Zyxel GS2220-28, GS2220-50, GS2220-10HP, GS2220-50HP, GS2220-10 CLI Reference Guide
...
Default Login Details
3'ŻMͺŻGuide
Ethernet Switch Series
Managed Ethernet Switches
Out-of-Band
MGMT Port
In-Band Ports http://setup.zyxel
User Name admin
Password 1234
http://192.168.0.1
http://DHCP-assigned IP
or
http://192.168.1.1
Version 4.80 Edition 3, 01/2023
Copyright © 2023 Zyxel and/or its affiliates. All Rights Reserved.
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a Reference Guide for a series of products intended for people who want to configure the Switch
through Command Line Interface (CLI).
Note: Some commands or command options in this guide may not be available in your
product. See your product's User’s Guide for a list of supported features. Every effort has
been made to ensure that the information in this guide is accurate.
How To Use This Guide
1 Read Chapter 1 on page 10 for how to access and use the CLI (Command Line Interface).
2 Read Chapter 3 on page 17 to learn about the CLI user and privilege modes.
Do not use commands not documented in this guide.
Related Documentation
•Quick Start Guide
The Quick Start Guide shows how to connect the Switch and access the Web Configurator.
• User’s Guide
The User’s Guide explains how to use the Web Configurator to configure the Switch.
Note: It is recommended you use the Web Configurator to configure the Switch.
• Nebula Control Center (NCC) Online Help
Go to https://nebula.zyxel.com/cc/ui/index.html#/help to see how to manage the Switch remotely
through Nebula Control Center.
•More Information
Go to support.zyxel.com to find other information on the Switch.
Ethernet Switch CLI Reference Guide
2
About This CLI Reference Guide
About This CLI Reference Guide
Intended Audience
This manual is intended for people who want to configure Zyxel Switches through Command Line
Interface (CLI).
The version number on the cover page refers to the latest firmware version supported by the Zyxel
Switches. This guide applies to ZyNOS 4.80 at the time of writing.
Note: This guide is intended as a command reference for a series of products. Therefore many
commands in this guide may not be available in your product. See your User’s Guide
for a list of supported features and details about feature implementation.
Please refer to www.zyxel.com for product specific User Guides and product certifications.
How To Use This Guide
• Read the How to Access the CLI chapter for an overview of various ways you can get to the
command interface on your Switch.
• Use the Reference section in this guide for command syntax, description and examples. Each chapter
describes commands related to a feature.
• To find specific information in this guide, use the Contents Overview, the Index of Commands, or
search the PDF file.
Ethernet Switch CLI Reference Guide
3
Document Conventions
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this CLI Reference Guide.
Warnings tell you about things that could harm you or your device. See
your User’s Guide for product specific warnings.
Note: Notes tell you other important information (for example, other things you may need to
configure or helpful tips) or recommendations.
Syntax Conventions
This manual follows these general conventions:
• Zyxel’s switches may be referred to as the “Switch”, the “device”, the “system” or the “product” in this
Reference Guide.
• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for
kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.
Command descriptions follow these conventions:
• Commands are in courier new font.
• Required input values are in angle brackets <>; for example,
specify an IP address for this command.
• Optional fields are in square brackets []; for instance show logins [name], the name field is optional.
The following is an example of a required field within an optional field: snmp-server [contact
<system contact>], the contact field is optiona l. However, if you use contact, then you must
provide the system contact information.
• In some commands you specify slots or interfaces by the Access ID <aid>, use “?” to show which
types of interfaces you can specify. For example, you might be able to use: slot-<slot> |
<ge|msc>-<slot>-<port> | <ge|msc>-<slot>-<port>&&-<port>.
• Use “msc-<slot>-<port>” for an uplink slot on the management switch card.
• Use “ge-<slot>-<port>” for a Gigabit Ethernet port or switch settings on a PON interface.
• Use “pon-<slot>-<port>” to configure PON interface settings.
• A “slot” is a chassis slot.
• The “port” is 1-N where N is the number of ports on the card.
• Use && to specify a range of ports.
•Lists (such as <port-list>) consist of one or more elements separated by commas. Each element
might be a single value (1, 2, 3, ...) or a range of values (1–2, 3–5, ...) separate d b y a dash .
• The | (bar) symbol means “or”.
• italic terms represent user-defined input values; for example, in snmp-server [contact <system
contact>], system contact can be replaced by the administrator’s name.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the
“Enter” or “Return” key on your keyboard.
ping <ip> means that you must
Ethernet Switch CLI Reference Guide
4
Document Conventions
• <cr> means press the [ENTER] key.
• An arrow (-->) indicates that this line is a continuation of the previous line.
Command summary tables are organized as follows:
Table 1 Example: Command Summary Table
COMMAND DESCRIPTION M P
show vlan
vlan <1-4094>
inactive
no inactive
no vlan <1-4094>
Displays the status of all VLANs. E 3
Enters config-vlan mode for the specified VLAN. Creates
the VLAN, if necessary.
Disables the specified VLAN. C 13
Enables the specified VLAN. C 13
Deletes a VLAN. C 13
C13
The Table title identifies commands or the specific feature that the commands configure.
The COMMAND column shows the syntax of the command.
• If a command is not indented, you run it in the enable or config mode. See Chapter 3 on page 17 for
more information on command modes.
