Zyxel VES1724-56B2 CLI Reference Guide

Download

Page 1

Default Login Details

CLI Reference Guide

VES Switch

VDSL Switch

Versions 1.00, 3.60, 3.70, 3.80

IP Address http://192.168.0.1 (Out-of-

band MGMT port)

http://192.168.1.1 (In-band

ports)

User Name admin

Password 1234

Edition 8, 2/2021

Page 2

IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Do not use commands not documented in this guide. Use of

undocumented commands or misconfiguration can damage the unit and possibly render it unusable.

This guide covers the following models at the time of writing.

VES-1624FA-54 VES-1608FE-57 VES-1602FE-57 VES1724-55C

VES1724-56 VES1724-56B2

Note: This guide is intended as a command reference for a series of products and firmware

versions. Therefore many commands in this guide may not be available in your product or firmware version. Use only the commands your device displays. See your User’s Guide for a list of supported features and details about feature implementation.

Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.

•More Information

Go to support.zyxel.com to find other information on the Switch

VES Switch CLI Reference Guide

Page 3

Contents Overview

Introduction .........................................................................................................................................6

Getting Started ....................................................................................................................................... 7

Privilege Level and Command Mode ................................................................................................ 12

Tutorials .................................................................................................................................................. 16

Reference ..........................................................................................................................................20

AAA Commands .................................................................................................................................. 21

ADSL Fallback Commands .................................................................................................................. 24

ARP Commands ................................................................................................................................... 27

ARP Inspection Commands ................................................................................................................ 28

Bandwidth Commands ........................................................................................................................ 33

Broadcast Storm Commands .............................................................................................................. 35

CFM Commands .................................................................................................................................. 37

Classifier Commands ........................................................................................................................... 44

Cluster Commands .............................................................................................................................. 47

Date and Time Commands ................................................................................................................. 50

DHCP Commands ................................................................................................................................ 53

DHCP Snooping and DHCP VLAN Commands ................................................................................. 62

DHCPv6 Relay Commands ................................................................................................................. 67

DHCPv6 Snooping Commands ........................................................................................................... 70

DiffServ Commands ............................................................................................................................. 71

DoS Prevention Commands ................................................................................................................ 72

Error Disable and Recovery Commands ........................................................................................... 74

Ethernet OAM Commands .................................................................................................................. 78

External Alarm Commands ................................................................................................................. 83

GARP Commands ................................................................................................................................ 85

GVRP Commands ................................................................................................................................ 87

HTTPS Server Commands ..................................................................................................................... 88

IEEE 802.1x Authentication Commands ............................................................................................. 91

IGMP Commands ................................................................................................................................. 93

IGMP Filtering Commands ................................................................................................................... 99

Ingress Check Commands ................................................................................................................ 101

Interface Commands ........................................................................................................................ 102

IP Commands ..................................................................................................................................... 110

IP Commands for IPv6 ........................................................................................................................ 115

IPv6 Commands ................................................................................................................................. 125

IPQoS Commands .............................................................................................................................. 150

IP Source Binding Commands .......................................................................................................... 152

VES Switch CLI Reference Guide

Page 4

Contents Overview

Layer 2 Protocol Tunnel (L2PT) Commands ..................................................................................... 154

LACP Commands ............................................................................................................................... 157

LLDP Commands ................................................................................................................................ 159

Login Account Commands ............................................................................................................... 164

Login Precedence Commands ........................................................................................................ 165

Loopguard Commands ..................................................................................................................... 166

MAC Address Commands ................................................................................................................. 168

MAC Authentication Commands ....................................................................................................170

MAC-based VLAN Commands ......................................................................................................... 172

MAC Filter Commands ....................................................................................................................... 174

MAC Forward Commands ................................................................................................................ 175

Mirror Commands ............................................................................................................................... 176

MRSTP Commands ............................................................................................................................. 177

MSTP Commands ................................................................................................................................ 179

Multiple Login Commands ................................................................................................................ 183

MVR Commands ................................................................................................................................ 184

NDP Inspection Commands .............................................................................................................. 186

Packet Filter Commands ................................................................................................................... 189

Password Commands ........................................................................................................................ 191

Policy Commands .............................................................................................................................. 193

Port Security Commands ................................................................................................................... 196

Port-based VLAN Commands ........................................................................................................... 198

PPPoE Intermediate Agent Commands .......................................................................................... 199

Protocol-based VLAN Commands ...................................................................................................205

RADIUS Commands ............................................................................................................................ 208

Rate Limit Commands ....................................................................................................................... 210

Remote CPE Device Commands .....................................................................................................213

Remote Management Commands ................................................................................................. 233

Running Configuration Commands .................................................................................................235

Service Control Commands .............................................................................................................. 237

SFP Thresholds ...................................................................................................................................... 239

SNMP Server Commands ................................................................................................................... 243

SSH Commands .................................................................................................................................. 247

Static Multicast Commands .............................................................................................................. 249

Static Route Commands ................................................................................................................... 251

STP and RSTP Commands .................................................................................................................. 253

Subnet-based VLAN Commands .....................................................................................................256

Syslog Commands .............................................................................................................................. 258

TACACS+ Commands ........................................................................................................................ 259

Trunk Commands ................................................................................................................................ 260

trTCM Commands .............................................................................................................................. 261

VDSL Alarm Profile Commands ......................................................................................................... 263

VDSL Counters Commands ............................................................................................................... 267

VES Switch CLI Reference Guide

Page 5

Contents Overview

VDSL Loop Diagnostic Commands ..................................................................................................273

VDSL Profile Commands .................................................................................................................... 276

VDSL Settings Commands ................................................................................................................. 297

VLAN Commands ............................................................................................................................... 301

VLAN Mapping Commands .............................................................................................................. 305

VLAN Port Isolation Commands ........................................................................................................ 307

VLAN-Profile Commands ................................................................................................................... 309

VLAN-Security Commands ................................................................................................................ 311

VLAN Stacking Commands ............................................................................................................... 312

VLAN Translation ................................................................................................................................. 317

VLAN Trunking Commands ................................................................................................................ 320

Additional Commands ...................................................................................................................... 321

Appendices and Index of Commands .........................................................................................334

VES Switch CLI Reference Guide

Page 6

PART I

Introduction

Page 7

This chapter introduces the command line interface (CLI).

1.1 Accessing the CLI

Use any of the following methods to access the CLI.

1.1.1 Console Port

1 Connect your computer to the console port on the Switch using the appropriate cable.

2 Use terminal emulation software with the following settings:

CHAPTER 1

Getting Started

Table 1 Default Settings for the Console Port

SETTING DEFAULT VALUE

Terminal Emulation VT100

Baud Rate 9600 or 115200 bps

Parity None

Number of Data Bits 8

Number of Stop Bits 1

Flow Control None

3 Press [ENTER] to open the login screen.

1.1.2 Telnet

1 Connect your computer to the MGMT port.

2 Open a Telnet session to the Switch’s IP address. If this is your first login, use the default values.

Table 2 Default Management IP Address

SETTING DEFAULT VALUE

IP Address 192.168.0.1

Subnet Mask 255.255.255.0

Make sure your computer IP address is in the same subnet, unless you are accessing the Switch through one or more routers.

VES Switch CLI Reference Guide

Page 8

1.1.3 SSH

1 Connect your computer to the MGMT port.

2 Use a SSH client program to access the Switch. If this is your first login, use the default values in Table 2 on

page 7 and Table 3 on page 8. Make sure your computer IP address is in the same subnet, unless you

are accessing the Switch through one or more routers.

1.2 Logging in

Use the administrator username and password. If this is your first login, use the default values.

Table 3 Default User Name and Password

SETTING DEFAULT VALUE

User Name admin

Password 1234

Note: The Switch automatically logs you out of the management interface after five minutes

of inactivity. If this happens to you, simply log back in again.

Chapter 1 Getting Started

1.3 Using Shortcuts and Getting Help

This table identifies some shortcuts in the CLI, as well as how to get help.

Table 4 CLI Shortcuts and Help

COMMAND / KEY(S) DESCRIPTION

history

 (up/down arrow keys)

[CTRL]+Z

[CTRL]+U

[TAB]

help

The help generally follows these syntax conventions:

• Each interface refers to a port on the Switch.

• Required input values are in angle brackets <>; for example, must specify an IP number for this command.

Displays a list of recently-used commands.

Scrolls through the list of recently-used commands. You can edit any command or press [ENTER] to run it again.

Returns to the previous mode. See Chapter 2 on page 12 for more information about modes.

Clears the current command.

Auto-completes the keyword you are typing if possible. For example, type config, and press [TAB]. The Switch finishes the word configure.

Displays the keywords and/or input values that are allowed in place of the ?.

Displays the (full) commands that are allowed in place of help.

ping <ip-address> means that you

VES Switch CLI Reference Guide

Page 9

Chapter 1 Getting Started

•Lists (such as <port-list>) consist of one or more elements separated by commas. Each element might be a single value (1, 2, 3, ...) or a range of values (1-2, 3-5, ...) separated by a dash. Use an asterisk (*) to indicate all possible elements.

• The | (bar) symbol means “or”.

• Optional fields are in square brackets []; for instance, in snmp-server [contact <system contact>] [location <system location>], the contact and location fields are optional.

• The <cr> means press the [ENTER] key.

1.4 Saving Your Configuration

When you run a command, the Switch saves any changes to its run-time memory. The Switch loses these changes if it is turned off or loses power. Use the current configuration permanently to non-volatile memory.

sysname# write memory

Note: You should save your changes after each CLI session. All unsaved configuration

changes are lost once you restart the Switch.

write memory command in enable mode to save the

1.5 Logging Out

Enter logout to log out of the CLI. You have to be in user, enable, or config mode. See Chapter 2 on

page 12 for more information about modes.

1.6 How to Use This Guide

This section explains how commands are introduced in this guide.

1.6.1 Background Information (Optional)

Note: See the User’s Guide for background information about most features.

This section provides background information about features that you cannot configure in the Web Configurator. In addition, this section identifies related commands in other chapters.

1.6.2 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 5 Example: User-input Values

COMMAND DESCRIPTION

vlan-id

1~4094

VES Switch CLI Reference Guide

Page 10

Chapter 1 Getting Started

This section lists the commands for this feature in one or more tables.

Table 6 Example: Command Summary Table

COMMAND DESCRIPTION M P

show vlan

vlan <vlan-id>

inactive

no inactive

no vlan <vlan-id>

The Table title identifies the specific keyword(s) that the commands share.

The Command column shows the syntax of the command. The syntax follows the same conventions the help (Section 1.3 on page 8) does, in addition to the following.

• these terms represent user-input values that are explained in more detail in the Description column or in the user-input value table.

• If a command is indented, users have to run it in one of the config- modes. You can identify the specific mode by looking at the last config-mode command above it.

• If a command is not indented, users have to run it in enable or config mode.

Displays the status of all VLANs. E 3

Enters config-vlan mode for the specified VLAN. Creates the VLAN, if necessary.

Disables the specified VLAN. C 13

Enables the specified VLAN. C 13

Deletes a VLAN. C 13

C13

The Description column explains what the command does. It also identifies legal input values for userinput values, if necessary.

The M column helps identify the mode in which users have to run the command.

• E: The command is available in enable mode. It is also available in user mode if the privilege level (P) is less than 13.

• C: The command is available in config (not indented) or one of the config- (indented) modes.

The P column identifies the privilege level of the command.

1.6.3 Syntax Conventions

Command descriptions follow these conventions:

• Commands are in

• Required input values are in angle brackets <>; for example, ping <ip> means that you must specify an IP address for this command.

• Optional fields are in square brackets []; for instance show logins [name], the name field is optional.

The following is an example of a required field within an optional field: snmp-server [contact <system contact>], the contact field is optional. However, if you use contact, then you must provide the system contact information.

•Lists (such as <port-list>) consist of one or more elements separated by commas. Each element might be a single value (1, 2, 3, ...) or a range of values (1-2, 3-5, ...) separated by a dash.

• The | (bar) symbol means “or”.

• italic terms represent user-defined input values; for example, in snmp-server [contact <system

contact>], system contact can be replaced by the administrator’s name.

courier new font.

VES Switch CLI Reference Guide

Page 11

Chapter 1 Getting Started

• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the “Enter” or “Return” key on your keyboard

• <cr> means press the [ENTER] key.

• An arrow (-->) indicates that this line is a continuation of the previous line.

1.7 Command Examples (Optional)

This section contains any examples for the commands in this feature.

VES Switch CLI Reference Guide

Page 12

This chapter introduces privilege levels and the command modes that are available in the CLI.

• The privilege level determines whether or not a user can run a particular command.

• If a user can run a particular command, the user has to run it in the correct mode.

2.1 Privilege Levels

Every command has a privilege level (0-14). Users can run a command if the session’s privilege level is greater than or equal to the command’s privilege level. The session’s privilege level initially comes from the login account’s privilege level, though it is possible to change the session’s privilege level after logging in.

CHAPTER 2

Privilege Level and

Command Mode

2.1.1 Privilege Levels for Commands

The privilege level of each command is listed in the corresponding command summary table.

At the time of writing, commands have a privilege level of 0, 3, 13, or 14. The following table summarizes the types of commands at each of these privilege levels.

Table 7 Types of Commands at Different Privilege Levels

PRIVILEGE LEVEL TYPES OF COMMANDS AT THIS PRIVILEGE LEVEL

0 Display basic system information.

3 Display configuration or status.

13 Configure features except for login accounts, login precedence, multiple logins, and

administrator and enable passwords.

14 Configure login accounts, login precedence, multiple logins, and administrator and enable

passwords.

2.1.2 Privilege Levels for Login Accounts

You can manage the privilege levels for login accounts the following ways:

• Use commands. Login accounts can be configured by the admin account or any login account with a privilege level of 14. See Chapter 39 on page 164.

• Use vendor-specific attributes in an external authentication servers. See the User’s Guide for more information.

VES Switch CLI Reference Guide

Page 13

Chapter 2 Privilege Level and Command Mode

The admin account has a privilege level of 14, so the administrator can run every command. You cannot change the privilege level of the admin account.

2.1.3 Privilege Levels for Sessions

The session’s privilege level initially comes from the privilege level of the login account the user used to log in to the Switch. After logging in, the user can use the following commands to change the session’s privilege level.

2.1.3.1 enable

This command raises the session’s privilege level to 14. It also changes the session to enable mode, if necessary. This command is available in user mode or enable mode, and users have to know the enable password.

In the following example, the login account user0 has a privilege level of 0 but knows that the enable password is 123456. Afterwards, the session’s privilege level is 14, instead of 0, and the session changes to enable mode.

sysname> enable Password: 123456 sysname#

The default enable password is 1234. Use this command to set the enable password.

password <password>

<password> consists of 1-32 alphanumeric characters. For example, the following command sets the

enable password to 123456. See Chapter 90 on page 321 for more information about this command.

sysname(config)# password 123456

2.1.3.2 enable <0-14> Command

This command raises the session’s privilege level to the specified level. It also changes the session to enable mode, if the specified level is 13 or 14. This command is available in user mode or enable mode, and users have to know the password for the specified privilege level.

In the following example, the login account user0 has a privilege level of 0 but knows that the password for privilege level 13 is pswd13. Afterwards, the session’s privilege level is 13, instead of 0, and the session changes to enable mode.

sysname> enable 13 Password: pswd13 sysname#

Users cannot use this command until you create passwords for specific privilege levels. Use the following command to create passwords for specific privilege levels.

password <password> privilege <0-14>

VES Switch CLI Reference Guide

Page 14

Chapter 2 Privilege Level and Command Mode

<password> consists of 1-32 alphanumeric characters. For example, the following command sets the password for privilege level 13 to pswd13. See Chapter 54 on page 191 for more information about this command.

sysname(config)# password pswd13 privilege 13

2.1.3.3 disable

This command reduces the session’s privilege level to 0. It also changes the session to user mode. This command is available in enable mode.

2.2 Command Modes

The CLI is divided into several modes. If a user has enough privilege to run a particular command, the user has to run the command in the correct mode. The modes that are available depend on the session’s privilege level.

2.2.1 Command Modes for Privilege Levels 0-12

If the session’s privilege level is 0-12, the user and all of the commands are in user mode. Users do not have to change modes to run any allowed commands.

2.2.2 Command Modes for Privilege Levels 13-14

If the session’s privilege level is 13-14, the allowed commands are in one of several modes.

Table 8 Command Modes for Privilege Levels 13-14 and the Types of Commands in Each One

MODE PROMPT TYPES OF COMMANDS IN THIS MODE

enable

config

config-bondingprofile

config-interface

config-mvr

config-port

config-RmtVtur

config-vdslalarmprofile

config-vdsl-profile

config-vlan

sysname#

sysname(config)#

sysname(config-bondingprofile)#

sysname(config-interface)#

sysname(config-mvr)#

sysname(config-port)#

sysname(config-RmtVtur)#

sysname(configvdslalarmprofile)#

sysname(config-vdslprofile)#

sysname(config-vlan)#

Displays current configuration, diagnostics, maintenance.

Configures features other than those below.

Configures VDSL bonding groups.

Configures ports.

Configures multicast VLAN.

Configures VLAN port isolation.

Configures remote (CPE) devices.

Configures VDSL alarm profiles.

Configures VDSL profiles.

Configures static VLAN.

Each command is usually in one and only one mode. If a user wants to run a particular command, the user has to change to the appropriate mode. The command modes are organized like a tree, and users

VES Switch CLI Reference Guide

Page 15

Chapter 2 Privilege Level and Command Mode

start at the root of the tree in enable mode. The following table explains how to change from one mode to another.

Table 9 Changing Between Command Modes for Privilege Levels 13-14

MODE ENTER MODE LEAVE MODE

enable

config

config-bonding-profile

config-interface

config-mvr

config-port

config-vdsl-alarmprofile

config-vdsl-profile

config-vlan

config-RmtVtur

-- --

configure exit

gbond <group-id> exit

interface port-channel <port-list> exit

mvr <vlan-id> exit

vlan1q port-isolation <port-list> exit

vdsl-alarmprofile <profile-name> exit

vdsl-profile <profile-name> exit

vlan <vlan-id> exit

rmt-vtur port-channel <port-list> exit

VES Switch CLI Reference Guide

Page 16

CHAPTER 3

This chapter identifies tasks you might want to do when you first configure the Switch.

3.1 Changing the Administrator Password

Note: It is recommended you change the default administrator password.

Use this command to change the administrator password.

admin-password <password> <confirm-password>

where <password> and <confirm-password> may be 1-32 alphanumeric characters long.

sysname# configure sysname(config)# admin-password t1g2y7i9 t1g2y7i9

Tutorials

3.2 Changing the Enable Password

Note: It is recommended you change the default enable password.

Use this command to change the enable password.

password <password>

where <password> may be 1-32 alphanumeric characters long.

sysname# configure sysname(config)# password k8s8s3dl0

3.3 Prohibiting Concurrent Logins

By default, multiple CLI sessions are allowed via the console port or Telnet. See the User’s Guide for the maximum number of concurrent sessions for your Switch. Use this command to prohibit concurrent logins.

no multi-login

VES Switch CLI Reference Guide

Page 17

Chapter 3 Tutorials

Console port has higher priority than Telnet. See Chapter 50 on page 183 for more multi-login commands.

sysname# configure sysname(config)# no multi-login

3.4 Changing the Management IP Address

Use this command to change the management IP address when you are connected to the MGMT port.

ip address <ip-address> <mask>

ip outband address <ip-address> <mask>

This example shows you how to change the out-of-band management IP address to 172.1.1.10 with subnet mask 255.255.255.0.

sysname# configure sysname(config)# ip address 172.1.1.10 255.255.255.0

sysname# configure sysname(config)# ip outband address 172.1.1.10 255.255.255.0

Note: Afterwards, you have to use the new IP address to access the Switch.

