Planet SGS-6341-48T4X - Switch

SGS-6341-48T4X - Switch Planet - Free user manual and instructions

Find the device manual for free SGS-6341-48T4X Planet in PDF.

📄 999 pages English EN Download 💬 AI Question 10 questions ⚙️ Specs
Notice Planet SGS-6341-48T4X - page 50
50 / 999
Pick your language and provide your email: we'll send you a specifically translated version.
Product Type Managed Gigabit Switch
Model SGS-6341-48T4X
Brand Planet
Ports 48 x 10/100/1000Base-T (RJ45), 4 x 10GBASE-X SFP+
Switching Capacity 176 Gbps
Forwarding Rate 131 Mpps
Layer Layer 2+ (Static Routing)
Dimensions (W x D x H) 440 x 300 x 44.5 mm (19-inch rackmount)
Weight 4.5 kg
Power Supply 100-240V AC, 50/60Hz, internal
Power Consumption Max 45W
Operating Temperature 0°C to 50°C
Humidity 5% to 95% (non-condensing)
Management Web GUI, SNMP v1/v2c/v3, CLI (Telnet/SSH), RMON, LLDP
VLAN Support 802.1Q VLAN up to 4094, Voice VLAN, MAC VLAN, Protocol VLAN
Security Features ACL, 802.1X, Port Security, DHCP Snooping, IP Source Guard
QoS 8 priority queues, 802.1p, DSCP, Traffic Shaping
Redundancy & Failover STP/RSTP/MSTP, LACP, Stacking (up to 4 units)
Maintenance & Cleaning Use a dry cloth; avoid liquid cleaners. Keep vents free of dust.
Safety Certifications CE, FCC Class A, RoHS
Spare Parts & Repairability Replaceable fan modules; no user-serviceable internal parts. Contact Planète support for repairs.

Frequently Asked Questions - SGS-6341-48T4X Planet

How to access the web interface of the SGS-6341-48T4X?
By default, the switch is assignable via DHCP. Use the console cable to set a static IP, then enter that IP into a web browser. Default credentials (if not changed) are admin/admin. Refer to the manual for details.
Does this switch support stacking?
Yes, the SGS-6341-48T4X supports physical stacking via dedicated stacking ports or using SFP+ ports (up to 4 units) managed as a single device.
Can I use SFP+ modules for 10 Gigabit connections?
Yes, the four SFP+ ports support 10GBASE-X modules. Ensure compatible modules (SR, LR, etc.) are used.
What is the default reset procedure?
Press and hold the reset button on the front panel for about 10 seconds until the system LED blinks. This restores factory defaults. Be cautious as it clears all configurations.
Is PoE supported on this model?
No, the SGS-6341-48T4X does not provide Power over Ethernet. It is a pure data switching model.
How to update firmware?
Download the latest firmware from the Planet website. Access the web GUI, go to Maintenance > Firmware Upgrade, select the file, and upload. Do not power off during upgrade.
What is the maximum operating temperature?
The switch can operate between 0°C and 50°C (32°F to 122°F). Ensure proper ventilation.
How to enable VLAN on a port?
Access the VLAN menu in the web GUI. Create a VLAN ID, then assign ports as tagged or untagged members. Use CLI: 'vlan database' and 'switchport access vlan '.
Can I mount this switch on a wall?
No, this switch is designed for 19-inch rack mounting using the included brackets. Wall mounting is not supported by the manufacturer.
What warranty does Planet offer?
Planet typically offers a 2-year limited warranty. Contact your reseller or Planet support for details. Proof of purchase is required.

User questions about SGS-6341-48T4X Planet

0 question about this device. Answer the ones you know or ask your own.

Ask a new question about this device

The email remains private: it is only used to notify you if someone responds to your question.

No questions yet. Be the first to ask one.

Download the instructions for your Switch in PDF format for free! Find your manual SGS-6341-48T4X - Planet and take your electronic device back in hand. On this page are published all the documents necessary for the use of your device. SGS-6341-48T4X by Planet.

USER MANUAL SGS-6341-48T4X Planet

natural_image Front view of a network switch device with multiple Ethernet ports and indicator lights (no visible text or labels)

SGS-6341 Series

Planet SGS-6341-48T4X - Gigabit Ethernet L3 Stackable Managed Switch with 10GbE Uplink - 1

natural_image Industrial chemical plant exterior with tall distillation towers and storage tanks (no visible text or signage)

Contents

CHAPTER 1 COMMANDS FOR BASIC SWITCH CONFIGURATION ....50

1.1 COMMANDS FOR BASIC CONFIGURATION....50

1.1.1 Authentication line login 50
1.1.2 banner....51
1.1.3 boot img 51
1.1.4 boot startup-config 52
1.1.5 clock set.... 53
1.1.6 config 53
1.1.7 debug ssh-server 54
1.1.8 disable....54
1.1.9 enable 54
1.1.10 enable password....55
1.1.11 end 55
1.1.12 exec-timeout 56
1.1.13 exit 56
1.1.14 help 57
1.1.15 hostname 57
1.1.16 ip host 58
1.1.17 ipv6 host....58
1.1.18 ip http server 59
1.1.19 language 59
1.1.20 login 60
1.1.21 password....60
1.1.22 reload....61
1.1.23 service password-encryption....61
1.1.24 service terminal-length....62
1.1.25 sysContact 62
1.1.26 sysLocation 63
1.1.27 set default 63
1.1.28 setup 64
1.1.29 show clock 64
1.1.30 show cpu usage 65
1.1.31 show memory usage....65
1.1.32 show privilege 66
1.1.33 show temperature 66
1.1.34 show tech-support....67
1.1.35 show version....67

1.1.36 username....68
1.1.37 web language....69
1.1.38 write 69

1.2 COMMANDS FOR TELNET 70

1.2.1 authentication ip access-class 70
1.2.2 authentication ipv6 access-class....70
1.2.3 authentication line login 71
1.2.4 authentication securityip....72
1.2.5 authentication securityipv6....72
1.2.6 authorization 73
1.2.7 terminal length 73
1.2.8 terminal monitor 74
1.2.9 telnet 74
1.2.10 telnet server enable 75
1.2.11 telnet-server max-connection....75
1.2.12 ssh-server authentication-retries....76
1.2.13 ssh-server enable 76
1.2.14 ssh-server host-key create rsa....77
1.2.15 ssh-server max-connection....77
1.2.16 ssh-server timeout 78
1.2.17 show ssh-server....78
1.2.18 show telnet login 79
1.2.19 who 79

1.3 COMMANDS FOR CONFIGURING SWITCH IP 80

1.3.1 interface vlan....80
1.3.2 ip address 80
1.3.3 ipv6 address....81
1.3.4 ip bootp-client enable 81
1.3.5 ip dhcp-client enable 82

1.4 COMMANDS FOR SNMP....83

1.4.1 debug snmp mib 83
1.4.2 debug snmp kernel 83
1.4.3 rmon enable 84
1.4.4 show private-mib oid 84
1.4.5 show snmp....85
1.4.6 show snmp engineid 86
1.4.7 show snmp group....87
1.4.8 show snmp mib 87
1.4.9 show snmp status 88
1.4.10 show snmp user....89

1.4.11 show snmp view 89
1.4.12 snmp-server community....90
1.4.13 snmp-server enable 91
1.4.14 snmp-server enable traps 91
1.4.15 snmp-server engineid 92
1.4.16 snmp-server group....92
1.4.17 snmp-server host 93
1.4.18 snmp-server securityip....94
1.4.19 snmp-server securityip....94
1.4.20 snmp-server trap-source....95
1.4.21 snmp-server user 95
1.4.22 snmp-server view 96

1.5 COMMANDS FOR SWITCH UPGRADE 97

1.5.1 copy (FTP) 97
1.5.2 copy (TFTP) 98
1.5.3 ftp-dir....99
1.5.4 ftp-server enable 100
1.5.5 ftp-server timeout 100
1.5.6 ip ftp 101
1.5.7 show ftp....101
1.5.8 show tftp.... 102
1.5.9 tftp-server enable 102
1.5.10 tftp-server retransmission-number 103
1.5.11 tftp-server transmission-timeout 103

CHAPTER 2 FILE SYSTEM COMMANDS....104

2.1 CD 104
2.2 COPY 104
2.3 DELETE 105
2.4 DIR....106
2.5 FORMAT 106
2.6 MKDIR....107
2.7 PWD....107
2.8 RENAME 108
2.9 RMDIR....108

CHAPTER 3 COMMANDS FOR CLUSTER....109

3.1 CLEAR CLUSTER NODES....109
3.2 CLUSTER AUTO-ADD....109
3.3 CLUSTER COMMANDER....110
3.4 CLUSTER IP-POOL....110

3.5 CLUSTER KEEPALIVE INTERVAL 111
3.6 CLUSTER KEEPALIVE LOSS-COUNT....112
3.7 CLUSTER MEMBER 112
3.8 CLUSTER MEMBER AUTO-TO-USER 113
3.9 CLUSTER RESET MEMBER....114
3.10 CLUSTER RUN....114
3.11 CLUSTER UPDATE MEMBER....115
3.12 DEBUG CLUSTER....116
3.13 DEBUG CLUSTER PACKETS 116
3.14 SHOW CLUSTER....117
3.15 SHOW CLUSTER MEMBERS 118
3.16 SHOW CLUSTER CANDIDATES....119
3.17 SHOW CLUSTER TOPOLOGY....120
3.18 RCOMMAND COMMANDER....122
3.19 RCOMMAND MEMBER 122

CHAPTER 4 COMMANDS FOR NETWORK PORT CONFIGURATION ....123

4.1 COMMANDS FOR ETHERNET PORT CONFIGURATION....123

4.1.1 bandwidth.... 123
4.1.2 combo-forced-mode 124
4.1.3 clear counters interface.... 125
4.1.4 flow control.... 125
4.1.5 interface ethernet 126
4.1.6 loopback.... 127
4.1.7 mdi 127
4.1.8 name 128
4.1.9 negotiation 128
4.1.10 port-rate-statistics interval 129
4.1.11 port-scan-mode 130
4.1.12 rate-suppression 131
4.1.13 rate-violation 132
4.1.14 show interface.... 133
4.1.15 shutdown.... 137
4.1.16 speed-duplex 137
4.1.17 virtual-cable-test.... 139

CHAPTER 5 COMMANDS FOR PORT ISOLATION FUNCTION....140

5.1 ISOLATE-PORT GROUP....140
5.2 ISOLATE-PORT GROUP SWITCHPORT INTERFACE....141
5.3 ISOLATE-PORT APPLY 142
5.4 SHOW ISOLATE-PORT GROUP....142

CHAPTER 6 COMMANDS FOR PORT LOOPBACK DETECTION FUNCTION ....143

6.1 DEBUG LOOPBACK-DETECTION....143
6.2 LOOPBACK-DETECTION CONTROL....143
6.3 LOOPBACK-DETECTION CONTROL-RECOVERY TIMEOUT....144
6.4 LOOPBACK-DETECTION INTERVAL-TIME....145
6.5 LOOPBACK-DETECTION SPECIFIED-VLAN 145
6.6 SHOW LOOPBACK-DETECTION 146

CHAPTER 7 COMMANDS FOR ULDP....147

7.1 DEBUG ULDP 147
7.2 DEBUG ULDP ERROR 147
7.3 DEBUG ULDP EVENT 148
7.4 DEBUG ULDP FSM INTERFACE ETHERNET 148
7.5 DEBUG ULDP INTERFACE ETHERNET 149
7.6 DEBUG ULDP PACKET 149
7.7 ULDP AGGRESSIVE-MODE 150
7.8 ULDP ENABLE 150
7.9 ULDP DISABLE 151
7.10 ULDP HELLO-INTERVAL....151
7.11 ULDP MANUAL-SHUTDOWN 152
7.12 ULDP RESET 152
7.13 SHOW ULDP....153

CHAPTER 8 COMMANDS FOR LLDP FUNCTION....154

8.1 CLEAR LLDP REMOTE-TABLE 154
8.2 DEBUG LLDP....154
8.3 DEBUG LLDP PACKETS 155
8.4 LLDP ENABLE 155
8.5 LLDP ENABLE (PORT)....156
8.6 LLDP MODE....156
8.7 LLDP MSGTXHOLD....157
8.8 LLDP NEIGHBORS MAX-NUM....157
8.9 LLDP NOTIFICATION INTERVAL 158
8.10 LLDP TOO MANY NEIGHBORS....158
8.11 LLDP TRANSMIT DELAY 159
8.12 LLDP TRANSMIT OPTIONAL TLV....159
8.13 LLDP TRAP 160
8.14 LLDP TX-INTERVAL 161
8.15 SHOW DEBUGGING LLDP....162
8.16 SHOW LLDP 163

8.17 SHOW LLDP INTERFACE ETHERNET....164
8.18 SHOW LLDP NEIGHBORS INTERFACE ETHERNET 165
8.19 SHOW LLDP TRAFFIC 165

CHAPTER 9 COMMANDS FOR PORT CHANNEL....166

9.1 DEBUG PORT-CHANNEL 166
9.2 INTERFACE PORT-CHANNEL 167
9.3 LACP PORT-PRIORITY 167
9.4 LACP SYSTEM-PRIORITY 168
9.5 LACP TIMEOUT 168
9.6 LOAD-BALANCE 169
9.7 PORT-GROUP 169
9.8 PORT-GROUP MODE 170
9.9 SHOW PORT-GROUP 171

CHAPTER 10 COMMANDS FOR JUMBO....173

10.1 JUMBO ENABLE 173

CHAPTER 11 COMMANDS FOR EFM OAM....174

11.1 CLEAR ETHERNET-OAM....174
11.2 DEBUG ETHERNET-OAM ERROR....174
11.3 DEBUG ETHERNET-OAM FSM 175
11.4 DEBUG ETHERNET-OAM PACKET....175
11.5 DEBUG ETHERNET-OAM TIMER 176
11.6 ETHERNET-OAM 176
11.7 ETHERNET-OAM ERRORED-FRAME THRESHOLD HIGH....177
11.8 ETHERNET-OAM ERRORED-FRAME THRESHOLD LOW 177
11.9 ETHERNET-OAM ERRORED-FRAME WINDOW 178
11.10 ETHERNET-OAM ERRORED-FRAME-PERIOD THRESHOLD HIGH 179
11.11 ETHERNET-OAM ERRORED-FRAME-PERIOD THRESHOLD LOW 180
11.12 ETHERNET-OAM ERRORED-FRAME-PERIOD WINDOW....181
11.13 ETHERNET-OAM ERRORED-FRAME-SECONDS THRESHOLD HIGH....182
11.14 ETHERNET-OAM ERRORED-FRAME-SECONDS THRESHOLD LOW....183
11.15 ETHERNET-OAM ERRORED-FRAME-SECONDS WINDOW 184
11.16 ETHERNET-OAM ERRORED-SYMBOL-PERIOD THRESHOLD HIGH 185
11.17 ETHERNET-OAM ERRORED-SYMBOL-PERIOD THRESHOLD LOW....186
11.18 ETHERNET-OAM ERRORED-SYMBOL-PERIOD WINDOW....187
11.19 ETHERNET-OAM LINK-MONITOR....188
11.20 ETHERNET-OAM MODE....188
11.21 ETHERNET-OAM PERIOD 189
11.22 ETHERNET-OAM REMOTE-FAILURE....189

11.23 ETHERNET-OAM REMOTE-LOOPBACK 190
11.24 ETHERNET-OAM REMOTE-LOOPBACK SUPPORTED....191
11.25 ETHERNET-OAM TIMEOUT....191
11.26 SHOW ETHERNET-OAM....192
11.27 SHOW ETHERNET-OAM EVENTS 196
11.28 SHOW ETHERNET-OAM LINK-EVENTS CONFIGURATION 199
11.29 SHOW ETHERNET-OAM LOOPBACK STATUS 200

CHAPTER 12 VLAN CONFIGURATION....201

12.1 COMMANDS FOR VLAN CONFIGURATION....201

12.1.1 debug gvrp event 201
12.1.2 debug gvrp packet....202
12.1.3 dot1q-tunnel enable 203
12.1.4 dot1q-tunnel tpid 204
12.1.5 garp timer join 205
12.1.6 garp timer leave 205
12.1.7 garp timer leaveall.... 206
12.1.8 gvrp (Global) 206
12.1.9 gvrp (Port) 207
12.1.10 no garp timer....207
12.1.11 name 208
12.1.12 private-vlan 208
12.1.13 private-vlan association.... 210
12.1.14 show dot1q-tunnel....211
12.1.15 show garp timer 211
12.1.16 show gvrp fsm information 212
12.1.17 show gvrp leaveAll fsm information.... 213
12.1.18 show gvrp leavetimer running 213
12.1.19 show gvrp port-member 214
12.1.20 show gvrp port registered vlan 215
12.1.21 show gvrp timer running information 215
12.1.22 show gvrp vlan registered port 216
12.1.23 show vlan 217
12.1.24 show vlan-translation 218
12.1.25 switchport access vlan 219
12.1.26 switchport forbidden vlan 220
12.1.27 switchport hybrid allowed vlan 221
12.1.28 switchport hybrid native vlan 222
12.1.29 switchport interface 223
12.1.30 switchport mode 224

12.1.31 switchport mode trunk allow-null 225
12.1.32 switchport trunk allowed vlan 225
12.1.33 switchport trunk native vlan.... 226
12.1.34 vlan 226
12.1.35 vlan internal.... 227
12.1.36 vlan ingress enable 228
12.1.37 vlan-translation.... 228
12.1.38 vlan-translation enable 229
12.1.39 vlan-translation miss drop 230

12.2 COMMANDS FOR DYNAMIC VLAN CONFIGURATION....231

12.2.1 dynamic-vlan mac-vlan prefer 231
12.2.2 dynamic-vlan subnet-vlan prefer 231
12.2.3 mac-vlan 232
12.2.4 mac-vlan vlan.... 233
12.2.5 protocol-vlan 234
12.2.6 show dynamic-vlan prefer 235
12.2.7 show mac-vlan 235
12.2.8 show mac-vlan interface 236
12.2.9 show protocol-vlan.... 236
12.2.10 show subnet-vlan 237
12.2.11 show subnet-vlan interface.... 237
12.2.12 subnet-vlan 238
12.2.13 switchport mac-vlan enable.... 239
12.2.14 switchport subnet-vlan enable.... 239

12.3 COMMANDS FOR VOICE VLAN CONFIGURATION....240

12.3.1 show voice-vlan 240
12.3.2 switchport voice-vlan enable 240
12.3.3 voice-vlan 241
12.3.4 voice-vlan vlan 242

CHAPTER 13 COMMANDS FOR MAC ADDRESS TABLE CONFIGURATION .....243

13.1 COMMANDS FOR MAC ADDRESS TABLE CONFIGURATION....243

13.1.1 clear mac-address-table dynamic 243
13.1.2 mac-address-table aging-time.... 244
13.1.3 mac-address-table static | static-multicast | blackhole.... 244
13.1.4 show mac-address-table 246

13.2 COMMANDS FOR MAC ADDRESS BINDING CONFIGURATION....247

13.2.1 clear port-security dynamic 247
13.2.2 mac-address-table periodic-monitor-time 247
13.2.3 show port-security 248

13.2.4 show port-security address 249
13.2.5 show port-security interface 250
13.2.6 switchport port-security 251
13.2.7 switchport port-security convert 251
13.2.8 switchport port-security lock 252
13.2.9 switchport port-security mac-address 252
13.2.10 switchport port-security maximum.... 253
13.2.11 switchport port-security timeout.... 253
13.2.12 switchport port-security violation 254

CHAPTER 14 OMMANDS FOR MSTP....255

14.1 COMMANDS FOR MSTP....255

14.1.1 abort....255
14.1.2 exit 255
14.1.3 instance vlan 256
14.1.4 name 257
14.1.5 no....257
14.1.6 revision-level 258
14.1.7 show....258
14.1.8 spanning-tree 259
14.1.9 spanning-tree cost....260
14.1.10 spanning-tree digest-snooping....261
14.1.11 spanning-tree format 262
14.1.12 spanning-tree forward-time 263
14.1.13 spanning-tree hello-time....263
14.1.14 spanning-tree link-type p2p.... 264
14.1.15 spanning-tree maxage 264
14.1.16 spanning-tree max-hop 265
14.1.17 spanning-tree mcheck....265
14.1.18 spanning-tree mode 266
14.1.19 spanning-tree mst configuration....267
14.1.20 spanning-tree mst cost.... 268
14.1.21 spanning-tree mst loopguard 269
14.1.22 spanning-tree mst port-priority 270
14.1.23 spanning-tree mst priority.... 271
14.1.24 spanning-tree mst rootguard 272
14.1.25 spanning-tree portfast 273
14.1.26 spanning-tree port-priority 274
14.1.27 spanning-tree priority 274
14.1.28 spanning-tree rootguard.... 275

14.1.29 spanning-tree tcflush (Global mode) 275
14.1.30 spanning-tree tcflush (Port mode) 276
14.1.31 spanning-tree transmit-hold-count....277

14.2 COMMANDS FOR MONITOR AND DEBUG....278

14.2.1 debug spanning-tree 278
14.2.2 show mst-pending.... 278
14.2.3 show spanning-tree.... 279
14.2.4 show spanning-tree mst config 282

CHAPTER 15 COMMANDS FOR QOS AND PBR ....283

15.1 ACCOUNTING 283
15.2 CLASS....284
15.3 CLASS-MAP 285
15.4 CLEAR MLS QOS STATISTICS 285
15.5 DROP 286
15.6 MATCH 286
15.7 MLS QOS AGGREGATE-POLICY 288
15.8 MLS QOS COS 289
15.9 MLS QOS INTERNAL-PRIORITY 290
15.10 MLS QOS MAP 291
15.11 MLS QOS INTERNAL-PRIORITY 293
15.12 MLS QOS QUEUE WEIGHT....293
15.13 MLS QOS TRUST....294
15.14 PASS-THROUGH-COS....294
15.15 PASS-THROUGH-DSCP 295
15.16 POLICY....295
15.17 POLICY AGGREGATE....297
15.18 POLICY-MAP 297
15.19 SERVICE-POLICY INPUT 298
15.20 SERVICE-POLICY INPUT VLAN....299
15.21 SET INTERNAL PRIORITY 299
15.22 SHOW CLASS-MAP 300
15.23 SHOW POLICY-MAP....301
15.24 SHOW MLS QOS INTERFACE 302
15.25 SHOW MLS QOS MAPS 304
15.26 SHOW MLS QOS VLAN....307
15.27 SHOW MLS QOS AGGREGATE-POLICY 308
15.28 TRANSMIT....308

CHAPTER 16 COMMANDS FOR FOR FLOW-BASED REDIRECTION ....309

16.1 ACCESS-GROUP REDIRECT TO INTERFACE ETHERNET....309

16.2 SHOW FLOW-BASED-REDIRECT 310

CHAPTER 17 COMMANDS FOR EGRESS QOS....311

17.1 MLS QOS EGRESS GREEN REMARK....311
17.2 MLS QOS MAP 311
17.3 SERVICE-POLICY OUTPUT 315
17.4 SERVICE-POLICY OUTPUT VLAN....315
17.5 SET 316
17.6 SHOW MLS QOS EGRESS GREEN REMARK 316
17.7 SHOW MLS QOS MAPS 317

CHAPTER 18 COMMANDS FOR FLEXIBLE QINQ....318

18.1 ADD 318
18.2 MATCH 319
18.3 SERVICE-POLICY....320
18.4 SET 320

CHAPTER 19 COMMANDS FOR LAYER 3 FORWARDING....321

19.1 COMMANDS FOR LAYER 3 INTERFACE....321

19.1.1 bandwidth.... 321
19.1.2 description.... 322
19.1.3 description (VRF mode) 322
19.1.4 interface loopback.... 323
19.1.5 interface vlan....323
19.1.6 ip vrf 324
19.1.7 ip vrf forwarding vrfName 324
19.1.8 rd....325
19.1.9 route-target 325
19.1.10 show ip route vrf....326
19.1.11 show ip vrf 327
19.1.12 shutdown....328

19.2 COMMANDS FOR IPv4/V6 CONFIGURATION....329

19.2.1 clear ip traffic....329
19.2.2 clear ipv6 neighbor....329
19.2.3 debug ip icmp.... 330
19.2.4 debug ip packet....330
19.2.5 debug ipv6 packet.... 331
19.2.6 debug ipv6 icmp.... 331
19.2.7 debug ipv6 nd 332
19.2.8 debug ipv6 tunnel packet 333
19.2.9 description.... 333

19.2.10 ipv6 proxy enable 334

19.2.11 ip address.... 335

19.2.12 ipv6 address.... 336

19.2.13 ipv6 route 337

19.2.14 ipv6 redirect 338

19.2.15 ipv6 nd dad attempts.... 338

19.2.16 ipv6 nd ns-interval.... 339

19.2.17 ipv6 nd suppress-ra 339

19.2.18 ipv6 nd ra-lifetime 340

19.2.19 ipv6 nd min-ra-interval.... 340

19.2.20 ipv6 nd max-ra-interval.... 341

19.2.21 ipv6 nd prefix....341

19.2.22 ipv6 nd ra-hoplimit 342

19.2.23 ipv6 nd ra-mtu 343

19.2.24 ipv6 nd reachable-time....343

19.2.25 ipv6 nd retrans-timer 344

19.2.26 ipv6 nd other-config-flag....344

19.2.27 ipv6 nd managed-config-flag.... 345

19.2.28 ipv6 neighbor 345

19.2.29 interface tunnel 346

19.2.30 show ip interface 346

19.2.31 show ip traffic 347

19.2.32 show ipv6 interface 349

19.2.33 show ipv6 route 350

19.2.34 show ipv6 neighbors 352

19.2.35 show ipv6 traffic 353

19.2.36 show ipv6 redirect.... 354

19.2.37 show ipv6 tunnel 354

19.2.38 tunnel source 355

19.2.39 tunnel destination 356

19.2.40 tunnel nexthop 356

19.2.41 tunnel mode 357

19.3 COMMANDS FOR IP ROUTE AGGREGATION 358

19.3.1 ip fib optimize 358

19.4 COMMANDS FOR URPF 359

19.4.1 show urpf 359

19.4.2 urpf enable 359

19.5 COMMANDS FOR ARP CONFIGURATION....360

19.5.1 arp....360

19.5.2 clear arp-cache 360

19.5.3 clear arp traffic 361
19.5.4 debug arp....361
19.5.5 ip proxy-arp 362
19.5.6 show arp 362
19.5.7 show arp traffic....363

19.6 COMMANDS FOR HARDWARE TUNNEL CAPACITY....364

19.6.1 hardware tunnel-capacity 364

CHAPTER 20 COMMANDS FOR ARP SCANNING PREVENTION....365

20.1 ANTI-ARPSCAN ENABLE....365
20.2 ANTI-ARPSCAN PORT-BASED THRESHOLD....365
20.3 ANTI-ARPSCAN IP-BASED THRESHOLD....366
20.4 ANTI-ARPSCAN TRUST....367
20.5 ANTI-ARPSCAN TRUST IP 367
20.6 ANTI-ARPSCAN RECOVERY ENABLE....368
20.7 ANTI-ARPSCAN RECOVERY TIME....369
20.8 ANTI-ARPSCAN LOG ENABLE....369
20.9 ANTI-ARPSCAN TRAP ENABLE 370
20.10 SHOW ANTI-ARPSCAN....370
20.11 DEBUG ANTI-ARPSCAN 372

CHAPTER 21 COMMANDS FOR PREVENTING ARP, ND SPOOFING ....373

21.1 IP ARP-SECURITY UPDATEPROTECT....373
21.2 IPV6 ND-SECURITY UPDATEPROTECT....374
21.3 IP ARP-SECURITY LEARNPROTECT....374
21.4 IPV6 ND-SECURITY LEARNPROTECT ....375
21.5 IP ARP-SECURITY CONVERT 375
21.6 IPV6 ND-SECURITY CONVERT 376
21.7 CLEAR IP ARP DYNAMIC 376
21.8 CLEAR IPV6 ND DYNAMIC....377

CHAPTER 22 COMMAND FOR ARP GUARD ....378

22.1 ARP-GUARD IP 378

CHAPTER 23 COMMAND FOR ARP LOCAL PROXY....379

25.1 KEEPALIVE GATEWAY 382
25.2 SHOW IP INTERFACE....383
25.3 SHOW KEEPALIVE GATEWAY....383

CHAPTER 26 COMMANDS FOR DHCP ....384

26.1 COMMANDS FOR DHCP SERVER CONFIGURATION....384

26.1.1 bootfile 384
26.1.2 clear ip dhcp binding 385
26.1.3 clear ip dhcp conflict 386
26.1.4 clear ip dhcp server statistics 386
26.1.5 client-identifier 387
26.1.6 debug ip dhcp client 387
26.1.7 debug ip dhcp relay 388
26.1.8 debug ip dhcp server 388
26.1.9 default-router 388
26.1.10 dns-server 389
26.1.11 domain-name 389
26.1.12 hardware-address 390
26.1.13 host 391
26.1.14 ip dhcp conflict logging.... 392
26.1.15 ip dhcp excluded-address 392
26.1.16 ip dhcp pool.... 393
26.1.17 ip dhcp conflict ping-detection enable 393
26.1.18 ip dhcp ping packets 394
26.1.19 ip dhcp ping timeout....394
26.1.20 lease 395
26.1.21 netbios-name-server 395
26.1.22 netbios-node-type 396
26.1.23 network-address 397
26.1.24 next-server 397
26.1.25 option 398
26.1.26 service dhcp 399
26.1.27 show ip dhcp binding 399
26.1.28 show ip dhcp conflict....400
26.1.29 show ip dhcp relay information option....401
26.1.30 show ip dhcp server statistics 401

26.2 COMMANDS FOR DHCP RELAY CONFIGURATION 403

26.2.1 ip forward-protocol udp bootps....403
26.2.2 ip helper-address 403
26.2.3 show ip forward-protocol 404

26.2.4 show ip helper-address.... 404

CHAPTER 27 COMMANDS FOR DHCPV6....405

27.1 CLEAR IPV6 DHCP BINDING 405

27.2 CLEAR IPV6 DHCP CONFLICT....406

27.3 CLEAR IPV6 DHCP STATISTICS....406

27.4 DEBUG IPV6 DHCP CLIENT PACKET 407

27.5 DEBUG IPV6 DHCP DETAIL....407

27.6 DEBUG IPV6 DHCP RELAY PACKET 408

27.7 DEBUG IPV6 DHCP SERVER 408

27.8 DNS-SERVER 409

27.9 DOMAIN-NAME 409

27.10 EXCLUDED-ADDRESS 410

27.11 IPV6 ADDRESS 410

27.12 IPV6 DHCP CLIENT PD....411

27.13 IPV6 DHCP CLIENT PD HINT 412

27.14 IPV6 DHCP POOL 412

27.15 IPV6 DHCP RELAY DESTINATION ....413

27.16 IPV6 DHCP SERVER 414

27.17 IPV6 GENERAL-PREFIX 415

31.15 SET AGGREGATOR 486

31.16 SET AS-PATH....486

31.17 SET ATOMIC-AGGREGATE 487

31.18 SET COMM-LIST 487

31.19 SET COMMUNITY 488

31.20 SET EXTCOMMUNITY....488

31.21 SET IP NEXT-HOP....489

31.22 SET LOCAL-PREFERENCE 490

31.23 SET METRIC 490

31.24 SET METRIC-TYPE 491

31.25 SET ORIGIN....492

31.26 SET ORIGINATOR-ID....492

31.27 SET TAG 493

31.28 SET VPNV4 NEXT-HOP 493

31.29 SET WEIGHT....494

31.30 SHOW IP PREFIX-LIST 494

31.31 SHOW IP PREFIX-LIST......495

31.32 SHOW ROUTE-MAP 496

31.33 SHOW ROUTER-ID 497

CHAPTER 32 COMMANDS FOR STATIC ROUTE....498

32.1 IP ROUTE 498

32.2 IP ROUTE VRF 499

32.3 SHOW IP ROUTE 500

32.4 SHOW IP ROUTE VRF....501

CHAPTER 33 COMMANDS FOR RIP....502

33.1 ACCEPT-LIFETIME....502

33.2 ADDRESS-FAMILY IPV4....503

33.3 CLEAR IP RIP ROUTE....503

33.4 DEBUG RIP....504

33.5 DEBUG RIP REDISTRIBUTE MESSAGE SEND 505

33.6 DEBUG RIP REDISTRIBUTE ROUTE RECEIVE....505

33.7 DEFAULT-INFORMATION ORIGINATE....506

33.8 DEFAULT-METRIC ....506

33.9 DISTANCE ....507

33.10 DISTRIBUTE-LIST....507

33.11 EXIT-ADDRESS-FAMILY....508

33.12 IP RIP AGGREGATE-ADDRESS....509

33.13 IP RIP AUTHENTICATION KEY-CHAIN 509

33.14 IP RIP AUTHENTICATION MODE....510

33.15 IP RIP AUTHENTICATION STRING 511

33.16 IP RIP AUTHENTICATION CISCO-COMPATIBLE 512

33.17 IP RIP RECEIVE-PACKET 512

33.18 IP RIP RECEIVE VERSION....513

33.19 IP RIP SEND-PACKET....513

33.20 IP RIP SEND VERSION....514

33.21 IP RIP SPLIT-HORIZON....514

33.22 KEY....515

33.23 KEY CHAIN....515

33.24 KEY-STRING....516

33.25 MAXIMUM-PREFIX....516

33.26 NEIGHBOR....517

33.27 NETWORK....518

33.28 OFFSET-LIST....518

33.29 PASSIVE-INTERFACE....519

33.30 RECV-BUFFER-SIZE 520

33.31 REDISTRIBUTE 520

33.32 ROUTE 521

33.33 ROUTER RIP....522

33.34 SEND-LIFETIME....522

33.35 SHOW DEBUGGING RIP 523

33.36 SHOW IP PROTOCOLS RIP 524

33.37 SHOW IP RIP 525

33.38 SHOW IP RIP DATABASE....526

33.39 SHOW IP RIP INTERFACE 526

33.40 SHOW IP RIP AGGREGATE 527

33.41 TIMERS BASIC....528

33.42 VERSION....529

CHAPTER 34 COMMANDS FOR RIPNG ....530

34.1 CLEAR IPV6 ROUTE 530

34.2 DEFAULT-INFORMATION ORIGINATE....531

34.3 DEFAULT-METRIC 531

34.4 DISTANCE 532

34.5 DISTRIBUTE-LIST....532

34.6 DEBUG IPV6 RIP 533

34.7 DEBUG IPV6 RIP REDISTRIBUTE MESSAGE SEND....534

34.8 DEBUG IPV6 RIP REDISTRIBUTE ROUTE RECEIVE ....534

34.9 IPV6 RIP AGGREGATE-ADDRESS....535

34.10 IPV6 RIP SPLIT-HORIZON....535

34.11 IPV6 ROUTER RIP 536

34.12 NEIGHBOR....537

34.13 OFFSET-LIST....538

34.14 PASSIVE-INTERFACE....539

34.15 REDISTRIBUTE....539

34.16 REDISTRIBUTE OSPF 540

34.17 ROUTE 541

34.18 ROUTER IPV6 RIP 541

34.19 SHOW DEBUGGING IPV6 RIP 542

34.20 SHOW IPV6 RIP INTERFACE 542

34.21 SHOW IPV6 RIP REDISTRIBUTE 543

34.22 SHOW IPV6 PROTOCOLS RIP 544

34.23 SHOW IPV6 RIP 545

34.24 SHOW IPV6 RIP DATABASE 545

34.25 SHOW IPV6 RIP AGGREGATE 546

34.26 SHOW IPV6 RIP REDISTRIBUTE ....547

34.27 TIMERS BASIC....547

CHAPTER 35 COMMANDS FOR OSPF....548

35.1 AREA AUTHENTICATION ....548

35.2 AREA DEFAULT-COST....549

35.3 AREA FILTER-LIST 549

35.4 AREA NSSA....550

35.5 AREA RANGE ....551

35.6 AREA STUB....552

35.7 AREA VIRTUAL-LINK 553

35.8 AUTO-COST REFERENCE-BANDWIDTH....554

35.9 COMPATIBLE RFC1583 554

35.10 CLEAR IP OSPF PROCESS 555

35.11 DEBUG OSPF EVENTS 555

35.12 DEBUG OSPF IFSM....556

35.13 DEBUG OSPF LSA....556

35.14 DEBUG OSPF NFSM 557

35.15 DEBUG OSPF NSM 557

35.16 DEBUG OSPF PACKET 558

35.17 DEBUG OSPF ROUTE 558

35.18 DEBUG OSPF REDISTRIBUTE MESSAGE SEND....559

35.19 DEBUG OSPF REDISTRIBUTE ROUTE RECEIVE....559

35.20 DEFAULT-INFORMATION ORIGINATE ....560

35.21 DEFAULT-METRIC 561

35.22 DISTANCE 561

35.23 DISTRIBUTE-LIST....562

35.24 FILTER-POLICY....563

35.25 HOST AREA....564

35.26 IP OSPF AUTHENTICATION 564

35.27 IP OSPF AUTHENTICATION-KEY....565

35.28 IP OSPF COST 566

35.29 IP OSPF DATABASE-FILTER....566

35.30 IP OSPF DEAD-INTERVAL....567

35.31 IP OSPF DISABLE ALL 567

35.32 IP OSPF HELLO-INTERVAL 568

35.33 IP OSPF MESSAGE-DIGEST-KEY 569

35.34 IP OSPF MTU 569

35.35 IP OSPF MTU-IGNORE 570

35.36 IP OSPF NETWORK 571

35.37 IP OSPF PRIORITY....571

35.38 IP OSPF RETRANSMIT-INTERVAL 572

35.39 IP OSPF TRANSMIT-DELAY 573

35.40 KEY 574

35.41 KEY CHAIN....574

35.42 LOG-ADJACENCY-CHANGES DETAIL 575

35.43 MAX-CONCURRENT-DD 575

35.44 NEIGHBOR....576

35.45 NETWORK AREA....577

35.46 OSPF ABR-TYPE 577

35.47 OSPF ROUTER-ID....578

35.48 OVERFLOW DATABASE 579

35.49 OVERFLOW DATABASE EXTERNAL 579

35.50 PASSIVE-INTERFACE....580

35.51 REDISTRIBUTE 580

35.52 REDISTRIBUTE OSPF 581

35.53 ROUTER OSPF....582

35.54 SHOW IP OSPF 582

35.55 SHOW IP OSPF BORDER-ROUTERS....584
35.56 SHOW IP OSPF DATABASE....584
35.57 SHOW IP OSPF INTERFACE 586
35.58 SHOW IP OSPF NEIGHBOR....586
35.59 SHOW IP OSPF REDISTRIBUTE 587
35.60 SHOW IP OSPF ROUTE 588
35.61 SHOW IP OSPF VIRTUAL-LINKS 589
35.62 SHOW IP ROUTE PROCESS-DETAIL....590
35.63 SHOW IP PROTOCOLS....591
35.64 SUMMARY-ADDRESS....592
35.65 TIMERS SPF 592

CHAPTER 36 COMMANDS FOR OSPFV3 ....593

36.1 AREA DEFAULT COST....593
36.2 AREA RANGE 594
36.3 AREA STUB....595
36.4 AREA VIRTUAL-LINK 596
36.5 ABR-TYPE....597
36.6 DEFAULT-METRIC 597
36.7 DEBUG IPV6 OSPF EVENTS....598
36.8 DEBUG IPV6 OSPF IFSM 599
36.9 DEBUG IPV6 OSPF LSA 599
36.10 DEBUG IPV6 OSPF NFSM....600
36.11 DEBUG IPV6 OSPF NSM....600
36.12 DEBUG IPV6 OSPF PACKET 601
36.13 DEBUG IPV6 OSPF REDISTRIBUTE MESSAGE SEND....601
36.14 DEBUG IPV6 OSPF REDISTRIBUTE ROUTE RECEIVE 602
36.15 DEBUG IPV6 OSPF ROUTE 602
36.16 IPV6 OSPF COST 602
36.17 IPV6 OSPF DEAD-INTERVAL....603
36.18 IPV6 OSPF DISPLAY ROUTE SINGLE-LINE....604
36.19 IPV6 OSPF HELLO-INTERVAL 604
36.20 IPV6 OSPF PRIORITY....605
36.21 IPV6 OSPF RETRANSMIT-INTERVAL 606
36.22 IPV6 OSPF TRANSMIT-DELAY 607
36.23 IPV6 ROUTER OSPF 608
36.24 MAX-CONCURRENT-DD 609
36.25 PASSIVE-INTERFACE....609
36.26 REDISTRIBUTE 610
36.27 REDISTRIBUTE OSPF 610

36.28 ROUTER-ID 611
36.29 ROUTER IPV6 OSPF 612
36.30 SHOW IPV6 OSPF 612
36.31 SHOW IPV6 OSPF DATABASE....613
36.32 SHOW IPV6 OSPF INTERFACE 615
36.33 SHOW IPV6 OSPF NEIGHBOR....617
36.34 SHOW IPV6 OSPF ROUTE 618
36.35 SHOW IPV6 OSPF REDISTRIBUTE 618
36.36 SHOW IPV6 OSPF TOPOLOGY 619
36.37 SHOW IPV6 OSPF VIRTUAL-LINKS 620
36.38 SHOW IPV6 ROUTE PROCESS-DETAIL....620
36.39 TIMERS SPF 621

CHAPTER 37 COMMANDS FOR BGP AND MBGP4+ ......622

37.1 ADDRESS-FAMILY 622
37.2 AGGREGATE-ADDRESS....623
37.3 BGP AGGREGATE-NEXTHOP-CHECK 624
37.4 BGP ALWAYS-COMPARE-MED 624
37.5 BGP ASNOTATION ASDOT 625
37.6 BGP BESTPATH AS-PATH IGNORE....625
37.7 BGP BESTPATH COMPARE-CONFED-ASPATH 626
37.8 BGP BESTPATH COMPARE-ROUTERID....626
37.9 BGP BESTPATH MED 627
37.10 BGP CLIENT-TO-CLIENT REFLECTION 627
37.11 BGP CLUSTER-ID......628
37.12 BGP CONFEDERATION IDENTIFIER....629
37.13 BGP CONFEDERATION PEERS....629
37.14 BGP DAMPENING....630
37.15 BGP DEFAULT 631
37.16 BGP DETERMINISTIC-MED 632
37.17 BGP ENFORCE-FIRST-AS....632
37.18 BGP FAST-EXTERNAL-FAILOVER....633
37.19 BGP INBOUND-ROUTE-FILTER....633
37.20 BGP INBOUND-MAX-ROUTE-NUM 634
37.21 BGP LOG-NEIGHBOR-CHANGES....634
37.22 BGP NETWORK IMPORT-CHECK 635
37.23 BGP RFC1771-PATH-SELECT 635
37.24 BGP RFC1771-STRICT....636
37.25 BGP ROUTER-ID 636
37.26 BGP SCAN-TIME 637

37.27 CLEAR IP BGP 637

37.28 CLEAR IP BGP DAMPENING....638

37.29 CLEAR IP BGP FLAP-STATISTICS....638

37.30 DEBUG BGP 639

37.31 DEBUG BGP REDISTRIBUTE MESSAGE SEND....639

37.32 DEBUG BGP REDISTRIBUTE ROUTE RECEIVE 640

37.33 DEBUG IPV6 BGP REDISTRIBUTE MESSAGE SEND 640

37.34 DEBUG IPV6 BGP REDISTRIBUTE ROUTE RECEIVE....641

37.35 DISTANCE....641

37.36 DISTANCE BGP 642

37.37 EXIT-ADDRESS-FAMILY 642

37.38 IMPORT MAP 643

37.39 IP AS-PATH ACCESS-LIST 644

37.40 IP COMMUNITY-LIST 644

37.41 IP EXTCOMMUNITY-LIST 645

37.42 NEIGHBOR ACTIVATE 646

37.43 NEIGHBOR ADVERTISEMENT-INTERVAL 647

37.44 NEIGHBOR ALLOWAS-IN....647

37.45 NEIGHBOR AS-OVERRIDE....648

37.46 NEIGHBOR ATTRIBUTE-UNCHANGED 649

37.47 NEIGHBOR CAPABILITY 650

37.48 NEIGHBOR CAPABILITY ORF PREFIX-LIST 651

37.49 NEIGHBOR COLLIDE-ESTABLISHED 652

37.50 NEIGHBOR DEFAULT-ORIGINATE 653

37.51 NEIGHBOR DESCRIPTION 654

37.52 NEIGHBOR DISTRIBUTE-LIST 654

37.53 NEIGHBOR DONT-CAPABILITY-NEGOTIATE 655

37.54 NEIGHBOR EBGP-MULTIHOP 656

37.55 NEIGHBOR ENFORCE-MULTIHOP 657

37.56 NEIGHBOR FILTER-LIST....657

37.57 NEIGHBOR INTERFACE....658

37.58 NEIGHBOR MAXIMUM-PREFIX 659

37.59 NEIGHBOR NEXT-HOP-SELF....660

37.60 NEIGHBOR OVERRIDE-CAPABILITY....660

37.61 NEIGHBOR PASSIVE....661

37.62 NEIGHBOR PEER-GROUP (CREATING)....662

37.63 NEIGHBOR PEER-GROUP (CONFIGURING GROUP MEMBERS)....662

37.64 NEIGHBOR PORT 663

37.65 NEIGHBOR PREFIX-LIST 664

37.66 NEIGHBOR REMOTE-AS....665

37.67 NEIGHBOR REMOVE-PRIVATE-AS 665

37.68 NEIGHBOR ROUTE-MAP 666

37.69 NEIGHBOR ROUTE-REFLECTOR-CLIENT....667

37.70 NEIGHBOR ROUTE-SERVER-CLIENT 668

37.71 NEIGHBOR SEND-COMMUNITY 668

37.72 NEIGHBOR SHUTDOWN 669

37.73 NEIGHBOR SOFT-RECONFIGURATION INBOUND....670

37.74 NEIGHBOR SOO....670

37.75 NEIGHBOR STRICT-CAPABILITY-MATCH 671

37.76 NEIGHBOR TIMERS 672

37.77 NEIGHBOR TIMERS CONNECT 672

37.78 NEIGHBOR UNSUPPRESS-MAP....673

37.79 NEIGHBOR UPDATE-SOURCE....674

37.80 NEIGHBOR VERSION 4....675

37.81 NEIGHBOR WEIGHT....675

37.82 NETWORK (BGP)....676

37.83 REDISTRIBUTE (BGP)....677

37.84 REDISTRIBUTE OSPF 677

37.85 REDISTRIBUTE OSPF (MBGP4+) 678

37.86 ROUTER BGP 679

37.87 SET VPNV4 NEXT-HOP 679

37.88 SHOW IP BGP....681

37.89 SHOW IP BGP ATTRIBUTE-INFO 682

37.90 SHOW IP BGP COMMUNITY 682

37.91 SHOW IP BGP COMMUNITY-INFO 683

37.92 SHOW IP BGP COMMUNITY-LIST 684

37.93 SHOW IP BGP DAMPENING....684

37.94 SHOW IP BGP FILTER-LIST....686

37.95 SHOW IP BGP INCONSISTENT-AS....687

37.96 SHOW IP BGP NEIGHBORS....687

37.97 SHOW IP BGP PATHS....689

37.98 SHOW IP BGP PREFIX-LIST 689

37.99 SHOW IP BGP QUOTE-REGEXP....690

37.100 SHOW IP BGP REGEXP 691

37.101 SHOW IP BGP ROUTE-MAP 692

37.102 SHOW IP BGP SCAN 692

37.103 SHOW IP BGP SUMMARY 693

37.104 SHOW IP BGP VIEW 694

37.105 SHOW IP BGP VIEW NEIGHBORS 694

37.106 SHOW IP BGP VRF 695

37.107 SHOW IP BGP VPNV4 697
37.108 SHOW IPV6 BGP REDISTRIBUTE....697
37.109 TIMERS BGP....698

CHAPTER 38 COMMANDS FOR BLACK HOLE ROUTING....699

38.1 IP ROUTE NULL0 699
38.2 IPV6 ROUTE NULL0 700

CHAPTER 39 COMMANDS FOR GRE TUNNEL CONFIGURATION ....701

39.1 DEBUG GRE 701
39.2 IP ADDRESS 701
39.3 IP ROUTE....702
39.4 IPV6 ADDRESS....703
39.5 IPV6 ROUTE....703
39.6 LOOPBACK-GROUP (GLOBAL) 704
39.7 LOOPBACK-GROUP (PORT) 704
39.8 LOOPBACK-GROUP (TUNNEL INTERFACE) 705
39.9 SHOW GRE TUNNEL....705
39.10 SHOW INTERFACE TUNNEL....706
39.11 TUNNEL DESTINATION....707
39.12 TUNNEL MODE GRE IP....707
39.13 TUNNEL MODE GRE IPV6....708
39.14 TUNNEL SOURCE....708