• If a command is indented, you run it in a sub-command mode.
The DESCRIPTION column explains what the command does. It also identifies legal input values, if
necessary.
The M column identifies the mode in which you run the command.
• E: The command is available in enable mode. It is also available in user mode if the privilege level (P)
is less than 13.
• C: The command is available in config (not indented) or one of the sub-command modes (indented).
The P column identifies the privilege level of the command. If you do not have a high enough privilege
level you may not be able to view or execute some of the commands. See Chapter 3 on page 17 for
more information on privilege levels.
Ethernet Switch CLI Reference Guide
5
Contents Overview
Contents Overview
Introduction .........................................................................................................................................9
Introduction ................................................................................... ........................................................ 10
Command Line Interface .......................... ............. ....... ....... ....... ....... ....... ....... ....... ....... ....... .............. 14
Privilege Level and Command Mode .................................................................... ....... ....... ....... ....... 17
Initial Setup ............................................................................................................................................ 22
Reference A-G ..................................................................................................................................29
AAA Commands .................................................................................................................................. 31
Anti-Arpscan ......................................................................................................................................... 35
ARP Commands ................................................................................................................................... 37
ARP Inspection Commands ................................................................................................................ 39
ARP Learning Commands ......................... .......................................................................................... 44
Auto Configuration Commands ......................................................................................................... 45
Bandwidth Control Commands .......................................................................................................... 47
BPDU Guard .......................................................................................................................................... 50
Broadcast Storm Commands .............................................................................................................. 51
Certificates Commands ...................................................................................................................... 54
Classifier Commands ........................................................................................................................... 57
Cluster Commands ........................................................ ....... ....... ....... ....... ....... ....... ....... ..................... 62
CLV Commands ................................................................................................................................... 65
Custom Default Commands ............................................................................................................... 71
Date and Time Commands ................................................................................................................. 72
DHCP Commands ................................................................................................................................ 75
DHCP Snooping and DHCP VLAN Commands ................................................................................. 81
DiffServ Commands ............................................................................................................................. 85
Display Commands .............................................................................................................................. 86
DVMRP Commands .............................................................................................................................. 87
Error Disable and Recovery Commands ........................................................................................... 89
Ethernet OAM Commands .................................................................................................................. 93
External Alarm Commands ................................................................................................................. 98
Flex Link Commands .......................................................................................................................... 100
GARP Commands .............................................................................................................................. 103
Green Ethernet Commands ........ ....... ....... ...... ....... ....... ....... ....... .............. ....... ....... ....... ....... ............ 105
GVRP Commands .............................................................................................................................. 109
Reference H-M ................................................................................................................................111
HTTPS Server Commands ................................................................................................................... 113
Hardware Monitor Commands ......................................................................................................... 116
Ethernet Switch CLI Reference Guide
6
Contents Overview
IGMP and Multicasting Commands .................................... ....... ....... ....... ....... ....... ....... ....... ............120
IGMP Snooping Commands ............................................................................ ....... ....... ....... ............ 123
Interface Commands ........................................................................................................................ 131
Interface Loopback Mode ................................................................................................................ 137
Interface Route-domain Mode ........................................................................................................ 139
IP Commands ..................................................................................................................................... 140
IP Source Binding Commands .......................................................................................................... 146
IP Source Guard .................................................................................................................................. 148
IPv6 Commands ................................................................................................................................. 150
Layer 2 Protocol Tunnel (L2PT) Commands ..................................................................................... 175
Link Layer Discovery Protocol (LLDP) Commands .......................................................................... 178
Load Sharing Commands .................................................................................................................. 190
Logging Commands .......................................................................................................................... 192
Login Account Commands ............................................................................................ ................... 194
Loopguard Commands ..................................................................................................................... 196
MAC Address Commands ................................................................................................................. 198
MAC-based VLAN .............................................................................................................................. 201
MAC Filter Commands ....................................................................................................................... 203
MAC Forwarding Commands ........................................................................................................... 205
MAC Pinning Commands .................................................................................................................. 206
Mirroring Commands ......................................................................................................................... 208
MRSTP Commands ............................................................................................................................. 213
MSTP Commands ..................................................... ....... ....... ....... ....... ....... ....... ....... ....... ................... 216
Multiple Login Commands .............................. ....... .............. ....... ....... ....... ....... ....... ....... ....... ............ 221
MVR Commands ................................................................................................................................ 222
