, if necessary. |
|
|
inactive |
Disables the specified VLAN. |
C |
13 |
no inactive |
Enables the specified VLAN. |
C |
13 |
no vlan <1-4094> |
Deletes a VLAN. |
C |
13 |
The Table title identifies commands or the specific feature that the commands configure. The COMMAND column shows the syntax of the command.
•If a command is not indented, you run it in the enable or config mode. See Chapter 2 on page 14 for more information on command modes.
•If a command is indented, you run it in a sub-command mode.
The DESCRIPTION column explains what the command does. It also identifies legal input values, if necessary.
The M column identifies the mode in which you run the command.
•E: The command is available in enable mode. It is also available in user mode if the privilege level (P) is less than 13.
•C: The command is available in config (not indented) or one of the sub-command modes (indented).
The P column identifies the privilege level of the command. If you don’t have a high enough privilege level you may not be able to view or execute some of the commands. See Chapter 2 on page 14 for more information on privilege levels.
Ethernet Switch CLI Reference Guide
5 |
Contents Overview
Introduction .............................................................................................................................. |
9 |
How to Access and Use the CLI ................................................................................................. |
11 |
Privilege Level and Command Mode ......................................................................................... |
14 |
Initial Setup ................................................................................................................................ |
19 |
Reference A-G ........................................................................................................................ |
22 |
AAA Commands ........................................................................................................................ |
24 |
ARP Commands ........................................................................................................................ |
27 |
ARP Inspection Commands ...................................................................................................... |
29 |
ARP Learning Commands ......................................................................................................... |
34 |
Bandwidth Commands .............................................................................................................. |
35 |
Broadcast Storm Commands ..................................................................................................... |
38 |
CFM Commands ....................................................................................................................... |
41 |
Classifier Commands ................................................................................................................ |
50 |
Cluster Commands .................................................................................................................... |
53 |
Date and Time Commands ........................................................................................................ |
56 |
Data Center Bridging Commands .............................................................................................. |
59 |
DHCP Commands ..................................................................................................................... |
67 |
DHCP Snooping & DHCP VLAN Commands ............................................................................ |
72 |
DiffServ Commands ................................................................................................................... |
76 |
Display Commands ................................................................................................................... |
77 |
DVMRP Commands .................................................................................................................. |
78 |
Error Disable and Recovery Commands ................................................................................... |
80 |
Ethernet OAM Commands ........................................................................................................ |
84 |
External Alarm Commands ........................................................................................................ |
90 |
GARP Commands ..................................................................................................................... |
92 |
Green Ethernet Commands ....................................................................................................... |
94 |
GVRP Commands ..................................................................................................................... |
98 |
Reference H-M ........................................................................................................................ |
99 |
HTTPS Server Commands ...................................................................................................... |
101 |
IEEE 802.1x Authentication Commands ................................................................................. |
105 |
IGMP and Multicasting Commands ......................................................................................... |
108 |
IGMP Snooping Commands ..................................................................................................... |
111 |
IGMP Filtering Commands ....................................................................................................... |
118 |
Interface Commands ............................................................................................................... |
120 |
Interface Route-domain Mode ................................................................................................. |
125 |
6 |
Ethernet Switch CLI Reference Guide
|
Contents Overview |
IP Commands .......................................................................................................................... |
126 |
IP Source Binding Commands ................................................................................................ |
130 |
IPv6 Commands ...................................................................................................................... |
132 |
Layer 2 Protocol Tunnel (L2PT) Commands ........................................................................... |
155 |
Link Layer Discovery Protocol (LLDP) Commands ................................................................. |
158 |
Load Sharing Commands ........................................................................................................ |
170 |
Logging Commands ................................................................................................................ |
172 |
Login Account Commands ...................................................................................................... |
173 |
Loopguard Commands ............................................................................................................ |
175 |
MAC Address Commands ....................................................................................................... |
177 |
MAC Authentication Commands ............................................................................................. |
179 |
MAC Filter Commands ............................................................................................................ |
181 |
MAC Forward Commands ....................................................................................................... |
183 |
MAC Pinning Commands ........................................................................................................ |
184 |
Mirror Commands .................................................................................................................... |
186 |
MRSTP Commands ................................................................................................................. |
190 |
MSTP Commands ................................................................................................................... |
192 |
Multiple Login Commands ....................................................................................................... |
197 |
MVR Commands ..................................................................................................................... |
198 |
