Ethernet Switch
CLI Reference Guide
Version 3.90
7/2009
Edition 6
DEFAULT LOGIN
In-band IP Address http://192.168.1.1
Out-of-band IP Address http://192.168.0.1
User Name admin
Password 1234
www.zyxel.com
About This CLI Reference Guide
About This CLI Reference Guide
Intended Audience
This manual is intended for people who want to configure ZyXEL Switches via Command
Line Interface (CLI).
The version number on the cover page refers to the latest firmware version supported by the
ZyXEL Switches. This guide applies to version 3.79, 3.80 and 3.90 at the time of writing.
" This guide is intended as a command reference for a series of products.
Therefore many commands in this guide may not be available in your product.
See your User’s Guide for a list of supported features and details about feature
implementation.
Please refer to www.zyxel.com or your product’s CD for product specific User Guides and
product certifications.
How To Use This Guide
•Read the How to Access the CLI chapter for an overview of various ways you can get to
the command interface on your Switch.
• Use the Reference section in this guide for command syntax, description and examples.
Each chapter describes commands related to a feature.
• To find specific information in this guide, use the Contents Overview, the Index of
Commands, or search the PDF file. E-mail techwriters@zyxel.com.tw if you cannot find
the information you require.
CLI Reference Guide Feedback
Help us help you. Send all Reference Guide-related comments, questions or suggestions for
improvement to the following address, or use e-mail instead. Thank you!
The Technical Writing Team,
ZyXEL Communications Corp.,
6 Innovation Road II,
Science-Based Industrial Park,
Hsinchu, 300, Taiwan.
E-mail: techwriters@zyxel.com.tw
Ethernet Switch CLI Reference Guide
3
About This CLI Reference Guide
Customer Support
In the event of problems that cannot be solved by using this manual, you should contact your
vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in
which you bought the device. See http://www.zyxel.com/web/contact_us.php for contact
information. Please have the following information ready when you contact an office.
• Product model and serial number.
• Warranty Information.
• Date that you received your device.
• Brief description of the problem and the steps you took to solve it.
4
Ethernet Switch CLI Reference Guide
Document Conventions
Document Conventions
Warnings and Notes
These are how warnings and notes are shown in this CLI Reference Guide.
1 Warnings tell you about things that could harm you or your device. See your
User’s Guide for product specific warnings.
" Notes tell you other important information (for example, other things you may
need to configure or helpful tips) or recommendations.
Syntax Conventions
This manual follows these general conventions:
• ZyXEL’s switches (such as the ES-2024A, ES-2108, GS-3012, and so on) may be referred
to as the “Switch”, the “device”, the “system” or the “product” in this Reference Guide.
• Units of measurement may denote the “metric” value or the “scientific” value. For
example, “k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000”
or “1048576” and so on.
Command descriptions follow these conventions:
• Commands are in
• Required input values are in angle brackets <>; for example,
must specify an IP address for this command.
• Optional fields are in square brackets []; for instance show logins [name], the name
field is optional.
The following is an example of a required field within an optional field: snmp-server
[contact <system contact>], the contact field is optional. However, if you
use contact, then you must provide the system contact information.
• Lists (such as <port-list>) consist of one or more elements separated by commas.
Each element might be a single value (1, 2, 3, ...) or a range of values (1-2, 3-5, ...)
separated by a dash.
•The | (bar) symbol means “or”.
• italic terms represent user-defined input values; for example, in snmp-server
[contact <system contact>], system contact can be replaced by the
administrator’s name.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER]
means the “Enter” or “Return” key on your keyboard.
courier new font.
ping <ip> means that you
Ethernet Switch CLI Reference Guide
5
Document Conventions
• <cr> means press the [ENTER] key.
• An arrow (-->) indicates that this line is a continuation of the previous line.
Command summary tables are organized as follows:
Table 1 Example: Command Summary Table
COMMAND DESCRIPTION M P
show vlan Displays the status of all VLANs. E 3
vlan <1-4094> Enters config-vlan mode for the specified VLAN. Creates the
VLAN, if necessary.
inactive Disables the specified VLAN. C 13
no inactive Enables the specified VLAN. C 13
no vlan <1-4094> Deletes a VLAN. C 13
C13
The Table title identifies commands or the specific feature that the commands configure.
The COMMAND column shows the syntax of the command.
• If a command is not indented, you run it in the enable or config mode. See Chapter 2 on
page 19 for more information on command modes.
• If a command is indented, you run it in a sub-command mode.
The DESCRIPTION column explains what the command does. It also identifies legal input
values, if necessary.
The M column identifies the mode in which you run the command.
• E: The command is available in enable mode. It is also available in user mode if the
privilege level (P) is less than 13.
• C: The command is available in config (not indented) or one of the sub-command modes
(indented).
The P column identifies the privilege level of the command. If you don’t have a high enough
privilege level you may not be able to view or execute some of the commands. See Chapter 2
on page 19 for more information on privilege levels.
6
Ethernet Switch CLI Reference Guide
Document Conventions
Icons Used in Figures
Figures in this guide may use the following generic icons. The Switch icon is not an exact
representation of your device.
Switch Computer Notebook computer
Server DSLAM Firewall
Telephone Switch Router
Ethernet Switch CLI Reference Guide
7
Document Conventions
8
Ethernet Switch CLI Reference Guide
Contents Overview
Contents Overview
Introduction ............................................................................................................................13
How to Access and Use the CLI ................................................................................................ 15
Privilege Level and Command Mode ......................................................................................... 19
Initial Setup ................................................................................................................................ 25
Reference A-G ........................................................................................................................29
AAA Commands ........................................................................................................................ 31
ARP Commands ........................................................................................................................ 33
ARP Inspection Commands ...................................................................................................... 35
Bandwidth Commands .............................................................................................................. 41
Broadcast Storm Commands .................................................................................................... 45
CFM Commands ....................................................................................................................... 49
Classifier Commands ................................................................................................................ 59
Cluster Commands .................................................................................................................... 63
Date and Time Commands ........................................................................................................ 67
DHCP Commands ..................................................................................................................... 71
DHCP Snooping & DHCP VLAN Commands ............................................................................ 75
DiffServ Commands .................................................................................................................. 79
DVMRP Commands .................................................................................................................. 81
Ethernet OAM Commands ........................................................................................................ 83
GARP Commands ..................................................................................................................... 89
GVRP Commands ..................................................................................................................... 91
Reference H-M ........................................................................................................................93
HTTPS Server Commands ........................................................................................................ 95
IEEE 802.1x Authentication Commands ................................................................................... 99
IGMP and Multicasting Commands ......................................................................................... 101
IGMP Snooping Commands .................................................................................................... 105
IGMP Filtering Commands ...................................................................................................... 111
Interface Commands ............................................................................................................... 113
Interface Route-domain Mode ................................................................................................. 117
IP Commands .......................................................................................................................... 119
IP Source Binding Commands ................................................................................................ 123
Layer 2 Protocol Tunnel (L2PT) Commands ........................................................................... 125
Link Layer Discovery Protocol (LLDP) Commands ................................................................. 129
Logging Commands ................................................................................................................ 133
Login Account Commands ...................................................................................................... 135
Ethernet Switch CLI Reference Guide
9
Contents Overview
Loopguard Commands ............................................................................................................ 137
MAC Address Commands ....................................................................................................... 139
MAC Authentication Commands ............................................................................................. 141
MAC Filter Commands ............................................................................................................143
MAC Forward Commands ....................................................................................................... 145
Mirror Commands .................................................................................................................... 147
MRSTP Commands .................................................................................................................151
MSTP Commands ................................................................................................................... 153
Multiple Login Commands ....................................................................................................... 157
MVR Commands ..................................................................................................................... 159
Reference N-S ...................................................................................................................... 161
OSPF Commands ................................................................................................................... 163
Password Commands ............................................................................................................. 169
PoE Commands ...................................................................................................................... 171
Policy Commands .................................................................................................................... 175
Port Security Commands .........................................................................................................179
Port-based VLAN Commands ................................................................................................. 181
Protocol-based VLAN Commands ........................................................................................... 183
Queuing Commands ................................................................................................................ 185
RADIUS Commands ................................................................................................................189
Remote Management Commands ........................................................................................... 191
RIP Commands ....................................................................................................................... 193
Running Configuration Commands ......................................................................................... 195
SNMP Server Commands ....................................................................................................... 197
STP and RSTP Commands ..................................................................................................... 201
SSH Commands ...................................................................................................................... 205
Static Multicast Commands ..................................................................................................... 207
Static Route Commands ..........................................................................................................209
Subnet-based VLAN Commands ............................................................................................ 213
Syslog Commands .................................................................................................................. 215
Reference T-Z .......................................................................................................................217
TACACS+ Commands ............................................................................................................. 219
TFTP Commands .................................................................................................................... 221
Trunk Commands .................................................................................................................... 223
trTCM Commands ................................................................................................................... 227
VLAN Commands .................................................................................................................... 229
VLAN IP Commands ...............................................................................................................235
VLAN Mapping Commands ..................................................................................................... 237
VLAN Port Isolation Commands .............................................................................................. 239
VLAN Stacking Commands ..................................................................................................... 241
VLAN Trunking Commands ..................................................................................................... 245
10
Ethernet Switch CLI Reference Guide
Contents Overview
VRRP Commands ................................................................................................................... 247
Additional Commands ............................................................................................................. 251
Appendices and Index of Commands ................................................................................ 261
Ethernet Switch CLI Reference Guide
11
Contents Overview
12
Ethernet Switch CLI Reference Guide
PART I
Introduction
How to Access and Use the CLI (15)
Privilege Level and Command Mode (19)
Initial Setup (25)
13
14
CHAPTER 1
How to Access and Use the CLI
This chapter introduces the command line interface (CLI).
1.1 Accessing the CLI
Use any of the following methods to access the CLI.
1.1.1 Console Port
1 Connect your computer to the console port on the Switch using the appropriate cable.
2 Use terminal emulation software with the following settings:
Table 2 Default Settings for the Console Port
SETTING DEFAULT VALUE
Terminal Emulation VT100
Baud Rate 9600 bps
Parity None
Number of Data Bits 8
Number of Stop Bits 1
Flow Control None
3 Press [ENTER] to open the login screen.
1.1.2 Telnet
1 Connect your computer to one of the Ethernet ports.
2 Open a Telnet session to the Switch’s IP address. If this is your first login, use the default
values.
Table 3 Default Management IP Address
SETTING DEFAULT VALUE
IP Address 192.168.1.1
Subnet Mask 255.255.255.0
Make sure your computer IP address is in the same subnet, unless you are accessing the
Switch through one or more routers.
Ethernet Switch CLI Reference Guide
15
Chapter 1 How to Access and Use the CLI
1.1.3 SSH
1 Connect your computer to one of the Ethernet ports.
2 Use a SSH client program to access the Switch. If this is your first login, use the default
values in Table 3 on page 15 and Table 4 on page 16. Make sure your computer IP
address is in the same subnet, unless you are accessing the Switch through one or more
routers.
1.2 Logging in
Use the administrator username and password. If this is your first login, use the default values.
Table 4 Default User Name and Password
SETTING DEFAULT VALUE
User Name admin
Password 1234
" The Switch automatically logs you out of the management interface after five
minutes of inactivity. If this happens to you, simply log back in again.
1.3 Using Shortcuts and Getting Help
This table identifies some shortcuts in the CLI, as well as how to get help.
Table 5 CLI Shortcuts and Help
COMMAND / KEY(S) DESCRIPTION
history Displays a list of recently-used commands.
yz (up/down arrow keys) Scrolls through the list of recently-used commands. You can edit
[CTRL]+U Clears the current command.
[TAB] Auto-completes the keyword you are typing if possible. For
? Displays the keywords and/or input values that are allowed in
help Displays the (full) commands that are allowed in place of help.
any command or press [ENTER] to run it again.
example, type config, and press [TAB]. The Switch finishes the
word configure.
place of the ?.
16
Ethernet Switch CLI Reference Guide
Chapter 1 How to Access and Use the CLI
1.4 Saving Your Configuration
When you run a command, the Switch saves any changes to its run-time memory. The Switch
loses these changes if it is turned off or loses power. Use the
enable mode to save the current configuration permanently to non-volatile memory.
sysname# write memory
write memory command in
" You should save your changes after each CLI session. All unsaved
configuration changes are lost once you restart the Switch.
1.5 Logging Out
Enter logout to log out of the CLI. You have to be in user, enable, or config mode. See
Chapter 2 on page 19 for more information about modes.
Ethernet Switch CLI Reference Guide
17
Chapter 1 How to Access and Use the CLI
18
Ethernet Switch CLI Reference Guide
CHAPTER 2
Privilege Level and Command
Mode
This chapter introduces the CLI privilege levels and command modes.
• The privilege level determines whether or not a user can run a particular command.
• If a user can run a particular command, the user has to run it in the correct mode.
2.1 Privilege Levels
Every command has a privilege level (0-14). Users can run a command if the session’s
privilege level is greater than or equal to the command’s privilege level. The session’s
privilege level initially comes from the login account’s privilege level, though it is possible to
change the session’s privilege level after logging in.
2.1.1 Privilege Levels for Commands
The privilege level of each command is listed in the Reference A-G chapters on page 29.
At the time of writing, commands have a privilege level of 0, 3, 13, or 14. The following table
summarizes the types of commands at each of these privilege levels.
Table 6 Types of Commands at Different Privilege Levels
PRIVILEGE LEVEL TYPES OF COMMANDS AT THIS PRIVILEGE LEVEL
0 Display basic system information.
3 Display configuration or status.
13 Configure features except for login accounts, the authentication method
sequence and authorization settings, multiple logins, and administrator and
enable passwords.
14 Configure login accounts, the authentication method sequence and
authorization settings, multiple logins, and administrator and enable passwords.
2.1.2 Privilege Levels for Login Accounts
You can manage the privilege levels for login accounts in the following ways:
• Using commands. Login accounts can be configured by the admin account or any login
account with a privilege level of 14. See Chapter 32 on page 135.
• Using vendor-specific attributes in an external authentication server. See the User’s Guide
for more information.
Ethernet Switch CLI Reference Guide
19
Chapter 2 Privilege Level and Command Mode
The admin account has a privilege level of 14, so the administrator can run every command.
You cannot change the privilege level of the admin account.
2.1.3 Privilege Levels for Sessions
The session’s privilege level initially comes from the privilege level of the login account the
user used to log in to the Switch. After logging in, the user can use the following commands to
change the session’s privilege level.