Reference N-S .................................................................................................................................225
NLB Commands .................................................................................................................................. 227
ONVIF Commands ............................................................................................................................. 231
OSPF Commands ................................................................................................................................ 234
Password Commands ........................................................................................................................ 246
PoE Commands .................................................................................................................................. 248
Policy Commands .............................................................................................................................. 255
Policy Route Commands ................................................................................................................... 259
Port Authentication Commands ...................................................................................................... 261
Port Security Commands ................................................................................................................... 268
Port-based VLAN Commands ........................................................................................................... 270
PPPoE IA Commands ......................................................................................................................... 272
Private VLAN Commands .................................................................................................................. 278
Protocol-based VLAN Commands ...................................................................................................282
Proxy Server and NCC Discovery Commands ................................................................................ 284
Queuing Commands ......................................................................................................................... 287
RADIUS Commands ............... ............................................................................................................. 291
Ethernet Switch CLI Reference Guide
7
Contents Overview
Remote Management Commands ................................................................................................. 294
RIP Commands ................................................................................................................................... 297
RMON ............................................................................... .................................................................... 300
Running Configuration Commands ......................................................... ....... ....... ....... ....... ....... .....307
Service Register ................................................................................................................................... 310
sFlow ................................................................................. .................................................................... 313
SNMP Server Commands ................................................................................................................... 315
Stacking Commands ........................................................................................ ....... ....... ................... 320
STP and RSTP Commands .................................................................................................................. 325
SSH Commands .................................................................................................................................. 332
Static Multicast Commands .............................................................................................................. 334
Static Route Commands ................................................................................................................... 337
Subnet-based VLAN Commands .....................................................................................................340
Syslog Commands .............................................................................................................................. 342
Reference T-Z ..................................................................................................................................343
TACACS+ Commands ........................................................................................................................ 344
Tech Support Commands .... ....... ....... ............. ....... ....... ....... ....... ....... ....... ....... ....... ....... ....... ............ 346
TFTP Commands ................................................................................................................................. 351
Time Range Commands ................................................ .................................................................... 352
Traceroute Commands ..................................................................................................................... 354
Trunk Commands ................................................................... ....... ....... ....... ....... ....... ....... ................... 355
Vendor ID-based VLAN ...................................................................................................................... 360
VLAN Commands ............................................................................................................................... 362
VLAN IP Commands ........................................................................................................................... 368
VLAN Isolation Commands ................................................................................................................ 370
VLAN Mapping Commands .............................................................................................................. 373
VLAN Port Isolation Commands ........................................................................................................ 375
VLAN Stacking Commands ............................................................................................................... 376
VLAN Trunking Commands ............................................................................................. ................... 379
Voice VLAN Commands .................................................................................................................... 380
VRRP Commands ............................................................................................................................... 383
WoL Relay Commands ...................................................................................................................... 386
ZULD Commands ................................................................................................................................ 387
Miscellaneous Commands ................................................................................................................ 389
Appendices and Index of Commands .........................................................................................400
Ethernet Switch CLI Reference Guide
8
PART I
Introduction
Introduction (10)
Privilege Level and Command Mode (17)
Initial Setup (22)
9
1.1 Overview
This command line interface (CLI) Reference Guide introduces the command line interface of the
Switch. Use the listed commands in this Guide to check the Switch status and/or configure the Switch.
At the time of writing, this Guide contains the following ZyNOS 4.80 Switches.
Some Switches require licenses to unlock additional licensed services. See Section 1.1.1 on page 10 for
more information.
Table 2 ZyNOS 4.80 Switches
SERIES MODELS ADDITIONAL LICENSE
GS2220 Series GS2220-10/10HP/28/
XGS2220 Series XGS2220-30/30HP/30F/
XMG1930 Series XMG1930-30/HP Access L3 License Layer-2 CLI basic status checking.
XS1930 Series XS1930-12/12HP/12F
XS3800-28 XS3800-28 Basic Routing License Layer-3 CLI full configuration in
28HP/50/50HP
54/54HP/54FP
CHAPTER 1
Introduction
SWITCH
TYPE
No available license Layer-2 CLI full configuration in
Layer-3
CLI SUPPORT
Standalone mode and Cloud
mode.
Requires licenses to unlock CLI
full configuration in standalone
mode.
Standalone mode and Cloud
mode.
1.1.1 License Option
At the time of writing, the following Switch licenses unlock the below services as shown in the table. The
licenses are valid for the lifetime of the Switch.
You can register your Switch and manage the Switch licenses at www.myzyxel.com. See Section 79.1 on
page 310 for the license registration information.
Note: You cannot use the unlocked services in Stacking mode and Cloud mode.
Note: See your Switch’s datasheet for the default feature specification.
Ethernet Switch CLI Reference Guide
10
Chapter 1 Introduction
Table 3 Switch License Comparison
LICENSE NAME MODEL/SERIES LICENSED SERVICES
Basic Routing
License
XS3800-28
•RIPv1,v2
•OSPF v2
•DVMRP
•IGMP
•L3 Loopback Interface
Note: XS3800-28 supports all Access L3 License features by
default.
Access L3
License
XMG1930 Series
XS1930 Series
• CLI (Command Line Interface) configurati on
Note: This management method is supported using the console port
(XMG1930 only), telnet or SSH.