Use this command to change the management IP address when you are connected to any other ports.

vlan <vlan-id> ip address inband-default <ip-address> <mask>

ip inband address <ip-address> <mask>

Alternatively, use this command if you want the Switch can get the in-band management IP address from a DHCP server.

vlan <vlan-id> ip address inband-default dhcp-bootp

ip inband client

VES Switch CLI Reference Guide

Page 18

Chapter 3 Tutorials

3.5 Looking at Basic System Information

Use this command to look at general system information about the Switch.

show system-information

This is illustrated in the following example.

sysname# show system-information

Product Model : VES1724-55C System Name : VES1724-55C System Serial Number : xxxxxxxxxxxxxxx System Contact : System Location : System up Time : 0:24:35 (24078 ticks) Ethernet Address : cc:5d:4e:11:22:12 Bootbase Version : V0.2 | 05/12/2014 ZyNOS F/W Version : V1.00(AATL.11)C0 | 05/29/2020 Config Boot Image : 1 Current Boot Image : 1 Current Config : 1 Power Module : AC 1st F/W Version : V1.00(AATL.11)C0 | 05/29/2020 2nd F/W Version : V1.00(AATL.1)C0 | 01/12/2015 Config Port Reverse : Normal

See Chapter 90 on page 321 for more information about these attributes.

3.6 Looking at the Operating Configuration

Use this command to look at the current operating configuration.

show running-config

VES Switch CLI Reference Guide

Page 19

Chapter 3 Tutorials

This is illustrated in the following example.

sysname# show running-config Building configuration...

Current configuration:

; Product Name = VES1724-55C ; Firmware Version = V1.00(AATL.11)C0 | 05/29/2020 ; SysConf Engine Version = 1.1 vdsl-line-profile DEFVAL exit vdsl-chan-profile DEFVAL exit vdsl-inm-profile DEFVAL exit vdsl-line-template DEFVAL exit vdsl-line-alarm-profile DEFVAL exit vdsl-chan-alarm-profile DEFVAL exit vdsl-alarm-template DEFVAL exit vdsl-port 1 line-template DEFVAL vdsl-port 2 line-template DEFVAL vdsl-port 3 line-template DEFVAL

--------------------------------- SNIP ---------------------------------

3.7 Show Logs

When troubleshooting the Switch, it may be useful to check system logs. The example below shows logs with an “error” severity.

VES1724-55C# show logging severity ? alert severity alert critical severity critical debug severity debug emergency severity emergency error severity error info severity info notice severity notice warning severity warning VES1724-55C# show logging severity error 1 Jan 1 02:32:29 ER PP1b SYSTEM RESET: addr=800880d8

To show all system logs, enter “show logging” without specifying a severity.

VES Switch CLI Reference Guide

Page 20

PART II

Reference

Page 21

Use these commands to configure authentication, authorization and accounting on the Switch.

4.1 Command Summary

The following section lists the commands for this feature.

Table 10 aaa authentication Command Summary

COMMAND DESCRIPTION M P

show aaa authentication

show aaa authentication enable

aaa authentication enable

method1> [<method2> ...]

aaa authentication enable trycont <enable|disable>

no aaa authentication enable

show aaa authentication login

aaa authentication login <method1> [<method2> ...]

aaa authentication login trycont <enable|disable>

no aaa authentication login

CHAPTER 4

AAA Commands

Displays what methods are used for authentication. E 13

Displays the authentication method(s) for checking privilege level of administrators.

Specifies which method should be used first, second, and third for checking users’ privileges for settings.

method: local, radius, or tacacs+.

Moves on to another authentication method if the first method fails.

Resets the method list for checking privileges to its default value.

Displays the authentication methods for administrator login accounts.

Specifies which method should be used first, second, and third for the authentication of login accounts. This is used to determine a user can log into the Switch or not.

method: local, radius, or tacacs+.

Moves on to another login authentication method if the first method fails.

Resets the method list for the authentication of login accounts to its default value.

E13

C13

C14

C13

E13

C13

C14

C13

Table 11 aaa accounting Command Summary

COMMAND DESCRIPTION M P

show aaa accounting

show aaa accounting update

aaa accounting update periodic <1-2147483647>

no aaa accounting update

VES Switch CLI Reference Guide

Displays accounting settings configured on the Switch. E 3

Display the update period setting on the Switch for accounting sessions.

Sets the update period (in minutes) for accounting sessions. This is the time the Switch waits to send an update to an accounting server after a session starts.

Resets the accounting update interval to the default value. C 13

C13

Page 22

Chapter 4 AAA Commands

Table 11 aaa accounting Command Summary (continued)

COMMAND DESCRIPTION M P

show aaa accounting commands

aaa accounting commands <privilege> stop-only tacacs+ [broadcast]

no aaa accounting commands

show aaa accounting dot1x

aaa accounting dot1x <startstop|stop-only> <radius|tacacs+> [broadcast]

no aaa accounting dot1x

show aaa accounting exec

aaa accounting exec <startstop|stop-only> <radius|tacacs+> [broadcast]

no aaa accounting exec

show aaa accounting system

aaa accounting system <radius|tacacs+> [broadcast]

no aaa accounting system

Displays accounting settings for recording command events.

Enables accounting of command sessions and specifies the minimum privilege level (0-14) for the command sessions that should be recorded. Optionally, sends accounting information for command sessions to all configured accounting servers at the same time.

Disables accounting of command sessions on the Switch. C 13

Displays accounting settings for recording IEEE 802.1x session events.

Enables accounting of IEEE 802.1x authentication sessions and specifies the mode and protocol method. Optionally, sends accounting information for IEEE 802.1x authentication sessions to all configured accounting servers at the same time.

Disables accounting of IEEE 802.1x authentication sessions on the Switch.

Displays accounting settings for recording administrative sessions via SSH, Telnet or the console port.

Enables accounting of administrative sessions via SSH, Telnet and console port and specifies the mode and protocol method. Optionally, sends accounting information for administrative sessions via SSH, Telnet and console port to all configured accounting servers at the same time.

Disables accounting of administrative sessions via SSH, Telnet or console on the Switch.

Displays accounting settings for recording system events, for example system shut down, start up, accounting enabled or accounting disabled.

Enables accounting of system events and specifies the protocol method. Optionally, sends accounting information for system events to all configured accounting servers at the same time.

Disables accounting of system events on the Switch. C 13

C13

Table 12 aaa authorization Command Summary

COMMAND DESCRIPTION M P

show aaa authorization

show aaa authorization exec

aaa authorization exec <method1> [<method2> ...]

aaa authorization exec trycont <enable|disable>

no aaa authorization exec

Displays what methods are used for authorization. E 0

Displays the authentication methods for checking the privilege level of administrator configuration sessions.

Specifies which method should be used first and second for checking the privilege level of administrator configuration sessions. If a user is authenticated with local, the Switch will automatically authorize the user with local privilege.

method: local, radius, or tacacs+.

Moves on to another authorization method if the first method fails.

Resets the method list for checking the privilege level of administrator configuration sessions to its default value.

C13

C14

C13

VES Switch CLI Reference Guide

Page 23

Chapter 4 AAA Commands

4.2 Command Examples

This example displays how to show the current authentication method settings.

sysname# show aaa authentication Authentication: Type Method 1 Method 2 Method 3 Enable local - Login local - -

This example displays how to sets the authentication methods first to use radius server and second to use the Switch’s local database.

sysname# configure sysname(config)# aaa authentication enable radius local sysname(config)# aaa authentication login radius local sysname(config)# exit sysname# show aaa authentication Authentication: Type Method 1 Method 2 Method 3 Enable radius local Login radius local sysname#

VES Switch CLI Reference Guide

Page 24

ADSL Fallback Commands

Use these commands to configure general ADSL settings.

5.1 Command Summary

The following tables list the commands for this feature.

Table 13 ippvc interface Command Summary

COMMAND DESCRIPTION M P

ippvc interface port-channel <interface-id> vpi <0-255> vci <32-65535> pvid <vlan-id> encap <llc/vc> priority <0-7> subnet <ip> <mask> default-route <ip> [inactive]

CHAPTER 5

Sets up a routed PVC for IPoA packets on the specified port.

<interface-id>: VDSL port number

vpi: Virtual Path Identifier

vci: Virtual Circuit Identifier

pvid: PVID of PVC

encap: encapsulation method for PVC <llc/vc>

C13

no ippvc interface port-channel <interface-id> vpi <0-255> vci <32-65535> <cr>

no ippvc interface port-channel <interface-id> vpi <0-255> vci <32-65535> inactive

show ippvc <cr>

priority: PVLAN priority <0-7>

subnet: subnet IP address and mask <ip> <mask>

default-route: default gateway IP address <ip>

inactive: Include this to disable the routed PVC.

Deletes the routed PVC interface.

<interface-id>: VDSL port number

vpi: Virtual Path Identifier

vci: Virtual Circuit Identifier

Enables the routed PVC interface.

<interface-id>: VDSL port number

vpi: Virtual Path Identifier

vci: Virtual Circuit Identifier

Displays the routed PVC interfaces. E 0

C13

VES Switch CLI Reference Guide

Page 25

Chapter 5 ADSL Fallback Commands

Table 14 paepvc interface Command Summary

COMMAND DESCRIPTION M P

paepvc interface port-channel <interface-id> vpi <0-255> vci <32-65535> pvid <vlan-id> encap <llc/vc> priority <0-7> [inactive]

no paepvc interface portchannel <interface-id> vpi <0255> vci <32-65535> <cr>

no paepvc interface portchannel <interface-id> vpi <0255> vci <32-65535> inactive

show paepvc <cr>

Configures a PPPoA to PPPoE PVC for PAE translation on the specified port.

<interface-id>: VDSL port number

vpi: Virtual Path Identifier

vci: Virtual Circuit Identifier

pvid: PVID of PVC

encap: encapsulation method for PVC <llc/vc>

priority: PVLAN priority <0-7>

inactive: Include this to disable the PPPoA to PPPoE PVC.

Discards the PPPoA to PPPoE PVC.

<interface-id>: VDSL port number

vpi: Virtual Path Identifier

vci: Virtual Circuit Identifier

Enables the PPPoA to PPPoE PVC.

<interface-id>: VDSL port number

vpi: Virtual Path Identifier

vci: Virtual Circuit Identifier

Displays the PPPoA to PPPoE PVCs. E 0

C13

VES Switch CLI Reference Guide

Page 26

Chapter 5 ADSL Fallback Commands

Table 15 pvc interface Command Summary

COMMAND DESCRIPTION M P

pvc interface port-channel <interface-id> vpi <0-255> vci <32-65535> pvid <vlan-id> encap <llc/vc> priority <0-7> <fcs/ no-fcs> mvlan <enable/disable> [inactive]

Sets up a bridge PVC for Ethernet over ATM (EoA) packets on the specified port.

<interface-id>: VDSL port number

vpi: Virtual Path Identifier

vci: Virtual Circuit Identifier

pvid: PVID of PVC

encap: encapsulation method for PVC <llc/vc>

priority: PVLAN priority <0-7>

fcs/no-fcs: preserve the PDU’s Frame Check Sequence

or not

mvlan: Enable or disable multicast VLAN. Multicast VLAN allows one single multicast VLAN to be shared among different subscriber VLANs on the network. This improves bandwidth utilization by reducing multicast traffic in the subscriber VLANs and simplifies multicast group management.

C13

no pvc interface port-channel <interface-id> vpi <0-255> vci <32-65535> <cr>

no pvc interface port-channel <interface-id> vpi <0-255> vci <32-65535> inactive

show pvc <cr>

inactive: Include this to disable the created bridge PVC.

Discards the bridge PVC interface.

C13

<interface-id>: VDSL port number

vpi: Virtual Path Identifier

vci: Virtual Circuit Identifier

Enables the bridge PVC interface.

<interface-id>: VDSL port number

vpi: Virtual Path Identifier

vci: Virtual Circuit Identifier

Displays the bridge PVCs. E 0

C13

VES Switch CLI Reference Guide

Page 27

Use these commands to look at IP-to-MAC address mapping(s).

6.1 Command Summary

The following section lists the commands for this feature.

Table 16 arp Command Summary

COMMAND DESCRIPTION M P

show ip arp

show ip arp flush

no arp

CHAPTER 6

ARP Commands

Displays the ARP table. E 13

Clears the ARP table. E 13

Flushes the ARP table entries. E 13

6.2 Command Examples

This example shows the ARP table.

sysname# show ip arp Index IP MAC VLAN Age(s) Type 1 172.16.10.254 00:04:80:9b:78:00 1 300 dynamic

The following table describes the labels in this screen.

Table 17 show ip arp

LABEL DESCRIPTION

Index This field displays the index number.

IP This field displays the learned IP address of the device.

MAC This field displays the MAC address of the device.

VLAN This field displays the VLAN to which the device belongs.

Age(s) This field displays how long the entry remains valid.

Type This field displays how the entry was learned.

dynamic: The Switch learned this entry from ARP packets.

VES Switch CLI Reference Guide

Page 28

ARP Inspection Commands

Use these commands to filter unauthorized ARP packets in your network.

7.1 Command Summary

The following section lists the commands for this feature.

Table 18 arp inspection Command Summary

COMMAND DESCRIPTION M P

show arp inspection

arp inspection

no arp inspection

clear arp inspection statistics

clear arp inspection statistics vlan <vlan-list>

show arp inspection statistics

show arp inspection statistics vlan <

vlan-list>

CHAPTER 7

Displays ARP inspection configuration details. E 3

Enables ARP inspection on the Switch. You still have to enable ARP inspection on specific VLAN and specify trusted ports.

Disables ARP inspection on the Switch. C 13

Removes all ARP inspection statistics on the Switch. E 3

Removes ARP inspection statistics for the specified VLAN(s). E 3

Displays all ARP inspection statistics on the Switch. E 3

Displays ARP inspection statistics for the specified VLAN(s). E 3

C13

Table 19 Command Summary: arp inspection filter

COMMAND DESCRIPTION M P

show arp inspection filter [<mac-addr>] [vlan <vlan-id>]

no arp inspection filter <mac-

addr

> vlan <vlan-id>

clear arp inspection filter

arp inspection filter-agingtime <1-2147483647>

arp inspection filter-agingtime none

no arp inspection filteraging-time

VES Switch CLI Reference Guide

Displays the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. Optionally, lists MAC address filters based on the MAC address or VLAN ID in the filter.

Specifies the ARP inspection record you want to delete from the Switch. The ARP inspection record is identified by the MAC address and VLAN ID pair.

Delete all ARP inspection filters from the Switch. E 13

Specifies how long (1-2147483647 seconds) MAC address filters remain in the Switch after the Switch identifies an unauthorized ARP packet. The Switch automatically deletes the MAC address filter afterwards.

Specifies the MAC address filter to be permanent. C 13

Resets how long (1-2147483647 seconds) the MAC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet to the default value.

E13

C13

Page 29

Chapter 7 ARP Inspection Commands

Table 20 Command Summary: arp inspection log

COMMAND DESCRIPTION M P

show arp inspection log

clear arp inspection log

arp inspection log-buffer entries <0-1024>

arp inspection log-buffer logs <0-1024> interval <0-86400>

no arp inspection log-buffer entries

no arp inspection log-buffer logs

Displays the log settings configured on the Switch. It also displays the log entries recorded on the Switch.

Delete all ARP inspection log entries from the Switch. E 13

Specifies the maximum number (1-1024) of log messages that can be generated by ARP packets and not sent to the syslog server.

If the number of log messages in the Switch exceeds this number, the Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer.

Specifies the number of syslog messages that can be sent to the syslog server in one batch and how often (1-86400 seconds) the Switch sends a batch of syslog messages to the syslog server.

Resets the maximum number (1-1024) of log messages that can be generated by ARP packets and not sent to the syslog server to the default value.

Resets the maximum number of syslog messages the Switch can send to the syslog server in one batch to the default value.

C13

Table 21 Command Summary: interface arp inspection

COMMAND DESCRIPTION M P

show arp inspection interface

Displays the ARP inspection settings for the specified port(s). E 3

port-channel <port-list>

interface port-channel <port-

list

arp inspection limit rate <0-2048> [burst interval <1-15>]

arp inspection trust

no arp inspection trust

arp inspection limit rate

pps> [burst interval

< <seconds>]

no arp inspection limit

Enters config-interface mode for the specified port(s). C 13

Specifies the maximum rate in packets per second (1-2048 pps) at which the Switch receives ARP packets through each port. The Switch discards any additional ARP packets. Use 0 to disable this limit.

Burst interval is the length of time over which the rate of ARP packets is monitored for each port. For example, if the rate is 15 pps and the burst interval is 1 second, then the Switch accepts a maximum of 15 ARP packets in every one-second interval. If the burst interval is 5 seconds, then the Switch accepts a maximum of 75 ARP packets in every five-second interval. Set the length (1-15 seconds) of the burst interval.

Sets the port to be a trusted port for arp inspection. The Switch does not discard ARP packets on trusted ports for any reason.

Disables this port from being a trusted port for ARP inspection.

Sets a rate limit (in pps, packets per second) for ARP packets on the port. You can also set the burst interval (in seconds) over which the rate of ARP packets is monitored.

Disables the rate limit for ARP packets. C 13

C13

VES Switch CLI Reference Guide

Page 30

Chapter 7 ARP Inspection Commands

Table 22 Command Summary: arp inspection vlan

COMMAND DESCRIPTION M P

show arp inspection vlan <

list

vlan-

arp inspection vlan <vlan-list>

no arp inspection vlan <vlan-

list

arp inspection vlan <vlan-list> logging [all|none|permit|deny]

no arp inspection vlan <vlan-

> logging

list

7.2 Command Examples

This example looks at the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.

Displays ARP inspection settings for the specified VLAN(s). E 3

Enables ARP inspection on the specified VLAN(s). C 13

Disables ARP inspection on the specified VLAN(s). C 13

Enables logging of ARP inspection events on the specified VLAN(s). Optionally specifies which types of events to log.

Disables logging of messages generated by ARP inspection for the specified VLAN(s).

C13

sysname# show arp inspection filter Filtering aging timeout : 300

MacAddress VLAN Port Expiry (sec) Reason

----------------- ---- ----- ------------ ------------- Total number of bindings: 0

The following table describes the labels in this screen.

Table 23 show arp inspection filter

LABEL DESCRIPTION

Filtering aging timeout This field displays how long the MAC address filters remain in the Switch after the

Switch identifies an unauthorized ARP packet. The Switch automatically deletes the MAC address filter afterwards.

MacAddress This field displays the source MAC address in the MAC address filter.

VLAN This field displays the source VLAN ID in the MAC address filter.

Port This field displays the source port of the discarded ARP packet.

Expiry (sec) This field displays how long (in seconds) the MAC address filter remains in the Switch.

Reason This field displays the reason the ARP packet was discarded.

You can also delete the record manually (Delete).

MAC+VLAN: The MAC address and VLAN ID were not in the binding table. IP: The MAC address and VLAN ID were in the binding table, but the IP address was

not valid. Port: The MAC address, VLAN ID, and IP address were in the binding table, but the

port number was not valid.

VES Switch CLI Reference Guide

Page 31

Chapter 7 ARP Inspection Commands

This example looks at log messages that were generated by ARP packets and that have not been sent to the syslog server yet.

sysname# show arp inspection log Total Log Buffer Size : 32 Syslog rate : 5 entries per 1 seconds

Port Vlan Sender MAC Sender IP Pkts Reason Time

---- ---- ----------------- --------------- ---- ---------- ----

-------------------- Total number of logs: 0

The following table describes the labels in this screen.