Reference N-S ...................................................................................................................... |
200 |
OSPF Commands ................................................................................................................... |
202 |
Password Commands ............................................................................................................. |
208 |
PoE Commands ...................................................................................................................... |
210 |
Policy Commands .................................................................................................................... |
214 |
Policy Route Commands ......................................................................................................... |
218 |
Port Security Commands ......................................................................................................... |
220 |
Port-based VLAN Commands ................................................................................................. |
222 |
PPPoE IA Commands ............................................................................................................. |
223 |
Private VLAN Commands ........................................................................................................ |
229 |
Protocol-based VLAN Commands ........................................................................................... |
234 |
Queuing Commands ................................................................................................................ |
236 |
RADIUS Commands ................................................................................................................ |
240 |
Remote Management Commands ........................................................................................... |
242 |
RIP Commands ....................................................................................................................... |
245 |
RMON ...................................................................................................................................... |
247 |
Running Configuration Commands ......................................................................................... |
253 |
sFlow ....................................................................................................................................... |
255 |
Smart Isolation Commands ..................................................................................................... |
257 |
SNMP Server Commands ....................................................................................................... |
261 |
STP and RSTP Commands ..................................................................................................... |
265 |
SSH Commands ...................................................................................................................... |
269 |
Static Multicast Commands ..................................................................................................... |
271 |
Ethernet Switch CLI Reference Guide
7 |
Contents Overview |
|
Static Route Commands .......................................................................................................... |
273 |
Subnet-based VLAN Commands ............................................................................................ |
276 |
Syslog Commands .................................................................................................................. |
278 |
Reference T-Z ....................................................................................................................... |
279 |
TACACS+ Commands ............................................................................................................. |
281 |
Tech Support Commands ........................................................................................................ |
282 |
TFTP Commands .................................................................................................................... |
285 |
Trunk Commands .................................................................................................................... |
286 |
trTCM Commands ................................................................................................................... |
289 |
VLAN Commands .................................................................................................................... |
292 |
VLAN IP Commands ............................................................................................................... |
298 |
VLAN Mapping Commands ..................................................................................................... |
300 |
VLAN Port Isolation Commands .............................................................................................. |
302 |
VLAN Stacking Commands ..................................................................................................... |
303 |
VLAN Trunking Commands ..................................................................................................... |
306 |
VRRP Commands ................................................................................................................... |
307 |
Additional Commands .............................................................................................................. |
311 |
Appendices and Index of Commands ................................................................................ |
323 |
8 |
Ethernet Switch CLI Reference Guide
PART I
How to Access and Use the CLI (11)
Privilege Level and Command Mode (14)
Initial Setup (19)
9
10
1
This chapter introduces the command line interface (CLI).
Use any of the following methods to access the CLI.
1Connect your computer to the console port on the Switch using the appropriate cable.
2Use terminal emulation software with the following settings:
Table 2 Default Settings for the Console Port
SETTING |
DEFAULT VALUE |
Terminal Emulation |
VT100 |
|
|
Baud Rate |
9600 bps |
|
|
Parity |
None |
|
|
Number of Data Bits |
8 |
|
|
Number of Stop Bits |
1 |
|
|
Flow Control |
None |
|
|
3Press [ENTER] to open the login screen.
1Connect your computer to one of the Ethernet ports.
2Open a Telnet session to the Switch’s IP address. If this is your first login, use the default values.
Table 3 Default Management IP Address
SETTING |
DEFAULT VALUE |
IP Address |
192.168.1.1 |
|
|
Subnet Mask |
255.255.255.0 |
|
|
Make sure your computer IP address is in the same subnet, unless you are accessing the Switch through one or more routers.
Ethernet Switch CLI Reference Guide
11 |
Chapter 1 How to Access and Use the CLI
1.1.3 SSH
1Connect your computer to one of the Ethernet ports.
2Use a SSH client program to access the Switch. If this is your first login, use the default values in Table 3 on page 11 and Table 4 on page 12. Make sure your computer IP address is in the same subnet, unless you are accessing the Switch through one or more routers.
Use the administrator username and password. If this is your first login, use the default values.
Table 4 Default User Name and Password
SETTING |
DEFAULT VALUE |
User Name |
admin |
|
|
Password |
1234 |
|
|
The Switch automatically logs you out of the management interface after five minutes of inactivity. If this happens to you, simply log back in again.
This table identifies some shortcuts in the CLI, as well as how to get help.
Table 5 CLI Shortcuts and Help
COMMAND / KEY(S) |
DESCRIPTION |
history |
Displays a list of recently-used commands. |
(up/down arrow keys) |
Scrolls through the list of recently-used commands. You can edit |
|
any command or press [ENTER] to run it again. |
[CTRL]+U |
Clears the current command. |
[TAB] |
Auto-completes the keyword you are typing if possible. For |
|
example, type config, and press [TAB]. The Switch finishes the |
|
word configure. |
? |
Displays the keywords and/or input values that are allowed in |
|
place of the ?. |
help |
Displays the (full) commands that are allowed in place of help. |
12 |
Ethernet Switch CLI Reference Guide
Chapter 1 How to Access and Use the CLI
When you run a command, the Switch saves any changes to its run-time memory. The Switch loses these changes if it is turned off or loses power. Use the write memory command in enable mode to save the current configuration permanently to non-volatile memory.
sysname# write memory
You should save your changes after each CLI session. All unsaved configuration changes are lost once you restart the Switch.