• IP Address table (up to 1,024 entries)
• MAC Address table (up to 32,000 entries)
• SNMP (Simple Network Management Protocol) Trap
• Private MIB (Management Information Base)
• Auto PD (powered device) Recovery
• Flex Link (primary/backup link)
• OAM (Operations, Administration and Maintenance)
• Asymmetric Flow Control
• BPDU (Bridge Protocol Data Units) Control
• ZULD (Zyxel Unidirectional Link Detection)
• MAC Pinning
• IGMP Snooping Smart Forward
•IPv6 Multicast
• MLD Snooping Proxy
• MVR (Multicast VLAN Registration) configuration
• Diffserv (Differentiated Services)
• sFlow (sampled Flow) agent
• MRSTP (Multiple Rapid Spanning Tree Protocol)
• Subnet / Protocol / MAC Based VLANs
•802.1Q Static VLANs (up to 4,094 entries)
• VLAN Isolation / Mapping / Stacking
• Selective QinQ
• DHCP Server Guard
• IPv4 Static Route (up to 64 entries)
• IPv6 Static Route (up to 64 entries)
• Multiple TACACS+ (Terminal Access Controller Access Control System) Server
• TACACS+ Authentication
• TACACS+ Accounting
• IPv4 Classifier (up to 256 entries)
• Policy Rule (up to 384 entries)
• Anti-Arpscan (Address Resolution Protocol scan)
• BPDU (Bridge Protocol Data Units) Guard
• Errdisable (Error-Disable)
•IPv4 / IPv6 Source Guard
• ARP (Address Resolution Protocol) Freeze
•ARP Inspection
• MAC Authentication per VLAN
• Compound Authentication
•MAC Freeze
• Auto Configuration file download
• DHCP Client Option 60
• Networked AV Mode
• IPv6 NS (Neighbor Solicitation) Tracking
•CLV Mode
Table 4 Services With Access L3 License Comparison
SERVICES WITHOUT ACCESS L3 LICENSE WITH ACCESS L3 LICENSE
IP Address table up to 512 entries up to 1,024 entries
MAC Address table up to 16,000 entries up to 32,000 entries
802.1Q Static VLANs up to 1,024 entries up to 4,094 entries
IPv4 Static Route up to 32 entries up to 64 entries
Ethernet Switch CLI Reference Guide
11
Table 4 Services With Access L3 License Comparison (continued)
SERVICES WITHOUT ACCESS L3 LICENSE WITH ACCESS L3 LICENSE
IPv6 Static Route up to 32 entries up to 64 entries
IPv4 Classifier up to 128 entries up to 256 entries
Policy Rule up to 256 entries up to 384 entries
If your Switch needs to be replaced due to certain causes, contact our support team for the license
transfer process.
1.2 Stacking Mode
The Switch can work in Stacking mode and directly connect to other switches. The switches then
operate together and act as a single switch or a virtual chassis. The stackable switches can be
managed from a master switch in the stack. See Section 82.1 on page 320 for more information about
stacking and the stacking commands.
Figure 1 Stacking Example
Chapter 1 Introduction
The following Switches support stacking at the time of writing.
Table 5 Switch Models that Support Stacking
SERIES/MODELS MAXIMUM SWITCHES ALLOWED PER STACK
XS3800-28 4
1.3 Switch-specific Features
The following features and commands are only supported by certain Switches.
Table 6 Switch-specific Features
FEATURE/COMMAND SUPPORTED MODEL/SERIES QUICK LINKS
Fiber Module Rescue XGS2220/XMG1930/XS1930 Series reset sfp <port-list>
Green Ethernet – EEE GS2220/XGS2220/XMG1930/XS1930
Series
XS3800-28
Ethernet Switch CLI Reference Guide
green-ethernet eee
12
Table 6 Switch-specific Features (continued)
FEATURE/COMMAND SUPPORTED MODEL/SERIES QUICK LINKS
Green Ethernet – Auto Power
Down
Green Ethernet – Short Reach GS2220/XGS2220/XMG1930/XS1930
Trunk Non-unicast Traffic
Criteria Settings
Hardware Monitor Commands GS2220/XGS2220/XMG1930/XS1930
GS2220/XGS2220/XMG1930/XS1930
Series
XS3800-28
Series
XS3800-28
XS3800-28 trunk non-unicast criteria
Series
XS3800-28
green-ethernet auto-power-down
green-ethernet short-reach
<src|dst|port|src-mac|dst-mac|srcip|dst-ip>
Hardware Monitor Commands Overview
Ethernet Switch CLI Reference Guide
13
Chapter 2 Command Line Interface
Command Line Interface
2.1 CLI Overview
The command line interface provides a management interface where you can check the Switch status,
interface statistics, and configure the Switch settings. The CLI is also helpful when you want to
troubleshoot your configuration on the Switch.
2.2 Accessing the CLI
CHAPTER 2
Use any of the following methods to access the CLI.
2.2.1 Console Port
1 Connect your computer to the console port on the Switch using the appropriate cable.
2 Use terminal emulation software with the following settings:
Table 7 Default Settings for the Console Port
SETTING DEFAULT VALUE
Terminal Emulation VT100
Baud Rate 115200 bps
Parity None
Number of Data Bits 8
Number of Stop Bits 1
Flow Control None
3 Press [ENTER] to open the login screen.
2.2.2 Telnet
1 Connect your computer to one of the Ethernet ports.
2 Open a Telnet session to the Switch’s IP address. If this is your first login, use the default values.
Ethernet Switch CLI Reference Guide
14
Table 8 Default Management IP Address
SETTING DEFAULT VALUE
IP Address 192.168.1.1
Subnet Mask 255.255.255.0
Make sure your computer IP address is in the same subnet, unless you are accessing the Switch through
one or more routers.
2.2.3 SSH
1 Connect your computer to one of the Ethernet ports.
2 Use a SSH client program to access the Switch. If this is your first login, use the default values in Table 8 on
page 15 and Table 9 on page 15. Make sure your computer IP address is in the same subnet, unless you
are accessing the Switch through one or more routers.