CHAPTER 40 COMMANDS FOR ECMP....709

40.1 LOAD-BALANCE 709
40.2 MAXIMUM-PATHS....709

CHAPTER 41 COMMANDS FOR BFD....710

41.1 BFD AUTHENTICATION KEY....710
41.2 BFD AUTHENTICATION KEY MD5 710
41.3 BFD AUTHENTICATION KEY TEXT 711
41.4 BFD ECHO 712
41.5 BFD ECHO-SOURCE-IP....712
41.6 BFD ECHO-SOURCE-IPV6....713
41.7 BFD ENABLE....714
41.8 BFD INTERVAL....715
41.9 BFD MIN-ECHO-RECV-INTERVAL 716
41.10 BFD MODE 716
41.11 DEBUG BFD....717
41.12 IP OSPF BFD ENABLE....718

41.13 IP ROUTE BFD 718
41.14 IPV6 OSPF BFD ENABLE....719
41.15 IPV6 OSPF BFD ENABLE INSTANCE-ID 719
41.16 IPV6 RIP BFD ENABLE....720
41.17 IPV6 ROUTE BFD 720
41.18 NEIGHBOR....721
41.19 RIP BFD ENABLE 722
41.20 SHOW BFD NEIGHBOR 722

CHAPTER 42 COMMANDS FOR BGP GR ....724

42.1 BGP GRACEFUL-RESTART....724
42.2 BGP GRACEFUL-RESTART RESTART-TIME....724
42.3 BGP GRACEFUL-RESTART STALE-PATH-TIME 725
42.4 BGP SELECTION-DEFERRAL-TIME....725
42.5 NEIGHBOR CAPABILITY GRACEFUL-RESTART 726
42.6 NEIGHBOR RESTART-TIME....726

CHAPTER 43 COMMANDS FOR OSPF GR ....727

43.1 CAPABILITY RESTART GRACEFUL 727
43.2 DEBUG OSPF EVENTS GR....727
43.3 OSPF GRACEFUL-RESTART GRACE-PERIOD....728
43.4 OSPF GRACEFUL-RESTART HELPER MAX-GRACE-PERIOD 728
43.5 OSPF GRACEFUL-RESTART HELPER NEVER....729
43.6 SHOW IP OSPF 729
43.7 SHOW IP OSPF GRACEFUL-RESTART....730

CHAPTER 44 IPV4 MULTICAST PROTOCOL....732

44.1 PUBLIC COMMANDS FOR MULTICAST....732
44.1.1 show ip mroute....732

44.2 COMMANDS FOR PIM-DM....733

44.2.1 debug pim timer sat 733

44.2.2 debug pim timer srt 733

44.2.3 ip mroute 734

44.2.4 ip pim bsr-border 735

44.2.5 ip pim dense-mode 735

44.2.6 ip pim dr-priority 736

44.2.7 ip pim exclude-genid 736

44.2.8 ip pim hello-holdtime 737

44.2.9 ip pim hello-interval 738

44.2.10 ip pim multicast-routing 738

44.2.11 ip pim neighbor-filter....739

44.2.12 ip pim scope-border 740
44.2.13 ip pim state-refresh origination-interval 740
44.2.14 show ip pim interface 741
44.2.15 show ip pim mroute dense-mode 742
44.2.16 show ip pim neighbor 744
44.2.17 show ip pim nexthop 745

44.3 COMMANDS FOR PIM-SM 746

44.3.1 clear ip pim bsr rp-set....746
44.3.2 debug pim event 746
44.3.3 debug pim mfc 747
44.3.4 debug pim mib 747
44.3.5 debug pim nexthop 748
44.3.6 debug pim nsm 748
44.3.7 debug pim packet....749
44.3.8 debug pim state 749
44.3.9 debug pim timer 750
44.3.10 ip mroute....751
44.3.11 ip multicast unresolved-cache aging-time 752
44.3.12 ip pim accept-register....752
44.3.13 ip pim bsr-border....753
44.3.14 ip pim bsr-candidate....753
44.3.15 ip pim cisco-register-checksum....754
44.3.16 ip pim dr-priority 754
44.3.17 ip pim exclude-genid 755
44.3.18 ip pim hello-holdtime 755
44.3.19 ip pim hello-interval....756
44.3.20 ip pim ignore-rp-set-priority 757
44.3.21 ip pim jp-timer 757
44.3.22 ip pim multicast-routing 758
44.3.23 ip pim neighbor-filter 758
44.3.24 ip pim register-rate-limit....759
44.3.25 ip pim register-rp-reachability....760
44.3.26 ip pim register-source....760
44.3.27 ip pim register-suppression....761
44.3.28 ip pim rp-address 762
44.3.29 ip pim rp-candidate 762
44.3.30 ip pim rp-register-kat 763
44.3.31 ip pim scope-border 764
44.3.32 ip pim sparse-mode....764
44.3.33 show ip pim bsr-router....765

44.3.34 show ip pim interface 766
44.3.35 show ip pim mroute sparse-mode 766
44.3.36 show ip pim neighbor 768
44.3.37 show ip pim nexthop 768
44.3.38 show ip pim rp-hash....769
44.3.39 show ip pim rp mapping 770

44.4 COMMANDS FOR MSDP CONFIGURATION....771

44.4.1 cache-sa-holdtime....771
44.4.2 cache-sa-maximum....771
44.4.3 cache-sa-state 772
44.4.4 clear msdp peer 773
44.4.5 clear msdp sa-cache 773
44.4.6 clear msdp statistics....774
44.4.7 connect-source 774
44.4.8 debug msdp all....775
44.4.9 debug msdp events....775
44.4.10 debug msdp filter....776
44.4.11 debug msdp fsm....776
44.4.12 debug msdp keepalive 777
44.4.13 debug msdp nsm....777
44.4.14 debug msdp packet....778
44.4.15 debug msdp peer 778
44.4.16 debug msdp timer 779
44.4.17 default-rpf-peer 779
44.4.18 description....780
44.4.19 exit-peer-mode....781
44.4.20 mesh-group....781
44.4.21 originating-rp 782
44.4.22 peer....782
44.4.23 redistribute 783
44.4.24 remote-as....784
44.4.25 router msdp....784
44.4.26 sa-filter 785
44.4.27 sa-request....785
44.4.28 sa-request-filter....786
44.4.29 show msdp global 787
44.4.30 show msdp local-sa-cache 788
44.4.31 show msdp peer....788
44.4.32 show msdp sa-cache 790
44.4.33 show msdp sa-cache summary....791

44.4.34 show msdp statistics 792
44.4.35 show msdp summary 793
44.4.36 shutdown....794
44.4.37 ttl-threshold 794

44.5 COMMANDS FOR ANYCAST RP v4....795

44.5.1 debug pim anycast-rp 795
44.5.2 ip pim anycast-rp....795
44.5.3 ip pim anycast-rp....796
44.5.4 ip pim anycast-rp self-rp-address....797
44.5.5 ip pim rp-candidate 798
44.5.6 show debugging pim....799
44.5.7 show ip pim anycast-rp first-hop 799
44.5.8 show ip pim anycast-rp non-first-hop 800
44.5.9 show ip pim anycast-rp status....800

44.6 COMMANDS FOR PIM-SSM 802

44.6.1 ip multicast ssm 802

44.7 COMMANDS FOR DVMRP 803

44.7.1 debug dvmrp 803
44.7.2 ip dvmrp enable 803
44.7.3 ip dvmrp metric 804
44.7.4 ip dvmrp multicast-routing 805
44.7.5 ip dvmrp output-report-delay 805
44.7.6 ip dvmrp reject-non-pruners....806
44.7.7 ip dvmrp tunnel 806
44.7.8 show ip dvmrp 807
44.7.9 show ip dvmrp interface 807
44.7.10 show ip dvmrp neighbor 808
44.7.11 show ip dvmrp prune 809
44.7.12 show ip dvmrp route 810

44.8 COMMANDS FOR DCSCM....811

44.8.1 access-list (Multicast Destination Control) 811
44.8.2 access-list (Multicast Source Control) 812
44.8.3 ip multicast destination-control access-group 813
44.8.4 ip multicast destination-control access-group (sip) 813
44.8.5 ip multicast destination-control access-group (vmac) 814
44.8.6 ip multicast policy....815
44.8.7 ip multicast source-control 815
44.8.8 ip multicast source-control access-group 816
44.8.9 multicast destination-control....816
44.8.10 show ip multicast destination-control.... 817

44.8.11 show ip multicast destination-control access-list 818
44.8.12 show ip multicast policy....818
44.8.13 show ip multicast source-control 819
44.8.14 show ip multicast source-control access-list 819

44.9 COMMANDS FOR IGMP 820

44.9.1 clear ip igmp group 820
44.9.2 debug igmp event 820
44.9.3 debug igmp packet....821
44.9.4 ip igmp access-group 821
44.9.5 ip igmp immediate-leave 822
44.9.6 ip igmp join-group 823
44.9.7 ip igmp last-member-query-interval....823
44.9.8 ip igmp limit 824
44.9.9 ip igmp query-interval....824
44.9.10 ip igmp query-max-response-time....825
44.9.11 ip igmp query-timeout....826
44.9.12 ip igmp robust-variable 826
44.9.13 ip igmp static-group....827
44.9.14 ip igmp version....827
44.9.15 show ip igmp groups 828
44.9.16 show ip igmp interface 830

44.10 COMMANDS FOR IGMP SNOOPING....831

44.10.1 clear ip igmp snooping vlan....831
44.10.2 clear ip igmp snooping vlan <1-4094> mrouter-port....831
44.10.3 debug igmp snooping all/packet/event/timer/mfc 832
44.10.4 ip igmp snooping....832
44.10.5 ip igmp snooping proxy 833
44.10.6 ip igmp snooping vlan 833
44.10.7 ip igmp snooping vlan immediate-leave 834
44.10.8 ip igmp snooping vlan l2-general-querier 834
44.10.9 ip igmp snooping vlan l2-general-querier-source 835
44.10.10 ip igmp snooping vlan l2-general-querier-version 835
44.10.11 ip igmp snooping vlan limit 836
44.10.12 ip igmp snooping vlan mrouter-port interface 836
44.10.13 ip igmp snooping vlan mrouter-port learnpim 837
44.10.14 ip igmp snooping vlan mrpt 838
44.10.15 ip igmp snooping vlan query-interval....838
44.10.16 ip igmp snooping vlan query-mrsp 839
44.10.17 ip igmp snooping vlan query-robustness....839
44.10.18 ip igmp snooping vlan report source-address 840

44.10.19 ip igmp snooping vlan specific-query-mrsp 840
44.10.20 ip igmp snooping vlan static-group....841
44.10.21 ip igmp snooping vlan suppression-query-time 842
44.10.22 show ip igmp snooping....842

44.11 COMMANDS FOR IGMP PROXY....844

44.11.1 clear ip igmp proxy agggroup 844
44.11.2 debug igmp proxy all 845
44.11.3 debug igmp proxy event 845
44.11.4 debug igmp proxy mfc 846
44.11.5 debug igmp proxy packet 846
44.11.6 debug igmp proxy timer....847
44.11.7 ip igmp proxy 847
44.11.8 ip igmp proxy aggregate.... 848
44.11.9 ip igmp proxy downstream 848
44.11.10 ip igmp proxy limit....849
44.11.11 ip igmp proxy multicast-source 849
44.11.12 ip igmp proxy unsolicited-report interval 850
44.11.13 ip igmp proxy unsolicited-report robustness 850
44.11.14 ip igmp proxy upstream 851
44.11.15 ip multicast ssm....851
44.11.16 ip pim bsr-border 852
44.11.17 show debugging igmp proxy....853
44.11.18 show ip igmp proxy.... 853
44.11.19 show ip igmp proxy mroute 854
44.11.20 show ip igmp proxy upstream groups....855

CHAPTER 45 IPV6 MULTICAST PROTOCOL....856

45.1 PUBLIC COMMANDS FOR MULTICAST....856

45.1.1 show ipv6 mroute....856

45.2 COMMANDS FOR PIM-DM6....857

45.2.1 debug ipv6 pim timer sat....857
45.2.2 debug ipv6 pim timer srt....857
45.2.3 ipv6 mroute 858
45.2.4 ipv6 pim bsr-border 858
45.2.5 ipv6 pim dense-mode....859
45.2.6 ipv6 pim dr-priority 859
45.2.7 ipv6 pim exclude-genid 860
45.2.8 ipv6 pim hello-holdtime 861
45.2.9 ipv6 pim hello-interval 861
45.2.10 ipv6 pim multicast-routing 862

45.2.11 ipv6 pim neighbor-filter 863
45.2.12 ipv6 pim scope-border....863
45.2.13 ipv6 pim state-refresh origination-interval 864
45.2.14 show ipv6 pim interface....865
45.2.15 show ipv6 pim mroute dense-mode 866
45.2.16 show ipv6 pim neighbor 867
45.2.17 show ipv6 pim nexthop....868

45.3 COMMANDS FOR PIM-SM6....869

45.3.1 clear ipv6 pim bsr rp-set....869
45.3.2 debug ipv6 pim events 869
45.3.3 debug ipv6 pim mfc 870
45.3.4 debug ipv6 pim mib 870
45.3.5 debug ipv6 pim nexthop....871
45.3.6 debug ipv6 pim nsm....871
45.3.7 debug ipv6 pim packet 872
45.3.8 debug ipv6 pim state 872
45.3.9 debug ipv6 pim timer....873
45.3.10 ipv6 mroute 874
45.3.11 ipv6 multicast unresolved-cache aging-time....875
45.3.12 ipv6 pim accept-register 875
45.3.13 ipv6 pim bsr-border 876
45.3.14 ipv6 pim bsr-candidate 876
45.3.15 ipv6 pim cisco-register-checksum 877
45.3.16 ipv6 pim dr-priority 878
45.3.17 ipv6 pim exclude-genid 878
45.3.18 ipv6 pim hello-holdtime 879
45.3.19 ipv6 pim hello-interval 879
45.3.20 ipv6 pim ignore-rp-set-priority 880
45.3.21 ipv6 pim jp-timer 881
45.3.22 ipv6 pim multicast-routing 881
45.3.23 ipv6 pim neighbor-filter 882
45.3.24 ipv6 pim register-rate-limit....883
45.3.25 ipv6 pim register-rp-reachability 883
45.3.26 ipv6 pim register-source....884
45.3.27 ipv6 pim register-suppression 884
45.3.28 ipv6 pim rp-address 885
45.3.29 ipv6 pim rp-candidate....886
45.3.30 ipv6 pim rp-register-kat 887
45.3.31 ipv6 pim scope-border....887
45.3.32 ipv6 pim sparse-mode....888

45.3.33 show ipv6 pim bsr-router....888
45.3.34 show ipv6 pim interface....889
45.3.35 show ipv6 pim mroute sparse-mode 890
45.3.36 show ipv6 pim neighbor 891
45.3.37 show ipv6 pim nexthop....892
45.3.38 show ipv6 pim rp-hash 893
45.3.39 show ipv6 pim rp mapping 894

45.4 COMMANDS FOR ANYCAST RP v6....895

45.4.1 debug ipv6 pim anycast-rp 895
45.4.2 ipv6 pim anycast-rp 895
45.4.3 ipv6 pim anycast-rp 896
45.4.4 ipv6 pim anycast-rp self-rp-address 897
45.4.5 ipv6 pim rp-candidate 898
45.4.6 show debugging ipv6 pim....898
45.4.7 show ipv6 pim anycast-rp first-hop....899
45.4.8 show ipv6 pim anycast-rp non-first-hop 899
45.4.9 show ipv6 pim anycast-rp status 900

45.5 COMMANDS FOR PIM-SSM6 902

45.5.1 ipv6 pim ssm....902

45.6 COMMANDS FOR IPv6 DCSCM....903

45.6.1 ipv6 access-list(ipv6 multicast source control) 903
45.6.2 ipv6 access-list(multicast destination control) 904
45.6.3 ipv6 multicast destination-control access-group....905
45.6.4 ipv6 multicast destination-control access-group (sip)....906
45.6.5 ipv6 multicast destination-control access-group (vmac)....907
45.6.6 ipv6 multicast policy 908
45.6.7 ipv6 multicast source-control....908
45.6.8 ipv6 multicast source-control access-group 909
45.6.9 multicast destination-control....910
45.6.10 show ipv6 multicast destination-control....910
45.6.11 show ipv6 multicast destination-control access-list ....911
45.6.12 show ipv6 multicast policy....912
45.6.13 show ipv6 multicast source-control 912
45.6.14 show ipv6 multicast source-control access-list....913

45.7 COMMANDS FOR MLD 914

45.7.1 clear ipv6 mld group....914
45.7.2 debug ipv6 mld events 914
45.7.3 debug ipv6 mld packet 915
45.7.4 ipv6 mld access-group 915
45.7.5 ipv6 mld immediate-leave 916

45.7.6 ipv6 mld join-group....917
45.7.7 ipv6 mld join-group mode source 917
45.7.8 ipv6 mld last-member-query-interval 918
45.7.9 ipv6 mld limit 919
45.7.10 ipv6 mld query-interval....919
45.7.11 ipv6 mld query-max-response-time 920
45.7.12 ipv6 mld query-timeout....921
45.7.13 ipv6 mld static-group....921
45.7.14 ipv6 mld version 922
45.7.15 show ipv6 mld groups 923
45.7.16 show ipv6 mld interface....923
45.7.17 show ipv6 mld join-group 924

45.8 COMMANDS FOR MLD SNOOPING CONFIGURATION....925

45.8.1 clear ipv6 mld snooping vlan....925
45.8.2 clear ipv6 mld snooping vlan <1-4094> mrouter-port 925
45.8.3 debug mld snooping all/packet/event/timer/mfc 926
45.8.4 ipv6 mld snooping 926
45.8.5 ipv6 mld snooping vlan....927
45.8.6 ipv6 mld snooping vlan immediate-leave 927
45.8.7 ipv6 mld snooping vlan l2-general-querier 928
45.8.8 ipv6 mld snooping vlan limit 928
45.8.9 ipv6 mld snooping vlan mrouter-port interface 929
45.8.10 ipv6 mld snooping vlan mrouter-port learnpim6 930
45.8.11 ipv6 mld snooping vlan mrpt....930
45.8.12 ipv6 mld snooping vlan query-interval....931
45.8.13 ipv6 mld snooping vlan query-mrsp 931
45.8.14 ipv6 mld snooping vlan query-robustness....932
45.8.15 ipv6 mld snooping vlan static-group....932
45.8.16 ipv6 mld snooping vlan suppression-query-time 933
45.8.17 show ipv6 mld snooping....934

CHAPTER 46 COMMANDS FOR MULTICAST VLAN ....936

46.1 MULTICAST-VLAN 936
46.2 MULTICAST-VLAN ASSOCIATION....937

CHAPTER 47 COMMANDS FOR ACL....938

47.1 ABSOLUTE-PERIODIC/PERIODIC....938
47.2 ABSOLUTE START....939
47.3 ACCESS-LIST (IP EXTENDED)....940
47.4 ACCESS-LIST (IP STANDARD) 942
47.5 ACCESS-LIST(MAC EXTENDED)....942

47.6 ACCESS-LIST(MAC-IP EXTENDED)....944
47.7 ACCESS-LIST(MAC STANDARD) 946
47.8 CLEAR ACCESS-GROUP (IN | OUT) STATISTIC INTERFACE....947
47.9 FIREWALL....947
47.10 IP ACCESS EXTENDED....948
47.11 IP ACCESS STANDARD 948
47.12 IPV6 ACCESS-LIST....949
47.13 IPV6 ACCESS STANDARD 950
47.14 IPV6 ACCESS EXTENDED....951
47.15 {IP|IPV6|MAC|MAC-IP} ACCESS-GROUP....952
47.16 MAC ACCESS EXTENDED....953
47.17 MAC-IP ACCESS EXTENDED....953
47.18 PERMIT | DENY (IP EXTENDED)....954
47.19 PERMIT | DENY(IP STANDARD) 955
47.20 PERMIT | DENY(IPV6 EXTENDED) 956
47.21 PERMIT | DENY(IPV6 STANDARD)....957
47.22 PERMIT | DENY(MAC EXTENDED) 958
47.23 PERMIT | DENY(MAC-IP EXTENDED) 960
47.24 SHOW ACCESS-LISTS 962
47.25 SHOW ACCESS-GROUP 963
47.26 SHOW FIREWALL....963
47.27 SHOW IPV6 ACCESS-LISTS....964
47.28 SHOW TIME-RANGE 965
47.29 TIME-RANGE 965

CHAPTER 48 COMMANDS FOR 802.1X....966

48.1 DEBUG DOT1X DETAIL 966
48.2 DEBUG DOT1X ERROR....967
48.3 DEBUG DOT1X FSM 967
48.4 DEBUG DOT1X PACKET....968
48.5 DOT1X ACCEPT-MAC 968
48.6 DOT1X EAPOR ENABLE....969
48.7 DOT1X ENABLE....970
48.8 DOT1X GUEST-VLAN....971
48.9 DOT1X MACFILTER ENABLE....972
48.10 DOT1X MAX-REQ....972
48.11 DOT1X USER FREE-RESOURCE....973
48.12 DOT1X MAX-USER MACBASED 973
48.13 DOT1X MAX-USER USERBASED 974
48.14 DOT1X PORT-CONTROL 975

48.15 DOT1X PORT-METHOD 976
48.16 DOT1X PRIVATECLIENT ENABLE 977
48.17 DOT1X PRIVATECLIENT PROTECT ENABLE....977
48.18 DOT1X RE-AUTHENTICATE 978
48.19 DOT1X RE-AUTHENTICATION 978
48.20 DOT1X TIMEOUT QUIET-PERIOD....979
48.21 DOT1X TIMEOUT RE-AUTHPERIOD....979
48.22 DOT1X TIMEOUT TX-PERIOD....980
48.23 DOT1X UNICAST ENABLE 980
48.24 SHOW DOT1X....981
48.25 USER-CONTROL LIMIT IPV4 983
48.26 USER-CONTROL LIMIT IPV6 983

CHAPTER 49 COMMANDS FOR THE NUMBER LIMITATION FUNCTION OF MAC AND IP IN PORT, VLAN....984

49.1 DEBUG IP ARP COUNT....984
49.2 DEBUG IPV6 ND COUNT....985
49.3 DEBUG SWITCHPORT ARP COUNT....985
49.4 DEBUG SWITCHPORT MAC COUNT 986
49.5 DEBUG SWITCHPORT ND COUNT....986
49.6 DEBUG VLAN MAC COUNT 987
49.7 IP ARP DYNAMIC MAXIMUM....987
49.8 IPV6 ND DYNAMIC MAXIMUM....988
49.9 MAC-ADDRESS QUERY TIMEOUT....988
49.10 SHOW ARP-DYNAMIC COUNT 989
49.11 SHOW MAC-ADDRESS DYNAMIC COUNT....990
49.12 SHOW ND-DYNAMIC COUNT....990
49.13 SWITCHPORT ARP DYNAMIC MAXIMUM 991
49.14 SWITCHPORT MAC-ADDRESS DYNAMIC MAXIMUM 992
49.15 SWITCHPORT MAC-ADDRESS VIOLATION....993
49.16 SWITCHPORT ND DYNAMIC MAXIMUM....994
49.17 VLAN MAC-ADDRESS DYNAMIC MAXIMUM....995

CHAPTER 50 COMMANDS FOR AM CONFIGURATION....996

50.1 AM ENABLE 996
50.2 AM PORT 996
50.3 AM IP-POOL 997
50.4 AM MAC-IP-POOL 997
50.5 NO AM ALL 998
50.6 SHOW AM 998

CHAPTER 51 COMMANDS FOR TACACS+....1000

51.1 TACACS-SERVER AUTHENTICATION HOST....1000
51.2 TACACS-SERVER KEY 1001
51.3 TACACS-SERVER NAS-IPV4....1001
51.4 TACACS-SERVER TIMEOUT....1002
51.5 DEBUG TACACS-SERVER 1003

CHAPTER 52 COMMANDS FOR RADIUS....1004

52.1 AAA ENABLE....1004
52.2 AAA-ACCOUNTING ENABLE....1004
52.3 AAA-ACCOUNTING UPDATE....1005
52.4 DEBUG AAA PACKET....1006
52.5 DEBUG AAA DETAIL ATTRIBUTE 1007
52.6 DEBUG AAA DETAIL CONNECTION....1007
52.7 DEBUG AAA DETAIL EVENT....1008
52.8 DEBUG AAA ERROR....1008
52.9 RADIUS NAS-IPV4....1009
52.10 RADIUS NAS-IPV6....1010
52.11 RADIUS-SERVER ACCOUNTING HOST 1011
52.12 RADIUS-SERVER AUTHENTICATION HOST 1012
52.13 RADIUS-SERVER DEAD-TIME 1013
52.14 RADIUS-SERVER KEY....1013
52.15 RADIUS-SERVER RETRANSMIT....1014
52.16 RADIUS-SERVER TIMEOUT....1015
52.17 RADIUS-SERVER ACCOUNTING-INTERIM-UPDATE TIMEOUT 1015
52.18 SHOW AAA AUTHENTICATED-USER 1017
52.19 SHOW AAA AUTHENTICATING-USER 1017
52.20 SHOW AAA CONFIG....1018
52.21 SHOW RADIUS AUTHENTICATED-USER COUNT 1019
52.22 SHOW RADIUS AUTHENTICATING-USER COUNT 1019
52.23 SHOW RADIUS COUNT....1020

CHAPTER 53 COMMANDS FOR SSL CONFIGURATION....1021

53.1 IP HTTP SECURE-SERVER....1021
53.2 IP HTTP SECURE-PORT 1021
53.3 IP HTTP SECURE- CIPHERSUITE 1022
53.4 SHOW IP HTTP SECURE-SERVER STATUS....1023
53.5 DEBUG SSL....1023

CHAPTER 54 COMMANDS FOR IPV6 SECURITY RA....1024

54.1 IPV6 SECURITY-RA ENABLE....1024

54.2 IPV6 SECURITY-RA ENABLE....1025
54.3 SHOW IPV6 SECURITY-RA 1025
54.4 DEBUG IPV6 SECURITY-RA....1026

CHAPTER 55 COMMANDS FOR VLAN-ACL ....1027

55.1 CLEAR VACL STATISTIC VLAN 1027
55.2 SHOW VACL VLAN 1027
55.3 VACL IP ACCESS-GROUP....1029
55.4 VACL IPV6 ACCESS-GROUP 1029
55.5 VACL MAC ACCESS-GROUP 1030
55.6 VACL MAC-IP ACCESS-GROUP 1031

CHAPTER 56 COMMANDS FOR MAB ....1032

56.1 AUTHENTICATION MAB....1032
56.2 CLEAR MAC-AUTHENTICATION-BYPASS BINDING....1032
56.3 DEBUG MAC-AUTHENTICATION-BYPASS 1033
56.4 MAC-AUTHENTICATION-BYPASS BINDING-LIMIT....1033
56.5 MAC-AUTHENTICATION-BYPASS ENABLE....1034
56.6 MAC-AUTHENTICATION-BYPASS GUEST-VLAN....1034
56.7 MAC-AUTHENTICATION-BYPASS SPOOFING-GARP-CHECK 1035
56.8 MAC-AUTHENTICATION-BYPASS TIMEOUT LINKUP-PERIOD....1035
56.9 MAC-AUTHENTICATION-BYPASS TIMEOUT OFFLINE-DETECT 1036
56.10 MAC-AUTHENTICATION-BYPASS TIMEOUT QUIET-PERIOD....1036
56.11 MAC-AUTHENTICATION-BYPASS TIMEOUT REAUTH-PERIOD ....1037
56.12 MAC-AUTHENTICATION-BYPASS TIMEOUT STALE-PERIOD 1037
56.13 MAC-AUTHENTICATION-BYPASS USERNAME-FORMAT....1038
56.14 SHOW MAC-AUTHENTICATION-BYPASS....1038

CHAPTER 57 COMMANDS FOR PPPOE INTERMEDIATE AGENT ....1041

57.1 DEBUG PPPOE INTERMEDIATE AGENT PACKET {RECEIVE | SEND} INTERFACE ETHERNET 1041
57.2 PPPOE INTERMEDIATE-AGENT 1042
57.3 PPPOE INTERMEDIATE-AGENT (PORT) 1042
57.4 PPPOE INTERMEDIATE-AGENT ACCESS-NODE-ID 1043
57.5 PPPOE INTERMEDIATE-AGENT CIRCUIT-ID 1043
57.6 PPPOE INTERMEDIATE-AGENT IDENTIFIER-STRING OPTION DELIMITER....1044
57.7 PPPOE INTERMEDIATE-AGENT REMOTE-ID....1045
57.8 PPPOE INTERMEDIATE-AGENT TRUST 1045
57.9 PPPOE INTERMEDIATE-AGENT VENDOR-TAG STRIP 1046
57.10 SHOW PPPOE INTERMEDIATE-AGENT ACCESS-NODE-ID....1046
57.11 SHOW PPPOE INTERMEDIATE-AGENT IDENTIFIER-STRING OPTION DELIMITER....1047

57.12 SHOW PPPOE INTERMEDIATE-AGENT INFO 1047

CHAPTER 58 COMMANDS FOR SAVI ....1048

58.1 COMMANDS FOR SAVI....1048

58.1.1 ipv6 cps prefix 1048

58.1.2 ipv6 cps prefix check enable 1048

58.1.3 ipv6 dhcp snooping trust 1049

58.1.4 ipv6 nd snooping trust.... 1049

58.1.5 savi check binding.... 1050

58.1.6 savi enable.... 1050

58.1.7 savi ipv6 binding num 1051

58.1.8 savi ipv6 check source binding 1052

58.1.9 savi ipv6 check source ip-address mac-address.... 1053

58.1.10 savi ipv6 {dhcp-only | slaac-only | dhcp-slaac} enable 1053

58.1.11 savi ipv6 mac-binding-limit 1054

58.1.12 savi max-dad-dalay.... 1054

58.1.13 savi max-dad-prepare-delay 1055

58.1.14 savi max-slaac-life 1055

58.1.15 savi timeout bind-protect.... 1056

58.2 COMMANDS FOR MONITOR AND DEBUG....1057

58.2.1 Monitor and Debugg 1057

58.2.1.1 debug ipv6 dhcp snooping binding 1057

58.2.1.2 debug ipv6 dhcp snooping event....1057

58.2.1.3 debug ipv6 dhcp snooping packet 1058

58.2.1.4 debug ipv6 nd snooping binding....1058

58.2.1.5 debug ipv6 nd snooping event....1059

58.2.1.6 debug ipv6 nd snooping packet....1059

58.2.1.7 show savi ipv6 check source binding....1060

CHAPTER 59 COMMANDS FOR WEB PORTAL CONFIGURATION....1061

59.1 CLEAR WEBPORTAL BINDING .... 1061

59.2 DEBUG WEBPORTAL BINDING....1062

59.3 DEBUG WEBPORTAL ERROR....1062

59.4 DEBUG WEBPORTAL EVENT 1063

59.5 DEBUG WEBPORTAL PACKET 1063

59.6 IP DHCP SNOOPING BINDING WEBPORTAL 1064

59.7 SHOW WEBPORTAL 1065

59.8 SHOW WEBPORTAL BINDING 1065

59.9 WEBPORTAL BINDING-LIMIT 1066

59.10 WEBPORTAL ENABLE 1067

59.11 WEBPORTAL ENABLE (PORT)....1067

59.12 WEBPORTAL NAS-IP 1068

59.13 WEBPORTAL REDIRECT....1068

CHAPTER 60 COMMANDS FOR VRRP....1069

60.1 ADVERTISEMENT-INTERVAL....1069
60.2 CIRCUIT-FAILOVER 1070
60.3 DEBUG VRRP 1070
60.4 DISABLE....1071
60.5 ENABLE....1072
60.6 INTERFACE 1072
60.7 PREEMPT-MODE....1073
60.8 PRIORITY 1073
60.9 ROUTER VRRP....1074
60.10 SHOW VRRP....1074
60.11 VIRTUAL-IP 1076

CHAPTER 61 COMMANDS FOR IPV6 VRRPV3 CONFIGURATION....1077

61.1 ADVERTISEMENT-INTERVAL....1077
61.2 CIRCUIT-FAILOVER 1078
61.3 DEBUG IPV6 VRRP....1079
61.4 DISABLE....1079
61.5 ENABLE....1080
61.6 PREEMPT-MODE....1080
61.7 PRIORITY....1081
61.8 ROUTER IPV6 VRRP 1081
61.9 SHOW IPV6 VRRP 1082
61.10 VIRTUAL-IPV6 INTERFACE....1083

CHAPTER 62 COMMANDS FOR MRPP ....1084

62.1 CONTROL-VLAN 1084
62.2 CLEAR MRPP STATISTICS 1084
62.3 DEBUG MRPP....1085
62.4 ENABLE....1085
62.5 FAIL-TIMER 1086
62.6 HELLO-TIMER....1087
62.7 MRPP ENABLE....1087
62.8 MRPP POLL-TIME....1088
62.9 MRPP RING 1088
62.10 MRPP RING PRIMARY-PORT 1089
62.11 MRPP RING SECONDARY-PORT 1089
62.12 NODE-MODE 1090
62.13 SHOW MRPP 1091

62.14 SHOW MRPP STATISTICS .... 1091

CHAPTER 63 COMMANDS FOR ULPP....1092

63.1 CLEAR ULPP FLUSH COUNTER INTERFACE 1092

63.2 CONTROL VLAN....1092

63.3 DEBUG ULPP ERROR 1093

63.4 DEBUG ULPP EVENT 1093

63.5 DEBUG ULPP FLUSH CONTENT INTERFACE 1094

63.6 DEBUG ULPP FLUSH {SEND | RECEIVE} INTERFACE....1095

63.7 DESCRIPTION....1095

63.8 FLUSH DISABLE ARP....1096

63.9 FLUSH DISABLE MAC 1096

63.10 FLUSH ENABLE ARP 1097

63.11 FLUSH ENABLE MAC....1097

63.12 PREEMPTION DELAY 1098

63.13 PREEMPTION MODE....1098

63.14 PROTECT VLAN-REFERENCE-INSTANCE 1099

63.15 SHOW ULPP FLUSH COUNTER INTERFACE 1100

63.16 SHOW ULPP FLUSH-RECEIVE-PORT 1100

63.17 SHOW ULPP GROUP....1101

63.18 ULPP CONTROL VLAN 1102

63.19 ULPP FLUSH DISABLE ARP 1102

63.20 ULPP FLUSH DISABLE MAC....1103

63.21 ULPP FLUSH ENABLE ARP 1103

63.22 ULPP FLUSH ENABLE MAC 1104

63.23 ULPP GROUP 1104

63.24 ULPP GROUP MASTER 1105

63.25 ULPP GROUP SLAVE 1105

CHAPTER 64 COMMANDS FOR ULSM ....1106

64.1 DEBUG ULSM EVENT....1106

64.2 SHOW ULSM GROUP 1106

64.3 ULSM GROUP....1107

64.4 ULSM GROUP {UPLINK | DOWNLINK} 1107

CHAPTER 65 COMMANDS FOR MIRRORING CONFIGURATION....1108

65.1 MONITOR SESSION SOURCE INTERFACE....1108

65.2 MONITOR SESSION SOURCE INTERFACE ACCESS-LIST....1109

65.3 MONITOR SESSION DESTINATION INTERFACE.... 1110

65.4 SHOW MONITOR 1110

CHAPTER 66 COMMANDS FOR RSPAN CONFIGURATION .... 1111

66.1 REMOTE-SPAN 1111
66.2 MONITOR SESSION REMOTE VLAN 1111
66.3 MONITOR SESSION REFLECTOR-PORT....1112

CHAPTER 67 COMMANDS FOR SFLOW....1113

67.1 SFLOW AGENT-ADDRESS 1113
67.2 SFLOW ANALYZER.... 1113
67.3 SFLOW COUNTER-INTERVAL....1114
67.4 SFLOW DATA-LEN....1114
67.5 SFLOW DESTINATION....1115
67.6 SFLOW HEADER-LEN 1115
67.7 SFLOW PRIORITY.... 1116
67.8 SFLOW RATE.... 1117
67.9 SHOW SFLOW 1117

CHAPTER 68 COMMANDS FOR SNTP....1119

68.1 CLOCK TIMEZONE.... 1119
68.2 DEBUG SNTP....1119
68.3 SNTP POLLTIME....1120
68.4 SNTP SERVER 1120
68.5 SHOW SNTP 1121

CHAPTER 69 COMMANDS FOR NTP 1122

69.1 CLOCK TIMEZONE....1122
69.2 DEBUG NTP ADJUST 1122
69.3 DEBUG NTP AUTHENTICATION 1123
69.4 DEBUG NTP EVENTS 1123
69.5 DEBUG NTP PACKET 1124
69.6 DEBUG NTP SYNC....1124
69.7 NTP ACCESS-GROUP 1125
69.8 NTP AUTHENTICATE 1125
69.9 NTP AUTHENTICATION-KEY 1126
69.10 NTP BROADCAST CLIENT 1126
69.11 NTP BROADCAST SERVER COUNT 1127
69.12 NTP DISABLE 1127
69.13 NTP ENABLE 1128
69.14 NTP IPV6 MULTICAST CLIENT.... 1128
69.15 NTP MULTICAST CLIENT 1129
69.16 NTP SERVER 1129
69.17 NTP TRUSTED-KEY 1130
69.18 SHOW NTP STATUS 1130

69.19 SHOW NTP SESSION 1131

CHAPTER 70 COMMANDS FOR DNSV4/V6....1132

70.1 CLEAR DYNAMIC-HOST 1132
70.2 DEBUG DNS 1132
70.3 DNS-SERVER 1133
70.4 DNS LOOKUP 1134
70.5 SHOW DNS NAME-SERVER 1134
70.6 SHOW DNS DOMAIN-LIST....1135
70.7 SHOW DNS HOSTS....1135
70.8 SHOW DNS CONFIG....1136
70.9 SHOW DNS CLIENT 1136
70.10 IP DOMAIN-LOOKUP.... 1137
70.11 IP DOMAIN-LIST 1137
70.12 IP DNS SERVER 1138
70.13 IP DNS SERVER QUEUE MAXIMUM 1138
70.14 IP DNS SERVER QUEUE TIMEOUT 1139

CHAPTER 71 COMMANDS FOR SUMMER TIME....1140

71.1 CLOCK SUMMER-TIME ABSOLUTE....1140
71.2 CLOCK SUMMER-TIME RECURRING 1141
71.3 CLOCK SUMMER-TIME RECURRING 1142

CHAPTER 72 COMMANDS FOR SHOW ....1143

72.1 CLEAR HISTORY ALL-USERS.... 1143
72.2 CLEAR LOGGING 1143
72.3 HISTORY ALL-USERS MAX-LENGTH....1144
72.4 LOGGING....1144
72.5 LOGGING EXECUTED-COMMANDS....1145
72.6 LOGGING LOGHOST SEQUENCE-NUMBER....1146
72.7 PING....1146
72.8 PING6....1148
72.9 SHOW DEBUGGING....1150
72.10 SHOW FLASH 1151
72.11 SHOW HISTORY 1151
72.12 SHOW HISTORY ALL-USERS.... 1152
72.13 SHOW LOGGING BUFFERED 1152
72.14 SHOW LOGGING EXECUTED-COMMANDS STATE 1153
72.15 SHOW LOGGING SOURCE.... 1154
72.16 SHOW MEMORY 1154
72.17 SHOW RUNNING-CONFIG....1155

72.18 SHOW STARTUP-CONFIG....1156
72.19 SHOW SWITCHPORT INTERFACE 1156
72.20 SHOW TCP 1157
72.21 SHOW TCP IPV6....1158
72.22 SHOW TELNET LOGIN....1158
72.23 SHOW TEMPERATURE....1159
72.24 SHOW TECH-SUPPORT....1159
72.25 SHOW UDP....1160
72.26 SHOW UDP IPV6 1160
72.27 SHOW VERSION....1161
72.28 TRACEROUTE 1161
72.29 TRACEROUTE6 1162

CHAPTER 73 COMMANDS FOR RELOAD SWITCH AFTER SPECIFIED TIME .....1163

73.1 RELOAD AFTER 1163
73.2 RELOAD CANCEL 1164
73.3 SHOW RELOAD....1164

CHAPTER 74 COMMANDS FOR DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED AND SENT BY CPU....1165

74.1 CLEAR CPU-RX-STAT PROTOCOL....1165
74.2 CPU-RX-RATELIMIT PROTOCOL....1165
74.3 CPU-RX-RATELIMIT TOTAL....1166
74.4 DEBUG DRIVER 1167
74.5 SHOW CPU-RX PROTOCOL 1167

CHAPTER 75 COMMANDS FOR BASIC VSF CONFIGURATION....1168

75.1 SWITCH CONVERT MODE.... 1168
75.2 WRITE 1169
75.3 VSF PORT-GROUP 1170
75.4 VSF PORT-GROUP INTERFACE ETHERNET 1171
75.5 VSF DOMAIN 1172
75.6 VSF MEMBER 1173
75.7 VSF NON-WAIT PORT-INACTIVE....1173
75.8 VSF PRIORITY 1174
75.9 VSF AUTO-MERGE ENABLE....1174
75.10 VSF MEMBER DESCRIPTION....1175
75.11 VSF LINK DELAY 1176
75.12 VSF MAC-ADDRESS PERSISTENT 1177

CHAPTER 76 COMMANDS FOR CONFIGURATION AND DEBUGGING OF VSF CONFLICT DETECTION....1178

76.1 VSF MAD LACP ENABLE 1178
76.2 VSF MAD BFD ENABLE 1178
76.3 VSF MAD IP ADDRESS 1179
76.4 VSF MAD EXCLUDE....1180
76.5 VSF MAD RESTORE 1180
76.6 SHOW MAD CONFIG 1181

CHAPTER 77 COMMANDS FOR VSF DEBUGGING....1182

77.1 SHOW RUNNING-CONFIG....1182
77.2 SHOW VSF 1182
77.3 SHOW VSF TOPOLOGY 1183
77.4 SHOW VSF-CONFIG....1184
77.5 SHOW MAD CONFIG 1185
77.6 SHOW VSF CPU-DATABASE ALL-MEMBER BRIEF-INFORMATION 1186
77.7 SHOW VSF CPU-DATABASE MEMBER BASIC-INFORMATION 1187
77.8 SHOW VSF CPU-DATABASE MEMBER RUNNING-INFORMATION....1188
77.9 SHOW VSF CPU-DATABASE MEMBER PORT-INFORMATION....1189
77.10 SHOW VSF CPU-DATABASE MEMBER PORT-LINK-INFORMATION.... 1190
77.11 SHOW SLOT 1191
77.12 DEBUG VSF PACKET DETAIL ..... 1192
77.13 DEBUG VSF PACKET 1193
77.14 DEBUG VSF EVENT 1193
77.15 DEBUG VSF ERROR 1194

CHAPTER 78 COMMANDS FOR POE....1195

78.1 COMMANDS FOR POE CONFIGURATION 1195
78.1.1 power inline enable (Global) 1195
78.1.2 power inline enable (Port) 1195
78.1.3 power inline high-inrush 1196
78.1.4 power inline legacy 1197
78.1.5 power inline max (Global) 1197
78.1.6 power inline max (Port) 1198
78.1.7 power inline police 1198
78.1.8 power inline priority 1199

78.2 COMMANDS FOR POE MONITORING AND DEBUGGING 1200

78.2.1 Monitoring and Debugging Information 1200
78.2.1.1 show power inline 1200
78.2.1.2 show power inline interface ethernet....1201
78.2.1.3 debug power inline....1203

78.3 COMMANDS FOR POE 1204

78.3 1204

78.3.1 Commands for PoE Configuration 1204

78.3.2 power inline enable (Global) 1204

78.3.3 power inline enable (Port) 1204

CHAPTER 79 COMMANDS FOR CFM OAM ....1206

79.1 COMMANDS FOR CFM OAM CONFIGURATION 1206

79.1.1 clear ethernet cfm.... 1206

79.1.2 continuity-check 1206

79.1.3 continuity-check interval 1207

79.1.4 continuity-check receive 1207

79.1.5 cos 1208

79.1.6 debug ethernet cfm 1208

79.1.7 debug ethernet cfm error 1209

79.1.8 debug ethernet cfm operation.... 1209

79.1.9 ethernet cfm alarm 1210

79.1.10 ethernet cfm auto-traceroute cache....1211

79.1.11 ethernet cfm domain....1211

79.1.12 ethernet cfm global.... 1212

79.1.13 ethernet cfm logging.... 1212

79.1.14 ethernet cfm mep 1212

79.1.15 ethernet cfm mip.... 1213

79.1.16 ethernet cfm mode 1214

79.1.17 ethernet cfm pvlan.... 1214

79.1.18 ethernet cfm snmp-server enable traps 1214

79.1.19 ethernet cfm y1731 global 1215

79.1.20 id 1215

79.1.21 mep mepid 1216

79.1.22 mip auto-create 1216

79.1.23 ping ethernet 1217

79.1.24 sender-id....1218

79.1.25 service.... 1219

79.1.26 show ethernet cfm domain 1220

79.1.27 show ethernet cfm errors.... 1221

79.1.28 show ethernet cfm maintenance-points local 1222

79.1.29 show ethernet cfm maintenance-points remote 1224

79.1.30 show ethernet cfm maintenance-points remote detail.... 1225

79.1.31 show ethernet cfm mpdb 1226

79.1.32 show ethernet cfm service.... 1227

79.1.33 show ethernet cfm statistic 1228

79.1.34 show ethernet cfm status.... 1230

79.1.35 show ethernet cfm traceroute-reply auto 1231
79.1.36 show ethernet cfm vlan table.... 1232
79.1.37 switchport ulpp group track cfm cc level ...... 1232
79.1.38 traceroute ethernet 1233
79.1.39 traceroute Ethernet auto 1234

Chapter 1 Commands for Basic Switch Configuration

1.1 Commands for Basic Configuration

1.1.1 Authentication line login

Command:

authentication line {console | sty | web} login {local | radius | tacacs}

No authentication line {console | sty | web} login

Function:

Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the authentication mode for the login user. The no form command restores the default authentication mode.