2.1.3.1 enable Command
This command raises the session’s privilege level to 14. It also changes the session to enable
mode (if not already in enable mode). This command is available in user mode or enable
mode, and users have to know the enable password.
In the following example, the login account user0 has a privilege level of 0 but knows that the
enable password is 123456. Afterwards, the session’s privilege level is 14, instead of 0, and
the session changes to enable mode.
sysname> enable
Password: 123456
sysname#
The default enable password is 1234. Use this command to set the enable password.
password <password>
<password> consists of 1-32 alphanumeric characters. For example, the following
command sets the enable password to 123456. See Chapter 73 on page 251 for more
information about this command.
sysname(config)# password 123456
2.1.3.2 enable <0-14> Command
This command raises the session’s privilege level to the specified level. It also changes the
session to enable mode, if the specified level is 13 or 14. This command is available in user
mode or enable mode, and users have to know the password for the specified privilege level.
In the following example, the login account user0 has a privilege level of 0 but knows that the
password for privilege level 13 is pswd13. Afterwards, the session’s privilege level is 13,
instead of 0, and the session changes to enable mode.
sysname> enable 13
Password: pswd13
sysname#
20
Users cannot use this command until you create passwords for specific privilege levels. Use
the following command to create passwords for specific privilege levels.
password <password> privilege <0-14>
Ethernet Switch CLI Reference Guide
<password> consists of 1-32 alphanumeric characters. For example, the following
command sets the password for privilege level 13 to pswd13. See Chapter 73 on page 251 for
more information about this command.
sysname(config)# password pswd13 privilege 13
2.1.3.3 disable Command
This command reduces the session’s privilege level to 0. It also changes the session to user
mode. This command is available in enable mode.
2.1.3.4 show privilege command
This command displays the session’s current privilege level. This command is available in
user mode or enable mode.
sysname# show privilege
Current privilege level : 14
Chapter 2 Privilege Level and Command Mode
2.2 Command Modes
The CLI is divided into several modes. If a user has enough privilege to run a particular
command, the user has to run the command in the correct mode. The modes that are available
depend on the session’s privilege level.
2.2.1 Command Modes for Privilege Levels 0-12
If the session’s privilege level is 0-12, the user and all of the allowed commands are in user
mode. Users do not have to change modes to run any allowed commands.
2.2.2 Command Modes for Privilege Levels 13-14
If the session’s privilege level is 13-14, the allowed commands are in one of several modes.
Table 7 Command Modes for Privilege Levels 13-14 and the Types of Commands in Each One
MODE PROMPT COMMAND FUNCTIONS IN THIS MODE
enable sysname# Display current configuration, diagnostics, maintenance.
config sysname(config)# Configure features other than those below.
config-interface sysname(config-interface)# Configure ports.
config-mvr sysname(config-mvr)# Configure multicast VLAN.
config-routedomain
config-dvmrp sysname(config-dvmrp)# Configure Distance Vector Multicast Routing Protocol
config-igmp sysname(config-igmp)# Configure Internet Group Management Protocol (IGMP).
config-ospf sysname(config-ospf)# Configure Open Shortest Path First (OSPF) protocol.
sysname(config-if)# Enable and enter configuration mode for an IP routing
domain.
(DVRMP).
Ethernet Switch CLI Reference Guide
21
Chapter 2 Privilege Level and Command Mode
Table 7 Command Modes for Privilege Levels 13-14 and the Types of Commands in Each One
MODE PROMPT COMMAND FUNCTIONS IN THIS MODE
config-rip sysname(config-rip)# Configure Routing Information Protocol (RIP).
config-vrrp sysname(config-vrrp)# Configure Virtual Router Redundancy Protocol (VRRP).
Each command is usually in one and only one mode. If a user wants to run a particular
command, the user has to change to the appropriate mode. The command modes are organized
like a tree, and users start in enable mode. The following table explains how to change from
one mode to another.
Table 8 Changing Between Command Modes for Privilege Levels 13-14
MODE ENTER MODE LEAVE MODE
enable -- --
config configure exit
config-interface interface port-channel <port-list> exit
config-mvr mvr <1-4094> exit
config-vlan vlan <1-4094> exit
config-route-domain interface route domain <ip-address>/<mask-bits> exit
config-dvmrp router dvmrp exit
config-igmp router igmp exit
config-ospf router ospf <router-id> exit
config-rip router rip exit
config-vrrp router vrrp network <ip-address>/<mask-bits>
vr-id <1~7> uplink-gateway <ip-address>
exit
2.3 Listing Available Commands
Use the help command to view the executable commands on the Switch. You must have the
highest privilege level in order to view all the commands. Follow these steps to create a list of
supported commands:
1 Log into the CLI. This takes you to the enable mode.
22
Ethernet Switch CLI Reference Guide
Chapter 2 Privilege Level and Command Mode
2 Type help and press [ENTER]. A list comes up which shows all the commands
available in enable mode. The example shown next has been edited for brevity’s sake.
sysname# help
Commands available:
help
logout
exit
history
enable <0-14>
enable <cr>
.
.
traceroute <ip|host-name> [vlan <vlan-id>][..]
traceroute help
ssh <1|2> <[user@]dest-ip> <cr>
ssh <1|2> <[user@]dest-ip> [command </>]
sysname#
3 Copy and paste the results into a text editor of your choice. This creates a list of all the
executable commands in the user and enable modes.
4 Type configure and press [ENTER]. This takes you to the config mode.
5 Type help and press [ENTER]. A list is displayed which shows all the commands
available in config mode and all the sub-commands. The sub-commands are preceded by
the command necessary to enter that sub-command mode. For example, the command
name <name-str> as shown next, is preceded by the command used to enter the
config-vlan sub-mode:
vlan <1-4094>.
sysname# help
.
.
no arp inspection log-buffer logs
no arp inspection filter-aging-time
no arp inspection <cr>
vlan <1-4094>
vlan <1-4094> name <name-str>
vlan <1-4094> normal <port-list>
vlan <1-4094> fixed <port-list>
6 Copy and paste the results into a text editor of your choice. This creates a list of all the
executable commands in config and the other submodes, for example, the config-vlan
mode.
Ethernet Switch CLI Reference Guide
23
Chapter 2 Privilege Level and Command Mode
24
Ethernet Switch CLI Reference Guide
CHAPTER 3
Initial Setup
This chapter identifies tasks you might want to do when you first configure the Switch.
3.1 Changing the Administrator Password
" It is recommended you change the default administrator password.
Use this command to change the administrator password.
admin-password <pw-string> <Confirm-string>
where <pw-string> may be 1-32 alphanumeric characters long.
sysname# configure
sysname(config)# admin-password t1g2y7i9 t1g2y7i9
3.2 Changing the Enable Password
" It is recommended you change the default enable password.
Use this command to change the enable password.
password <password>
where <password> may be 1-32 alphanumeric characters long.
sysname# configure
sysname(config)# password k8s8s3dl0
Ethernet Switch CLI Reference Guide
25
Chapter 3 Initial Setup
3.3 Prohibiting Concurrent Logins
By default, multiple CLI sessions are allowed via the console port or Telnet. See the User’s
Guide for the maximum number of concurrent sessions for your Switch. Use this command to
prohibit concurrent logins.
no multi-login
Console port has higher priority than Telnet. See Chapter 41 on page 157 for more multi-
login
commands.
sysname# configure
sysname(config)# no multi-login
3.4 Changing the Management IP Address
The Switch has a different IP address in each VLAN. By default, the Switch has VLAN 1 with
IP address 192.168.1.1 and subnet mask 255.255.255.0. Use this command in config-vlan
mode to change the management IP address in a specific VLAN.
ip address <ip> <mask>
This example shows you how to change the management IP address in VLAN 1 to 172.16.0.1
with subnet mask 255.255.255.0.
sysname# configure
sysname(config)# vlan 1
sysname(config-vlan)# ip address 172.16.0.1 255.255.255.0
" Afterwards, you have to use the new IP address to access the Switch.
3.5 Changing the Out-of-band Management IP Address
If your Switch has a MGMT port (also referred to as the out-of-band management port), then
the Switch can also be managed via this interface. By default, the MGMT port IP address is
192.168.0.1 and the subnet mask is 255.255.255.0. Use this command in config mode to
change the out-of-band management IP address.
ip address <ip> <mask>
This example shows you how to change the out-of-band management IP address to 10.10.10.1
with subnet mask 255.255.255.0 and the default gateway 10.10.10.254
26
sysname# configure
sysname(config)# ip address 10.10.10.1 255.255.255.0
sysname(config)# ip address default-gateway 10.10.10.254
Ethernet Switch CLI Reference Guide
3.6 Looking at Basic System Information
Use this command to look at general system information about the Switch.
show system-information
This is illustrated in the following example.
sysname# show system-information
System Name : sysname
System Contact :
System Location :
Ethernet Address : 00:13:49:ae:fb:7a
ZyNOS F/W Version : V3.80(AII.0)b0 | 04/18/2007
RomRasSize : 1746416
System up Time : 280:32:52 (605186d ticks)
Bootbase Version : V1.00 | 05/17/2006
ZyNOS CODE : RAS Apr 18 2007 19:59:49
Product Model : ES-2024PWR
Chapter 3 Initial Setup
See Chapter 73 on page 251 for more information about these attributes.
3.7 Looking at the Operating Configuration
Use this command to look at the current operating configuration.
show running-config
This is illustrated in the following example.
sysname# show running-config
Building configuration...
Current configuration:
vlan 1
name 1
normal ""
fixed 1-9
forbidden ""
untagged 1-9
ip address default-management 172.16.37.206 255.255.255.0
ip address default-gateway 172.16.37.254
exit
Ethernet Switch CLI Reference Guide
27
Chapter 3 Initial Setup
28
Ethernet Switch CLI Reference Guide
PART II
Reference A-G
AAA Commands (31)
ARP Commands (33)
ARP Inspection Commands (35)
Bandwidth Commands (41)
Broadcast Storm Commands (45)
Classifier Commands (59)
Cluster Commands (63)
Date and Time Commands (67)
DHCP Commands (71)
DHCP Snooping & DHCP VLAN Commands (75)
DiffServ Commands (79)
DVMRP Commands (81)
Ethernet OAM Commands (83)
GARP Commands (89)
GVRP Commands (91)
29
30
CHAPTER 4
AAA Commands
Use these commands to configure authentication, authorization and accounting on the Switch.
4.1 Command Summary
The following section lists the commands for this feature.
Table 9 aaa authentication Command Summary
COMMAND DESCRIPTION M P
show aaa authentication Displays what methods are used for authentication. E 3
show aaa authentication enable Displays the authentication method(s) for checking privilege
level of administrators.
aaa authentication enable
<method1> [<method2> ...]
no aaa authentication enable Resets the method list for checking privileges to its default
show aaa authentication login Displays the authentication methods for administrator login
aaa authentication login
<method1> [<method2> ...]
no aaa authentication login Resets the method list for the authentication of login accounts
Specifies which method should be used first, second, and
third for checking privileges.
method: enable, radius, or tacacs+.
value.
accounts.
Specifies which method should be used first, second, and
third for the authentication of login accounts.
method: local, radius, or tacacs+.
to its default value.
E3
C14
C14
E3
C14
C14
Table 10 Command Summary: aaa accounting
COMMAND DESCRIPTION M P
show aaa accounting Displays accounting settings configured on the Switch. E 3
show aaa accounting update Display the update period setting on the Switch for
accounting sessions.
aaa accounting update periodic
<1-2147483647>
no aaa accounting update Resets the accounting update interval to the default value. C 13
show aaa accounting commands Displays accounting settings for recording command events. E 3
aaa accounting commands
<privilege> stop-only tacacs+
[broadcast]
Ethernet Switch CLI Reference Guide
Sets the update period (in minutes) for accounting sessions.
This is the time the Switch waits to send an update to an
accounting server after a session starts.
Enables accounting of command sessions and specifies the
minimum privilege level (0-14) for the command sessions that
should be recorded. Optionally, sends accounting information
for command sessions to all configured accounting servers at
the same time.
E3
C13
C13
31
Chapter 4 AAA Commands
Table 10 Command Summary: aaa accounting (continued)
COMMAND DESCRIPTION M P
no aaa accounting commands Disables accounting of command sessions on the Switch. C 13
show aaa accounting dot1x Displays accounting settings for recording IEEE 802.1x
aaa accounting dot1x <startstop|stop-only>
<radius|tacacs+> [broadcast]
no aaa accounting dot1x Disables accounting of IEEE 802.1x authentication sessions
show aaa accounting exec Displays accounting settings for recording administrative
aaa accounting exec <startstop|stop-only>
<radius|tacacs+> [broadcast]
no aaa accounting exec Disables accounting of administrative sessions via SSH,
show aaa accounting system Displays accounting settings for recording system events, for
aaa accounting system
<radius|tacacs+> [broadcast]
no aaa accounting system Disables accounting of system events on the Switch. C 13
session events.
Enables accounting of IEEE 802.1x authentication sessions
and specifies the mode and protocol method. Optionally,
sends accounting information for IEEE 802.1x authentication
sessions to all configured accounting servers at the same
time.
on the Switch.
sessions via SSH, Telnet or the console port.
Enables accounting of administrative sessions via SSH,
Telnet and console port and specifies the mode and protocol
method. Optionally, sends accounting information for
administrative sessions via SSH, Telnet and console port to
all configured accounting servers at the same time.
Telnet or console on the Switch.
example system shut down, start up, accounting enabled or
accounting disabled.
Enables accounting of system events and specifies the
protocol method. Optionally, sends accounting information for
system events to all configured accounting servers at the
same time.
E3
C13
C13
E3
C13
C13
E3
C13
Table 11 aaa authorization Command Summary
COMMAND DESCRIPTION M P
show aaa authorization Displays authorization settings configured on the Switch. E 3
show aaa authorization dot1x Displays the authorization method used to allow an IEEE
802.1x client to have different bandwidth limit or VLAN ID
assigned via the external server.
show aaa authorization exec Displays the authorization method used to allow an
administrator which logs in the Switch through Telnet or SSH
to have different access privilege level assigned via the
external server.
aaa authorization dot1x radius Enables authorization for IEEE 802.1x clients using RADIUS. C 14
aaa authorization exec
<radius|tacacs+>
no aaa authorization dot1x Disables authorization of allowing an IEEE 802.1x client to
no aaa authorization exec Disables authorization of allowing an administrator which logs
Specifies which method (radius or tacacs+) should be
used for administrator authorization.
have different bandwidth limit or VLAN ID assigned via the
external server.
in the Switch through Telnet or SSH to have different access
privilege level assigned via the external server.