Table 24 show arp inspection log

LABEL DESCRIPTION

Total Log Buffer Size This field displays the maximum number (1-1024) of log messages that were

Syslog rate This field displays the maximum number of syslog messages the Switch can send to

Port This field displays the source port of the ARP packet.

Vlan This field displays the source VLAN ID of the ARP packet.

Sender MAC This field displays the source MAC address of the ARP packet.

Sender IP This field displays the source IP address of the ARP packet.

Pkts This field displays the number of ARP packets that were consolidated into this log

Reason This field displays the reason the log message was generated.

Time This field displays when the log message was generated.

Total number of logs This field displays the number of log messages that were generated by ARP packets

generated by ARP packets and have not been sent to the syslog server yet.

If the number of log messages in the Switch exceeds this number, the Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer.

the syslog server in one batch. This number is expressed as a rate because the batch frequency is determined by the Log Interval.

message. The Switch consolidates identical log messages generated by ARP packets in the log consolidation interval into one log message.

static deny: An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID.

deny: An ARP packet was discarded because there were no bindings with the same MAC address and VLAN ID.

static permit: An ARP packet was forwarded because it matched a static binding.

and that have not been sent to the syslog server yet. If one or more log messages are dropped due to unavailable buffer, there is an entry called overflow with the current number of dropped log messages.

This example displays whether ports are trusted or untrusted ports for ARP inspection.

sysname# show arp inspection interface port-channel 1 Interface Trusted State Rate (pps) Burst Interval

--------- ------------- ---------- ------------- 1 Untrusted 15 1

VES Switch CLI Reference Guide

Page 32

Chapter 7 ARP Inspection Commands

The following table describes the labels in this screen.

Table 25 show arp inspection interface port-channel

LABEL DESCRIPTION

Interface This field displays the port number. If you configure the * port, the settings are

Trusted State This field displays whether this port is a trusted port (Trusted) or an untrusted port

Rate (pps) This field displays the maximum number for DHCP packets that the switch receives

Burst Interval This field displays the length of time over which the rate of ARP packets is monitored

applied to all of the ports.

(Untrusted).

Trusted ports are connected to DHCP servers or other switches, and the switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high.

from each port each second. The switch discards any additional DHCP packets.

for each port. For example, if the Rate is 15 pps and the burst interval is 1 second, then the switch accepts a maximum of 15 ARP packets in every one-second interval. If the burst interval is 5 seconds, then the switch accepts a maximum of 75 ARP packets in every five-second interval.

VES Switch CLI Reference Guide

Page 33

Bandwidth Commands

Use these commands to configure the maximum allowable bandwidth for incoming or outgoing traffic flows on a port.

8.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 26 bandwidth-control and bandwidth-limit User-input Values

COMMAND DESCRIPTION

rate

port-list

0~1000000 or 1000~1000000 Kbps.

Enter one or more port number(s). Use dash or comma to specify multiple port numbers. For example, “1~10“ means from port 1 to port 10. “1,10“ means port 1 and port 10.

CHAPTER 8

The following section lists the commands for this feature.

Table 27 bandwidth-control and bandwidth-limit Command Summary

COMMAND DESCRIPTION M P

show interfaces config <port-

list

> bandwidth-control

bandwidth-control

no bandwidth-control

interface port-channel <port-

list

bandwidth-limit

no bandwidth-limit

bandwidth-limit cir <rate>

bandwidth-limit ingress <rate>

Displays the current settings for interface bandwidth control. E 13

Enables bandwidth control on the Switch. C 13

Disables bandwidth control on the Switch. C 13

Enters config-interface mode for the specified port(s). C 13

Enables bandwidth limits on the port(s). C 13

Disables bandwidth limits on the port(s). C 13

Sets the Committed Information Rate (CIR) which is the guaranteed bandwidth for the incoming traffic flow on a port.

Sets the maximum bandwidth in kbps allowed for incoming traffic on the port(s).

C13

VES Switch CLI Reference Guide

Page 34

Chapter 8 Bandwidth Commands

Table 27 bandwidth-control and bandwidth-limit Command Summary (continued)

COMMAND DESCRIPTION M P

bandwidth-limit egress

rate>

bandwidth-limit pir <rate>

8.2 Command Examples

Sets the maximum bandwidth in kbps allowed for outgoing traffic on the port(s).

Sets the Peak Information Rate (PIR) in kbps which is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion.

The CIR and PIR should be set for all ports that use the same uplink bandwidth. If the CIR is reached, packets are sent at the rate up to the PIR. When network congestion occurs, packets through the ingress port exceeding the CIR will be marked for drop.

Note: The CIR should be less than the PIR.

Note: The sum of CIRs cannot be greater than or

equal to the uplink bandwidth.

C13

This example sets the outgoing traffic bandwidth limit to 5000 Kbps and the incoming traffic bandwidth limit to 4000 Kbps for port 1.

sysname# configure sysname(config)# bandwidth-control sysname(config)# interface port-channel 1 sysname(config-interface)# bandwidth-limit sysname(config-interface)# bandwidth-limit egress 5000 sysname(config-interface)# bandwidth-limit ingress 4000 sysname(config-interface)# exit sysname(config)# exit

This example deactivates the bandwidth limits on port 1.

sysname# configure sysname(config)# interface port-channel 1 sysname(config-interface)# no bandwidth-limit sysname(config-interface)# exit sysname(config)# exit

VES Switch CLI Reference Guide

Page 35

CHAPTER 9

Broadcast Storm Commands

Use these commands to limit the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports.

9.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 28 storm-control, bmstorm-control, and limit User-input Values

COMMAND DESCRIPTION

pkt/s

The following section lists the commands for this feature.

0~148800 or 0~262143

Table 29 storm-control, bmstorm-control, and limit Command Summary

COMMAND DESCRIPTION M P

show interfaces config <

> bstorm-control

list

storm-control

no storm-control

storm-limit

storm-limit CIR <cir>

no storm-limit

interface port-channel <port-

list

broadcast-limit

broadcast-limit <pkt/s>

no broadcast-limit

dlf-limit

dlf-limit <pkt/s>

no dlf-limit

multicast-limit

port-

Displays the current settings for broadcast storm control. E 13

Enables broadcast storm control on the Switch. C 13

Disables broadcast storm control on the Switch. C 13

Enables broadcast rate limit on the Switch. C 13

Sets the guaranteed data rate allowed for the broadcast, DLF and multicast packets.

cir: Enters the committed information rate from 1 to 16384 kbps.

Disables broadcast rate limit on the Switch. C 13

Enters config-interface mode for the specified port(s). C 13

Enables the broadcast packet limit on the specified port(s). C 13

Sets the broadcast packet limit (in packets per second) on the specified port(s).

Disables the broadcast packet limit on the specified port(s). C 13

Enables the Destination Lookup Failure (DLF) packet limit. C 13

Sets the DLF packet limit (in packets per second) on the specified port(s).

Disables the destination lookup failure (DLF) packet limit on the specified port(s).

Enables the multicast packet limit on the specified port(s). C 13

C13

VES Switch CLI Reference Guide

Page 36

Chapter 9 Broadcast Storm Commands

Table 29 storm-control, bmstorm-control, and limit Command Summary (continued)

COMMAND DESCRIPTION M P

multicast-limit <

no multicast-limit

pkt/s>

9.2 Command Examples

This example enables broadcast storm control on port 1 and limits the maximum number of broadcast packets to 128 packets per second.

sysname# configure sysname(config)# storm-control sysname(config)# interface port-channel 1 sysname(config-interface)# broadcast-limit sysname(config-interface)# broadcast-limit 128 sysname(config-interface)# exit sysname(config)# exit

Sets the multicast packet limit (in packets per second) on the specified port(s).

Disables the multicast packet limit on the specified port(s). C 13

C13

VES Switch CLI Reference Guide

Page 37

Use these commands to configure the Connectivity Fault Management (CFM) on the Switch.

10.1 CFM Term Definition

This section lists the common term definition appears in this chapter. Refer to User’s Guide for more detailed information about CFM.

Table 30 CFM Term Definition

TERM DESCRIPTION

CFM CFM (Connectivity Fault Management) is used to detect, analyze connectivity faults

in bridged LANs.

MD An MD (Maintenance Domain) is a group identified by a level number. You can

create more than one MA groups in one MD.

MA An MA (Maintenance Association) is a group identified by a VLAN ID. One MA

should belong to one and only one MD group.

CFM Domain A CFM domain is a group identified by an MD and an MA. For example, ports in MD

level 1 and MA VLAN 2 are in the same CFM domain while ports in MD level 7 and MA VLAN 2 are in another CFM domain.

CFM Action CFM provides three tests to discover connectivity faults.

CHAPTER 10

CFM Commands

• CC (Connectivity Check) - enables an MEP port sending Connectivity Check

Messages (CCMs) periodically to other MEP ports. An MEP port collects CCMs to get other MEP information within an MA.

• LBT (Loop Back Test) - checks if the MEP port receives its LBR (Loop Back

Response) from its target after it sends the LBM (Loop Back Message). If no response is received, there might be a connectivity fault between them.

• LTT (Link Trace Test) - provides additional connectivity fault analysis to get more

information on where the fault is. In the link trace test, MIP ports also send LTR (Link Trace Response) to response the source MEP port’s LTM (Link Trace Message). If an MIP or MEP port does not respond to the source MEP, this may indicate a fault. Administrators can take further action to check and resume services from the fault according to the line connectivity status report.

MEP An MEP port has the ability to send and reply the CCMs, LBMs and LTMs. It also gets

other MEP port information from neighbor switches’ CCMs in an MA.

MIP An MIP port forwards the CCMs, LBMs, and LTMs and replies the LBMs and LTMs by

sending Loop Back Responses (LBRs) and Link Trace Responses (LTRs).

VES Switch CLI Reference Guide

Page 38

Chapter 10 CFM Commands

10.2 User Input Values

This section lists the common term definition appears in this chapter. Refer to User’s Guide for more detailed information about CFM.

Table 31 CFM command user input values

USER INPUT DESCRIPTION

level <0~7> vlan <1~4094>

This identifies a specified CFM domain which consists of an MD level and an MA VLAN ID.

10.3 Command Summary

The following section lists the commands for this feature.

Table 32 CFM Command Summary

COMMAND DESCRIPTION M P

cfm domain <domain-name> level <0~7>

service <ma-name> vlan <1~4094> [name-format <1:PVID|2:String|3:Integer>]

Creates an MD with the name and the level number. C 13

Creates an MA (Maintenance Association) and defines its VLAN ID under the MD. You can also define the format which the Switch uses to send this MA information in the domain (MD).

C13

service <ma-name> ccm-interval <3~7>

no service <ma-name>

cfm debug <0:disable|1:enable>

cfm-action enable

cfm-action cc level <0~7> vlan <1~4094>

cfm-action loopback level <0~7> vlan <1~4094> mepid <1~8191> destination <

dest-mac-address>

count <count>

cfm-action loopback level <0~7> vlan <1~4094> mepid <1~8191> target-mepid <1~8191> count

count>

cfm-action loopback print

Note: This specified VLAN ID must be existed

already before you specify it for an MA.

Sets the time interval the Switch waits to send a connectivity check message (CCM).

3: 100 milliseconds, 4: 1 second, 5: 10 second, 6: 1 minute, 7: 10 minute

Deletes the MA under the MD. C 13

Disables or enables the CFM debug mode. C 13

Enables the global switch of CFM action. C 13

Enables Connectivity Check (CC) in the MD level and the MA VLAN.

This enables all MEP ports in a specified CFM domain to send CCM (Connectivity Check message).

Specify the MD level, MA vlan ID, MEP ID, destination MAC address and how many times to perform a loopback test.

This enables the MEP port (with the specified MEP ID) in a specified CFM domain to send the LBM (Loop Back Message) to a specified remote interface a specified number of times.

This enables the MEP port (with the specified MEP ID) in a specified CFM domain to send the LBM (Loop Back Message) to a specified remote MEP.

Displays the loopback testing result in the console. C 13

C13

VES Switch CLI Reference Guide

Page 39

Chapter 10 CFM Commands

Table 32 CFM Command Summary (continued)

COMMAND DESCRIPTION M P

cfm-action loopback interval

interval>

cfm-action linktrace level <0~7> vlan <1~4094> mepid <1~8191> destination <

dest-mac-address>

cfm-action linktrace level <0~7> vlan <1~4094> mepid <1~8191> target-mepid <1~8191>

clear cfm mep-counter level <0~7>

Sets the loopback test interval. Each unit represents 100 ms.

Specifies the MD level, MA vlan ID, MEP ID, destination MAC address to perform a link trace test.

This enables the MEP port (with the specified MEP ID) in a specified CFM domain to send the LTM (Link Trace Message) to a specified remote interface.

This enables the MEP port (with the specified MEP ID) in a specified CFM domain to send the LTM (Link Trace Message) to a specified remote MEP.

Removes the CFM counters for the specified MEP port. E 13

C13

vlan <1~4094> mepid <1~8191>

interface port-channel <port-list>

cfm mip level <level> vlan

Enters config-interface mode for the specified port(s). C 13

Associates MIP ports with the specified CFM domain. C 13

<vlan_id>

cfm mep level <level> mepid

Associates MEP ports with the specified CFM domain. C 13

<mepid> vlan <vlan_id> [direction <1:downstream|2:upstream>]

no cfm mip level <level> vlan

Unassociates MEP ports with the specified CFM domain. C 13

<vlan_id>

no cfm mep level <level> vlan

Unassociates MIP ports with the specified CFM domain. C 13

<vlan_id>

no cfm domain <domain-name|all>

no cfm-action enable

no cfm-action cc level <0~7> vlan <1~4094>

no cfm-action loopback level <0~7> vlan <1~4094> mepid <mepid>

no cfm-action loopback print

show cfm domain <domain-name|all>

show cfm-action

show cfm-action counter level <0~7> vlan <1~4094> mepid <1~8191>

show cfm-action mepccmdb level <0~7> vlan <1~4094>

Deletes a specified MD or all MDs. C 13

Disables the global switch of CFM action. C 13

Stops all MEP ports sending the CCM in the specified CFM domain.

Stops the loopback test from the MEP port (with the specified MEP ID) in the specified CFM domain.

Disables the loopback testing result displaying in the console.

Displays CFM domains (MD; Maintenance Domain). E 13

Displays CFM action settings. E 13

Displays the index number for each test try from the MEP port (with the specified MEP ID) in a specified CFM domain.

Use this to check the progress of a CFM test.

Displays the MEP-CCM database information which stores neighbors’ MEP ports information getting from the incoming CC in the specified CFM domain.

You can use this database information to provide the destination’s (an MEP port) MAC address when starting a CFM action such as loopback test or link trace test.

C13

E13

VES Switch CLI Reference Guide

Page 40

Chapter 10 CFM Commands

Table 32 CFM Command Summary (continued)

COMMAND DESCRIPTION M P

show cfm-action mipccmdb level <0~7> vlan <1~4094>

show cfm-action ltmreplylist level <0~7> vlan <1~4094> mepid <1~8191>

show cfm-action ltmreplylist level <0~7> vlan <1~4094> mepid <1~8191> transid <

trans-id>

10.4 Command Examples

This example creates MD1 (with level 1). Then it creates MA2 (with VLAN 2) and MA3 (with VLAN 3) under MD1 that defines a CFM domain.

Displays the MIP-CCM database information which stores neighbors’ MEP ports information getting from the incoming CC in the specified CFM domain.

Local MIP ports use this database information to forward CFM messages.

Displays the LTM response list in a link trace test. E 13

Displays the LTM response list for the specified transaction in a link trace test.

trans-id: This is the index number of the LTM sent in a link trace test.

E13

sysname# config sysname(config)# cfm domain MD1 level 1 sysname(config-CFM_MD(1-1))# service MA2 vlan 2 sysname(config-CFM_MD(1-1))# service MA3 vlan 3 sysname(config-CFM_MD(1-1))# exit sysname(config)# exit sysname# write memory

Note: Remember to save new settings using write memory command.

This example deletes MA3 from MD1.

sysname# config sysname(config)# cfm domain MD1 level 1 sysname(config-CFM_MD(1-1))# no service MA3 sysname(config-CFM_MD(1-1))# exit sysname(config)# exit sysname# write memory

VES Switch CLI Reference Guide

Page 41

Chapter 10 CFM Commands

This example associates port 17 as an MEP port with MEP ID 100 and port 18 as an MIP port in the specified CFM domain (MD level 1, MA VLAN 2).

sysname(config)# interface port-channel 17 sysname(config-interface)# cfm mep level 100 mepid 1 vlan 2 sysname(config-interface)# exit sysname(config)# interface port-channel 18 sysname(config-interface)# cfm mip level 1 vlan 2 sysname(config-interface)# exit sysname(config)# exit sysname# write memory

This example lists all CFM domains. In this example, only one MD (MD1) is configured. The MA2 with the associated MEP ID 100 and MIP port 17 and 18 are under this MD1.

sysname# show cfm domain all Maintenance Domain: Name: MD1, Level: 1 Service Instance: ID: MA2, VLAN ID: 2, CCM Interval: 1 sec Short MA name Format: Integer MEP: Port: 17, ID: 100 MIP: Port: 18

This example enables CFM action and then displays the CFM action status, loopback message result printing (is off) and the interval a MEP sends a loopback message (every 1000 milliseconds).

sysname(config)# cfm-action enable sysname# show cfm-action Status: Enabled Print Loopback Message: N Interval to Send Loopback Message: 10 * 100ms

This example enables the loopback test result displaying on the console. It starts a LBT (Loop Back Test) and sends an LBM five times. You can see each LBM (Loop Back Message) with the transaction ID numbers shown next to it.

sysname# config sysname(config)# cfm-action loopback print sysname(config)# cfm-action loopback level 1 vlan 2 mepid 15 destination 00a0c5134925 count 5 sysname(config)# LBM sent to 25:13:f4:e8:02:13 transaction ID: 0 LBM sent to 25:13:f4:e8:02:13 transaction ID: 1 LBM sent to 25:13:f4:e8:02:13 transaction ID: 2 LBM sent to 25:13:f4:e8:02:13 transaction ID: 3 ...

VES Switch CLI Reference Guide

Page 42

Chapter 10 CFM Commands

This example displays all neighbors’ MEP port information in the MEP-CCM and MIP-CCM databases. You can use the MEP-CCM database to get and use a MAC address as the destination to starting a CFM test. But for the MIP-CCM database, local MIP ports use the information to forward CFM messages.

sysname# show cfm-action mepccmdb level 2 vlan 101 MEP ID MAC Address lastRDI last SeqNum CCMdefect 1 00:19:cb:00:12:35 N 176 N

sysname# show cfm-action mipccmdb level 2 vlan 101 MEP ID VLAN ID MAC Address Port 1 101 00:19:cb:00:12:35 26

The following table describes the labels in this screen.

Table 33 show cfm-action mepccmdb

LABEL DESCRIPTION

MEP ID Displays neighbors’ MEP’s MEP ID coming from the incoming CCM (Connectivity

Check Message).

MAC Address Displays the MAC address of the MEP port.

lastRDI Displays the state of the RDI (Remote Defect Indication) coming from the last

incoming CCM (Connectivity Check Message). This indicates whether the MEP detected connectivity faults.

last SeqNum Displays the sequence number of the last received CCM.

CCMdefect Displays whether the switch received this MEP’s CCMs during the last time interval

(3.25 multiplied by the CCM interval value). Y displays if the MEP has not received any CCMs for a while and there might be a connectivity fault between the device and the remote MEP. Otherwise, it displays N.