Default:

No configuration is enabled for the console login method by default. Local authentication is enabled for the VTY and Web login method by default.

Command Mode:

Global Mode.

Usage Guide:

The authentication method for Console, VTY and Web login can be configured respectively. And authentication method can be any one or combination of Local, RADIUS or TACCACS. When login method is configured in combination, the preference goes from left to right. If the users have passed the authentication method, authentication method of lower preferences will be ignored. As mentioned, if the user receives a corresponding protocol's answer of refusal or acceptance, it will not attempt the next authentication method (Except if the local authentication method fails, it will attempt the next authentication method); it will attempt the next authentication method if it receives nothing. And AAA function RADIUS server should be configured before the RADIUS configuration method can be used. And TACACS server should be configured before the TACACS configuration method can be used.

The authentication line console login command is exclusive with the login command. The authentication line console login command configures the switch to use the Console login method. And the login command makes the Console login use the passwords configured by the password command for authentication.

If local authentication is configured while no local users are configured, users will be able to login to the switch via the Console method.

Example:

To configure the Telnet and SSH login method, use RADIUS authentication method.

Switch(config)# authentication line vty login local radius

Relative Command:

aaa enable, radius-server authentication host, tacacs-server authentication host, tacacs-server key

1.1.2 banner

Command:

banner motd

no banner motd

Function:

This command is used to configure the information displayed when the login authentication of a telnet or console user is successful, the no command configures that the information is not displayed when the authentication is successful.

Parameters: .

: The information displayed when the authentication is successful, length limit from 1 to 100 characters.

Command Mode:

Global Mode.

Default:

Do not show the information when the authentication is successful.

Example:

Switch(config)#banner motd Welcome

1.1.3 boot img

Command:

boot img { primary | backup }

Function:

Configure the first and second img files used in the next boot of the main control boardcard.

Parameters: .

primary means to configure the first IMG file, backup means to configure the second IMG file, is the full path of the booting IMG file, the format of which is as follows:

  1. The file path comprises of two parts: device prefix used as the root directory (flash:/) and the file name. No space is allowed in each part or between two parts.
  2. The suffix of all file names should be .img.
  3. The length of the full file path should be no longer than 128 characters, while the file name no longer than 80 characters.

Command Mode:

Admin Mode.

Default:

The factory original configuration only specifies the first booting IMG file, the nos.img file in the FLASH, without the second one.

Example:

  1. Set flash:/nos.img as the second booting IMG file used in the next booting of the system.

Switch#boot img flash:/nos.img backup

  1. Set flash:/5.4.128.0_nos.img as the first booting IMG file used in the next booting of the system.

Switch#boot img flash:/5.4.128.0_nos.img primary

1.1.4 boot startup-config

Command:

boot startup-config { NULL | }

Function:

Configure the CGF file used in the next booting of the main control boardcard.

Parameters:

The NULL keyword means to use the factory original configuration as the next booting configuration. Setting the he CGF file used in the next booting as NULL equals to implementing "set default" and "write". is the full path of CGF file used in the next booting.

  1. The file path comprises of two parts: device prefix used as the root directory (flash:/) and the file name. No space is allowed in each part or between two parts.
  2. The suffix of all file names should be .cfg.
  3. The length of the full file path should be no longer than 128 characters, while the file name no longer than 80 characters.

Command Mode:

Admin Mode.

Default Settings:

None.

Example:

  1. Set flash:/ startup.cfg as the booting CFG file used in the next booting of the system.

Switch# boot startup-configflash:/ startup.cfg

  1. Set flash:/ test-trunk.cfg as the booting CFG file used in the next booting of the system.

Switch#boot startup-config flash:/ test-trunk.cfg

1.1.5 clock set

Command:

clock set <HH:MM:SS> <YYYY.MM.DD>

Function:

Set system date and time.

Parameter:

is the current time, and the valid scope for HH is 0 to 23, MM and SS 0 to 59; is the current year, month and date, and the valid scope for YYYY is 1970\~2038, MON meaning month, and DD between 1 to 31.

Command mode:

Admin Mode.

Default:

upon first time start-up, it is defaulted to 2006.1.1 0:0:0.

Usage guide:

The switch can not continue timing with power off, hence the current date and time must be first set at environments where exact time is required.

Example:

To set the switch current date and time to 2002.8.1 23:0:0:

Switch#clock set 23:0:0 2002.8.1

Relative Command:

show clock

1.1.6 config

Command:

config [terminal]

Function:

Enter Global Mode from Admin Mode.

Parameter:

[terminal] indicates terminal configuration.

Command mode:

Admin Mode

Example:

Switch#config

1.1.7 debug ssh-server

Command:

debug ssh-server

no debug ssh-server

Function:

Display SSH server debugging information; the "no debug ssh-server" command stops displaying SSH server debugging information.

Default:

This function is disabled by default.

Command mode:

Admin Mode.

1.1.8 disable

Command:

disable

Function:

Disable admin mode.

Command mode:

Admin Mode.

Example:

Switch#disable

Switch>

1.1.9 enable

Command:

enable

Function:

Use enable command to enter Admin Mode from User Mode.

Command mode:

User Mode/ Admin Mode.

Usage Guide:

To prevent unauthorized access of non-admin user, user authentication is required (i.e. Admin user password is required) when entering Admin Mode from User Mode. If the correct Admin user password is entered, Admin Mode

access is granted; if 3 consecutive entry of Admin user password are all wrong, it remains in the User Mode. Set the Admin user password under Global Mode with "enable password" command.

Example:

Switch>enable

Switch#

1.1.10 enable password

Command:

enable password [0|7]

no enable password

Function:

Configure the password used for enter Admin Mode from the User Mode,

The "no enable password" command deletes this password.

Parameter:

password is the password for the user. If input option 0 on password setting, the password is not encrypted; if input option 7, the password is encrypted.

Command mode:

Global Mode

Default:

This password is empty by system default

Usage Guide:

Configure this password to prevent unauthorized entering Admin Mode. It is recommended to set the password at the initial switch configuration. Also, it is recommended to exit Admin Mode with "exit" command when the administrator needs to leave the terminal for a long time.

1.1.11 end

Command:

end

Function:

Quit current mode and return to Admin mode when not at User Mode/ Admin Mode.

Command mode:

Except User Mode/ Admin Mode

Example:

Quit VLAN mode and return to Admin mode.

Switch(config-vlan1)#end

Switch#

1.1.12 exec-timeout

Command:

exec-timeout []

no exec-timeout

Function:

Configure the timeout of exiting admin mode. The "no exec-timeout" command restores the default value.

Parameters:

is the time value shown in minute and ranges between 0\~35791.

is the time value shown in seconds and ranges between 0\~59.

Command mode:

Global mode

Default:

Default timeout is 10 minutes.

Usage guide:

To secure the switch, as well to prevent malicious actions from unauthorized user, the time will be count from the last configuration the admin had made, and the system will exit the admin mode at due time. It is required to enter admin code and password to enter the admin mode again. The timeout timer will be disabled when the timeout is set to 0.

Example:

Set the admin mode timeout value to 6 minutes

Switch(config)#exec-timeout 6

Set the admin mode timeout value to 5 minutes, 30 seconds

Switch(config)#exec-timeout 5 30

1.1.13 exit

Command:

exit

Function:

Quit current mode and return to it's previous mode.

Command mode:

All Modes

Usage Guide:

This command is to quit current mode and return to it's previous mode.

Example:

Quit global mode to it's previous mode

Switch#exit

Switch#

1.1.14 help

Command:

help

Function:

Output brief description of the command interpreter help system.

Command mode:

All configuration modes.

Usage Guide:

An instant online help provided by the switch. Help command displays information about the whole help system, including complete help and partial help. The user can type in ? any time to get online help.

Example:

switch(config)#help

PLANETOS CLI provides advanced help feature. When you need help, anytime at the command line please press

'?' If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.

Two styles of help are provided:

  1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument.
  2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show ve?').

1.1.15 hostname

Command:

hostname

no hostname

Function:

Set the prompt in the switch command line interface. The no operation cancels the configuration.

Parameter:

is the string for the prompt, up to 30 characters are allowed.

Command mode:

Global Mode

Default:

The default prompt is related with the switch.

Usage Guide:

With this command, the user can set the CLI prompt of the switch according to their own requirements.

Example:

Set the prompt to "Test".

Switch(config)#hostname Test

Test(config)#

1.1.16 ip host

Command:

ip host

no ip host {|all}

Function:

Set the mapping relationship between the host and IP address; the "no ip host" parameter of this command will delete the mapping.

Parameter:

is the host name, up to 15 characters are allowed;

is the corresponding IP address for the host name, takes a dot decimal format;

all is all of the host name.

Command mode:

Global Mode

Usage Guide:

Set the association between host and IP address, which can be used in commands like "ping "

Example:

Set IP address of a host with the hostname of "beijing" to 200.121.1.1.

Switch(config)#ip host beijing 200.121.1.1

telnet, ping, traceroute

1.1.17 ipv6 host

Command:

ipv6 host

no ipv6 host {/all}

Function:

Configure the mapping relationship between the IPv6 address and the host; the "no ipv6 host " command deletes this mapping relationship.

Parameter:

is the name of the host, containing max 15 characters;

is the IPv6 address corresponding to the host name.

is all the host address.

Command Mode:

Global Mode

Usage Guide:

Configure a fixed corresponding relationship between the host and the IPv6 address, applicable in commands such as "traceroute6 ", etc.

Example:

Set the IPv6 address of the host named beijing to 2001:1:2:3::1

Switch(config)#ipv6 host beijing 2001:1:2:3::1

ping6,traceroute6

1.1.18 ip http server

Command:

ip http server

no ip http server

Function:

Enable Web configuration; the "no ip http server" command disables Web configuration

Command mode:

Global mode

Usage guide:

Web configuration is for supplying a interface configured with HTTP for the user, which is straight and visual, esay to understand.

Example:

Enable Web Server function and enable Web configurations.

Switch(config)#ip http server

1.1.19 language

Command:

language {chinese | english}

Function:

Set the language for displaying the help information.

Parameter:

chinese for Chinese display;

english for English display.

Command mode:

Admin and Config Mode.

Default:

The default setting is English display.

Usage Guide:

Switch provides help information in two languages, the user can select the language according to their preference.

After the system restart, the help information display will revert to English.

1.1.20 login

Command:

login

no login

Function:

login enable password authentication, no login command cancels the login configuration.

Command mode:

Global mode

Default:

No login by default

Usage guide:

By using this command, users have to enter the password set by password command to enter normal user mode with console; no login cancels this restriction.

Example:

Enable password

Switch(config)#login

1.1.21 password

Command:

password [0|7]

no password

Function:

Configure the password used for enter normal user mode on the console. The "no password" command deletes this password.

Parameter:

password is the configured code. Encryption will be performed by entering 8.

Command mode:

Global mode

Default:

This password is empty by system default

Usage guide:

When both this password and login command are configured, users have to enter the password set by password command to enter normal user mode on console.

Example:

Switch(config)#password 0 test

Switch(config)#login

1.1.22 reload

Command:

reload

Function:

Warm reset the switch.

Command mode:

Admin Mode.

Usage Guide:

The user can use this command to restart the switch without power off.

1.1.23 service password-encryption

Command:

service password-encryption

no service password-encryption

Function:

Encrypt system password. The "no service password-encryption" command cancels the encryption.

Command mode:

Global Mode

Default:

No service password-encryption by system default

Usage guide:

The current unencrypted passwords as well as the coming passwords configured by password, enable password and username command will be encrypted by executed this command. no service password-encryption cancels this function however encrypted passwords remain unchanged.

Example:

Encrypt system passwords

Switch(config)#service password-encryption

1.1.24 service terminal-length

Command:

service terminal-length <0-512>

no service terminal-length

Function:

Configure the columns of characters displayed in each screen on terminal (vty). The "no service terminal-length" command cancels the screen shifting operation.

Parameter:

Columns of characters displayed on each screen of vty, ranging between 0-512.

Command mode:

Global Mode

Usage guide:

Configure the columns of characters displayed on each screen of the terminal. The columns of characters displayed on each screen on the telent.ssh client and the Console will be following this configuration.

Example:

Set the number of vty threads to 20.

Switch(config)#service terminal-length 20

1.1.25 sysContact

Command:

sysContact

no sysContact

Function:

Set the factory contact mode, the "no sysContact" command reset the switch to factory settings.

Parameter:

is the prompt character string, range from 0 to 255 characters.

Command mode:

Global Mode

Default:

The factory settings.

Usage guide:

The user can set the factory contact mode bases the fact instance.

Example:

Set the factory contact mode to test.

Switch(config)#sysContact test

1.1.26 sysLocation

Command:

sysLocation

no sysLocation

Function:

Set the factory address, the "no sysLocation" command reset the switch to factory settings.

Parameter:

is the prompt character string, range from 0 to 255 characters.

Command mode:

Global Mode

Default:

The factory settings.

Usage guide:

The user can set the factory address bases the fact instance.

Example:

Set the factory address to test.

Switch(config)#sysLocation test

1.1.27 set default

Command:

set default

Function:

Reset the switch to factory settings.

Command mode:

Admin Mode.

Usage Guide:

Reset the switch to factory settings. That is to say, all configurations made by the user to the switch will disappear.

When the switch is restarted, the prompt will be the same as when the switch was powered on for the first time.

Note:

After the command, "write" command must be executed to save the operation. The switch will reset to factory settings after restart.

Example:

Switch#set default

Are you sure? [Y/N] = y

Switch#write

Switch#reload

1.1.28 setup

Command:

setup

Function:

Enter the Setup Mode of the switch.

Command mode:

Admin Mode.

Usage Guide:

Switch provides a Setup Mode, in which the user can configure IP addresses, etc.

1.1.29 show clock

Command:

show clock

Function:

Display the current system clock.

Command mode:

Admin and Configuration Mode.

Usage Guide:

If the system clock is inaccurate, user can adjust the time by examining the system date and clock.

Example:

Switch#show clock

Current time is TUE AUG 22 11:00:01 2002

Command related:

clock set

1.1.30 show cpu usage

Command:

show cpu usage []

Function:

Show CPU usage rate.

Command mode:

Admin and Configuration Mode.

Usage Guide:

Check the current usage of CPU resource by show cpu usage command. Only the chassis switch uses slotno parameter which is used to show the CPU usage rate of the card on specified slot, if there is no parameter, the default is current card.

Example:

Show the current usage rate of CPU.

Switch#show cpu usage

Last 5 second CPU IDLE: 87%

Last 30 second CPU IDLE: 89%

Last 5 minute CPU IDLE: 89%

From running CPU IDLE: 89%

Command related:

clock set

1.1.31 show memory usage

Command:

show memory usage []

Function:

Show memory usage rate.

Command mode:

Admin and Configuration Mode.

Usage Guide:

Check the current usage of memory resource by show memory usage command. Only the chassis switch uses slotno parameter which is used to show the memory usage rate of card on the specified slot, if there is no parameter, the default is current card.

Example:

Show the current usage rate of the memory.

Switch#show memory usage

The memory total 128 MB, free 58914872 bytes, usage is 56.10%

1.1.32 show privilege

Command:

show privilege

Function:

Show privilege of the current users.

Command mode:

All configuration modes

Example:

Show privilege of the current user.

Switch(Config)#show privilege

Current privilege level is 15

1.1.33 show temperature

Command:

show temperature

Function:

Display the current temputerature of the switch CPU.

Command mode:

All mode.

Usage Guide:

This command is used to monitor the temperature of the switch CPU.

Example:

Display the current temperature of the switch CPU.

Switch(Config)#show temperature

Temperature: 47.0625 °C

1.1.34 show tech-support

Command:

show tech-support [no-more]

Function:

Display the operational information and the task status of the switch. The technique specialist use this command to diagnose whether the switch operate normally.

Parameter:

no-more: Display the operational information and the task status of the switch directly, do not connect the user by "more".

Command mode:

Admin and Configuration Mode.

Usage Guide:

This command is used to collect the relative information when the switch operation is malfunctioned.

Example:

Switch#show tech-support

1.1.35 show version

Command:

show version

Function:

Display the version information of the switch.

Command mode:

Admin and Configuration Mode.

Usage Guide:

this command is used to show the version information of the switch, including the hardware version and the software version information.

Example:

Switch#show version

1.1.36 username

Command:

username <username> [privilege <privilege>] [password <0/7> <password>]
no username <username>

Function:

Configure local login username and password along with its privilege level.

Parameter:

is the name of the user.

is the maximum privilege level of the commands that the user is able to execute, its value is limited between 1 and 15, and 1 by default.

is the password for the user. If input option 7 on password setting, the password is encrypted; if input option 0, the password is not processed.

Command Mode:

Global Mode.

Usage Guide:

There are two available choices for the preferences of the registered commands in the switch. They are 1 and 15. Preference of 1 is for the commands of the normal user configuration mode. Preference of 15 is for the commands registered in modes other than the normal user configuration modes. 16 local users at most can be configured through this command, and the maximum length of the password should be no less than 32.

Notice:

The user can log in user and priority after the command configures, before issuing the command authentication line console login local, it should be made sure that at one user has be configured as preference level of 15, in order to login the switch and make configuration changes in privileged mode and global mode. If there are no configured local users with preference level of 15, while only Local authentication is configured for the Console login method, the switch can be login without any authentication. When using the HTTP method to login the switch, only users with preference level of 15 can login the switch, users with preference level other than 15 will be denied.

Example:

Configure an administrator account named admin, with the preference level as 15. And configure two normal accounts with its preference level as 1. Then enable local authentication method.

Above all the configurations, only the admin user is able to login the switch in privileged mode through Telnet or Console login method, user1 and user2 can only login the switch in normal user mode through the telnet and console login method. For HTTP login method, only the admin user can pass the authentication configuration, user1 and user2 will be denied.

Switch(config)#username admin privilege 15 password 0 admin
Switch(config)# username user1 privilege 1 password 7 user1
Switch(config)# username user2 password 0 user2
Switch(config)# authentication line console login local

1.1.37 web language

Command:

web language {chinese | english}

Function:

Set the language for displaying the HTTP Server information.

Parameter:

chinese for Chinese display;

english for English display.

Command mode:

Admin Mode

Default:

The default setting is English display.

Usage Guide:

The user can select the language according to their preference.

1.1.38 write

Command:

write

Function:

Save the currently configured parameters to the Flash memory.

Command mode:

Admin Mode.

Usage Guide:

After a set of configuration with desired functions, the setting should be saved to the Flash memory, so that the system can revert to the saved configuration automatically in the case of accidentally powered off or power failure. This is the equivalent to the copy running-config startup-config command.

1.2 Commands for Telnet

1.2.1 authentication ip access-class

Command:

authentication ip access-class {|}

no authentication ip access-class

Function:

Binding standard IP ACL protocol to login with Telnet/SSH/Web; the no form command will cancel the binding ACL.

Parameters:

is the access-class number for standard numeric ACL, ranging between 1-99;

is the access-class name for standard ACL, the character string length is ranging between 1-32.

Default:

The binding ACL to Telnet/SSH/Web function is closed by default.

Command Mode:

Global Mode.

Example:

Binding standard IP ACL protocol to access-class 1.

Switch(config)#authentication ip access-class 1 in

1.2.2 authentication ipv6 access-class

Command:

authentication ipv6 access-class {|}

no authentication ipv6 access-class

Function:

Binding standard IPv6 ACL protocol to login with Telnet/SSH/Web; the no form command will cancel the binding ACL.

Parameters:

is the access-class number for standard numeric ACL, ranging between 500-599;

is the access-class name for standard ACL, the character string length is ranging between 1-32.

Default:

The binding ACL to Telnet/SSH/Web function is closed by default.

Command Mode:

Global Mode.

Example:

Binding standard IP ACL protocol to access-class 500.

Switch(config)#authentication ipv6 access-class 500

1.2.3 authentication line login

Command:

authentication line {console | vty | web} login {local | radius | tacacs}

no authentication line {console | vty | web} login

Function:

Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the authentication mode for the login user. The no form command restores the default authentication mode.

Default:

No configuration is enabled for the console login method by default. Local authentication is enabled for the VTY and Web login method by default.

Command Mode:

Global Mode.

Usage Guide:

The authentication method for Console, VTY and Web login can be configured respectively. And authentication method can be any one or combination of Local, RADIUS or TACACS. When login method is configuration in combination, the preference goes from left to right. If the users have passed the authentication method, authentication method of lower preferences will be ignored. To be mentioned, if the user receives correspond protocol's answer whether refuse or incept, it will not attempt the next authentication method (Exception: if the local authentication method failed, it will attempt the next authentication method); it will attempt the next authentication method if it receives nothing. And AAA function RADIUS server should be configured before the RADIUS configuration method can be used. And TACACS server should be configured before the TACACS configuration method can be used.

The authentication line console login command is exclusive with the "login" command. The authentication line console login command configures the switch to use the Console login method. And the login command makes the Console login to use the passwords configured by the password command for authentication.

If local authentication is configured while no local users are configured, users will be able to login the switch via the Console method.

Example:

Configure the remote login authentication mode to radius.

Switch(config)#authentication login radius

Relative Command:

aaa enable, radius-server authentication host

1.2.4 authentication securityip

Command:

authentication securityip <ip no authentication securityip

Function:

To configure the trusted IP address for Telnet and HTTP login method. The no form of this command will remove the trusted IP address configuration.

Parameters:

is the trusted IP address of the client in dotted decimal format which can login the switch.

Default:

No trusted IP address is configured by default.

Command Mode:

Global Mode.

Usage Guide:

IP address of the client which can login the switch is not restricted before the trusted IP address is not configured. After the trusted IP address is configured, only clients with trusted IP addresses are able to login the switch. Up to 32 trusted IP addresses can be configured in the switch.

Example:

To configure 192.168.1.21 as the trusted IP address.

Switch(config)# authentication securityip 192.168.1.21

1.2.5 authentication securityipv6

Command:

authentication securityipv6 no authentication securityipv6

Function:

To configure the trusted IPv6 address for Telnet and HTTP login method. The no form of this command will remove the specified configuration.

Parameters:

is the trusted IPv6 address which can login the switch.

Default:

No trusted IPv6 addresses are configured by default.

Command Mode:

Global Mode.

Usage Guide:

IPv6 address of the client which can login the switch is not restricted before the trusted IPv6 address is not configured. After the trusted IPv6 address is configured, only clients with trusted IPv6 addresses are able to login the switch. Up to 32 trusted IPv6 addresses can be configured in the switch.

Example:

Configure the secure IPv6 address is 2001:da8:123:1::1.

Switch(config)# authentication securityipv6 2001:da8:123:1::1

1.2.6 authorization

Command:

authorization line {console | vty | web} exec {local | radius | tacacs} no authorization line {console | vty | web} exec

Function:

Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the authorization mode for the login user. The no form command restores the default authorization mode.

Default:

There is no authorization mode.

Command Mode:

Global Mode.

Usage Guide:

The authorization method for Console, VTY and Web login can be configured respectively. And authorization method can be any one or combination of Local, RADIUS or TACACS. When login method is configuration in combination, the preference goes from left to right. If the users have passed the authorization method, authorization method of lower preferences will be ignored. To be mentioned, if the user receives corresponding protocol's answer whether refuse or incept, it will not attempt the next authorization method; it will attempt the next authorization method if it receives nothing. And AAA function RADIUS server should be configured before the RADIUS configuration method can be used. And TACACS server should be configured before the TACACS configuration method can be used. The local users adopt username command permission while authorization command is not configured, the users login the switch via RADIUS/TACACS method and works under common mode.

Example:

Configure the telnet authentication mode to RADIUS.

Switch(config)#authorization line vty exec radius

1.2.7 terminal length

Command:

terminal length <0-512>

terminal no length

Function:

Set columns of characters displayed in each screen on terminal; the "terminal no length" cancels the screen switching operation and display content once in all.

Parameter:

Columns of characters displayed in each screen, ranging between 0-512 (0 refers to non-stop display).

Command mode:

Admin Mode.

Default:

Default columns is 25.

Usage guide:

Set length of characters displayed in each screen on terminal, so that the-More-message will be shown when displayed information exceeds the screen. Press any key to show information in next screen. Default length is 25.

Example:

Configure treads in each display to 20.

Switch#terminal length 20

1.2.8 terminal monitor

Command:

terminal monitor

terminal no monitor

Function:

Copy debugging messages to current display terminal; the "terminal no monitor" command restores to the default value.

Command mode:

Admin Mode.

Usage guide:

Configures whether the current debugging messages is displayed on this terminal. If this command is configured on telnet or SSH clients, debug messages will be sent to that client. The debug message is displayed on console by default.

Example:

Switch#terminal monitor

1.2.9 telnet

Command:

telnet {<ip-addr> | <ipv6-addr> | host <hostname>} [<port>]

Function:

Log on the remote host by Telnet

Parameter:

<ip-addr> is the IP address of the remote host, shown in dotted decimal notation; 

<ipv6-addr> is the IPv6 address of the remote host; 

<hostname> is the name of the remote host, containing max 30 characters; 

<port> is the port number, ranging between 0~65535.

Command Mode:

Admin Mode.

Usage Guide:

This command is used when the switch is applied as Telnet client, for logging on remote host to configure. When a switch is applied as a Telnet client, it can only establish one TCP connection with the remote host. To connect to another remote host, the current TCP connection must be disconnected with a hotkey "CTRL+ \". To telnet a host name, mapping relationship between the host name and the IP/IPv6 address should be previously configured. For required commands please refer to ip host and ipv6 host. In case a host corresponds to both an IPv4 and an IPv6 addresses, the IPv6 should be preferred when telneting this host name.

Example:

The switch Telnets to a remote host whose IP address is 20.1.1.1.

Switch#telnet 20.1.1.1 23

Connecting Host 20.1.1.1 Port 23

Service port is 23

Connected to 20.1.1.1

login:123

password:***

XGS3>

1.2.10 telnet server enable

Command:

telnet server enable

no telnet server enable

Function:

Enable the Telnet server function in the switch: the "no telnet server enable" command disables the Telnet function in the switch.

Default:

Telnet server function is enabled by default.

Command mode:

Global Mode

Usage Guide:

This command is available in Console only. The administrator can use this command to enable or disable the Telnet client to login to the switch.

Example:

Disable the Telnet server function in the switch.

Switch(config)#no telnet server enable

1.2.11 telnet-server max-connection

Command:

telnet-server max-connection { | default}

Function:

Configure the max connection number supported by the Telnet service of the switch.

Parameters:

: the max connection number supported by the Telnet service, ranging from 5 to 16.

The default option will restore the default configuration.

Default:

The system default value of the max connection number is 5.

Command Mode:

Global Mode

Usage Guide:

None.

Example:

Set the max connection number supported by the Telnet service as 10.

Switch(config)#telnet-server max-connection 10

1.2.12 ssh-server authentication-retries

Command:

ssh-server authentication-retries

no ssh-server authentication-retries

Function:

Configure the number of times for retrying SSH authentication; the "no ssh-server authentication-retries" command restores the default number of times for retrying SSH authentication.

Parameter:

is the number of times for retrying authentication; valid range is 1 to 10.

Command mode:

Global Mode

Default:

The number of times for retrying SSH authentication is 3 by default.

Example:

Set the number of times for retrying SSH authentication to 5.

Switch(config)#ssh-server authentication-retries 5

1.2.13 ssh-server enable

Command:

ssh-server enable

no ssh-server enable

Function:

Enable SSH function on the switch; the "no ssh-server enable" command disables SSH function.

Command mode:

Global Mode

Default:

SSH function is disabled by default.

Usage Guide:

In order that the SSH client can log on the switch, the users need to configure the SSH user and enable SSH function on the switch.

Example:

Enable SSH function on the switch.

Switch(config)#ssh-server enable

1.2.14 ssh-server host-key create rsa

Command:

ssh-server host-key create rsa [modulus < modulus >]

Function:

Generate new RSA host key.

Parameter:

modulus is the modulus which is used to compute the host key; valid range is 768 to 2048. The default value is 1024.

Command mode:

Global Mode

Default:

The system uses the key generated when the ssh-server is started at the first time.

Usage Guide:

This command is used to generate the new host key. When SSH client logs on the server, the new host key is used for authentication. After the new host key is generated and "write" command is used to save the configuration, the system uses this key for authentication all the time. Because it takes quite a long time to compute the new key and some clients are not compatible with the key generated by the modulus 2048, it is recommended to use the key which is generated by the default modulus 1024.

Example:

Generate new host key.

Switch(config)#ssh-server host-key create rsa

1.2.15 ssh-server max-connection

Command:

ssh-server max-connection {|default}

Function:

Configure the max connection number supported by the SSH service of the switch.

Parameters:

: the max connection number supported by the SSH service, ranging from 5 to 16. The default option will restore the default configuration.

Default:

The system default value of the max connection number is 5.

Command Mode:

Global Mode

Usage Guide:

None.

Example:

Set the max connection number supported by the SSH service as 10.

Switch(config)#ssh-server max-connection 10

1.2.16 ssh-server timeout

Command:

ssh-server timeout

no ssh-server timeout

Function:

Configure timeout value for SSH authentication; the "no ssh-server timeout" command restores the default timeout value for SSH authentication.

Parameter:

is timeout value; valid range is 10 to 600 seconds.

Command mode:

Global Mode

Default:

SSH authentication timeout is 180 seconds by default.

Example:

Set SSH authentication timeout to 240 seconds.

Switch(config)#ssh-server timeout 240

1.2.17 show ssh-server

Command:

show ssh-server

Function:

Display SSH state and users which log on currently.

Command mode:

Admin Mode.

Example:

Switch#show ssh-server

ssh server is enabled

ssh-server timeout 180s

ssh-server authentication-retries 3

ssh-server max-connection number 6

ssh-server login user number 2

1.2.18 show telnet login

Command:

show telnet login

Function:

Display the information of the Telnet client which currently establishes a Telnet connection with the switch.

Command mode:

Admin and Configuration Mode.

Usage Guide:

Check the Telnet client messages connected through Telnet with the switch.

Example:

Switch #show telnet login

Authenticate login by local

Login user:

aa

1.2.19 who

Command:

who

Command mode:

All configuration modes

Example:

Show the current login users with vty.

Switch #who

Telnet user a login from 192.168.1.20

1.3 Commands for Configuring Switch IP

1.3.1 interface vlan

Command:

interface vlan <vlan-id>
no interface vlan <vlan-id>

Function:

Enter the VLAN interface configuration mode; the no operation of this command will delete the existing VLAN interface.

Parameters:

is the VLAN ID of an existing VLAN, ranging from 1 to 4094.

Command Mode:

Global Configuration Mode.

Usage Guide:

Users should first make sure the existence of a VLAN before configuring it. User "exit" command to quit the VLAN interface configuration mode back to the global configuration mode.

Example:

Enter the VLAN interface configuration mode of VLAN1.

Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#

1.3.2 ip address

Command:

ip address <ip-address> <mask> [secondary]
no ip address [<ip-address> <mask>] [secondary]

Function:

Set the IP address and mask for the specified VLAN interface; the "no ip address [secondary]" command deletes the specified IP address setting.

Parameter:

<ip-address> is the IP address in dot decimal format;
<mask> is the subnet mask in dot decimal format;
[secondary] indicates the IP configured is a secondary IP address.

Default:

No IP address is configured upon switch shipment.

Command mode:

VLAN Interface Mode

Usage Guide:

A VLAN interface must be created first before the user can assign an IP address to the switch.

Example:

Set 10.1.128.1/24 as the IP address of VLAN1 interface.

Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip address 10.1.128.1 255.255.255.0
Switch(Config-if-Vlan1)#exit
Switch(config)#

Relative Command:

ip bootp-client enable, ip dhcp-client enable

1.3.3 ipv6 address

Command:

ipv6 address [eui-64]

no ipv6 address [eui-64]

Function:

Configure aggregatable global unicast address, site-local address and link-local address for the interface.

Parameters:

is the prefix of an IPV6 address;

is the length of the prefix of an IPV6 address, ranging from 3 to 128;

eui-64 means that the eui64 interface id of the interface will automatically create an IPV6 address.

Command Mode:

Interface Configuration Mode.

Default

None.

Usage Guide:

The prefix of an IPV6 address should not be a multicast address, or other kinds of IPV6 addresses with specific usage. Different layer-three VLAN interfaces are forbidden to share a same address prefix. As for any global unicast address, the prefix should be limited in the range from 2001:: to 3fff ::,with a length no shorter than 3. And the prefix length of a site-local address or a link-local address should not be shorter than 10.

Examples:

Configure an IPV6 address at the layer-three interface of VLAN1: set the prefix as 2001:3f:ed8::99, the length of which is 64.

Switch(Config-if-Vlan1)#ipv6 address 2001:3f:ed8::99/64

1.3.4 ip bootp-client enable

Command:

ip bootp-client enable

no ip bootp-client enable

Function:

Enable the switch to be a BootP Client and obtain IP address and gateway address through BootP negotiation; the "no ip bootp-client enable" command disables the BootP Client function and releases the IP address obtained in BootP.

Default:

BootP client function is disabled by default.

Command mode:

VLAN Interface Mode

Usage Guide:

Obtaining IP address through BootP, Manual configuration and DHCP are mutually exclusive, enabling any two methods for obtaining IP address is not allowed. Note: To obtain IP address via BootP, a DHCP server or a BootP server is required in the network.

Example:

Get IP address through BootP.

Switch(config)#interface vlan 1
Switch (Config-if-Vlan1)#ip bootp-client enable
Switch (Config-if-Vlan1)#exit
Switch(config)#

Relative command:

ip address, ip dhcp-client enable

1.3.5 ip dhcp-client enable

Command:

ip dhcp-client enable

no ip dhcp-client enable

Function:

Enables the switch to be a DHCP client and obtain IP address and gateway address through DHCP negotiation; the "no ip dhcp-client enable" command disables the DHCP client function and releases the IP address obtained in DHCP. Note: To obtain IP address via DHCP, a DHCP server is required in the network.

Default:

the DHCP client function is disabled by default.

Command mode:

VLAN Interface Mode

Usage Guide:

Obtaining IP address by DHCP, Manual configuration and BootP are mutually exclusive, enabling any 2 methods for obtaining an IP address is not allowed.

Example:

Getting an IP address through DHCP.

Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip dhcp-client enable
Switch(Config-if-Vlan1)#exit
Switch(config)#

1.4 Commands for SNMP

1.4.1 debug snmp mib

Command:

debug snmp mib

no debug snmp mib

Function:

Enable the SNMP mib debugging; the "no debug snmp mib" command disables the debugging.

Command Mode:

Admin Mode.

Usage Guide:

When user encounters problems in applying SNMP, the SNMP debugging is available to locate the problem causes.

Example:

Switch#debug snmp mib

1.4.2 debug snmp kernel

Command:

debug snmp kernel

no debug snmp kernel

Function:

Enable the SNMP kernel debugging; the "no debug snmp kernel" command disables the debugging function.

Command Mode:

Admin Mode.

Usage Guide:

When user encounters problems in applying SNMP, the SNMP debugging is available to locate the problem causes.

Example:

Switch#debug snmp kernel

1.4.3 rmon enable

Command:

rmon enable

no rmon enable

Function:

Enable RMON; the "no rmon enable" command disables RMON.

Command mode:

Global Mode

Default:

RMON is disabled by default.

Example:

Enable RMON.

Switch(config)#rmon enable

Disable RMON.

Switch(config)#no rmon enable

1.4.4 show private-mib oid

Command:

show private-mib oid

Function:

Show the original oid of the private mib.

Command mode:

Admin and configuration mode.

Usage Guide:

Check the beginning oid of the private mib by show private-mib oid command.

Example:

Show the original oid of the private mib.

Switch#show private-mib oid

Private MIB OID:1.3.6.1.4.1.6339

1.4.5 show snmp

Command:

show snmp

Function:

Display all SNMP counter information.

Command mode:

Admin and Configuration Mode.

Example:

Switch#show snmp
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Max packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Get-response PDUs
0 SNMP trap PDUs
Displayed informationExplanation
snmp packets inputTotal number of SNMP packet inputs.
bad snmp version errorsNumber of version information error packets.
unknown community nameNumber of community name error packets.
illegal operation for community name suppliedNumber of permission for community name error packets.
encoding errorsNumber of encoding error packets.
number of requested variableNumber of variables requested by NMS.
number of altered variablesNumber of variables set by NMS.
get-request PDUsNumber of packets received by “get” requests.
get-next PDUsNumber of packets received by “getnext” requests.
set-request PDUsNumber of packets received by “set” requests.
snmp packets outputTotal number of SNMP packet outputs.
too big errorsNumber of “Too big” error SNMP packets.
maximum packet sizeMaximum length of SNMP packets.
no such name errorsNumber of packets requesting for non-existent MIB objects.
bad values errorsNumber of “Bad_values” error SNMP packets.
general errorsNumber of “General_errors” error SNMP packets.
response PDUsNumber of response packets sent.
trap PDUsNumber of Trap packets sent.

1.4.6 show snmp engineid

Command:

show snmp engineid

Function:

Display the engine ID commands.

Command Mode:

Admin and Configuration Mode.

Example:

Switch#show snmp engineid
SNMP engineID:3138633303f1276cEngine Boots is:1
Displayed InformationExplanation
SNMP engineIDEngine number
Engine BootsEngine boot counts

1.4.7 show snmp group

Command:

show snmp group

Function:

Display the group information commands.

Command Mode:

Admin and Configuration Mode.

Example:

Switch#show snmp group
Group Name:initialSecurity Level:noAuthnoPriv
Read View:one
Write View:<no writeview specified>
Notify View:one
Displayed InformationExplanation
Group NameGroup name
Security levelSecurity level
Read ViewRead view name
Write ViewWrite view name
Notify ViewNotify view name
No view name specified by the user

1.4.8 show snmp mib

Command:

show snmp mib

Function:

Display all MIB supported by the switch.

Command Mode:

Admin and Configuration Mode.

1.4.9 show snmp status

Command:

show snmp status

Function:

Display SNMP configuration information.

Command mode:

Admin and Configuration Mode.

Example:

Switch#show snmp status

Trap enable

RMON enable

Community Information:

V1/V2c Trap Host Information:

V3 Trap Host Information:

Security IP Information:

Displayed informationDescription
Community stringCommunity string
Community accessCommunity access permission
Trap-rec-addressIP address which is used to receive Trap.
Trap enableEnable or disable to send Trap.
SecurityIPIP address of the NMS which is allowed to access Agent

1.4.10 show snmp user

Command:

show snmp user

Function:

Display the user information commands.

Command Mode:

Admin and Configuration Mode.

Example:

Switch#show snmp user

User name: initialsha

Engine ID: 1234567890

Auth Protocol:MD5 Priv Protocol:DES-CBC

Row status:active

Displayed InformationExplanation
User nameUser name
Engine IDEngine ID
Priv ProtocolEmployed encryption algorithm
Auth ProtocolEmployed identification algorithm
Row statusUser state

1.4.11 show snmp view

Command:

show snmp view

Function:

Display the view information commands.

Command Mode:

Admin and Configuration Mode.

Example:

Switch#show snmp view

View Name:readview 1. -Included active

1.3. Excluded active

Displayed InformationExplanation
View NameView name
1.and1.3.OID number
IncludedThe view includes sub trees rooted by this OID
ExcludedThe view does not include sub trees rooted by this OID
activeState

1.4.12 snmp-server community

Command:

snmp-server community {ro | rw} <string> [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}] [read <read-view-name>] [write <write-view-name>] no snmp-server community <string> [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}]

Function:

Configure the community string for the switch; the "no snmp-server community <string> [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std> |<ipv6-name>}] "command deletes the configured community string.

Parameter:

<string> is the community string set;
ro | rw is the specified access mode to MIB, ro for read-only and rw for read-write.
<num-std> is the access-class number for standard numeric ACL, ranging between 1-99;
<name> is the access-class name for standard ACL, the character string length is ranging between 1-32;
<ipv6-num-std> is the access-class number for standard numeric IPv6 ACL, ranging between 500-599;
<name> is the access-class name for standard IPv6 ACL, the character string length is ranging between 1-32.
<read-view-name> is the name of readable view which includes 1-32 characters.
<write-view-name> is the name of writable view which includes 1-32 characters.

Command mode:

Global Mode

Usage Guide:

The switch supports up to 4 community strings. It can realize the access-control for specifically community view by binding the community name to specifically readable view or writable view.

Example:

Add a community string named "private" with read-write permission.

Switch(config)#snmp-server community rw private

Add a community string named "public" with read-only permission.

Switch(config)#snmp-server community ro public

Modify the read-write community string named "private" to read-only.

Switch(config)#snmp-server community ro private

Delete community string "private".

Switch(config)#no snmp-server community private

Bind the read-only community string "public" to readable view "pviewr".

Switch(config)#snmp-server community ro public read pviewr

Bind the read-write community string "private" to readable view "pviewr" and writable view "pvieww".

Switch(config)#snmp-server community rw private read pviewr write pvieww

1.4.13 snmp-server enable

Command:

snmp-server enable

no snmp-server enable

Function:

Enable the SNMP proxy server function on the switch. The "no snmp-server enable" command disables the SNMP proxy server function

Command mode:

Global mode

Default:

SNMP proxy server function is disabled by system default.

Usage guide:

To perform configuration management on the switch with network manage software, the SNMP proxy server function has to be enabled with this command.

Example:

Enable the SNMP proxy server function on the switch.

Switch(config)#snmp-server enable

1.4.14 snmp-server enable traps

Command:

snmp-server enable traps

no snmp-server enable traps

Function:

Enable the switch to send Trap message; the "no snmp-server enable traps" command disables the switch to send Trap message.

Command mode:

Global Mode

Default:

Forbid to send Trap message.

Usage Guide:

When Trap message is enabled, if Down/Up in device ports or of system occurs, the device will send Trap messages to NMS that receives Trap messages.

Example:

Enable to send Trap messages.

Switch(config)#snmp-server enable traps

Disable to send Trap messages.

Switch(config)#no snmp-server enable traps

1.4.15 snmp-server engineid

Command:

snmp-server engineid

no snmp-server engineid

Function:

Configure the engine ID; the "no" form of this command restores to the default engine ID.

Command Mode:

Global mode

Parameter:

is the engine ID shown in 1-32 digit hex characters.

Default:

Default value is the company ID plus local MAC address.

Usage Guide:

None

Example:

Set current engine ID to A66688999F

Switch(config)#snmp-server engineid A66688999F

Restore the default engine ID

Switch(config)#no snmp-server engineid

1.4.16 snmp-server group

Command:

snmp-server group <group-string> {NoauthNopriv | AuthNopriv | AuthPriv} [[read <read-string>] [write <write-string>] [notify <notify-string>]] [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}]
no snmp-server group <group-string> {NoauthNopriv | AuthNopriv | AuthPriv} [access {<num-std>|<name>}] [ipv6-access {<ipv6-num-std>|<ipv6-name>}]

Function:

This command is used to configure a new group; the "no" form of this command deletes this group.

Command Mode:

Global Mode

Parameter:

<group-string> group name which includes 1-32 characters
NoauthNopriv Applies the non recognizing and non encrypting safety level
AuthNopriv Applies the recognizing but non encrypting safety level
AuthPriv Applies the recognizing and encrypting safety level
read-string Name of readable view which includes 1-32 characters
write-string Name of writable view which includes 1-32 characters
notify-string Name of trappable view which includes 1-32 characters
<num-std> is the access-class number for standard numeric ACL, ranging between 1-99;
<name> is the access-class name for standard ACL, the character string length is ranging between 1-32;
<ipv6-num-std> is the access-class number for standard numeric IPv6 ACL, ranging between 500-599;
<name> is the access-class name for standard IPv6 ACL, the character string length is ranging between 1-32.

Usage Guide:

There is a default view "v1defaultviewname" in the system. It is recommended to use this view as the view name of the notification. If the read or write view name is empty, corresponding operation will be disabled.

Example:

Create a group CompanyGroup, with the safety level of recognizing and encrypting, the read viewname is readview, and the writing is disabled.

Switch (config)#snmp-server group CompanyGroup AuthPriv read readview

deletet group

Switch (config)#no snmp-server group CompanyGroup AuthPriv

1.4.17 snmp-server host

Command:

snmp-server host { <host-ipv4-address> / <host-ipv6-address> } {v1 | v2c | {v3 {NoauthNopriv | AuthNopriv | AuthPriv}}} <user-string>
no snmp-server host { <host-ipv4-address> / <host-ipv6-address> } {v1 | v2c | {v3 {NoauthNopriv | AuthNopriv | AuthPriv}}} <user-string>

Function:

As for the v1/v2c versions this command configures the IPv4 or IPv6 address and Trap community character string of the network manage station receiving the SNMP Trap message. And for v3 version, this command is used for receiving the network manage station IPv4 or IPv6 address and the Trap user name and safety level; the "no" form of this command cancels this IPv4 or IPv6 address.

Command Mode:

Global Mode.

Parameter:

/ is the IP address of the NMS managing station which receives Trap message.

v1 | v2c | v3 is the version number when sending the trap.

NoauthNopriv | AuthNopriv | AuthPriv is the safety level v3 trap is applied, which may be non encrypted and non authentication, non encrypted and authentication, encrypted and authentication.

is the community character string applied when sending the Trap message at v1/v2, and will be the user name at v3.

Usage Guide:

The Community character string configured in this command is the default community string of the RMON event group. If the RMON event group has no community character string configured, the community character string configured in this command will be applied when sending the Trap of RMON, and if the community character string is configured, its configuration will be applied when sending the RMON trap. This command allows configuration the IPv4 or IPv6 address of the network manage station receiving the SNMP Trap message, but configure the version number as v1 and v2c of the IPv4 and IPv6 address are less than 8 in all.

Example:

Configure an IP address to receive Trap

Switch(config)#snmp-server host 1.1.1.5 v1 usertrap

Delete a Trap receiving IPv6 address

Switch(config)#no snmp-server host 2001:1:2:3::1 v1 usertrap

1.4.18 snmp-server securityip

Command:

snmp-server securityip { / }

no snmp-server securityip { / }

Function:

Configure to permit to access security IPv4 or IPv6 address of the switch NMS administration station; the no command deletes configured security IPv4 or IPv6 address.

Command Mode:

Global Mode.

Parameter:

is NMS security IPv4 address, point separated decimal format.

is NMS security IPv6 address, colon separated hex format.

Usage Guide:

It is only the consistency between NMS administration station IPv4 or IPv6 address and security IPv4 or IPv6 address configured by the command, so it send SNMP packet could be processed by switch, the command only applies to SNMP. Allows configuration the IPv4 or IPv6 address of the network manage station receiving the SNMP Trap message, but the IP addresses are less than 6 in all.