Enter logout to log out of the CLI. You have to be in user, enable, or config mode. See Chapter 2 on page 14 for more information about modes.
Ethernet Switch CLI Reference Guide
13 |
2
Privilege Level and Command
Mode
This chapter introduces the CLI privilege levels and command modes.
•The privilege level determines whether or not a user can run a particular command.
•If a user can run a particular command, the user has to run it in the correct mode.
Every command has a privilege level (0-14). Users can run a command if the session’s privilege level is greater than or equal to the command’s privilege level. The session’s privilege level initially comes from the login account’s privilege level, though it is possible to change the session’s privilege level after logging in.
The privilege level of each command is listed in the Reference A-G chapters on page 22.
At the time of writing, commands have a privilege level of 0, 3, 13, or 14. The following table summarizes the types of commands at each of these privilege levels.
Table 6 Types of Commands at Different Privilege Levels
PRIVILEGE LEVEL |
TYPES OF COMMANDS AT THIS PRIVILEGE LEVEL |
0 |
Display basic system information. |
|
|
3 |
Display configuration or status. |
|
|
13 |
Configure features except for login accounts, SNMP user accounts, the |
|
authentication method sequence and authorization settings, multiple logins, |
|
administrator and enable passwords, and configuration information display. |
|
|
14 |
Configure login accounts, SNMP user accounts, the authentication method |
|
sequence and authorization settings, multiple logins, and administrator and |
|
enable passwords, and display configuration information. |
|
|
You can manage the privilege levels for login accounts in the following ways:
•Using commands. Login accounts can be configured by the admin account or any login account with a privilege level of 14. See Chapter 40 on page 173.
Ethernet Switch CLI Reference Guide
14 |
Chapter 2 Privilege Level and Command Mode
•Using vendor-specific attributes in an external authentication server. See the User’s Guide for more information.
The admin account has a privilege level of 14, so the administrator can run every command. You cannot change the privilege level of the admin account.
The session’s privilege level initially comes from the privilege level of the login account the user used to log in to the Switch. After logging in, the user can use the following commands to change the session’s privilege level.
2.1.3.1 enable Command
This command raises the session’s privilege level to 14. It also changes the session to enable mode (if not already in enable mode). This command is available in user mode or enable mode, and users have to know the enable password.
In the following example, the login account user0 has a privilege level of 0 but knows that the enable password is 123456. Afterwards, the session’s privilege level is 14, instead of 0, and the session changes to enable mode.
sysname> enable Password: 123456 sysname#
The default enable password is 1234. Use this command to set the enable password. password <password>
<password> consists of 1-32 alphanumeric characters. For example, the following command sets the enable password to 123456. See Chapter 89 on page 311 for more information about this command.
sysname(config)# password 123456
The password is sent in plain text and stored in the Switch’s buffers. Use this command to set the cipher password for password encryption.
password cipher <password>
<password> consists of 32 alphanumeric characters. For example, the following command encrypts the enable password with a 32-character cipher password. See Chapter 53 on page 208 for more information about this command.
sysname(config)# password cipher qwertyuiopasdfghjklzxcvbnm123456
2.1.3.2 enable <0-14> Command
This command raises the session’s privilege level to the specified level. It also changes the session to enable mode, if the specified level is 13 or 14. This command is available in user mode or enable mode, and users have to know the password for the specified privilege level.
Ethernet Switch CLI Reference Guide
15 |
Chapter 2 Privilege Level and Command Mode
In the following example, the login account user0 has a privilege level of 0 but knows that the password for privilege level 13 is pswd13. Afterwards, the session’s privilege level is 13, instead of 0, and the session changes to enable mode.
sysname> enable 13 Password: pswd13 sysname#
Users cannot use this command until you create passwords for specific privilege levels. Use the following command to create passwords for specific privilege levels.
password <password> privilege <0-14>
<password> consists of 1-32 alphanumeric characters. For example, the following command sets the password for privilege level 13 to pswd13. See Chapter 89 on page 311 for more information about this command.
sysname(config)# password pswd13 privilege 13
2.1.3.3 disable Command
This command reduces the session’s privilege level to 0. It also changes the session to user mode. This command is available in enable mode.
2.1.3.4 show privilege command
This command displays the session’s current privilege level. This command is available in user mode or enable mode.
sysname# show privilege Current privilege level : 14
The CLI is divided into several modes. If a user has enough privilege to run a particular command, the user has to run the command in the correct mode. The modes that are available depend on the session’s privilege level.
If the session’s privilege level is 0-12, the user and all of the allowed commands are in user mode. Users do not have to change modes to run any allowed commands.