Table 34 show cfm-action mipccmdb

LABEL DESCRIPTION

MEP ID Displays the neighbor MEP port’s ID number.

VLAN ID Displays the MA VLAN ID of the last received CCM.

MAC Address Displays the MAC address of the MEP port.

Port Displays the MEP port’s number on the switch receiving the last CCM.

This example displays a loopback test report initialized from a MEP 101 which belongs to MD level 1 and VLAN 1.

sysname# cfm-action counter level 1 vlan 1 mepid 101 someMACstatusDefect: N someRMEPCCMdefect: N errorCCMdefect: N xconCCMdefect: N CCMsequenceErrors: 0 CCIsentCCMs: 343 nextLBMtransID: 100 expectedLBRtransID: 100 inorderLBRs: 100 outorderLBRs: 0 unmatchedLBRs: 0 nextLTMtransID: 2 unexpectedLTRs: 0 transmittedLBRs: 10

VES Switch CLI Reference Guide

Page 43

Chapter 10 CFM Commands

The following table describes the labels in this screen.

Table 35 show cfm-action counter

LABEL DESCRIPTION

someMACstatusDefect This field displays Y if remote MEP(s) detected an OSI layer-2 problem. Otherwise, it

someRMEPCCMdefect This field displays Y if remote MEP(s) didn’t receive some CCMs (connectivity check

errorCCMdefect This field displays Y if remote MEP(s) received erroneous CCMs. Otherwise, it displays

xconCCMdefect This field displays Y if remote MEP(s) received CCMs which belong to other MA

CCMsequenceErrors This field displays the number of out-of-sequence CCMs the MEP has received.

CCIsentCCMs This field displays the number of CCMs the MEP has transmitted.

nextLBMtransID This field displays the transaction ID with which the MEP should transmit in the next

expectedLBRtransID This field displays the transaction ID with which the MEP expects to receive in the

inorderLBRs This field displays the number of in-order LBR messages the MEP has received since it

outorderLBRs This field displays the number of out-of-order LBR messages the MEP has received

unmatchedLBRs This field displays the number of LBR messages with unexpected content information

nextLTMtransID This field displays the transaction ID with which the MEP will transmit in the next LTM

unexpectedLTRs This field displays the number of unexpected LTR (link trace response) messages the

transmittedLBRs This field displays the total number of LBR messages the MEP has transmitted.

displays N. A broken link connection or port is an example of an OSI layer-2 problem.

messages). Otherwise, it displays N.

(maintenance association). Otherwise, it displays N.

loopback message (LBM).

next loopback response (LBR) message sent from a remote MEP.

started up.

since it started up. The higher number of this field might due to a fault connectivity between the MEP and a remote MEP.

the MEP has received since it started up.

(link trace message).

MEP has received since it started up.

VES Switch CLI Reference Guide

Page 44

CHAPTER 11

Classifier Commands

Use these commands to identify traffic flows based on various criteria. After you identify a traffic flow, you can specify the treatment it gets in the network using policy commands (see Chapter 55 on page

193).

VES Switch CLI Reference Guide

Page 45

Chapter 11 Classifier Commands

11.1 Command Summary

The following section lists the commands for this feature.

Table 36 classifier Command Summary

COMMAND DESCRIPTION M P

show classifier [name]

classifier <name> <[packetformat <802.3untag|802.3tag|EtherIIun tag|EtherIItag>] [priority <07>] [vlan < type <ether-

|ip|ipv6|ipx|arp|rarp|apple

num

talk|decnet|sna|netbios|dlc>] [source-mac <src-mac-addr>] [source-port < [destination-mac <dest-mac-

addr

>] [dscp <0-63>] [ip-

protocol <

num

|tcp|udp|icmp|egp|ospf|rsvp |igmp|igp|pim|ipsec> [establish-only]] [source-ip

src-ip-addr> [mask-bits <mask-

bits

>]] [ipv6-source-ip <src-

ipv6-addr bits

>]] [source-socket <socket-

num

>] [destination-ip <dest-ip-

> [mask-bits <mask-bits>]]

addr

[ipv6-destination-ip <dest-

ipv6-addr

>]] [destination-socket

bits

<socket-num>] [inactive]>

vlan-id>] [ethernet-

port-num>]

protocol-

> [mask-bits <mask-

Displays all classifier-related information. Optionally, displays the specified classifier.

Configures a classifier. A classifier groups traffic into data flows according to the following criteria:

name: 1~32 English keyboard characters

packet-format: Ethernet frame type and VLAN tagging.

priority: IEEE 802.1p priority.

vlan: VLAN ID.

ethernet-type: Protocol number of the frame or pre-

defined option.

<ether-num>: 32-bit Ethernet protocol number in hexadecimal format (FFFF).

source-mac: Source MAC address.

source-port: Source port number.

destination-mac: Destination MAC address.

dscp: DSCP value.

ip-protocol: Specific IP protocol number or pre-defined

option.

protocol-num: 8-bit IP protocol number in decimal format (0~255).

source-ip: Range of source IPv4 addresses, specified by IPv4 address and the number of subnet mask bits.

source-socket: Source socket number.

E13

C13

no classifier <name>

destination-ip: Range of destination IPv4 addresses,

specified by IPv4 address and the number of subnet mask bits.

destination-socket: Destination socket number.

inactive: Deactivates the classifier.

ipv6-source-ip: Range of source IPv6 addresses, specified

by IPv6 address and the number of subnet mask bits.

ipv6-destination-ip: Range of destination IPv6 addresses, specified by IPv6 address and the number of subnet mask bits.

destination-socket: Destination socket number.

The options vary depending on your model.

Disables the classifier. Each classifier has one rule.

If you disable a classifier you cannot use policy rule related information.

VES Switch CLI Reference Guide

C13

Page 46

Chapter 11 Classifier Commands

Table 36 classifier Command Summary (continued)

COMMAND DESCRIPTION M P

no classifier <

classifier help

name> inactive

11.2 Command Examples

See Chapter 55 on page 193.

Enables a classifier. C 13

Provides more information about the specified command. C 13

VES Switch CLI Reference Guide

Page 47

Cluster Commands

Use these commands to configure cluster management settings. Cluster management allows you to manage switches through one switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.

12.1 Command Summary

The following section lists the commands for this feature.

Table 37 cluster Command Summary

COMMAND DESCRIPTION M P

show cluster

show cluster candidates

show cluster member

show cluster member config

show cluster member mac <mac-

address

no classifier <name>

cluster <vlan-id>

cluster member <mac-address> password <

cluster name <cluster-name>

cluster rcommand <mac-address>

no cluster

no cluster member <mac-address>

password>

CHAPTER 12

Displays all classifier related information. E 13

Displays cluster candidate information. E 13

Displays the MAC address of the cluster member(s). E 13

Displays the configuration of the cluster member(s). E 13

Displays the status of the cluster member(s). E 13

Disables the classifier. Each classifier has one rule.

If you disable a classifier you cannot use policy rule related information.

Sets the cluster management VLAN ID. C 13

Sets the cluster member switch's hardware MAC address and password.

Configures a name to identify the cluster manager. C 13

Logs into a cluster member switch. C 13

Disables cluster management on the Switch. C 13

Removes the cluster member. C 13

C13

VES Switch CLI Reference Guide

Page 48

Chapter 12 Cluster Commands

12.2 Command Examples

This example creates the cluster CManage in VLAN 1. Then, it looks at the current list of candidates for membership in this cluster and adds two switches to cluster.

sysname# configure sysname(config)# cluster 1 sysname(config)# cluster name CManage sysname(config)# exit sysname# show cluster candidates Clustering Candidates: Index Candidates(MAC/HostName/Model) 0 00:13:49:00:00:01/VES-1616FB-35/VES-1616FB-35 1 00:13:49:00:00:02/VES-1616FB-35/VES-1616FB-35 2 00:19:cb:00:00:02/VES-1616FB-35/VES-1616FB-35 sysname# configure sysname(config)# cluster member 00:13:49:00:00:01 password 1234 sysname(config)# cluster member 00:13:49:00:00:02 password 1234 sysname(config)# exit sysname# show cluster member Clustering member status: Index MACAddr Name Status 1 00:13:49:00:00:01 VES-1616FB-35 Online 2 00:13:49:00:00:02 VES-1616FB-35 Online

The following table describes the labels in this screen.

Table 38 show cluster member

LABEL DESCRIPTION

Index This field displays an entry number for each member.

MACAddr This field displays the member’s MAC address.

Name This field displays the member’s system name.

Status This field displays the current status of the member in the cluster.

Online: The member is accessible. Error: The member is connected but not accessible. For example, the member’s

password has changed, or the member was set as the manager and so left the member list. This status also appears while the Switch finishes adding a new member to the cluster.

Offline: The member is disconnected. It takes approximately 1.5 minutes after the link goes down for this status to appear.

VES Switch CLI Reference Guide

Page 49

Chapter 12 Cluster Commands

This example logs in to the CLI of member 00:13:49:00:00:01, looks at the current firmware version on the member switch, logs out of the member’s CLI, and returns to the CLI of the manager.

sysname# configure sysname(config)# cluster rcommand 00:13:49:00:00:01 Connected to 127.0.0.2 Escape character is '^]'.

User name: admin

sysname# show system

System Name : VES-1616FB-35 System Contact : System Location : Ethernet Address : 00:19:cb:d7:e8:7f ZyNOS F/W Version : V360AYW0B3 | 09/17/2008 RomRasSize : 3683034 System up Time : 26:55:20 (93e369 ticks) Bootbase Version : V1.06 | 07/25/2008 VES-1616FB-35# exit Telnet session with remote host terminated.

Closed sysname(config)#

This example looks at the current status of the Switch’s cluster.

sysname# show cluster Cluster Status: Manager VID: 1 Manager: 00:13:49:ae:fb:7a

The following table describes the labels in this screen.

Table 39 show cluster

LABEL DESCRIPTION

Cluster Status This field displays the role of this Switch within the cluster.

Manager: This Switch is the device through which you manage the cluster member switches.

Member: This Switch is managed by the specified manager. None: This Switch is not in a cluster.

VID This field displays the VLAN ID used by the cluster.

Manager This field displays the cluster manager’s MAC address.

VES Switch CLI Reference Guide

Page 50

Date and Time Commands

Use these commands to configure the date and time on the Switch.

13.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 40 time User-input Values

COMMAND DESCRIPTION

week

day

month

o’clock

Possible values (daylight-saving-time commands only): first, second, third, fourth, last.

Possible values (daylight-saving-time commands only): Sunday, Monday,

Tuesday, ....

Possible values (daylight-saving-time commands only): January, February,

March, ....

Possible values (daylight-saving-time commands only): 0-23

CHAPTER 13

The following section lists the commands for this feature.

Table 41 time Command Summary

COMMAND DESCRIPTION M P

show time

time <hour:min:sec>

time date <month/day/year>

time timezone <-1200|...|1200>

time daylight-saving-time

Displays current system time and date. E 13

Sets the current time on the Switch.

hour: 0~23, min: 0~59, sec: 0~59

An example, 10:27:30, means the time is at 10 o’clock 27 minutes and 30 seconds.

Note: If you configure Daylight Saving Time after

you configure the time, the Switch will apply Daylight Saving Time.

Sets the current date on the Switch.

month: 1~12, day: 1~31, year: 1970~2037

An example, 3/20/2008, means the date is in March 20th, 2008.

Selects the time difference between UTC (formerly known as GMT) and your time zone.

Enables daylight saving time. The current time is updated if daylight saving time has started.

C13

VES Switch CLI Reference Guide

Page 51

Chapter 13 Date and Time Commands

Table 41 time Command Summary (continued)

COMMAND DESCRIPTION M P

time daylight-saving-time startdate <

week> <day> <month> <o’clock>

time daylight-saving-time enddate <week> <day> <month> <o’clock>

no time daylight-saving-time

time daylight-saving-time help

show time daylight-saving-time

time help

Sets the day and time when Daylight Saving Time starts.

In most parts of the United States, Daylight Saving Time starts on the second Sunday of March at 2 A.M. local time. In the European Union, Daylight Saving Time starts on the last Sunday of March at 1 A.M. GMT or UTC, so the o’clock field depends on your time zone.

Sets the day and time when Daylight Saving Time ends.

In most parts of the United States, Daylight Saving Time ends on the first Sunday of November at 2 A.M. local time. In the European Union, Daylight Saving Time ends on the last Sunday of October at 1 A.M. GMT or UTC, so the o’clock field depends on your time zone.

Disables daylight saving on the Switch. C 13

Provides more information about the specified command.

Shows the schedule for daylight saving. E 3

Provides more information about the specified command.

C13

Table 42 timesync Command Summary

COMMAND DESCRIPTION M P

show timesync

timesync server <ip-address>

timesync <daytime|time|ntp>

no timesync

Displays time server information. E 13

Sets the IP address of your time server. The Switch synchronizes with the time server in the following situations:

• When the Switch starts up.

• Every 24 hours after the Switch starts up.

• When the time server IP address or protocol is updated.

Sets the time server protocol. You have to configure a time server before you can specify the protocol.

Disables timeserver settings. C 13

C13

VES Switch CLI Reference Guide

Page 52

Chapter 13 Date and Time Commands

13.2 Command Examples

This example sets the current date, current time, time zone, and daylight savings time.

sysname# configure sysname(config)# time date 06/04/2007 sysname(config)# time timezone -600 sysname(config)# time daylight-saving-time sysname(config)# time daylight-saving-time start-date second Sunday

--> March 2 sysname(config)# time daylight-saving-time end-date first Sunday

--> November 2 sysname(config)# time 13:24:00 sysname(config)# exit sysname# show time Current Time 13:24:03 (UTC-05:00 DST) Current Date 2007-06-04

This example looks at the current time server settings.

sysname# show timesync

Time Configuration

----------------------------Time Zone :UTC 0 Time Sync Mode :USE_DAYTIME Time Server IP Address:172.1.1.2

The following table describes the labels in this screen.

Table 43 show timesync

LABEL DESCRIPTION

Time Zone This field displays the time zone.

Time Sync Mode This field displays the time server protocol the Switch uses. It displays NO_TIMESERVICE if

Time Server IP Address This field displays the IP address of the time server.

the time server is disabled.

VES Switch CLI Reference Guide

Page 53

DHCP Commands

Use these commands to configure the DHCP features on the Switch.

14.1 Command Summary

The following section lists the commands for this feature.

Table 44 dhcp Command Summary

COMMAND DESCRIPTION M P

show dhcp

dhcp mode <0|1>

dhcp-relay <relay|agent>

CHAPTER 14

Displays DHCP settings on the Switch. E 13

Specifies the DHCP role of the Switch.

0: The Switch is a DHCP server.

1: The Switch is a DHCP relay.

Specifies the DHCP role of the Switch.

relay: Sets the Switch to be a DHCP relay.

agent: Sets the Switch to be a DHCP server.

C13

This section lists the commands for the DHCP relay feature. Note that some commands have a hyphen (dhcp-relay) but some do not (dhcp relay). Make sure which should use on your Switch uses before using the command. You can use a question mark (?) to check the available commands in a mode on your Switch.

Table 45 dhcp relay Command Summary

COMMAND DESCRIPTION M P

dhcp-relay helper-address <remote-dhcp-server1> [<remote-

dhcp-server2 server3

dhcp relay helper-address

remote-dhcp-server1> [<remote-

dhcp-server2 server3

> [remote-dhcp-

]]

> [remote-dhcp-

]]

Sets the IP address of up to 3 DHCP servers. C 13

VES Switch CLI Reference Guide

Page 54

Chapter 14 DHCP Commands

Table 45 dhcp relay Command Summary (continued)

COMMAND DESCRIPTION M P

dhcp relay <vlan-id> helperaddress <remote-dhcp-server1>

Enables DHCP relay and configures the settings on the specified VLAN.

C13

[<remote-dhcp-server2>] [<remote-dhcp-server3>] [circuit-id] [circuitID-type <userdefine|hostname|system>][circu itID-information

Note: You must enter an existing VLAN ID with

corresponding IP interface. You can create VLAN IDs using the vlan <

vlan-id> command,

and create an IP interface in the VLAN setting by using ip address <ip-addr> <ip mask>.

<information>][circuitID-userdefine <format>][remoteid][remoteID-type <portname|system|all|userdefine>][remoteID-information <information>][remoteID-userdefine <format>][swap-circuitremote-id][spv-option <private|sp|pv|sv|spv>][delimi ter <none|#|;|.|comma|/ |space>][remoteID-delimiter <character>][linecharenable][linechar-mode <rate|full>]

remote-dhcp-server: Type the IP address of a remote DHCP server.

circuit-id: Have the Switch add the configured circuit ID string to client DHCP requests.

circuitID-type: Set the kind of circuit ID string the Switch adds to client DHCP requests: a string according to a userdefined format, the host name, or the system name.

circuitID-information <information>: Type a string (for example, system name) that the Switch adds to client DHCP requests.

circuitID-user-define <format>

63 ASCII characters that the Switch adds to client DHCP requests. See user-define <format> below for the required format.

remote-id: Has the Switch add the configured remote ID information into the client DHCP requests it receives.

remoteID-type: Select what data the Switch adds as remote ID to the client DHCP requests it receives; portname = name of port; system = user configured info string; all = append remote ID by user identifier + port name + port TEL;

user-define = a user-defined string.

remoteID-information <information>: Type up to 32

characters for the remote ID information.

remoteID-user-define <format> 63 ASCII characters for the remote ID information. See userdefine <format> below for the required format.

:Type a string of up to

user-define <format>

defined format can use the following components:

% marks the start of the predefined runtime variable. The rules are:

%%: equals character % %0x00~FF: represents byte value %pname: the name configured for the port %pid: port index %ptel: the telephone number configured for the port %chid: the UNI VLAN ID %slotid: slot index of the logic port %svlan: the SVLAN ID the DHCP client runs on %hname: the host device name %cmac: the client’s MAC address, represented as a Byte.

For example: 00:00:00:01:11:11

%blank: blank character %phtype: Ethernet "eth"

VES Switch CLI Reference Guide

: The circuit-ID or remote-ID user

Page 55

Chapter 14 DHCP Commands

Table 45 dhcp relay Command Summary (continued)

COMMAND DESCRIPTION M P

Continued:

swap-circuit-remote-id: Has the Switch add information (slot number, port number, and VLAN ID) and the circuit ID and remote ID sub-option but switch their positions in client DHCP requests that it relays to a DHCP server.

spv-option: Select the information the Switch generates and adds into the DHCP relay option 82 circuit ID sub-option for DHCP requests.

• private: has the Switch use the DHCP relay option 82 old format (slot-port-VLAN) in binary.

• sp: slot-port in ASCII code.

• pv: port-VLAN in ASCII code.

• sv: slot-VLAN in ASCII code.

• spv: slot-port-VLAN in ASCII code.

The Switch uses a zero for the slot value in the DHCP requests.

delimiter: Select a delimiter to separate the slot ID, port number, and/or VLAN ID from each other. You can use a pound key (#), semi-colon (;), period (.), comma (,), forward slash (/) or space. Use none to not use any delimiter.

remoteID-delimiter

the remote ID to separate portname or telephone or user string.

<character>: Sets the delimiter for

linechar-enable: Includes additional option 82

information about the line in the DHCP packets for the specified VLAN.

linechar-mode <rate|full>]: Sets how much additional option 82 line information to include in the DHCP packets.

• rate: Include only the actual bit rate information of the DHCP packet.

• full: Include the full line characteristics information of the DHCP packet. This includes the circuit ID, remote ID, vendor specifications, actual data upstream/ downstream, and access loop encapsulation.