E3
E3
C14
C14
C14
32
Ethernet Switch CLI Reference Guide
CHAPTER 5
ARP Commands
Use these commands to look at IP-to-MAC address mapping(s).
5.1 Command Summary
The following section lists the commands for this feature.
Table 12 arp Command Summary
COMMAND DESCRIPTION M P
show ip arp Displays the ARP table. E 3
no arp Flushes the ARP table entries. E 13
5.2 Command Examples
This example shows the ARP table.
sysname# show ip arp
Index IP MAC VLAN Age(s) Type
1 172.16.37.254 00:04:80:9b:78:00 1 300 dynamic
The following table describes the labels in this screen.
Table 13 show ip arp
LABEL DESCRIPTION
Index This field displays the index number.
IP This field displays the learned IP address of the device.
MAC This field displays the MAC address of the device.
VLAN This field displays the VLAN to which the device belongs.
Age(s) This field displays how long the entry remains valid.
Type This field displays how the entry was learned.
dynamic: The Switch learned this entry from ARP packets.
Ethernet Switch CLI Reference Guide
33
Chapter 5 ARP Commands
34
Ethernet Switch CLI Reference Guide
CHAPTER 6
ARP Inspection Commands
Use these commands to filter unauthorized ARP packets in your network.
6.1 Command Summary
The following section lists the commands for this feature.
Table 14 arp inspection Command Summary
COMMAND DESCRIPTION M P
show arp inspection Displays ARP inspection configuration details. E 3
arp inspection Enables ARP inspection on the Switch. You still have to
enable ARP inspection on specific VLAN and specify trusted
ports.
no arp inspection Disables ARP inspection on the Switch. C 13
C13
Table 15 Command Summary: arp inspection filter
COMMAND DESCRIPTION M P
show arp inspection filter
[<mac-addr>] [vlan <vlan-id>]
no arp inspection filter <mac-
addr> vlan <vlan-id>
clear arp inspection filter Delete all ARP inspection filters from the Switch. E 13
arp inspection filter-aging-time
<1-2147483647>
arp inspection filter-aging-time
none
no arp inspection filter-agingtime
Table 16 Command Summary: arp inspection log
COMMAND DESCRIPTION M P
show arp inspection log Displays the log settings configured on the Switch. It also
clear arp inspection log Delete all ARP inspection log entries from the Switch. E 13
Displays the current list of MAC address filters that were
created because the Switch identified an unauthorized ARP
packet. Optionally, lists MAC address filters based on the
MAC address or VLAN ID in the filter.
Specifies the ARP inspection record you want to delete from
the Switch. The ARP inspection record is identified by the
MAC address and VLAN ID pair.
Specifies how long (1-2147483647 seconds) MAC address
filters remain in the Switch after the Switch identifies an
unauthorized ARP packet. The Switch automatically deletes
the MAC address filter afterwards.
Specifies the MAC address filter to be permanent. C 13
Resets how long (1-2147483647 seconds) the MAC address
filter remains in the Switch after the Switch identifies an
unauthorized ARP packet to the default value.
displays the log entries recorded on the Switch.
E3
E13
C13
C13
E3
Ethernet Switch CLI Reference Guide
35
Chapter 6 ARP Inspection Commands
Table 16 Command Summary: arp inspection log (continued)
COMMAND DESCRIPTION M P
arp inspection log-buffer
entries <0-1024>
arp inspection log-buffer logs
<0-1024> interval <0-86400>
no arp inspection log-buffer
entries
no arp inspection log-buffer
logs
Specifies the maximum number (1-1024) of log messages
that can be generated by ARP packets and not sent to the
syslog server.
If the number of log messages in the Switch exceeds this
number, the Switch stops recording log messages and simply
starts counting the number of entries that were dropped due
to unavailable buffer.
Specifies the number of syslog messages that can be sent to
the syslog server in one batch and how often (1-86400
seconds) the Switch sends a batch of syslog messages to the
syslog server.
Resets the maximum number (1-1024) of log messages that
can be generated by ARP packets and not sent to the syslog
server to the default value.
Resets the maximum number of syslog messages the Switch
can send to the syslog server in one batch to the default
value.
C13
C13
C13
C13
Table 17 Command Summary: interface arp inspection
COMMAND DESCRIPTION M P
show arp inspection interface
port-channel <port-list>
interface port-channel <port-
list>
arp inspection trust Sets the port to be a trusted port for arp inspection. The
no arp inspection trust Disables this port from being a trusted port for ARP
Displays the ARP inspection settings for the specified port(s). E 3
Enters config-interface mode for the specified port(s). C 13
C13
Switch does not discard ARP packets on trusted ports for any
reason.
C13
inspection.
Table 18 Command Summary: arp inspection vlan
COMMAND DESCRIPTION M P
show arp inspection vlan <vlanlist>
arp inspection vlan <vlan-list> Enables ARP inspection on the specified VLAN(s). C 13
no arp inspection vlan <vlan-
list>
arp inspection vlan <vlan-list>
logging [all|none|permit|deny]
no arp inspection vlan <vlan-
list> logging
36
Displays ARP inspection settings for the specified VLAN(s). E 3
Disables ARP inspection on the specified VLAN(s). C 13
Enables logging of ARP inspection events on the specified
VLAN(s). Optionally specifies which types of events to log.
Disables logging of messages generated by ARP inspection
for the specified VLAN(s).
Ethernet Switch CLI Reference Guide
C13
C13
6.2 Command Examples
This example looks at the current list of MAC address filters that were created because the
Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized
ARP packet, it automatically creates a MAC address filter to block traffic from the source
MAC address and source VLAN ID of the unauthorized ARP packet.
sysname# show arp inspection filter
Filtering aging timeout : 300
MacAddress VLAN Port Expiry (sec) Reason
----------------- ---- ----- ------------ ------------- Total number of bindings: 0
The following table describes the labels in this screen.
Table 19 show arp inspection filter
LABEL DESCRIPTION
Filtering aging timeout This field displays how long the MAC address filters remain in the Switch
after the Switch identifies an unauthorized ARP packet. The Switch
automatically deletes the MAC address filter afterwards.
MacAddress This field displays the source MAC address in the MAC address filter.
VLAN This field displays the source VLAN ID in the MAC address filter.
Port This field displays the source port of the discarded ARP packet.
Expiry (sec) This field displays how long (in seconds) the MAC address filter remains in
the Switch. You can also delete the record manually (Delete).
Reason This field displays the reason the ARP packet was discarded.
MAC+VLAN: The MAC address and VLAN ID were not in the binding table.
IP: The MAC address and VLAN ID were in the binding table, but the IP
address was not valid.
Port: The MAC address, VLAN ID, and IP address were in the binding
table, but the port number was not valid.
Chapter 6 ARP Inspection Commands
This example looks at log messages that were generated by ARP packets and that have not
been sent to the syslog server yet.
sysname# show arp inspection log
Total Log Buffer Size : 32
Syslog rate : 5 entries per 1 seconds
Port Vlan Sender MAC Sender IP Pkts Reason
Time
---- ---- ----------------- --------------- ---- ---------- ----
-------------------- Total number of logs: 0
Ethernet Switch CLI Reference Guide
37
Chapter 6 ARP Inspection Commands
The following table describes the labels in this screen.
Table 20 show arp inspection log
LABEL DESCRIPTION
Total Log Buffer Size This field displays the maximum number (1-1024) of log messages that
Syslog rate This field displays the maximum number of syslog messages the Switch
Port This field displays the source port of the ARP packet.
Vlan This field displays the source VLAN ID of the ARP packet.
Sender MAC This field displays the source MAC address of the ARP packet.
Sender IP This field displays the source IP address of the ARP packet.
Pkts This field displays the number of ARP packets that were consolidated into
Reason This field displays the reason the log message was generated.
Time This field displays when the log message was generated.
Total number of logs This field displays the number of log messages that were generated by
were generated by ARP packets and have not been sent to the syslog
server yet.
If the number of log messages in the Switch exceeds this number, the
Switch stops recording log messages and simply starts counting the
number of entries that were dropped due to unavailable buffer.
can send to the syslog server in one batch. This number is expressed as a
rate because the batch frequency is determined by the Log Interval.
this log message. The Switch consolidates identical log messages
generated by ARP packets in the log consolidation interval into one log
message.
static deny: An ARP packet was discarded because it violated a static
binding with the same MAC address and VLAN ID.
deny: An ARP packet was discarded because there were no bindings with
the same MAC address and VLAN ID.
static permit: An ARP packet was forwarded because it matched a static
binding.
ARP packets and that have not been sent to the syslog server yet. If one or
more log messages are dropped due to unavailable buffer, there is an entry
called overflow with the current number of dropped log messages.
38
This example displays whether ports are trusted or untrusted ports for ARP inspection.
sysname# show arp inspection interface port-channel 1
Interface Trusted State Rate (pps) Burst Interval
--------- ------------- ---------- ------------- 1 Untrusted 15 1
The following table describes the labels in this screen.
Table 21 show arp inspection interface port-channel
LABEL DESCRIPTION
Interface This field displays the port number. If you configure the * port, the settings
are applied to all of the ports.
Trusted State This field displays whether this port is a trusted port (Trusted) or an
untrusted port (Untrusted).
Trusted ports are connected to DHCP servers or other switches, and the
switch discards DHCP packets from trusted ports only if the rate at which
DHCP packets arrive is too high.
Ethernet Switch CLI Reference Guide
Chapter 6 ARP Inspection Commands
Table 21 show arp inspection interface port-channel (continued)
LABEL DESCRIPTION
Rate (pps) This field displays the maximum number for DHCP packets that the switch
receives from each port each second. The switch discards any additional
DHCP packets.
Burst Interval This field displays the length of time over which the rate of ARP packets is
monitored for each port. For example, if the Rate is 15 pps and the burst
interval is 1 second, then the switch accepts a maximum of 15 ARP packets
in every one-second interval. If the burst interval is 5 seconds, then the
switch accepts a maximum of 75 ARP packets in every five-second interval.
Ethernet Switch CLI Reference Guide
39
Chapter 6 ARP Inspection Commands
40
Ethernet Switch CLI Reference Guide
CHAPTER 7
Bandwidth Commands
Use these commands to configure the maximum allowable bandwidth for incoming or
outgoing traffic flows on a port.
" Bandwidth management implementation differs across Switch models.
• Some models use a single command (bandwidth-limit ingress) to control the
incoming rate of traffic on a port.
• Other models use two separate commands (bandwidth-limit cir and
bandwidth-limit pir) to control the Committed Information Rate (CIR) and the
Peak Information Rate (PIR) allowed on a port.
The CIR and PIR should be set for all ports that use the same uplink bandwidth. If the CIR
is reached, packets are sent at the rate up to the PIR. When network congestion occurs,
packets through the ingress port exceeding the CIR will be marked for drop.
" The CIR should be less than the PIR.
See Section 7.2 on page 42 and Section 7.3 on page 43 for examples.
See also Chapter 65 on page 227 for information on how to use trTCM (Two Rate Three Color
Marker) to control traffic flow.
7.1 Command Summary
The following table describes user-input values available in multiple commands for this
feature.
Table 22 User-input Values: running-config
COMMAND DESCRIPTION
port-list The port number or a range of port numbers that you want to configure.
rate The rate represents a bandwidth limit. Different models support different rate
limiting incremental steps. See your User’s Guide for more information.
Ethernet Switch CLI Reference Guide
41
Chapter 7 Bandwidth Commands
The following section lists the commands for this feature.
Table 23 Command Summary: bandwidth-control & bandwidth-limit
COMMAND DESCRIPTION M P
show interfaces config <portlist> bandwidth-control
bandwidth-control Enables bandwidth control on the Switch. C 13
no bandwidth-control Disables bandwidth control on the Switch. C 13
interface port-channel <port-
list>
bandwidth-limit ingress Enables bandwidth limits for incoming traffic on the port(s). C 13
bandwidth-limit ingress
<rate>
bandwidth-limit egress Enables bandwidth limits for outgoing traffic on the port(s). C 13
bandwidth-limit egress
<rate>
no bandwidth-limit ingress Disables ingress bandwidth limits on the specified port(s). C 13
no bandwidth-limit egress Disables egress bandwidth limits on the specified port(s). C 13
bandwidth-limit cir Enables commit rate limits on the specified port(s). C 13
bandwidth-limit cir <rate> Sets the guaranteed bandwidth allowed for the incoming
Displays the current settings for interface bandwidth control. E 3
Enters subcommand mode for configuring the specified ports. C 13
Sets the maximum bandwidth allowed for incoming traffic on
the port(s).
Sets the maximum bandwidth allowed for outgoing traffic on
the port(s).
traffic flow on a port. The commit rate should be less than the
peak rate. The sum of commit rates cannot be greater than or
equal to the uplink bandwidth.
C13
C13
C13
Note: The sum of CIRs cannot be greater than or
equal to the uplink bandwidth.
bandwidth-limit pir Enables peak rate limits on the specified port(s). C 13
bandwidth-limit pir <rate> Sets the maximum bandwidth allowed for the incoming traffic
flow on the specified port(s).
no bandwidth-limit cir Disables commit rate limits on the specified port(s). C 13
no bandwidth-limit pir Disables peak rate limits on the specified port(s). C 13
7.2 Command Examples: ingress
This example sets the outgoing traffic bandwidth limit to 5000 Kbps and the incoming traffic
bandwidth limit to 4000 Kbps for port 1.
sysname# configure
sysname(config)# bandwidth-control
sysname(config)# interface port-channel 1
sysname(config-interface)# bandwidth-limit egress 5000
sysname(config-interface)# bandwidth-limit ingress 4000
sysname(config-interface)# exit
sysname(config)# exit
C13
42
Ethernet Switch CLI Reference Guide
This example deactivates the outgoing bandwidth limit on port 1.
sysname# configure
sysname(config)# interface port-channel 1
sysname(config-interface)# no bandwidth-limit egress
sysname(config-interface)# exit
sysname(config)# exit
7.3 Command Examples: cir & pir
This example sets the guaranteed traffic bandwidth limit on port 1 to 4000 Kbps and the
maximum traffic bandwidth limit to 5000 Kbps for port 1.
sysname# configure
sysname(config)# bandwidth-control
sysname(config)# interface port-channel 1
sysname(config-interface)# bandwidth-limit cir
sysname(config-interface)# bandwidth-limit cir 4000
sysname(config-interface)# bandwidth-limit pir
sysname(config-interface)# bandwidth-limit pir 5000
sysname(config-interface)# exit
sysname(config)# exit
Chapter 7 Bandwidth Commands
This example displays the bandwidth limits configured on port 1.
sysname# show running-config interface port-channel 1 bandwidth-limit
Building configuration...