Example:

Configure security IP address of NMS administration station

Switch(config)#snmp-server securityip 1.1.1.5

Delete security IPv6 address

Switch(config)#no snmp-server securityip 2001::1

1.4.19 snmp-server securityip

Command:

snmp-server securityip {enable | disable}

Function:

Enable/disable the safety IP address authentication on NMS manage station.

Command Mode:

Global Mode

Default:

Enable the safety IP address authentication function.

Example:

Disable the safety IP address authentication function.

Switch(config)#snmp-server securityip disable

1.4.20 snmp-server trap-source

Command:

snmp-server trap-source { | }

no snmp-server trap-source { | }

Function:

Set the source IPv4 or IPv6 address which is used to send trap packet, the no command deletes the configuration.

Command Mode:

Global Mode

Parameter:

: IPv4 address is used to send trap packet in dotted decimal notation

: IPv6 address is used to send trap packet in colon hexadecimal.

Usage Guide:

If there is no configuration, select the source address according to the interface address sent by actual trap packet, when configure the IP address, adopt the configured source address as the source address of trap packet.

Example:

Set the IP address which is used to send trap packet.

Switch(config)# snmp-server trap-source 1.1.1.5

Delete the configured source address which is used to send IPv6 trap packet.

Switch(config)# no snmp-server trap-source 2001::1

1.4.21 snmp-server user

Command:

snmp-server user [{authPriv | authNoPriv} auth {md5 | sha} ] [access

{|}[ipv6-access {|}]

no snmp-server user [access {|}] [ipv6-access

{|}]

Function:

Add a new user to an SNMP group; the "no" form of this command deletes this user.

Command Mode:

Global Mode.

Parameter:

is the user name containing 1-32 characters.

is the name of the group the user belongs to, containing 1-32 characters.

authPriv use DES for the packet encryption.

authNoPriv not use DES for the packet encryption.

auth perform packet authentication.

md5 packet authentication using HMAC MD5 algorithm.

sha packet authentication using HMAC SHA algorithm.

user password, containing 8-32 character.

is the access-class number for standard numeric ACL, ranging between 1-99;

is the access-class name for standard ACL, the character string length is ranging between 1-32;

is the access-class number for standard numeric IPv6 ACL, ranging between 500-599;

is the access-class name for standard IPv6 ACL, the character string length is ranging between 1-32.

Usage Guide:

If the encryption and authentication is not selected, the default settings will be no encryption and no authentication. If the encryption is selected, the authentication must be done. When deleting a user, if correct username and incorrect group name is inputted, the user can still be deleted.

Example:

Add a new user tester in the UserGroup with an encryption safety level and HMAC md5 for authentication, the password is hellohello

Switch (config)#snmp-server user tester UserGroup authPriv auth md5 hellohello

deletes an User

Switch (config)#no snmp-server user tester

1.4.22 snmp-server view

Command:

snmp-server view {include | exclude}

no snmp-server view []

Function:

This command is used to create or renew the view information; the "no" form of this command deletes the view information.

Command Mode:

Global Mode.

Parameter:

view name, containing 1-32 characters.

is OID number or corresponding node name, containing 1-255 characters.

include | exclude, include/exclude this OID.

Usage Guide:

The command supports not only the input using the character string of the variable OID as parameter. But also supports the input using the node name of the parameter.

Example:

Create a view, the name is readview, including iso node but not including the iso.3 node

Switch (config)#snmp-server view readview iso include

Switch (config)#snmp-server view readview iso.3 exclude

Delete the view

Switch (config)#no snmp-server view readview

1.5 Commands for Switch Upgrade

1.5.1 copy (FTP)

Command:

copy [ascii | binary]

Function:

Download files to the FTP client.

Parameter:

is the location of the source files or directories to be copied;

is the destination address to which the files or directories to be copied; forms of and vary depending on different locations of the files or directories.

ascii indicates the ASCII standard will be adopted;

binary indicates that the binary system will be adopted in the file transmission (default transmission method). When URL represents an FTP address, its form should be:

ftp://:@{||}/,amongst is the FTP user name, is the FTP user password,| is the IPv4 or IPv6 address of the FTP server/client, is the name of the host mapping with the IPv6 address,it does not support the file download and upload with hosts mapping with IPv4 addresses, is the name of the FTP upload/download file.

Special keywords of the filename

KeywordsSource or destination addresses
running-configRunning configuration files
startup-configStartup configuration files
nos.imgSystem files
nos.romSystem startup files

Command Mode:

Admin Mode.

Usage Guide:

This command supports command line hints, namely if the user can enter commands in following forms: copy ftp:// or copy ftp:// and press Enter, following hints will be provided by the system :

ftp server ip/ipv6 address [x.x.x.x]/[x:x::x:x] >

ftp username>

ftp password>

ftp filename>

Requesting for FTP server address, user name, password and file name

Examples:

(1) Save images in the FLASH to the FTP server of 10.1.1.1, FTP server username is Switch, password is superuser

Switch#copy nos.img ftp://Switch:superuser@10.1.1.1/nos.img

(2) Obtain system file nos.img from the FTP server 10.1.1.1, the username is Switch, password is superuser

Switch#copy ftp://Switch:superuser@10.1.1.1/nos.img nos.img

(3) Save images in the FLASH to the FTP server of 2004:1:2:3::6

Switch#copy nos.img ftp://username:password@2004:1:2:3::6/ nos.img

(4) Obtain system file nos.img from the FTP server 2004:1:2:3::6

Switch#copy ftp://username:password@2004:1:2:3::6/nos.img nos.img

(5) Save the running configuration files

Switch#copy running-config startup-config

Relevant Command:

Write

1.5.2 copy (TFTP)

Command:

copy [ascii | binary]

Function:

Download files to the TFTP client.

Parameter:

is the location of the source files or directories to be copied;

is the destination address to which the files or directories to be copied; forms of and

vary depending on different locations of the files or directories.

ascii indicates the ASCII standard will be adopted;

binary indicates that the binary system will be adopted in the file transmission (default transmission method). When URL represents an TFTP address, its form should be: tftp://{||}/, amongst | is the IPv4 or IPv6 address of the TFTP server/client, is the name of the host mapping with the IPv6 address, it does not support the file download and upload with hosts mapping with IPv4 addresses, is the name of the TFTP upload/download file.

Special keyword of the filename

KeywordsSource or destination addresses
running-configRunning configuration files
startup-configStartup configuration files
nos.imgSystem files
nos.romSystem startup files

Command Mode:

Admin Mode.

Usage Guide:

This command supports command line hints, namely if the user can enter commands in following forms: copy tftp:// or copy tftp:// and press Enter, following hints will be provided by the system:

tftp server ip/ipv6 address[x.x.x.x]/[x:x::x:x]>

tftp filename>

Requesting for TFTP server address, file name

Example:

(1) Save images in the FLASH to the TFTP server of 10.1.1.1

Switch#copy nos.img tftp://10.1.1.1/nos.img

(2) Obtain system file nos.img from the TFTP server 10.1.1.1

Switch#copy tftp://10.1.1.1/nos.img nos.img

(3) Save images in the FLASH to the TFTP server of 2004:1:2:3::6

Switch#copy nos.img tftp://2004:1:2:3::6/nos.img

(4) Obtain system file nos.img from the TFTP server 2004:1:2:3::6

Switch#copy tftp://2004:1:2:3::6/nos.img nos.img

(5) Save the running configuration files

Switch#copy running-config startup-config

Relevant Command:

Write

1.5.3 ftp-dir

Command:

ftp-dir

Function:

Browse the file list on the FTP server.

Parameter:

The form of is: ftp://:@{ | }, amongst is the FTP user name, is the FTP user password, { / } is the IPv4 or IPv6 address of the FTP server.

Command Mode:

Admin Mode

Example:

Browse the list of the files on the server with the FTP client, the username is "Switch", the password is "superuser"

Switch#ftp-dir ftp://Switch:superuser @10.1.1.1.

1.5.4 ftp-server enable

Command:

ftp-server enable

no ftp-server enable

Function:

Start FTP server, the "no ftp-server enable" command shuts down FTP server and prevents FTP user from logging in.

Default:

FTP server is not started by default.

Command mode:

Global Mode

Usage Guide:

When FTP server function is enabled, the switch can still perform ftp client functions. FTP server is not started by default.

Example:

enable FTP server service.

Switch#config

Switch(config)# ftp-server enable

Relative command:

ip ftp

1.5.5 ftp-server timeout

Command:

ftp-server timeout

Function:

Set data connection idle time.

Parameter:

is the idle time threshold (in seconds) for FTP connection, the valid range is 5 to 3600.

Default:

The system default is 600 seconds.

Command mode:

Global Mode

Usage Guide:

When FTP data connection idle time exceeds this limit, the FTP management connection will be disconnected.

Example:

Modify the idle threshold to 100 seconds.

Switch#config

Switch(config)#ftp-server timeout 100

1.5.6 ip ftp

Command:

ip ftp username password [type {0 | 7}]

no ip ftp username

Function:

Configure the username and password for logging in to the FTP; the no operation of this command will delete the configured username and password simultaneously.

Parameters:

is the username of the FTP link, no longer than 16 characters; 0 | 7 represent displaying the password in ciphertext or plaintext; is the password of the FTP link, no longer than 16 characters.

Default Settings:

the system uses anonymous FTP links by default.

Command Mode:

Global Configuration Mode.

Examples:

Configure the username as Switch and the password as superuser.

Switch#

Switch#config

Switch(config)#ip ftp username Switch password 0 superuser

Switch(config)#

1.5.7 show ftp

Command:

show ftp

Function:

Display the parameter settings for the FTP server.

Command mode:

Admin and Configuration Mode.

Default:

No display by default.

Example:

Switch#show ftp

Timeout : 600

Displayed informationDescription
TimeoutTimeout time.

1.5.8 show tftp

Command:

show tftp

Function:

Display the parameter settings for the TFTP server.

Default:

No display by default.

Command mode:

Admin and Configuration Mode.

Example:

Switch#show tftp

timeout : 60

Retry Times : 10

Displayed informationExplanation
TimeoutTimeout time.
Retry TimesRetransmission times.

1.5.9 tftp-server enable

Command:

tftp-server enable

no tftp-server enable

Function:

Start TFTP server, the "no ftp-server enable" command shuts down TFTP server and prevents TFTP user from logging in.

Default:

TFTP server is not started by default.

Command mode:

Global Mode

Usage Guide:

When TFTP server function is enabled, the switch can still perform tftp client functions. TFTP server is not started by default.

Example:

Enable TFTP server service.

Switch#config

Switch(config)#tftp-server enable

Relative Command:

tftp-server timeout

1.5.10 tftp-server retransmission-number

Command:

tftp-server retransmission-number

Function:

Set the retransmission time for TFTP server.

Parameter:

is the time to re-transfer, the valid range is 1 to 20.

Default:

The default value is 5 retransmission.

Command mode:

Global Mode

Example:

Modify the retransmission to 10 times.

Switch#config

Switch(config)#tftp-server retransmission-number 10

1.5.11 tftp-server transmission-timeout

Command:

tftp-server transmission-timeout

Function:

Set the transmission timeout value for TFTP server.

Parameter:

is the timeout value, the valid range is 5 to 3600s.

Default:

The system default timeout setting is 600 seconds.

Command mode:

Global Mode

Example:

Modify the timeout value to 60 seconds.

Switch#config

Switch(config)#tftp-server transmission-timeout 60

Chapter 2 File System Commands

2.1 cd

Command:

cd <directory>

Function:

Change the working directory for the storage device.

Parameters:

is the sub-directory name, a sequence of consecutive characters whose length ranges from 1 to 80.

Command Mode:

Admin Mode.

Default Settings:

The default working directory is Flash.

Usage Guide:

After this command implemented, the current storage device will switch to the new working directory, which can be viewed by the "pwd" command.

Example:

Change the working directory of the current storage device to flash.

Switch#cd flash :
Switch#pwd
flash:/
Switch#

2.2 copy

Command:

copy <source-file-url> <dest-file-url>

Function:

Copy a designated file on the switch and store it as a new file.

Parameters:

is the source file; is the destination file. When users operate on files stored in backup main-control boardcards and line cards under IMG mode, URLs of the source file and the destination file should take such a form as described in the following requirements.

  1. The prefix of the source file URL should be in one of the following forms:
starting with "flash:/"
    "ftp://username:pass@server-ip/file-name"
    "tftp://server-ip/file-name"
  1. The prefix of the destination file URL should be in one of the following forms:

starting with "flash:"

"ftp://username:pass@server-ip/file-name"

"tftp://server-ip/file-name"

Command Mode:

Admin Mode.

Usage Guide:

  1. In this command, when the prefix of the source file URL is ftp:// or tftp://, that of the destination file URL should not be either of them.
  2. To use this command, the designated source file should exist, and the destination file should not be named the same as any existing directory or file, otherwise, there might be a prompt warning about a failed copy operation or an attempt to overwrite an existing file.
  3. If the source and destination files are in different directories, with this command implemented, users can copy files from other directories into the current one.
    URL Example: The URL of files in root directory of Flash devices on it should be flash:/nos.img

Example:

Copy the file "flash:/nos.img" and store it as "flash/6.1.11.0.img".

Switch#copy flash:/nos.img flash:/nos-6.1.11.0.img

Copy flash:/nos.img to flash:/nos-6.1.11.0.img? [Y:N] y

Copyed file flash:/nos.img to flash:/nos-6.1.11.0.img.

2.3 delete

Command:

delete

Function:

Delete the designate file on the storage device.

Parameters:

is the full path of the file to be deleted.

Command Mode:

Admin Mode.

Usage Guide:

The designated file will be deleted after implementing this command.

Example:

Delete file flash:/nos.img.

Switch#delete flash:/nos5.img

Delete file flash:/nos5.img?[Y:N]y

Deleted file flash:/nos.img.

2.4 dir

Command:

dir [WORD]

Function:

Display the information of the designated directory on the storage device.

Parameters:

is the name of the shown directory. There may be the following formats: directory name, slot-xx#directory name, flash:/directory name, cf:/directory name.

Command Mode:

Admin Configuration Mode.

Default Settings:

No means to display information of the current working directory.

Usage Guide:

Implementing this command will display information of files and sub-directories in the designated directory.

Note:

This command does not support a recursive display of all sub-directories.

Example:

Display information of the directory "flash:/".

Switch#dir flash:/
nos.img2,449,4961980-01-01 00:01:06----
startup-config2,0641980-01-01 00:30:12----
Total7,932,928 byte(s) in 4 file(s), free 4,966,400 byte(s)
Switch#

2.5 format

Command:

format

Function:

Format the storage device.

Parameters:

is the name of the device to be formatted.

Command Mode:

Admin Mode.

Default Settings:

None.

Usage Guide:

  1. After formatting, all files on the storage device will be irrecoverably lost.
  2. The only acceptable file system type of Format is FAT 32, without exception.
  3. This command cannot be used to format flash.

2.6 mkdir

Command:

mkdir

Function:

Create a sub-directory in the designated directory on a certain storage device.

Parameters:

is the sub-directory name, a sequence of consecutive characters, whose length ranges from 1 to 80.

Command Mode:

Admin Mode.

Default Settings:

None.

Usage Guide:

The new created directory should not be named the same as any other directory or file in the designated directory, or located on a flash device. If any error occurs, a prompt will be displayed.

2.7 pwd

Command:

pwd

Function:

Display the current working directory.

Command Mode:

Admin Mode.

Default Settings:

The default directory is flash.

Example:

Display the current working directory.

Switch#pwd

flash:/

Switch#

2.8 rename

Command:

ename <source-file-url> <new-filename>

Function:

Rename a designated file on the switch.

Parameters:

<source-file-url>is the source file, in which whether specifying or not its path are both acceptable; <new-filename>is a filename without specifying its path.

Command Mode:

Admin Mode.

Usage Guide:

When using this command, if the new file name is not used as that of any existing directory or file, the rename operation can be done, or a prompt will indicate its failure.

Example:

Change the name of file "nos.img" in the current working directory to "nos-6.1.11.0.img".

Switch# rename nos5.img nos-6.1.11.0.img

Rename flash:/nos5.img to flash:/nos-6.1.11.0.img ok!

2.9 rmdir

Command:

rmdir

Function:

Delete a sub-directory in the designated directory on a certain device.

Parameters:

is the sub-directory name, a sequence of consecutive characters whose length ranges from 1 to 80.

Command Mode:

Admin Mode.

Default Settings:

None.

Usage Guide:

The directory to be deleted should exist and be empty, that is, all files in the directory should be deleted before deleting it, or an error prompt will be displayed.

Chapter 3 Commands for Cluster

3.1 clear cluster nodes

Command:

clear cluster nodes [nodes-sn | mac-address ]

Function:

Clear the nodes in the candidate list found by the commander switch.

Parameters: c

candidate-sn-list: sn of candidate switches, ranging from 1 to 256. More than one candidate can be specified.

mac-address: mac address of the switches (including all candidates, members and other switches).

Default:

No parameter means to clear information of all switches.

Command Mode:

Admin Mode.

Usage Guide:

After executing this command, the information of this node will be deleted from the chain list saved on commander switch. In 30 seconds, the commander will recreate a cluster topology and re-add this node. But after being readded, the candidate id of the switch might change. The command can only be executed on commander switches

Example:

Clear all candidate switch lists found by the commander switch.

Switch#clear cluster nodes

3.2 cluster auto-add

Command:

cluster auto-add

no cluster auto-add

Function:

When this command is executed in the commander switch, the newly discovered candidate switches will be added to the cluster as a member switch automatically; the "no cluster auto-add" command disables this function.

Command mode:

Global Mode

Default:

This function is disabled by default. That means that the candidate switches are not automatically added to the cluster.

Usage Guide :

After enabling this command on a commander switch, candidate switches will be automatically added as members.

Example:

Enable the auto adding function in the commander switch.

Switch(config)#cluster auto-add

3.3 cluster commander

Command:

cluster commander []

no cluster commander

Function:

Set the switch as a commander switch, and create a cluster.

Parameter:

is the cluster's name, no longer than 32 characters.

Command mode:

Global Mode

Default:

Default setting is no commander switch. cluster_name is null by default.

Usage Guide:

This command sets the role of a switch as commander switch and creates a cluster, which can only be executed on non commander switches. The cluster_name cannot be changed after the switch becoming a commander, and "no cluster commander" should be executed first to do that. The no operation of this command will cancel the commander configuration of the switch.

Example:

Set the current switch as the commander switch and name the cluster as switch.

Switch(config)#cluster commander switch

3.4 cluster ip-pool

Command:

cluster ip-pool

no cluster ip-pool

Function:

Configure private IP address pool for member switches of the cluster.

Parameters :

commander-ip: cluster IP address pool for allocating internal IP addresses of the cluster commander-ip is the head address of the address pool, of which the valid format is 10.x.x.x, in dotted-decimal notation; the address pool should be big enough to hold 128 members, which requires the last byte of addresses to be less than 126(254 - 128 = 126). IP address pool should never be changed with commander configured. The change can only be done after the "no cluster commander" command being executed.

Command mode:

Global Mode

Default:

The default address pool is 10.254.254.1.

Usage Guide:

When candidate switches becomes cluster members, the commander switch allocates a private IP address to each member for the communication within the cluster, and thus to realized its management and maintenance of cluster members. This command can only be used on non-commander switches. Once the cluster established, users can not modify its IP address pool. The NO command of this command will restore the address pool back to default value, which is 10.254.254.1.

Example:

Set the private IP address pool used by cluster member devices as 10.254.254.10

Switch(config)#cluster ip-pool 10.254.254.10

3.5 cluster keepalive interval

Command:

cluster keepalive interval

no cluster keepalive interval

Function:

Configure the time interval of keepalive messages within the cluster.

Parameters:

: keepalive time interval, in seconds, ranging from 3 to 30.

Default:

The default value is 30 seconds.

Command Mode:

Global Configuration Mode.

Usage Guide:

After executing this command on a commander switch, the value of the parameter will be distributed to all member switches via the TCP connections between the commander and members.

After executing it on a non commander switch, the configuration value will be saved but not used until the switch becomes a commander. Before that, its keepalive interval is the one distributed by its commander.

Commander will send DP messages within the cluster once in every keepalive interval. Members will respond to the received DP messages with DR messages.

The no operation of this command will restore the keepalive interval in the cluster back to its default value.

Example:

Set the keepalive interval in the cluster to 10 seconds.

Switch(config)#cluster keepalive interval 10

3.6 cluster keepalive loss-count

Command:

cluster keepalive loss-count

no cluster keepalive loss-count

Function:

Configure the max number of lost keepalive messages in a cluster that can be tolerated.

Parameters:

loss-count: the tolerable max number of lost messages, ranging from 1 to 10.

Default:

The default value is 3.

Command Mode:

Global Configuration Mode

Usage Guide:

After executing this command on a commander switch, the value of the parameter will be distributed to all member switches via the TCP connections between the commander and members.

After executing it on a non commander switch, the configuration value will be saved but not used until the switch becomes a commander. Before that, its loss-count value is the one distributed by its commander.

commander calculates the loss-count after sending each DP message by adding 1 to the loss-count of each switch and clearing that of a switch after receiving a DR message from the latter. When a loss-count reaches the configured value (3 by default) without receiving any DR message, the commander will delete the switch from its candidate chain list.

If the time that a member fails to receive DP messages from the commander reaches loss-count, it will change its status to candidate.

The no operation of this command will restore the tolerable max number of lost keepalive messages in the cluster back to its default value: 3.

Example:

Set the tolerable max number of lost keepalive messages in the cluster to 5.

Switch(config)#cluster keepalive loss-count 5

3.7 cluster member

Command:

cluster member {nodes-sn | mac-address [id ]}

no cluster member {id | mac-address }

Function:

On a commander switch, manually add candidate switches into the cluster created by it.

Parameters:

nodes-sn : all cluster member switches as recorded in a chain list, each with a node sn which can be viewed by "show cluster candidates" command. One or more candidates can be added as member at one time. The valid range of candidate-sn-list is 1\~256.

mac-address : the CPU Mac of candidate switches

member-id : A member id can be specified to a candidate as it becomes a member, ranging from 1 to 128, increasing from 1 by default.

nodes-sn is the automatically generated sn, which may change after the candidate becomes a member. Members added this way will be actually treated as those added in mac-addr mode with all config files in mac-addr mode.

If more than one switch is added as member simultaneously, no member-id is allowed; neither when using nodes-sn mode.

Command Mode:

Global Mode

Usage Guide:

After executing this command, the switch will add those identified in or into the cluster it belongs to. One or more candidates are allowed at one time, linked with '-' or ';' A switch can only be member or commander of one cluster, exclusively. Attempts to execute the command on a non commander switch will return error. The no operation of this command will delete the specified member switch, and turn it back to a candidate.

Example:

In the commander switch, add the candidate switch which has the sequence number as 1. In the commander switch, add the switch whose the mac address is 11-22-33-44-55-66 to member, and the member-id is 5.

Switch(config)#cluster member nodes-sn 1

Switch(config)#cluster member mac-address 11-22-33-44-55-66 id 5

3.8 cluster member auto-to-user

Command:

cluster member auto-to-user

Function:

All members will be deleted when configuring no cluster auto-add. Users need to change automatically added members to manually added ones to keep them.

Command Mode:

Global Mode.

Usage Guide:

Execute this command on a switch to change automatically added members to manually added ones.

Example:

change automatically added members to manually added ones.

Switch(config)#cluster member auto-to-user

3.9 cluster reset member

Command:

cluster reset member [id / mac-address ]

Function:

In the commander switch, this command can be used to reset the member switch.

Parameter:

member-id: ranging from 1 to 128. Use hyphen “-” or semicolon “;” to specify more than one member; if no value is provided, it means to reboot all member switches.

Default:

Boot all member switches.

Command mode:

Admin Mode.

Instructions:

In the commander switch, users can use this command to reset a member switch. If this command is executed in a non-commander switch, an error will be displayed.

Example:

In the commander switch, reset the member switch 1.

Switch#cluster reset member 1

3.10 cluster run

Command:

cluster run [key ][ vid ] no cluster run

Function:

Enable cluster function; the "no cluster run" command disables cluster function.

Parameter:

key : all keys in one cluster should be the same, no longer than 16 characters. vid : vlan id of the cluster, whose range is 1-4094.

Command mode:

Global Mode

Default:

Cluster function is disabled by default, key: NULL(\0) vid : 1.

Instructions:

This command enables cluster function. Cluster function has to be enabled before implementing any other cluster commands. The "no cluster run" disables cluster function. It is recommended that users allocate an exclusive vlan for cluster (such as vlan100)

Note : Routing protocols should be disabled on the layer-3 interface where cluster vlan locates to avoid broadcasting private route of the cluster.

Example:

Disable cluster function in the local switch.

Switch (config)#no cluster run

3.11 cluster update member

Command:

cluster update member [ascii | binary]

Function:

Remotely upgrade member switches from the commander switch.

Parameters:

member-id : ranging from 1 to 128. Use hyphen "-" or semicolon " ; " to specify more than one member;

src-url : the location of source files to be copied;

dst-filename : the specified filename for saving the file in the switch flash;

ascii means that the file transmission follows ASCII standard; binary means that the file transmission follows binary standard, which is de default mode.

when src-url is a FTP address, its form will be: ftp://:@/, in which is the FTP username is the FTP password is the IP address of the FTP server, is the name of the file to be downloaded via FTP.

when src-url is a TFTP address, its form will be: tftp:///, in which is the IP address of the TFTP server is the name of the file to be downloaded via.

Special keywords used in filename:

Keywordssource or destination address
startup-configstart the configuration file
nos.imgsystem file

Command mode:

Admin Mode

Usage Guide:

The commander distributes the remote upgrade command to members via the TCP connections between them, causing the number to implement the remote upgrade and reboot. Trying to execute this command on a non-commander switch will return errors. If users want to upgrade more than one member, these switches should be the same type to avoid boot failure induced by mismatched IMG files.

Example:

Remotely upgrade a member switch from the commander switch, with the member-id being 1, src-ul being ftp://switch:switch@192.168.1.1/nos.img, and dst-url being nos.img

Switch#cluster update member 1 ftp:// switch:switch@192.168.1.1/nos.img nos.img

3.12 debug cluster

Command:

debug cluster {statemachine | application | tcp}

no debug cluster {statemachine | application | tcp}

Function:

Enable the application debug of cluster; the no operation of this command will disable that.

Parameters:

statemachine: print debug information when the switch status changes.

application: print debug information when there are users trying to configure the switch after logging onto it via SNMP, WEB.

tcp: the TCP connection information between the commander members.

Command Mode:

Admin Mode.

Example:

Enable the debug information of status change on the switch.

Swtich#debug cluster statemachine

3.13 debug cluster packets

Command:

debug cluster packets {DP | DR | CP} {receive | send}

no debug cluster packets {DP | DR | CP} {receive | send}

Function:

Enable the debug information; the no command disables the debug switch.

Parameters:

DP: discovery messages.

DR: responsive messages.

CP: command messages.

receive: receive messages.

send: send messages.

Command Mode:

Admin Mode.

Usage Guide:

Enable the debug information of cluster messages. After enabling classification, all DP, DR and CP messages sent or received in the cluster will be printed.

Example:

Enable the debug information of receiving DP messages.

Switch#debug cluster packets DP receive

3.14 show cluster

Command:

show cluster

Function:

Display cluster information of the switch.

Command Mode:

Admin and Configuration Mode.

Example:

Execute this command on switches of different roles.

---in a commander----
Switch#show cluster
Status: Enabled
Cluster VLAN: 1
Role:commander
IP pool:10.254.254.1
Cluster name:MIS_zebra
Keepalive interval:30
Keepalive loss-count: 3
Auto add:Disabled
Number of Members:0
Number of Candidates: 3
---in a member----
Switch#show cluster
Status: Enabled
Cluster VLAN: 1
Role:Member
Commander Ip Address:10.254.254.1
Internal Ip Address:10.254.254.2
Commander Mac Address:00-12-cf-39
--- a candidate----
Switch#show cluster
Status: Enabled
Cluster VLAN: 1
Role:Candidate
--- disabled----
Switch#show cluster
Status: Disabled

3.15 show cluster members

Command:

show cluster members [id | mac-address ]

Function:

Display member information of a cluster. This command can only apply to commander switches.

Parameters:

member-id: member id of the switch.

mac-addr: the CPU mac addresses of member switches.

Default:

No parameters means to display information of all member switches.

Command Mode:

Admin and Configuration Mode.

Usage Guide:

Executing this command on a commander switch will display the configuration information of all cluster member switches.

Example:

Execute this command on a commander switch to display the configuration information of all and specified cluster member switches.

Switch#show cluster members

Member From : User config(U); Auto member (A)

ID From Status

Mac

Hostname

Description

Internal IP

xxx x xxxxxxxxxxxxx12 xx-xx-xx-xx-xx-xx xxxxxxxxxxxxx12 xxxxxxxxxxxxx12 xxx.xxx.xxx.xxx

1 U Inactive

00-01-02-03-04-05 MIS_zebra

SGS-6341-24T4X

10.254.254.2

2 A Active

00-01-02-03-04-05 MIS_bison

SGS-6341-24T4X

10.254.254.3

3 U Active

00-01-02-03-04-05 SRD_jaguar

SGS-6341-24T4X

10.254.254.4

4 A Inactive

00-01-02-03-04-05 HRD_puma

SGS-6341-24T4X

10.254.254.5

Switch#show cluster members id 1

Cluster Members:

ID: 1

Member status: Inactive member (user_config)

IP Address: 10.254.254.2

MAC Address: 00-01-02-03-04-06

Description: SGS-6341-24T4X

Hostname: DSW102

3.16 show cluster candidates

Command:

show cluster candidates [nodes-sn | mac-address ]

Function:

Display the statistic information of the candidate member switches on the command switch

Parameter:

candidate-sn-list : candidate switch sn, ranging from 1 to 256. More than one switch can be specified.

mac-address : mac address of the candidate switch

Default:

No parameters means to display information of all member switches.

Command Mode:

Admin and Configuration Mode.

Usage Guide:

Executing this command on the switch will display the information of the candidate member switches.

Example:

Display configuration information of all cluster candidate switches.

Switch#show cluster candidates

Cluster Candidates:

SN

Mac

Description

Hostname

xxx xx-xx-xx-xx-xx-xx xxxxxxxxxxxxxxxxxxxxxxxx24 xxxxxxxxxxxxxxxxxxxxxxxx24

1 00-01-02-03-04-06 SGS-6341-24T4X

2 01-01-02-03-04-05 SGS-6341-24T4X

MIS_zebra

3.17 show cluster topology

Command:

show cluster topology [root-sn | nodes-sn | mac-address ]

Function:

Display cluster topology information. This command only applies to commander switches.

Parameters:

starting-node-sn : the starting node of the topology.

node-sn-list : the switch node sn.

mac-addr : the CPU mac address of the switch.

No parameters means to display all topology information.

Command Mode:

Admin and Configuration Mode.

Usage Guide:

Executing this command on the commander switch will display the topology information with its starting node specified.

Example:

Execute this command on the commander switch to display the topology information under different conditions.

Switch#show cluster topology

Role: commander(CM);Member(M);Candidate(CA);Other commander(OC);Other member(OM)

LV SN Description Hostname Role MAC_ADDRESS Upstream Upstream leaf

local-port remote-port node

x xxx xxxxxxxxxxxxx12 xxxxxxxxxxxxx12 xx xx-xx-xx-xx-xx-xx xxxxxxxxxxxxx12 xxxxxxxxxxxxx12 x

11 SGS-6341-24T4XLAB_SWITCH_1 CM 01-02-03-04-05-01 -root--root--
2 SGS-6341-24T4XLAB_SWITCH_2 M 01-02-03-04-05-02 eth 1/1eth 1/2N
3 SGS-6341-24T4XLAB_SWITCH_3 CA 01-02-03-04-05-03 eth 1/1eth 1/3Y
4 SGS-6341-24T4XLAB_SWITCH_4 CA 01-02-03-04-05-04 eth 1/1eth 1/4Y
22 SGS-6341-24T4XLAB_SWITCH_2 M 01-02-03-04-05-02 eth 1/1eth 1/2-
5 SGS-6341-24T4XLAB_SWITCH_1 OC 01-02-03-04-05-13 eth 1/1eth 1/2Y
6 SGS-6341-24T4XLAB_SWITCH_1 OM 01-02-03-04-05-14 eth 1/1eth 1/3Y

Switch#show cluster topology root-sn 2

Role: commander(CM);Member(M);Candidate(CA);Other commander(OC);Other member(OM)

SN Description Hostname Role MAC_ADDRESS Upstream Upstream leaf

local-port remote-port node

* 2 SGS-6341-24T4X LAB_SWITCH_2 M 01-02-03-04-05-02 eth 1/1 eth 1/2

5 SGS-6341-24T4X LAB_SWITCH_1 OC 01-02-03-04-05-13 eth 1/1 eth 1/2 Y

6 SGS-6341-24T4X LAB_SWITCH_1 OM 01-02-03-04-05-14 eth 1/1 eth 1/3 Y

Switch#show cluster topology nodes-sn 2

Topology role: Member

Member status: Active member (user-config)

SN: 2

MAC Address: 01-02-03-04-05-02

Description: SGS-6341-24T4X

Hostname : LAB_SWITCH_2

Upstream local-port: eth 1/1

Upstream node: 01-02-03-04-05-01

Upstream remote-port:eth 1/2

Upstream speed: 100full

Switch#

Switch#show cluster topology mac-address 01-02-03-04-05-02

Topology role: Member

Member status: Active member (user-config)

SN: 2

MAC Address: 01-02-03-04-05-02

Description: SGS-6341-24T4X

Hostname : LAB_SWITCH_2

Upstream local-port: eth 1/1

Upstream node: 01-02-03-04-05-01

Upstream remote-port:eth 1/2

Upstream speed: 100full

3.18 rcommand commander

Command:

rcommand commander

Function:

In the member switch, use this command to configure the commander switch.

Command mode:

Admin Mode.

Instructions:

This command is used to configure the commander switch remotely. Users have to telnet the commander switch by passing the authentication. The command "exit" is used to quit the configuration interface of the commander switch. This command can only be executed on member switches.

Example:

In the member switch, enter the configuration interface of the commander switch.

Switch#rcommand commander

3.19 rcommand member

Command:

rcommand member

Function:

In the commander switch, this command is used to remotely manage the member switches in the cluster.

Parameter:

commander the member id allocated by commander to each member, whose range is 1\~128.

Command mode:

Admin Mode.

Usage Guide:

After executing this command, users will remotely login to a member switch and enter Admin Mode on the latter. Use exit to quit the configuration interface of the member. Because of the use of internal private IP, telnet authentication will be omitted on member switches. This command can only be executed on commander switches.

Example:

In the commander switch, enter the configuration interface of the member switch with mem-id 1.

Switch#rcommand member 1

Chapter 4 Commands for Network Port Configuration

4.1 Commands for Ethernet Port Configuration

4.1.1 bandwidth

Command:

bandwidth control {transmit | receive | both}

no bandwidth control

Function:

Enable the bandwidth limit function on the port; the no command disables this function.

Parameter:

is the bandwidth limit, which is shown in Mbps ranging between 1-1000000K; both refers to the bandwidth limit when the port receives and sends data, receive refers to the bandwidth limit will only perform when the switch receives data from out side, while transmit refers to the function will be perform on sending only.

Command Mode:

Port Mode.

Default:

Bandwidth limit disabled by default.

Usage Guide:

When the bandwidth limit is enabled with a size set, the max bandwidth of the port is determined by this size other than by 10/100/1000M. If [both | receive | transmit] keyword is not specified, the default is both.

Planet SGS-6341-48T4X - bandwidth - 1

The bandwidth limit can not exceed the physic maximum speed possible on the port. For example, an 10/100M Ethernet port can not be set to a bandwidth limit at 101000K (or higher), but applicable on a 10/100/1000 port working at a speed of 100M.

Example:

Set the bandwidth limit of 1/1-8 port is 40000K.

Switch(config)#interface ethernet 1/1-8

Switch(Config-If-Port-Range)#bandwidth control 40000 both

4.1.2 combo-forced-mode

Command:

combo-forced-mode { copper-forced | sfp-forced }

Function:

Sets to combo port mode (combo ports only).

Parameters:

copper-forced forces use of copper cable port;

sfp-forced forces use of fiber cable port.

Command mode:

Port Mode.

Default:

The default setting for combo mode of combo ports is sfp-forced.

Usage Guide:

The combo mode of combo ports and the port connection condition determines the active port of the combo ports. A combo port consists of one fiber port and a copper cable port. It should be noted that the speed-duplex command applies to the copper cable port while the negotiation command applies to the fiber cable port, they should not conflict. For combo ports, only one, a fiber cable port or a copper cable port, can be active at a time, and only this port can send and receive data normally.

Note:

  1. Combo port is a conception involving the physical layer and the LLC sublayer of the datalink layer. The status of a combo port will not affect any operation in the MAC sublayer of the datalink layer and upper layers. If the bandwidth limit for a combo port is 1Mbps, then this 1Mbps applies to the active port of this combo port, regardless of the port type being copper or fiber.
  2. If a combo port connects to another combo port, it is recommended for both parties to use copper-forced or fiber-forced mode.
  3. Run show interface under Admin Mode to check for the active port of a combo port .The following result indicates if the active port for a combo port is the fiber (or copper) cable port: Hardware is Gigabit-combo, active is fiber (or copper)

Example:

Setting ports 1/0/21-24 to fiber-forced.

Switch(config)#interface ethernet 1/0/21-24

Switch(Config-Port-Range)#combo-forced-mode sfp-forced

4.1.3 clear counters interface

Command:

clear counters interface [[ethernet <interface-list> / vlan <vlan-id> / port-channel <port-channel-number> / <interface-name>]]

Function:

Clears the statistics of the specified port.

Parameters:

<interface-list> stands for the Ethernet port number;
<vlan-id> stands for the VLAN interface number;
<port-channel-number> for trunk interface number;
<interface-name> for interface name, such as port-channel 1.

Command mode:

Admin Mode.

Default:

Port statistics are not cleared by default.

Usage Guide:

If no port is specified, then statistics of all ports will be cleared.

Example:

Clearing the statistics for Ethernet port1/0/1.

Switch#clear counters interface ethernet 1/0/1

4.1.4 flow control

Command:

flow control
no flow control

Function:

Enables the flow control function for the port: the "no flow control" command disables the flow control function for the port.

Command mode:

Port Mode.

Default:

Port flow control is disabled by default.

Usage Guide:

After the flow control function is enabled, the port will notify the sending device to slow down the sending speed to prevent packet loss when traffic received exceeds the capacity of port cache. Ports support IEEE802.3X flow control; the ports work in half-duplex mode, supporting back-pressure flow control. If flow control results in serious HOL, the switch will automatically start HOL control (discarding some packets in the COS queue that may result in HOL) to prevent drastic degradation of network performance.

Note:

Port flow control function is not recommended unless the users need a slow speed, low performance network with low packet loss. Flow control will not work between different cards in the switch. When enable the port flow control function, speed and duplex mode of both ends should be the same.

Example:

Enabling the flow control function in ports1/0/1-8.

Switch(config)#interface ethernet 1/0/1-8

Switch(Config-Port-Range)#flow control

4.1.5 interface ethernet

Command:

interface ethernet

Function:

Enters Ethernet Port Mode from Global Mode.

Parameters:

stands for port number.

Command mode:

Global Mode

Usage Guide:

Run the exit command to exit the Ethernet Port Mode to Global Mode.

Example:

Enables the loopback test function in an Ethernet port; the "no loopback" command disables the loopback test on an Ethernet port.

Command mode:

Port Mode.

Default:

Loopback test is disabled in Ethernet port by default.

Usage Guide:

Loopback test can be used to verify the Ethernet ports are working normally. After loopback has been enabled, the port will assume a connection established to itself, and all traffic sent from the port will be received at the very same port.

Example:

Enabling loopback test in Ethernet ports 1/0/1-8.

Switch(config)#interface ethernet 1/0/1-8

Switch(Config-If-Port-Range)#loopback

4.1.7 mdi

Command:

mdi { auto | across | normal }

no mdi

Function:

Sets the cable types supported by the Ethernet port; the "no mdi" command sets the cable type to auto-identification.

This command is not supported on combo ports and fiber ports.

Parameters:

auto indicates auto identification of cable types;

across indicates crossover cable support only;

normal indicates straight-through cable support only.

Command mode:

Port Mode.

Default:

Port cable type is set to auto-identification by default.

Usage Guide:

Auto-identification is recommended. Generally, straight-through cable is used for switch-PC connection and crossover cable is used for switch-switch connection.

Example:

Setting the cable type support of Ethernet ports 1/0/1-8 to straight-through cable only.

Switch(config)#interface ethernet 1/0/1-8

Switch(Config-Port-Range)#mdi normal

4.1.8 name

Command:

name <string>
no name

Function:

Set name for specified port; the "no name" command cancels this configuration.

Parameter:

is a character string, which should not exceeds 200 characters.

Command Mode:

Port Mode.

Default:

No port name by default.

Usage Guide:

This command is for helping the user manage switches, such as the user assign names according to the port application, e.g. financial as the name of 1/0/1-2 ports which is used by financial department, engineering as the name of 1/0/9 ports which belongs to the engineering department, while the name of 1/0/12 ports is assigned with Server, which is because they connected to the server. In this way the port distribution state will be brought to the table.

Example:

Specify the name of 1/0/21-24 port as financial.

Switch(config)#interface ethernet 1/0/21-24
Switch(Config-If-Port-Range)#name financial

4.1.9 negotiation

Command:

negotiation {on|off}

Function:

Enables/Disables the auto-negotiation function of a 1000Base-FX port.

Parameters:

on: enables the auto-negotiation; off: disable the auto-negotiation.

Command mode:

Port configuration Mode.

Default:

Auto-negotiation is enabled by default.

Usage Guide:

This command applies to 1000Base-FX interface only. The negotiation command is not available for 1000Base-TX or 100Base-TX interface. For combo port, this command applies to the 1000Base-FX port only but has no effect on the 1000Base-TX port. To change the negotiation mode, speed and duplex mode of 1000Base-TX port, use speed-duplex command instead.

Example:

Port 1 of Switch1 is connected to port 1 of Switch2, the following will disable the negotiation for both ports.

Switch1(config)#interface ethernet1/0/1
Switch1(Config-If-Ethernet1/0/1)#negotiation off
Switch2(config)#interface ethernet1/0/1
Switch2(Config-If-Ethernet1/0/1)#negotiation off

4.1.10 port-rate-statistics interval

Command:

port-rate-statistics interval []

Function:

Set the interval of port-rate-statistics, ranging from 5 to 600.

Parameters:

interval-value: The interval of port-rate-statistics, unit is second, ranging from 5 to 600 with the configuration step of 5.

Command mode:

Global Mode.

Default:

Only port-rate-statistics of 5 seconds and 5 minutes are displayed.

Example:

Count the interval of port-rate-statistics as 20 seconds.

Switch(config)# port-rate-statistics interval 20

4.1.11 port-scan-mode

Command:

port-scan-mode {interrupt | poll}

no port-scan-mode

Function:

Configure the scan mode of the port as "interrupt" or "poll", the no command restores the default scan mode.

Parameters:

interrupt: the interrupt mode; poll: the poll mode.

Command mode:

Global Mode.

Default:

Poll mode.

Usage Guide:

There are two modes that can respond up/down event of the port. The interrupt mode means that interrupt hardware to announce the up/down change, the poll mode means that software poll can obtain the port event, the first mode is rapid. If using poll mode, the convergence time of MRPP is several hundred milliseconds, if using interrupt mode, the convergence time is less than 50 milliseconds.

Notice: The scan mode of the port usually configured as poll mode, the interrupt mode is only used to the environment of the good performance, but the security of the poll mode is better.

Example:

Configure the scan mode of the port as interrupt mode.

Switch(config)# port-scan-mode interrupt

4.1.12 rate-suppression

Command:

rate-suppression {dlf | broadcast | multicast} no rate-suppression {dlf | broadcast | multicast}

Function:

Sets the traffic limit for broadcasts, multicasts and unknown destination unicasts on all ports in the switch; the no command disables this traffic throttle function on all ports in the switch, i.e., enables broadcasts, multicasts and unknown destination unicasts to pass through the switch at line speed.

Parameters:

use dlf to limit unicast traffic for unknown destination; multicast to limit multicast traffic; broadcast to limit broadcast traffic. is the limit of packet number, ranging from 1 to 1488905. For non-10GB ports, the unit of is PPS, that is, the value of is the number of packets allowed to pass per second; for 10GB ports, the unit is KPPS, that is, the value of multiplies 1000 makes the number of packets allowed, so the value should be less than 14880.

Command mode:

Port Mode.

Default:

No limit is set by default. So, broadcasts, multicasts and unknown destination unicasts are allowed to pass at line speed.

Usage Guide:

All ports in the switch belong to a same broadcast domain if no VLAN has been set. The switch will send the above mentioned three traffics to all ports in the broadcast domain, which may result in broadcast storm and so may greatly degrade the switch performance. Enabling Broadcast Storm Control can better protect the switch from broadcast storm. Note the difference of this command in 10Gb ports and other ports. If the allowed traffic is set to 3, this means allow 3,120 packets per second and discard the rest for 10Gb ports. However, the same setting for non-10Gb ports means to allow 3 broadcast packets per second and discard the rest.

Example:

Setting ports 8-10 (1000Mbps) allow 3 broadcast packets per second.

Switch(config)#interface ethernet 1/0/8-10

Switch(Config-Port-Range)#rate-suppression broadcast 3

4.1.13 rate-violation

Command:

rate-violation <200-2000000> [recovery <0-86400>|]

no rate-violation

Function:

Set the max packet reception rate of a port. If the rate of the received packet violates the packet reception rate, shut down this port and configure the recovery time, the default is 300s. The no command will disable the rate-violation function of a port.

The rate-violation means the port received all packets rate (the number of the received packets per second), do not distinguish the packet type.

Parameters:

<200-2000000> the max packet reception rate of a port, the unit is packets/s.

<0-86400>: The interval of recovery after shutdown, the unit is s.

recovery: After a period of time the port can recover shutdown to up again. <0-86400> is the timeout of recovery. For example, if the shutdown of a port happens after the packet reception rate exceeding the limit, the port will be up again when the user-defined timeout expires. The default timeout is 300s, while 0 means the recovery will never happen.

Command Mode:

Interface Mode

Default:

There is no control operation for rate-violation.

Usage Guide:

This command is mainly used to detect the abnormal port flow. For example, when there are a large number of broadcast messages caused by a loopback, which affect the processing of other tasks, the port will be shut down to ensure the normal processing of the switch.

Example:

Set the rate-violation of port 8-10 (GB ports) of the switch as 10000pps and the port recovery time as 1200 seconds.

Switch(config)#interface ethernet 1/0/8-10

Switch(Config-Port-Range)#rate-violation 10000 recovery 1200

4.1.14 show interface

Command:

show interface [ethernet | port-channel | loopback

| vlan | tunnel | ] [detail]

show interface ethernet status

show interface ethernet counter {packet | rate}

Function:

Show information of layer 3 or layer 2 port on the switch

Parameter:

is the VLAN interface number, the value range from 1 to 4094.

is the tunnel number, the value range from 1 to 50.

is the loop back number, the value range from 1 to 1024.

is the port number of the Ethernet, status show important information of all the layer 2 ports.

counter {packet | rate} show package number or rate statistics of all layer 2 ports.

is the number of the aggregation interface,

is the name of the interface such as port-channel1.