16 |
Ethernet Switch CLI Reference Guide
Chapter 2 Privilege Level and Command Mode
If the session’s privilege level is 13-14, the allowed commands are in one of several modes.
Table 7 Command Modes for Privilege Levels 13-14 and the Types of Commands in Each One
MODE |
PROMPT |
COMMAND FUNCTIONS IN THIS MODE |
enable |
sysname# |
Display current configuration, diagnostics, maintenance. |
config |
sysname(config)# |
Configure features other than those below. |
config-interface |
sysname(config-interface)# |
Configure ports. |
config-mvr |
sysname(config-mvr)# |
Configure multicast VLAN. |
config-route- |
sysname(config-if)# |
Enable and enter configuration mode for an IPv4 or IPv6 |
domain |
|
routing domain. |
config-dvmrp |
sysname(config-dvmrp)# |
Configure Distance Vector Multicast Routing Protocol |
|
|
(DVRMP). |
config-igmp |
sysname(config-igmp)# |
Configure Internet Group Management Protocol (IGMP). |
config-ma |
sysname(config-ma)# |
Configure an Maintenance Association (MA) in |
|
|
Connectivity Fault Management (CFM). |
config-ospf |
sysname(config-ospf)# |
Configure Open Shortest Path First (OSPF) protocol. |
config-rip |
sysname(config-rip)# |
Configure Routing Information Protocol (RIP). |
config-vrrp |
sysname(config-vrrp)# |
Configure Virtual Router Redundancy Protocol (VRRP). |
Each command is usually in one and only one mode. If a user wants to run a particular command, the user has to change to the appropriate mode. The command modes are organized like a tree, and users start in enable mode. The following table explains how to change from one mode to another.
Table 8 Changing Between Command Modes for Privilege Levels 13-14
MODE |
ENTER MODE |
LEAVE MODE |
enable |
-- |
-- |
config |
configure |
exit |
config-interface |
interface port-channel <port-list> |
exit |
config-mvr |
mvr <1-4094> |
exit |
config-vlan |
vlan <1-4094> |
exit |
config-route-domain |
interface route domain <ip-address>/<mask-bits> |
exit |
config-dvmrp |
router dvmrp |
exit |
config-igmp |
router igmp |
exit |
config-ospf |
router ospf <router-id> |
exit |
config-rip |
router rip |
exit |
config-vrrp |
router vrrp network <ip-address>/<mask-bits> |
exit |
|
vr-id <1~7> uplink-gateway <ip-address> |
|
Ethernet Switch CLI Reference Guide
17 |
Chapter 2 Privilege Level and Command Mode
18 |
Use the help command to view the executable commands on the Switch. You must have the highest privilege level in order to view all the commands. Follow these steps to create a list of supported commands:
1Log into the CLI. This takes you to the enable mode.
2Type help and press [ENTER]. A list comes up which shows all the commands available in enable mode. The example shown next has been edited for brevity’s sake.
sysname# help Commands available:
help logout exit history
enable <0-14> enable <cr>
.
.
traceroute <ip|host-name> [vlan <vlan-id>][..] traceroute help
ssh <1|2> <[user@]dest-ip> <cr>
ssh <1|2> <[user@]dest-ip> [command </>] sysname#
3Copy and paste the results into a text editor of your choice. This creates a list of all the executable commands in the user and enable modes.
4Type configure and press [ENTER]. This takes you to the config mode.
5Type help and press [ENTER]. A list is displayed which shows all the commands available in config mode and all the sub-commands. The sub-commands are preceded by the command necessary to enter that sub-command mode. For example, the command name <name-str> as shown next, is preceded by the command used to enter the config-vlan sub-mode: vlan <1-4094>.
sysname# help
.
.
no arp inspection log-buffer logs no arp inspection filter-aging-time no arp inspection <cr>
vlan <1-4094>
vlan <1-4094> name <name-str> vlan <1-4094> normal <port-list> vlan <1-4094> fixed <port-list>
6Copy and paste the results into a text editor of your choice. This creates a list of all the executable commands in config and the other submodes, for example, the config-vlan mode.
Ethernet Switch CLI Reference Guide
3
This chapter identifies tasks you might want to do when you first configure the Switch.
It is recommended you change the default administrator password. You can encrypt the password with a cipher password. See Chapter 53 on page 208 for more information.
Use this command to change the administrator password. admin-password <pw-string> <Confirm-string>
where <pw-string> may be 1-32 alphanumeric characters long.
sysname# configure
sysname(config)# admin-password t1g2y7i9 t1g2y7i9
It is recommended you change the default enable password. You can encrypt the password with a cipher password. See Chapter 53 on page 208 for more information.