Current configuration:
interface port-channel 1
bandwidth-limit cir 4000
bandwidth-limit cir
bandwidth-limit pir 5000
bandwidth-limit pir
Ethernet Switch CLI Reference Guide
43
Chapter 7 Bandwidth Commands
44
Ethernet Switch CLI Reference Guide
CHAPTER 8
Broadcast Storm Commands
Use these commands to limit the number of broadcast, multicast and destination lookup failure
(DLF) packets the Switch receives per second on the ports.
" Broadcast storm control implementation differs across Switch models.
• Some models use a single command (bmstorm-limit) to control the combined rate of
broadcast, multicast and DLF packets accepted on Switch ports.
• Other models use three separate commands (broadcast-limit, multicast-
limit, dlf-limit) to control the number of individual types of packets accepted on
Switch ports.
See Section 8.2 on page 46 and Section 8.3 on page 46 for examples.
8.1 Command Summary
The following table describes user-input values available in multiple commands for this
feature.
Table 24 User-input Values: broadcast-limit, multicast-limit & dlf-limit
COMMAND DESCRIPTION
pkt/s Specifies the maximum number of packets per second accepted by a Switch
port.
The following section lists the commands for this feature.
Table 25 Command Summary: storm-control, bmstorm-limit, and bstorm-control
COMMAND DESCRIPTION M P
show interfaces config <portlist> bstorm-control
storm-control Enables broadcast storm control on the Switch. C 13
no storm-control Disables broadcast storm control on the Switch. C 13
interface port-channel <port-
list>
bmstorm-limit Enables broadcast storm control on the specified port(s). C 13
Displays the current settings for broadcast storm control. E 3
Enters subcommand mode for configuring the specified ports. C 13
Ethernet Switch CLI Reference Guide
45
Chapter 8 Broadcast Storm Commands
Table 25 Command Summary: storm-control, bmstorm-limit, and bstorm-control (continued)
COMMAND DESCRIPTION M P
bmstorm-limit <rate> Specifies the maximum rate at which the Switch receives
broadcast, multicast, and destination lookup failure (DLF)
packets on the specified port(s).
Different models support different rate limiting incremental
steps. See your User’s Guide for more information.
no bmstorm-limit Disables broadcast storm control on the specified port(s). C 13
broadcast-limit Enables the broadcast packet limit on the specified port(s). C 13
broadcast-limit <pkt/s> Specifies the maximum number of broadcast packets the
Switch accepts per second on the specified port(s).
no broadcast-limit Disables broadcast packet limit no the specified port(s). C 13
multicast-limit Enables the multicast packet limit on the specified port(s). C 13
multicast-limit <pkt/s> Specifies the maximum number of multicast packets the
Switch accepts per second on the specified port(s).
no multicast-limit Disables multicast packet limit on the specified port(s). C 13
dlf-limit Enables the DLF packet limit on the specified port(s). C 13
dlf-limit <pkt/s> Specifies the maximum number of DLF packets the Switch
accepts per second on the specified port(s).
no dlf-limit Disables DLF packet limits no the specified port(s). C 13
C13
C13
C13
C13
8.2 Command Example: bmstorm-limit
This example enables broadcast storm control on port 1 and limits the combined maximum
rate of broadcast, multicast and DLF packets to 128 Kbps.
sysname# configure
sysname(config)# storm-control
sysname(config)# interface port-channel 1
sysname(config-interface)# bmstorm-limit
sysname(config-interface)# bmstorm-limit 128
sysname(config-interface)# exit
sysname(config)# exit
8.3 Command Example: broadcast-limit, multicast-limit & dlflimit
This example enables broadcast storm control on the Switch, and configures port 1 to accept
up to:
• 128 broadcast packets per second,
• 256 multicast packets per second,
46
Ethernet Switch CLI Reference Guide
Chapter 8 Broadcast Storm Commands
• 64 DLF packets per second.
sysname# configure
sysname(config)# storm-control
sysname(config)# interface port-channel 1
sysname(config-interface)# broadcast-limit
sysname(config-interface)# broadcast-limit 128
sysname(config-interface)# multicast-limit
sysname(config-interface)# multicast-limit 256
sysname(config-interface)# dlf-limit
sysname(config-interface)# dlf-limit 64
sysname(config)# exit
sysname# show interfaces config 1 bstorm-control
Broadcast Storm Control Enabled: Yes
Port Broadcast|Enabled Multicast|Enabled DLF-Limit|Enabled
1 128 pkt/s|Yes 256 pkt/s|Yes 64 pkt/s|Yes
Ethernet Switch CLI Reference Guide
47
Chapter 8 Broadcast Storm Commands
48
Ethernet Switch CLI Reference Guide
CHAPTER 9
CFM Commands
Use these commands to configure the Connectivity Fault Management (CFM) on the Switch.
9.1 CFM Overview
The route between two users may go through aggregated switches, routers and/or DSLAMs
owned by independent organizations. A connectivity fault point generally takes time to
discover and impacts subscribers’ network access. IEEE 802.1ag is a Connectivity Fault
Management (CFM) specification which allows network administrators to identify and
manage connection faults in order to ease management and maintenance. Through discovery
and verification of the path, CFM can detect and analyze connectivity faults in bridged LANs.
The figure shown below is an example of a connection fault between switches in the service
provider’s network. CFM can be used to identify and management this kind of connection
problem.
Figure 1 Connectivity Fault Example
CPE
9.1.1 How CFM Works
CFM sends pro-active Connectivity Check (CC) packets between two CFM-aware devices in
the same MD (Maintenance Domain) network. An MA (Maintenance Association) defines a
VLAN and associated ports on the device under an MD level. In this MA, a port can be an
MEP (Maintenance End Point) port or an MIP (Maintenance Intermediate Point) port.
Service Provider Network
CPE
Ethernet Switch CLI Reference Guide
49
Chapter 9 CFM Commands
• MEP port - has the ability to send pro-active connectivity check (CC) packets and get
other MEP port information from neighbor switches’ CC packets within an MA.
• MIP port - only forwards the CC packets.
CFM provides two tests to discover connectivity faults.
• Loopback test - similar to using “ping” in Microsoft DOS mode to check connectivity
from your computer to a host. In a loopback test, a MEP port sends a LBM (Loop Back
Message) to a MIP port and checks for an LBR (Loop Back Response). If no response is
received, there might be a connectivity fault between them.
• Link trace test - similar to using “tracert” in the Microsoft DOS mode to check
connectivity from your computer to a host. A link trace test provides additional
connectivity fault analysis to get more information on where the fault is. In a link trace
test, a MEP port sends a LTM (Link Trace Message) to a MIP port and checks for an LTR
(Link Trace Response). If an MIP or MEP port does not respond to the source MEP, this
may indicate a fault. Administrators can take further action to check the fault and resume
services according to the line connectivity status report.
An example is shown next. A user cannot access the Internet. To check the problem, the
administrator starts the link trace test from A which is an MEP port to B which is also an MEP
port. Each aggregation MIP port between aggregated devices responds to the LTM packets
and also forwards them to the next port. A fault occurs at port C. A discovers the fault since it
only gets the LTR packets from the ports before port C.
Figure 2 MIP and MEP Example
(port 2, MEP)
A
9.2 CFM Term Definition
This section lists the common term definition which appears in this chapter. Refer to User’s
Guide for more detailed information about CFM.
Table 26 CFM Term Definitions
TERM DESCRIPTION
CFM CFM (Connectivity Fault Management) is used to detect and analyze connectivity
faults in bridged LANs.
MD An MD (Maintenance Domain) is part of a network, where CFM can be done. The
MA An MA (Maintenance Association) is a group of MEPs and identified by a VLAN
MD is identified by a level number and contains both MEPs and MIPs. The Switch
supports up to eight MD levels (0 ~ 7) in a network. You can create multiple MDs
on one MD level and multiple MA groups in one MD.
ID. One MA should belong to one and only one MD group.
(port 17, MIP)
C
(port 18, MIP)
(port 8, MEP)
B
50
Ethernet Switch CLI Reference Guide
Chapter 9 CFM Commands
Table 26 CFM Term Definitions
TERM DESCRIPTION
MEP An MEP (Maintenance End Point) port has the ability to send and reply to the
CCMs, LBMs and LTMs. It also gets other MEP port information from neighbor
switches’ CCMs in an MA.
MIP An MIP (Maintenance Intermediate Point) port forwards the CCMs, LBMs, and
LTMs and replies the LBMs and LTMs by sending Loop Back Responses (LBRs)
and Link Trace Responses (LTRs).
Connectivity
Check
Loop Back Test Loop Back Test (LBT) checks if an MEP port receives its LBR (Loop Back
Link Trace Test Link Trace Test (LTT) provides additional connectivity fault analysis to get more
Connectivity Check (CC) enables an MEP port sending Connectivity Check
Messages (CCMs) periodically to other MEP ports. An MEP port collects CCMs to
get other MEP information within an MA.
Response) from its target after it sends the LBM (Loop Back Message). If no
response is received, there might be a connectivity fault between them.
information on where the fault is. In the link trace test, MIP ports also send LTR
(Link Trace Response) to response the source MEP port’s LTM (Link Trace
Message). If an MIP or MEP port does not respond to the source MEP, this may
indicate a fault. Administrators can take further action to check and resume
services from the fault according to the line connectivity status report.
9.3 User Input Values
This section lists the common term definition appears in this chapter. Refer to User’s Guide
for more detailed information about CFM.
Table 27 CFM command user input values
USER INPUT DESCRIPTION
mep-id This is the maintenance endpoint identifier (1~8191).
ma-index This is the maintenance association (MA) index number
md-index This is the maintenance domain (MD) index number
mac-address This is the remote maintenance endpoint’s MAC address or a
(1~4294967295).
(1~4294967295).
virtual MAC address assigned to a port.
A switch has one or two MAC addresses only. If you do not use
virtual MAC addresses with CFM, all CFM ports will use the
Switch’s MAC address and appear as one port. If you want
unique CFM ports, you need to assign virtual MAC addresses. If
you use virtual MAC addresses, make sure that all virtual MAC
addresses are unique in both the switch and the network to which
it belongs.
Ethernet Switch CLI Reference Guide
51
Chapter 9 CFM Commands
9.4 Command Summary
The following section lists the commands for this feature.
Table 28 CFM Command Summary
COMMAND DESCRIPTION M P
clear ethernet cfm linktrace Clears the link trace database. E 13
clear ethernet cfm mep-ccmdb Clears the MEP CCM database. E 13
clear ethernet cfm mip-ccmdb Clears the MIP CCM database. E 13
clear ethernet cfm mep-defects Clears the MEP-defects database. E 13
ethernet cfm Enables CFM on the Switch. C 13
ethernet cfm md <md-index> format
<dns|mac|string> name <md-name>
level <0-7>
ethernet cfm ma <ma-index> format
<vid|string|integer> name <ma-name>
md <md-index> primary-vlan <1-4094>
Creates an MD (Maintenance Domain) with the specified
name and level number.
md-name: Enters a domain name, MAC address or a
descriptive name for the MD.
Creates an MA (Maintenance Association) and defines
its VLAN ID under the MD. You can also define the
format which the Switch uses to send this MA information
in the domain (MD).
ma-name: Enters a VLAN ID, a descriptive name or a 2octet integer for the MA.
C13
C13
Note: If you set the format to vid, the VLAN
ID should be the same as the VLAN ID
you use to identify the MA.
cc-interval
<100ms|1s|10s|1min|10min>
mhf-creation < none | default |
explicit>
id-permission < none | chassis
| management | chassismanagement>
exit Exits from the config-ma mode. C 13
remote-mep <mep-id> Sets a remote MEP in an MA. C 13
mep <mep-id> interface portchannel <port> direction
<up|down> priority <0-7>
Sets how often an MEP sends a connectivity check
message (CCM).
Sets MHF (MIP Half Function).
Select none and no MIP can be created automatically for
this MA.
Select default to automatically create MIPs for this MA
and on the ports belonging to this MA’s VLAN when there
are no lower configured MD levels or there is an MEP at
the next lower configured MD level on the port.
Select explicit to automatically create MIPs for this
MA and on the ports belonging to this MA’s VLAN only
when there is an MEP at the next lower configured MD
level on the port.
Sets what’s to be included in the sender ID TLV (TypeLength-Value) transmitted by CFM packets.
Select none to not include the sender ID TLV.
Select chassis to include the chassis information.
Select management to include the management
information.
Select chassis-management to include both chassis
and management information.
Sets an MEP in an MA.
up|down: The traffic direction.
0-7: The priority value of the CCMs or LTMs transmitted
by the MEP. 1 is the lowest, then 2, 0 and 3 ~ 7.
C13
C13
C13
C13
52
Ethernet Switch CLI Reference Guide
Chapter 9 CFM Commands
Table 28 CFM Command Summary (continued)
COMMAND DESCRIPTION M P
mep <mep-id> interface portchannel <port> direction
<up|down> priority <0-7>
inactive
mep <mep-id> interface portchannel <port> direction
<up|down> priority <0-7> ccenable
no remote-mep <mep-id> Deletes a specified destination MEP. C 13
no mep <mep-id> Deletes a specified MEP. C 13
no mep <mep-id> inactive Enables an MEP. C 13
no mep <mep-id> cc-enable Disallows an MEP sending Connectivity Check
ethernet cfm loopback remote-mep
<mep-id> mep <mep-id> ma <ma-index>
md <md-index> [size <0-1500>][count
<1-1024>]
ethernet cfm loopback mac <mac-
address> mep <mep-id> ma <ma-index>
md <md-index> [size <0-1500>][count
<1-1024>]
ethernet cfm linktrace remote-mep
<mep-id> mep <mep-id> ma <ma-index>
md <md-index> [mip-ccmdb][[ttl
<ttl>]
Disables a specified MEP. C 13
Enables Connectivity Check (CC) to allow an MEP
sending Connectivity Check Messages (CCMs)
periodically to other MEPs.
Messages (CCMs) periodically to other MEPs.
Specifies the remote MEP ID, local MEP ID, MA index
and MD index to perform a loopback test.
This enables the MEP port (with the specified MEP ID) in
a specified CFM domain to send the LBMs (Loop Back
Messages) to a specified remote end point.
You can also define the packet size (from 0 to 1500
bytes) and how many times the Switch sends the LBMs.
Specifies the destination MAC address, local MEP ID,
MA index and MD index to perform a loopback test.
This enables the MEP port (with the specified MEP ID) in
a specified CFM domain to send the LBMs (Loop Back
Messages) to a specified remote end point.