[detail] show the detail of the port.

Command Mode:

Admin and Configuration Mode.

Default:

Information not displayed by default

Usage Guide:

While for vlan interfaces, the port MAC address, IP address and the statistic state of the data packet will be shown; for tunnel port, this command will show tunnel interface state and the statistic state of control layer receives/sends tunnel data packet, about the statistic data of physics interface receiving/sending data packet, please refer to show interface ethernet command; for loopback port, this command will show the interface statistic state of IP address and receiving/sending data packet; As for Ethernet port, this command will show port speed rate, duplex mode, flow control switch state, broadcast storm restrain of the port and the statistic state of the data packets; for aggregated port, port speed rate, duplex mode, flow control switch state, broadcast storm restrain of the port and the statistic state of the data packets will be displayed. The information of all ports on the switch will be shown if no port is specified.

Using [detail] to show the detail information for ethernet port and port-channel port, the information is related with the type of switch, board card.

For ethernet port, using status to show important information of all the layer 2 ports by list format. each port is a row, the showing information include port number, Link, Protocol status, Speed, Duplex, Vlan, port type and port name; counter packets show package number statistics of all ethernet ports, include layer 2 unicast, broadcast, multicast, error of input and output redirection package number; counter rate show the rate statistics of all ethernet ports, input and output package number, byte number in 5 minutes and 5 seconds.

Example:

Show the information of VLAN 1

Switch#show interface vlan 1

Vlan1 is up, line protocol is up, dev index is 2005

Device flag 0x1003(UP BROADCAST MULTICAST)

IPv4 address is:

192.168.10.1 255.255.255.0 (Primary)

Hardware is EtherSVI, address is 00-00-00-00-00-01

MTU is 1500 bytes, BW is 0 Kbit

Encapsulation ARPA, loopback not set

5 minute input rate 0 bytes/sec, 0 packets/sec

5 minute output rate 0 bytes/sec, 0 packets/sec

The last 5 second input rate 0 bytes/sec, 0 packets/sec

The last 5 second output rate 0 bytes/sec, 0 packets/sec

Input packets statistics:

Input queue 0/600, 0 drops

0 packets input, 0 bytes, 0 no buffer

0 input errors, 0 CRC, 0 frame alignment, 0 overrun

0 ignored, 0 abort, 0 length error

Output packets statistics:

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 late collisions

Show the information of loopback 1: 

Switch#show interface loopback 1
Loopback1 is up, line protocol is up, dev index is 2006
Device flag 0x100b(UP BROADCAST LOOP MULTICAST)
IPv4 address is:
1.1.1.1 255.255.255.255 (Primary)
MTU is 1500 bytes, BW is 0 Kbit
5 minute input rate 0 bytes/sec, 0 packets/sec
5 minute output rate 0 bytes/sec, 0 packets/sec
The last 5 second input rate 0 bytes/sec, 0 packets/sec
The last 5 second output rate 0 bytes/sec, 0 packets/sec
Input packets statistics:
Input queue 0/600, 0 drops
0 packets input, 0 bytes, 0 no buffer
0 input errors, 0 CRC, 0 frame alignment, 0 overrun
0 ignored, 0 abort, 0 length error
Output packets statistics:
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 late collisions

Show the information of tunnel 1: 

Switch#show interface tunnel 1
Tunnel1 is up, line protocol is up, dev index is 2007
Device flag 0x91(UP P2P NOARP)
IPv4 address is:
(NULL)
5 minute input rate 0 bytes/sec, 0 packets/sec
5 minute output rate 0 bytes/sec, 0 packets/sec
The last 5 second input rate 0 bytes/sec, 0 packets/sec
The last 5 second output rate 0 bytes/sec, 0 packets/sec

Input packets statistics:

Input queue 0/600, 0 drops

0 packets input, 0 bytes, 0 no buffer

0 input errors, 0 CRC, 0 frame alignment, 0 overrun

0 ignored, 0 abort, 0 length error

Output packets statistics:

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 late collisions

Show the information of port 1/0/1:

Switch#show interface e1/0/1

Switch#show interface e1/0/1

Ethernet1/0/1 is up, line protocol is down

Ethernet1/0/1 is layer 2 port, alias name is (null), index is 1

Hardware is Gigabit-TX, address is 00-30-4f-02-fc-01

PVID is 1

MTU 1500 bytes, BW 10000 Kbit

Encapsulation ARPA, Loopback not set

Auto-duplex: Negotiation half-duplex, Auto-speed: Negotiation 10M bits

FlowControl is off, MDI type is auto

5 minute input rate 0 bytes/sec, 0 packets/sec

5 minute output rate 0 bytes/sec, 0 packets/sec

The last 5 second input rate 0 bytes/sec, 0 packets/sec

The last 5 second output rate 0 bytes/sec, 0 packets/sec

Input packets statistics:

0 input packets, 0 bytes, 0 no buffer

0 unicast packets, 0 multicast packets, 0 broadcast packets

0 input errors, 0 CRC, 0 frame alignment, 0 overrun, 0 ignored

0 abort, 0 length error, 0 pause frame

Output packets statistics:

0 output packets, 0 bytes, 0 underruns

0 unicast packets, 0 multicast packets, 0 broadcast packets

0 output errors, 0 collisions, 0 late collisions, 0 pause frame

Show the important information of all layer 2 ports:

Switch#show interface ethernet status

Codes: A-Down - administratively down, a - auto, f - force, G - Gigabit

Interface Link/Protocol Speed Duplex Vlan Type Alias Name

1/0/1 UP/UP f-100M f-full 1 G-TX

1/0/2 UP/UP a-100M a-full trunk G-TX

1/0/3UP/DOWNautoauto1G-TX
1/0/4A-Down/DOWNautoauto1G-TX
...

Show the package number statistics information of all layer 2 ports:

Switch#Show interface ethernet counter packet

InterfaceUnicast(pkts)Broadcast(pkts)MultiCast(pkts)Err(pkts)
1/0/1IN12,345,67812,345,678,912,345,678,94,567
OUT23,456,78934,567,8905,6780
1/0/2IN0000
OUT0000
1/0/3IN0000
OUT0000
1/0/4IN0000
OUT0000

Show the rate statistics information of all layer 2 ports:

Switch # Show interface ethernet counter rate

InterfaceIN(pkts/s)IN(bytes/s)OUT(pkts/s)OUT(bytes/s)
1/0/15m13,47312,345,67812,3451,234,567
5s13565,80024592,600
1/0/25m00000
5s0000
1/0/35m0000
5s0000
1/0/45m0000
5s0000
...

4.1.15 shutdown

Command:

shutdown

no shutdown

Function:

Shuts down the specified Ethernet port; the "no shutdown" command opens the port.

Command mode:

Port Mode.

Default:

Ethernet port is open by default.

Usage Guide:

When Ethernet port is shut down, no data frames are sent in the port, and the port status displayed when the user types the "show interface" command is "down".

Example:

speed-duplex {auto | force10-half | force10-full | force100-half | force100-full | force100-fx [module-type {auto-detected | no-phy-integrated | phy-integrated}] | {{force1g-half | force1g-full} [nonegotiate [master | slave]]}}  
no speed-duplex

Function:

Sets the speed and duplex mode for 1000Base-TX, 100Base-TX or 100Base-FX ports; the "no speed-duplex" command restores the default speed and duplex mode setting, i.e., auto speed negotiation and duplex.

Parameters:

auto is the auto speed and duplex negotiation, 10 is 10Mbps speed, 100 is 100Mbps speed, 1000 is 1000Mbps speed, auto is duplex negotiation, full is full-duplex, half is half-duplex; force10-half is the forced 10Mbps at half-duplex mode; force10-full is the forced 10Mbps at full-duplex mode; force100-half is the forced 100Mbps at half-duplex mode; force100-full is the forced 100Mbps at full-duplex mode; force100-fx is the forced 100Mbps at full-duplex mode; module-type is the type of 100Base-FX module; auto-detected: automatic detection; no-phy-integrated: there is no phy-integrated 100Base-FX module; phy-integrated: phy-integrated 100Base-FX module; force1g-half is the forced 1000Mbps speed at half-duplex mode; force1g-full is the forced 1000Mbps speed at full-duplex mode; nonegotiate disables auto-negotiation forcibly for 1000Mb port; master forces the 1000Mb port to be master mode; slave forces the 1000Mb port to be slave mode. force10g-full is the forced 10000Mbps speed at full-duplex mode.

Command mode:

Port Mode.

Default:

Auto-negotiation for speed and duplex mode is set by default.

Usage Guide:

This command is configures the port speed and duplex mode. When configuring port speed and duplex mode, the speed and duplex mode must be the same as the setting of the remote end, i.e., if the remote device is set to auto-negotiation, then auto-negotiation should be set at the local port. If the remote end is in forced mode, the same should be set in the local end.

1000Gb ports are by default master when configuring nonegotiate mode. If one end is set to master mode, the other end must be set to slave mode.

force1g-half is not supported yet.

Example:

Port 1 of SwitchA is connected to port 1 of SwitchB, the following will set both ports in forced 100Mbps at half-duplex mode.

SwitchA(config)#interface ethernet1/0/1

SwitchA(Config-If-Ethernet1/0/1)#speed-duplex force100-half

SwitchB(config)#interface ethernet1/0/1

SwitchB(Config-lf-Ethernet1/0/1)#speed-duplex force100-half

4.1.17 virtual-cable-test

Command:

virtual-cable-test

Function:

Test the link of the twisted pair cable connected to the Ethernet port. The response may include: well, short, open, fail. If the test information is not well, the location of the error will be displayed (how many meters it is away from the port).

Command mode:

Port Configuration Mode.

Default:

No link test.

Usage Guide:

The RJ-45 port connected with the twisted pair under test should be in accordance with the wiring sequence rules of IEEE802.3, or the wire pairs in the test result may not be the actual ones. On a 100M port, only two pairs are used: (1, 2) and (3, 6), whose results are the only effective ones. If a 1000M port is connected to a 100M port, the results of (4, 5) and (7, 8) will be of no meaning. The result may have deviations according to the type of the twisted pair, the temperature, working voltage and other conditions. When the temperature is 20 degree Celsius, and the voltage is stable without interference, and the length of the twisted pair is no longer than 100 meters, a deviation of +/-2 meters is allowed. Notice: the test procedure will block all data flow on the line for 5-10 seconds, and then restore the original status.

Notice: combo port support VCT function detection only at copper cable port mode.

568A wiring sequence: (1 green white, 2 green), (3 orange white, 6 orange), (4 blue, 5 blue white), (7 brown white, 8 brown).

568B wiring sequence: (1 orange white, 2 orange), (3 green white, 6 green), (4 blue, 5 blue white), (7 brown white, 8 brown).

Example:

Test the link status of the twisted pair connected to the 1000M port 1/0/25.

Switch(config)#interface ethernet 1/0/25

Switch(Config-If-Ethernet1/0/25)#virtual-cable-test

Interface Ethernet1/0/25:

Cable pairs

Cable status

Chapter 5 Commands for Port Isolation Function

5.1 isolate-port group

Command:

isolate-port group

no isolate-port group

Function:

Set a port isolation group, which is the scope of isolating ports; the no operation of this command will delete a port isolation group and remove all ports out of it.

Parameters:

is the name identification of the group, no longer than 32 characters.

Command Mode:

Global Mode.

Usage Guide:

Users can create different port isolation groups based on their requirements. For example, if a user wants to isolate all downlink ports in a vlan of a switch, he can implement that by creating a port isolation group and adding all downlink ports of the vlan into it. No more than 16 port isolation groups can a switch have. When the users need to change or redo the configuration of the port isolation group, he can delete the existing group with the no operation of this command.

Example:

Create a port isolation group and name it as "test".

Switch>enable

Switch#config

Switch(config)#isolate-port group test

5.2 isolate-port group switchport interface

Command:

isolate-port group switchport interface [ethernet | port-channel] no isolate-port group switchport interface [ethernet | port-channel]

Function:

Add one port or a group of ports into a port isolation group to isolate, which will become isolated from the other ports in the group. The no operation of this command will remove one port or a group of ports out of a port isolation group, which will be able to communicate will ports in that group normally. If the ports removed from the group still belong to another port isolation group, they will remain isolated from the ports in that group. If an Ethernet port is a member of a convergence group, it should not be added into a port isolation group, and vice versa, a member of a port isolation group should not be added into an aggregation group. But one port can be a member of one or more port isolation groups.

Parameters:

is the name identification of the group, no longer than 32 characters. If there is no such group with the specified name, create one; ethernet means that the ports to be isolated is Ethernet ones, followed by a list of Ethernet ports, supporting symbols like "," and "-". For example: "ethernet 1/1;3;4-7;8" is the name of the interface, such as e1/0/1. If users use interface name, the parameter of ethernet will not be required.

Command Mode:

Global Mode.

Usage Guide:

Users can add Ethernet ports into or remove them from a port isolation group according to their requirements. When an Ethernet port is a member of more than one port isolate group, it will be isolated from every port of all groups it belongs to.

Example:

Add Ethernet ports 1/0/1-2 and 1/0/5 into a port isolation group named as "test".

Switch(config)#isolate-port group test switchport interface ethernet 1/0/1-2; 1/0/5

5.3 isolate-port apply

Command:

isolate-port apply []

Function:

This command will apply the port isolation configuration to isolate layer-2 flows, layer-3 flows or all flows.

Parameters:

the flow to be isolated, I2 means isolating layer-2 flows, I3 means isolating layer-3 flows, all means isolating all flows.

Command Mode:

Global Mode.

Default:

Isolate all flows.

Usage Guide:

User can apply the port isolation configuration to isolate layer-2 flows, layer-3 flows or all flows according to their requirements.

Example:

Only apply port isolation to layer-2 flows on the switch.

Switch(config)#isolate-port apply I2

5.4 show isolate-port group

Command:

show isolate-port group []

Function:

Display the configuration of port isolation, including all configured port isolation groups and Ethernet ports in each group.

Parameters:

the name identification of the group, no longer than 32 characters; no parameter means to display the configuration of all port isolation groups.

Command Mode:

Admin Mode and Global Mode.

Default:

Display the configuration of all port isolation groups.

Usage Guide:

Users can view the configuration of port isolation with this command.

Example:

Display the port isolation configuration of the port isolation group named as "test".

Switch(config)#show isolate-port group test

Isolate-port group test

The isolate-port Ethernet1/0/5

The isolate-port Ethernet1/0/2

Chapter 6 Commands for Port Loopback Detection Function

6.1 debug loopback-detection

Command:

debug loopback-detection

Function:

After enabling the loopback detection debug on a port, BEBUG information will be generated when sending, receiving messages and changing states.

Default:

Disabled by default.

Command Mode:

Admin Mode.

Usage Guide:

Display the message sending, receiving and state changes with this command.

Example:

Switch#debug loopback-detection

%Jan 01 03:29:18 2006 Send loopback detection probe packet:dev Ethernet1/0/10, vlan id 1

%Jan 01 03:29:18 2006 Send loopback detection probe packet:dev Ethernet 1/0/10, vlan id 2

6.2 loopback-detection control

Command:

loopback-detection control {shutdown |block| learning}

no loopback-detection control

Function:

Enable the function of loopback detection control on a port, the no operation of this command will disable the function.

Parameters:

shutdown set the control method as shutdown, which means to close down the port if a port loopback is found.

block set the control method as block, which means to block a port by allowing bpdu and loopback detection messages only if a port loopback is found.

learning disable the control method of learning MAC addresses on the port, not forwarding traffic and delete the MAC address of the port.

Default:

Disable the function of loopback diction control.

Command Mode:

Port Mode.

Usage Guide:

If there is any loopback, the port will not recovery the state of be controlled after enabling control operation on the port. If the overtime is configured, the ports will recovery normal state when the overtime is time-out. If the control method is block, the corresponding relationship between instance and vlan id should be set manually by users, it should be noticed when be used.

Example:

Enable the function of loopback detection control under port1/0/2 mode.

Switch(config)#interface ethernet 1/0/2

Switch(Config-If-Ethernet1/0/2)#loopback-detection control shutdown

Switch (Config-If-Ethernet1/0/2)#no loopback-detection control

6.3 loopback-detection control-recovery timeout

Command:

loopback-detection control-recovery timeout <0-3600>

Function:

This command is used to recovery to uncontrolled state after a special time when a loopback being detected by the port entry be controlled state.

Parameters:

<0-3600> second is recovery time for be controlled state, 0 is not recovery state.

Default:

The recovery is not automatic by default.

Command Mode:

Global Configuration Mode.

Usage Guide:

When a port detects a loopback and works in control mode, the ports always work in control mode and not recover. The port will not sent packet to detection in shutdown mode, however, the port will sent loopback-detection packet to detection whether have loopback in block or learning mode. If the recovery time is configured, the ports will recovery normal state when the overtime is time-out. The recovery time is a useful time for shutdown control mode, because the port can keep on detection loopback in the other modes, so suggest not to use this command.

Example:

Enable automatic recovery of the loopback-detection control mode after 30s.

Switch(config)# loopback-detection control-recovery timeout 30

6.4 loopback-detection interval-time

Command:

loopback-detection interval-time no loopback-detection interval-time

Function:

Set the loopback detection interval. The no operate closes the loopback detection interval function.

Parameters:

the detection interval if any loopback is found, ranging from 5 to 300, in seconds. the detection interval if no loopback is found, ranging from 1 to 30, in seconds.

Default:

The default value is 5s with loopbacks existing and 3s otherwise.

Command Mode:

Global Mode.

Usage Guide:

When there is no loopback detection, the detection interval can be relatively shorter, for too short a time would be a disaster for the whole network if there is any loopback. So, a relatively longer interval is recommended when loopbacks exist.

Example:

Set the loopback diction interval as 35, 15.

Switch(config)#loopback-detection interval-time 35 15

6.5 loopback-detection specified-vlan

Command:

loopback-detection specified-vlan no loopback-detection specified-vlan []

Function:

Enable the function of loopback detection on the port and specify the VLAN to be checked; the no operation of this command will disable the function of detecting loopbacks through this port or the specified VLAN.

Parameters:

the list of VLANs allowed passing through the port. Given the situation of a trunk port, the specified VLANs can be checked. So this command is used to set the vlan list to be checked.

Default:

Disable the function of detecting the loopbacks through the port.

Command Mode:

Port Mode.

Usage Guide:

If a port can be a TRUNK port of multiple Vlans, the detection of loopbacks can be implemented on the basis of port+Vlan, which means the objects of the detection can be the specified Vlans on a port. If the port is an ACCESS port, only one Vlan on the port is allowed to be checked despite the fact that multiple Vlans can be configured. This function is not supported under Port-channel.

Examples:

Enable the function of loopback detection under port 1/0/2 mode.

Switch(config)#interface ethernet 1/0/2
Switch(Config-If-Ethernet1/0/2)#switchport mode trunk
Switch(Config-If-Ethernet1/0/2)#switchport trunk allowed vlan all
Switch(Config-If-Ethernet1/0/2)#loopback-detection specified-vlan 1;3;5-20
Switch(Config-If-Ethernet1/0/2)#no loopback-detection specified-vlan 1;3;5-20

6.6 show loopback-detection

Command:

show loopback-detection [interface ]

Function:

Display the state of loopback detection on all ports if no parameter is provided, or the state and result of the specified ports according to the parameters.

Parameters:

the list of ports to be displayed, for example: ethernet 1/0/1.

Command Mode:

Admin and Configuration Mode.

Usage Guide:

Display the state and result of loopback detection on ports with this command.

Example:

Display the state of loopback detection on port 4.

Switch(config)#show loopback-detection interface Ethernet 1/0/4

loopback detection config and state information in the switch!

PortName

Loopback Detection

Control Mode

Is Controlled

Ethernet1/0/4

Enable

Shutdown

No

Chapter 7 Commands for ULDP

7.1 debug uldp

Command:

debug uldp (hello | probe | echo | unidir | all) [receive | send] interface [ethernet] IFNAME no debug uldp (hello | probe | echo | unidir | all) [receive | send] interface [ethernet] IFNAME

Function:

Enable the debugging for receiving and sending the specified packets or all ULDP packets on port. After enable the debugging, show the information of the received and sent packets in terminal. The no command disables the debugging.

Parameters:

hello: packet's type is hello, it's announcement packet, including common announcement packet, RSY and Flush packet probe: packet's type is probe, it's detection packet echo: packet's type is echo, it means response of detection packet unidir: packet's type is unidir, it's announcement packet that discover the single link all: All ULDP packets Admin Configuration Mode.

Default:

Disabled

Example:

With this command, user can check probe packets received by port 1/0/2.

Switch# debug uldp probe receive interface ethernet 1/0/2

7.2 debug uldp error

Command:

debug uldp error

no debug uldp error

Function:

Enable the error message debug function, the no form command disable the function.

Command Mode:

Admin Mode.

Default:

Disabled.

Usage Guide:

Use this command to display the error message.

Example:

Display the error message.

Switch#debug uldp error

7.3 debug uldp event

Command:

debug uldp event

no debug uldp event

Function:

Enable the message debug function to display the event; the no form command disables this function.

Command Mode:

Admin Mode.

Default:

Disabled.

Usage Guide:

Use this command to display all kinds of event information.

Example:

Display event information.

Switch# debug uldp event

7.4 debug uldp fsm interface ethernet

Command:

debug uldp fsm interface ethernet

no debug uldp fsm interface ethernet

Function:

To enable debugging information for ULDP for the specified interface. The no form of this command will disable the debugging information.

Parameters:

is the interface name.

Command Mode:

Admin Configuration Mode.

Default:

Disabled by default.

Usage Guide:

This command can be used to display the information about state transitions of the specified interfaces.

Example:

Print the information about state transitions of interface ethernet 1/0/1.

Switch#debug uldp fsm interface ethernet 1/0/1

7.5 debug uldp interface ethernet

Command:

debug uldp {hello|probe|echo|unidir|all}[receive|send] interface ethernet no debug uldp {hello|probe|echo|unidir|all}[receive|send] interface ethernet

Function:

Enable the debug function of display the packet details. After that, display some kinds of the packet details of terminal interface.

Parameter:

: Name of the interface.

Command Mode:

Admin Mode.

Default:

Disabled.

Usage Guide:

Use this command to display the Hello packet details receiving on the interface Ethernet 1/0/1.

Switch# debug uldp hello receive interface Ethernet 1/0/1

7.6 debug uldp packet

Command:

debug uldp packet [receive|send]

no debug uldp packet [receive|send]

Function:

Enable receives and sends packet debug function, after that. Display the type and interface of the packet which receiving and sending on the client. The no form command disables this function.

Command Mode:

Admin Mode.

Default:

Disabled.

Usage Guide:

Use this command to display the packet that receiving on each interface.

Switch# debug uldp packet receive

7.7 uldp aggressive-mode

Command:

uldp aggressive-mode

no uldp aggressive-mode

Function:

To configure ULDP to work in aggressive mode. The no form of this command will restore the normal mode.

Command Mode:

Global Configuration Mode and Port Configuration Mode.

Default:

Normal mode.

Usage Guide:

The ULDP working mode can be configured only if it is enabled globally. When ULDP aggressive mode is enabled globally, all the existing fiber ports will work in aggressive mode. For the copper ports and fiber ports which are available after the configuration is available, aggressive mode should be enabled in port configuration mode.

Example:

To enable ULDP aggressive mode globally.

Switch(config)# uldp aggressive-mode

7.8 uldp enable

Command:

uldp enable

Function:

ULDP will be enabled after issuing this command. In global configuration mode, this command will enable ULDP for the global. In port configuration mode, this command will enable ULDP for the port.

Command Mode:

Global Configuration Mode and Port Configuration Mode.

Default:

By default ULDP is not configured.

Usage Guide:

ULDP can be configured for the ports only if ULDP is enabled globally. If ULDP is enabled globally, it will be effect for all the existing fiber ports. For copper ports and fiber ports which are available after ULDP is enabled, this command should be issued in the port configuration mode to make ULDP be effect.

Example:

To enable ULDP in global configuration mode.

Switch(config)#uldp enable

7.9 uldp disable

Command:

uldp disable

Function:

To disable ULDP configuration through this command.

Parameters:

None.

Command Mode:

Global Configuration Mode and Port Configuration Mode.

Default:

By default ULDP is not configured.

Usage Guide:

When ULDP is disabled globally, then ULDP in all the ports will be disabled.

Example:

To disable the ULDP configuration in global configuration mode.

Switch(config)#uldp disable

7.10 uldp hello-interval

Command:

uldp hello-interval

no uldp hello-interval

Function:

To configure the interval for ULDP to send hello messages. The no form of this command will restore the default interval for the hello messages.

Parameters:

: The interval for the Hello messages, with its value limited between 5 and 100 seconds, 10 seconds by default.

Command Mode:

Global Configuration Mode.

Default:

10 seconds by default.

Usage Guide:

Interval for hello messages can be configured only if ULDP is enabled globally, its value limited between 5 and 100 seconds.

Example:

To configure the interval of Hello messages to be 12 seconds.

Switch(config)# uldp hello-interval 12

7.11 uldp manual-shutdown

Command:

uldp manual-shutdown

no uldp manual-shutdown

Function:

To configure ULDP to work in manual shutdown mode. The no command will restore the automatic mode.

Command Mode:

Global Configuration Mode.

Default:

Auto mode.

Usage Guide:

This command can be issued only if ULDP has been enabled globally.

Example:

To enable manual shutdown globally.

Switch(config)# uldp manual-shutdown

7.12 uldp reset

Command:

uldp reset

Function:

To reset the port when ULDP is shutdown.

Command Mode:

Globally Configuration Mode and Port Configuration Mode.

Usage Guide:

This command can only be effect only if the specified interface is disabled by ULDP.

Example:

To reset all the port which are disabled by ULDP.

Switch(config)# uldp reset

7.13 show uldp

Command:

show uldp [interface ethernet]

Function:

To show the global ULDP configuration and status information of interface. If is specified, ULDP configuration and status about the specified interface as well as its neighbors' will be displayed.

Parameters:

is the interface name.

Command Mode:

Admin and Configuration Mode.

Default:

None.

Usage Guide:

If no parameters are appended, the global ULDP information will be displayed. If the interface name is specified, information about the interface and its neighbors will be displayed along with the global information.

Example:

To display the global ULDP information.

Switch(config)# show uldp

Chapter 8 Commands for LLDP Function

8.1 clear lldp remote-table

Command:

clear lldp remote-table

Function:

Clear the Remote-table on the port.

Default:

Do not clear the entries.

Command Mode:

Port Configuration Mode.

Usage Guide:

Clear the Remote table entries on this port.

Example:

Clear the Remote table entries on this port.

Switch (Config-Ethernet 1/0/1) # clear lldp remote-table

8.2 debug lldp

Command:

debug lldp

no debug lldp

Function:

Enable the debug information of LLDP function, the no operation of this command will disable the debug information of LLDP function.

Default:

Disable the debug information of LLDP function.

Command Mode:

Admin Mode.

Usage Guide:

When the debug switch is enabled, users can check the receiving and sending of packets and other information.

Example:

Enable the debug switch of LLDP function on the switch.

Switch(config)#debug lldp

8.3 debug lldp packets

Command:

debug lldp packets interface ethernet no debug lldp packets interface ethernet

Function:

Display the message-receiving and message-sending information of LLDP on the port; the no operation of this command will disable the debug information switch.

Default:

Disable the debug information on the port.

Command Mode:

Admin Mode.

Usage Guide:

When the debug switch is enabled, users can check the receiving and sending of packets and other information on the port.

Example:

Enable the debug switch of LLDP function on the switch.

Switch(config)# debug lldp packets interface ethernet 1/0/1
%Jan 01 00:02:40 2006 LLDP-PDU-TX    PORT= ethernet 1/0/1.

8.4 lldp enable

Command:

Ildp enable Ildp disable

Function:

Globally enable LLDP function; disable command globally disables LLDP function.

Default:

Disable LLDP function.

Command Mode:

Global Mode.

Usage Guide:

If LLDP function is globally enabled, it will be enabled on every port.

Example:

Enable LLDP function on the switch.

Switch(config)# lldp enable

8.5 lldp enable (Port)

Command:

Ildp enable

lldp disable

Function:

Enable the LLDP function module of ports in port configuration mode; disable command will disable the LLDP function module of port.

Default:

the LLDP function module of ports is enabled by default in port configuration mode.

Command Mode:

Port Configuration Mode.

Usage Guide:

When LLDP is globally enabled, it will be enabled on every port, the switch on a port is used to disable this function when it is unnecessary on the port.

Example:

Disable LLDP function of port on the port ethernet 1/0/5 of the switch.

Switch(config)#in ethernet 1/0/5

Switch(Config-if-ethernet 1/0/5)#lldp disable

8.6 lldp mode

Command:

lldp mode

Function:

Configure the operating state of LLDP function of the port.

Parameters:

send: Configure the LLDP function as only being able to send messages. receive: Configure the LLDP function as only being able to receive messages. both: Configure the LLDP function as being able to both send and receive messages. disable: Configure the LLDP function as not being able to send or receive messages.

Default:

The operating state of the port is "both".

Command Mode:

Port Configuration Mode.

Usage Guide:

Choose the operating state of the lldp Agent on the port.

Example:

Configure the state of port ethernet 1/0/5 of the switch as "receive".

Switch(config)#in ethernet 1/0/5

Switch(Config-if-Ethernet 1/0/5)#Ildp mode receive

8.7 lldp msgTxHold

Command:

Ildp msgTxHold

no lldp msgTxHold

Function:

Set the multiplier value of the aging time carried by update messages sent by the all ports with

LLDP function enabled, the value ranges from 2 to 10.

Parameters:

is the aging time multiplier, ranging from 2 to 10.

Default:

the value of the multiplier is 4 by default.

Command Mode:

Global Mode.

Usage Guide:

After configuring the multiplier, the aging time is defined as the product of the multiplier and the interval of sending messages, and its maximum value is 65535 seconds.

Example:

Set the value of the aging time multiplier as 6.

Switch(config)#lldp msgTxHold 6

8.8 lldp neighbors max-num

Command:

Ildp neighbors max-num < value >

no lldp neighbors max-num

Function:

Set the maximum number of entries can be stored in Remote MIB.

Parameters:

is the configured number of entries, ranging from 5 to 500.

Default:

The maximum number of entries can be stored in Remote MIB is 100.

Command Mode:

Port Configuration Mode.

Usage Guide:

The maximum number of entries can be stored in Remote MIB.

Example:

Set the Remote as 200 on port ethernet 1/0/5 of the switch.

Switch(config)#in ethernet 1/0/5

Switch(Config-if-ethernet 1/0/5)# lldp neighbors max-num 200

8.9 lldp notification interval

Command:

lldp notification interval

no lldp notification interval

Function:

When the time interval ends, the system is set to check whether the Remote Table has been changed. If it has, the system will send Trap to the SNMP management end.

Parameters:

is the time interval, ranging from 5 to 3600 seconds.

Default:

The time interval is 5 seconds.

Command Mode:

Global Mode.

Usage Guide:

After configuring the notification time interval, a "trap" message will be sent at the end of this time interval whenever the Remote Table changes.

Example:

Set the time interval of sending Trap messages as 20 seconds.

Switch(config)# lldp notification interval 20

8.10 lldp tooManyNeighbors

Command:

lldp tooManyNeighbors {discard|delete}

Function:

Set which operation will be done when the Remote Table is full.

Parameters:

discard: discard the current message.

delete: Delete the message with the least TTL in the Remoter Table.

Default:

Discard.

Command Mode:

Port Configuration Mode.

Usage Guide:

When the Remote MIB is full, Discard means to discard the received message; Delete means to the message with the least TTL in the Remoter Table.

Example:

Set port ethernet 1/0/5 of the switch as delete.

Switch(config)#in ethernet 1/0/5

Switch(Config-if-ethernet 1/0/5)# lldp tooManyNeighbors delete

8.11 lldp transmit delay

Command:

Ildp transmit delay

no lldp transmit delay

Function:

Since local information might change frequently because of the variability of the network environment, there could be many update messages sent in a short time. So a delay is required to guarantee an accurate statistics of local information.

When transmit delay is the default value and tx-interval is configured via some commands, transmit delay will become one fourth of the latter, instead of the default 2.

Parameters:

is the time interval, ranging from 1 to 8192 seconds.

Default:

The interval is 2 seconds by default.

Command Mode:

Global Mode.

Usage Guide:

When the messages are being sent continuously, a sending delay is set to prevent the Remote information from being updated repeatedly due to sending messages simultaneously.

Example:

Set the delay of sending messages as 3 seconds.

Switch(config)# lldp transmit delay 3

8.12 lldp transmit optional tlv

Command:

Ildp transmit optional tlv [portDesc] [sysName] [sysDesc] [sysCap]

no lldp transmit optional tlv

Function:

Configure the type of optional TLV of the port.

Parameters:

portDesc: the description of the port; sysName: the system name; sysDesc: The description of the system; sysCap: the capability of the system.

Default:

The messages carry no optional TLV by default.

Command Mode:

Port Configuration Mode.

Usage Guide:

When configuring the optional TLV, each TLV can only appear once in a message, portDesc optional TLV represents the name of local port; sysName optional TLV represents the name of local system; sysDesc optional TLV represents the description of local system; sysCap optional TLV represents the capability of local system.

Example:

Configure that port ethernet 1/0/5 of the switch carries portDesc and sysCap TLV.

Switch(config)#in ethernet 1/0/5

Switch(Config-if-ethernet 1/0/5)# lldp transmit optional tlv portDesc sysCap

8.13 lldp trap

Command:

lldp trap

Function:

enable: configure to enable the Trap function on the specified port;
disable: configure to disable the Trap function on the specified port.

Default:

The Trap function is disabled on the specified port by default.

Command Mode:

Port Configuration Mode.

Usage Guide:

The function of sending Trap messages is enabled on the port.

Example:

Enable the Trap function on port ethernet 1/0/5 of the switch.

Switch(config)#in ethernet 1/0/5

Switch(Config-if-ethernet 1/0/5)# lldp trap enable

8.14 lldp tx-interval

Command:

lldp tx-interval

no lldp tx-interval

Function:

Set the interval of sending update messages on all the ports with LLDP function enabled, the value of which ranges from 5 to 32768 seconds and is 30 seconds by default.

Parameters:

is the interval of sending updating messages, ranging from 5 to 32768 seconds.

Default:

30 seconds.

Command Settings:

Global Mode.

Usage Guide:

After configuring the interval of sending messages, LLDP messages can only be received after a period as long as configured. The interval should be less than or equal with half of aging time, for a too long interval will cause the state of being aged and reconstruction happen too often; while a too short interval will increase the flow of the network and decrease the bandwidth of the port. The value of the aging time of messages is the product of the multiplier and the interval of sending messages. The maximum aging time is 65535 seconds.

When tx-interval is the default value and transmit delay is configured via some commands, tx-interval will become four times of the latter, instead of the default 40.

Example:

Set the interval of sending messages as 40 seconds.

Switch(config)# lldp tx-interval 40

8.15 show debugging lldp

Command:

show debugging lldp

Function:

Display all ports with lldp debug enabled.

Command Mode:

Admin and Configuration Mode.

Usage Guide:

With show debugging lldp, all ports with lldp debug enabled will be displayed.

Example:

Display all ports with lldp debug enabled.

Switch(config)#show debugging lldp
====BEGINNING OF LLDP DEBUG SETTINGS===
debug lldp
debug lldp packets interface Ethernet1/0/1
debug lldp packets interface Ethernet1/0/2
debug lldp packets interface Ethernet1/0/3
debug lldp packets interface Ethernet1/0/4
debug lldp packets interface Ethernet1/0/5
====END OF DEBUG SETTINGS====

8.16 show lldp

Command:

show lldp

Function:

Display the configuration information of global LLDP, such as the list of all the ports with LLDP enabled, the interval of sending update messages, the configuration of aging time, the interval needed by the sending module to wait for re-initialization, the interval of sending TRAP, the limitation of the number of the entries in the Remote Table.

Default:

Do not display the configuration information of global LLDP.

Command Mode:

Admin Mode, Global Mode.

Usage Guide:

Users can check all the configuration information of global LLDP by using "show lldp".

Example:

Check the configuration information of global LLDP after it is enabled on the switch.

Switch(config)#show lldp
----LLDP GLOBAL INFORMATIONS----
LLDP enabled port : Ethernet 1/0/1
LLDP interval :30
LLDP txTTL :120
LLDP txShutdownWhile :2
LLDP NotificationInterval :5
LLDP txDelay :20
----END----

8.17 show lldp interface ethernet

Command:

show lldp interface ethernet

Function:

Display the configuration information of LLDP on the port, such as: the working state of LLDP Agent.

Parameters:

: Interface name.

Default:

Do not display the configuration information of LLDP on the port.

Command Mode:

Admin Mode, Global Mode.

Usage Guide:

Users can check the configuration information of LLDP on the port by using "show lldp interface ethernet XXX".

Example:

Check the configuration information of LLDP on the port after LLDP is enabled on the switch.

Switch(config)#show lldp interface ethernet 1/0/1

Port name: ethernet 1/0/1

LLDP Agent Adminstatus: Both

LLDP Operation TLV: portDecs sysName sysDesc sysCap

LLDP Trap Status: disable

LLDP maxRemote: 100

LLDP Overflow handle: discard

LLDP interface remote status : Full

8.18 show lldp neighbors interface ethernet

Command:

show lldp neighbors interface ethernet < IFNAME >

Function:

Display the LLDP neighbor information of the port.

Default:

Do not display the LLDP neighbor information of the port.

Command Mode:

Admin Mode, Global Mode.

Usage Guide:

Users can check the LLDP neighbor information of the port by using "show lldp neighbors interface ethernet XXX".

Example:

Check the LLDP neighbor information of the port after LLDP is enabled on the port.

Switch(config)#show lldp neighbors interface ethernet 1/0/1

8.19 show lldp traffic

Command:

show lldp traffic

Function:

Display the statistics of LLDP data packets.

Default:

Do not display the statistics of LLDP data packets.

Command Mode:

Admin Mode, Global Mode.

Usage Guide:

Users can check the statistics of LLDP data packets by using "show lldp traffic".

Example:

Check the statistics of LLDP data packets after LLDP is enabled on the switch.

Switch(config)#show lldp traffic
PortNameAgeoutsFramesDiscardedFramesInErrorsFramesInFramesOut
TLVsDiscardedTLVsUnrecognized----------------
Ethernet1/1000070
0

Chapter 9 Commands for Port Channel

9.1 debug port-channel

Command:

debug port-channel {all | event | fsm | packet | timer}

no debug port-channel []

Function:

Open the debug switch of port-channel.

Parameters:

is the group number of port channel, ranging from 1 to 128

all: all debug information

event: debug event information

fsm: debug the state machine

packet: debug LACP packet information

timer: debug the timer information

Command mode:

Admin mode.

Default:

Disable the debugging of port-channel.

Usage Guide:

Open the debug switch to check the debug information of port-channel.

Example:

(1) debug the state machine for port-group 1.

Switch#debug port-channel 1 fsm

(2) debug LACP packet information for port-group 2.

Switch#debug port-channel 2 packet

(3) debug all for port-group 1.

Switch#debug port-channel 1 all

9.2 interface port-channel

Command:

interface port-channel

Function:

Enters the port channel configuration mode

Command mode:

Global Mode

Usage Guide:

On entering aggregated port mode, configuration to GVRP or spanning tree modules will apply to aggregated ports; if the aggregated port does not exist (i.e., ports have not been aggregated), an error message will be displayed and configuration will be saved and will be restored until the ports are aggregated. Note such restoration will be performed only once, if an aggregated group is ungrouped and aggregated again, the initial user configuration will not be restored. If it is configuration for modules, such as shutdown configuration, then the configuration to current port will apply to all member ports in the corresponding port group.

Example:

Entering configuration mode for port-channel 1.

Switch(config)#interface port-channel 1

Switch(Config-If-Port-Channel1)#

9.3 lacp port-priority

Command:

lacp port-priority

no lacp port-priority

Function:

Set the port priority of LACP protocol.

Parameters:

: the port priority of LACP protocol, the range from 0 to 65535.

Command mode:

Port Mode.

Default:

The default priority is 32768 by system.

Usage Guide:

Use this command to modify the port priority of LACP protocol, the no command restores the default value.

Example:

Set the port priority of LACP protocol.

Switch(Config-If-Ethernet1/0/1)# lacp port-priority 30000

9.4 lacp system-priority

Command:

lacp system-priority no lacp system-priority

Function:

Set the system priority of LACP protocol.

Parameters:

: The system priority of LACP protocol, ranging from 0 to 65535.

Command mode:

Global Mode

Default:

The default priority is 32768.

Usage Guide:

Use this command to modify the system priority of LACP protocol, the no command restores the default value.

Example:

Set the system priority of LACP protocol.

Switch(config)# lacp system-priority 30000

9.5 lacp timeout

Command:

Iacp timeout {short | long}

no lacp timeout

Function:

Set the timeout mode of LACP protocol.

Parameters:

The timeout mode includes long and short.

Command mode:

Port Mode

Default:

Long.

Usage Guide:

Set the timeout mode of LACP protocol.

Example:

Set the timeout mode as short in LACP protocol.

Switch(Config-If-Ethernet1/0/1)#lacp timeout short

9.6 load-balance

Command:

load-balance {dst-src-mac | dst-src-ip | dst-src-mac-ip}

Function:

Set load-balance mode for switch, it takes effect for port-group and ECMP at the same time.

Parameter:

dst-src-mac performs load-balance according to the source and destination MAC

dst-src-ip performs load-balance according to the destination and source IP

dst-src-mac-ip performs load-balance according to the destination and source MAC, the destination and source IP

Command mode:

Global mode.

Default:

Perform load-balance according to the source and destination MAC.

Usage Guide:

Use port-channel or ECMP to implement load-balance, user can configure the load-balance mode according to the requirements. If the specific load-balance mode of the command line is different with the current load-balance mode, then modify the load-balance as the specific load-balance of command line; otherwise return a message to notice that the current mode is already configured.

Example:

Set load-balance mode.

Switch(config)# load-balance src-mac-ip

9.7 port-group

Command:

port-group

no port-group

Function:

Creates a port group. The no command deletes that group.

Parameters:

is the group number of a port channel from 1 to 128.

Default:

There is no port-group.

Command mode:

Global Mode

Example:

Creating a port group.

Switch(config)# port-group 1

Delete a port group.

Switch(config)#no port-group 1

9.8 port-group mode

Command:

port-group mode {active|passive|on}

no port-group

Function:

Add a physical port to port channel, the no operation removes specified port from the port channel.

Parameters:

is the group number of port channel, from 1 to 128;

active enables LACP on the port and sets it in Active mode;

passive enables LACP on the port and sets it in Passive mode; on forces the port to join a port channel without enabling LACP.

Command mode:

Port Mode.

Default:

Switch ports do not belong to a port channel by default; LACP not enabled by default.

Usage Guide:

If the specified port group does not exist, then print a error message. All ports in a port group must be added in the same mode, i.e., all ports use the mode used by the first port added. Adding a port in "on" mode is a "forced" action, which means the local end switch port aggregation does not rely on the information of the other end, port aggregation will succeed as long as all ports have consistent VLAN information. Adding a port in "active" or "passive" mode enables LACP. Ports of at least one end must be added in "active" mode, if ports of both ends are added in "passive" mode, the ports will never aggregate.

Example:

Under the Port Mode of Ethernet1/0/1, add current port to "port-group 1" in "active" mode.

Switch(Config-If-Ethernet1/0/1)#port-group 1 mode active

9.9 show port-group

Command:

show port-group [] {brief | detail |}

Function:

Display the specified group number or the configuration information of all port-channel which have been configured.

Parameters:

is the group number of port channel to be displayed, from 1 to 128;

brief displays summary information;

detail displays detailed information.

Command mode:

All Configuration Mode.

Usage Guide:

If the user does not input port-group-number, that means the information of all the existent port-group are showed; if the port channel corresponds to port-group-number parameter and is not exist, then print a error message, otherwise display the current port-channel information of the specified group number.

Example:

  1. Display the summary information of port-group 1.

Switch# show port-group brief

ID: port group number; Mode: port group mode such as on active or passive;

Ports: different types of port number of a port group,

the first is selected ports number, the second is standby ports number, and the third is unselected ports number.

ID Mode Partner ID Ports Load-balance

1 active 0x8000,00-12-cf-4d-e1-a1 8,1,1 dst-src-mac

10 passive 0x8000,00-12-cf-4d-e1-b2 8,2,0 dst-src-ip

20 on 8,0,0 src-ip

  1. Display the detailed information of port-group 1.

Switch#show port-group 1 detail

Flags: A -- LACP_Activity, B -- LACP_timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired

Port-group number: 1, Mode: active, Load-balance: dst-src-mac

Port-group detail information:

System ID: 0x8000,A8-F7-E0-0c-16-6d

Local:

Port Status Priority Oper-Key Flag

Ethernet1/0/1Selected327681{ACDEF}
Ethernet1/0/2Selected327681{ACDEF}
Ethernet1/0/3Selected327681{ACDEF}
Ethernet1/0/4Selected327681{ACDEF}
Ethernet1/0/5Selected327681{ACDEF}
Ethernet1/0/6Selected327681{ACDEF}
Ethernet1/0/7Selected327681{ACDEF}
Ethernet1/0/8Selected327681{ACDEF}
Ethernet1/0/20Unselected327681{ACG}
Ethernet1/0/23Standby327681{AC}

Remote:

Actor Partner Priority Oper-Key SystemID Flag

Ethernet1/0/113276810x8000,A8-F7-E0-01-02-04{CDEF}
Ethernet1/0/223276810x8000,A8-F7-E0-01-02-04{CDEF}
Ethernet1/0/333276810x8000,A8-F7-E0-01-02-04{CDEF}
Ethernet1/0/443276810x8000, ,A8-F7-E0-01-02-04{CDEF}
Ethernet1/0/553276810x8000, ,A8-F7-E0-01-02-04{CDEF}
Ethernet1/0/663276810x8000, ,A8-F7-E0-01-02-04{CDEF}
Ethernet1/0/773276810x8000, ,A8-F7-E0-01-02-04{CDEF}
Ethernet1/0/883276810x8000, ,A8-F7-E0-01-02-04{CDEF}
Ethernet1/0/23233276810x8000, ,A8-F7-E0-01-02-04{C}

Switch#

Chapter 10 Commands for Jumbo

10.1 jumbo enable

Command:

jumbo enable []

no jumbo enable

Function:

Enable the Jumbo receiving function. The no command restores to the normal frame range of 64--1518。

Parameter:

mtu-value: the MTU value of jumbo frame that can be received, in byte, ranging from <1500-9000>.

The corresponding frame size is <1518/1522-9018/9022>. Without setting is parameter, the allowed max frame size is 9018/9022.

Default:

Jumbo function not enabled by default.

Command Mode:

Global Mode

Usage Guide:

Set switch of both ends jumbo necessarily, or jumbo frame will be dropped at the switch has not be set.

Example:

Enable the jumbo function of the switch.

Switch(config)#jumbo enable

Chapter 11 Commands for EFM OAM

11.1 clear ethernet-oam

Command:

clear ethernet-oam [interface {ethernet |} ]

Function:

Clear the statistic information of packets and link event on specific or all ports for OAM.