2.3 Logging in
Chapter 2 Command Line Interface
Use the administrator username and password. If this is your first login, use the default values.
Table 9 Default User Name and Password
SETTING DEFAULT VALUE
User Name admin
Password 1234
Note: The Switch automatically logs you out of the management interface after 5 minutes of
inactivity. If this happens to you, simply log back in again.
2.4 Using Shortcuts and Getting Help
This table identifies some shortcuts in the CLI, as well as how to get help.
Table 10 CLI Shortcuts and Help
COMMAND / KEYS DESCRIPTION
history
(up/down arrow keys)
[CTRL]+U
[TAB]
?
help
Displays a list of recently-used commands.
Scrolls through the list of recently-used commands. You can edit any
command or press [ENTER] to run it again.
Clears the current command.
Auto-completes the keyword you are typing if possible. For example, type
config, and press [TAB]. The Switch finishes the word configure.
Displays the keywords and/or input values that are allowed in place of the ?.
Displays the (full) commands that are allowed in place of help.
Ethernet Switch CLI Reference Guide
15
Chapter 2 Command Line Interface
2.5 Saving Your Configuration
When you run a command, the Switch saves any changes to its run-time memory. The Switch loses these
changes if it is turned off or loses power. Use the
current configuration permanently to non-volatile memory.
sysname# write memory
Note: You should save your changes after each CLI session. All unsaved configuration
changes are lost once you restart the Switch.
2.6 Logging Out
Enter logout to log out of the CLI. You have to be in user, enable, or config mode. See Chapter 3 on
page 17 for more information about modes.
write memory command in enable mode to save the
Ethernet Switch CLI Reference Guide
16
Chapter 3 Privilege Level and Command Mode
CHAPTER 3
Privilege Level and
Command Mode
3.1 Privilege Level and Command Mode Overview
This chapter introduces the CLI privilege levels and command modes.
• The privilege level determines whether or not a user can run a particular command.
• If a user can run a particular command, the user has to run it in the correct mode.
3.2 Privilege Levels
Every command has a privilege level (0 – 14). Users can run a command if the session’s privilege level is
greater than or equal to the command’s privilege level. The session’s privilege level initially comes from
the login account’s privilege level, though it is possible to change the session’s privilege level after
logging in.
3.2.1 Privilege Levels for Commands
The privilege level of each command is listed in the Reference A-G chapters on page 29.
At the time of writing, commands have a privilege level of 0, 3, 13, or 14. The following table summarizes
the types of commands at each of these privilege levels.
Table 11 Types of Commands at Different Privilege Levels
PRIVILEGE LEVEL TYPES OF COMMANDS AT THIS PRIVILEGE LEVEL
0 Display basic system information.
3 Display configuration or status.
13 Configure features except for login accounts, SNMP user accounts, the authentication
method sequence and authorization settings, multiple logins, admi nistrator and enable
passwords, and configuration information display.
14 Configure login accounts, SNMP user accounts, the authentication method sequence and
authorization settings, multiple logins, and administrator and enable passwords, and display
configuration information.
Ethernet Switch CLI Reference Guide
17
3.2.2 Privilege Levels for Login Accounts
You can manage the privilege levels for login accounts in the following ways:
• Using commands. Login accounts can be configured by the admin account or any login account
with a privilege level of 14. See Chapter 47 on page 194.
• Using vendor-specific attributes in an external authentication server. See the User’s Guide for more
information.
The admin account has a privilege level of 14, so the administrator can run every command. You
cannot change the privilege level of the admin account.
3.2.3 Privilege Levels for Sessions
The session’s privilege level initially comes from the privilege level of the login account the user used to
log in to the Switch. After logging in, the user can use the following commands to change the session’s
privilege level.
3.2.3.1 enable Command
This command raises the session’s privilege level to 14. It also changes the session to enable mode (if not
already in enable mode). This command is available in user mode or enable mode, and users have to
know the enable password.
In the following example, the login account user0 has a privilege level of 0 but knows that the enable
password is 123456. Afterwards, the session’s privilege level is 14, instead of 0, and the session changes to
enable mode.
sysname> enable
Password: 123456
sysname#
The default enable password is 1234. Use this command to set the enable password.
password <password>
<password> consists of 1 – 32 alphanumeric characters. For example, the following command sets the
enable password to 123456. See Section 62.2 on page 246 for more information about this command.
sysname(config)# password 123456
The password is sent in plain text and stored in the Switch’s buffers. Use this command to set the cipher
password for password encryption.
password cipher <password>
<password> consists of 32 alphanumeric characters. For example, the following command encrypts the
enable password with a 32-character cipher password. See Section 62.2 on page 246 for more
information about this command.
sysname(config)# password cipher qwertyuiopasdfghjklzxcvbnm123456
Ethernet Switch CLI Reference Guide
18
Chapter 3 Privilege Level and Command Mode
3.2.3.2 enable <0–14> Command
This command raises the session’s privilege level to the specified level. It also changes the session to
enable mode, if the specified level is 13 or 14. This command is available in user mode or enable mode,
and users have to know the password for the specified privilege level.