Use this command to change the enable password. password <password>
where <password> may be 1-32 alphanumeric characters long.
sysname# configure
sysname(config)# password k8s8s3dl0
Ethernet Switch CLI Reference Guide
19 |
Chapter 3 Initial Setup
By default, multiple CLI sessions are allowed via the console port or Telnet. See the User’s Guide for the maximum number of concurrent sessions for your Switch. Use this command to prohibit concurrent logins.
no multi-login
Console port has higher priority than Telnet. See Chapter 50 on page 197 for more multilogin commands.
sysname# configure sysname(config)# no multi-login
The Switch has a different IP address in each VLAN. By default, the Switch has VLAN 1 with IP address 192.168.1.1 and subnet mask 255.255.255.0. Use this command in config-vlan mode to change the management IP address in a specific VLAN.
ip address <ip> <mask>
This example shows you how to change the management IP address in VLAN 1 to 172.16.0.1 with subnet mask 255.255.255.0.
sysname# configure sysname(config)# vlan 1
sysname(config-vlan)# ip address default-management 172.16.0.1 255.255.255.0
Afterwards, you have to use the new IP address to access the Switch.
3.5Changing the Out-of-band Management IP Address
If your Switch has a MGMT port (also referred to as the out-of-band management port), then the Switch can also be managed via this interface. By default, the MGMT port IP address is 192.168.0.1 and the subnet mask is 255.255.255.0. Use this command in config mode to change the out-of-band management IP address.
ip address <ip> <mask>
This example shows you how to change the out-of-band management IP address to 10.10.10.1 with subnet mask 255.255.255.0 and the default gateway 10.10.10.254
sysname# configure
sysname(config)# ip address 10.10.10.1 255.255.255.0 sysname(config)# ip address default-gateway 10.10.10.254
20 |
Ethernet Switch CLI Reference Guide
Chapter 3 Initial Setup
Use this command to look at general system information about the Switch. show system-information
This is illustrated in the following example.
sysname# show system-information |
|
|
System Name |
: sysname |
|
System Contact |
: |
|
System Location |
: |
|
Ethernet Address |
: 00:13:49:ae:fb:7a |
|
ZyNOS F/W Version |
: V3.80(AII.0)b0 | 04/18/2007 |
|
RomRasSize |
: 1746416 |
|
System up Time |
: 280:32:52 (605186d ticks) |
|
Bootbase Version |
: V1.00 | |
05/17/2006 |
ZyNOS CODE |
: RAS Apr |
18 2007 19:59:49 |
Product Model |
: ES-2024PWR |
|
|
|
|
See Chapter 89 on page 311 for more information about these attributes.
Use this command to look at the current operating configuration. show running-config
This is illustrated in the following example.
sysname# show running-config
Building configuration...
Current configuration:
vlan 1 name 1
normal "" fixed 1-9 forbidden "" untagged 1-9
ip address default-management 172.16.37.206 255.255.255.0 ip address default-gateway 172.16.37.254
exit
Ethernet Switch CLI Reference Guide
21 |
PART II
AAA Commands (24)
ARP Commands (27)
ARP Inspection Commands (29)
ARP Learning Commands (34)
Bandwidth Commands (35)
Broadcast Storm Commands (38)
CFM Commands (41)
Classifier Commands (50)
Cluster Commands (53)
Date and Time Commands (56)
Data Center Bridging Commands (59)
DHCP Commands (67)
DHCP Snooping & DHCP VLAN Commands (72)
DiffServ Commands (76)
Display Commands (77)
DVMRP Commands (78)
Error Disable and Recovery Commands (80)
Ethernet OAM Commands (84)
External Alarm Commands (90)
GARP Commands (92)
Green Ethernet Commands (94)
GVRP Commands (98)
22
23
4
Use these commands to configure authentication, authorization and accounting on the Switch.
The following section lists the commands for this feature.