VES Switch CLI Reference Guide

Page 56

Chapter 14 DHCP Commands

Table 45 dhcp relay Command Summary (continued)

COMMAND DESCRIPTION M P

dhcp relay <vlan-id> helperaddress <

remote-dhcp-server1>

Enables DHCP relay and configures the settings on the specified VLAN.

C13

[remote-dhcp-server2] [remote-

dhcp-server3

][circuit-id] [circuitID-type <hostname|system>][circuitIDinformation

information>][remote-

Note: You must enter an existing VLAN ID with

corresponding IP interface. You can create VLAN IDs using the vlan <

vlan-id> command,

and create an IP interface in the VLAN setting by using ip address <ip-addr> <ip mask >.

id][remoteID-type <portname|system|all>][remoteI D-information

information>][swap-circuit-

< remote-id][spv-option <private|sp|pv|sv|spv>][delimi ter <none|#|;|.|comma|/ |space>][remoteID-delimiter

character>]

remote-dhcp-server: Type the IP address of a remote DHCP server.

circuit-id: Have the Switch add the configured circuit ID string to client DHCP requests.

circuitID-type: Set the Switch to add the circuit ID string to client DHCP requests as a host name or as a system name.

circuitID-information: Type a string (for example, system name) that the Switch adds to client DHCP requests.

remote-id: Has the Switch add the configured remote ID information into the client DHCP requests it receives.

remoteID-type: Select what data the Switch adds as remote ID to the client DHCP requests it receives; portname = name of port; system=user configured info string; all=append remote ID by user identifier + port name + port TEL.

remoteID-information: Type up to 32 characters for the remote ID information.

swap-circuit-remote-id: Has the Switch add information (slot number, port number and VLAN ID) and the Circuit ID and Remote ID sub-option but switch their positions in client DHCP requests that it relays to a DHCP server.

spv-option: Select the information the Switch generates and adds into the DHCP relay option 82 Circuit ID sub-option for DHCP requests.

• private: has the Switch use the DHCP relay option 82 old format (slot-port-VLAN) in binary.

• sp: slot-port in ASCII code.

• pv: port-VLAN in ASCII code.

• sv: slot-VLAN in ASCII code.

• spv: slot-port-VLAN in ASCII code.

The Switch uses a zero for the slot value in the DHCP requests.

remote-id: Type a string that the Switch adds into the client DHCP requests. Spaces are allowed.

delimiter: Select a delimiter to separate the slot ID, port number and/or VLAN ID from each other. You can use a pound key (#), semi-colon (;), period (.), comma (,), forward slash (/) or space. Use none to not use any delimiter.

VES Switch CLI Reference Guide

Page 57

Chapter 14 DHCP Commands

Table 45 dhcp relay Command Summary (continued)

COMMAND DESCRIPTION M P

Continued:

remoteID-delimiter: Select a delimiter to separate the slot ID, port number and/or VLAN ID from each other. You can use a pound key (#), semi-colon (;), period (.), comma (,), forward slash (/) or space. Use none to not use any delimiter.

no dhcp relay <vlan-id> swapcircuit-remote-id

no dhcp-relay helper-address

no dhcp-relay

no dhcp relay

dhcp relay information <string>

dhcp-relay information

no dhcp-relay information

no dhcp relay information

dhcp-relay option

dhcp relay option

no dhcp-relay option

no dhcp relay option

dhcp-relay <relay|agent>

dhcp-relay remote-id

no dhcp-relay remote-id

dhcp-relay remoteIDinformation <

information

remoteid-

dhcp relay <vlan-id>

no dhcp relay <vlan-id>

show dhcp dhcp-relay

show dhcp relay <vlan-id>

show dhcp relay all

Disables the per-VLAN feature of swapping the circuit ID and Remote ID positions.

Resets all DHCP server IP addresses that you configured to

0.0.0.0.

Disables the DHCP relay function. C 13

Sets the Switch to add the specified string to client DHCP requests that it relays to a DHCP server.

<string>: 1-30 English keyboard characters.

Sets the Switch to add the system name to client DHCP requests that it relays to a DHCP server.

Clears the specified string or the system name that the Switch adds to client DHCP requests.

Clears the specified string that the Switch adds to client DHCP requests.

Sets the Switch to add Option 82 information (slot number, port number, and VLAN ID) to DHCP requests that it relays to a DHCP server.

Sets to not append the system name to the option 82 information field in client DHCP requests.

Enables the Switch as a DHCP relay agent on the specified VLAN.

Sets the Switch to add additional information (configured using the dhcp-relay remoteID-information command) to client DHCP requests that it relays to a DHCP server.

Clears the specified remote ID information that the Switch adds to client DHCP requests.

Sets the Switch to add the specified string as remote ID information to client DHCP requests that it relays to a DHCP server.

Enables the Switch as a DHCP relay agent on the specified VLAN.

Deletes DHCP relay on the specified VLAN. C 13

Displays the DHCP relay settings that are applied to the whole system.

Displays the DHCP relay settings on the specified VLAN. E 13

Displays DHCP relay settings on all VLANs. E 13

C13

E13

VES Switch CLI Reference Guide

Page 58

Chapter 14 DHCP Commands

Table 45 dhcp relay Command Summary (continued)

COMMAND DESCRIPTION M P

no dhcp relay <vlan-id> information

no dhcp relay <vlan-id> option

no dhcp relay <vlan-id> remoteid

dhcp relay-broadcast

no dhcp relay-broadcast

interface port-channel <port-

telephone <port-

list>

telephone-number>

Clears the specified string that the Switch adds to client DHCP requests on the specified VLAN.

Sets to not append the system name to the option 82 information field in client DHCP requests on the specified VLAN.

Clears the specified remote ID information that the Switch adds to client DHCP requests on the specified VLAN.

Enables the DHCP relay broadcast function. C 13

Disables the DHCP relay broadcast function. C 13

Sets a telephone number for the specified port. The DHCP remote ID type "Append Remote ID by user identifier + port name + port TEL" and DHCP snooping remote ID type "all" use this telephone number.

C13

Table 46 dhcp server Command Summary

COMMAND DESCRIPTION M P

dhcp server starting-address <ip> <mask> size-of-client-ippool <1~253> [default-gateway

ip-address>] [primary-dns <ip-

address address

>] [secondary-dns <ip- >]

no dhcp server

no dhcp server default-gateway

no dhcp server primary-dns

no dhcp server secondary-dns

Configures the Switch as a DHCP server and configures the range of IP addresses the Switch can assign to DHCP clients. Optionally, specifies the default gateway and DNS server(s) provided to DHCP clients as well.

Disables the DHCP server in the Switch. C 13

Clears the default gateway setting. C 13

Clears the primary DNS server setting. C 13

Clears the secondary DNS server setting. C 13

C13

Use the dhcp smart-relay commands to configure DHCP relay for all broadcast domains.

Table 47 dhcp smart-relay Command Summary

COMMAND DESCRIPTION M P

show dhcp smart-relay

no dhcp smart-relay

dhcp smart-relay

Displays global DHCP relay settings. E 13

Disables global DHCP relay on the Switch. C 13

Enables global DHCP relay on the Switch. The Switch forwards all DHCP requests to the same DHCP server.

C13

Note: You can enable one DHCP relay method

(DHCP relay on a VLAN or global DHCP relay) at the same time.

dhcp smart-relay circuitIDtype <userdefine|hostname|system>

Sets whether the Switch uses a string according to a userdefined format, the host name, or the system name for the circuit ID if you choose not to append your own circuit ID.

C13

VES Switch CLI Reference Guide

Page 59

Chapter 14 DHCP Commands

Table 47 dhcp smart-relay Command Summary (continued)

COMMAND DESCRIPTION M P

dhcp smart-relay circuitIDuser-define <format>

dhcp smart-relay helperaddress <

remote-dhcp-server1>

[remote-dhcp-server2] [remote-

dhcp-server3

]

dhcp smart-relay information

no dhcp smart-relay information

dhcp smart-relay linechar

dhcp smart-relay linechar mode <rate|full>

Sets a string of up to 63 ASCII characters to set the format for the circuit ID the Switch adds to client DHCP requests.

<format>: The circuit-ID user defined format can use the following components:

% marks the start of the predefined runtime variable. The rules are:

For example: 00:00:00:01:11:11

%blank: blank character %phtype: Ethernet "eth"

Sets the global DHCP relay settings.

remote-dhcp-server: Type the IP address of a remote DHCP server.

Sets the Switch to add the system name to client DHCP requests that it relays to a DHCP server.

Stops the Switch from adding the system name to client DHCP requests.

Enables DHCP relay agent and includes additional option 82 information in the DHCP packets.

Sets how many line characteristics to include.

rate: Includes only the upstream and downstream actual data rates.

C13

no dhcp smart-relay linechar

dhcp smart-relay option

no dhcp smart-relay option

dhcp smart-relay optioninformation <string>

dhcp smart-relay remote-id

VES Switch CLI Reference Guide

full: Also includes the upstream and downstream minimum data rates, upstream and downstream attainable data rates, upstream and downstream maximum data rates, upstream and downstream minimum data rates for the low power state, upstream and downstream maximum interleaving delay, upstream and downstream actual interleaving delay, and access loop encapsulation.

Disables the line characteristic feature, in which DHCP relay agent is enabled and additional option 82 information is included in the DHCP packets.

Sets the Switch to add Option 82 information (slot number, port number, and VLAN ID) to DHCP requests that it relays to a DHCP server.

Has the Switch not add Option 82 information to DHCP requests.

Sets the Switch to add the specified string to client DHCP requests that it relays to a DHCP server.

Sets the Switch to add information configured using the dhcp smart-relay remoteID-information command to client DHCP requests that it relays to a DHCP server.

C13

Page 60

Chapter 14 DHCP Commands

Table 47 dhcp smart-relay Command Summary (continued)

COMMAND DESCRIPTION M P

dhcp smart-relay remoteID-type <portname|system|all|userdefine>

dhcp smart-relay remoteIDuser-define <format>

no dhcp smart-relay remote-id

dhcp smart-relay delim <none|#|;|.|comma|/|space>

dhcp smart-relay remoteIDdelim <

character>

dhcp smart-relay remoteIDinformation <

information

remoteid-

dhcp smart-relay remoteID-type <portname|system|all>

dhcp smart-relay spv-option <private|sp|pv|sv|spv>

dhcp smart-relay swap-circuitremote-id

no dhcp smart-relay swapcircuit-remote-id

Select what data the Switch adds as remote ID to the client DHCP requests it receives: portname = name of port ; system = user configured info string; all = append remote ID by user identifier + port name + port TEL; or user-define = a user-defined string.

Sets a string of up to 63 ASCII characters to set the format for the remote ID information.

<format>: The remote-ID user defined format can use the following components:

% marks the start of the predefined runtime variable. The rules are:

For example: 00:00:00:01:11:11

%blank: blank character %phtype: Ethernet "eth"

Stops the Switch from adding information configured using the dhcp smart-relay remoteID-information command to client DHCP requests.

Set the delimiter in the circuit ID to separate the slot or port or VLAN from the appended information.

Set the delimiter in the remote ID to separate the portname or telephone or user string.

Sets remote ID information which you want the Switch to add to client DHCP requests that it relays to a DHCP server.

remoteid-information: Type up to 15 characters for the remote ID information.

Select what data the Switch adds as remote ID to the client DHCP requests it receives; portname = name of port; system = user configured info string; all = append remote ID by user identifier + port name + port TEL.

Select the circuit ID format.

• private: slot-port-VLAN in binary format.

• sp: slot-port in string format.

• pv: port-VLAN in string format.

• sv: slot-VLAN in string format.

• spv: slot-port-VLAN in string format.

Has the Switch add information (slot number, port number and VLAN ID) and the Circuit ID and Remote ID sub-option but switch their positions in client DHCP requests that it relays to a DHCP server.

Disables the feature of swapping the circuit ID and Remote ID positions.

C13

VES Switch CLI Reference Guide

Page 61

Chapter 14 DHCP Commands

14.2 Command Examples

This example configures the Switch to relay DHCP requests to 192.168.10.1 and to add the system name

sysname to the requests.

sysname# configure sysname(config)# dhcp agent sysname(config)# dhcp-relay helper-address 192.168.10.1 sysname(config)# dhcp-relay information sysname sysname(config)# exit

sysname# configure sysname(config)# dhcp mode 1 sysname(config)# dhcp relay helper-address 192.168.10.1 sysname(config)# dhcp relay information sysname sysname(config)# exit

This example configures the Switch as a DHCP server that can assign IP addresses

192.168.1.32~192.168.1.63.

sysname# configure sysname(config)# dhcp server starting-address 192.168.1.32 255.255.255.0

--> size-of-client-ip-pool 32 sysname(config)# exit

This example configures the following global DHCP relay settings on the Switch.

• Enables globally DHCP relay.

• Forward all DHCP requests to 192.168.10.1.

• Add the system name sysname to the DHCP requests.

• Add remote ID information ABC to the DHCP requests.

• Displays all global DHCP relay settings.

sysname# configure sysname(config)# dhcp smart-relay sysname(config)# dhcp smart-relay helper-address 192.168.10.1 sysname(config)# dhcp smart-relay information sysname sysname(config)# dhcp smart-relay remoteID-information ABC sysname(config)# dhcp smart-relay remote-id sysname(config)# exit sysname# show dhcp smart-relay DHCP Relay Agent Configuration Active: Yes Remote DHCP Server 1:192.168.10.1 Remote DHCP Server 2: 0.0.0.0 Remote DHCP Server 3: 0.0.0.0 Option82: Disable Option82Inf: Enable: Remote ID: Enable RemoteIDInf: ABC

VES Switch CLI Reference Guide

Page 62

DHCP Snooping and DHCP

VLAN Commands

Use the dhcp snooping commands to configure the DHCP snooping on the Switch and the dhcp vlan commands to specify a DHCP VLAN on your network. DHCP snooping filters unauthorized DHCP packets on the network and builds the binding table dynamically.

15.1 Command Summary

The following section lists the commands for this feature.

Table 48 dhcp snooping Command Summary

COMMAND DESCRIPTION M P

show dhcp snooping

show dhcp snooping binding

show dhcp snooping circuit-iduser-define

show dhcp snooping circuit-iduser-define vlan <vlan-list>

show dhcp snooping database

show dhcp snooping database detail

show dhcp snooping remote-idinfo <cr>

show dhcp snooping remote-idinfo vlan <vlan-list>

show dhcp snooping remote-iduser-define

show dhcp snooping remote-iduser-define vlan <vlan-list>

dhcp snooping

no dhcp snooping

dhcp snooping vlan <vlan-list> circuit-id-type <none|hostname|user-define>

no dhcp snooping vlan <vlan- list> circuit-id-type

CHAPTER 15

Displays DHCP snooping configuration on the Switch. E 3

Displays the DHCP binding table. E 3

Displays all DHCP snooping circuit ID user-define configuration.

Displays the DHCP snooping circuit ID user-define configuration for the specified VLAN.

Displays DHCP snooping database update statistics and settings.

Displays DHCP snooping database update statistics in full detail form.

Displays per-VLAN DHCP snooping remote ID configuration. E 3

Displays DHCP snooping remote ID configuration for the specified VLAN.

Displays all DHCP snooping remote ID user-define configuration.

Displays the DHCP snooping remote ID user-define configuration for the specified VLAN.

Enables DHCP Snooping on the Switch. C 13

Disables DHCP Snooping on the Switch. C 13

Sets whether the Switch uses nothing, a host name, or a userdefined string for the circuit ID if you choose not to append your own circuit ID.

Removes the setting for what the Switch uses for the circuit ID if you choose not to append your own circuit ID.

E13

C13

VES Switch CLI Reference Guide

Page 63

Chapter 15 DHCP Snooping and DHCP VLAN Commands

Table 48 dhcp snooping Command Summary (continued)

COMMAND DESCRIPTION M P

dhcp snooping vlan <vlan-list> circuit-id-user-define <format>

no dhcp snooping vlan <vlan- list> circuit-id-user-define

dhcp snooping database <tftp://

host/filename

no dhcp snooping database

dhcp snooping database timeout <seconds>

no dhcp snooping database timeout

dhcp snooping database writedelay <seconds>

no dhcp snooping database write-delay <seconds>

dhcp snooping vlan <vlan-list>

no dhcp snooping vlan <vlan-

list

dhcp snooping vlan <vlan-list> delimiter <none|#|;|.|comma|/

Sets a string of up to 63 ASCII characters to set the format for the circuit ID the Switch adds to client DHCP requests.

<format>: The circuit-ID user defined format can use the following components:

% marks the start of the predefined runtime variable. The rules are:

For example: 00:00:00:01:11:11

%blank: blank character %phtype: Ethernet "eth"

Removes the user defined string that sets the format for the circuit ID the Switch adds to client DHCP requests.

Specifies the location of the DHCP snooping database. The location should be expressed like this: tftp://{domain name or IP address}/directory, if applicable/file name; for example, tftp://192.168.10.1/database.txt.

Removes the location of the DHCP snooping database. C 13

Specifies how long (10-65535 seconds) the Switch tries to complete a specific update in the DHCP snooping database before it gives up.

Resets how long (10-65535 seconds) the Switch tries to complete a specific update in the DHCP snooping database before it gives up to the default value (300).

Specifies how long (10-65535 seconds) the Switch waits to update the DHCP snooping database the first time the current bindings change after an update.

Resets how long (10-65535 seconds) the Switch waits to update the DHCP snooping database the first time the current bindings change after an update to the default value (300).

Specifies the VLAN IDs for VLANs you want to enable DHCP snooping on.

Specifies the VLAN IDs for VLANs you want to disable DHCP snooping on.

Set the per-VLAN delimiter for the circuit ID to separate the slot or port or VLAN from the appended information.

C13

|space>

no dhcp snooping vlan <vlan-

list>

delimiter

dhcp snooping vlan <vlan-list> linechar

no dhcp snooping vlan <vlan-

Resets the circuit ID delimiter of DHCP snooping on the specified VLAN.

Enables DHCP relay agent and includes additional option 82 information in the DHCP packets.

Disables line characteristic. C 13

C13

list> linechar

VES Switch CLI Reference Guide

Page 64

Chapter 15 DHCP Snooping and DHCP VLAN Commands

Table 48 dhcp snooping Command Summary (continued)

COMMAND DESCRIPTION M P

dhcp snooping vlan <vlan-list> linechar-mode <rate|full>

dhcp snooping vlan <vlan-list> remote-id-delim

Sets how many line characteristics to include.

rate: include only the upstream and downstream actual data rates.

full: also include the upstream and downstream minimum data rates, upstream and downstream attainable data rates, upstream and downstream maximum data rates, upstream and downstream minimum data rates for the low power state, upstream and downstream maximum interleaving delay, upstream and downstream actual interleaving delay, and access loop encapsulation.

Set the per-VLAN delimiter in the remote ID to separate the portname or telephone or user string.

C13

<none|#|;|.|comma|/|space>

no dhcp snooping vlan <vlanlist> remote-id-delim

dhcp snooping vlan <vlan-list> remote-id-info <

information

remoteid-

no dhcp snooping vlan <vlan-

list>

remote-id-info

dhcp snooping vlan <vlan-list> remote-id-type <portname|system|all>

dhcp snooping vlan <vlan-list> remote-id-type <portname|system|all|userdefine>

dhcp snooping vlan <vlan-list> remote-id-user-define <format>

no dhcp snooping vlan <vlan- list> remote-id-user-define

no dhcp snooping vlan <vlan-

remote-id-type

list>

Resets the remote ID delimiter of DHCP snooping on the specified VLAN.