Parameter:

, the name of the port needs to clear OAM statistic information

Command Mode:

Admin mode

Example:

Clear the statistic information of OAM packets and link event on all ports.

Switch(config)#clear ethernet-oam

11.2 debug ethernet-oam error

Command:

debug ethernet-oam error [interface {ethernet |} ]

no debug ethernet-oam error [interface {ethernet |} ]

Function:

Enable the debugging of OAM error information, no command disables it.

Parameter:

: name of the port that the debugging will be enabled or disabled.

Default:

Disable.

Command Mode:

Admin mode

Example:

Enable the debugging of OAM error information for ethernet1/0/1.

Switch#debug ethernet-oam error interface ethernet1/0/1

11.3 debug ethernet-oam fsm

Command:

debug ethernet-oam fsm {all | Discovery | Transmit} [interface {ethernet |} ]

no debug ethernet-oam fsm {all | Discovery | Transmit} [interface {ethernet |} ]

Function:

Enable the debugging of OAM state machine, no command disables it.

Parameter:

: name of the port that the debugging will be enabled or disabled

Command Mode:

Admin mode

Example:

Enable the debugging of Discovery state machine for ethernet1/0/1.

Switch#debug ethernet-oam fsm Discovery interface ethernet1/0/1.

11.4 debug ethernet-oam packet

Command:

debug ethernet-oam packet [detail] {all | send | receive} [interface {ethernet |} ]

no debug ethernet-oam packet [detail] {all | send | receive} interface {ethernet |}

Function:

Enable the debugging of packets received or sent by OAM, no command disables the debugging.

Parameter:

: name of the port that the debugging will be enabled or disabled

Default:

Disable.

Command Mode:

Admin mode

Example:

Enable the debugging of packets received or sent for ethernet1/0/1.

Switch#debug ethernet-oam packet detail all interface1/0/1

11.5 debug ethernet-oam timer

Command: 

debug ethernet-oam timer {all | pdu_timer | local_lost_link_timer} [interface {ethernet |}<IFNAME>]
no debug ethernet-oam timer {all | pdu_timer | local_lost_link_timer} [interface {ethernet |}<IFNAME>]

Function:

Enable the debugging of refreshing information for specific or all timers, no this command disables the debugging.

Parameter: 

<IFNAME>: name of the port that the debugging will be enabled or disabled

Default: 

Disable.

Command Mode:

Admin mode

Example:

Enable the debugging of refreshing information for all timers of ethernet1/0/1. 

Switch#debug ethernet-oam timer all interface ethernet1/0/1

11.6 ethernet-oam

Command: 

ethernet-oam
no ethernet-oam

Function:

Enable ethernet-oam of ports, no command disables ethernet-oam of ports.

Default: 

Disable.

Command Mode:

Port mode

Example:

Enable ethernet-oam of Ethernet 1/0/4. 

Switch(config)#interface ethernet 1/0/4
Switch(Config-lf-Ethernet1/0/4)#ethernet-oam

11.7 ethernet-oam errored-frame threshold high

Command:

ethernet-oam errored-frame threshold high { | none}

no ethernet-oam errored-frame threshold high

Function:

Configure the high threshold of errored frame event, no command restores the default value.

Parameter:

, the high detection threshold of errored frame event, ranging from 2 to 4294967295.

none, cancel the high threshold configuration.

Default:

none

Command Mode:

Port mode

Usage Guide:

During the specific detection period, serious link event is induced if the number of errored frame is larger than or equal to the high threshold and the device notifies the peer by sending Information OAMPDU of which the value of Link Fault flag in Flags field is 1. Note that the high threshold can not be less than the low threshold.

Example:

Configure the high threshold of errored frame event on Ethernet 1/0/4 to 3000.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam errored-frame threshold high 3000

11.8 ethernet-oam errored-frame threshold low

Command:

ethernet-oam errored-frame threshold low

no ethernet-oam errored-frame threshold low

Function:

Configure the low threshold of errored frame event, no command restores the default value.

Parameter:

, the low detection threshold of errored frame event, ranging from 1 to 4294967295.

Default:

1.

Command Mode:

Port mode

Usage Guide:

During the specific detection period, errored frame event is induced if the number of errored frame is larger than or equal to the low threshold and the device notifies the peer by sending event notification OAMPDU. Note that the low threshold can not be larger than the high threshold.

Example:

Configure the low threshold of errored frame event on Ethernet 1/0/4 to 100.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam errored-frame threshold low 100

11.9 ethernet-oam errored-frame window

Command:

ethernet-oam errored-frame window

no ethernet-oam errored-frame window

Function:

Configure the detection period of errored frame event, no command restores the default value.

Parameter:

, the detection period value of errored frame event, ranging from 1 to 60 seconds.

Default:

1.

Command Mode:

Port mode

Usage Guide:

Detect the errored frame number of the port after the time of specific detection period. If the number of errored frame is larger than or equal to the threshold, bring the corresponding event and notify the peer through OAMPDU.

Example:

Configure the detection period of errored frame event on port1/0/4 to 20s.

Switch(Config-If-Ethernet1/0/4)#ethernet-oam errored-frame window 20

11.10 ethernet-oam errored-frame-period threshold high

Command:

ethernet-oam errored-frame-period threshold high { | none}

no ethernet-oam errored-frame-period threshold high

Function:

Configure the high threshold of errored frame period event, no command restores the default value.

Parameter:

, the high detection threshold of errored frame period event, ranging from 2 to 4294967295.

none, cancel the high threshold configuration.

Default:

none

Command Mode:

Port mode

Usage Guide:

During the specific detection period, serious link event is induced if the number of errored frame is larger than or equal to the high threshold and the device notifies the peer by sending Information OAMPDU of which the value of Link Fault flag in Flags field is 1. Note that the high threshold cannot be less than the low threshold.

Example:

Configure the high threshold of errored frame period event on port 1/0/4 to 3000.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam errored-frame-period threshold high 3000

11.11 ethernet-oam errored-frame-period threshold low

Command:

thernet-oam errored-frame-period threshold low no ethernet-oam errored-frame-period threshold low

Function:

Configure the low threshold of errored frame period event, no command restores the default value.

Parameter:

, the low detection threshold of errored frame period event, ranging from 1 to 4294967295 frames.

Default:

1

Command Mode:

Port mode

Usage Guide:

During the specific detection period, errored frame period event is induced if the number of errored frame is larger than or equal to the low threshold and the device notifies the peer by event notification OAMPDU. Note that the low threshold should not be larger than the high threshold.

Example:

Configure the low threshold of errored frame period event on port 1/0/4 to 100.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam errored-frame-period threshold low 100

11.12 ethernet-oam errored-frame-period window

Command:

ethernet-oam errored-frame-period window

no ethernet-oam errored-frame-period window

Function:

Configure the detection period of errored frame period event, no command restores the default value.

Parameter:

, the detection period value of errored frame period event, ranging from 1 to 60s.

Default:

1

Command Mode:

Port mode

Usage Guide:

Detect errored frame of the port after the time of specific detection period. If the number of errored frame is larger than or equal to the threshold, corresponding event is induced and the device notifies the peer through OAMPDU. When sending the packets, the maximum number of frames is filled as the value of window in errored frame period event. The conversion rule is maximum number of frames= interface bandwidth×detection period of errored frame period event(s)÷(64×8), of which the detection period is the number of seconds in window of the configuration.

Example:

Configure the detection period of errored frame period event on port 1/0/4 to 10s.

Switch(Config-If-Ethernet1/0/4)#ethernet-oam errored-frame-period window 10

11.13 ethernet-oam errored-frame-seconds threshold high

Command:

ethernet-oam errored-frame-seconds threshold high { | none} no ethernet-oam errored-frame-seconds threshold high

Function:

Configure the high threshold of errored frame seconds event, no command restores the default value.

Parameter:

, the high detection threshold of errored frame seconds event, ranging from 2 to 65535 seconds. none, cancel the high threshold configuration

Default:

none

Command Mode:

Port mode

Usage Guide:

During the specific detection period, serious link event is induced if the number of errored frame seconds is larger than or equal to the high threshold and the device notifies the peer by sending Information OAMPDU of which the value of Link Fault flag in Flags field is 1. Note that the high threshold should not be less than the low threshold. The definition of errored frame seconds is the second in which errored frame is received.

Example:

Configure the high threshold of errored frame seconds event on port 1/0/4 to 3000.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam errored-frame-seconds threshold high 3000

11.14 ethernet-oam errored-frame-seconds threshold low

Command:

ethernet-oam errored-frame-seconds threshold low no ethernet-oam errored-frame-seconds threshold low

Function:

Configure the low threshold of errored frame seconds event, no command restores the default value.

Parameter:

, the low detection threshold of errored frame seconds event, ranging from 1 to 65535 seconds.

Default:

1.

Command Mode:

Port mode

Usage Guide:

During the specific detection period, errored frame seconds event is induced if the number of errored frame seconds is larger than or equal to the low threshold and the device notifies the peer by sending event notification OAMPDU. Note that the low threshold should not be larger than the high threshold. The definition of errored frame seconds is the second in which errored frame is received.

Example:

Configure the low threshold of errored frame seconds event on port 1/0/4 to 100.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam errored-frame-seconds threshold low 100

11.15 ethernet-oam errored-frame-seconds window

Command:

ethernet-oam errored-frame-seconds window

no ethernet-oam errored-frame-seconds window

Function:

Configure the detection period of errored frame seconds event, no command restores the default value.

Parameter:

, the detection period value of errored frame seconds event, ranging from 10 to 900 seconds.

Default:

60.

Command Mode:

Port mode

Usage Guide:

Detect errored frame seconds of the port after the time of specific detection period. If the number of errored frame seconds is larger than or equal to the threshold, corresponding event is induced and the device notified the peer through OAMPDU.

Example:

Configure the detection period of errored frame seconds event on port 1/0/4 to 120s.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam errored-frame-seconds window 120

11.16 ethernet-oam errored-symbol-period threshold high

Command:

ethernet-oam errored-symbol-period threshold high { | none} no ethernet-oam errored-symbol-period threshold high

Function:

Configure the high threshold of errored symbol event, no command restores the default value.

Parameter:

, the high detection threshold of errored symbol event, ranging from 2 to 18446744073709551615 symbols. none, cancel the high threshold configuration.

Default:

None.

Command Mode:

Port mode

Usage Guide:

During the specific detection period, serious link event is induced if the number of errored symbols is larger than or equal to the high threshold and the device notifies the peer by sending Information OAMPDU of which the value of Link Fault flag in Flags field is 1. Note that the high threshold should not be less than the low threshold.

Example:

Set the high threshold of errored symbol event on port 1/0/4 to none.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam errored-symbol-period threshold high none

11.17 ethernet-oam errored-symbol-period threshold low

Command:

ethernet-oam errored-symbol-period threshold low no ethernet-oam errored-symbol-period threshold low

Function:

Configure the low threshold of errored symbol event, no command restores the default value.

Parameter:

, the low threshold of errored symbol event, ranging from 1 to 18446744073709551615 symbols. none, cancel the high threshold configuration.

Default:

1.

Command Mode:

Port mode

Usage Guide:

During the specific detection period, errored symbol event is induced if the number of errored symbols is larger than or equal to the low threshold and the device notifies the peer by sending event notification OAMPDU. Note that the low threshold should not be larger than the high threshold.

Example:

Set the low threshold of errored symbol event on port 1/0/4 to 5.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam errored-symbol-period threshold low 5

11.18 ethernet-oam errored-symbol-period window

Command:

ethernet-oam errored-symbol-period window

no ethernet-oam errored-symbol-period window

Function:

Configure the detection period of errored symbol event, no command restores the default value.

Parameter:

, the detection period value of errored symbol event, ranging from 1 to 60s.

Default:

1.

Command Mode:

Port mode

Usage Guide:

Detect errored symbols of the port after the time of specific detection period. If the number of errored symbols is larger than or equal to the threshold, corresponding event is induced and the device notified the peer through OAMPDU.

Example:

Set the detection period of errored symbol event on port 1/0/4 to be 2s.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam errored-symbol-period window 2

Command:

ethernet-oam link-monitor

no ethernet-oam link-monitor

Function:

Enable link monitor, no command disables the function.

Default:

Enable

Command Mode:

Port mode

Usage Guide:

Enable OAM to monitor local link errors. Generally link monitor is enabled when enabling OAM function of the port. When OAM link monitor is disabled, although local link error is not monitored, Event information OAMPDU from the peer is still normally received and processed.

Example:

Enable the link monitor of port 1/0/4.

Switch(Config-If-Ethernet1/0/4)#ethernet-oam link-monitor

11.20 ethernet-oam mode

Command:

ethernet-oam mode {active | passive}

no ethernet-oam mode

Function:

Configure the mode of OAM function, no command restores the default value.

Parameter:

active, active mode

passive, passive mode

Default:

active mode.

Command Mode:

Port mode

Usage Guide:

At least one of the two connected OAM entities should be configured to active mode. Once OAM is enabled, the working mode of OAM cannot be changed and you need to disable OAM function if you have to change the working mode.

Example:

Set the mode of OAM function on ethernet 1/0/4 to passive mode.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam mode passive

11.21 ethernet-oam period

Command:

ethernet-oam period

no ethernet-oam mode

Function:

Configure the transmission period of Information OAMPDU, no command restores the default value.

Parameter:

, sending period, ranging from 1 to 2 seconds.

Default:

1s.

Command Mode:

Port mode

Usage Guide:

Use this command to configure the transmission interval of Information OAMPDU which keep OAM connection normally.

Example:

Set the transmission interval of Information OAMPDU for ethernet 1/0/4 to be 2s.

Switch(Config-If-Ethernet1/0/4)# ethernet-oam period 2

11.22 ethernet-oam remote-failure

Command:

ethernet-oam remote-failure

no ethernet-oam remote-failure

Function:

Enable remote failure indication of OAM, no command disables the function.

Default:

Enable.

Command Mode:

Port mode

Usage Guide:

With remote failure indication is enabled, if critical-event or link fault event is occurred locally, it will notify the peer by sending Information OAMPDU, log the fault information and send SNMP trap warning. When the remote failure indication is disabled, although local critical-event or link fault event is not monitored, failure indication information from the peer is still normally received and processed.

Example:

Enable remote failure indication of ethernet 1/0/4.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam remote-failure

11.23 ethernet-oam remote-loopback

Command:

ethernet-oam remote-loopback

no ethernet-oam remote-loopback

Function:

Local OAM entity sends remote loopback request to enable the remote end to enter OAM loopback mode, no command disables remote loopback.

Default:

Disable.

Command Mode:

Port mode

Usage Guide:

Only OAM entities working in active mode can launch remote loopback request but the ones in passive mode cannot. When remote OAM entities work in loopback mode, all packets except OAMPDU return to the local port according to the original paths (note that normal communication cannot be performed in OAM loopback mode.) and network administrators can detect link delay, jitter and throughput through remote loopback. Remote loopback can only be achieved after OAM connection is established and the loopback will be automatically cancelled if OAM connection is disconnected during the loopback process. This command is mutually exclusive with ethernet-oam remote-loopback supported command.

Example:

Enable remote OAM entity of ethernet 1/0/4 to enter remote loopback mode.

Switch (Config-If-Ethernet1/0/4)# ethernet-oam remote-loopback

Normal forwarding will be suspended during the remote-loopback, are you sure to start remote-loopback? [Y/N]

11.24 ethernet-oam remote-loopback supported

Command:

ethernet-oam remote-loopback supported

no ethernet-oam remote-loopback supported

Function:

Enable OAM loopback support of the port, no command disables it.

Default:

Disable.

Command Mode:

Port mode

Usage Guide:

only ports with remote loopback support enabled can accept OAM loopback request and enter loopback mode. Therefore, make sure the remote end has configured loopback support when enabling it to enter OAM loopback. This command is mutually exclusive with ethernet-oam remote-loopback command.

Example:

Enable OAM loopback support of ethernet 1/0/4.

Switch(Config-If-Ethernet1/0/4)#ethernet-oam remote-loopback supported

Normal forwarding will be suspended during the remote-loopback, are you sure to support remote-loopback? [Y/N]

11.25 ethernet-oam timeout

Command:

ethernet-oam timeout

no ethernet-oam timeout

Function:

Configure the timeout of OAM connection, no command restores the default value.

Parameter:

, the timeout ranging from 5 to 10 seconds.

Default:

5s.

Command Mode:

Port mode

Usage Guide:

OAM connection will be disconnected if no OAMPDU is received after specified timeout.

Example:

Set the timeout of OAM connection for ethernet 1/0/4 to 6 seconds.

Switch (Config-If-Ethernet1/0/4)#ethernet-oam timeout 6

11.26 show ethernet-oam

Command:

show ethernet-oam [{local | remote} interface {ethernet |} ]

Function:

Show Ethernet OAM connection of specified or all ports.

Parameter:

Overview information of all Ethernet OAM connections will be shown if no parameters is input local, show detailed information of local OAM connection remote, show detailed information of remote OAM connection , the port that OAM connection information will be shown

Command Mode:

Admin mode

Example:

Show overview information of Ethernet OAM connection.

Switch#show ethernet-oamRemote-Capability codes: L - Link Monitor, R - Remote LoopbackU - Unidirection, V - Variable Retrieval
Interface Local-Mode Local-Capability Remote-MAC-Addr Remote-Mode Remote-Capability
1/0/1activeL R0030.4f02.2e5dactiveL R
1/0/2activeL R0030.4f19.3a3eavtiveL R
1/0/4activeL R0030.4f26.480cpassiveL R
1/0/5activeL R0030.4f28.020aactiveL R
FieldDescription
Interfaceport with Ethernet OAM enabled
Local-ModeWorking mode of the local port OAM.
Local-CapabilityFunctions are supported by local port OAML - Link Monitor, R - Remote LoopbackU - Unidirection, V - Variable Retrieval
Remote-MAC-AddrMAC address of the peer
Remote-ModeOAM working mode of the peer
Remote-CapabilityFunctions are supported by OAM of the peerL - Link Monitor, R - Remote LoopbackU - Unidirection, V - Variable Retrieval

Show detailed information of local OAM entity for ethernet 1/0/2:

Switch#show ethernet-oam local interface ethernet1/0/2
Ethernet1/0/2 oam local Information :
oam_status=enable
local _mode=active
period=1s
timeout=8s
Loopback Supported=YES
Unidirectional Support=YES
Link Events=YES
Remote Failure=YES
local_pdu=INFO
local_mux_action=FWD
local_par_action=DISCARD
Max_OAMPDU_Size=1518

OAM_local_flags_field :

Link Fault=0 Dying Gasp=0 Critical Events=0

Packet statistic :

PacketsSendReceive
OAMPDU55321
Information55221
Event Notification10
Loopback Control00
FieldDescription
oam_statusStatus of Ethernet OAM: enable, OAM is enabled; disable, OAM is not enabled.
local_modeWorking mode of Ethernet OAM: active, the port is set as active mode; passive, the port is set as passive mode.
PeriodTransmission period of packets
TimeoutTimeout of connection
local_pduThe way in which the local end processes Ethernet OAMPDUs: RX_INFO, the port only receives Information OAMPDUs and does notsend any Ethernet OAMPDUs.LF_INFO, the port only sends Information OAMPDU packets without Information TLV and with their link error flag bits being set.INFO, the port only sends and receives Information OAMPDU packets. ANY, the port sends and receives any OAMPDU packets.
local_mux_actionWorking mode of the local transmitter:FWD, the port can send any packets;DISCARD, the port only sends OAMPDU packets and discards others.
local_par_actionWorking mode of the local receiver in the following:FWD, receiving any packets is allowed;DISCARD, only OAMPDU packets is received while others are discarded;LB, OAM remote loopback is enabled on the port. In this case, all the packets except OAMPDU packets received are returned to their sources along the ways they come.
Loopback SupportedWhether support remote loopback: YES for support and NO for not.
Unidirectional SupportWhether support unidirectional transmission: YES for support and NO for not.
Link EventsWhether support general link events: YES for support and NO for not.
Remote FailureWhether support severe link events (remote failure indication): YES for support and NO for not.
Link FaultWhether occur a Link Fault event: 0 for no and 1 for yes.
Dying GaspWhether occur a Dying Gasp event: 0 for no and 1 for yes.
Critical EventWhether occur a Critical Event: 0 for no and 1 for yes.
Max_OAMPDU_SizeThe maximum length of OAMPDU is supported.
OAMPDUShow the number of the OAMPDU packets sent and received which is the sum of three kinds of packets.
InformationShow the number of the Information OAMPDU packets sent and received
Event NotificationShow the number of the Event Notification OAMPDU packets sent and received
Loopback ControlShow the number of the Loopback Control OAMPDU packets sent and received

Display detailed information of remote OAM entity for Ethernet 1/0/2

Switch#show ethernet-oam remote interface ethernet1/0/2
Ethernet1/0/2 oam remote Information :
Remote_Mac_Address=0003.0f19.3a3e
local_mode=active
----
local_pdu=INFO
local_mux_action=FWD
local_par_action=DISCARD
Loopback Supported=YES
Unidirectional Support=NO
Link Events=YES
Remote Failure=YES
Max_OAMPDU_Size=1518
----
OAM Remote Flags Field :
Link Fault=0Dying Gasp=0Critical Event=0
FieldDescription
Remote_Mac_AddressMAC address of remote OAM entity
local_modeWorking mode of Ethernet OAM:active, the port is set as active mode;passive, the port is set as passive mode.
local_pduThe way in which the local end processes Ethernet OAMPDUs:RX_INFO, the port only receives Information OAMPDUs and does not send any Ethernet OAMPDUs.LF_INFO, the port only sends Information OAMPDU packets without Information TLV and with their link error flag bits being set.INFO, the port only sends and receives Information OAMPDU packets.ANY, the port sends and receives any OAMPDU packets.
local_mux_actionWorking mode of the local transmitter:FWD, the port can send any packets;DISCARD, the port only sends OAMPDU packets and discards others.
local_par_actionWorking mode of the local receiver in the following:FWD, receiving any packets is allowed;DISCARD, only OAMPDU packets is received while others are discarded;LB, OAM remote loopback is enabled on the port. In this case, all the packets except OAMPDU packets received are returned to their sources along the ways they come.
Loopback SupportedWhether support remote loopback: YES for support and NO for not.
Unidirectional SupportWhether support unidirectional transmission: YES for support and NO for not.
Link EventsWhether support general link events: YES for support and NO for not.
Remote FailureWhether support severe link events: YES for support and NO for not.
Max_OAMPDU_SizeThe maximum length of OAMPDU is supported.
Link FaultWhether occur a Link Fault event: 0 for no and 1 for yes.
Dying GaspWhether occur a Dying Gasp event: 0 for no and 1 for yes.
Critical EventWhether occur a Critical Event: 0 for no and 1 for yes.

11.27 show ethernet-oam events

Command:

show ethernet-oam events {local | remote} [interface {ethernet |} ]

Function:

Shows the statistic information of link events on specified or all ports with OAM enabled, including general link events and severe link events.

Parameter:

local, show the detailed information of the local events;

remote, show the detailed information of the remote events;

, the port that the statistic information of OAM link events needs to be shown, the statistic information of OAM link events for all ports will be shown if this parameter is not specified.

Command Mode:

Admin mode

Example:

Show the statistic information of link events on Ethernet 1/0/1.

Switch#show ethernet-oam events local interface 1/0/1

ethernet 1/0/1 link-events :

OAM_local_errored-symbol-period-events:

event time stamp : 3539

errored symbol window : 1s

errored symbol low threshold : 1

errored symbol high threshold : none

errored symbol : 1200120errored running total : 2302512542
event running total : 232
OAM_local_errored-frame-period-events:
event time stamp : 3539errored frame window : 10s
errored frame low threshold : 1errored frame high threshold : none
errored frame : 1200120errored running total : 2302512542
event running total : 52
OAM_local_errored-frame-events:
event time stamp : 3539errored frame window : 1s
errored frame low threshold : 1errored frame high threshold : none
errored frame : 1200120errored running total : 2302512542
event running total : 75
OAM_local_errored-frame-seconds-summary-events:
event time stamp : 3520errored frame window : 60s
errored frame low threshold : 1errored frame high threshold : none
errored frame : 1200120errored running total : 2302512542
event running total : 232
OAM_local_link-fault : 0
OAM_local_dying gasp : 0
OAM_local_critical event : 0
FieldDescription
OAM_local_errored-symbol-period-eventsStatistic information of the local errored symbol events
OAM_local_errored-frame-period-eventsStatistic information of the local errored frame period events
OAM_local_errored-frame-eventsStatistic information of the local errored frame events
OAM_local_errored-frame-seconds-summary-eventsStatistic information of the local errored frame seconds events
event time stampTime stamp of the event
windowDetection period of the event
low thresholdLow threshold of events detection
high thresholdHigh threshold of events detection
errored framethe number of errored frames
errored symbolthe number of errored symbols
errored running totalTotal number of errors occurred since the reset of OAM function
event running totalTotal number of error events occurred since the reset of OAM function
OAM_local_link-faultThe number of the local link-fault faults
OAM_local_dying gaspThe number of the local dying-gasp faults
OAM_local_critical eventThe number of the local critical-event faults

Command:

show ethernet-oam link-events configuration [interface {ethernet | } ]

Function:

Show configuration of link events on specified or all ports with OAM enabled, including detection period and threshold of the events and so on.

Parameter:

, the port that the statistic information of OAM link events needs to be shown, the statistic information of OAM link events for all ports will be shown if this parameter is not specified.

Command Mode:

Admin mode

Example:

Show configuration of link events on ethernet 1/0/1.

Switch#show ethernet-oam link-events configuration interface ethernet 1/0/1

Ethernet 1/0/1 link-monitor configuration :

eventhigh-thresholdlow-thresholdwindow(s)
Err-symbol-Periodnone12
Err-frame-Periodnone110
Err-framenone25
Err-frame-second-summarynone2600
FieldDescription
EventEvent type
Err-symbol-PeriodErrored symbol event
Err-frame-PeriodErrored frame period event
Err-frameErrored frame event
Err-frame-second-summaryErrored frame seconds event
high-thresholdHigh threshold
low-thresholdLow threshold
window(s)Detection period in seconds.

11.29 show ethernet-oam loopback status

Command:

show ethernet-oam loopback status [interface {ethernet |} ]

Function:

Show OAM loopback status of specified or all ports.

Parameter:

, the port that OAM loopback status needs to be shown, OAM loopback status for all ports will be shown if this parameter is not specified.

Command Mode:

Admin mode

Example:

Show OAM loopback status of all ports.

Switch(config)#show ethernet-oam loopback status
OAM Loopback Status :
ethernet 1/0/1 : disable
ethernet 1/0/2 : loopback_enable_waiting
ethernet 1/0/3 : loopback_disable_waiting
ethernet 1/0/4 : loopback_control
ethernet 1/0/5 : loopback_underControl
FieldDescription
DisableOAM loopback support is not enabled
loopback_enable_waitingThe local side is the loopback control end with remote loopback request sent and is waiting for the confirmation packets
loopback_disable_waitingThe local side is the loopback control end with remote loopback cancellation request sent and is waiting for the confirmation packets
loopback_controlThe local side is the loopback control end and is in the loopback process
loopback_undercontrolThe local side is the loopback control end and is in the loopback process
no_loopbackOAM loopback support is enabled but no loopback request is received

Chapter 12 VLAN Configuration

12.1 Commands for VLAN Configuration

12.1.1 debug gvrp event

Command:

debug gvrp event interface (ethernet | port-channel |) IFNAME

no debug gvrp event interface (ethernet | port-channel |) IFNAME

Function:

Enable/disable GVRP event debugging including the transfer of state machine and the expiration of timer.

Parameter:

ethernet, physical port

port-channel, aggregate port

IFNAME, port name

Command mode:

Admin Mode.

Default:

GVRP event debugging is disabled.

Usage Guide:

Use this command to enable GVRP event debugging.

Example:

Show GVRP event debugging.

Switch(config)#debug gvrp event interface ethernet 1/0/1

%Jan 16 02:25:14 2006 GVRP EVENT: LO -> VO , interface ethernet 1/0/1, vlan 100

%Jan 16 02:35:15 2006 GVRP EVENT: join timer expire, interface ethernet 1/0/1

12.1.2 debug gvrp packet

Command:

debug gvrp packet (receive | send) interface (ethernet | port-channel |) IFNAME no debug gvrp packet (receive | send) interface (ethernet | port-channel |) IFNAME

Function:

Enable/disable GVRP packet debugging.

Parameter:

receive, enabling the debugging of receiving GVRP packet send, enabling the debugging of sending GVRP packet ethernet, physical port port-channel, aggregate port IFNAME, port name

Command mode:

Admin Mode.

Default:

GVRP packet debugging is disabled.

Usage Guide:

Use this command to enable the debugging of GVRP packet.

Example:

Show information of sending and receiving GVRP packet.

Attribute IndexLengthEventValue
110joinIn100
210joinEmpty140
310leaveIn150
410leaveEmpty180

12.1.3 dot1q-tunnel enable

Command:

dot1q-tunnel enable

no dot1q-tunnel enable

Function:

Set the access port of the switch to dot1q-tunnel mode; the "no dot1q-tunnel enable" command restores to default.

Command Mode:

Port Mode.

Default:

Dot1q-tunnel function disabled on the port by default.

Usage Guide:

After enabling dot1q-tunnel on the port, data packets without VLAN tag (referred to as tag) will be packed with a tag when entering through the port; those with tag will be packed with an external tag. The TPID in the tag is 8100 and the VLAN ID is the VLAN ID the port belongs to. Data packets with double tags will be forwarded according to MAC address and external tag, till the external tag is removed when transmitted outside from the access port. Since the length of the data packet may be over sized when packed with external tag, it is recommended to use this command associating the Jumbo function. Normally this command is used on access ports, and also on trunk ports however only when associating the VLAN translation function. This command and dot1q-tunnel tpid are mutually exclusive.

Example:

Join port1 into VLAN3, enable dot1q-tunnel function.

Switch(config)#vlan 3

Switch(Config-Vlan3)#switchport interface ethernet 1/0/1

Switch(Config-Vlan3)#exit

Switch(config)#interface ethernet 1/0/1

Switch(Config-lf-Ethernet1/0/1)# dot1q-tunnel enable

Switch(Config-If-Ethernet1/0/1)# exit

Switch(config)#

12.1.4 dot1q-tunnel tpid

Command:

dot1q-tunnel tpid {0x8100|0x9100|0x9200| <1-65535>}

Function:

Configure the type (TPID) of the protocol of switch trunk port.

Command Mode:

Port Mode.

Default:

TPID on the port is defaulted at 0x8100.

Usage Guide:

This function is to facilitate internetworking with equipments of other manufacturers. If the equipment connected with the switch trunk port sends data packet with a TPID of 0x9100, the port TPID will be set to 0x9100, this way switch will receive and process data packets normally. This command and dot1q-tunnel enable are mutually exclusive.

Example:

Set port10 of the switch to trunk port and sends data packet with a TPID of 0x9100.

Switch(config)#interface ethernet 1/0/10

Switch(Config-If-Ethernet1/0/10)#switchport mode trunk

Switch(Config-If-Ethernet1/0/10)#dot1q-tunnel tpid 0x9100

Switch(Config-lf-Ethernet1/0/10)#exit

Switch(config)#

12.1.5 garp timer join

Command:

garp timer join <200-500>

Function:

Set the value of garp join timer, note that the value of join timer must be less than half leave timer.

Parameter:

<200-500>, the value of timer in millisecond

Command mode:

Global mode

Default:

200 ms.

Usage Guide:

Check whether the value satisfy the range. If so, modify the value of garp timer to the specified value, otherwise return a configuration error.

Example:

Set the value of garp join timer as 200ms.

Switch(config)#garp timer join 200

12.1.6 garp timer leave

Command:

garp timer leave <500-1200>

Function:

Set the value of garp leave timer, note that the value of leave timer must be double of join timer and less than leaveAll timer.

Parameter:

<500-1200>, the value of timer in millisecond

Command mode:

Global mode

Default:

600 ms.

Usage Guide:

Check whether the value satisfy the range. If so, modify the value of garp timer to the specified value, otherwise return a configuration error.

Example:

Set the value of garp leave timer as 600ms.

Switch(config)#garp timer leave 600

12.1.7 garp timer leaveall

Command:

garp timer leaveall <5000-60000>

Function:

Set the value of garp leaveAll timer, note that the value of leaveAll timer must be larger than leave timer.

Parameter:

<5000-60000>, the value of timer in millisecond

Command mode:

Global Mode.

Default:

10000 ms.

Usage Guide:

Check whether the value satisfy the range. If so, modify the value of garp leaveAll timer to the specified value, otherwise return a configuration error.

Example:

Set the value of garp leaveAll as 20000ms.

Switch(config)#garp timer leaveall 20000

12.1.8 gvrp (Global)

Command:

gvrp

no gvrp

Function:

Enable/disable GVRP funciton globally.

Command mode:

Global mode

Default:

Disabled.

Usage Guide:

Enable GVRP function globally and only in this way GVRP module can work normally.

Example:

Enable GVRP function globally.

Switch(config)#gvrp

12.1.9 gvrp (Port)

Command:

gvrp

no gvrp

Function:

Enable/disable GVRP function on port. Notice: although GVRP can be enabled on port when GVRP is not enabled globally, it will not take effect until global GVRP is enabled.

Command mode:

Port mode

Default:

Disabled.

Usage Guide:

GVRP function can only be enabled on trunk and hybrid ports, and enabling GVRP will return an error on access port. After GVRP enabled on port, this port will be added to GVRP (i.e. adding corresponding state machine to GVRP of the port).

Example:

Enable GVRP of port.

Switch(config-if-ethernet1/0/1)#gvrp

12.1.10 no garp timer

Command:

no garp timer (join | leave | leaveall)

Function:

Restore garp join | leave | leaveAll timer to the default value.

Parameter:

join, join timer

leave, leave timer

leaveAll, leaveAll timer

Command mode:

Global mode

Default:

200 | 600 | 10000 milliseconds for join | leave | leaveall timer respectively.

Usage Guide:

Check whether the default value satisfy the range. If so, modify the value of garp join | leave | leaveAll timer to the default value, otherwise return a configuration error.

Example:

Restore garp timer to the default value.

Switch(config)#no garp timer leaveall

12.1.11 name

Command:

name

no name

Function:

Specify a name, a descriptive string, for the VLAN; the no operation of the command will delete the name of the VLAN.

Parameters:

is the specified name string.

Command Mode:

VLAN Configuration Mode.

Default:

The default VLAN name is vlanXXX, where xxx is VID.

Usage Guide:

The switch can specify names for different VLANs, making it easier for users to identify and manage VLANs.

Examples:

Specify the name of VLAN100 as TestVlan.

Switch(Config-Vlan100)#name TestVlan

12.1.12 private-vlan

Command:

private-vlan {primary | isolated | community}

no private-vlan

Function:

Configure current VLAN to Private VLAN. The no command cancels the Private VLAN configuration.

Parameter:

primary set current VLAN to Primary VLAN,

isolated set current VLAN to Isolated VLAN,

community set current VLAN to Community VLAN.

Command Mode:

VLAN mode

Default:

Private VLAN is not configured by default.

Usage Guide:

There are three Private VLANs: Primary VLAN, Isolated VLAN and Community VLAN. Ports in Primary there are three Private VLANs: Primary VLAN, Isolated VLAN and Community VLAN can communicate with ports of Isolated VLAN and Community VLAN related to this Primary VLAN; Ports in Isolated VLAN are isolated between each other and only communicate with ports in Primary VLAN they related to; ports in Community VLAN can communicate both with each other and with Primary VLAN ports they related to; there is no communication between ports in Community VLAN and port in Isolated VLAN.

Only VLANs containing empty Ethernet ports can be set to Private VLAN, and only the Private VLANs configured with associated private relationships can set the Access Ethernet ports their member ports. Normal VLAN will clear its Ethernet ports when set to Private VLAN.

It is to be noted Private VLAN messages will not be transmitted by GVRP.

Example:

Set VLAN100, 200, 300 to private vlans, with respectively primary, Isolated, Community types.

Switch(config)#vlan 100

Switch(Config-Vlan100)#private-vlan primary

Note: This will remove all the ports from vlan 100

Switch(Config-Vlan100)#exit

Switch(config)#vlan 200

Switch(Config-Vlan200)#private-vlan isolated

Note: This will remove all the ports from vlan 200

Switch(Config-Vlan200)#exit

Switch(config)#vlan 300

Switch(Config-Vlan300)#private-vlan community

Note: This will remove all the ports from vlan 300

Switch(Config-Vlan300)#exit

12.1.13 private-vlan association

Command:

private-vlan association

no private-vlan association

Function:

Set Private VLAN association; the no command cancels Private VLAN association.

Parameter:

Sets Secondary VLAN list which is associated to Primary VLAN. There are two types of Secondary VLAN: Isolated VLAN and Community VLAN. Users can set multiple Secondary VLANs by “;”.

Command mode:

VLAN Mode.

Default:

There is no Private VLAN association by default.

Usage Guide:

This command can only used for Private VLAN. The ports in Secondary VLANs which are associated to Primary VLAN can communicate to the ports in Primary VLAN. Before setting Private VLAN association, three types of Private VLANs should have no member ports; the Private VLAN with Private VLAN association can't be deleted. When users delete Private VLAN association, all the member ports in the Private VLANs whose association is deleted are removed from the Private VLANs.

Example:

Associate Isolated VLAN200 and Community VLAN300 to Primary VLAN100.

Switch(Config-Vlan100)#private-vlan association 200;300

12.1.14 show dot1q-tunnel

Command:

show dot1q-tunnel

Function:

Display the information of all the ports at dot1q-tunnel state.

Command Mode:

Admin Mode and other configuration Mode.

Usage Guide:

This command is used for displaying the information of the ports at dot1q-tunnel state.

Example:

Display current dot1q-tunnel state.

Switch#show dot1q-tunnel
Interface Ethernet1/0/1:
dot1q-tunnel is enable
Interface Ethernet1/0/3:
dot1q-tunnel is enable

12.1.15 show garp timer

Command:

show garp timer (join | leave | leaveall |)

Function:

Show the value of each timer. Note that the value is not the remaining time to run the timer but the initial value when enabling the timer.

Parameter:

join, join timer
leave, leave timer
leaveAll, leaveAll timer

Command mode:

Admin Mode.

Default:

200|600|10000 milliseconds for join | leave | leaveAll timer respectively.

Usage Guide:

Show the corresponding value of the timer specified in the command.

Example:

Show the value of all carp timers currently.

Switch#show garp timer join
Garp join timer's value is 200(ms)

12.1.16 show gvrp fsm information

Command:

show gvrp fsm information interface (ethernet | port-channel) IFNAME

Function:

Show the current state of all registered machines and request state machines on specified or all ports.

Parameter:

ethernet, physical port

port-channel, aggregate port

IFNAME, port name

Command mode:

Admin Mode.

Default:

MT for registered machine and VO for request state machine.

Usage Guide:

Show the corresponding state of all registered machines and request state machines.

Example:

Show the state of all state machines.

Switch#show gvrp fsm information interface ethernet 1/0/1

VA : Very anxious Active member, AA : Anxious Active member, QA : Quiet Active member

VP : Very anxious Passive member ,AP : Anxious Passive member ,QP : Quiet Passive member

VO : Very anxious Observer, AO : Anxious Observer, QO : Quiet Observer

LA : Leaving Active member, LO : leaving Observer

Interface ethernet 1/0/1 gvrp fsm information:

Index VLANID Applicant Registrar

......

1 100 VO LV

2 300 VP IN

12.1.17 show gvrp leaveAll fsm information

Command:

show gvrp leaveall fsm information interface (ethernet | port-channel) IFNAME

Function:

Show the state of leaveAll state machine on specified or all ports.

Parameter:

ethernet, physical port

port-channel, aggregate port

IFNAME, port name

Command mode:

Admin Mode.

Default:

Passive.

Usage Guide:

Check the state of leaveAll state machine.

Example:

Show the state of leaveAll state machine on port.

Switch#show gvrp leaveall fsm information interface ethernet 1/0/1

Interface leaveAll fsm

Ethernet1/0/1 passive

12.1.18 show gvrp leavetimer running

Command:

show gvrp leavetimer running information (vlan <1-4094>|) interface (Ethernet | port-channel

|) IFNAME

Function:

Show running of all leavetimer on current port.

Parameter:

<1-4094>, VLAN tag

ethernet, physical port

port-channel, aggregate port

IFNAME, port name

Command mode:

Admin Mode.

Default:

leavetimer is disabled.

Usage Guide:

Show running state and expiration time of each leave timer.

Example:

Show running state and expiration time of each leave timer on current port.

Switch#show gvrp leavetimer running information interface ethernet 1/0/1
VLANIDrunning stateexpired time
------------
100UP0.2 s
300DOWNnon

12.1.19 show gvrp port-member

Command:

show gvrp (active) port-member

Function:

Shows all ports with GVRP enabled. "active" means the port is in active state with GVRP enabled.

Parameter:

active means the port is in active state

Command mode:

Admin Mode.

Default:

GVRP is disabled on port.

Usage Guide:

Show all ports (enable GVRP) saved in GVRP.

Example:

Show all ports with GVRP enabled.

Switch#show gvrp port member

Ports which were enabled gvrp included :

Ethernet1/0/3 (T) Ethernet1/0/4 (T)

Ethernet1/0/5 (T) Ethernet1/0/6 (T)

Ethernet1/0/7 (T) Ethernet1/0/8 (T)

Ethernet1/0/9 (T) Ethernet1/0/10 (T)

12.1.20 show gvrp port registered vlan

Command:

show gvrp port (dynamic | static |) registered vlan interface (Ethernet | port-channel |) IFNAME

Function:

Show the dynamic or static registration VLANs on current port.

Parameter:

dynamic, dynamic registration

static, static registration

Ethernet, physical port

port-channel, aggregate port

IFNAME, port name

Command mode:

Admin Mode.

Default:

No dynamic or static registration VLANs on port.

Usage Guide:

Show the corresponding VLANs of the registered machines by dynamic or static registration.

Example:

Show all dynamic or static registration VLANs on current port.

Switch#show gvrp port registered vlan interface ethernet 1/0/1

Current port dynamic registered vlan included :

Vlan10 vlan20

Vlan40 vlan60

Current port static registered vlan included :

Vlan10 vlan30

Vlan40 vlan200

12.1.21 show gvrp timer running information

Command:

show gvrp timer (join | leaveall) running information interface (ethernet | port-channel |)

IFNAME

Function:

Show running of all join|leaveAll timer on current port.

Parameter:

join, join timer

leaveall, leaveAll timer

ethernet, physical port

port-channel, aggregate port

IFNAME, port name

Command mode:

Admin Mode.

Default:

Join timer is disabled and leaveAll timer is enabled.

Usage Guide:

Check running state of join|leaveAll timer on port.

Example:

Show running state and expiration time of each timer.

Switch(config)#show gvrp timer join running information interface ethernet 1/0/1

Current port's jointimer running state is: UP

Current port's jointimer expired time is: 0.2 s

12.1.22 show gvrp vlan registerd port

Command:

show gvrp vlan <1-4094> registered port

Function:

Show the ports with specified VLAN registered.

Parameter:

<1-4094>: VLAN tag

Command mode:

Admin Mode.

Default:

No ports with specified VLAN registered.

Example:

Show all ports with current VLAN registered.

Switch#show gvrp vlan 100 registered port

Ethernet1/0/3 (T) Ethernet1/0/4 (T)

Ethernet1/0/5 (T) Ethernet1/0/6 (T)

Ethernet1/0/7 (T) Ethernet1/0/8 (T)

Ethernet1/0/9 (T) Ethernet1/0/10 (T)

12.1.23 show vlan

Command:

show vlan [brief | summary] [id ] [name ] [internal usage [id | name ]] [private-vlan [id | name ]]

Function:

Display detailed information for all VLANs or specified VLAN.

Parameter:

brief stands for brief information; summary for VLAN statistics; for VLAN ID of the VLAN to display status information, the valid range is 1 to 4094; is the VLAN name for the VLAN to display status information, valid length is 1 to 11 characters. private-vlan displays the ID, name, relating VLAN and port of the private-vlan relative information.

Command mode:

Admin Mode and configuration Mode.

Usage Guide:

If no or is specified, then information for all VLANs in the switch will be displayed.

Example:

Display the status for the current VLAN; display statistics for the current VLAN.

Switch#show vlan
VLAN NameTypeMediaPorts
1 defaultStaticENETEthernet1/0/1Ethernet1/0/2
Ethernet1/0/3Ethernet1/0/4
Ethernet1/0/9Ethernet1/0/10
Ethernet1/0/11Ethernet1/0/12
2 VLAN0002StaticENETEthernet1/0/5Ethernet1/0/6
Ethernet1/0/7Ethernet1/0/8
Switch#show vlan summaryThe max. vlan entries: 4094
Existing Vlans:Universal Vlan:1 12 13 15 16 22Total Existing Vlans is:6
Displayed informationExplanation
VLANVLAN number
NameVLAN name
TypeVLAN type, statically configured or dynamically learned.
MediaVLAN interface type: Ethernet
PortsAccess port within a VLAN
Switch(config)#show vlan private-vlan
VLAN NameTypeAssoVLANPorts
100VLAN0100Primary101102Ethernet1/0/9Ethernet1/0/10
Ethernet1/0/11Ethernet1/0/12
Ethernet1/0/13
101VLAN0101Community100Ethernet1/0/9Ethernet1/0/10
Ethernet1/0/11Ethernet1/0/12
Ethernet1/0/13
102VLAN0102Isolate100Ethernet1/0/9

12.1.24 show vlan-translation

Command:

show vlan-translation

Function:

Show the related configuration of vlan-translation.

Command Mode:

Admin Mode.

Usage Guide:

Show the related configuration of vlan-translation.

Example:

Show the related configuration of vlan-translation.

Switch#show vlan-translation Interface Ethernet1/0/1: vlan-translation is enable, miss drop is not set vlan-translation 5 to 10 in

12.1.25 switchport access vlan

Command:

switchport access vlan

no switchport access vlan

Function:

Add the current Access port to the specified VLAN. The "no switchport access vlan" command deletes the current port from the specified VLAN, and the port will be partitioned to VLAN1.

Parameter:

is the VID for the VLAN to be added the current port, valid range is 1 to 4094.

Command mode:

Port Mode.

Default:

All ports belong to VLAN1 by default.

Usage Guide:

Only ports in Access mode can join specified VLANs, and an Access port can only join one VLAN at a time.

Example:

Add some Access port to VLAN100.

Switch(config)#interface ethernet 1/0/8

Switch(Config-If-Ethernet1/0/8)#switchport mode access

Switch(Config-If-Ethernet1/0/8)#switchport access vlan 100

Switch(Config-If-Ethernet1/0/8)#exit

12.1.26 switchport forbidden vlan

Command:

switchport forbidden vlan {WORD | all | add WORD | except WORD | remove WORD}

Function:

Configure the forbidden vlan for a port. Note that this command can only be used to configure on trunk or hybrid ports and the port with GVRP not enabled. No command cancels the forbidden vlanlist for a port.