Table 9 aaa authentication Command Summary
COMMAND |
DESCRIPTION |
M |
P |
show aaa authentication |
Displays what methods are used for authentication. |
E |
3 |
show aaa authentication enable |
Displays the authentication method(s) for checking privilege |
E |
3 |
|
level of administrators. |
|
|
aaa authentication enable |
Specifies which method should be used first, second, and |
C |
14 |
<method1> [<method2> ...] |
third for checking privileges. |
|
|
|
method: enable, radius, or tacacs+. |
|
|
no aaa authentication enable |
Resets the method list for checking privileges to its default |
C |
14 |
|
value. |
|
|
show aaa authentication login |
Displays the authentication methods for administrator login |
E |
3 |
|
accounts. |
|
|
aaa authentication login |
Specifies which method should be used first, second, and |
C |
14 |
<method1> [<method2> ...] |
third for the authentication of login accounts. |
|
|
|
method: local, radius, or tacacs+. |
|
|
no aaa authentication login |
Resets the method list for the authentication of login accounts |
C |
14 |
|
to its default value. |
|
|
Table 10 Command Summary: aaa accounting
COMMAND |
DESCRIPTION |
M |
P |
show aaa accounting |
Displays accounting settings configured on the Switch. |
E |
3 |
show aaa accounting update |
Display the update period setting on the Switch for |
E |
3 |
|
accounting sessions. |
|
|
aaa accounting update periodic |
Sets the update period (in minutes) for accounting sessions. |
C |
13 |
<1-2147483647> |
This is the time the Switch waits to send an update to an |
|
|
|
accounting server after a session starts. |
|
|
no aaa accounting update |
Resets the accounting update interval to the default value. |
C |
13 |
show aaa accounting commands |
Displays accounting settings for recording command events. |
E |
3 |
aaa accounting commands |
Enables accounting of command sessions and specifies the |
C |
13 |
<privilege> stop-only tacacs+ |
minimum privilege level (0-14) for the command sessions that |
|
|
[broadcast] |
should be recorded. Optionally, sends accounting information |
|
|
|
for command sessions to all configured accounting servers at |
|
|
|
the same time. |
|
|
|
|
|
|
Ethernet Switch CLI Reference Guide
24 |
Chapter 4 AAA Commands
Table 10 Command Summary: aaa accounting (continued)
COMMAND |
DESCRIPTION |
M |
P |
no aaa accounting commands |
Disables accounting of command sessions on the Switch. |
C |
13 |
show aaa accounting dot1x |
Displays accounting settings for recording IEEE 802.1x |
E |
3 |
|
session events. |
|
|
aaa accounting dot1x <start- |
Enables accounting of IEEE 802.1x authentication sessions |
C |
13 |
stop|stop-only> |
and specifies the mode and protocol method. Optionally, |
|
|
<radius|tacacs+> [broadcast] |
sends accounting information for IEEE 802.1x authentication |
|
|
|
sessions to all configured accounting servers at the same |
|
|
|
time. |
|
|
|
|
|
|
no aaa accounting dot1x |
Disables accounting of IEEE 802.1x authentication sessions |
C |
13 |
|
on the Switch. |
|
|
show aaa accounting exec |
Displays accounting settings for recording administrative |
E |
3 |
|
sessions via SSH, Telnet or the console port. |
|
|
aaa accounting exec <start- |
Enables accounting of administrative sessions via SSH, |
C |
13 |
stop|stop-only> |
Telnet and console port and specifies the mode and protocol |
|
|
<radius|tacacs+> [broadcast] |
method. Optionally, sends accounting information for |
|
|
|
administrative sessions via SSH, Telnet and console port to |
|
|
|
all configured accounting servers at the same time. |
|
|
|
|
|
|
no aaa accounting exec |
Disables accounting of administrative sessions via SSH, |
C |
13 |
|
Telnet or console on the Switch. |
|
|
show aaa accounting system |
Displays accounting settings for recording system events, for |
E |
3 |
|
example system shut down, start up, accounting enabled or |
|
|
|
accounting disabled. |
|
|
|
|
|
|
aaa accounting system |
Enables accounting of system events and specifies the |
C |
13 |
<radius|tacacs+> [broadcast] |
protocol method. Optionally, sends accounting information for |
|
|
|
system events to all configured accounting servers at the |
|
|
|
same time. |
|
|
|
|
|
|
no aaa accounting system |
Disables accounting of system events on the Switch. |
C |
13 |
Table 11 aaa authorization Command Summary
COMMAND |
DESCRIPTION |
M |
P |
show aaa authorization |
Displays authorization settings configured on the Switch. |
E |
3 |
show aaa authorization dot1x |
Displays the authorization method used to allow an IEEE |
E |
3 |
|
802.1x client to have different bandwidth limit or VLAN ID |
|
|
|
assigned via the external server. |
|
|
|
|
|
|
show aaa authorization exec |
Displays the authorization method used to allow an |
E |
3 |
|
administrator which logs in the Switch through Telnet or SSH |
|
|
|
to have different access privilege level assigned via the |
|
|
|
external server. |
|
|
|
|
|
|
aaa authorization console |
Enables authorization of allowing an administrator which logs |
C |
14 |
|
in the Switch through the console port to have different |
|
|
|
access privilege level assigned via the external server. |
|
|
|
|
|
|
aaa authorization dot1x radius |
Enables authorization for IEEE 802.1x clients using RADIUS. |
C |
14 |
aaa authorization exec |
Specifies which method (radius or tacacs+) should be |
C |
14 |
<radius|tacacs+> |
used for administrator authorization. |
|
|
no aaa authorization console |
Disables authorization of allowing an administrator which logs |
C |
14 |
|
in the Switch through the console port to have different |
|
|
|
access privilege level assigned via the external server. |
|
|
|
|
|
|
Ethernet Switch CLI Reference Guide
25 |
Chapter 4 AAA Commands
Table 11 aaa authorization Command Summary (continued)
COMMAND |
DESCRIPTION |
M |
P |
no aaa authorization dot1x |
Disables authorization of allowing an IEEE 802.1x client to |
C |
14 |
|
have different bandwidth limit or VLAN ID assigned via the |
|
|
|
external server. |
|
|
|
|
|
|
no aaa authorization exec |
Disables authorization of allowing an administrator which logs |
C |
14 |
|
in the Switch through Telnet or SSH to have different access |
|
|
|
privilege level assigned via the external server. |
|
|
|
|
|
|
26 |
Ethernet Switch CLI Reference Guide
5
Use these commands to look at IP-to-MAC address mapping(s).