Set the per-VLAN remote ID information the Switch adds to client DHCP requests it relays to a DHCP server.

Resets the remote ID user string of DHCP snooping on the specified VLAN.

Select what data the Switch adds as remote ID to the client DHCP requests it receives on the VLAN; portname = name of port; system=user configured info string; all=append remote ID by user identifier + port name + port TEL.

Select what data the Switch adds as remote ID to the client DHCP requests it receives on the VLAN; portname = name of port; system = user configured info string; all = append remote ID by user identifier + port name + port TEL; user- define = a user-defined string.

Sets a string of up to 63 ASCII characters to set the format for the remote ID information.

<format>: The remote-ID user defined format can use the following components:

% marks the start of the predefined runtime variable. The rules are:

For example: 00:00:00:01:11:11

%blank: blank character %phtype: Ethernet "eth"

Removes the user defined string that sets the format for the remote ID information for the specified VLANs.

Resets the remote ID format of DHCP snooping on the specified VLAN.

C13

VES Switch CLI Reference Guide

Page 65

Chapter 15 DHCP Snooping and DHCP VLAN Commands

Table 48 dhcp snooping Command Summary (continued)

COMMAND DESCRIPTION M P

dhcp snooping vlan

<vlan-list>

spv-option <private|sp|pv|sv|spv>

no dhcp snooping vlan <vlan-

spv-option

list>

dhcp snooping vlan <vlan-list> information

no dhcp snooping vlan <vlan-

> information

list

dhcp snooping vlan <vlan-list> option

no dhcp snooping vlan <vlan-

list

> option

clear dhcp snooping database statistics

renew dhcp snooping database

renew dhcp snooping database <tftp://host/filename>

interface port-channel <port-

list

force-agent-information <force|transparent>

dhcp snooping trust

dhcp snooping limit rate

pps>

no dhcp snooping trust

no dhcp snooping limit

Select the circuit ID format the Switch uses for this VLAN.

• private: slot-port-VLAN in binary format.

• sp: slot-port in string format.

• pv: port-VLAN in string format.

• sv: slot-VLAN in string format.

• spv: slot-port-VLAN in string format.

Resets the circuit ID slot-port-vlan format of DHCP snooping on the specified VLAN.

Sets the Switch to add the system name to DHCP requests that it broadcasts to the DHCP VLAN, if specified, or VLAN.

Sets the Switch to not add the system name to DHCP requests that it broadcasts to the DHCP VLAN, if specified, or VLAN.

Sets the Switch to add the slot number, port number and VLAN ID to DHCP requests that it broadcasts to the DHCP VLAN, if specified, or VLAN.

Sets the Switch to not add the slot number, port number and VLAN ID to DHCP requests that it broadcasts to the DHCP VLAN, if specified, or VLAN.

Delete all statistics records of DHCP requests going through the Switch.

Loads dynamic bindings from the default DHCP snooping database.

Loads dynamic bindings from the specified DHCP snooping database.

Enables a port or a list of ports for configuration. C 13

Per-port option that indicates if incoming DHCP packets already have option 82, the Switch will replace it (force) or keep it unchanged (transparent).

Sets this port as a trusted DHCP snooping port. Trusted ports are connected to DHCP servers or other switches, and the Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high.

Sets the maximum rate in packets per second (pps) that DHCP packets are allowed to arrive at a trusted DHCP snooping port.

Disables this port from being a trusted port for DHCP snooping.

Resets the DHCP snooping rate to the default (0). C 13

C13

E13

C13

rate

The following table describes the dhcp-vlan commands.

Table 49 dhcp-vlan Command Summary

COMMAND DESCRIPTION M P

dhcp dhcp-vlan <vlan-id>

no dhcp dhcp-vlan

Specifies the VLAN ID of the DHCP VLAN. C 13

Disables DHCP VLAN on the Switch. C 13

VES Switch CLI Reference Guide

Page 66

Chapter 15 DHCP Snooping and DHCP VLAN Commands

15.2 Command Examples

This example:

• Enables DHCP snooping on the Switch.

• Sets up an external DHCP snooping database on a network server with IP address 172.16.3.17.

• Enables DHCP snooping on VLANs 1,2,3,200 and 300.

• Sets the Switch to add the slot number, port number and VLAN ID to DHCP requests that it broadcasts to the DHCP VLAN.

• Sets ports 1 - 5 as DHCP snooping trusted ports.

• Sets the maximum number of DHCP packets that can be received on ports 1 - 5 to 100 packets per second.

• Configures a DHCP VLAN with a VLAN ID 300.

•Displays DHCP snooping configuration details.

sysname(config)# dhcp snooping sysname(config)# dhcp snooping database tftp://172.16.3.17/snoopdata.txt sysname(config)# dhcp snooping vlan 1,2,3,200,300 sysname(config)# dhcp snooping vlan 1,2,3,200,300 option sysname(config)# interface port-channel 1-5 sysname(config-interface)# dhcp snooping trust sysname(config-interface)# dhcp snooping limit rate 100 sysname(config-interface)# exit sysname(config)# dhcp dhcp-vlan 300 sysname(config)# exit sysname# show dhcp snooping Switch DHCP snooping is enabled DHCP Snooping is configured on the following VLANs: 1-3,200,300 Option 82 is configured on the following VLANs: 1-3,200,300 Appending system name is configured on the following VLANs:

DHCP VLAN is disabled Interface Trusted Rate Limit (pps)

--------- ------- --------------- 1 yes 1000 2 yes 1000 3 yes 1000 4 yes 1000 5 yes 1000 6 no unlimited 7 no unlimited 8 no unlimited 9 no unlimited 10 no unlimited 11 no unlimited 12 no unlimited 13 no unlimited 14 no unlimited 15 no unlimited 16 no unlimited 17 no unlimited 18 no unlimited sysname#

VES Switch CLI Reference Guide

Page 67

DHCPv6 Relay Commands

Use the dhcpv6 relay commands to add information to client DHCPv6 requests from different VLANs before forwarding the requests to the DHCPv6 server. This information helps in authenticating the source of the requests. You can also specify additional information for the system to add to the DHCPv6 requests that it relays to the DHCPv6 server.

16.1 Command Summary

This section lists the commands for this feature.

Table 50 dhcpv6 relay Command Summary

COMMAND DESCRIPTION M P

dhcpv6 relay <1-4094>

no dhcpv6 relay <1-4094>

dhcpv6 relay <1-4094> exit

dhcpv6 relay <1-4094> ldra

dhcpv6 relay <1-4094> ldra client-facing <port-list>

dhcpv6 relay <1-4094> ldra forbidden <port-list>

dhcpv6 relay <1-4094> ldra network-facing <port-list>

dhcpv6 relay <1-4094> ldra untrust client-facing <port-

list>

dhcpv6 relay <1-4094> no ldra

dhcpv6 relay <1-4094> no ldra untrust client-facing

CHAPTER 16

Enters the “config-dhcpv6-relay” config mode for the specified VLAN. Creates a DHCPv6 relay for the specified VLAN if one does not already exist.

Removes the DHCPv6 LDRA setting for the specified VLAN-ID on the Switch.

Leave the “config-dhcpv6-relay” config mode. C 13

Enables Lightweight DHCPv6 Relay Agent (LDRA) for this VLAN. LDRA adds information (such as this system’s host name and subscriber port from which the request was received) to client DHCPv6 requests before forwarding them to the DHCPv6 server.

Set up a LDRA Client-facing interface. It forwards traffic towards the DHCPv6 client. It can be a DSL port or an Ethernet port connected to a subtended (daisy-chained) LDRA-enabled Switch or DSLAM. Use the network-facing role for the uplink port on the subtended Switch or DSLAM

Sets up an LDRA forbidden interface. The Switch will not add any information to the VLAN’s DHCPv6 requests it receives on the specified ports. The Switch drops all DHCPv6 requests for a VLAN if this is set and DHCPv6 LDRA is enabled on the VLAN.

Set up an LDRA network-facing interface. Use the networkfacing role for the Ethernet port you use as the uplink port to connect towards the DHCPv6 server.

Set up an LDRA untrusted client-facing interface. Use this for a client-facing interface you deem untrusted to have the Switch discard RELAY-FORW (12) type messages.

Disables LDRA for this VLAN. C 13

Clears all un-trusted client-facing settings for this VLAN. C 13

C13

VES Switch CLI Reference Guide

Page 68

Chapter 16 DHCPv6 Relay Commands

Table 50 dhcpv6 relay Command Summary (continued)

COMMAND DESCRIPTION M P

dhcpv6 relay <1-4094> no ldra

Removes an LDRA untrusted client-facing interface. C 13

untrust client-facing <portlist>

dhcpv6 relay <1-4094> no

Deletes all LDRA related options for this VLAN. C 13

option

dhcpv6 relay <1-4094> no option interface-id

dhcpv6 relay <1-4094> no

Disables the LDRA interface ID (option 18) option for this VLAN.

Disables the LDRA remote ID (option 37) option for this VLAN. C 13

C13

option remote-id

dhcpv6 relay <1-4094> option

Enable interface-ID option in this VLAN. C 13

interface-id

dhcpv6 relay <1-4094> option interface-id <format>

Set a <format> string for relay agent option 18 (interface-ID) for appending to outgoing DHCPv6 packets forwarded from the specified VLAN.

Use the ‘%’ character as the beginning of predefined runtime variables as described bellow:

 %%: equals character %

C13

dhcpv6 relay <1-4094> option remote-id

%0x00~%0xFF: represents bye value

%pname: the name configured for the port

%pid: port index

%svlan: SVLAN ID that the DHCP server runs on.

%hname: host device name

%cmac: MAC address of client represents as Byte string. Ex: 00:00:00:01:11:11

%blank: blank character

 %ptel: telephone number of client-facing interface

Enable remote-ID option in this VLAN C 13

VES Switch CLI Reference Guide

Page 69

Chapter 16 DHCPv6 Relay Commands

Table 50 dhcpv6 relay Command Summary (continued)

COMMAND DESCRIPTION M P

dhcpv6 relay <1-4094> option remote-id

Set a <format> string for relay agent option 37 (remote ID) for appending to outgoing DHCPv6 packets forwarded from the specified VLAN.

Use the ‘%’ character as the beginning of predefined runtime variables as described bellow:

 %%: equals character %

%0x00~%0xFF: represents bye value

%pname: the name configured for the port

%pid: port index

%svlan: SVLAN ID that the DHCP server runs on.

%hname: host device name

%cmac: MAC address of client represents as Byte string. Ex: 00:00:00:01:11:11

 %hname: name of host device

%blank: blank character

C13

show dhcpv6 relay counter <cr>

show dhcpv6 relay counter

<port-list>

clear dhcpv6 relay counter <cr>

clear dhcpv6 relay counter

<port-list>

show dhcpv6 relay ldra <cr>

show dhcpv6 relay ldra <vlan- id>

 %ptel: telephone number of client-facing interface"

Displays all DHCPv6 relay packet counters on the Switch. E 3

Displays DHCPv6 relay packet counters for the specified ports.

Resets all DHCPv6 relay counters on the Switch. E 13

Resets the DHCPv6 relay packet counters for the specified ports.

Displays all LDRA settings on the Switch. E 3

Displays all of the LDRA settings for the specified VLAN-ID on the Switch.

E13

VES Switch CLI Reference Guide

Page 70

DHCPv6 Snooping

Use the dhcpv6 snooping commands to configure an acceptable rate for receiving DHCPv6 packets on each port. A port dropped additional DHCP packets after the receiving rate reaches the configured number.

17.1 Command Summary

This section lists the commands for this feature.

Table 51 dhcpv6 snooping Command Summary

COMMAND DESCRIPTION M P

dhcpv6 snooping

no dhcpv6 snooping

interface port-channel <port- list> dhcpv6 snooping limit rate <pps>

interface port-channel <port- list> no dhcpv6 snooping limit rate

show dhcpv6 snooping <cr>

show dhcpv6 snooping binding

CHAPTER 17

Commands

Enables DHCPv6 snooping on the Switch. C 13

Disables DHCPv6 snooping on the Switch. C 13

Sets a DHCPv6 snooping rate limit in packets per second (pps) for the specified ports on the Switch.

Removes the DHCPv6 snooping rate limit setting for the specified ports on the Switch.

Displays the DHCPv6 snooping settings for all ports on the Switch.

Displays the DHCPv6 binding table. E 3

C13

VES Switch CLI Reference Guide

Page 71

DiffServ Commands

Use these commands to configure Differentiated Services (DiffServ) on the Switch.

18.1 Command Summary

The following section lists the commands for this feature.

Table 52 diffserv Command Summary

COMMAND DESCRIPTION M P

show diffserv

diffserv

no diffserv

diffserv dscp <0~63> priority <0~7>

interface port-channel <port- list>

diffserv

no diffserv

CHAPTER 18

Displays general DiffServ settings. E 13

Enables DiffServ on the Switch. C 13

Disables DiffServ on the Switch. C 13

Sets the DSCP-to-IEEE 802.1q mappings. C 13

Enters config-interface mode for the specified port(s). C 13

Enables DiffServ on the port(s). C 13

Disables DiffServ on the port(s). C 13

VES Switch CLI Reference Guide

Page 72

CHAPTER 19

DoS Prevention Commands

Use these commands to configure DoS Prevention on the Switch.

19.1 Command Summary

The following section lists the commands for this feature.

Table 53 DoS-prevention Command Summary

COMMAND DESCRIPTION M P

DoS-prevention-setting active

DoS-prevention-setting ICMPfragment

DoS-prevention-setting IPaddress-checking

DoS-prevention-setting Macaddress-checking

DoS-prevention-setting TCPcontrol/SN

DoS-prevention-setting TCPFIN/URG/PSH/SN

DoS-prevention-setting TCPfragment

DoS-prevention-setting TCPport

DoS-prevention-setting TCP-SYN

DoS-prevention-setting TCPSYN/FIN

DoS-prevention-setting UDPport

no DoS-prevention-setting

no DoS-prevention-setting active

no DoS-prevention-setting ICMP-fragment

no DoS-prevention-setting IPaddress-checking

no DoS-prevention-setting Macaddress-checking

Enables DoS prevention on the Switch. C 13

Drops any fragmented ICMP packets. C 13

Drops any IP packets whose source IP address and destination IP address are the same.

Drops any packets whose source MAC address and destination MAC address are the same.

Drops the TCP packets whose control (flag) bit and sequence number are 0.

Drops the TCP packets whose FIN (Finish), URG (URGent) and PSH (Push) flags bits and sequence number are 0.

Drops the TCP fragments with a Data Offset of 1. C 13

Drops any TCP packets whose source port and destination port are the same.

Drops any TCP SYN packets whose source port numbers are zero.

Drops the TCP packets that contain both SYN (SYNchronize) and FIN (Finish) flags.

Drops any UDP packets whose source port and destination port are the same.

Returns all DoS prevention settings to the defaults. C 13

Disables DoS prevention on the Switch. C 13

Sets the Switch to not drop the fragmented ICMP packets. C 13

Sets the Switch to not drop the IP packets whose source IP address and destination IP address are the same.

Sets the Switch to not drop the packets whose source MAC address and destination MAC address are the same.

C13

VES Switch CLI Reference Guide

Page 73

Chapter 19 DoS Prevention Commands

Table 53 DoS-prevention Command Summary (continued)

COMMAND DESCRIPTION M P

no DoS-prevention-setting TCPcontrol/SN

no DoS-prevention-setting TCPFIN/URG/PSH/SN

no DoS-prevention-setting TCPfragment

no DoS-prevention-setting TCPport

no DoS-prevention-setting TCPSYN

no DoS-prevention-setting TCPSYN/FIN

no DoS-prevention-setting UDPport

show DoS-prevention-setting

Sets the Switch to not drop the TCP packets whose control (flag) bit and sequence number are 0.

Sets the Switch to not drop the TCP packets whose FIN (Finish), URG (URGent) and PSH (Push) flags bits and sequence number are 0.

Sets the Switch to not drop the TCP fragments with a Data Offset of 1.

Sets the Switch to not drop the TCP packets whose source port and destination port are the same.

Sets the Switch to not drop the TCP SYN packets whose source port numbers are zero.

Sets the Switch to not drop the TCP packets that contain the SYN (SYNchronize) and FIN (Finish) flags.

Sets the Switch to not drop the UDP packets whose source port and destination port are the same.

Displays DoS prevention settings. E 13

C13

VES Switch CLI Reference Guide

Page 74

Error Disable and Recovery

Use these commands to configure the CPU protection and error disable recovery features on the Switch.

20.1 CPU Protection Overview

Switches exchange protocol control packets in a network to get the latest networking information. If a switch receives large numbers of control packets, such as ARP or BPDU packets, which are to be processed by the CPU, the CPU may become overloaded and be unable to handle regular tasks properly.

CHAPTER 20

Commands

The CPU protection feature allows you to limit the rate of ARP and BPDU packets to be delivered to the CPU on a port. This enhances the CPU efficiency and protects against potential DoS attacks or errors from other networks. You then can choose to drop control packets that exceed the specified rate limit or disable a port on which the packets are received.

20.2 Error-Disable Recovery Overview

Some features, such as loop guard or CPU protection, allow the Switch to shut down a port or discard specific packets on a port when an error is detected on the port. For example, if the Switch detects that packets sent out the port(s) loop back to the Switch, the Switch can shut down the port(s) automatically. After that, you need to enable the port(s) or allow the packets on a port manually via the web configurator or the commands. With error-disable recovery, you can set the disabled port(s) to become active or start receiving the packets again after the time interval you specify.

20.3 User Input Values

This section lists the common term definition appears in this chapter.

Table 54 errdisable recovery command user input values

USER INPUT DESCRIPTION

port-list

The port number or a range of port numbers that you want to configure.

VES Switch CLI Reference Guide

Page 75

Chapter 20 Error Disable and Recovery Commands

20.4 Command Summary

The following section lists the commands for this feature.

Table 55 cpu-protection Command Summary

COMMAND DESCRIPTION M P

interface port-channel <portlist>

cpu-protection cause <ARP|BPDU> rate-limit <0256>

cpu-protection cause help

clear cpu-protection interface port-channel <port-list> cause <ARP|BPDU>

reset cpu-protection interface port-channel <port-list> cause <ARP|BPDU>

reset cpu-protection interface port-channel <port-list> cause help

show cpu-protection interface port-channel <port-list>

Enters config-interface mode for the specified port(s). C 13

Sets the maximum number of ARP or BPDU packets that the specified ports are allowed to receive or transmit per second. 0 means no rate limit.

Displays all the possible causes. C 13

Resets the “Total Drop” counters for the specified ports to zero (0). You can see the counter using the show cpu- protection command. The “Total Drops” means the number of ARP, BPDU or IGMP packets that have been dropped due to the Error Disable feature in rate- limitation mode.

Sets the specified ports to handle all ARP or BPDU packets instead of ignoring them, if the port(s) are in inactive- reason mode (set by using the errdisable detect cause command).

Displays all the possible causes. E 0

Shows the CPU Protection settings and the number of ARP or BPDU packets that has been dropped by the Error Disable feature for the specified port(s).

C13

Table 56 errdisable recovery Command Summary

COMMAND DESCRIPTION M P

errdisable detect cause <ARP|BPDU>

errdisable detect cause <ARP|BPDU> mode <inactivereason|rate-limitation>

errdisable detect cause help

errdisable recovery

errdisable recovery cause <ARP|BPDU>

errdisable recovery cause <ARP|BPDU> interval <30-

Sets the Switch to detect if the number of ARP or BPDU packets exceeds the rate limit on port(s) (set by using the cpu-protection cause command).