Parameter:

WORD: Set vlan List to allowed vlan, and the late configuration will cover the previous configuration;

all: Set all VLANs to allowed vlan;

add WORD: Add vlanList to the existent allowed vlanList;

except WORD: Set all VLANs to allowed vlan except the configured vlanList;

remove WORD: Delete the specific VLAN of vlanList from the existent allow vlanList;

Command mode:

Port Mode.

Default:

Forbidden vlanList is empty

Usage Guide:

Tag the corresponding position for forbidden vlanList and clear allow vlanList flags in ports. A port leaves these VLANs if it joins them statically, and it sends message to GVRP module to enable corresponding registered machine of the port to enter forbidden mode.

Example:

Port quits the corresponding VLAN and the corresponding registered machine of GVRP to enter forbidden mode.

Switch(config-if-ethernet1/0/1)#switchport forbidden vlan all

12.1.27 switchport hybrid allowed vlan

Command:

switchport hybrid allowed vlan {WORD | all | add WORD | except WORD | remove WORD}

{tag | untag}

no switchport hybrid allowed vlan

Function:

Set hybrid port which allow the VLAN to pass with tag or untag method; the "no switchport hybrid

allowed vlan" command restores the default setting.

Parameter:

WORD: Set vlan List to allowed vlan, and the late configuration will cover the previous configuration;

all: Set all VLANs to allowed vlan;

add WORD: Add vlanList to the existent allowed vlanList;

except WORD: Set all VLANs to allowed vlan except the configured vlanList;

remove WORD: Delete the specific VLAN of vlanList from the existent allow vlanList;

tag: Join the specific VLAN with tag mode;

untag: Join the specific VLAN with untag mode.

Command mode:

Port Mode.

Default:

Deny all VLAN traffic to pass.

Usage Guide:

The user can use this command to set the VLANs whose traffic allowed to pass through the Hybrid port, traffic of VLANs not included are prohibited. The difference between tag and untag mode by setting allowed vlan: set VLAN to untag mode, the frame sent via hybrid port without VLAN tag; set VLAN to tag mode, the frame sent via hybrid port with corresponding VLAN tag. The same VLAN can not be allowed with tag and untag mode by a Hybrid port at the same time. If configure the tag (or untag) allowed VLAN to untag (or tag) allowed VLAN, the last configuration will cover the before.

Example:

Set hybrid port allowed vlan 1, 3, 5-20 with untag mode and allow vlan 100; 300; 500-2000 with tag mode.

Switch(config)#interface ethernet 1/0/5

Switch(Config-If-Ethernet1/0/5)#switchport mode hybrid

Switch(Config-If-Ethernet1/0/5)#switchport hybrid allowed vlan 1;3;5-20 untag

Switch(Config-If-Ethernet1/0/5)#switchport hybrid allowed vlan 100; 300; 500-2000 tag

Switch(Config-If-Ethernet1/0/5)#exit

12.1.28 switchport hybrid native vlan

Command:

switchport hybrid native vlan

no switchport hybrid native vlan

Function:

Set the PVID for Hybrid port; the "no switchport hybrid native vlan" command restores the default setting.

Parameter:

is the PVID of Hybrid port.

Command mode:

Port Mode.

Default:

The default PVID of Hybrid port is 1.

Usage Guide:

When an untagged frame enters a Hybrid port, it will be added a tag of the native PVID which is set by this command, and is forwarded to the native VLAN.

Example:

Set the native vlan to 100 for a Hybrid port.

Switch(config)#interface ethernet 1/0/5

Switch(Config-If-Ethernet1/0/5)#switchport mode hybrid

Switch(Config-If-Ethernet1/0/5)#switchport hybrid native vlan 100

Switch(Config-If-Ethernet1/0/5)#exit

12.1.29 switchport interface

Command:

switchport interface [ethernet | portchannel] [interface-name | interface-list]

no switchport interface [ethernet | portchannel] [interface-name | interface-list]

Function:

Specify Ethernet port to VLAN; the no command deletes one or one set of ports from the specified VLAN.

Parameter:

ethernet is the Ethernet port to be added. portchannel means that the port to be added is a link-aggregation port. interface-name port name, such as e1/0/1. If this option is selected, ethernet or portchannel should not be. interface-list is the port list to be added or deleted, “,” and “-” are supported, for example: ethernet1/0/1;3;4-7;8.

Command mode:

VLAN Mode.

Default:

A newly created VLAN contains no port by default.

Usage Guide:

Access ports are normal ports and can join a VLAN, but a port can only join one VLAN for a time.

Example:

Assign Ethernet port 1, 3, 4-7, 8 of VLAN100.

Switch(Config-Vlan100)#switchport interface ethernet 1/0/1;3;4-7;8

12.1.30 switchport mode

Command:

switchport mode {trunk | access | hybrid}

Function:

Set the port in access mode, trunk mode or hybrid mode.

Parameter:

trunk means the port allows traffic of multiple VLAN; access indicates the port belongs to one VLAN only; hybrid means the port allows the traffic of multi-VLANs to pass with tag or untag mode.

Command mode:

Port Mode.

Default:

The port is in Access mode by default.

Usage Guide:

Ports in trunk mode is called Trunk ports. Trunk ports can allow traffic of multiple VLANs to pass through. VLAN in different switches can be interconnected with the Trunk ports. Ports under access mode are called Access ports. An access port can be assigned to one and only one VLAN at a time. Hybrid ports can allow traffic of multiple VLANs to pass through, receive and send the packets of multiple VLANs, used to connect switch, or user's computer. When Hybrid ports and Trunk ports receive the data, the deal way is same, but the deal way is different in sending the data. Because Hybrid ports can allow the packets of multiple VLANs to send with no tag, however, Trunk ports can only allow the packets of the default VLAN to send with no tag. The attribute of ports can not directly convert between Hybrid and Trunk, it must configure to be access at first, then configure to be Hybrid or Trunk. When the Trunk or Hybrid attribute is cancelled, the port attribute restores the default (access) attribute and belongs to vlan1.

Example:

Set port 5 to trunk mode and port 8 to access mode, port 10 to hybrid mode.

Switch(config)#interface ethernet 1/0/5
Switch(Config-If-Ethernet1/0/5)#switchport mode trunk
Switch(Config-If-Ethernet1/0/5)#exit
Switch(config)#interface ethernet 1/0/8
Switch(Config-If-Ethernet1/0/8)#switchport mode access
Switch(Config-If-Ethernet1/0/8)#exit
Switch(config)#interface ethernet 1/0/10
Switch(Config-If-Ethernet1/0/10)#switchport mode hybrid
Switch(Config-If-Ethernet1/0/10)#exit

12.1.31 switchport mode trunk allow-null

Command:

switchport mode trunk allow-null

Function:

Add a port as trunk mode. When enabling GVRP, the mode that adds the ports with trunk mode to all VLANs is not appropriate. Therefore, add a port as trunk port and does not join any VLANs by default for enabling GVRP on trunk port is appropriate. It is recommended to configure a port as trunk with this command before enabling GVRP. This command can also be used when a port has been configured as trunk already, which equals to clearing allow-list and quits all VLANs.

Command mode:

Port Mode.

Default:

access mode.

Usage Guide:

Configure the port as trunk, enable it to leave all VLANs and clear allow-list.

Example:

Switch(config-if-ethernet1/0/1)#switchport mode trunk allow-null

12.1.32 switchport trunk allowed vlan

Command:

switchport trunk allowed vlan {WORD | all | add WORD | except WORD | remove WORD} no switchport trunk allowed vlan

Function:

Set trunk port to allow VLAN traffic; the "no switchport trunk allowed vlan" command restores the default setting.

Parameter:

WORD: specified VIDs; keyword;

all: all VIDs, the range from 1 to 4094;

add: add assigned VIDs behind allow vlan;

except: all VID add to allow vlan except assigned VIDs;

remove: delete assigned allow vlan from allow vlan list.

Command mode:

Port Mode.

Default:

Trunk port allows all VLAN traffic by default.

Usage Guide:

The user can use this command to set the VLAN traffic allowed to passthrough the Trunk port; traffic of VLANs not included are prohibited.

Example:

Set Trunk port to allow traffic of VLAN1, 3, 5-20.

Switch(config)#interface ethernet 1/0/5

Switch(Config-If-Ethernet1/0/5)#switchport mode trunk

Switch(Config-If-Ethernet1/0/5)#switchport trunk allowed vlan 1;3;5-20

Switch(Config-If-Ethernet1/0/5)#exit

12.1.33 switchport trunk native vlan

Command:

switchport trunk native vlan

no switchport trunk native vlan

Function:

Set the PVID for Trunk port; the "no switchport trunk native vlan" command restores the default setting.

Parameter:

is the PVID for Trunk port.

Command mode:

Port Mode.

Default:

The default PVID of Trunk port is 1.

Usage Guide:

PVID concept is defined in 802.1Q. PVID in Trunk port is used to tag untagged frames. When a untagged frame enters a Trunk port, the port will tag the untagged frame with the native PVID set with this commands for VLAN forwarding.

Example:

Set the native VLAN for a Trunk port to 100.

Switch(config)#interface ethernet 1/0/5

Switch(Config-If-Ethernet1/0/5)#switchport mode trunk

Switch(Config-If-Ethernet1/0/5)#switchport trunk native vlan 100

Switch(Config-If-Ethernet1/0/5)#exit

12.1.34 vlan

Command:

vlan WORD

no vlan WORD

Function:

Create VLANs and enter VLAN configuration mode. If using ';' and '-' connect with multi-VLANs, then only create these VLANs. If only existing VLAN, then enter VLAN configuration mode; if the VLAN is not exist, then create VLAN and enter VLAN configuration mode. In VLAN Mode, the user can set VLAN name and assign the switch ports to the VLAN. The no command deletes specified VLANs.

Parameter:

WORD is the VLAN ID to be created/deleted, valid range is 1 to 4094, connect with ';' and '-'

Command mode:

Global Mode.

Default:

Only VLAN1 is set by default.

Usage Guide:

VLAN1 is the default VLAN and cannot be configured or deleted by the user. The maximal VLAN number is 4094. It should be noted that dynamic VLANs learnt by GVRP cannot be deleted by this command.

Example:

Create VLAN100 and enter the configuration mode for VLAN 100.

Switch(config)#vlan 100

Switch(Config-Vlan100)#

12.1.35 vlan internal

Command:

vlan <2-4094> internal

Function:

Specify the internal VLAN ID. After an ID is specified as the internal VLAN ID, it is not allowed to be used by other VLAN. Internal VLAN is only used to LOOPBACK interface and can not add physical port. New internal VLAN ID takes effect after save the configuration and reboot the switch.

Parameter:

: The ID is specified as internal VLAN ID, the range is 2 to 4094.

Command mode:

Global Mode.

Default:

1006.

Usage Guide:

Set 1006 as the default internal VLAN ID, the internal VLAN ID needs to be modified when the network set 1006 as VLAN ID. Internal VLAN ID must select an unused ID or else affect other VLAN. This command takes effect after save the configuration and reboot the switch.

Example:

Set 100 as the internal VLAN ID.

Switch(config)#vlan 100 internal

12.1.36 vlan ingress enable

Command:

vlan ingress enable

no vlan ingress enable

Function:

Enable the VLAN ingress rule for a port; the "no vlan ingress enable" command disables the ingress rule.

Command mode:

Port Mode.

Default:

Enable VLAN ingress filtering function.

Usage Guide:

After VLAN ingress filtering is enabled on the port, when the system receives data it will check source port first, and forwards the data to the destination port if it is the VLAN member port, or else drop the data.

Example:

Disable VLAN ingress rules on the port.

Switch(Config-If-Ethernet1/0/1)# no vlan ingress enable

12.1.37 vlan-translation

Command:

vlan-translation to in

no vlan-translation in

Function:

Add VLAN translation by creating a mapping between original VLAN ID and current VLAN ID; the no form of this command deletes corresponding mapping.

Parameter:

old-vlan-id is the original VLAN ID; new-vlan-id is the translated VLAN ID; in indicates ingress translation.

Command Mode:

Port Mode.

Default:

There is no VLAN translation relation.

Usage Guide:

The command is for configuring the in and out translation relation of the VLAN translation function. The data packets will be matched according to the configured translation relations, and its VLAN ID will be changed to the one in the configured item once matched, while the vlan-translation miss drop command will determine the next forwarding if not match.

Example:

Move the VLAN100 data entered from the port1 to VLAN2 after ingress translation.

Switch#config
Switch(config)#interface ethernet 1/0/1
Switch(Config-If-Ethernet1/0/1)#vlan-translation enable
Switch(Config-If-Ethernet1/0/1)#vlan-translation 100 to 2 in
Switch(Config-If-Ethernet1/0/1)#exit
Switch(config)#

12.1.38 vlan-translation enable

Command:

vlan-translation enable

no vlan-translation enable

Function:

Enable VLAN translation on specified trunk port of the switch; the "no vlan-translation enable" command restores to the default value.

Command Mode:

Port Mode.

Default:

VLAN translation has not been enabled on the port by default.

Usage Guide:

This command and dot1q-tunnel are mutually exclusive.

Example:

Enable VLAN translation function on port1.

Switch#config
Switch(config)#interface ethernet 1/0/1
Switch(Config-If-Ethernet1/0/1)#vlan-translation enable

12.1.39 vlan-translation miss drop

Command:

vlan-translation miss drop in

no vlan-translation miss drop in

Function:

Set packet dropping when checking vlan-translation is failing; the no command restores to the default value.

Parameter:

In refers to ingress..

Command Mode:

Port Mode.

Default:

Do not drop the packets when checking vlan-translation is failing.

Usage Guide:

When performing the mapping translation between the original and the current VID, if no corresponding translation is configured, the packet will not be dropped by default, but checking failure will drop the tag message after use this command, this command is of no effect for untag message.

Example:

Set ingress packet dropped on port1 when translation failure.

Switch(Config-If-Ethernet1/0/1)#vlan-translation miss drop in

12.2 Commands for Dynamic VLAN Configuration

12.2.1 dynamic-vlan mac-vlan prefer

Command:

dynamic-vlan mac-vlan prefer

Function:

Set the MAC-based VLAN preferred.

Command Mode:

Global Mode.

Default:

MAC-based VLAN is preferred by default.

Usage Guide:

Configure the preference of dynamic-vlan on switch. The default priority sequence is MAC-based VLAN、IP-subnet-based VLAN、Protocol-based VLAN, namely the preferred order when several dynamic VLAN is available. After the IP-subnet-based VLAN is set to be preferred and the user wish to restore to preferring the MAC-based VLAN, please use this command.

Example:

Set the MAC-based VLAN preferred.

Switch#config

Switch(config)#dynamic-vlan mac-vlan prefer

12.2.2 dynamic-vlan subnet-vlan prefer

Command:

dynamic-vlan subnet-vlan prefer

Function:

Set the IP-subnet-based VLAN preferred.

Command Mode:

Global Mode.

Default:

MAC-based VLAN is preferred by default.

Usage Guide:

Configure the preference of dynamic-vlan on switch. The default priority sequence is MAC-based VLAN · IP-subnet-based VLAN · Protocol-based VLAN, namely the preferred order when several dynamic VLAN is available. This command is used to set to preferring the IP-subnet-based VLAN.

Example:

Set the IP-subnet-based VLAN preferred.

Switch#config

Switch(config)#dynamic-vlan subnet-vlan prefer

12.2.3 mac-vlan

Command:

mac-vlan mac vlan priority

no mac-vlan {mac |all}

Function:

Add the correspondence between MAC address and VLAN, namely specify certain MAC address to join specified VLAN. The "no" form of this command deletes all/the correspondence.

Parameter:

mac-address is the MAC address which is shown in the form of XX-XX-XX-XX-XX-XX,vlan-id is the ID of the VLAN with a valid range of 1\~4094;priority-id is the level of priority and is used in the VLAN tag with a valid range of 0\~7;all refers to all the MAC addresses.

Command Mode:

Global Mode.

Default:

No MAC address joins the VLAN by default.

Usage Guide:

With this command user can add specified MAC address to specified VLAN. If there is a non VLAN label data packet enters from the switch port from the specified MAC address, it will be assigned with specified VLAN ID so sent enter specified VLAN. Their belonging VLAN are the same no matter which port did they enter through. The command does not have any interfere on the VLAN label data packet.

Example:

Add network device of MAC address as 00-30-4f-11-22-33 to VLAN 100.

Switch#config

Switch(config)#mac-vlan mac 00-30-4f-11-22-33 vlan 100 priority 0

12.2.4 mac-vlan vlan

Command:

mac-vlan vlan

no mac-vlan vlan

Function:

Configure the specified VLAN to MAC VLAN; the "no mac-vlan vlan " command cancels the MAC VLAN configuration of this VLAN.

Parameter:

is the number of the specified VLAN.

Command Mode:

Global Mode.

Default:

No MAC VLAN is configured by default.

Usage Guide:

Set specified VLAN for MAC VLAN.

Example:

Set VLAN100 to MAC VLAN.

Switch#config

Switch(config)#mac-vlan vlan 100

12.2.5 protocol-vlan

Command:

protocol-vlan mode {ethernetii etype <etype-id> | llc {dsap <dsap-id> ssap <ssap-id>} | snap
etype <etype-id>} vlan <vlan-id> priority <priority-id>
no protocol-vlan {mode {ethernetii etype <etype-id> | llc {dsap <dsap-id> ssap <ssap-id>} | snap
etype <etype-id>} | all}

Function:

Add the correspondence between the protocol and the VLAN namely specify the protocol to join specified VLAN. The "no" form of this command deletes all/the correspondence.

Parameter:

mode is the encapsulate type of the configuration which is ethernetii, llc, snap; the encapsulate type of the ethernetii is EthernetII;
etype-id is the type of the packet protocol, with a valid range of 1536~65535;
llc is LLC encapsulate format;
dsap-id is the access point of the destination service, the valid range is 0~255;
ssap-id is the access point of the source service with a valid range of 0~255;
snap is SNAP encapsulate format;
etype-id is the type of the packet protocol, the valid range is 1536~65535;
vlan-id is the ID of VLAN, the valid range is 1~4094;
priority is the priority, the range is 0~7;
all indicates all the encapsulate protocols.

Command Mode:

Global Mode.

Default:

No protocol joined the VLAN by default.

Usage Guide:

The command adds specified protocol into specified VLAN. If there is any non VLAN label packet from specified protocol enters through the switch port, it will be assigned with specified VLAN ID and enter the specified VLAN. No matter which port the packets go through, their belonging VLAN is the same. The command will not interfere with VLAN labeled data packets. It is recommended to configure ARP protocol together with the IP protocol or else some application may be affected.

Example:

Assign the IP protocol data packet encapsulated by the EthernetII to VLAN200.

Switch#config

Switch(config)#protocol-vlan mode ethernetii etype 2048 vlan 200

12.2.6 show dynamic-vlan prefer

Command:

show dynamic-vlan prefer

Function:

Display the preference of the dynamic VLAN.

Command Mode:

Admin Mode and Configuration Mode.

Usage Guide:

Display the dynamic VLAN preference.

Example:

Display current dynamic VLAN preference.

Switch#show dynamic-vlan prefer

Mac Vlan/Voice Vlan

IP Subnet Vlan

Protocol Vlan

12.2.7 show mac-vlan

Command:

show mac-vlan

Function:

Display the configuration of MAC-based VLAN on the switch.

Command Mode:

Admin Mode and other configuration Mode.

Usage Guide:

Display the configuration of MAC-based VLAN on the switch.

Example:

Display the configuration of the current MAC-based VLAN.

Switch#show mac-vlan

MAC-AddressVLAN_IDPriority
00-e0-4c-77-ab-9d22
00-0a-eb-26-8d-f322
00-30-4f-11-22-3355

12.2.8 show mac-vlan interface

Command:

show mac-vlan interface

Function:

Display the ports at MAC-based VLAN.

Command Mode:

Admin Mode and other configuration Mode.

Usage Guide:

Display the ports of enabling MAC-based VLAN, the character in the bracket indicate the ports mode, A means Access port, T means Trunk port, H means Hybrid port.

Example:

Display the ports of enabling MAC-based VLAN currently.

Switch#show mac-vlan interface

Ethernet1/0/1(A) Ethernet1/0/2(A)

Ethernet1/0/3(A) Ethernet1/0/4(A)

Ethernet1/0/5(H) Ethernet1/0/6(T)

12.2.9 show protocol-vlan

Command:

show portocol-vlan

Function:

Display the configuration of Protocol-based VLAN on the switch.

Command Mode:

Admin Mode and Configuration Mode

Usage Guide:

Display the configuration of Protocol-based VLAN on the switch.

Example:

Display the configuration of the current Protocol-based VLAN.

Switch#show protocol-vlan

Protocol_TypeVLAN_IDPriority
mode ethernetii etype 0x8002004
mode ethernetii etype 0x8602004
mode snap etype 0xabc1005
mode llc dsap 0xac ssap 0xbd1005

12.2.10 show subnet-vlan

Command:

show subnet-vlan

Function:

Display the configuration of the IP-subnet-based VLAN on the switch.

Command Mode:

Admin Mode and other Configuration Mode.

Usage Guide:

Display the configuration of the IP-subnet-based VLAN on the switch.

Example:

Display the configuration of the current IP-subnet-based VLAN.

Switch#show subnet-vlan

IP-Address

Mask

VLAN_ID

192.168.1.165

255.255.255.0

2

202.200.121.21

255.255.0.0

2

10.0.0.1

255.248.0.0

5

12.2.11 show subnet-vlan interface

Command:

show subnet-vlan interface

Function:

Display the port at IP-subnet-based VLAN.

Command Mode:

Admin Mode and other Configuration Mode.

Usage Guide:

Display the port of enabling IP-subnet-based VLAN, the character in the bracket indicate the ports mode, A means Access port, T means Trunk port, H means Hybrid port.

Example:

Display the port of enabling IP-subnet-based VLAN currently.

SwitchA#show subnet-vlan interface

Ethernet1/0/1(A)

Ethernet1/0/2(A)

Ethernet1/0/3(A)

Ethernet1/0/4(A)

Ethernet1/0/5(H)

Ethernet1/0/6(T)

12.2.12 subnet-vlan

Command:

subnet-vlan ip-address <ipv4-addrss> mask <subnet-mask> vlan <vlan-id> priority
<priority-id>
no subnet-vlan {ip-address <ipv4-addrss> mask <subnet-mask> | all}

Function:

Add a correspondence between the IP subnet and the VLAN, namely add specified IP subnet into specified VLAN; the "no" form of this command deletes all/the correspondence.

Parameter:

ipv4-address is the IPv4 address shown in dotted decimal notation; the valid range of each section is 0\~255; subnet-mask is the subnet mask code shown in dotted decimal notation; the valid range of each section is 0\~255; priority-id is the priority applied in the VLAN tag with a valid range of 0\~7; vlan-id is the VLAN ID with a valid range of 1\~4094; all indicates all the subnets.

Command Mode:

Global Mode.

Default:

No IP subnet joined the VLAN by default.

Usage Guide:

This command is used for adding specified IP subnet to specified VLAN. When packet without VLAN label and from the specified IP subnet enters through the switch port, it will be matched with specified VLAN id and enters specified VLAN. These packets will always come to the same VLAN no matter through which port did they enter. This command will not interfere with VLAN labeled data packets.

Example:

Add the network equipment with IP subnet of 192.168.1.0/24 to VLAN 300.

SwitchA#config

SwitchA(config)#subnet-vlan ip-address 192.168.1.1 mask 255.255.255.0 vlan 300 priority 0

12.2.13 switchport mac-vlan enable

Command:

switchport mac-vlan enable

no switchport mac-vlan enable

Function:

Enable the MAC-based VLAN function on the port; the "no" form of this command will disable the MAC-based VLAN function on the port.

Command Mode:

Port Mode.

Default:

The MAC-base VLAN function is enabled on the port by default.

Usage Guide:

After adding a MAC address to specified VLAN, the MAC-based VLAN function will be globally enabled. This command can disable the MAC-based VLAN function on specified port to meet special user applications.

Example:

Disable the MAC-based VLAN function on port1.

Switch#config

Switch(config)#interface ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)#no switchport mac-vlan enable

12.2.14 switchport subnet-vlan enable

Command:

switchport subnet-vlan enable

no switchport subnet-vlan enable

Function:

Enable the IP-subnet-based VLAN on the port; the "no" form of this command disables the IP-subnet-based VLAN function on the port.

Command Mode:

Port Mode.

Default:

The IP-subnet-based VLAN is enabled on the port by default.

Usage Guide:

After adding the IP subnet to specified VLAN, the IP-subnet-based VLAN function will be globally enabled. This command can disable the IP-subnet-based VLAN function on specified port to meet special user applications.

Example:

Disable the IP-subnet-based VLAN function on port1.

Switch#config

Switch(config)#interface ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)#no switchport subnet-vlan enable

12.3 Commands for Voice VLAN Configuration

12.3.1 show voice-vlan

Command:

show voice-vlan

Function:

Display the configuration status of the Voice VLAN on the switch.

Command Mode:

Admin Mode and other Configuration Mode.

Usage Guide:

Display Voice VLAN Configuration.

Example:

Display the Current Voice VLAN Configuration.

Switch#show voice-vlan
Voice VLAN ID:2
Ports:ethernet1/0/1;ethernet1/0/3
Voice nameMAC-AddressMaskPriority
financePhone00-e0-4c-77-ab-9d0xff5
manager00-0a-eb-26-8d-f30xfe6
Mr_Lee00-30-4f-11-22-330x805
NULL00-30-4f-11-22-330x05

12.3.2 switchport voice-vlan enable

Command:

switchport voice-vlan enable

no switchport voice-vlan enable

Function:

Enable the Voice VLAN function on the port; the "no" form of this command disables Voice VLAN function on the port.

Command Mode:

Port Mode.

Default:

Voice VLAN is enabled by default.

Usage Guide:

When voice equipment is added to the Voice VLAN, the Voice VLAN is enabled globally by default.

This command disables Voice VLAN on specified port to meet specified application of the user.

Example:

Disable the Voice VLAN function on port3.

Switch#config

Switch(config)#interface ethernet 1/0/3

Switch(Config-If-Ethernet1/0/3)#no switchport voice-vlan enable

12.3.3 voice-vlan

Command:

voice-vlan mac <mac-address> mask <mac-mask> priority <priority-id> [name <voice-name>]
no voice-vlan {mac <mac-address> mask <mac-mask>|name <voice-name> |all}

Function:

Specify certain voice equipment to join in Voice VLAN; the "no" form of this command will let the equipment leave the Voice VLAN.

Parameter:

Mac-address is the voice equipment MAC address, shown in "xx-xx-xx-xx-xx-xx" format; mac-mask is the last eight digit of the mask code of the MAC address, the valid values are: 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80, 0x0; priority-id is the priority of the voice traffic, the valid range is 0–7; the voice-name is the name of the voice equipment, which is to facilitate the equipment management; all indicates all the MAC addresses of the voice equipments.

Command Mode:

Global Mode.

Default:

This command will add a specified voice equipment into the Voice VLAN, if a non VLAN labeled data packet from the specified voice equipment enters through the switch port, then no matter through which port the packet enters, it will belong to Voice VLAN. The command will not interfere with the packets of VLAN labels.

Example:

Add the 256 sets of voice equipments of the R&D department with MAC address ranging from 00-30-4f-11-22-00 to 00-30-4f-11-22-ff to the Voice VLAN.

Switch#config

Switch(config)#voice-vlan vlan 100

Switch(config)#voice-vlan mac 00-30-4f-11-22-00 mask 0 priority 5 name test

12.3.4 voice-vlan vlan

Command:

voice-vlan vlan

no voice-vlan

Function:

Configure the specified VLAN to Voice VLAN; the "no voice-vlan" command cancels the Voice VLAN configuration of this VLAN.

Parameter:

Vlan id is the number of the specified VLAN.

Command Mode:

Global Mode.

Default:

No Voice VLAN is configured by default.

Usage Guide:

Set specified VLAN for Voice VLAN, There can be only one Voice VLAN at the same time. The voice VLAN can not be applied concurrently with MAC-based VLAN.

Example:

Set VLAN100 to Voice VLAN.

Switch#config

Switch(config)#voice-vlan vlan 100

Chapter 13 Commands for MAC Address Table Configuration

13.1 Commands for MAC Address Table Configuration

13.1.1 clear mac-address-table dynamic

Command:

clear mac-address-table dynamic [address <mac-addr>] [vlan <vlan-id>] [interface [ethernet | portchannel] <interface-name>]

Function:

Clear the dynamic address table.

Parameter:

<mac-addr>: MAC address will be deleted;
<interface-name> the port name for forwarding the MAC packets;
<vlan-id> VLAN ID.

Command Mode:

Admin mode.

Usage Guide:

Delete all dynamic address entries which exist in MAC address table, except application, system entries. MAC address entries can be classified according to different sources, the types are as follows: DYNAMIC, STATIC, APPLICATION, SYSTEM. DYNAMIC is the dynamic MAC address entries learned by switch, it can be aged by switch automatically.

Example:

Delete all dynamic MAC.

Switch#clear mac-address-table dynamic

13.1.2 mac-address-table aging-time

Command:

mac-address-table aging-time <0 / aging-time>

no mac-address-table aging-time

Function:

Sets the aging-time for the dynamic entries of MAC address table.

Parameter:

is the aging-time seconds, range from 10 to 1000000; 0 to disable aging.

Command Mode:

Global Mode.

Default:

Default aging-time is 300 seconds.

Usage Guide:

If no destination address of the packets is same with the address entry in aging-time, the address entry will get aged. The user had better set the aging-time according to the network condition, it usually use the default value.

Example:

Set the aging-time to 600 seconds.

Switch(config)#mac-address-table aging-time 600

13.1.3 mac-address-table static | static-multicast | blackhole

Command:

mac-address-table {static | static-multicast | blackhole} address vlan [interface [ethernet | portchannel] ] | [source | destination | both] no mac-address-table {static | static-multicast | blackhole | dynamic} [address ] [vlan ] [interface [ethernet | portchannel] ]

Function:

Add or modify static address entries, static multicast entries and filter address entries. The no command deletes the three entries.

Parameter:

static is the static entries; static-multicast is the static multicast entries; blackhole is filter entries, which is for discarding frames from specific MAC address, it can filter source address, destination address or the both. When choose the filter entries, blackhole address can't based on port, and not configure to interface; dynamic is dynamic address entries; MAC address to be added or deleted; name of the port transmitting the MAC data packet; is the vlan number. source is based on source address filter; destination is based on destination address filter; both is based on source address and destination address filter, the default is both.

Command Mode:

Admin and Configuration Mode.

Default:

When VLAN interface is configured and is up, the system will generate a static address mapping entry of which the inherent MAC address corresponds to the VLAN number.

Usage Guide:

In certain special applications or when the switch is unable to dynamically learn the MAC address, users can use this command to manually establish mapping relation between the MAC address and port and VLAN.

no mac-address-table command is for deleting all dynamic, static, filter MAC address entries existing in the switch MAC address list, except application, system entries. MAC address entries can be classified according to the different source, the types are as follows: DYNAMIC, STATIC, APPLICATION, SYSTEM. DYNAMIC is the dynamic MAC address entries learned by switch, it can be aged by switch automatically. STATIC is the static MAC address entries (including blackhole entries) added by user. APPLICATION is the static MAC address entries added by application protocol (such as dot1x, security port...). SYSTEM is the additive static MAC address entries according to VLAN interface. When adding STATIC entries, it can cover the conflictive DYNAMIC, except APPLICATION, SYSTEM entries.

After configure the static multicast MAC by this command, the multicast MAC traffic will be forwarded to the specified port of the specified VLAN.

Example:

Port 1/0/1 belongs to VLAN200, and establishes address mapping with MAC address 00-30-4f-f0-00-18.

Switch(config)#mac-address-table static address ,A8-F7-E0-f0-00-18 vlan 200 interface ethernet 1/0/1

Configure a static multicast MAC 01-00-5e-00-00-01, the egress is ethernet 1/0/1.

Switch(config)#mac-address-table static-multicast address 01-00-5e-00-00-01 vlan 1 interface ethernet1/0/1

13.1.4 show mac-address-table

Command:

show mac-address-table [static | blackhole | multicast | aging-time | count]

[address ] [vlan ] [count] [interface ]

Function:

Show the current MAC table.

Parameter:

static static entries; blackhole filter entries; aging-time address aging time; count entry's number, multicast multicast entries; entry's MAC address; entry's VLAN number; entry's interface name.

Command Mode:

Admin and Configuration Mode.

Default:

MAC address table is not displayed by default.

Usage Guide:

This command can display various classes of MAC address entries. Users can also use show mac-address-table to display all the MAC address entries.

Example:

Display all the filter MAC address entries.

Switch#show mac-address-table blackhole

13.2 Commands for Mac Address Binding configuration

13.2.1 clear port-security dynamic

Command:

clear port-security dynamic [address | interface ]

Function:

Clear the Dynamic MAC addresses of the specified port.

Command mode:

Admin Mode.

Parameter:

stands MAC address; for specified port number.

Usage Guide:

The secure port must be locked before dynamic MAC clearing operation can be perform in specified port. If no ports and MAC are specified, then all dynamic MAC in all locked secure ports will be cleared; if only port but no MAC address is specified, then all MAC addresses in the specified port will be cleared.

Example:

Delete all dynamic MAC in port1.

Switch#clear port-security dynamic interface Ethernet 1/0/1

13.2.2 mac-address-table periodic-monitor-time

Command:

mac-address-table periodic-monitor-time <5-86400>

Function:

Set the MAC monitor interval to count the added and deleted MAC in time, and send out them with trap message.

Command mode:

Global Mode.

Parameter:

<5-86400>: the interval is 5 to 86400 seconds.

Default:

60 seconds.

Example:

Set the MAC monitor interval as 120 seconds.

Switch (Config)#mac-address-table periodic-monitor-time 120

13.2.3 show port-security

Command:

show port-security

Function:

Display the secure MAC addresses of the port.

Command mode:

Admin Mode and other configuration Mode.

Default:

The switch is not display port-security configuration.

Usage Guide:

This command displays the secure port MAC address information.

Example:

Switch#show port-security
Security PortMaxSecurity Addr (count)CurrentAddr (count)Security Action
Ethernet1/0/111Protect
Ethernet1/0/3101Protect
Ethernet1/0/510Protect
Max Addresses limit in System:128
Total Addresses in System:2
Displayed informationExplanation
Security PortIs port enabled as a secure port.
MaxSecurityAddrThe maximum secure MAC address number set for the security port.
CurrentAddrThe current secure MAC address number of the security port.
Security ActionThe violation mode of the port configuration.
Total Addresses in SystemThe current secure MAC address number of the system.
Max Addresses limit in SystemThe maximum secure MAC address number of the system.

13.2.4 show port-security address

Command:

show port-security address [interface ]

Function:

Display the secure MAC addresses of the port.

Command mode:

Admin Mode and other configuration Mode.

Parameter:

stands for the port to be displayed.

Usage Guide:

This command displays the secure port MAC address information, if no port is specified, secure MAC addresses of all ports are displayed.

Example:

Switch#show port-security address interface ethernet 1/0/3

Security Mac Address Table

Vlan

Mac Address

Type

Ports

1

0000.0000.1111

SecureConfigured

Ethernet1/0/1

Total Addresses: 1

Displayed informationExplanation
VlanThe VLAN ID for the secure MAC Address.
Mac AddressSecure MAC address.
TypeSecure MAC address type.
PortsThe port that the secure MAC address belongs to.
Total AddressesCurrent secure MAC address number in the system.

13.2.5 show port-security interface

Command:

show port-security interface

Function:

Display the configuration of secure port.

Command mode:

Admin Mode and other configuration Mode.

Parameter:

stands for the port to be displayed.

Default:

Configuration of secure ports is not displayed by default.

Usage Guide:

This command displays the detailed configuration information for the secure port.

Example:

Switch#show port-security interface ethernet 1/0/1
Port Security: Enabled
Port status: Security Up
Violation mode: Protect
Maximum MAC Addresses: 1
Total MAC Addresses: 1
Configured MAC Addresses: 1
Lock Timer is ShutDown
Mac-Learning function is: Opened
Displayed informationExplanation
Port SecurityIs port enabled as a secure port.
Port statusPort secure status.
Violation modeViolation mode set for the port.
Maximum MAC AddressesThe maximum secure MAC address number set for the port.
Total MAC AddressesCurrent secure MAC address number for the port.
Configured MAC AddressesCurrent secure static MAC address number for the port.
Lock TimerWhether locking timer (timer timeout) is enabled for the port.
Mac-Learning functionWhether the MAC address learning function is enabled.

13.2.6 switchport port-security

Command:

switchport port security

no switchport port security

Function:

Enable MAC address binding function for the port; the "no switchport port-security" command disables the MAC address binding function for the port.

Command mode:

Port Mode.

Default:

MAC address binding is not enabled by default.

Usage Guide:

The MAC address binding function and Port Aggregation functions are mutually exclusive. Therefore, if MAC binding function for a port is to be enabled, the Port Aggregation functions must be disabled, and the port enabling MAC address binding must not be a Trunk port.

Example:

Enable MAC address binding function for port 1 and.

Switch(config)#interface Ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)# switchport port security

13.2.7 switchport port-security convert

Command:

switchport port-security convert

Function:

Converts dynamic secure MAC addresses learned by the port to static secure MAC addresses, and disables the MAC address learning function for the port.

Command mode:

Port Mode.

Usage Guide:

The port dynamic MAC convert command can only be executed after the secure port is locked. After this command has been executed, dynamic secure MAC addresses learned by the port will be converted to static secure MAC addresses. The command does not reserve configuration.

Example:

Converting MAC addresses in port 1 to static secure MAC addresses.

Switch(config)#interface Ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)# switchport port-security convert

13.2.8 switchport port-security lock

Command:

switchport port-security lock

no switchport port-security lock

Function:

Lock the port. After the port is locked, the MAC-address learning function will be shut down; the no operation of this command will reset the MAC-address learning function.

Command Mode:

Port Configuration Mode.

Default:

Ports are unlocked.

Usage Guide:

Ports can only be locked after the MAC-address binding function is enabled. When a port becomes locked, its MAC learning function will be disabled.

Examples:

Lock port 1.

Switch(config)#interface Ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)#switchport port-security lock

13.2.9 switchport port-security mac-address

Command:

switchport port-security mac-address

no switchport port-security mac-address

Function:

Add a static secure MAC address; the "no switchport port-security mac-address" command deletes a static secure MAC address.

Command mode:

Port Mode.

Parameters:

stands for the MAC address to be added or deleted.

Usage Guide:

The MAC address binding function must be enabled before static secure MAC address can be added.

Example:

Adding MAC 00-30-4f-FE-2E-D3 to port1.

Switch(config)#interface Ethernet 1/0/1

Switch(Config-If-Ethernet1/1)#switchport port-security mac-address 00-30-4f-FE-2E-D3

13.2.10 switchport port-security maximum

Command:

switchport port-security maximum

no switchport port-security maximum

Function:

Sets the maximum number of secure MAC addresses for a port; the "no switchport port-security maximum" command restores the maximum secure address number of 1.

Command mode:

Port Mode.

Parameter:

< value> is the up limit for static secure MAC address, the valid range is 1 to 128.

Default:

The default maximum port secure MAC address number is 1.

Usage Guide:

The MAC address binding function must be enabled before maximum secure MAC address number can be set. If secure static MAC address number of the port is larger than the maximum secure MAC address number set, the setting fails; extra secure static MAC addresses must be deleted, so that the secure static MAC address number is no larger than the maximum secure MAC address number for the setting to be successful.

Example:

Set the maximum secure MAC address number for port 1.

Switch(config)#interface Ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)# switchport port-security maximum 4

13.2.11 switchport port-security timeout

Command:

switchport port-security timeout

no switchport port-security timeout

Function:

Set the timer for port locking; the "no switchport port-security timeout" command restores the default setting.

Parameter:

< value> is the timeout value, the valid range is 0 to 300s.

Command mode:

Port Mode.

Default:

Port locking timer is not enabled by default.

Usage Guide:

The port locking timer function is a dynamic MAC address locking function. MAC address locking and conversion of dynamic MAC entries to secure address entries will be performed on locking timer timeout. The MAC address binding function must be enabled prior to running this command.

Example:

Set port1 locking timer to 30 seconds.

Switch(config)#interface Ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)# switchport port-security timeout 30

13.2.12 switchport port-security violation

Command:

switchport port-security violation {protect | shutdown} [recovery <30-3600>]

no switchport port-security violation

Function:

Configure the port violation mode. The no restores the violation mode to protect.

Command Mode:

Port mode.

Parameter:

protect refers to protect mode

shutdown refers to shutdown mode

recovery: configure the border port can be recovered automatically after implement

shutdown violation operation

<30-3600>: the recovery time, do not recover it by default

Default:

The port violation mode is protect by default.

Usage Guide:

The port violation mode configuration is only available after the MAC address binding function is enabled. when the port secure MAC address exceeds the security MAC limit, if the violation mode is protect, the port only disable the dynamic MAC address learning function; while the port will be shut if at shutdown mode. Users can manually open the port with no shutdown command.

Example :

Set the violation mode of port 1 to shutdown.

Switch(config)#interface Ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)# switchport port-security violation shutdown recovery 60

Chapter 14 ommands for MSTP

14.1 Commands for MSTP

14.1.1 abort

Command:

abort

Function:

Abort the current MSTP region configuration, quit MSTP region mode and return to global mode.

Command mode:

MSTP Region Mode.

Usage Guide:

This command is to quit MSTP region mode without saving the current configuration. The previous

MSTP region configuration is valid.

Example:

Quit MSTP region mode without saving the current configuration.

Switch(Config-Mstp-Region)#abort

Switch(config)#

14.1.2 exit

Command:

exit

Function:

Save current MSTP region configuration, quit MSTP region mode and return to global mode.

Command mode:

MSTP Region Mode

Usage Guide:

This command is to quit MSTP region mode with saving the current configuration.

Example:

Quit MSTP region mode with saving the current configuration.

Switch(Config-Mstp-Region)#exit

Switch(config)#

14.1.3 instance vlan

Command:

instance vlan

no instance [vlan ]

Function:

In MSTP region mode, create the instance and set the mappings between VLANs and instances; the command "no instance [vlan ]" removes the specified instance and the specified mappings between the VLANs and instances.

Parameter:

Normally, sets the instance number. The valid range is from 0 to 64; in the command "no instance [vlan ]", sets the instance number. The valid number is from 0 to 64. sets consecutive or non-consecutive VLAN numbers. "-" refers to consecutive numbers, and ";" refers to non-consecutive numbers.

Command mode:

MSTP Region Mode

Default:

Before creating any Instances, there is only the instance 0, and VLAN 1\~4094 all belong to the instance 0.

Usage Guide:

This command sets the mappings between VLANs and instances. Only if all the mapping relationships and other attributes are same, the switches are considered in the same MSTP region. Before setting any instances, all the VLANs belong to the instance 0. MSTP can support maximum 64 MSTIs (except for CISTs). CIST can be treated as MSTI 0. All the other instances are considered as instance 1 to 64.

Example:

Map VLAN1-10 and VLAN 100-110 to Instance 1.

Switch(config)#spanning-tree mst configuration

Switch(Config-Mstp-Region)#instance 1 vlan 1-10;100-110

14.1.4 name

Command:

name

no name

Function:

In MSTP region mode, set MSTP region name; the "no name" command restores the default setting.

Parameter:

is the MSTP region name. The length of the name should be less than 32 characters.

Command mode:

MSTP Region Mode

Default:

Default MSTP region name is the MAC address of this bridge.

Usage Guide:

This command is to set MSTP region name. The bridges with same MSTP region name and same other attributes are considered in the same MSTP region.

Example:

Set MSTP region name to mstp-test.

Switch(config)#spanning-tree mst configuration Switch(Config-Mstp-Region)#description mstp-test

14.1.5 no

Command:

no | |

Function:

Cancel one command or set it as initial value.

Parameter:

instance number, MSTP region name, is account the modify value of MST configuration caption.

Command mode:

MSTP Region Mode

Default:

The default revision level is 0.

Usage Guide:

This command deletes the specified instance and MSTP region name, restore the default of modify value is 0.

Example:

Delete instance 1.

Switch(Config-Mstp-Region)#no instance 1

14.1.6 revision-level

Command:

revision-level

no revision-level

Function:

In MSTP region mode, this command is to set revision level for MSTP configuration; the command "no revision-level" restores the default setting to 0.

Parameter:

is revision level. The valid range is from 0 to 65535.

Command mode:

MSTP Region Mode

Default:

The default revision level is 0.

Usage Guide:

This command is to set revision level for MSTP configuration. The bridges with same MSTP revision level and same other attributes are considered in the same MSTP region.

Example:

Set revision level to 2000.

Switch(config)#spanning-tree mst configuration

Switch(Config-Mstp-Region)# revision-level 2000

14.1.7 show

Command:

show

Function:

Display the information of current running system.

Command mode:

MSTP Region Mode

Usage Guide:

This command can check the detail information of system.

Example:

Display the information of current running system.

Switch(Config-Mstp-Region)#show

14.1.8 spanning-tree

Command:

spanning-tree

no spanning-tree

Function:

Enable MSTP in global mode and in Port Mode; The command "no spanning-tree" is to disable MSTP.

Command mode:

Global Mode and Port Mode

Default:

MSTP is not enabled by default.

Usage Guide:

If the MSTP is enabled in global mode, the MSTP is enabled in all the ports except for the ports which are set to disable the MSTP explicitly.

Example:

Enable the MSTP in global mode, and disable the MSTP in the interface1/0/2.

Switch(config)#spanning-tree

Switch(config)#interface ethernet 1/0/2

Switch(Config-If-Ethernet1/0/2)#no spanning-tree

14.1.9 spanning-tree cost

Command:

spanning-tree cost

no spanning-tree cost

Function:

Sets path cost of the current port; the command "no spanning-tree cost" restores the default setting.

Command mode:

Port Mode

Parameter:

sets path cost. The valid range is from 1 to 200,000,000.

Default:

By default, the port cost is relevant to the port bandwidth.

Port TypeDefault Path CostSuggested Range
10Mbps20000002000000~20000000
100Mbps200000200000~2000000
1Gbps2000020000~200000
10Gbps20002000~20000

For the aggregation ports, the default costs are as below:

Port TypeAllowed Number Of Aggregation PortsDefault Port Cost
10MbpsN2000000/N
100MbpsN200000/N
1GbpsN20000/N
10GbpsN2000/N

Usage Guide:

By setting the port cost, users can control the cost from the current port to the root bridge in order to control the elections of port and the designated port of the instance.

Example:

On the port1/0/2, set the port cost is 3000000.

Switch(Config-If-Ethernet1/0/2)#spanning-tree cost 3000000

14.1.10 spanning-tree digest-snooping

Command:

spanning-tree digest-snooping

no spanning-tree digest-snooping

Function:

Configure the port to use the authentication string of partner port; the command "no spanning-tree digest-snooping" restores to use the port generated authentication string.

Command mode:

Port Mode

Default:

Don't use the authentication string of partner port.

Usage Guide:

According to MSTP protocol, the region authentication string is generated by MD5 algorithm with public authentication key, instance ID, VLAN ID. Some manufactory don't use the public authentication key, this causes the incompatibility. After the command is executed the port can use the authentication string of partner port, realize compatibility with these manufactories equipment. Note: Because the authentication string is related to instance ID and VLAN ID, the command may cause recognizing the equipment that with different instance and VLAN relation as in the same region. Before the command is executed, make sure that instance and VLAN relation is accord for all the equipment. If there are more than one equipment connected, all the connected ports should execute this command.