You can also define the packet size (from 0 to 1500
bytes) and how many times the Switch sends the LBMs.
Specifies the remote MEP ID, local MEP ID, MA index
and MD index to perform a link trace test.
This enables the MEP port (with the specified MEP ID) in
a specified CFM domain to send the LTMs (Link Trace
Messages) to a specified remote end point.
mip-ccmdb: Specifies the MIP CCM DB, a database
that stores information (tuples of {Port, VID, MAC
address}) about MEPs in the MD when receiving CCMs.
The MIP CCM DB is used for fault isolation, such as link
trace and loop back. An entry can remains in the MIP
CCM DB for at least 24 hours.
ttl: This is the time-to-live value (the number of
transmissions, 64 hops by default). Sets this to stop a
test once it exceeds the time duration without receiving
any response.
C13
C13
E13
E13
E13
Ethernet Switch CLI Reference Guide
53
Chapter 9 CFM Commands
Table 28 CFM Command Summary (continued)
COMMAND DESCRIPTION M P
ethernet cfm linktrace mac <macaddress> mep <mep-id> ma <ma-index>
md <md-index> [mip-ccmdb][[ttl
<ttl>]
interface port-channel <port-list> Enters config-interface mode for configuring the specified
ethernet cfm virtual-mac <mac-
addr>
no ethernet cfm virtual-mac Removes the virtual MAC address(es) and sets the
no ethernet cfm Disables CFM on the Switch. C 13
no ethernet cfm md <md-index> Deletes the specified MD. C 13
no ethernet cfm ma <ma-index> md
<md-index>
show ethernet cfm linktrace Displays the CFM link trace database information. E 13
show ethernet cfm local Displays the detailed settings of the configured MD(s)
show ethernet cfm local stack Displays a list of all maintenance points, such as MIP
show ethernet cfm local stack mep Displays a list of the MEP(s). E 13
show ethernet cfm local stack mep
<mep-id> ma <ma-index> md <md-
index>
show ethernet cfm local stack mep
<mep-id> ma <ma-index> md <md-
index> mep-ccmdb [remote-mep <mepid>]
show ethernet cfm local stack mip Displays a list of the MIP(s). E 13
show ethernet cfm local stack mip
mip-ccmdb
show ethernet cfm remote Displays a list of MA(s), MEP(s) and the remote MEP(s)
show ethernet cfm virtual-mac Displays all virtual MAC addresses. E 13
show ethernet cfm virtual-mac port
<port-list>
Specifies the destination MAC address, local MEP ID,
MA index and MD index to perform a link trace test.
This enables the MEP port (with the specified MEP ID) in
a specified CFM domain to send the LTMs (Link Trace
Messages) to a specified remote end point.
mip-ccmdb: Specifies the MIP CCM DB, a database
that stores information (tuples of {Port, VID, MAC
address}) about MEPs in the MD when receiving CCMs.
The MIP CCM DB is used for fault isolation, such as link
trace and loop back. An entry can remains in the MIP
CCM DB for at least 24 hours.
ttl: This is the time-to-live value (the number of
transmissions, 64 hops by default). Sets this to stop a
test once it exceeds the time duration without receiving
any response.
port(s).
Assigns a virtual MAC address(es) to the specified
port(s) so that each specified port can have its own MAC
address for CFM.
port(s) to use the default system MAC address.
Deletes an MA from the specified MD. C 13
and MA(s).
and MEP.
Displays the specified MEP’s general, fault notification
generator, continuity-check, loopback and link trace
information.
Displays the specified MEP’s MEP-CCM database
information. Each MEP maintains an MEP CCM
database which stores information about remote MEPs
in the MA when receiving CCMs.
Displays the MIP-CCM database. E 13
under the configured MD(s).
Displays the MAC address(es) of the specified port(s). E 13
E13
C13
C13
C13
E13
E13
E13
E13
E13
54
Ethernet Switch CLI Reference Guide
Chapter 9 CFM Commands
9.5 Command Examples
This example creates MD1 (with MD index 1 and level 1) and MA2 (with MA index 2 and
VLAN ID 2) under MD1 that defines a CFM domain.
sysname# config
sysname(config)# ethernet cfm md 1 format string name MD1 level 1
sysname(config)# ethernet cfm ma 2 format string name MA2 md 1 primaryvlan 2
sysname(config-ma)# exit
sysname(config)# exit
sysname# write memory
" Remember to save new settings using the write memory command.
This example deletes MA2 (with MA index 2) from MD1 (with MD index 1).
sysname# config
sysname(config)# no ethernet cfm ma 2 md 1
sysname(config)# exit
sysname# write mem
This example creates MA3 (with MA index 3 and VLAN ID 123) under MD1, and associates
port 1 as an MEP port with MEP ID 301 in the specified CFM domain. This also sets MHF
(MIP half function) to default to have the Switch automatically create MIPs for this MA and
on the ports belonging to this MA's VLAN when there are no lower configured MD levels or
there is a MEP at the next lower configured MD level on the port. This also sets a remote MEP
in MA3.
sysname# config
sysname(config)# ethernet cfm ma 3 format string name MA3 md 1 primary-vlan
123
sysname(config-ma)# mep 301 interface port-channel 1 direction up priority 2
sysname(config-ma)# mep 301 interface port-channel 1 direction up priority 2
cc-enable
sysname(config-ma)# mhf-creation default
sysname(config-ma)# remote-mep 117
sysname(config-ma)# exit
sysname(config)# exit
sysname# write mem
Ethernet Switch CLI Reference Guide
55
Chapter 9 CFM Commands
This example lists all CFM domains. In this example, only one MD (MD1) is configured. The
MA3 with the associated MEP port 1 is under this MD1.
sysname# show ethernet cfm local
MD Index: 1
MD Name: MD1(string)
MD Level: 1
MA Index: 3
MA Name: MA3(string)
Primary Vlan: 123
CC Interval: 1000 millisecond(s)
MHF Creation: default
ID Permission: none
MEP:301 (ACTIVE ) Port:1 Direction:DOWN Priority:5 CC-Enable:FALSE
sysname#
This example starts a loopback test and displays the test result on the console.
sysname# ethernet cfm loopback remote-mep 2 mep 1 ma 1 md 1
Sending 5 Ethernet CFM Loopback messages to remote-mepid 2, timeout is 5
seconds .....
sysname# Loopback: Successful
Success rate is 100 percent, round-trip min/avg/max = 0/0/0 ms
sysname#
This example displays all neighbors’ MEP port information in the MIP-CCM databases.
sysname# show ethernet cfm local stack mip mip-ccmdb
MIP CCM DB
Port VID Source Address Retained
---- ---- ----------------- -------- 2 1 00:19:cb:00:00:04 0 hr(s)
7 1 00:19:cb:00:00:06 0 hr(s)
sysname#
The following table describes the labels in this screen.
Table 29 show cfm-action mipccmdb
LABEL DESCRIPTION
Port Displays the number of the port on which this CCM was received.
VID Displays the MA VLAN ID of the last received CCM.
Source Address Displays the MAC address of the remote MEP.
Retained Displays how long an entry has been kept in the database.
56
Ethernet Switch CLI Reference Guide
Chapter 9 CFM Commands
This example assigns a virtual MAC address to port 3 and displays the MAC addresses of the
ports 2 ~ 4. The assigned virtual MAC address should be unique in both the Switch and the
network to which it belongs.
sysname# config
sysname(config)# interface port-channel 3
sysname(config-interface)# ethernet cfm virtual-mac 00:19:cb:12:34:56
sysname(config-interface)# exit
sysname(config)# exit
sysname# show ethernet cfm virtual-mac port 2-4
Virtual MACPort MAC
---- ----------------2 00:19:cb:00:00:02
3 00:19:cb:12:34:56
4 00:19:cb:00:00:02
sysname#
Ethernet Switch CLI Reference Guide
57
Chapter 9 CFM Commands
58
Ethernet Switch CLI Reference Guide
CHAPTER 10
Classifier Commands
Use these commands to classify packets into traffic flows. After classifying traffic, policy
commands (Chapter 46 on page 175) can be used to ensure that a traffic flow gets the
requested treatment in the network.
10.1 Command Summary
The following section lists the commands for this feature.
Table 30 Command Summary: classifier
COMMAND DESCRIPTION M P
show classifier [<name>] Displays classifier configuration details. E 3
classifier <name> <[packetformat <802.3untag|802.3tag|
EtherIIuntag|EtherIItag>]
[priority <0-7>] [vlan <vlan-
id>] [ethernet-type <ethernum|ip|ipx|arp|rarp|appletalk|d
ecnet>] [source-mac <src-macaddr>] [source-port <port-num>]
[destination-mac <dest-macaddr>] [dscp <0-63>] [ip-
protocol <protocolnum|tcp|udp|icmp|egp|
ospf|rsvp|igmp|igp|pim|ipsec>
[establish-only]] [source-ip
<src-ip-addr> [mask-bits <mask-
bits>]] [source-socket <socketnum>] [destination-ip <dest-ipaddr> [mask-bits <mask-bits>]]
[destination-socket <socketnum>] [inactive]>
no classifier <name> Deletes the classifier.
no classifier <name> inactive Enables a classifier. C 13
Configures a classifier. Specify the parameters to identify the
traffic flow:
ethernet-type - enter one of the Ethernet types or type the
hexadecimal number that identifies an Ethernet type (see
Table 31 on page 60)
ip-protocol : enter one of the protocols or type the port
number that identifies the protocol (see Table 32 on page 60)
establish-only : enter this to identify only TCP packets
used to establish TCP connections.
source-socket : (for UDP or TCP protocols only) specify
the protocol port number.
destination-socket : (for UDP or TCP protocols only)
specify the protocol port number.
inactive : disables this classifier.
If you delete a classifier you cannot use policy rule related
information.
C13
C13
Ethernet Switch CLI Reference Guide
59
Chapter 10 Classifier Commands
The following table shows some other common Ethernet types and the corresponding protocol
number.
Table 31 Common Ethernet Types and Protocol Number
ETHERNET TYPE PROTOCOL NUMBER
IP ETHII 0800
X.75 Internet 0801
NBS Internet 0802
ECMA Internet 0803
Chaosnet 0804
X.25 Level 3 0805
XNS Compat 0807
Banyan Systems 0BAD
BBN Simnet 5208
IBM SNA 80D5
AppleTalk AARP 80F3
In an IPv4 packet header, the “Protocol” field identifies the next level protocol. The following
table shows some common IPv4 protocol types and the corresponding protocol number. Refer
to http://www.iana.org/assignments/protocol-numbers for a complete list.
Table 32 Common IPv4Protocol Types and Protocol Numbers
PROTOCOL TYPE PROTOCOL NUMBER
ICMP 1
TCP 6
UDP 17
EGP 8
L2TP 115
10.2 Command Examples
This example creates a classifier for packets with a VLAN ID of 3. The resulting traffic flow is
identified by the name VLAN3. The policy command can use the name VLAN3 to apply
policy rules to this traffic flow. See the policy example in Chapter 46 on page 175.
sysname# config
sysname(config)# classifier VLAN3 vlan 3
sysname(config)# exit
sysname# show classifier
Index Active Name Rule
1 Yes VLAN3 VLAN = 3;
60
Ethernet Switch CLI Reference Guide
Chapter 10 Classifier Commands
This example creates a classifier (Class1) for packets which have a source MAC address of
11:22:33:45:67:89 and are received on port 1. You can then use the policy command and
the name Class1 to apply policy rules to this traffic flow. See the policy example in Chapter 46
on page 175.
sysname# config
sysname(config)# classifier Class1 source-mac 11:22:33:45:67:89 source-port
1
sysname(config)# exit
sysname# show classifier
Index Active Name Rule
1 Yes Class1 SrcMac = 11:22:33:45:67:89; S...
Ethernet Switch CLI Reference Guide
61
Chapter 10 Classifier Commands
62
Ethernet Switch CLI Reference Guide
CHAPTER 11
Cluster Commands
Use these commands to configure cluster management.
11.1 Command Summary
The following section lists the commands for this feature.
Table 33 cluster Command Summary
COMMAND DESCRIPTION M P
show cluster Displays cluster management status. E 3
cluster <vlan-id> Enables clustering in the specified VLAN group. C 13
no cluster Disables cluster management on the Switch. C 13
cluster name <cluster name> Sets a descriptive name for the cluster.
<cluster name>: You may use up to 32 printable
characters (spaces are allowed).
show cluster candidates Displays the switches that are potential cluster members. The
cluster member <mac> password
<password>
show cluster member Displays the cluster member(s) and their running status. E 3
show cluster member config Displays the current cluster member(s). E 3
show cluster member mac <mac> Displays the running status of the cluster member(s). E 3
cluster rcommand <mac> Logs into the CLI of the specified cluster member. C 13
no cluster member <mac> Removes the cluster member. C 13
switches must be directly connected.
Adds the specified device to the cluster. You have to specify
the password of the device too.
C13
E3
C13
Ethernet Switch CLI Reference Guide
63
Chapter 11 Cluster Commands
11.2 Command Examples
This example creates the cluster CManage in VLAN 1. Then, it looks at the current list of
candidates for membership in this cluster and adds two switches to cluster.
sysname# configure
sysname(config)# cluster 1
sysname(config)# cluster name CManage
sysname(config)# exit
sysname# show cluster candidates
Clustering Candidates:
Index Candidates(MAC/HostName/Model)
0 00:13:49:00:00:01/ES-2108PWR/ES-2108PWR
1 00:13:49:00:00:02/GS-3012/GS-3012
2 00:19:cb:00:00:02/ES-3124/ES-3124
sysname# configure
sysname(config)# cluster member 00:13:49:00:00:01 password 1234
sysname(config)# cluster member 00:13:49:00:00:02 password 1234
sysname(config)# exit
sysname# show cluster member
Clustering member status:
Index MACAddr Name Status
1 00:13:49:00:00:01 ES-2108PWR Online
2 00:13:49:00:00:02 GS-3012 Online
The following table describes the labels in this screen.
Table 34 show cluster member
LABEL DESCRIPTION
Index This field displays an entry number for each member.
MACAddr This field displays the member’s MAC address.
Name This field displays the member’s system name.
Status This field displays the current status of the member in the cluster.
Online: The member is accessible.
Error: The member is connected but not accessible. For example, the
member’s password has changed, or the member was set as the manager
and so left the member list. This status also appears while the Switch
finishes adding a new member to the cluster.
Offline: The member is disconnected. It takes approximately 1.5 minutes
after the link goes down for this status to appear.