Sets the action that the Switch takes when the number of ARP, BPDU or IGMP packets exceeds the rate limit on port(s).

inactive-reason: The Switch bypasses the processing of the specified control packets (such as ARP or IGMP packets), or drops all the specified control packets (such as BPDU) on the port.

rate-limitation: The Switch drops the additional control packets the port(s) have to handle in every one second.

Displays all the possible causes. C 13

Turns on the disabled port recovery function on the Switch. C 13

Enables the recovery timer for the specified feature that causes the Switch to shut down port(s).

Sets how many seconds the Switch waits before enabling the ports that were shut down.

C13

2592000>

errdisable recovery cause help

Displays all the possible causes. C 13

VES Switch CLI Reference Guide

Page 76

Chapter 20 Error Disable and Recovery Commands

Table 56 errdisable recovery Command Summary (continued)

COMMAND DESCRIPTION M P

no errdisable detect cause <ARP|BPDU|>

no errdisable recovery

no errdisable recovery cause <ARP|BPDU>

show errdisable

show errdisable detect

show errdisable recovery

Disables the rate limit for ARP or BPDU packets on ports, set by using the cpu-protection cause command.

Turns off the disabled port recovery function on the Switch. C 13

Disables the recovery timer for the specified feature that causes the Switch to shut down a port.

Displays which ports are detected (by Error Disable), the mode of the ports, and the type of packets (ARP or BPDU) detected.

Displays the Error Disable settings including the available protocol of packets (ARP or BPDU), the current status (enabled or disabled), and the corresponding action the Switch takes when a detected port is handling packets over the limit.

Displays the disabled port recovery settings and after how many seconds which port(s) will be activated.

C13

20.5 Command Examples

This example shows you how to configure the following:

• limit the number of ARP packets that port 7 can handle to 100 packets per second.

• set to drop the ARP packets that exceed the rate limit.

• display the CPU protection settings that you just set for port 7.

• display the Error Disable status and action mode for ARP packet handling.

systemname# config systemname(config)# interface port-channel 7 systemname(config-interface)# cpu-protection cause ARP rate-limit 100 systemname(config-interface)# exit systemname(config)# errdisable detect cause ARP systemname(config)# errdisable detect cause ARP mode rate-limit systemname(config)# exit systemname# show cpu-protection interface port-channel 7 Port : 7

Reason Rate Mode Total Drops

------ ------- --------------- ---------- ARP 100 rate-limitation 0 BPDU 0 inactive-reason N/A

systemname# show errdisable detect

Reason Status Mode

------ ------- -------------- ARP enable rate-limitation BPDU disable inactive-reason systemname#

VES Switch CLI Reference Guide

Page 77

Chapter 20 Error Disable and Recovery Commands

This example enables the disabled port recovery function and the recovery timer for the ARP packet handling feature on the Switch. If a port limits the ARP packets rate due to the specified reason, the Switch activates the port 300 seconds (the default value) later. This example also shows the number of the disabled port(s) and the time left before the port(s) becomes active.

sysname# configure sysname(config)# errdisable recovery sysname(config)# errdisable recovery cause ARP sysname(config)# exit sysname# show errdisable recovery Errdisable Recovery Status:Enable

Errdisable Recovery Status:Enable

Reason Timer Status Time

---------- ------------ ------ ARP Enable 300 BPDU Disable 300

Interfaces that will be enabled at the next timeout:

Interface Reason Time left(sec) Mode

--------- ---------- -------------- --------------sysname#

VES Switch CLI Reference Guide

Page 78

CHAPTER 21

Ethernet OAM Commands

Use these commands to use the link monitoring protocol IEEE 802.3ah Link Layer Ethernet OAM (Operations, Administration and Maintenance).

21.1 IEEE 802.3ah Link Layer Ethernet OAM Implementation

Link layer Ethernet OAM (Operations, Administration and Maintenance) as described in IEEE 802.3ah is a link monitoring protocol. It utilizes OAM Protocol Data Units or OAM PDU’s to transmit link status information between directly connected Ethernet devices. Both devices must support IEEE 802.3ah. Because link layer Ethernet OAM operates at layer two of the OSI (Open Systems Interconnection Basic Reference) model, neither IP or SNMP are necessary to monitor or troubleshoot network connection problems.

The Switch supports the following IEEE 802.3ah features:

• Discovery - this identifies the devices on each end of the Ethernet link and their OAM configuration.

• Remote Loopback - this can initiate a loopback test between Ethernet devices.

21.2 Command Summary

The following section lists the commands for this feature.

Table 57 ethernet oam Command Summary

COMMAND DESCRIPTION M P

show ethernet oam discovery <port-list>

show ethernet oam statistics <port-list>

show ethernet oam summary

no ethernet oam

Displays OAM configuration details and operational status of the specified ports.

Displays the number of OAM packets transferred for the specified ports.

Displays the configuration details of each OAM activated port.

Disables Ethernet OAM on the Switch. C 13

VES Switch CLI Reference Guide

Page 79

Chapter 21 Ethernet OAM Commands

21.3 Command Examples

This example performs Ethernet OAM discovery from port 7.

sysname# show ethernet oam discovery 7 Port 7 Local client

----------- OAM configurations: Mode : Active Unidirectional : Not supported Remote loopback : Not supported Link events : Not supported Variable retrieval: Not supported Max. OAMPDU size : 1518

Operational status: Link status : Down Info. revision : 3 Parser state : Forward Discovery state : Active Send Local

The following table describes the labels in this screen.

Table 58 show ethernet oam discovery

LABEL DESCRIPTION

OAM configurations The remote device uses this information to determine what functions are supported.

Mode This field displays the OAM mode. The device in active mode (typically the service

Unidirectional This field indicates whether or not the Switch can send information PDUs to transmit

Remote loopback This field indicates whether or not the Switch can use loopback control PDUs to put the

Link events This field indicates whether or not the Switch can interpret link events, such as link fault

Variable retrieval This field indicates whether or not the Switch can respond to requests for more

Max. OAMPDU size This field displays the maximum size of PDU for receipt and delivery.

Operational status

Link status This field indicates that the link is up or down.

provider's device) controls the device in passive mode (typically the subscriber's device).

Active: The Switch initiates OAM discovery; sends information PDUs; and may send event notification PDUs, variable request/response PDUs, or loopback control PDUs.

Passive: The Switch waits for the remote device to initiate OAM discovery; sends information PDUs; may send event notification PDUs; and may respond to variable request PDUs or loopback control PDUs.

The Switch might not support some types of PDUs, as indicated in the fields below.

fault information when the receive path is non-operational.

remote device into loopback mode.

and dying gasp. Link events are sent in event notification PDUs and indicate when the number of errors in a given interval (time, number of frames, number of symbols, or number of errored frame seconds) exceeds a specified threshold. Organizations may create organization-specific link event TLVs as well.

information, such as requests for Ethernet counters and statistics, about link events.

VES Switch CLI Reference Guide

Page 80

Chapter 21 Ethernet OAM Commands

Table 58 show ethernet oam discovery (continued)

LABEL DESCRIPTION

Info. revision This field displays the current version of local state and configuration. This two-octet

value starts at zero and increments every time the local state or configuration changes.

Parser state This field indicates the current state of the parser.

Forward: The packet is forwarding packets normally. Loopback: The Switch is in loopback mode. Discard: The Switch is discarding non-OAMPDUs because it is trying to or has put the

remote device into loopback mode.

Discovery state This field indicates the state in the OAM discovery process. OAM-enabled devices use

this process to detect each other and to exchange information about their OAM configuration and capabilities. OAM discovery is a handshake protocol.

Fault: One of the devices is transmitting OAM PDUs with link fault information, or the interface is not operational.

Active Send Local: The Switch is in active mode and is trying to see if the remote device supports OAM.

Passive Wait: The Switch is in passive mode and is waiting for the remote device to begin OAM discovery.

Send Local Remote: This state occurs in the following circumstances.

• The Switch has discovered the remote device but has not accepted or rejected the connection yet.

• The Switch has discovered the remote device and rejected the connection.

Send Local Remote OK: The Switch has discovered the remote device and has accepted the connection. In addition, the remote device has not accepted or rejected the connection yet, or the remote device has rejected the connected.

Send Any: The Switch and the remote device have accepted the connection. This is the operating state for OAM links that are fully operational.

This example looks at the number of OAM packets transferred on port 1.

sysname# show ethernet oam statistics 1 Port 1 Statistics:

---------- Information OAMPDU Tx : 0 Information OAMPDU Rx : 0 Event Notification OAMPDU Tx : 0 Event Notification OAMPDU Rx : 0 Loopback Control OAMPDU Tx : 0 Loopback Control OAMPDU Rx : 0 Variable Request OAMPDU Tx : 0 Variable Request OAMPDU Rx : 0 Variable Response OAMPDU Tx : 0 Variable Response OAMPDU Rx : 0 Unsupported OAMPDU Tx : 0 Unsupported OAMPDU Rx : 0

VES Switch CLI Reference Guide

Page 81

Chapter 21 Ethernet OAM Commands

The following table describes the labels in this screen.

Table 59 show ethernet oam statistics

LABEL DESCRIPTION

Information OAMPDU Tx This field displays the number of OAM PDUs sent on the port.

Information OAMPDU Rx This field displays the number of OAM PDUs received on the port.

Event Notification OAMPDU TxThis field displays the number of unique or duplicate OAM event notification PDUs

Event Notification OAMPDU RxThis field displays the number of unique or duplicate OAM event notification PDUs

Loopback Control OAMPDU TxThis field displays the number of loopback control OAM PDUs sent on the port.

Loopback Control OAMPDU RxThis field displays the number of loopback control OAM PDUs received on the port.

Variable Request OAMPDU TxThis field displays the number of OAM PDUs sent to request MIB objects on the

Variable Request OAMPDU RxThis field displays the number of OAM PDUs received requesting MIB objects on the

Variable Response OAMPDU Tx

Variable Response OAMPDU Rx

Unsupported OAMPDU Tx This field displays the number of unsupported OAM PDUs sent on the port.

Unsupported OAMPDU Rx This field displays the number of unsupported OAM PDUs received on the port.

sent on the port.

received on the port.

remote device.

Switch.

This field displays the number of OAM PDUs sent by the Switch in response to requests.

This field displays the number of OAM PDUs sent by the remote device in response to requests.

This example looks at the configuration of ports on which OAM is enabled.

sysname# show ethernet oam summary

OAM Config: U : Unidirection, R : Remote Loopback L : Link Events , V : Variable Retrieval

Local Remote

------------- ----------------------------------------Port Mode MAC Addr OUI Mode Config

----- ------- ----------------- ------ ------- -------1 Active

The following table describes the labels in this screen.

Table 60 show ethernet oam summary

LABEL DESCRIPTION

Local This section displays information about the ports on the Switch.

Port This field displays the port number.

Mode This field displays the operational state of the port.

Remote This section displays information about the remote device.

MAC Addr This field displays the MAC address of the remote device.

OUI This field displays the OUI (first three bytes of the MAC address) of the remote device.

VES Switch CLI Reference Guide

Page 82

Chapter 21 Ethernet OAM Commands

Table 60 show ethernet oam summary (continued)

LABEL DESCRIPTION

Mode This field displays the operational state of the remote device.

Config This field displays the capabilities of the Switch and remote device. THe capabilities are

identified in the OAM Config section.

VES Switch CLI Reference Guide

Page 83

External Alarm Commands

Use these commands to configure the external alarm features on the Switch.

22.1 Command Summary

The following section lists the commands for this feature.

Table 61 externalalarm Command Summary

COMMAND DESCRIPTION M P

externalalarm <index> name

externalalarm <index> off

externalalarm <index> on

no externalalarm <index> name

no externalalarm <index> switch

externalalarm extalarm1 <alarmname_string>

externalalarm extalarm2 <alarmname_string>

externalalarm extalarm3 <alarmname_string>

externalalarm extalarm4 <alarmname_string>

no externalalarm extalarm1

no externalalarm extalarm2

no externalalarm extalarm3

no externalalarm extalarm4

show externalalarm

CHAPTER 22

Sets the name of the specified external alarm (1-4). C 13

Turns off the specified external alarm (1-4). C 13

Turns on the specified external alarm (1-4). C 13

Clears the name set for the specified external alarm (1-4). C 13

Turns on the alarm for the specified external alarm (1-4). C 13

Sets the name of the first external alarm.

alarmname_string: Enters a name of up to 32 ASCII characters.

Sets the name of the second external alarm C 13

Sets the name of the third external alarm C 13

Sets the name of the fourth external alarm C 13

Resets the name of the first external alarm to the default (External alarm 1).

Resets the name of the second external alarm to the default (External alarm 2).

Resets the name of the third external alarm to the default (External alarm 3).

Resets the name of the fourth external alarm to the default (External alarm 4).

Displays external alarm settings. E 13

C13

VES Switch CLI Reference Guide

Page 84

Chapter 22 External Alarm Commands

22.2 Command Examples

This example configures and shows the name of the external alarm.

sysname# configure sysname(config)# externalalarm extalarm1 dooropen sysname(config)# exit sysname# show externalalarm extalarm1: dooropen extalarm2: External alarm 2 extalarm3: External alarm 3 extalarm4: External alarm 4

VES Switch CLI Reference Guide

Page 85

GARP Commands

Use these commands to configure GARP.

23.1 GARP Overview

Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values.

23.2 Command Summary

CHAPTER 23

The following section lists the commands for this feature.

Table 62 garp Command Summary

COMMAND DESCRIPTION M P

show garp

garp join <join-timer> leave <200~65535> leaveall <200~65535>

Displays GARP information. E 13

Configures GARP time settings (in milliseconds), including the join, leave and leave all timers for each port. Leave Time must be at least two times larger than Join Timer, and Leave All Timer must be larger than Leave Timer.

join-timer: 100~65535 or 100~32767. This timer range may vary depending on the Switch model.

C13

VES Switch CLI Reference Guide

Page 86

Chapter 23 GARP Commands

23.3 Command Examples

In this example, the administrator looks at the Switch’s GARP timer settings and decides to change them. The administrator sets the Join Timer to 300 milliseconds, the Leave Timer to 800 milliseconds, and the Leave All Timer to 11000 milliseconds.

sysname# show garp

GARP Timer

-----------------------Join Timer :200 Leave Timer :600 Leave All Timer :10000 sysname# configure sysname(config)# garp join 300 leave 800 leaveall 11000 sysname(config)# exit sysname# show garp

GARP Timer

-----------------------Join Timer :300 Leave Timer :800 Leave All Timer :11000

VES Switch CLI Reference Guide

Page 87

GVRP Commands

Use these commands to configure GVRP.

24.1 Command Summary

The following section lists the commands for this feature.

Table 63 gvrp Command Summary

COMMAND DESCRIPTION M P

show vlan1q gvrp

vlan1q gvrp

no vlan1q gvrp

interface port-channel <port- list>

gvrp

no gvrp

CHAPTER 24

Displays GVRP settings. E 13

Enables GVRP. C 13

Disables GVRP on the Switch. C 13

Enters config-interface mode for the specified port(s). C 13

Enables this function to permit VLAN groups beyond the local Switch.

Disable GVRP on the port(s). C 13

C13

24.2 Command Examples

This example shows the Switch’s GVRP settings.

sysname# show vlan1q gvrp

GVRP Support

----------------------gvrpEnable = YES gvrpPortEnable:

This example turns off GVRP on ports 1~5.

sysname# configure sysname(config)# interface port-channel 1-5 sysname(config-interface)# no gvrp sysname(config-interface)# exit sysname(config)# exit

VES Switch CLI Reference Guide

Page 88

HTTPS Server Commands

Use these commands to configure the HTTPS server on the Switch.

25.1 Command Summary

The following section lists the commands for this feature.

Table 64 https Command Summary

COMMAND DESCRIPTION M P

show https

show https certificate

show https key <rsa|dsa>

show https key <rsa|dsa|dh>

show https session

show https timeout

https timeout <0~65535>

no https timeout

https cert-regeneration <rsa|dsa>

CHAPTER 25

Displays the HTTPS settings, statistics, and sessions. E 13

Displays the HTTPS certificates. E 13

Displays the HTTPS key. E 13

Displays current settings for HTTPS sessions. E 13

Displays current HTTPS cache timeout. E 13

Sets the cache timeout value. C 13

Resets the cache timeout to the default value. C 13

Re-generates a certificate. C 13

VES Switch CLI Reference Guide

Page 89

Chapter 25 HTTPS Server Commands

25.2 Command Examples

This example shows the current HTTPS settings, statistics, and sessions.

sysname# show https Configuration Version : SSLv3, TLSv1 Maximum session number: 64 sessions Maximum cache number : 128 caches Cache timeout : 300 seconds Support ciphers : DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA DES-CBC3-MD5 DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA DHE-DSS-RC4-SHA IDEA-CBC-SHA RC4-SHA RC4-MD5 IDEA-CBC-MD5 RC2-CBC-MD5 RC4-MD5

Statistics: Total connects : 7 Current connects : 2 Connects that finished: 7 Renegotiate requested : 0 Session cache items : 1 Session cache hits : 6 Session cache misses : 0 Session cache timeouts: 0

Sessions: Remote IP Port Local IP Port SSL bytes Sock bytes

172.23.5.15 4011 127.0.0.1 1032 4303 2170

172.23.5.15 4012 127.0.0.1 1033 3697 2161

The following table describes the labels in this screen.

Table 65 show https

LABEL DESCRIPTION

Configuration

Version This field displays the current version of SSL (Secure Sockets Layer) and TLS (Transport

Maximum session number This field displays the maximum number of HTTPS sessions the Switch supports.

Maximum cache number This field displays the maximum number of entries in the cache table the Switch

Cache timeout This field displays how long entries remain in the cache table before they expire.

Support ciphers This field displays the SSL or TLS cipher suites the Switch supports for HTTPS sessions. The

Statistics

Total connects This field displays the total number of HTTPS connections since the Switch started up.

Current connects This field displays the current number of HTTPS connections.

Connects that finished This field displays the number of HTTPS connections that have finished.

Renegotiate requested This field displays the number of times the Switch requested clients to renegotiate the

Layer Security).

supports for HTTPS sessions.

cipher suites are identified by their OpenSSL equivalent names. If the name does not include the authentication used, assume RSA authentication. See SSL v2.0, SSL v3.0, TLS v1.0, and RFC 3268 for more information.

SSL connection parameters.

VES Switch CLI Reference Guide

Page 90

Chapter 25 HTTPS Server Commands

Table 65 show https (continued)

LABEL DESCRIPTION

Session cache items This field displays the current number of items in cache.

Session cache hits This field displays the number of times the Switch used cache to satisfy a request.

Session cache misses This field displays the number of times the Switch could not use cache to satisfy a

request.

Session cache timeouts This field displays the number of items that have expired in the cache.

Sessions

Remote IP This field displays the client’s IP address in this session.

Port This field displays the client’s port number in this session.

Local IP This field displays the Switch’s IP address in this session.

Port This field displays the Switch’s port number in this session.

SSL bytes This field displays the number of bytes encrypted or decrypted by the Secure Socket

Layer (SSL).

Sock bytes This field displays the number of bytes encrypted or decrypted by the socket.

This example shows the current settings for HTTPS sessions.

sysname# show https session SSL-Session: Protocol : SSLv3 Cipher : RC4-MD5 Session-ID: 68BFB25BFAFEE3F0F15AB7B038EAB6BACE4AB7A4A6A5280E55943B7191057C96 Session-ID-ctx: 7374756E6E656C20534944 Master-Key: 65C110D9BD9BB0EE36CE0C76408C121DAFD1E5E3209614EB0AC5509CDB60D0904937DA4B A5BA058B57FD7169ACDD4ACF Key-Arg : None Start Time: 2252 Timeout : 300 (sec) Verify return code: 0 (ok)

The following table describes the labels in this screen.