The following section lists the commands for this feature.
Table 12 arp Command Summary
COMMAND |
DESCRIPTION |
M |
P |
arp aging-time <60-1000000> |
Sets how long dynamically learned ARP entries remain in the |
C |
13 |
|
ARP table before they age out (and must be relearned). |
|
|
arp name <name> ip <ip-address> |
Creates a static ARP entry which will not age out. |
C |
13 |
mac <mac-addr> vlan <vlan-id> |
|
|
|
interface port-channel <port- |
|
|
|
list> |
|
|
|
arp name <name> ip <ip-address> |
Creates a static ARP entry but disables it. |
C |
13 |
mac <mac-addr> vlan <vlan-id> |
|
|
|
interface port-channel <port- |
|
|
|
list> inactive |
|
|
|
no arp ip <ip-address> mac <mac- |
Deletes a static ARP entry from the ARP table. |
C |
13 |
addr> vlan <vlan-id> |
|
|
|
no arp ip <ip-address> mac <mac- |
Enables the specified static ARP entry. |
C |
13 |
addr> vlan <vlan-id> inactive |
|
|
|
show ip arp |
Displays the ARP table. |
E |
3 |
clear ip arp |
Removes all of the dynamic entries from the ARP table. |
E |
13 |
clear ip arp interface port- |
Removes the dynamic entries learned on the specified port. |
E |
13 |
channel <port-list> |
|
|
|
clear ip arp ip <ip-address> |
Removes the dynamic entries learned with the specified IP |
E |
13 |
|
address. |
|
|
no arp |
Flushes the ARP table entries. |
E |
13 |
Ethernet Switch CLI Reference Guide
27 |
Chapter 5 ARP Commands
This example creates a static ARP entry and shows the ARP tahle on the Switch.
sysname# config
sysname(config)# arp name test ip 192.168.1.99 mac 00:c5:d8:01:23:45 vlan 1 interface port-channel 3
sysname(config)# exit |
|
|
|
|
|
|
sysname# show ip arp |
MAC |
VLAN |
Port |
|
Age(s) Type |
|
Index |
IP |
0 |
||||
1 |
192.168.1.1 |
00:19:cb:37:00:49 |
1 |
CPU |
static |
|
2 |
192.168.1.99 |
00:c5:d8:01:23:45 |
1 |
3 |
0 |
static |
3 |
192.168.2.1 |
00:19:cb:37:00:49 |
465 |
CPU |
0 |
static |
sysname# |
|
|
|
|
|
|
The following table describes the labels in this screen.
Table 13 show ip arp
LABEL |
DESCRIPTION |
Index |
This field displays the index number. |
|
|
IP |
This field displays the learned IP address of the device. |
|
|
MAC |
This field displays the MAC address of the device. |
|
|
VLAN |
This field displays the VLAN to which the device belongs. |
|
|
Port |
This field displays the number of the port from which the IP address was learned. |
|
CPU indicates this IP address is the Switch’s management IP address. |
|
|
Age(s) |
This field displays how long the entry remains valid. |
|
|
Type |
This field displays how the entry was learned. |
|
dynamic: The Switch learned this entry from ARP packets. |
|
|
28 |
Ethernet Switch CLI Reference Guide
6
Use these commands to filter unauthorized ARP packets in your network.
The following section lists the commands for this feature.