64
Ethernet Switch CLI Reference Guide
Chapter 11 Cluster Commands
This example logs in to the CLI of member 00:13:49:00:00:01, looks at the current firmware
version on the member switch, logs out of the member’s CLI, and returns to the CLI of the
manager.
sysname# configure
sysname(config)# cluster rcommand 00:13:49:00:00:01
Connected to 127.0.0.2
Escape character is '^]'.
User name: admin
Password: ****
Copyright (c) 1994 - 2007 ZyXEL Communications Corp.
ES-2108PWR# show version
Current ZyNOS version: V3.80(ABS.0)b2 | 05/28/2007
ES-2108PWR# exit
Telnet session with remote host terminated.
Closed
sysname(config)#
This example looks at the current status of the Switch’s cluster.
sysname# show cluster
Cluster Status: Manager
VID: 1
Manager: 00:13:49:ae:fb:7a
The following table describes the labels in this screen.
Table 35 show cluster
LABEL DESCRIPTION
Cluster Status This field displays the role of this Switch within the cluster.
Manager: This Switch is the device through which you manage the cluster
member switches.
Member: This Switch is managed by the specified manager.
None: This Switch is not in a cluster.
VID This field displays the VLAN ID used by the cluster.
Manager This field displays the cluster manager’s MAC address.
Ethernet Switch CLI Reference Guide
65
Chapter 11 Cluster Commands
66
Ethernet Switch CLI Reference Guide
CHAPTER 12
Date and Time Commands
Use these commands to configure the date and time on the Switch.
12.1 Command Summary
The following table describes user-input values available in multiple commands for this
feature.
Table 36 time User-input Values
COMMAND DESCRIPTION
week Possible values (daylight-saving-time commands only): first, second,
day Possible values (daylight-saving-time commands only): Sunday,
month Possible values (daylight-saving-time commands only): January,
o’clock Possible values (daylight-saving-time commands only): 0-23
third, fourth, last.
Monday, Tuesday, ....
February, March, ....
The following section lists the commands for this feature.
Table 37 time Command Summary
COMMAND DESCRIPTION M P
show time Displays current system time and date. E 3
time <hour:min:sec> Sets the current time on the Switch.
hour: 0-23
min: 0-59
sec: 0-59
Note: If you configure Daylight Saving Time
after you configure the time, the Switch
will apply Daylight Saving Time.
time date <month/day/year> Sets the current date on the Switch.
month: 1-12
day: 1-31
year: 1970-2037
time timezone <-1200|...|1200> Selects the time difference between UTC (formerly
known as GMT) and your time zone.
time daylight-saving-time Enables daylight saving time. The current time is
updated if daylight saving time has started.
C13
C13
C13
C13
Ethernet Switch CLI Reference Guide
67
Chapter 12 Date and Time Commands
Table 37 time Command Summary (continued)
COMMAND DESCRIPTION M P
time daylight-saving-time startdate <week> <day> <month> <o’clock>
time daylight-saving-time end-date
<week> <day> <month> <o’clock>
no time daylight-saving-time Disables daylight saving on the Switch. C 13
time daylight-saving-time help Provides more information about the specified command. C 13
Sets the day and time when Daylight Saving Time starts.
In most parts of the United States, Daylight Saving Time
starts on the second Sunday of March at 2 A.M. local
time. In the European Union, Daylight Saving Time starts
on the last Sunday of March at 1 A.M. GMT or UTC, so
the o’clock field depends on your time zone.
Sets the day and time when Daylight Saving Time ends.
In most parts of the United States, Daylight Saving Time
ends on the first Sunday of November at 2 A.M. local
time. In the European Union, Daylight Saving Time ends
on the last Sunday of October at 1 A.M. GMT or UTC, so
the o’clock field depends on your time zone.
C13
C13
Table 38 timesync Command Summary
COMMAND DESCRIPTION M P
show timesync Displays time server information. E 3
timesync server <ip> Sets the IP address of your time server. The Switch
synchronizes with the time server in the following
situations:
• When the Switch starts up.
• Every 24 hours after the Switch starts up.
• When the time server IP address or protocol is
updated.
timesync <daytime|time|ntp> Sets the time server protocol. You have to configure a
time server before you can specify the protocol.
no timesync Disables timeserver settings. C 13
C13
C13
12.2 Command Examples
This example sets the current date, current time, time zone, and daylight savings time.
sysname# configure
sysname(config)# time date 06/04/2007
sysname(config)# time timezone -600
sysname(config)# time daylight-saving-time
sysname(config)# time daylight-saving-time start-date second Sunday
--> March 2
sysname(config)# time daylight-saving-time end-date first Sunday
--> November 2
sysname(config)# time 13:24:00
sysname(config)# exit
sysname# show time
Current Time 13:24:03 (UTC-05:00 DST)
Current Date 2007-06-04
68
Ethernet Switch CLI Reference Guide
Chapter 12 Date and Time Commands
This example looks at the current time server settings.
sysname# show timesync
Time Configuration
---------------------------- Time Zone :UTC -600
Time Sync Mode :USE_DAYTIME
Time Server IP Address :172.16.37.10
Time Server Sync Status:CONNECTING
The following table describes the labels in this screen.
Table 39 show timesync
LABEL DESCRIPTION
Time Zone This field displays the time zone.
Time Sync Mode This field displays the time server protocol the Switch uses. It displays
NO_TIMESERVICE if the time server is disabled.
Time Server IP Address This field displays the IP address of the time server.
Time Server Sync Status This field displays the status of the connection with the time server.
NONE: The time server is disabled.
CONNECTING: The Switch is trying to connect with the specified time
server.
OK: Synchronize with time server done.
FAIL: Synchronize with time server fail.
Ethernet Switch CLI Reference Guide
69
Chapter 12 Date and Time Commands
70
Ethernet Switch CLI Reference Guide
CHAPTER 13
DHCP Commands
Use these commands to configure DHCP features on the Switch.
• Use the dhcp relay commands to configure DHCP relay for specific VLAN.
• Use the dhcp smart-relay commands to configure DHCP relay for all broadcast
domains.
• Use the dhcp server commands to configure the Switch as a DHCP server. (This
command is available on a layer 3 switch only.)
13.1 Command Summary
The following section lists the commands for this feature.
Table 40 dhcp smart-relay Command Summary
COMMAND DESCRIPTION M P
show dhcp smart-relay Displays global DHCP relay settings. E 3
dhcp smart-relay Enables DHCP relay for all broadcast domains on the Switch.
C13
Note: You have to disable dhcp relay before
you can enable dhcp smart-relay.
no dhcp smart-relay Disables global DHCP relay settings. C 13
dhcp smart-relay helper-address
<remote-dhcp-server1> [<remote-
dhcp-server2>] [<remote-dhcpserver3>]
dhcp smart-relay information Allows the Switch to add system name to agent information. C 13
no dhcp smart-relay information System name is not appended to option 82 information field
dhcp smart-relay option Allows the Switch to add DHCP relay agent information. C 13
no dhcp smart-relay option Disables the relay agent information option 82 for global dhcp
Sets the IP addresses of up to 3 DHCP servers. C 13
C13
for global dhcp settings.
C13
settings.
Ethernet Switch CLI Reference Guide
71
Chapter 13 DHCP Commands
Table 41 dhcp relay Command Summary
COMMAND DESCRIPTION M P
show dhcp relay <vlan-id> Displays DHCP relay settings for the specified VLAN. E 3
dhcp relay <vlan-id> helperaddress <remote-dhcp-server1>
[<remote-dhcp-server2>]
[<remote-dhcp-server3>]
[option] [information]
Enables DHCP relay on the specified VLAN and sets the IP
address of up to 3 DHCP servers. Optionally, sets the Switch
to add relay agent information and system name.
Note: You have to configure the VLAN before you
C13
configure a DHCP relay for the VLAN. You
have to disable dhcp smart-relay
before you can enable dhcp relay.
no dhcp relay <vlan-id> Disables DHCP relay. C 13
no dhcp relay <vlan-id>
information
no dhcp relay <vlan-id> option Disables the relay agent information option 82. C 13
Table 42 dhcp relay-broadcast Command Summary
COMMAND DESCRIPTION M P
dhcp relay-broadcast The broadcast behavior of DHCP packets will not be
no dhcp relay-broadcast The Switch terminates the broadcast behavior of DHCP
System name is not appended to option 82 information field. C 13
C13
terminated by the Switch.
C13
packets.
Table 43 dhcp server Command Summary
COMMAND DESCRIPTION M P
dhcp server <vlan-id> startingaddress <ip-addr> <subnet-mask>
size-of-client-ip-pool <1-253>
dhcp server <vlan-id> startingaddress <ip-addr> <subnet-mask>
size-of-client-ip-pool <1-253>
[default-gateway <ip-addr>]
[primary-dns <ip-addr>]
[secondary-dns <ip-addr>]
no dhcp server <vlan-id> Disables DHCP server for the specified VLAN. C 13
no dhcp server <vlan-id>
default-gateway
no dhcp server <vlan-id>
primary-dns
no dhcp server <vlan-id>
secondary-dns
show dhcp server Displays DHCP server settings. E 13
show dhcp server <vlan-id> Displays DHCP server settings in a specified VLAN. E 13
Enables DHCP server for the specified VLAN and specifies
the TCP/IP configuration details to send to DHCP clients.
Enables DHCP server for the specified VLAN and specifies
the TCP/IP configuration details to send to DHCP clients.
Including default gateway IP address and DNS server
information.
Disables DHCP server default gateway settings. C 13
Disables DHCP primary DNS server settings. C 13
Disables DHCP server secondary DNS settings. C 13
C13
C13
72
Ethernet Switch CLI Reference Guide
13.2 Command Examples
In this example, the Switch relays DHCP requests for the VLAN1 and VLAN2 domains.
There is only one DHCP server for DHCP clients in both domains.
Figure 3 Example: Global DHCP Relay
DHCP Server:
192.168.1.100
Chapter 13 DHCP Commands
VLAN1
VLAN2
This example shows how to configure the Switch for this configuration. DHCP relay agent
information option 82 is also enabled.
sysname# configure
sysname(config)# dhcp smart-relay
sysname(config)# dhcp smart-relay helper-address 192.168.1.100
sysname(config)# dhcp smart-relay option
sysname(config)# exit
sysname# show dhcp smart-relay
DHCP Relay Agent Configuration
Active: Yes
Remote DHCP Server 1:192.168.1.100
Remote DHCP Server 2: 0.0.0.0
Remote DHCP Server 3: 0.0.0.0
Option82: Enable Option82Inf: Disable
In this example, there are two VLANs (VIDs 1 and 2) in a campus network. Two DHCP
servers are installed to serve each VLAN. The Switch forwards DHCP requests from the
dormitory rooms (VLAN 1) to the DHCP server with IP address 192.168.1.100. DHCP
requests from the academic buildings (VLAN 2) are sent to the other DHCP server with IP
address 172.16.10.100.
Ethernet Switch CLI Reference Guide
73
Chapter 13 DHCP Commands
Figure 4 Example: DHCP Relay for Two VLANs
VLAN 1
DHCP:
192.168.1.100
VLAN 2
DHCP:
172.16.10.100
This example shows how to configure these DHCP servers. The VLANs are already
configured.
sysname# configure
sysname(config)# dhcp relay 1 helper-address 192.168.1.100
sysname(config)# dhcp relay 2 helper-address 172.16.10.100
sysname(config)# exit
In this example, the Switch is a DHCP server for clients on VLAN 1 and VLAN 2. The DHCP
clients in VLAN 1 are assigned IP addresses in the range 192.168.1.100 to 192.168.1.200 and
clients on VLAN 2 are assigned IP addresses in the range 172.16.1.30 to 172.16.1.130.
Figure 5 Example: DHCP Relay for Two VLANs
DHCP Pool:
192.168.1.100-192.168.1.200
DHCP Pool:
172.16.1.30-172.16.1.130
74
VLAN 1
VLAN 2
This example shows how to configure the DHCP server for VLAN 1 with the configuration
shown in Figure 5 on page 74. It also provides the DHCP clients with the IP address of the
default gateway and the DNS server.
sysname# configure
sysname(config)# dhcp server 1 starting-address 192.168.1.100
255.255.255.0 size-of-client-ip-pool 100 default-gateway 192.168.1.1
primary-dns 192.168.5.1
Ethernet Switch CLI Reference Guide
CHAPTER 14
DHCP Snooping & DHCP VLAN
Commands
Use the dhcp snooping commands to configure the DHCP snooping on the Switch and the
dhcp vlan commands to specify a DHCP VLAN on your network. DHCP snooping filters
unauthorized DHCP packets on the network and builds the binding table dynamically.
14.1 Command Summary
The following section lists the commands for this feature.
Table 44 dhcp snooping Command Summary
COMMAND DESCRIPTION M P
show dhcp snooping Displays DHCP snooping configuration on the Switch. E 3
show dhcp snooping binding Displays the DHCP binding table. E 3
show dhcp snooping database Displays DHCP snooping database update statistics and
settings.
show dhcp snooping database
detail
dhcp snooping Enables DHCP Snooping on the Switch. C 13
no dhcp snooping Disables DHCP Snooping on the Switch. C 13
dhcp snooping database <tftp://
host/filename>
no dhcp snooping database Removes the location of the DHCP snooping database. C 13
dhcp snooping database timeout
<seconds>
no dhcp snooping database
timeout <seconds>
dhcp snooping database writedelay <seconds>
no dhcp snooping database writedelay <seconds>
Displays DHCP snooping database update statistics in full
detail form.
Specifies the location of the DHCP snooping database. The
location should be expressed like this: tftp://{domain name
or IP address}/directory, if applicable/file name; for
example, tftp://192.168.10.1/database.txt.
Specifies how long (10-65535 seconds) the Switch tries to
complete a specific update in the DHCP snooping database
before it gives up.
Resets how long (10-65535 seconds) the Switch tries to
complete a specific update in the DHCP snooping database
before it gives up to the default value (300).
Specifies how long (10-65535 seconds) the Switch waits to
update the DHCP snooping database the first time the current
bindings change after an update.
Resets how long (10-65535 seconds) the Switch waits to
update the DHCP snooping database the first time the current
bindings change after an update to the default value (300).