Table 66 show https session

LABEL DESCRIPTION

Protocol This field displays the SSL version used in the session.

Cipher This field displays the encryption algorithms used in the session.

Session-ID This field displays the session identifier.

Session-ID-ctx This field displays the session ID context, which is used to label the data and cache in

the sessions and to ensure sessions are only reused in the appropriate context.

Master-Key This field displays the SSL session master key.

Key-Arg This field displays the key argument that is used in SSLv2.

Start Time This field displays the start time (in seconds, represented as an integer in standard UNIX

format) of the session.

Timeout This field displays the timeout for the session. If the session is idle longer than this, the

Verify return code This field displays the return code when an SSL client certificate is verified.

Switch automatically disconnects.

VES Switch CLI Reference Guide

Page 91

IEEE 802.1x Authentication

Use these commands to configure IEEE 802.1x authentication.

Note: Do not forget to configure the authentication server.

26.1 Command Summary

The following section lists the commands for this feature.

Table 67 port-access-authenticator Command Summary

COMMAND DESCRIPTION M P

show port-access-authenticator

show port-access-authenticator <port-list>

port-access-authenticator

no port-access-authenticator

port-access-authenticator <port-list>

no port-access-authenticator <port-list>

port-access-authenticator <port-list> reauthenticate

no port-access-authenticator <port-list> reauthenticate

port-access-authenticator <port-list> reauth-period <165535>

CHAPTER 26

Commands

Displays all port authentication settings. E 13

Displays port authentication settings on the specified port(s). E 13

Enables 802.1x authentication on the Switch. C 13

Disables port authentication on the Switch. C 13

Enables 802.1x authentication on the specified port(s). C 13

Disables authentication on the listed ports. C 13

Sets a subscriber to periodically re-enter his or her username and password to stay connected to a specified port.

Disables the re-authentication mechanism on the listed port(s).

Specifies how often (in seconds) a client has to re-enter the username and password to stay connected to the specified port(s).

C13

26.2 Command Examples

This example configures the Switch in the following ways:

1 Specifies the RADIUS server at IP address 10.10.10.1 on port 1890 with the string secretKey as the

password.

VES Switch CLI Reference Guide

Page 92

Chapter 26 IEEE 802.1x Authentication Commands

2 Enables port authentication on the Switch.

3 Enables port authentication on ports 4 to 8.

4 Activates reauthentication on the ports.

5 Specifies 1800 seconds as the interval for client reauthentication.

sysname(config)# radius-server host 10.10.10.1 auth-port 1890 key

--> secretKey sysname(config)# port-access-authenticator sysname(config)# port-access-authenticator 4-8 sysname(config)# port-access-authenticator 4-8 reauthenticate sysname(config)# port-access-authenticator 4-8 reauth-period 1800

This example configures the Switch in the following ways:

1 Disables authentication on the Switch.

2 Disables re-authentication on ports 1, 3, 4, and 5.

3 Disables authentication on ports 1, 6, and 7.

sysname(config)# no port-access-authenticator sysname(config)# no port-access-authenticator 1,3-5 reauthenticate sysname(config)# no port-access-authenticator 1,6-7

VES Switch CLI Reference Guide

Page 93

CHAPTER 27

multicast table

maintains a

IGMP Commands

Use these commands to configure IGMP related commands on the Switch. See following for IGMP related term definitions.

IGMP (Internet Group Management Protocol) - This is a protocol used to establish membership in a multicast group.

Figure 1 IGMP Example

• IGMP join/leave reports (A) - An IGMP join report is sent from a host when it wants to be a member of

a multicast group. When the host doesn’t want to be a member of a multicast group any more, it sends an IGMP leave report.

• IGMP query and report (B) - A router sends an IGMP query to its downlink switch(es) to ask a multicast

group member list (also called multicast table). Then the switch(es) that received the IGMP query send the list to the router.

• IGMP snooping - This feature groups multicast traffic (C) and only forwards a group’s traffic to ports

that are members of that group. Without IGMP snooping, a switch does not understand multicast and will broadcast multicast traffic to all the ports in a network. IGMP snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your switch.

• IGMP group limit - This feature limits the number of multicast groups a port is allowed to join.

• IGMP immediate leave - The Switch removes a port from the multicast table immediately when an IGMP leave report is received on the port.

• IGMP proxy - The Switch only forwards IGMP join/leave reports to its uplink router when necessary. It can reduce the upstream multicast traffic to the aggregated device significantly.

Note: See Chapter 28 on page 99 for IGMP filtering commands.

VES Switch CLI Reference Guide

Page 94

Chapter 27 IGMP Commands

27.1 Command Summary

The following section lists the commands for this feature.

Table 68 igmp-flush Command Summary

COMMAND DESCRIPTION M P

igmp-flush

Table 69 igmp-snooping Command Summary

COMMAND DESCRIPTION M P

show igmp-snooping

show igmp-snooping currentgroup <port-number>

show igmp-snooping joincounetr <port-number>

show igmp-snooping leavecounetr <port-number>

show igmp-snooping querier

show igmp-snooping querycounetr <port-number>

igmp-snooping

Removes all IGMP information. E 13

Displays global IGMP snooping settings. E 13

Displays the number of multicast groups the specified VDSL port is currently a member of.

Displays the number of IGMP join reports the specified VDSL port received from the VDSL subscriber.

Displays the number of IGMP leave reports the specified VDSL port received from the VDSL subscriber.

Displays the IGMP query mode for the ports on the Switch. E 3

Displays the number of the IGMP queries received or transmitted on the specified port.

Enables IGMP snooping.

E13

C13

no igmp-snooping

igmp-snooping 8021p-priority <0~7>

no igmp-snooping 8021ppriority

igmp-snooping mld-support

no igmp-snooping mld-support

igmp-snooping host-timeout <116711450>

igmp-snooping leave-timeout <1-16711450>

Note: You have to disable IGMP proxy before

enabling IGMP proxy.

Disables IGMP snooping. C 13

Sets the 802.1p priority for outgoing IGMP snooping frames. C 13

Disables changing the priority of outgoing IGMP control frames.

Enables Multicast Listener Discovery version one (MLD v1) and version two (MLD v2) on the Switch. See Chapter 32 on

page 115 for information about MLD.

Disables MLD v1 and MLD v2 on the Switch. C 13

Sets how many seconds to remove an IGMP group membership entry if the Switch does not receive any IGMP join or leave reports from the host.

Sets how many seconds the Switch waits before removing an IGMP snooping membership entry when an IGMP leave report is received from a host.

C13

VES Switch CLI Reference Guide

Page 95

Chapter 27 IGMP Commands

Table 69 igmp-snooping Command Summary (continued)

COMMAND DESCRIPTION M P

igmp-snooping reservemulticast-frame <drop|flooding>

igmp-snooping unknownmulticast-frame <drop|flooding>

Sets the action to perform when the Switch receives a frame with a reserved multicast address.

flooding: Sets this if you want the Switch to forward the reserved multicast frame to all ports.

drop: Sets this if you want the Switch to drop the frame.

Sets the action to perform when the Switch receives an unknown multicast frame. As the “unknown”, for example, no any subscriber requested to join a multicast group but uplink device sends the group traffic to the Switch.

flooding: Sets this if you want the Switch to forward the unknown multicast frame to all ports.

drop: Sets this if you want the Switch to drop the frame.

C13

Table 70 igmp-snooping vlan Command Summary

COMMAND DESCRIPTION M P

show igmp-snooping vlan

igmp-snooping vlan mode <auto|fixed>

igmp-snooping vlan <vlan-id> [name <name>]

Displays the VLANs on which IGMP snooping is enabled. E 13

Specifies how the VLANs on which the Switch snoops IGMP frames are selected.

auto: The Switch learns multicast group membership on all VLANs. See the User’s Guide for the maximum number of VLANs the switch supports for IGMP snooping. The Switch drops any IGMP control messages after it reaches this maximum number (auto mode).

fixed: The Switch only learns multicast group membership on specified VLAN(s). The Switch drops any IGMP control messages for any unspecified VLANs (fixed mode). See the User’s Guide for the maximum number of VLANs the switch supports for IGMP snooping.

Specifies which VLANs to perform IGMP snooping on if the query mode is fixed. Optionally, sets a name for the multicast VLAN.

C13

name: 1-64 printable characters; spaces are allowed if you put the string in double quotation marks (“).

no igmp-snooping vlan <vlanid>

Removes IGMP snooping configuration on the specified VLAN if the query mode is fixed.

C13

Table 71 igmp-proxy Command Summary

COMMAND DESCRIPTION M P

show igmp-proxy

show igmp-proxy current-group <port-number>

show igmp-proxy join-counter <port-number>

show igmp-proxy leave-counter <port-number>

show igmp-proxy query-counter <port-number>

Displays global IGMP proxy settings. E 13

Displays the number of IGMP groups the specified VDSL port currently joins.

Displays the number of IGMP join reports the specified VDSL port received from DSL subscribers.

Displays the number of IGMP leave reports the specified VDSL port received from DSL subscribers.

Displays the number of IGMP query reports the specified VDSL port received from an IGMP multicast router.

E13

VES Switch CLI Reference Guide

Page 96

Chapter 27 IGMP Commands

Table 71 igmp-proxy Command Summary (continued)

COMMAND DESCRIPTION M P

igmp-proxy

Enables IGMP proxy.

C13

Note: You have to disable IGMP snooping before

enabling IGMP proxy.

igmp-proxy v3mode

Enables Multicast Group Membership Discovery version three (MGMDv3) and has the Switch send IGMPv3 or MLDv2 queries instead of IGMPv2 or MLDv1 queries.

MGMD version two (MGMDv2) indicates IGMPv2 in IPv4 networks and MLDv1 in IPv6 networks. MGMDv3 indicates IGMPv3 in IPv4 networks and MLDv2 in IPv6 networks.

C13

Note: This setting applies only in IGMP proxy mode.

no igmp-proxy

no igmp-proxy v3mode

Disables IGMP proxy. E 13

Disables MGMDv3 and has the Switch send IGMPv2 or MLDv1 queries instead of IGMPv3 or MLDv2 queries.

E13

Table 72 interface igmp Command Summary

COMMAND DESCRIPTION M P

show interfaces config <port-

Displays the group limits for IGMP snooping. E 13

list> igmp-group-limited

show interfaces config <port-

Displays the immediate leave settings for IGMP snooping. E 13

list> igmp-immediate-leave

show interfaces config <port- list> igmp-query-mode

show interfaces config <port-

Displays the IGMP query mode setting for the specified port(s).

Displays the IGMP message limits for IGMP snooping. E 13

E13

list> igmp-msg-limited

interface port-channel <port-

Enters config-interface mode for the specified port(s). C 13

list>

igmp-group-limited

no igmp-group-limited

igmp-group-limited number <0~255>

igmp-immediate-leave

no igmp-immediate-leave

igmp-msg-limited

igmp-msg-limited number <0~255>

Enables the group limiting feature for IGMP snooping. You must enable IGMP snooping as well.

Disables multicast group limits. C 13

Sets the maximum number of multicast groups to which the port is allowed to join.

Enables the immediate leave function for IGMP snooping. You must enable IGMP snooping as well.

Disables the immediate leave function for IGMP snooping. C 13

Enables the IGMP message limit for IGMP snooping. C 13

Sets the maximum number of multicast frames this port is allowed to flow through.

C13

VES Switch CLI Reference Guide

Page 97

Chapter 27 IGMP Commands

Table 72 interface igmp Command Summary (continued)

COMMAND DESCRIPTION M P

no igmp-msg-limited

igmp-querier-mode <auto|fixed|edge>

Enables the IGMP message limiting feature for IGMP snooping.

Specifies whether or not and under what conditions the port(s) is (are) IGMP query port(s). The Switch forwards IGMP join or leave frames to an IGMP query port, treating the port as being connected to an IGMP multicast router (or server). You must enable IGMP snooping as well.

fixed: The Switch always treats the port(s) as IGMP query port(s). Select this when you connect an IGMP multicast server to the port(s).

auto: The Switch uses the port as an IGMP query port if the port received IGMP query frames recently. An auto port doesn’t forward any multicast group member information to its uplink router if the switch didn’t receive any IGMP query frames from the router within a period.

edge: The Switch does not use the port as an IGMP query port. The Sw itch does not keep any record of an IGMP router being connected to this port. The Switch does not forward IGMP join or leave frames to this port.

C13

27.2 Command Examples

This example enables IGMP snooping on the Switch, sets the host-timeout and leave-timeout values to 30 seconds, and sets the Switch to drop frames from unknown multicast groups.

sysname(config)# igmp-snooping sysname(config)# igmp-snooping host-timeout 30 sysname(config)# igmp-snooping leave-timeout 30 sysname(config)# igmp-snooping unknown-multicast-frame drop

In this example, port 1 can join up to five multicast groups.

sysname# configure sysname(config)# igmp-snooping sysname(config)# interface port-channel 1 sysname(config-interface)# igmp-group-limited sysname(config-interface)# igmp-group-limited number 5 sysname(config-interface)# exit sysname(config)# exit sysname# show interfaces config 1 igmp-group-limited Port Enable Max Multicast Group 1 YES 5

This example displays the global IGMP snooping settings.

Note: This command output may vary depending on the device model.

VES Switch CLI Reference Guide

Page 98

Chapter 27 IGMP Commands

sysname# show igmp-snooping IGMP Snooping :Enable

802.1P Priority : 1 Host Timeout : 260 Leave Timeout : 2 Unknown Multicast Frame :Flooding Reserved Multicast Frame :Flooding

The following table describes the labels in this screen.

Table 73 show igmp-snooping

LABEL DESCRIPTION

IGMP Snooping Displays whether IGMP snooping is enabled or disabled currently.

802.1P Priority Displays whether the Switch changes the priority before forwarding the IGMP snooping

control frames to uplink port(s). No Changed displays if you want to keep the original frames’ priorities. 0~7 displays if you want to change the original frames’ priorities to the priority level (0 is the lowest and 7 is the highest).

Host Timeout Displays how many seconds to remove an IGMP group membership entry if the Switch

does not receive any IGMP join reports from the host.

Leave Timeout Displays how many seconds the Switch waits before removing an IGMP snooping

membership entry when an IGMP leave report is received from a host. The Switch ignores this setting for the port on which you enable “Immediate Leave”.

Unknown Multicast Frame Displays the action to perform when the Switch receives a frame with a reserved

multicast address.

flooding: Sets this if you want the Switch to forward the frame to all ports.

drop: Sets this if you want the Switch to drop the frame.

Reserved Multicast Frame Displays the action to perform when the Switch receives an unknown multicast frame.

flooding: Sets this if you want the Switch to forward the frame to all ports.

drop: Sets this if you want the Switch to drop the frame.

This example displays the global IGMP proxy settings.

sysname# show igmp-proxy IGMP Proxy : Disable MLD support: Disable MGMDv3 mode: Enabled

The following table describes the labels in this screen.

Table 74 show igmp-proxy

LABEL DESCRIPTION

IGMP Proxy Displays whether IGMP proxy is enabled or disabled currently.

IGMP Proxy Query Count Displays the number of IGMP queries the Switch receives from its uplink port.

VES Switch CLI Reference Guide

Page 99

IGMP Filtering Commands

Use these commands to configure IGMP filters and IGMP filtering on the Switch. IGMP filtering limits the IGMP groups a subscriber on a port can join. See other IGMP related terms in the Chapter 27 on page

93.

28.1 Command Summary

The following section lists the commands for this feature.

Table 75 igmp-filtering Command Summary

COMMAND DESCRIPTION M P

show igmp-filtering profile [<name>|all]

igmp-filtering

no igmp-filtering

igmp-filtering profile <name> start-address <ip-address> end-address <ip-address>

no igmp-filtering profile <name>

no igmp-filtering profile <name> start-address <ip-

address> end-address <ipaddress>

show interfaces config <portlist> igmp-filtering

interface port-channel <portlist>

igmp-filtering profile <name>

no igmp-filtering profile

CHAPTER 28

Displays IGMP filtering profile settings for the specified profile or for all profiles.

Enables IGMP filtering on the Switch. Ports can only join multicast groups specified in their IGMP filtering profile.

Disables IGMP filtering on the Switch. C 13

Sets the range of multicast address(es) in a profile.

name: 1-32 alphanumeric characters

Removes the specified IGMP filtering profile. You cannot delete an IGMP filtering profile that is assigned to any ports.

Clears the specified rule of the specified IGMP filtering profile.

Displays IGMP filtering settings. E 13

Enters config-interface mode for the specified port(s). C 13

Assigns the specified IGMP filtering profile to the port(s). If IGMP filtering is enabled on the Switch, the port(s) can only join the multicast groups in the specified profile.

Prohibits the port(s) from joining any multicast groups if IGMP filtering is enabled on the Switch.

E13

C13

VES Switch CLI Reference Guide

Page 100

Chapter 28 IGMP Filtering Commands

28.2 Command Examples

This example restricts ports 1-4 to multicast IP addresses 224.255.255.0 through 225.255.255.255.

sysname# configure sysname(config)# igmp-filtering sysname(config)# igmp-filtering profile example1 start-address

--> 224.255.255.0 end-address 225.255.255.255 sysname(config)# interface port-channel 1-4 sysname(config-interface)# igmp-filtering profile example1 sysname(config-interface)# exit sysname(config)# exit

VES Switch CLI Reference Guide

100

Zyxel VES1724-56B2 CLI Reference Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

VES Switch

Contents Overview

Introduction

1.1 Accessing the CLI

1.1.1 Console Port

Getting Started

1.1.2 Telnet

1.1.3 SSH

1.2 Logging in

1.3 Using Shortcuts and Getting Help

1.4 Saving Your Configuration

1.5 Logging Out

1.6 How to Use This Guide

1.6.1 Background Information (Optional)

1.6.2 Command Summary

1.6.3 Syntax Conventions

1.7 Command Examples (Optional)

2.1 Privilege Levels

2.1.1 Privilege Levels for Commands

2.1.2 Privilege Levels for Login Accounts

2.1.3 Privilege Levels for Sessions

2.2 Command Modes

2.2.1 Command Modes for Privilege Levels 0-12

2.2.2 Command Modes for Privilege Levels 13-14

3.1 Changing the Administrator Password

Tutorials

3.2 Changing the Enable Password

3.3 Prohibiting Concurrent Logins

3.4 Changing the Management IP Address

3.5 Looking at Basic System Information

3.6 Looking at the Operating Configuration

3.7 Show Logs

Reference

4.1 Command Summary

AAA Commands

4.2 Command Examples

ADSL Fallback Commands

5.1 Command Summary

6.1 Command Summary

ARP Commands

6.2 Command Examples

ARP Inspection Commands

7.1 Command Summary

7.2 Command Examples

Bandwidth Commands

8.1 Command Summary

8.2 Command Examples

Broadcast Storm Commands

9.1 Command Summary

9.2 Command Examples

10.1 CFM Term Definition

CFM Commands

10.2 User Input Values

10.3 Command Summary

10.4 Command Examples

Classifier Commands

11.1 Command Summary

11.2 Command Examples

Cluster Commands

12.1 Command Summary

12.2 Command Examples

Date and Time Commands

13.1 Command Summary

13.2 Command Examples

DHCP Commands

14.1 Command Summary

14.2 Command Examples

15.1 Command Summary

15.2 Command Examples

DHCPv6 Relay Commands

16.1 Command Summary

17.1 Command Summary

DiffServ Commands

18.1 Command Summary

DoS Prevention Commands

19.1 Command Summary