In the following example, the login account user0 has a privilege level of 0 but knows that the password
for privilege level 13 is pswd13. Afterwards, the session’s privilege level is 13, instead of 0, and the session
changes to enable mode.
sysname> enable 13
Password: pswd13
sysname#
Users cannot use this command until you create passwords for specific privilege levels. Use the following
command to create passwords for specific privilege levels.
password <password> privilege <0–14>
<password> consists of 1 – 32 alphanumeric characters. For example, the following command sets the
password for privilege level 13 to pswd13. See Section 62.2 on page 246 for more information about this
command.
sysname(config)# password pswd13 privilege 13
3.2.3.3 disable Command
This command reduces the session’s privilege level to 0. It also changes the session to user mode. This
command is available in enable mode.
3.2.3.4 show privilege command
This command displays the session’s current privilege level. This command is available in user mode or
enable mode.
sysname# show privilege
Current privilege level : 14
3.3 Command Modes
The CLI is divided into several modes. If a user has enough privilege to run a particular command, the
user has to run the command in the correct mode. The modes that are available depend on the
session’s privilege level.
3.3.1 Command Modes for Privilege Levels 0 – 12
If the session’s privilege level is 0 – 12, the user and all of the allowed commands are in user mode. Users
do not have to change modes to run any allowed commands.
Ethernet Switch CLI Reference Guide
19
Chapter 3 Privilege Level and Command Mode
3.3.2 Command Modes for Privilege Levels 13 – 14
If the session’s privilege level is 13 – 14, the allowed commands are in one of several modes.
Table 12 Command Modes for Privilege Levels 13-14 and the Types of Commands in Each One
MODE PROMPT COMMAND FUNCTIONS IN THIS MODE
enable
config
config-interface
config-mvr
config-route-
domain
config-dvmrp
config-igmp
config-ma
config-ospf
config-rip
config-vrrp
sysname#
sysname(config)#
sysname(config-interface)#
sysname(config-mvr)#
sysname(config-if)#
sysname(config-dvmrp)#
sysname(config-igmp)#
sysname(config-ma)#
sysname(config-ospf)#
sysname(config-rip)#
sysname(config-vrrp)#
Display current configuration, diagnostics,
maintenance.
Configure features other than those below.
Configure ports.
Configure multicast VLAN.
Enable and enter configuration mode for an IPv4 or
IPv6 routing domain.
Configure Distance Vector Multicast Routing Protocol
(DVRMP).
Configure Internet Group Management Protocol
(IGMP).
Configure an Maintenance Association (MA) in
Connectivity Fault Management (CFM).
Configure Open Shortest Path First (OSPF) protocol.
Configure Routing Information Protocol (RIP).
Configure Virtual Router Redundancy Protocol (VRRP).
Each command is usually in one and only one mode. If a user wants to run a particular comm an d, the
user has to change to the appropriate mode. The command modes are organized like a tree, and users
start in enable mode. The following table explains how to change from one mode to another.
Table 13 Changing Between Command Modes for Privilege Levels 13 – 14
MODE ENTER MODE LEAVE MODE
enable
config
config-interface
config-mvr
config-vlan
config-route-domain
config-dvmrp
config-igmp
config-ospf
config-rip
config-vrrp
–configure
interface port-channel <port-list>
mvr <1-4094>
vlan <1-4094>
interface route domain <ip-address>/<mask-bits>
router dvmrp
router igmp
router ospf <router-id>
router rip
router vrrp network <ip-address>/<mask-bits>
-exit
exit
exit
exit
exit
exit
exit
exit
exit
exit
vr-id <1–7> uplink-gateway <ip-address>
Ethernet Switch CLI Reference Guide
20
Chapter 3 Privilege Level and Command Mode
3.4 Listing Available Commands
Use the help command to view the executable commands on the Switch. You must have the highest
privilege level in order to view all the commands. Follow these steps to create a list of supported
commands:
1 Log into the CLI. This takes you to the enable mode.
2 Type help and press [ENTER]. A list comes up which shows all the commands available in enable mode.
The example shown next has been edited for brevity’s sake.
sysname# help
Commands available:
help
logout
exit
history
enable <0-14>
enable <cr>
.
.
traceroute <ip|host-name> [vlan <vlan-id>][..]
traceroute help
ssh <1|2> <[user@]dest-ip> <cr>
ssh <1|2> <[user@]dest-ip> [command </>]
sysname#
3 Copy and paste the results into a text editor of your choice. This creates a list of all the executable
commands in the user and enable modes.
4 Type configure and press [ENTER]. This takes you to the config mode.
5 Type help and press [ENTER]. A list is displayed which shows all the commands available in config mode
and all the sub-commands. The sub-commands are preceded by the command necessary to enter
that sub-command mode. For example, the command name <name-str> as shown next, is preceded
by the command used to enter the config-vlan sub-mode: vlan <1-4094>.
sysname# help
.
.
no arp inspection log-buffer logs
no arp inspection filter-aging-time
no arp inspection <cr>
vlan <1-4094>
vlan <1-4094> name <name-str>
vlan <1-4094> normal <port-list>
vlan <1-4094> fixed <port-list>
6 Copy and paste the results into a text editor of your choice. This creates a list of all the executable
commands in config and the other submodes, for example, the config-vlan mode.