E3
E3
C13
C13
C13
C13
C13
Ethernet Switch CLI Reference Guide
75
Chapter 14 DHCP Snooping & DHCP VLAN Commands
Table 44 dhcp snooping Command Summary (continued)
COMMAND DESCRIPTION M P
dhcp snooping vlan <vlan-list> Specifies the VLAN IDs for VLANs you want to enable DHCP
snooping on.
no dhcp snooping vlan <vlanlist>
dhcp snooping vlan <vlan-list>
information
no dhcp snooping vlan <vlan-
list> information
dhcp snooping vlan <vlan-list>
option
no dhcp snooping vlan <vlan-
list> option
clear dhcp snooping database
statistics
renew dhcp snooping database Loads dynamic bindings from the default DHCP snooping
renew dhcp snooping database
<tftp://host/filename>
interface port-channel <port-
list>
dhcp snooping trust Sets this port as a trusted DHCP snooping port. Trusted ports
dhcp snooping limit rate
<pps>
no dhcp snooping trust Disables this port from being a trusted port for DHCP
no dhcp snooping limit rate Resets the DHCP snooping rate to the default (0). C 13
Specifies the VLAN IDs for VLANs you want to disable DHCP
snooping on.
Sets the Switch to add the system name to DHCP requests
that it broadcasts to the DHCP VLAN, if specified, or VLAN.
Sets the Switch to not add the system name to DHCP
requests that it broadcasts to the DHCP VLAN, if specified, or
VLAN.
Sets the Switch to add the slot number, port number and
VLAN ID to DHCP requests that it broadcasts to the DHCP
VLAN, if specified, or VLAN.
Sets the Switch to not add the slot number, port number and
VLAN ID to DHCP requests that it broadcasts to the DHCP
VLAN, if specified, or VLAN.
Delete all statistics records of DHCP requests going through
the Switch.
database.
Loads dynamic bindings from the specified DHCP snooping
database.
Enables a port or a list of ports for configuration. C 13
are connected to DHCP servers or other switches, and the
Switch discards DHCP packets from trusted ports only if the
rate at which DHCP packets arrive is too high.
Sets the maximum rate in packets per second (pps) that
DHCP packets are allowed to arrive at a trusted DHCP
snooping port.
snooping.
C13
C13
C13
C13
C13
C13
E13
E13
E13
C13
C13
C13
The following table describes the dhcp-vlan commands.
Table 45 dhcp-vlan Command Summary
COMMAND DESCRIPTION M P
dhcp dhcp-vlan <vlan-id> Specifies the VLAN ID of the DHCP VLAN. C 13
no dhcp dhcp-vlan Disables DHCP VLAN on the Switch. C 13
14.2 Command Examples
This example:
• Enables DHCP snooping Switch.
• Sets up an external DHCP snooping database on a network server with IP address
172.16.37.17.
76
Ethernet Switch CLI Reference Guide
Chapter 14 DHCP Snooping & DHCP VLAN Commands
• Enables DHCP snooping on VLANs 1,2,3,200 and 300.
• Sets the Switch to add the slot number, port number and VLAN ID to DHCP requests that
it broadcasts to the DHCP VLAN.
• Sets ports 1 - 5 as DHCP snooping trusted ports.
• Sets the maximum number of DHCP packets that can be received on ports 1 - 5 to 100
packets per second.
• Configures a DHCP VLAN with a VLAN ID 300.
• Displays DHCP snooping configuration details.
sysname(config)# dhcp snooping
sysname(config)# dhcp snooping database tftp://172.16.37.17/
snoopdata.txt
sysname(config)# dhcp snooping vlan 1,2,3,200,300
sysname(config)# dhcp snooping vlan 1,2,3,200,300 option
sysname(config)# interface port-channel 1-5
sysname(config-interface)# dhcp snooping trust
sysname(config-interface)# dhcp snooping limit rate 100
sysname(config-interface)# exit
sysname(config)# dhcp dhcp-vlan 300
sysname(config)# exit
sysname# show dhcp snooping
Switch DHCP snooping is enabled
DHCP Snooping is configured on the following VLANs:
1-3,200,300
Option 82 is configured on the following VLANs:
1-3,200,300
Appending system name is configured on the following VLANs:
DHCP VLAN is enabled on VLAN 300
Interface Trusted Rate Limit (pps)
--------- ------- --------------- 1 yes 100
2 yes 100
3 yes 100
4 yes 100
5 yes 100
6 no unlimited
7 no unlimited
8 no unlimited
Ethernet Switch CLI Reference Guide
77
Chapter 14 DHCP Snooping & DHCP VLAN Commands
78
Ethernet Switch CLI Reference Guide
CHAPTER 15
DiffServ Commands
Use these commands to configure Differentiated Services (DiffServ) on the Switch.
15.1 Command Summary
The following section lists the commands for this feature.
Table 46 diffserv Command Summary
COMMAND DESCRIPTION M P
show diffserv Displays general DiffServ settings. E 3
diffserv Enables DiffServ on the Switch. C 13
no diffserv Disables DiffServ on the Switch. C 13
diffserv dscp <0-63> priority
<0-7>
interface port-channel <port-
list>
diffserv Enables DiffServ on the port(s). C 13
no diffserv Disables DiffServ on the port(s). C 13
Sets the DSCP-to-IEEE 802.1q mappings. C 13
Enters config-interface mode for the specified port(s). C 13
Ethernet Switch CLI Reference Guide
79
Chapter 15 DiffServ Commands
80
Ethernet Switch CLI Reference Guide
CHAPTER 16
DVMRP Commands
This chapter explains how to use commands to activate the Distance Vector Multicast Routing
Protocol (DVMRP) on the Switch.
16.1 DVMRP Overview
DVMRP (Distance Vector Multicast Routing Protocol) is a protocol used for routing multicast
data. DVMRP is used when a router receives multicast traffic and it wants to find out if other
multicast routers it is connected to need to receive the data. DVMRP sends the data to all
attached routers and waits for a reply. Routers which do not need to receive the data (do not
have multicast group member connected) return a “prune” message, which stops further
multicast traffic for that group from reaching the router.
16.2 Command Summary
The following section lists the commands for this feature.
Table 47 Command Summary: DVMRP
COMMAND DESCRIPTION M P
show ip dvmrp group Displays DVMRP group information. E 3
show ip dvmrp interface Displays DVMRP interface information. E 3
show ip dvmrp neighbor Displays DVMRP neighbor information. E 3
show ip dvmrp prune Displays the DVMRP prune information. E 3
show ip dvmrp route Displays the DVMRP routes. E 3
show router dvmrp Displays DVMRP settings. E 3
router dvmrp Enables and enters the DVMRP
configuration mode.
exit Leaves the DVMRP configuration mode. C 13
threshold <ttl-value> Sets the DVMRP threshold value. Multicast
packets with TTL (Time-To-Live) value
lower than the threshold are not forwarded
by the Switch.
no router dvmrp Disables DVMRP on the Switch. C 13
interface route-domain <ip-address>/<mask-
bits>
Enters the configuration mode for this
routing domain.
C13
C13
C13
Ethernet Switch CLI Reference Guide
81
Chapter 16 DVMRP Commands
Table 47 Command Summary: DVMRP (continued)
COMMAND DESCRIPTION M P
ip dvmrp Activates this routing domain in
participating in DVMRP.
no ip dvmrp Disables this routing domain from
participating in DVMRP.
C13
C13
16.3 Command Examples
In this example, the Switch is configured to exchange DVMRP information with other
DVMRP enabled routers as shown next. The Switch is a DVMRP router (C). DVMRP is
activated on IP routing domains 10.10.10.1/24 and 172.16.1.1/24 so that it can exchange
DVMRP information with routers A and B.
Figure 6 DVMRP Network Example
B
D
E
10.10.10.254
A
172.16.1.254
C
• Enables IGMP and DVMRP on the Switch.
• Enables DVMRP on the following routing domains: 10.10.10.1/24, 172.16.1.1/24.
• Displays DVMRP settings configured on the Switch.
sysname(config)# router igmp
sysname(config-igmp)# exit
sysname(config)# router dvmrp
sysname(config-dvmrp)# exit
sysname(config)# interface route-domain 10.10.10.1/24
sysname(config-if)# ip dvmrp
sysname(config-if)# exit
sysname(config)# interface route-domain 172.16.1.1/24
sysname(config-if)# ip dvmrp
sysname(config-if)# exit
sysname(config)# exit
sysname# show router dvmrp
TTL threshold: 50
82
IP Address Subnet Mask Active
----------------------------------------
10.10.10.1 255.255.255.0 Yes
172.16.1.1 255.255.255.0 Yes
192.168.1.1 255.255.255.0 No
Ethernet Switch CLI Reference Guide
CHAPTER 17
Ethernet OAM Commands
Use these commands to use the link monitoring protocol IEEE 802.3ah Link Layer Ethernet
OAM (Operations, Administration and Maintenance).
17.1 IEEE 802.3ah Link Layer Ethernet OAM Implementation
Link layer Ethernet OAM (Operations, Administration and Maintenance) as described in IEEE
802.3ah is a link monitoring protocol. It utilizes OAM Protocol Data Units or OAM PDU’s to
transmit link status information between directly connected Ethernet devices. Both devices
must support IEEE 802.3ah. Because link layer Ethernet OAM operates at layer two of the
OSI (Open Systems Interconnection Basic Reference) model, neither IP or SNMP are
necessary to monitor or troubleshoot network connection problems.
The Switch supports the following IEEE 802.3ah features:
• Discovery - this identifies the devices on each end of the Ethernet link and their OAM
configuration.
• Remote Loopback - this can initiate a loopback test between Ethernet devices.
17.2 Command Summary
The following section lists the commands for this feature.
Table 48 ethernet oam Command Summary
COMMAND DESCRIPTION M P
show ethernet oam discovery
<port-list>
show ethernet oam statistics
<port-list>
show ethernet oam summary Displays the configuration details of each OAM activated port. E 3
ethernet oam Enables Ethernet OAM on the Switch. C 13
no ethernet oam Disables Ethernet OAM on the Switch. C 13
ethernet oam remote-loopback
start <port>
ethernet oam remote-loopback
stop <port>
Displays OAM configuration details and operational status of
the specified ports.
Displays the number of OAM packets transferred for the
specified ports.
Initiates a remote-loopback test from the specified port by
sending Enable Loopback Control PDUs to the remote
device.
Terminates a remote-loopback test from the specified port by
sending Disable Loopback Control PDUs to the remote
device.
E3
E3
E13
E13
Ethernet Switch CLI Reference Guide
83
Chapter 17 Ethernet OAM Commands
Table 48 ethernet oam Command Summary (continued)
COMMAND DESCRIPTION M P
ethernet oam remote-loopback
test <port> [<number-of-packets>
[<packet-size>]]
interface port-channel <port-
list>
ethernet oam Enables Ethernet OAM on the port(s). C 13
no ethernet oam Disables Ethernet OAM on the port(s). C 13
ethernet oam mode
<active|passive>
ethernet oam remote-loopback
ignore-rx
ethernet oam remote-loopback
supported
no ethernet oam remoteloopback ignore-rx
no ethernet oam remoteloopback supported
no ethernet oam mode Resets the OAM mode to the default value. C 13
Performs a remote-loopback test from the specified port. You
can also define the allowable packet number and packet size
of the loopback test frames.
Enters config-interface mode for the specified port(s). C 13
Specifies the OAM mode on the ports.
active: Allows the port to issue and respond to Ethernet
OAM commands.
passive: Allows the port to respond to Ethernet OAM
commands.
Sets the Switch to ignore loopback commands received on
the ports.
Enables the remote loopback feature on the ports. C 13
Sets the Switch to process loopback commands received on
the ports.
Disables the remote loopback feature on the ports. C 13
E13
C13
C13
C13
17.3 Command Examples
This example enables Ethernet OAM on port 7 and sets the mode to active.
sysname# configure
sysname(config)# ethernet oam
sysname(config)# interface port-channel 7
sysname(config-interface)# ethernet oam
sysname(config-interface)# ethernet oam mode active
sysname(config-interface)# exit
sysname(config)# exit
84
Ethernet Switch CLI Reference Guide
Chapter 17 Ethernet OAM Commands
This example performs Ethernet OAM discovery from port 7.
sysname# show ethernet oam discovery 7
Port 7
Local client
----------- OAM configurations:
Mode : Active
Unidirectional : Not supported
Remote loopback : Not supported
Link events : Not supported
Variable retrieval: Not supported
Max. OAMPDU size : 1518
Operational status:
Link status : Down
Info. revision : 3
Parser state : Forward
Discovery state : Active Send Local
The following table describes the labels in this screen.
Table 49 show ethernet oam discovery
LABEL DESCRIPTION
OAM configurations The remote device uses this information to determine what functions are
supported.
Mode This field displays the OAM mode. The device in active mode (typically the
service provider's device) controls the device in passive mode (typically the
subscriber's device).
Active: The Switch initiates OAM discovery; sends information PDUs; and
may send event notification PDUs, variable request/response PDUs, or
loopback control PDUs.
Passive: The Switch waits for the remote device to initiate OAM discovery;
sends information PDUs; may send event notification PDUs; and may
respond to variable request PDUs or loopback control PDUs.
The Switch might not support some types of PDUs, as indicated in the
fields below.
Unidirectional This field indicates whether or not the Switch can send information PDUs to
Remote loopback This field indicates whether or not the Switch can use loopback control
Link events This field indicates whether or not the Switch can interpret link events, such
Variable retrieval This field indicates whether or not the Switch can respond to requests for
Max. OAMPDU size This field displays the maximum size of PDU for receipt and delivery.
Operational status
Link status This field indicates that the link is up or down.
transmit fault information when the receive path is non-operational.
PDUs to put the remote device into loopback mode.
as link fault and dying gasp. Link events are sent in event notification PDUs
and indicate when the number of errors in a given interval (time, number of
frames, number of symbols, or number of errored frame seconds) exceeds
a specified threshold. Organizations may create organization-specific link
event TLVs as well.
more information, such as requests for Ethernet counters and statistics,
about link events.
Ethernet Switch CLI Reference Guide
85
Chapter 17 Ethernet OAM Commands
Table 49 show ethernet oam discovery (continued)
LABEL DESCRIPTION
Info. revision This field displays the current version of local state and configuration. This
Parser state This field indicates the current state of the parser.
Discovery state This field indicates the state in the OAM discovery process. OAM-enabled
two-octet value starts at zero and increments every time the local state or
configuration changes.
Forward: The packet is forwarding packets normally.
Loopback: The Switch is in loopback mode.
Discard: The Switch is discarding non-OAMPDUs because it is trying to or
has put the remote device into loopback mode.
devices use this process to detect each other and to exchange information
about their OAM configuration and capabilities. OAM discovery is a
handshake protocol.
Fault: One of the devices is transmitting OAM PDUs with link fault
information, or the interface is not operational.
Active Send Local: The Switch is in active mode and is trying to see if the
remote device supports OAM.
Passive Wait: The Switch is in passive mode and is waiting for the remote
device to begin OAM discovery.