Table 14 arp inspection Command Summary
COMMAND |
DESCRIPTION |
M |
P |
arp inspection |
Enables ARP inspection on the Switch. You still have to |
C |
13 |
|
enable ARP inspection on specific VLAN and specify trusted |
|
|
|
ports. |
|
|
|
|
|
|
no arp inspection |
Disables ARP inspection on the Switch. |
C |
13 |
show arp inspection |
Displays ARP inspection configuration details. |
E |
3 |
clear arp inspection statistics |
Removes all ARP inspection statistics on the Switch. |
E |
3 |
clear arp inspection statistics |
Removes ARP inspection statistics for the specified VLAN(s). |
E |
3 |
vlan <vlan-list> |
|
|
|
show arp inspection statistics |
Displays all ARP inspection statistics on the Switch. |
E |
3 |
show arp inspection statistics |
Displays ARP inspection statistics for the specified VLAN(s). |
E |
3 |
vlan <vlan-list> |
|
|
|
Table 15 Command Summary: arp inspection filter
COMMAND |
DESCRIPTION |
M |
P |
show arp inspection filter |
Displays the current list of MAC address filters that were |
E |
3 |
[<mac-addr>] [vlan <vlan-id>] |
created because the Switch identified an unauthorized ARP |
|
|
|
packet. Optionally, lists MAC address filters based on the |
|
|
|
MAC address or VLAN ID in the filter. |
|
|
|
|
|
|
no arp inspection filter <mac- |
Specifies the ARP inspection record you want to delete from |
E |
13 |
addr> vlan <vlan-id> |
the Switch. The ARP inspection record is identified by the |
|
|
|
MAC address and VLAN ID pair. |
|
|
clear arp inspection filter |
Delete all ARP inspection filters from the Switch. |
E |
13 |
arp inspection filter-aging-time |
Specifies how long (1-2147483647 seconds) MAC address |
C |
13 |
<1-2147483647> |
filters remain in the Switch after the Switch identifies an |
|
|
|
unauthorized ARP packet. The Switch automatically deletes |
|
|
|
the MAC address filter afterwards. |
|
|
|
|
|
|
arp inspection filter-aging-time |
Specifies the MAC address filter to be permanent. |
C |
13 |
none |
|
|
|
no arp inspection filter-aging- |
Resets how long (1-2147483647 seconds) the MAC address |
C |
13 |
time |
filter remains in the Switch after the Switch identifies an |
|
|
|
unauthorized ARP packet to the default value. |
|
|
Ethernet Switch CLI Reference Guide
29 |
Chapter 6 ARP Inspection Commands
Table 16 Command Summary: arp inspection log
COMMAND |
DESCRIPTION |
M |
P |
show arp inspection log |
Displays the log settings configured on the Switch. It also |
E |
3 |
|
displays the log entries recorded on the Switch. |
|
|
clear arp inspection log |
Delete all ARP inspection log entries from the Switch. |
E |
13 |
arp inspection log-buffer |
Specifies the maximum number (1-1024) of log messages |
C |
13 |
entries <0-1024> |
that can be generated by ARP packets and not sent to the |
|
|
|
syslog server. |
|
|
|
If the number of log messages in the Switch exceeds this |
|
|
|
number, the Switch stops recording log messages and simply |
|
|
|
starts counting the number of entries that were dropped due |
|
|
|
to unavailable buffer. |
|
|
|
|
|
|
arp inspection log-buffer logs |
Specifies the number of syslog messages that can be sent to |
C |
13 |
<0-1024> interval <0-86400> |
the syslog server in one batch and how often (1-86400 |
|
|
|
seconds) the Switch sends a batch of syslog messages to the |
|
|
|
syslog server. |
|
|
|
|
|
|
no arp inspection log-buffer |
Resets the maximum number (1-1024) of log messages that |
C |
13 |
entries |
can be generated by ARP packets and not sent to the syslog |
|
|
|
server to the default value. |
|
|
no arp inspection log-buffer |
Resets the maximum number of syslog messages the Switch |
C |
13 |
logs |
can send to the syslog server in one batch to the default |
|
|
|
value. |
|
|
Table 17 Command Summary: interface arp inspection
COMMAND |
DESCRIPTION |
M |
P |
show arp inspection interface |
Displays the ARP inspection settings for the specified port(s). |
E |
3 |
port-channel <port-list> |
|
|
|
interface port-channel <port- |
Enters config-interface mode for the specified port(s). |
C |
13 |
list> |
|
|
|
arp inspection trust |
Sets the port to be a trusted port for arp inspection. The |
C |
13 |
|
Switch does not discard ARP packets on trusted ports for any |
|
|
|
reason. |
|
|
|
|
|
|
no arp inspection trust |
Disables this port from being a trusted port for ARP |
C |
13 |
|
inspection. |
|
|
Table 18 Command Summary: arp inspection vlan
COMMAND |
DESCRIPTION |
M |
P |
show arp inspection vlan <vlan- |
Displays ARP inspection settings for the specified VLAN(s). |
E |
3 |
list> |
|
|
|
arp inspection vlan <vlan-list> |
Enables ARP inspection on the specified VLAN(s). |
C |
13 |
no arp inspection vlan <vlan- |
Disables ARP inspection on the specified VLAN(s). |
C |
13 |
list> |
|
|
|
arp inspection vlan <vlan-list> |
Enables logging of ARP inspection events on the specified |
C |
13 |
logging [all|none|permit|deny] |
VLAN(s). Optionally specifies which types of events to log. |
|
|
no arp inspection vlan <vlan- |
Disables logging of messages generated by ARP inspection |
C |
13 |
list> logging |
for the specified VLAN(s). |
|
|
30 |
Ethernet Switch CLI Reference Guide