Ethernet Switch CLI Reference Guide
21
Chapter 4 Initial Setup
CHAPTER 4
Initial Setup
4.1 Initial Setup Overview
This chapter identifies tasks you might want to do when you first configure the Switch.
4.2 Changing the Administrator Password
Note: It is recommended you change the default administrator password. You can encrypt
the password using the password encryption command. See Chapter 62 on page
246 for more information.
Use this command to change the administrator password.
admin-password <pw-string> <Confirm-string>
Up to 32 characters are allowed for the new password except [ ? ], [ | ], [ ' ], [ " ], [ space ], or [ , ].
sysname# configure
sysname(config)# admin-password t1g2y7i9 t1g2y7i9
4.3 Changing the Enable Password
Note: It is recommended you change the default enable password. You can encrypt the
password using the password encryption command. See Chapter 62 on page 246 for
more information.
Use this command to change the enable password.
password <password>
Up to 32 characters are allowed for the new password except [ ? ], [ | ], [ ' ], [ " ], [ space ], or [ , ].
sysname# configure
sysname(config)# password k8s8s3dl0
Ethernet Switch CLI Reference Guide
22
Chapter 4 Initial Setup
4.4 Prohibiting Concurrent Logins
By default, multiple CLI sessions are allowed through the console port or Telnet. See the User’s Guide for
the maximum number of concurrent sessions for your Switch. Use this command to prohibit concurrent
logins.
no multi-login
Console port has higher priority than Telnet. See Chapter 57 on page 221 for more
commands.
sysname# configure
sysname(config)# no multi-login
4.5 Changing the Management IP Address
The Switch has a different IP address in each VLAN. By default, the Switch has VLAN 1 with IP address
192.168.1.1 and subnet mask 255.255.255.0. Use this command in config-vlan mode to change the
management IP address in a specific VLAN.
ip address <ip> <mask>
This example shows you how to change the management IP address in VLAN 1 to 172.16.0.1 with subnet
mask 255.255.255.0.
sysname# configure
sysname(config)# vlan 1
sysname(config-vlan)# ip address default-management 172.16.0.1 255.255.255.0
multi-login
Note: Afterwards, you have to use the new IP address to access the Switch.
4.6 Changing the Out-of-band Management IP Address
If your Switch has a MGMT port (also referred to as the out-of-band management port), then the Switch
can also be managed through this interface. By default, the MGMT port IP address is 192.168.0.1 and the
subnet mask is 255.255.255.0. Use this command in config mode to change the out-of-band
management IP address.
ip address <ip> <mask>
This example shows you how to change the out-of-band management IP address to 10.10.10.1 with
subnet mask 255.255.255.0 and the default gateway 10.10.10.254.
sysname# configure
sysname(config)# ip address 10.10.10.1 255.255.255.0
sysname(config)# ip address default-gateway 10.10.10.254
Ethernet Switch CLI Reference Guide
23
Chapter 4 Initial Setup
4.7 Using Auto Configuration
Follow the steps below to set up configurations on the Switch, so you can load an auto configuration file
automatically from a TFTP server when you reboot the Switch.
Note: You need to set up configurations on a DHCP server and TFTP server first to use auto
configuration.
1 Use this command to enable auto configuration on the Switch.
auto-config
sysname# config
sysname(config)# auto-config
2 Use this command to enable the DHCP mode for auto configuration.
auto-config dhcp
sysname# config
sysname(config)# auto-config dhcp
3 Use this command to configure the Switch as a DHCP client.
ip address default-management dhcp-bootp
sysname# config
sysname(config)# vlan 1
sysname(config-vlan)# ip address default-management dhcp-bootp
4 Use this command to enable DHCP option 60.
ip address default-management dhcp-bootp option-60
When you enable DHCP option 60, make sure you set up a Vendor Class Identifier. The Vendor Class
Identifier specifies the Zyxel Switch that should receive the auto configuration file.
Skip this step if you are not enabling DHCP option 60.
sysname# config
sysname(config)# vlan 1
sysname(config-vlan)# ip address default-management dhcp-bootp option-60
5 Use this command to define a Vendor Class Identifier for DHCP option 60.
ip address default-management dhcp-bootp option-60 class-id <class-id>
In this example, we use “ZyxelCorp”.
Skip this step if you don’t need to define a Vendor Class Identifier.
sysname# config
sysname(config)# vlan 1
sysname(config-vlan)# ip address default-management dhcp-bootp option-60
class-id ZyxelCorp
Ethernet Switch CLI Reference Guide
24
Chapter 4 Initial Setup
6 Use this command to check the settings for auto configuration.
show running-config
XGS2220# show running-config
Building configuration...
Current configuration:
vlan 1
name 1
normal ""
fixed 1-50
forbidden ""
untagged 1-50
ip address default-management dhcp-bootp
ip address default-management dhcp-bootp option-60 class-id ZyxelCorp
exit
pwr mode consumption
auto-config
7 You need to save the current configuration in a configuration file, so the Switch will load the auto
configuration files from the TFTP server automatically when rebooting.
Use this command to save the current configuration in a configuration file.
write memory [<index>]
For [<index>], you can enter a value to save the current configuration to a specified configuration file.
1 is for Config 1, and 2 is for Config 2.
In this example, we save the current configuration to Config 1.
sysname# write memory 1
........................................................................