Send Local Remote: This state occurs in the following circumstances.
• The Switch has discovered the remote device but has not accepted or
rejected the connection yet.
• The Switch has discovered the remote device and rejected the
connection.
Send Local Remote OK: The Switch has discovered the remote device
and has accepted the connection. In addition, the remote device has not
accepted or rejected the connection yet, or the remote device has rejected
the connected.
Send Any: The Switch and the remote device have accepted the
connection. This is the operating state for OAM links that are fully
operational.
This example looks at the number of OAM packets transferred on port 1.
sysname# show ethernet oam statistics 1
Port 1
Statistics:
---------- Information OAMPDU Tx : 0
Information OAMPDU Rx : 0
Event Notification OAMPDU Tx : 0
Event Notification OAMPDU Rx : 0
Loopback Control OAMPDU Tx : 0
Loopback Control OAMPDU Rx : 0
Variable Request OAMPDU Tx : 0
Variable Request OAMPDU Rx : 0
Variable Response OAMPDU Tx : 0
Variable Response OAMPDU Rx : 0
Unsupported OAMPDU Tx : 0
Unsupported OAMPDU Rx : 0
86
Ethernet Switch CLI Reference Guide
Chapter 17 Ethernet OAM Commands
The following table describes the labels in this screen.
Table 50 show ethernet oam statistics
LABEL DESCRIPTION
Information OAMPDU Tx This field displays the number of OAM PDUs sent on the port.
Information OAMPDU Rx This field displays the number of OAM PDUs received on the port.
Event Notification
OAMPDU Tx
Event Notification
OAMPDU Rx
Loopback Control
OAMPDU Tx
Loopback Control
OAMPDU Rx
Variable Request
OAMPDU Tx
Variable Request
OAMPDU Rx
Variable Response
OAMPDU Tx
Variable Response
OAMPDU Rx
Unsupported OAMPDU TxThis field displays the number of unsupported OAM PDUs sent on the port.
This field displays the number of unique or duplicate OAM event notification
PDUs sent on the port.
This field displays the number of unique or duplicate OAM event notification
PDUs received on the port.
This field displays the number of loopback control OAM PDUs sent on the
port.
This field displays the number of loopback control OAM PDUs received on
the port.
This field displays the number of OAM PDUs sent to request MIB objects
on the remote device.
This field displays the number of OAM PDUs received requesting MIB
objects on the Switch.
This field displays the number of OAM PDUs sent by the Switch in
response to requests.
This field displays the number of OAM PDUs sent by the remote device in
response to requests.
Unsupported OAMPDU RxThis field displays the number of unsupported OAM PDUs received on the
port.
This example looks at the configuration of ports on which OAM is enabled.
sysname# show ethernet oam summary
OAM Config: U : Unidirection, R : Remote Loopback
L : Link Events , V : Variable Retrieval
Local Remote
------------- ----------------------------------------Port Mode MAC Addr OUI Mode Config
----- ------- ----------------- ------ ------- -------1 Active
The following table describes the labels in this screen.
Table 51 show ethernet oam summary
LABEL DESCRIPTION
Local This section displays information about the ports on the Switch.
Port This field displays the port number.
Mode This field displays the operational state of the port.
Remote This section displays information about the remote device.
MAC Addr This field displays the MAC address of the remote device.
Ethernet Switch CLI Reference Guide
87
Chapter 17 Ethernet OAM Commands
Table 51 show ethernet oam summary (continued)
LABEL DESCRIPTION
OUI This field displays the OUI (first three bytes of the MAC address) of the
Mode This field displays the operational state of the remote device.
Config This field displays the capabilities of the Switch and remote device. THe
remote device.
capabilities are identified in the OAM Config section.
88
Ethernet Switch CLI Reference Guide
CHAPTER 18
GARP Commands
Use these commands to configure GARP.
18.1 GARP Overview
Switches join VLANs by making a declaration. A declaration is made by issuing a Join
message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All
message terminates all registrations. GARP timers set declaration timeout values.
18.2 Command Summary
The following section lists the commands for this feature.
Table 52 garp Command Summary
COMMAND DESCRIPTION M P
show garp Displays GARP information. E 3
garp join <100-65535> leave
<200-65535> leaveall <200-65535>
Configures GARP time settings (in milliseconds), including
the join, leave and leave all timers for each port. Leave Time
must be at least two times larger than Join Timer, and Leave
All Timer must be larger than Leave Timer.
C13
Ethernet Switch CLI Reference Guide
89
Chapter 18 GARP Commands
18.3 Command Examples
In this example, the administrator looks at the Switch’s GARP timer settings and decides to
change them. The administrator sets the Join Timer to 300 milliseconds, the Leave Timer to
800 milliseconds, and the Leave All Timer to 11000 milliseconds.
sysname# show garp
GARP Timer
-----------------------Join Timer :200
Leave Timer :600
Leave All Timer :10000
sysname# configure
sysname(config)# garp join 300 leave 800 leaveall 11000
sysname(config)# exit
sysname# show garp
GARP Timer
-----------------------Join Timer :300
Leave Timer :800
Leave All Timer :11000
90
Ethernet Switch CLI Reference Guide
CHAPTER 19
GVRP Commands
Use these commands to configure GVRP.
19.1 Command Summary
The following section lists the commands for this feature.
Table 53 gvrp Command Summary
COMMAND DESCRIPTION M P
show vlan1q gvrp Displays GVRP settings. E 13
vlan1q gvrp Enables GVRP. C 13
no vlan1q gvrp Disables GVRP on the Switch. C 13
interface port-channel <port-
list>
gvrp Enables this function to permit VLAN groups beyond the local
no gvrp Disable GVRP on the port(s). C 13
Enters config-interface mode for the specified port(s). C 13
C13
Switch.
19.2 Command Examples
This example shows the Switch’s GVRP settings.
sysname# show vlan1q gvrp
GVRP Support
----------------------gvrpEnable = YES
gvrpPortEnable:
This example turns off GVRP on ports 1-5.
sysname# configure
sysname(config)# interface port-channel 1-5
sysname(config-interface)# no gvrp
sysname(config-interface)# exit
sysname(config)# exit
Ethernet Switch CLI Reference Guide
91
Chapter 19 GVRP Commands
92
Ethernet Switch CLI Reference Guide
PART III
Reference H-M
HTTPS Server Commands (95)
IEEE 802.1x Authentication Commands (99)
IGMP and Multicasting Commands (101)
IGMP Snooping Commands (105)
IGMP Filtering Commands (111)
Interface Commands (113)
Interface Route-domain Mode (117)
IP Commands (119)
IP Source Binding Commands (123)
Layer 2 Protocol Tunnel (L2PT) Commands (125)
Link Layer Discovery Protocol (LLDP) Commands (129)
Logging Commands (133)
Login Account Commands (135)
Loopguard Commands (137)
MAC Address Commands (139)
MAC Authentication Commands (141)
MAC Filter Commands (143)
MAC Forward Commands (145)
Mirror Commands (147)
MRSTP Commands (151)
MSTP Commands (153)
Multiple Login Commands (157)
MVR Commands (159)
93
94
CHAPTER 20
HTTPS Server Commands
Use these commands to configure the HTTPS server on the Switch.
20.1 Command Summary
The following section lists the commands for this feature.
Table 54 https Command Summary
COMMAND DESCRIPTION M P
show https Displays the HTTPS settings, statistics, and sessions. E 3
show https certificate Displays the HTTPS certificates. E 3
show https key <rsa|dsa> Displays the HTTPS key. E 3
show https session Displays current HTTPS session(s). E 3
https cert-regeneration
<rsa|dsa>
Re-generates a certificate. C 13
Ethernet Switch CLI Reference Guide
95
Chapter 20 HTTPS Server Commands
20.2 Command Examples
This example shows the current HTTPS settings, statistics, and sessions.
sysname# show https
Configuration
Version : SSLv3, TLSv1
Maximum session number: 64 sessions
Maximum cache number : 128 caches
Cache timeout : 300 seconds
Support ciphers :
DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA EDH-RSA-DESCBC3-SHA
EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA DES-CBC3-MD5 DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA AES128-SHA DHE-DSS-RC4-SHA IDEA-CBC-SHA RC4SHA
RC4-MD5 IDEA-CBC-MD5 RC2-CBC-MD5 RC4-MD5
Statistics:
Total connects : 0
Current connects : 0
Connects that finished: 0
Renegotiate requested : 0
Session cache items : 0
Session cache hits : 0
Session cache misses : 0
Session cache timeouts: 0
Sessions:
Remote IP Port Local IP Port SSL bytes Sock bytes
The following table describes the labels in this screen.
Table 55 show https
LABEL DESCRIPTION
Configuration
Version This field displays the current version of SSL (Secure Sockets Layer) and
Maximum session
number
Maximum cache number This field displays the maximum number of entries in the cache table the
Cache timeout This field displays how long entries remain in the cache table before they
Support ciphers This field displays the SSL or TLS cipher suites the Switch supports for
Statistics
Total connects This field displays the total number of HTTPS connections since the Switch
Current connects This field displays the current number of HTTPS connections.
TLS (Transport Layer Security).
This field displays the maximum number of HTTPS sessions the Switch
supports.
Switch supports for HTTPS sessions.
expire.
HTTPS sessions. The cipher suites are identified by their OpenSSL
equivalent names. If the name does not include the authentication used,
assume RSA authentication. See SSL v2.0, SSL v3.0, TLS v1.0, and RFC
3268 for more information.
started up.
96
Ethernet Switch CLI Reference Guide
Chapter 20 HTTPS Server Commands
Table 55 show https (continued)
LABEL DESCRIPTION
Connects that finished This field displays the number of HTTPS connections that have finished.
Renegotiate requested This field displays the number of times the Switch requested clients to
Session cache items This field displays the current number of items in cache.
Session cache hits This field displays the number of times the Switch used cache to satisfy a
Session cache misses This field displays the number of times the Switch could not use cache to
Session cache timeouts This field displays the number of items that have expired in the cache.
Sessions
Remote IP This field displays the client’s IP address in this session.
Port This field displays the client’s port number in this session.
Local IP This field displays the Switch’s IP address in this session.
Port This field displays the Switch’s port number in this session.
SSL bytes This field displays the number of bytes encrypted or decrypted by the
Sock bytes This field displays the number of bytes encrypted or decrypted by the
renegotiate the SSL connection parameters.
request.
satisfy a request.
Secure Socket Layer (SSL).
socket.
This example shows the current HTTPS sessions.
sysname# show https session
SSL-Session:
Protocol : SSLv3
Cipher : RC4-MD5
Session-ID:
68BFB25BFAFEE3F0F15AB7B038EAB6BACE4AB7A4A6A5280E55943B7191057C96
Session-ID-ctx: 7374756E6E656C20534944
Master-Key:
65C110D9BD9BB0EE36CE0C76408C121DAFD1E5E3209614EB0AC5509CDB60D0904937DA4B
A5BA058B57FD7169ACDD4ACF
Key-Arg : None
Start Time: 2252
Timeout : 300 (sec)
Verify return code: 0 (ok)
The following table describes the labels in this screen.
Table 56 show https session
LABEL DESCRIPTION
Protocol This field displays the SSL version used in the session.
Cipher This field displays the encryption algorithms used in the session.
Session-ID This field displays the session identifier.
Session-ID-ctx This field displays the session ID context, which is used to label the data
Master-Key This field displays the SSL session master key.
and cache in the sessions and to ensure sessions are only reused in the
appropriate context.
Ethernet Switch CLI Reference Guide
97
Chapter 20 HTTPS Server Commands
Table 56 show https session (continued)
LABEL DESCRIPTION
Key-Arg This field displays the key argument that is used in SSLv2.
Start Time This field displays the start time (in seconds, represented as an integer in
Timeout This field displays the timeout for the session. If the session is idle longer
Verify return code This field displays the return code when an SSL client certificate is verified.
standard UNIX format) of the session.
than this, the Switch automatically disconnects.
98
Ethernet Switch CLI Reference Guide
CHAPTER 21
IEEE 802.1x Authentication
Commands
Use these commands to configure IEEE 802.1x authentication.
" Do not forget to configure the authentication server.
21.1 Command Summary
The following section lists the commands for this feature.
Table 57 port-access-authenticator Command Summary
COMMAND DESCRIPTION M P
show port-access-authenticator Displays all port authentication settings. E 3
show port-access-authenticator
<port-list>
port-access-authenticator Enables 802.1x authentication on the Switch. C 13
no port-access-authenticator Disables port authentication on the Switch. C 13
port-access-authenticator
<port-list>
no port-access-authenticator
<port-list>
port-access-authenticator
<port-list> reauthenticate
no port-access-authenticator
<port-list> reauthenticate
port-access-authenticator
<port-list> reauth-period <1-
65535>
Displays port authentication settings on the specified port(s). E 3
Enables 802.1x authentication on the specified port(s). C 13
Disables authentication on the listed ports. C 13
Sets a subscriber to periodically re-enter his or her username
and password to stay connected to a specified port.
Disables the re-authentication mechanism on the listed
port(s).
Specifies how often (in seconds) a client has to re-enter the
username and password to stay connected to the specified
port(s).
C13
C13
C13
21.2 Command Examples
This example configures the Switch in the following ways:
Ethernet Switch CLI Reference Guide
99
Chapter 21 IEEE 802.1x Authentication Commands
1 Specifies RADIUS server 1 with IP address 10.10.10.1, port 1890 and the string
secretKey as the password.
2 Specifies the timeout period of 30 seconds that the Switch will wait for a response from
the RADIUS server.
3 Enables port authentication on the Switch.
4 Enables port authentication on ports 4 to 8.
5 Activates reauthentication on ports 4-8.
6 Specifies 1800 seconds as the interval for client reauthentication on ports 4-8.
sysname(config)# radius-server host 1 10.10.10.1 auth-port 1890 key
--> secretKey
sysname(config)# radius-server timeout 30
sysname(config)# port-access-authenticator
sysname(config)# port-access-authenticator 4-8
sysname(config)# port-access-authenticator 4-8 reauthenticate
sysname(config)# port-access-authenticator 4-8 reauth-period 1800
This example configures the Switch in the following ways:
1 Disables authentication on the Switch.
2 Disables re-authentication on ports 1, 3, 4, and 5.
3 Disables authentication on ports 1, 6, and 7.
sysname(config)# no port-access-authenticator
sysname(config)# no port-access-authenticator 1,3-5 reauthenticate
sysname(config)# no port-access-authenticator 1,6-7
100
Ethernet Switch CLI Reference Guide
Loading...