............................
8 Use this command to reboot the Switch.
reload config [1|2]
For [1|2], 1 is for Config 1, and 2 is for Config 2.
In this example, we load Config 1 to reboot the Switch.
Ethernet Switch CLI Reference Guide
25
Chapter 4 Initial Setup
sysname# reload config 1
Do you really want to reboot system with configuration file 1? [y/N]y
Bootbase Version: V1.00 | 06/13/2022
DRAM calibration...PASSED
RAM: Size = 131072 Kbytes
ZyNOS version : V4.80(ACCE.0) | 08/03/2022
Press any key to enter debug mode within 1 second.
....................
(Compressed)
Version: XGS2220, start: b4962430
Length: 16F0668, Checksum: 03AA
Compressed Length: 2EE424, Checksum: 87A5
Copyright (c) 1994 - 2017 Zyxel Communications Corp.
initialize mgmt, initialize switch, ethernet address: 00:19:cb:00:00:01
Initializing MSTP.............
Initializing VLAN Database...
Initializing IP Interface...
Initializing Advanced Applications...
Initializing Command Line Interface...
Initializing Web Interface...
Restore System Configuration...
Start Auto Configuration...
..............
Try to download and restore configuration file from TFTP://10.90.90.11/
TestConf2
Downloading....
Get the file TestConf2, length 289 bytes.
Restoring......
Auto-config processes successfully.
Press ENTER to continue...
9 Use this command to check whether the auto configuration file was loaded successfully.
Show auto-config
Mode: DHCP
State: Success
Filename: TFTP://10.90.90.11/TestConf2
4.8 Using Custom Default
Follow the steps below to set up configurations on the Switch, so you can load a customized default file
when you reboot the Switch.
1 Use this command to enable custom default on the Switch.
custom-default
sysname# config
sysname(config)# custom-default
Ethernet Switch CLI Reference Guide
26
Chapter 4 Initial Setup
2 Use this command to save the current configuration settings permanently to a customized default file on
the Switch.
copy running-config custom-default
sysname# copy running-config custom-default
........................................................................
............................
3 Use this command to reboot the system and load a saved customized default file on the Switch.
reload custom-default
sysname# reload custom-default
Do you really want to restore system to custom default settings and
reboot?[y/N]y
.......
Bootbase Version: V1.00 | 06/13/2022
DRAM calibration...PASSED
RAM: Size = 131072 Kbytes
ZyNOS Version: V4.80(ACCE.0) | 08/03/2022
Press any key to enter debug mode within 1 second.
....................
(Compressed)
Version: XGS2220, start: b4962430
Length: 16F0668, Checksum: 03AA
Compressed Length: 2EE424, Checksum: 87A5
Copyright (c) 1994 - 2017 Zyxel Communications Corp.
initialize mgmt, initialize switch, ethernet address: 00:19:cb:00:00:01
Initializing MSTP.............
Initializing VLAN Database...
Initializing IP Interface...
Initializing Advanced Applications...
Initializing Command Line Interface...
Initializing Web Interface...
Restore System Configuration...
Press ENTER to continue...
4.9 Looking at Basic System Information
Use this command to look at general system information about the Switch.
show system-information
Ethernet Switch CLI Reference Guide
27
Chapter 4 Initial Setup
This is illustrated in the following example.
sysname# show system-information
Product Model : XGS2220-54FP
System Name : XGS2220
System Mode : Standalone
System Contact :
System Location :
System up Time : 1011:30:18 (d90bb588 ticks)
Ethernet Address : b8:ec:a3:ff:f2:a2
Bootbase Version : V1.00 | 06/13/2022
ZyNOS F/W Version : V4.80(ACCE.0) | 08/03/2022
Hardware Version : V1.0
Config Boot Image : 1
Current Boot Image : 1
Current Configuration : 1
RomRasSize : 6440206
Serial Number : S222L18090003
Register MAC Address : b8:ec:a3:ff:f2:a2
sysname#
See Table 278 on page 396 for more information about these attributes.
4.10 Looking at the Operating Configuration
Use this command to look at the current operating configuration.
show running-config
This is illustrated in the following example.
sysname# show running-config
Building configuration...
Current configuration:
vlan 1
name 1
normal ""
fixed 1-52
forbidden ""
untagged 1-52
ip address 192.168.1.1 255.255.255.0
exit
interface route-domain 192.168.1.1/24
exit
pwr mode consumption
Ethernet Switch CLI Reference Guide
28
PART II
Reference A-G
AAA Commands (31)
ARP Commands (37)
ARP Inspection Commands (39)
ARP Learning Commands (44)
Auto Configuration Commands (45)
Bandwidth Control Commands (47)
Broadcast Storm Commands (51)
Certificates Commands (54)
Classifier Commands (57)
Cluster Commands (62)
CLV Commands (65)
Custom Default Commands (71)
Date and Time Commands (72)
DHCP Commands (75)
DHCP Snooping and DHCP VLAN Commands (81)
DiffServ Commands (85)
Display Commands (86)
29
DVMRP Commands (87)
Error Disable and Recovery Commands (89)
Ethernet OAM Commands (93)
External Alarm Commands (98)
GARP Commands (103)
Green Ethernet Commands (105)
GVRP Commands (109)
30
Loading...