Example:

Configure the authentication string of partner port.

Switch(config)#interface ethernet 1/0/2

Switch(Config-If-Ethernet1/0/2)#spanning-tree digest-snooping

Switch(Config-If-Ethernet1/0/2)#

14.1.11 spanning-tree format

Command:

spanning-tree format {standard | privacy | auto}

no spanning-tree format

Function:

Configure the format of the port packet so to be interactive with products of other companies. The no command restores the default format.

Parameter:

standard: The packet format provided by IEEE

privacy: Privacy packet format, which is compatible with CISCO equipments.

auto: Auto identified packet format, which is determined by checking the format of the received packets.

Command mode:

Port Mode

Default:

Auto Packet Format.

Usage Guide:

As the CISCO has adopted the packet format different with the one provided by IEEE, while many companies also adopted the CISCO format to be CISCO compatible, we have to provide support to both formats. The standard format is originally the one provided by IEEE, and the privacy packet format is CISCO compatible. In case we are not sure about which the packet format is on partner, the AUTO configuration will be preferred so to identify the format by the packets they sent. The AUTO packet format is set by default in the concern of better compatibility with previous products and the leading companies. The packet format will be privacy format before receiving the partner packet when configured to AUTO.

When the format is not AUTO and the received packet format from the partner does not match the configured format, we set the state of the port which receives the unmatched packet to DISCARDING to prevent both sides consider themselves the root which leads to circuits.

When the AUTO format is set, and over one equipment which is not compatible with each other are connected on the port (e.g. a equipment running through a HUB or Transparent Transmission BPDU is connected with several equipments running MSTP), the format alter counts will be recorded and the port will be disabled at certain count threshold. The port can only be re-enabled by the administrator.

Example:

Configure port message format as the message format of IEEE.

Switch(config)#interface ethernet 1/0/2

Switch(Config-If-Ethernet1/0/2)#spanning-tree format standard

Switch(Config-If-Ethernet1/0/2)#

14.1.12 spanning-tree forward-time

Command:

spanning-tree forward-time

no spanning-tree forward-time

Function:

Set the switch forward delay time; the command "no spanning-tree forward-time" restores the default setting.

Parameter:

Command mode:

Global Mode

Default:

The forward delay time is 15 seconds by default.

Usage Guide:

When the network topology changes, the status of the port is changed from blocking to forwarding. This delay is called the forward delay. The forward delay is co working with hello time and max age. The parameters should meet the following conditions. Otherwise, the MSTP may work incorrectly.

2 * (Bridge_Forward_Delay - 1.0 seconds) >= Bridge_Max_Age

Bridge_Max_Age >= 2 * (Bridge_Hello_Time + 1.0 seconds)

Example:

In global mode, set MSTP forward delay time to 20 seconds.

Switch(config)#spanning-tree forward-time 20

14.1.13 spanning-tree hello-time

Command:

spanning-tree hello-time

no spanning-tree hello-time

Function:

Set switch Hello time; The command "no spanning-tree hello-time" restores the default setting.

Parameter:

Command mode:

Global Mode

Default:

Hello Time is 2 seconds by default.

Usage Guide:

Hello time is the interval that the switch sends BPDUs. Hello time is co working with forward delay and max age. The parameters should meet the following conditions. Otherwise, the MSTP may work incorrectly.

2 * (Bridge_Forward_Delay - 1.0 seconds) >= Bridge_Max_Age

Bridge_Max_Age >= 2 * (Bridge_Hello_Time + 1.0 seconds)

Example:

Set MSTP hello time to 5 seconds in global mode.

Switch(config)#spanning-tree hello-time 5

Command:

spanning-tree link-type p2p {auto | force-true | force-false}

no spanning-tree link-type

Function:

Set the link type of the current port; the command “no spanning-tree link-type” restores link type to auto-negotiation.

Parameter:

auto sets auto-negotiation, force-true forces the link as point-to-point type, force-false forces the link as non point-to-point type.

Command mode:

Port Mode

Default:

The link type is auto by default, The MSTP detects the link type automatically.

Usage Guide:

When the port is full-duplex, MSTP sets the port link type as point-to-point; When the port is half-duplex, MSTP sets the port link type as shared.

Example:

Force the port 1/0/7-8 as point-to-point type.

Switch(config)#interface ethernet 1/0/7-8

Switch(Config-Port-Range)#spanning-tree link-type p2p force-true

14.1.15 spanning-tree maxage

Command:

spanning-tree maxage

no spanning-tree maxage

Function:

Set the max aging time for BPDU; the command "no spanning-tree maxage" restores the default setting.

Parameter:

Command mode:

Global Mode

Default:

The max age is 20 seconds by default.

Usage Guide:

The lifetime of BPDU is called max age time. The max age is co working with hello time and forward delay. The parameters should meet the following conditions. Otherwise, the MSTP may work incorrectly.

2 * (Bridge_Forward_Delay - 1.0 seconds) >= Bridge_Max_Age

Bridge_Max_Age >= 2 * (Bridge_Hello_Time + 1.0 seconds)

Example:

In global mode, set max age time to 25 seconds.

Switch(config)#spanning-tree maxage 25

14.1.16 spanning-tree max-hop

Command:

spanning-tree max-hop

no spanning-tree max-hop

Function:

Set maximum hops of BPDU in the MSTP region; the command "no spanning-tree max-hop" restores the default setting.

Parameter:

sets maximum hops. The valid range is from 1 to 40.

Command mode:

Global Mode

Default:

The max hop is 20 by default.

Usage Guide:

The MSTP uses max-age to count BPDU lifetime. In addition, MSTP also uses max-hop to count BPDU lifetime. The max-hop is degressive in the network. The BPDU has the max value when it initiates from MSTI root bridge. Once the BPDU is received, the value of the max-hop is reduced by 1. When a port receives the BPDU with max-hop as 0, it drops this BPDU and sets itself as designated port to send the BPDU.

Example:

Set max hop to 32.

Switch(config)#spanning-tree max-hop 32

14.1.17 spanning-tree mcheck

Command:

spanning-tree mcheck

Function:

Force the port to run in the MSTP mode.

Command mode:

Port Mode

Default:

The port is in the MSTP mode by default.

Usage Guide:

If a network which is attached to the current port is running IEEE 802.1D STP, the port converts itself to run in STP mode. The command is used to force the port to run in the MSTP mode. But once the port receives STP messages, it changes to work in the STP mode again.

This command can only be used when the switch is running in IEEE802.1s MSTP mode. If the switch is running in IEEE802.1D STP mode, this command is invalid.

Example:

Force the port 1/0/2 to run in the MSTP mode.

Switch(Config-If-Ethernet1/0/2)#spanning-tree mcheck

14.1.18 spanning-tree mode

Command:

spanning-tree mode {mstp | stp | rstp}

no spanning-tree mode

Function:

Set the spanning-tree mode in the switch; The command "no spanning-tree mode" restores the default setting.

Parameter:

mstp sets the switch in IEEE802.1s MSTP mode; stp sets the switch in IEEE802.1D STP mode; rstp sets the switch in IEEE802.1D RSTP mode.

Command mode:

Global Mode

Default:

The switch is in the MSTP mode by default.

Usage Guide:

When the switch is in IEEE802.1D STP mode, it only sends standard IEEE802.1D BPDU and TCN BPDU. It drops any MSTP BPDUs.

Example:

Set the switch in the STP mode.

Switch(config)#spanning-tree mode stp

14.1.19 spanning-tree mst configuration

Command:

spanning-tree mst configuration

no spanning-tree mst configuration

Function:

Enter the MSTP mode. Under the MSTP mode, the MSTP attributes can be set. The command "no spanning-tree mst configuration" restores the attributes of the MSTP to their default values.

Command mode:

Global Mode

Default:

The default values of the attributes of the MSTP region are listed as below:

Attribute of MSTPDefault Value
InstanceThere is only the instance 0. All the VLANs (1~4094) are mapped to the instance 0.
NameMAC address of the bridge
Revision0

Usage Guide:

Whether the switch is in the MSTP region mode or not, users can enter the MSTP mode, configure the attributes, and save the configuration. When the switch is running in the MSTP mode, the system will generate the MST configuration identifier according to the MSTP configuration. Only if the switches with the same MST configuration identifier are considered as in the same MSTP region.

Example:

Enter MSTP region mode.

Switch(config)#spanning-tree mst configuration
Switch(Config-Mstp-Region)#

14.1.20 spanning-tree mst cost

Command:

spanning-tree mst cost

no spanning-tree mst cost

Function:

Sets path cost of the current port in the specified instance; the command "no spanning-tree mst

cost" restores the default setting.

Parameter:

sets the instance ID. The valid range is from 0 to 48. sets path cost. The valid range is from 1 to 200,000,000.

Command mode:

Port Mode

Default:

By default, the port cost is relevant to the port bandwidth.

Port TypeDefault Path CostSuggested Range
10Mbps20000002000000~20000000
100Mbps200000200000~2000000
1Gbps2000020000~200000
10Gbps20002000~20000

For the aggregation ports, the default costs are as below:

Port TypeAllowed Number Of Aggregation PortsDefault Port Cost
10MbpsN2000000/N
100MbpsN200000/N
1GbpsN20000/N
10GbpsN2000/N

Usage Guide:

By setting the port cost, users can control the cost from the current port to the root bridge in order to control the elections of root port and the designated port of the instance.

Example:

On the port1/0/2, set the MSTP port cost in the instance 2 to 3000000.

Switch(Config-If-Ethernet1/0/2)#spanning-tree mst 2 cost 3000000

14.1.21 spanning-tree mst loopguard

Command:

spanning-tree [mst ] loopguard

no spanning-tree [mst ] loopguard

Function:

Enable the loopguard function for specified instance, the no command disables this function.

Parameter:

: MSTP instance ID.

Command mode:

Port Mode

Default:

Disable loopguard function.

Usage Guide:

The command can avoid root port or alternate port to be changed as designated port due to invalid unilateralism link. When the receiving timer is time, the configured port with loopguard is set as block state.

Example:

Configure port 1/0/2 as loopguard mode for instance 0.

Switch(Config)#interface ethernet 1/0/2

Switch(Config-Ethernet-1/0/2)#spanning-tree mst 0 loopguard

Switch(Config-Ethernet-1/0/2)#

14.1.22 spanning-tree mst port-priority

Command:

spanning-tree mst port-priority

no spanning-tree mst port-priority

Function:

Set the current port priority for the specified instance; the command "no spanning-tree mst

port-priority" restores the default setting.

Parameter:

sets the instance ID. The valid range is from 0 to 48; sets port priority.

The valid range is from 0 to 240. The value should be the multiples of 16, such as 0, 16, 32...240.

Command mode:

Port Mode

Default:

The default port priority is 128.

Usage Guide:

By setting the port priority, users can control the port ID of the instance in order to control the root port and designated port of the instance. The lower the value of the port priority is, the higher the priority is.

Example:

Set the port priority as 32 on the port 1/0/2 for the instance 1.

Switch(config)#interface ethernet 1/0/2

Switch(Config-If-Ethernet1/0/2)#spanning-tree mst 1 port-priority 32

14.1.23 spanning-tree mst priority

Command:

spanning-tree mst priority

no spanning-tree mst priority

Function:

Set the bridge priority for the specified instance; the command "no spanning-tree mst

priority" restores the default setting.

Parameter:

sets instance ID. The valid range is from 0 to 48; sets the switch priority. The valid range is from 0 to 61440. The value should be the multiples of 4096, such as 0, 4096, 8192...61440.

Command mode:

Global Mode

Default:

The default bridge priority is 32768.

Usage Guide:

By setting the bridge priority, users can change the bridge ID for the specified instance. And the bridge ID can influence the elections of root bridge and designated port for the specified instance.

Example:

Set the priority for Instance 2 to 4096.

Switch(config)#spanning-tree mst 2 priority 4096

14.1.24 spanning-tree mst rootguard

Command:

spanning-tree [mst ] rootguard no spanning-tree [mst ] rootguard

Function:

Enable the rootguard function for specified instance, the rootguard function forbid the port to be MSTP root port. "no spanning-tree mst rootguard" disable the rootguard function.

Parameter:

: MSTP instance ID.

Command mode:

Port Mode.

Default:

Disable rootguard function.

Usage Guide:

The command is used in Port Mode, if the port is configured to be a rootguard port, it is forbidden to be a MSTP root port. If superior BPDU packet is received from a rootguard port, MSTP did not recalculate spanning-tree, and just set the status of the port to be root_inconsistent (blocked). If no superior BPDU packet is received from a blocked rootguard port, the port status will restore to be forwarding. The rootguard function can maintain a relative stable spanning-tree topology when a new switch is added to the network.

Example:

Enable rootguard function for port 1/0/2 in instance 0.

Switch(config)#interface ethernet 1/0/2
Switch(Config-If-Ethernet1/0/2)#spanning-tree mst 0 rootguard
Switch(Config-If-Ethernet1/0/2)#

14.1.25 spanning-tree portfast

Command:

spanning-tree portfast [bpdufilter | bpduguard] [recovery <30-3600>]

no spanning-tree portfast

Function:

Set the current port as boundary port, and BPDU filter、BPDU guard as specified mode or default mode; the command "no spanning-tree portfast" sets the current port as non-boundary port.

Parameter:

bpdufilter: configure the border port mode as BPDU filter

bpduguard: configure the border port mode as BPDU guard

recovery: configure the border port can be recovered automatically after implement bpduguard violation operation

<30-3600>: the recovery time, do not recover it by default

Command mode:

Port Mode

Default:

All the ports are non-boundary ports by default when enabling MSTP.

Usage Guide:

When a port is set to be a boundary port, the port converts its status from discarding to forwarding without bearing forward delay. Once the boundary port receives the BPDU, the port becomes a non-boundary port.

Example:

Configure the border port mode as BPDU guard, the recovery time as 60s.

Switch(config)#interface ethernet 1/0/2

Switch(Config-If-Ethernet1/0/2)#spanning-tree portfast bpduguard recovery 60

Switch(Config-If-Ethernet1/0/2)#

14.1.26 spanning-tree port-priority

Command:

spanning-tree port-priority

no spanning-tree port-priority

Function:

Set the port priority; the command "no spanning-tree port-priority" restores the default setting.

Parameter:

sets port priority. The valid range is from 0 to 240. The value should be the multiples of 16, such as 0, 16, 32, 48...240.

Command mode:

Port Mode

Default:

The default port priority is 32768.

Usage Guide:

By setting the port priority to designated port. The lower the value of the port priority is, the higher the priority is.

Example:

Set the port priority as 4096 on the port 1.

Switch(Config-If-Ethernet1/0/1)#spanning-tree port-priority 4096

14.1.27 spanning-tree priority

Command:

spanning-tree priority

no spanning-tree priority

Function:

Configure the spanning-tree priority; the "no spanning-tree priority" command restores the default priority.

Parameter:

is the priority of the bridging switch. Its value should be round times of 4096 between 0 and 61440, such as 0, 4096, 8192... 61440.

Command Mode:

Global Mode.

Default:

Priority is 32768.

Usage Guide:

The bridge ID can be altered by changing the priority of the switch. Further, the priority information can also be used for voting of the root bridge and the specified ports. The bridge priority value of the switch is smaller, however the priority is higher.

Example:

Configure the priority is 4096.

Switch(config)#spanning-tree priority 4096

14.1.28 spanning-tree rootguard

Command:

spanning-tree rootguard

no spanning-tree rootguard

Function:

Set the port is root port, "no spanning-tree rootguard" command sets the port is non-root port.

Default:

Port is non-root port.

Command Mode:

Port Mode

Usage Guide:

The command is used in Port Mode, if the port is configured to be a rootguard port, it is forbidden to be a MSTP root port. If superior BPDU packet is received from a rootguard port, MSTP did not recalculate spanning-tree, and just set the status of the port to be root_inconsistent (blocked). If no superior BPDU packet is received from a blocked rootguard port, the port status will restore to be forwarding. The rootguard function can maintain a relative stable spanning-tree topology when a new switch is added to the network.

Example:

Set the port 1 is root port.

Switch(Config-If-Ethernet1/0/1)#spanning-tree rootguard

14.1.29 spanning-tree tcflush (Global mode)

Command:

spanning-tree tcflush {enable| disable| protect}

no spanning-tree tcflush

Function:

Configure the spanning-tree flush mode once the topology changes. "no spanning-tree tcflush" restores to default setting.

Parameter:

enable: The spanning-tree flush once the topology changes.

disable: The spanning tree don't flush when the topology changes.

protect: the spanning-tree flush not more than one time every ten seconds.

Command mode:

Global mode

Default:

Enable

Usage Guide:

According to MSTP, when topology changes, the port that send change message clears MAC/ARP table (FLUSH). In fact it is not needed for some network environment to do FLUSH with every topology change. At the same time, as a method to avoid network assault, we allow the network administrator to configure FLUSH mode by the command

Note: For the complicated network, especially need to switch from one spanning tree branch to another rapidly, the disable mode is not recommended.

Example:

Configure the spanning-tree flush mode once the topology changes is not flush to TC.

Switch(config)#spanning-tree tcflush disable

Switch(config)#

14.1.30 spanning-tree tcflush (Port mode)

Command:

spanning-tree tcflush {enable| disable| protect}

no spanning-tree tcflush

Function:

Configure the spanning-tree flush mode for port once the topology changes. "no spanning-tree tcflush" restores to default setting.

Parameter:

enable: The spanning-tree flush once the topology changes.

disable: The spanning tree don't flush when the topology changes.

protect: the spanning-tree flush not more than one time every ten seconds.

Command mode:

Port Mode

Default:

Global configuration

Usage Guide:

According to MSTP, when topology changes, the port that send change message clears MAC/ARP table (FLUSH). In fact it is not needed for some network environment to do FLUSH with every topology change. At the same time, as a method to avoid network assault, we allow the network administrator to configure FLUSH mode by the command

Note: For the complicated network, especially need to switch from one spanning tree branch to another rapidly, the disable mode is not recommended.

Example:

Configure the spanning-tree flush mode once the topology change is not flush to TC.

Switch(config)#interface ethernet 1/0/2

Switch(Config-If-Ethernet1/0/2)#spanning-tree tcflush disable

Switch(Config-If-Ethernet1/0/2)#

14.1.31 spanning-tree transmit-hold-count

Command:

spanning-tree transmit-hold-count no spanning-tree transmit-hold-count

Function:

Set the max transmit-hold-count of port.

Parameter:

tx-hold-count-value: ranging from 1 to 20, the default value is 10.

Command mode:

Global Mode

Default:

10.

Usage Guide:

Set the max number for sending BPDU within the Hello Time interval to control BPDU flow. The variable is used to whole MST bridge.

Example:

Set the max transmit-hold-count as 20.

Switch(config)#spanning-tree transmit-hold-count 20

14.2 Commands for Monitor and Debug

14.2.1 debug spanning-tree

Command:

debug spanning-tree

no debug spanning-tree

Function:

Enable the MSTP debugging information; the command "no debug spanning-tree" disables the MSTP debugging information.

Command mode:

Admin Mode

Usage Guide:

This command is the general switch for all the MSTP debugging. Users should enable the detailed debugging information, then they can use this command to display the relevant debugging information. In general, this command is used by skilled technicians.

Example:

Enable to receive the debugging information of BPDU messages on the port1/0/1.

Switch#debug spanning-tree

Switch#debug spanning-tree bpdu rx interface e1/0/1

14.2.2 show mst-pending

Command:

show mst-pending

Function:

In the MSTP region mode, display the configuration of the current MSTP region.

Command mode:

Admin Mode

Usage Guide:

In the MSTP region mode, display the configuration of the current MSTP region such as MSTP name, revision, VLAN and instance mapping.

Note: Before quitting the MSTP region mode, the displayed parameters may not be effective.

Example:

Display the configuration of the current MSTP region.

Switch(config)#spanning-tree mst configuration

Switch(Config-Mstp-Region)#show mst-pending

Name switch

Revision 0

Instance Vlans Mapped

00 1-29,31-39,41-4093

03 30

04 40

05 4094

Switch(Config-Mstp-Region)#

14.2.3 show spanning-tree

Command:

show spanning-tree [mst []] [interface ] [detail]

Function:

Display the MSTP Information.

Parameter:

sets interface list; sets the instance ID. The valid range is from 0 to 64; detail sets the detailed spanning-tree information.

Command mode:

Admin and Configuration Mode

Usage Guide:

This command can display the MSTP information of the instances in the current bridge.

Example:

Display the bridge MSTP.

Switch#sh spanning-tree

-- MSTP Bridge Config Info --

Standard : IEEE 802.1s

Bridge MAC : 00:03:0f:01:0e:30

Bridge Times : Max Age 20, Hello Time 2, Forward Delay 15

Force Version: 3

# Instance 0

Self Bridge Id : 32768 - 00: 03: 0f: 01: 0e: 30

Root Id : 16384.00: 03: 0f: 01: 0f: 52

Ext.RootPathCost : 200000

Region Root Id : this switch

Int.RootPathCost : 0

Root Port ID : 128.1

Current port list in Instance 0:

Ethernet1/0/1 Ethernet1/0/2 (Total 2)

PortNameIDExtRPCIntRPCState RoleDsgBridgeDsgPort
Ethernet1/0/1128.00100FWD ROOT 16384.00030f010f52128.007
Ethernet1/0/2128.00200BLK ALTR 16384.00030f010f52128.011
#### Instance 3

Self Bridge Id : 0.00: 03: 0f: 01: 0e: 30

Region Root Id : this switch

Int.RootPathCost : 0

Root Port ID : 0

Current port list in Instance 3:

Ethernet1/0/1 Ethernet1/0/2 (Total 2)

PortName ID IntRPC State Role DsgBridge DsgPort

Ethernet1/0/1 128.001 0 FWD MSTR 0.00030f010e30 128.001

Ethernet1/0/2 128.002 0 BLK ALTR 0.00030f010e30 128.002

#### Instance 4

Self Bridge Id : 32768.00: 03: 0f: 01: 0e: 30

Region Root Id : this switch

Int.RootPathCost : 0

Root Port ID : 0

Current port list in Instance 4:

Ethernet1/0/1 Ethernet1/0/2 (Total 2)

PortName ID IntRPC State Role DsgBridge DsgPort

Ethernet1/0/1 128.0010 FWD MSTR 32768.00030f010e30 128.001
Ethernet1/0/2 128.0020 BLK ALTR 32768.00030f010e30 128.002
Displayed InformationDescription
Bridge Information
StandardSTP version
Bridge MACBridge MAC address
Bridge TimesMax Age, Hello Time and Forward Delay of the bridge
Force VersionVersion of STP
Instance Information
Self Bridge IdThe priority and the MAC address of the current bridge for the current instance
Root IdThe priority and the MAC address of the root bridge for the current instance
Ext.RootPathCostTotal cost from the current bridge to the root of the entire network
Int.RootPathCostCost from the current bridge to the region root of the current instance
Root Port IDRoot port of the current instance on the current bridge
MSTP Port List Of The Current Instance
PortNamePort name
IDPort priority and port index
ExtRPCPort cost to the root of the entire network
IntRPCCost from the current port to the region root of the current instance
StatePort status of the current instance
RolePort role of the current instance
DsgBridgeUpward designated bridge of the current port in the current instance
DsgPortUpward designated port of the current port in the current instance

14.2.4 show spanning-tree mst config

Command:

show spanning-tree mst config

Function:

Display the configuration of the MSTP in the Admin mode.

Command mode:

Admin Mode

Usage Guide:

In the Admin mode, this command can show the parameters of the MSTP configuration such as MSTP name, revision, VLAN and instance mapping.

Example:

Display the configuration of the MSTP on the switch.

Switch#show spanning-tree mst config

Name switch

Revision 0

Instance Vlans Mapped

00 1-29,31-39,41-4094

03 30

04 40

Chapter 15 Commands for QoS and PBR

15.1 accounting

Command:

accounting

Function:

Set statistic function for the classified traffic.

Default:

Do not set statistic function.

Command mode:

Policy map configuration mode

Usage Guide:

After enable this function, add statistic function to the traffic of the policy class map. In single bucket mode, the messages can only red or green when passing policy and printing the information. In dual bucket mode, there are three colors(green, yellow, red) of messages. Note: In policy-map, accounting does not take effect if only set internal priority is configured, but there is no policy.

Example:

Count the packets which satisfy c1 rule.

Switch(config)#policy-map p1

Switch(Config-PolicyMap-p1)#class c1

Switch(Config-PolicyMap-p1-Class-c1)#accounting

Switch(Config-PolicyMap-p1-Class-c1)#exit

Switch(Config-PolicyMap-p1)#exit

15.2 class

Command:

class [insert-before ]

no class

Function:

Associates a class to a policy map and enters the policy class map mode; the no command deletes the specified class.

Parameters:

is the class map name used by the class.

insert-before insert a new configured class to the front of a existent class to improve the priority of the new class.

Default:

No policy class is configured by default.

Command mode:

Policy map configuration Mode

Usage Guide:

Before setting up a policy class, a policy map should be created and the policy map mode entered. In the policy map mode, classification and nexthop configuration can be performed on packet traffic classified by class map.

Example:

After add a policy class map c1 to the policy map, add a policy class map c2 and insert it to the front of c1.

Switch(config)#policy-map p1
Switch(Config-PolicyMap-p1)#class c1
Switch(Config-PolicyMap-p1-Class-c1)#exit
Switch(Config-PolicyMap-p1)#class c2 insert-before c1
Switch(Config-PolicyMap-p1-Class-c2)#exit

15.3 class-map

Command:

class-map

no class-map

Function:

Creates a class map and enters class map mode; the no command deletes the specified class map.

Parameters:

is the class map name.

Default:

No class map is configured by default.

Command mode:

Global Mode

Usage Guide:

Example:

Creating and then deleting a class map named "c1".

Switch(config)#class-map c1

Switch(Config-ClassMap-c1)#exit

Switch(config)#no class-map c1

15.4 clear mls qos statistics

Command:

clear mls qos statistics [interface | vlan ]

Function:

Clear accounting data of the specified ports or VLAN Policy Map. If there are no parameters, clear accounting data of all policy map.

Parameters:

: VLAN ID

: The interface name

Default:

Do not set action.

Command mode:

Admin Mode

Usage Guide:

Clear accounting data of the specified ports or VLAN Policy Map. If there are no parameters, clear accounting data of all policy map.

Example:

Clear the Policy Map statistic of VLAN 100.

Switch#Clear mls qos statistics vlan 100

15.5 drop

Command:

drop

no drop

Function:

Drop data package that match the class, the no command cancels the assigned action.

Default:

Do not set the action.

Command mode:

Policy class map configuration mode

Usage Guide:

Drop the specified packet after configure this command.

Example:

Drop the packet which satisfy c1.

Switch(config)#policy-map p1
Switch(Config-PolicyMap-p1)#class c1
Switch(Config-PolicyMap-p1-Class-c1)#drop
Switch(Config-PolicyMap-p1-Class-c1)#exit
Switch(Config-PolicyMap-p1)#exit

15.6 match

Command:

match {access-group <acl-index-or-name> | ip dscp <dscp-list> | ip precedence
<ip-precedence-list> | ipv6 access-group <acl-index-or-name> | ipv6 dscp <dscp-list> | ipv6
flowlabel <flowlabel-list> | vlan <vlan-list> | cos <cos-list>}
no match {access-group | ip dscp | ip precedence| ipv6 access-group| ipv6 dscp | ipv6
flowlabel | vlan | cos}

Function:

Configure the match standard of the class map; the no form of this command deletes the specified match standard.

Parameter:

access-group match specified IP ACL, MAC ACL or IPv6 ACL, the parameters are the number or name of the ACL;

ip dscp and ipv6 dscp match specified DSCP value, the parameter is a list of DSCP consisting of maximum 8 DSCP values, the ranging is 0\~63;

ip precedence match specified IP Precedence, the parameter is a IP Precedence list consisting of maximum 8 IP Precedence values with a valid range of 0\~7;

ipv6 access-group match specified IPv6 ACL, the parameter is the number or name of the IPv6 ACL;

ipv6 flowlabel match specified IPv6 flow label, the parameter is IPv6 flow label value, the ranging is 0\~1048575;

vlan match specified VLAN ID, the parameter is a VLAN ID list consisting of maximum 8 VLAN IDs, the ranging is 1\~4094;

cos match specified CoS value, the parameter is a CoS list consisting of maximum 8 CoS, the ranging is 0\~7.

Default:

No match standard by default

Command Mode:

Class-map Mode

Usage Guide:

Only one match standard can be configured in a class map. When configuring the match ACL, permit rule as the match option, apply Policy Map action. Deny rule as the excluding option, do not apply Policy Map action. If configure another match rule after one was configured, the operation fails, but configure the same match rule will cover the previous.

Example:

Create a class-map named c1, and configure the class rule of this class-map to match packets with IP Precedence of 0.

Switch(config)#class-map c1

Switch(Config-ClassMap-c1)#match ip precedence 0

Switch(Config-ClassMap-c1)#exit

15.7 mls qos aggregate-policy

Command:

Single Bucket Mode:

mls qos aggregate-policy [{exceed-action ACTION}]

Dual Bucket Mode:

mls qos aggregate-policy (pir | ) ((exceed-action ACTION | violate-action ACTION)

ACTION definition:

drop | transmit | set-internal-priority | policed-intp-transmit

[no] mls qos aggregate-policy

Function:

Define an aggregate policy command, analyze the working mode of the token bucket, whether it is single rate single bucket, single rate dual bucket or dual rate dual bucket, and set the corresponding action for different color packets. The no operation will delete the mode configuration.

Parameters:

policer_name: the name of aggregation policy;

bits_per_second: the committed information rate - CIR, in Kbps, ranging from 1 to 10000000;

normal_burst_bytes: the committed burst size – CBS, in kb, ranging from 1 to 1000000. When the configured CBS value exceeds the max limit of the chip, configure the hardware with max number supported by the chip without any CLI prompt;

maximum_burst_bytes: the peak burst size - PBS, in kb, ranging from 1 to 1000000. When the configured PBS value exceeds the max limit of the chip, configure the hardware with max number supported by the chip without any CLI prompt. Notice: this configuration only exists in dual bucket mode;

pir peak_rate_bps: the peak information rate - PIR, in kbps, ranging from 1 to 10000000. Without configuring PIR, the Police works in the single rate dual bucket mode; otherwise in the dual rate dual bucket mode. Notice: this configuration only exist in the dual bucket mode.

exceed-action: the actions to take when the CIR is exceeded but PIR isn't, which means the messages are yellow, the default is Drop;

violate-action: the actions to take when the PIR is exceeded, which means the messages are red, the default is Drop.

ACTION:

drop/transmit: Drop/transmit the packets

set-internal-priority : Modify the internal priority of the packets

policied-intp-transmit: Drop the internal priority according to INT-PRIO_TO_INT-PRIO mapping

Default:

No aggregation Policy is defined by default; the default action of exceed-action and violate-action both is drop.

Command mode:

Global Mode

Usage Guide:

The CLI can support both single bucket and dual bucket configuration, and determine which one by checking whether PIR or PBS is configured. When configuring with CLI, after configuring CBS, if the action is directly configured, the mode is single rate single bucket; if only PBS is configured, the mode is single rate dual bucket three colors; if PIR and PBS are configured, the mode is dual rate dual bucket three colors. The actions of set and policy selected by policy map are same, the action of policy can cover the action of the set. Furthermore, If the actions of exceed-action and violate-action are set-internal-priority in policy, must be same.

Example:

Set the dual bucket mode, CIR is 1000, CBS is 1000, PIR is 20000, PBS is 10000. The action is policed-intp-transmit when CIR is exceeded but PIR isn't, which means the messages are yellow.

Switch(config)#mls qos aggregate-policy color 10000 1000 20000 10000 exceed-action policied-intp-transmit

15.8 mls qos cos

Command:

mls qos cos {}

no mls qos cos

Function:

Configures the default CoS value of the port; the "no mls qos cos" command restores the default setting.

Parameters:

is the default CoS value for the port, the valid range is 0 to 7.

Default:

The default CoS value is 0.

Command mode:

Port Configuration Mode.

Usage Guide:

Configure the default CoS value for switch port. If the ingress packets without 802.1Q tag of the port, set the cos value of the packets with tag as the default value. If the ingress packets with 802.1Q tag of the port, do not modify the cos value according to the default cos value.

Example:

Setting the default CoS value of ethernet port 1/0/1 to 7.

Switch(config)#interface ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)#mls qos cos 7

15.9 mls qos internal-priority

Command:

mls qos internal-priority {}

no mls qos internal-priority

Function:

Configure the default internal priority of the port, the no command restores the default.

Parameters:

the default internal priority of the port, ranging from 0 to 119.

Default:

The default intp value is 0.

Command mode:

Port Mode.

Usage Guide:

Configure the default internal priority of the port. If there is no dscp and cos fields of the trust packets, the ingress packet of the port will obtain a default internal priority. The packet's internal priority may be reset according to the configured QoS policy.

Example:

Configure the default into value as 40 on ethernet 1/0/1.

Switch(config)#interface ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)#mls qos internal-priority 40

15.10 mls qos map

Command:

mls qos map {cos-intp | dscp-intp to | intp-cos to | intp-dp to | intp-dscp to | intp-intp to | intp-queue to }

no mls qos map {cos-intp | dscp-intp | intp-cos | intp-dp | intp-dscp | intp-intp | intp-queue}

Function:

Set the priority mapping of QoS, the no command restores the default mapping.

Parameters:

cos-intp defines the mapping from CoS value to intp (internal priority), each intp value is delimited with space, are 8 intp value corresponding to the 0 to 7 CoS value; dscp-intp defines the mapping from DSCP to intp, stand for incoming DSCP values, up to 8 values are supported, each value is delimited with space, ranging from 0 to 63, is the internal priority value, ranging from 0 to 119;

intp-cos defines the mapping from intp to CoS, stand for incoming int-prio values, up to 8 values are supported, each value is delimited with space, ranging from 0 to 119, is the cos output value, ranging from 0 to 7;

intp-dp defines the mapping from intp to dp, stand for incoming int-prio values, up to 8 values are supported, each value is delimited with space, ranging from 0 to 119, is the dp output value, ranging from 0 to 1;

intp-dscp defines the mapping from intp to DSCP, stand for incoming int-prio values, up to 8 values are supported, each value is delimited with space, ranging from 0 to 119, is the dscp output value, ranging from 0 to 63;

intp-intp defines the mapping from intp of the ingress to intp of the egress, is the color(yellow or red) of the packet; stand for int-prio values, up to 8 values are supported, each value is delimited with space, ranging from 0 to 119, is the intp output value, ranging from 0 to 119;

intp-queue defines the mapping from intp to the egress queue, stand for incoming int-prio values, up to 8 values are supported, each value is delimited with space, ranging from 0 to

119, is the queue ID of the output queue, ranging from 0 to 7.

Default:

Ingress COS-TO-Internal-Priority map:

COS:01234567
INTP:08162432404856

Ingress DSCP-TO-Internal-Priority map:

In-DSCP Value 0-7 8-15 16-23 24-31 32-39 40-47 48-55 56-63

INTP Value 0-7 8-15 16-23 24-31 32-39 40-47 48-55 56-63

Egress Internal-Priority-TO-COS map:

INTP Value 0-7 8-15 16-23 24-31 32-39 40-47 48-55 56-63 64-119

COS Value 0 1 2 3 4 5 6 7 7

Egress Internal-Priority-TO-Drop-Precedence map:

INTP Value 0-119

DP Value 0

Egress Internal-Priority-TO-DSCP map:

INTP Value 0-63 64-119

DSCP Value 0-63 63

Internal-Priority-TO-Internal-Priority-YELLOW map:

In-Intp Value 0-119

INTP Value 0-119

Internal-Priority-TO-Internal-Priority-RED map:

In-Intp Value 0-119

INTP Value 0-119

Egress Internal-Priority-TO-Queue map:

INTP Value 0-7 8-15 16-23 24-31 32-39 40-47 48-55 56-63

QUEUE Value 0 1 2 3 4 5 6 7

INTP Value 64-71 72-79 80-87 88-95 96-103 104-111 112-119

QUEUE Value 0 1 2 3 4 5 6

Command mode:

Global Mode.

Usage Guide:

INTP means the chip internal priority setting. The ingress packets from the port obtain a internal priority through the mapping, reset the internal priority according to intp-intp or set action in after QoS policy, and process the egress packets according to the mapping from intp to cos, dscp, queue, dp.

Example:

Setting the global cos-to-intp mapping.

Switch(config)#mls qos map cos-intp 1 2 3 4 5 6 7 0

15.11 mls qos internal-priority

Command:

mls qos queue algorithm {sp | wdrr}

no mls qos queue algorithm

Function:

After configure this command, the queue management algorithm is set.

Parameters:

sp: The strict priority, the queue number of bigger, then the priority is higher

wdrr: Select wdrr algorithm

Default:

The default queue algorithm is wdrr.

Command mode:

Port Mode.

Usage Guide:

After configure this command, the queue management algorithm is set.

Example:

Setting the queue management algorithm as sp.

Switch(interface-ethernet1/0/1)#mls qos queue algorithm sp

15.12 mls qos queue weight

Command:

mls qos queue weight

no mls qos queue weight

Function:

After configure this command, the queue weight is set.

Parameters:

defines the queue weight, for WDRR algorithm, this configuration is valid, for SP algorithm, this configuration is invalid, weight ranging from 0 to 255. The absolute value of weight is meaningless. WDRR allocates bandwidth by using 8 weight values.

Default:

The queue weight is 1 1 1 1 1 1 1 1.

Command mode:

Global Mode.

Usage Guide:

If the queue weight is configured as 0, join the queue to SP algorithm. If the queue weight is not configured as 0, join the queue to WDRR, and turns into SP+WDRR. When managing the queue, select a queue according to WDRR algorithm in WDRR group, WDRR and SP queues execute the strict priority management mode.

Example:

Configure the queue weight as 1 2 3 4 5 6 7 8.

Switch(interface-ethernet1/0/1)#mls qos queue weight 1 2 3 4 5 6 7 8

15.13 mls qos trust

Command:

mls qos trust {cos | dscp}

no mls qos trust {cos | dscp}

Function:

Configures port trust; the no command disables the current trust status of the port.

Parameters:

cos configures the port to trust CoS value; dscp configures the port to trust DSCP value.

Default:

Do not trust CoS and DSCP values.

Command mode:

Port Configuration Mode.

Usage Guide:

trust cos mode: can set the intp value based cos-to-intp mapping.

trust dscp mode: can set the intp field based dscp-to-intp mapping, it is valid for IPv4, IPv6 packets.

trust cos and trust dscp can be set at the same time, trust dscp priority is higher than trust cos priority.

Example:

Configuring ethernet port 1/0/1 to trust cos value, i.e., classifying the packets according to cos value.

Switch(config)#interface ethernet

Switch(Config-If-Ethernet)#mls qos trust cos

15.14 pass-through-cos

Command:

pass-through-cos

no pass-through-cos

Function:

Forbid the egress packets rewriting L2 cos value.

Default:

The egress packets rewrite L2 CoS value.

Command mode:

Port Mode.

Usage Guide:

The egress packets can not rewrite L2 CoS value when configuring pass-through-cos on the ingress.

This command may associate with other commands of QoS, such as mls qos trust command. After

QoS actions are valid, the egress packets save the original CoS value.

Example:

Configuring ethernet port 1/0/1 to trust dscp value, i.e., classifying the packets according to dscp value.

Switch(config)#interface ethernet 1/0/1

Switch(config-if-ethernet1/0/1)#mls qos trust dscp

Switch(config-if-ethernet1/0/1)#pass-through-cos

15.15 pass-through-dscp

Command:

pass-through-dscp

no pass-through-dscp

Function:

Forbid the egress packets rewriting DSCP value.

Default:

The egress packets rewrite DSCP value.

Command mode:

Port Mode.

Usage Guide:

The egress packets can not rewrite DSCP value when configuring pass-through-dscp on the ingress. This command may associate with other commands of QoS, such as mls qos trust command. After QoS actions are valid, the egress packets save the original DSCP value.

Example:

Configuring ethernet port 1/0/1 to trust CoS value, i.e., classifying the packets according to CoS value.

Switch(config)#interface ethernet 1/0/1

Switch(config-if-ethernet1/0/1)#mls qos trust cos

Switch(config-if-ethernet1/0/1)#pass-through-dscp

15.16 policy

Command:

Single Bucket Mode:

policy ( {exceed-action ACTION} )

Dual Bucket Mode:

policy [pir ]

[{exceed-action ACTION | violate-action ACTION }]

ACTION definition:

drop | transmit / set-internal-priority | policed-intp-transmit

no policy

Function:

The non-aggregation policy command supporting three colors. Determine whether the working mode of token bucket is single rage single bucket, single rate dual bucket or dual rate dual bucket, set the corresponding action to the different color packets. The no command will delete the mode configuration.

Parameters:

bits_per_second: The committed information rate – CIR (Committed Information Rate), in Kbps, ranging from 1 to 10000000;

normal_burst_bytes: The committed burst size – CBS (Committed Burst Size), in byte, ranging from 1 to 1000000. When the configured CBS value exceeds the max limit of the chip, configure the hardware with max number supported by the chip without any CLI prompt;

maximum_burst_bytes: The peak burst size – PBS (Peak Burst Size), in byte, ranging from 1 to 10000000. When the configured PBS value exceeds the max limit of the chip, configure the hardware with max number supported by the chip without any CLI prompt. Notice: this configuration only exists in dual bucket mode;

pir peak_rate_bps: The peak information rate – PIR (Peak Information Rate), in kbps, ranging from 1 to 10000000. Without configuring PIR, the Police works in the single rate dual bucket mode; otherwise in the dual rate dual bucket mode. Notice: this configuration only exists in dual bucket mode;

violate-action: The actions to take when the PIR is exceeded, which means the messages are red, the default as drop;

exceed-action: The actions to take when the CIR is exceeded but PIR isn't, which means the messages are yellow, the default as drop.

ACTION include:

drop/transmit: Drop/transmit the packets

set-internal-priority sets the internal priority of the packets

policied-intp-transmit modifies the internal priority according to intp-to-intp mapping

Default:

No policy action; the default action of exceed-action and violate-action both are drop.

Command mode:

Policy class map configuration Mode

Usage Guide:

Notice: After the global L3 hardware forwarding function is enabled, the command is valid.

The CLI can support both single bucket and dual bucket configuration, and determine which one to select by checking whether PIR or PBS is configured. When configuring with CLI, after configuring CBS, if the action is directly configured, the mode is single bucket dual color; if only PBS is configured, the mode is single rate dual bucket three color; if PIR and PBS are configured, the mode is dual rate dual bucket three color. "set" and "policy" (policy aggregate) are selected and have the same action in Policy Map, then the action selected by "policy" will cover the action of "set".

If the actions of exceed-action and violate-action are set-internal-priority in policy, must be same.

Example:

In the policy class table configuration mode, set the CIR as 1000, CBS as 2000 and the action when CIR is exceeded as transmitting the messages after changing into to 40.

Switch(config)#class-map cm

Switch(config-classmap-cm)#match cos 0

Switch(config-classmap-cm)#exit

Switch(config)#policy-map 1

Switch(config-policymap-1)#class cm

Switch(config-policymap-1-class-cm)#policy 1000 2000 exceed-action set-internal-priority 40

15.17 policy aggregate

Command:

policy aggregate <aggregate-policy-name>
no policy aggregate <aggregate-policy-name>

Function:

Police Map reference aggregate policy, applies an aggregate policy to classified traffic; the no command deletes the specified aggregate policy.

Parameters:

<aggregate-policy-name> is the policy set name.

Default:

No policy is configured by default.

Command mode:

Policy class map configuration Mode

Usage Guide:

The same policy set can be referred to by different policy class maps.

Example:

Create class-map, the match rule is the cos value is 0; policy-map is 1, enter the policy map mode, set the Policy and choose the color policy for the current list.

Switch(config)#class-map cm
Switch(config-classmap-cm)#match cos 0
Switch(config-classmap-cm)#exit
Switch(config)#policy-map 1
Switch(config-policymap-1)#class cm
Switch(config-policymap-1-class-cm)#policy aggregate color

15.18 policy-map

Command:

policy-map <policy-map-name>
no policy-map <policy-map-name>

Function:

Creates a policy map and enters the policy map mode; the "no policy-map " command deletes the specified policy map.

Parameters:

< policy-map-name> is the policy map name.

Default:

No policy map is configured by default.

Command mode:

Global Mode

Usage Guide:

classification matching and remarking can be done in policy map configuration mode.

Example:

Creating and deleting a policy map named "p1".

Switch(config)#policy-map p1
Switch(Config-PolicyMap-p1)#exit
Switch(config)#no policy-map p1

15.19 service-policy input

Command:

service-policy input

no service-policy input

Function:

Applies a policy map to the specified port; the no command deletes the specified policy map applied to the port.

Parameters:

input applies the specified policy map to the ingress direction of switch port.

Default:

No policy map is bound to port and VLAN interface by default.

Command mode:

Port Configuration Mode.

Usage Guide:

Only one policy map can be applied to each direction of each port. Egress policy map is not supported yet.

Example:

Bind policy p1 to ingress Ethernet port1/0/1.

Switch(config)#interface ethernet 1/0/1
Switch(Config-If-Ethernet1/0/1)#service-policy input p1
Bind policy p1 to ingress redirection of v1 interface.
Switch(config)#interface vlan 1
Switch(Config-If-vlan1)#service-policy input p1

15.20 service-policy input vlan

Command:

service-policy input vlan no service-policy input vlan

Function:

Applies a policy map to the specified VLAN interface; the no command deletes the specified policy map applied to the VLAN interface.

Parameters:

input applies the specified policy map to the ingress direction of switch VLAN interface.

Default:

No policy map is bound to port and VLAN interface by default.

Command mode:

Global Configuration Mode.

Usage Guide:

Only one policy map can be applied to each direction of each VLAN interface. Use the policy-map on the port at first when binding policy-map on VLAN and VLAN's port at the same time. Egress policy map is not supported yet.

Example:

Bind policy p1 to ingress of VLAN interface v2, v3, v4, v6.

Switch(config)# service-policy input p1 vlan 2-4;6

15.21 set internal priority

Command:

set internal priority no set internal priority

Function:

Assign a new internal priority for the classified traffic, the no command cancels the new value assigned.

Parameters:

Set a new internal priority for the traffic that accord the matching standard.

Default:

Do not assign the internal priority.

Command mode:

Policy Class-map Mode

Usage Guide:

Assign a new value for the classified traffic that accord the matching standard only.

Example:

Set the internal priority of the packets matching the c1 class rule to 63.

Switch(config)#policy-map p1
Switch(config-policymap-p1)#class c1
Switch(config-policymap-p1-class-c1)#set internal priority 63
Switch(config-policymap-p1-class-c1)#exit
Switch(config-policymap-p1)#exit

15.22 show class-map

Command:

show class-map []

Function:

Displays class map of QoS.

Parameters:

< class-map-name> is the class map name.

Command mode:

Admin Mode.

Usage Guide:

Displays all configured class-map or specified class-map information.

Example:

Switch # show class-map
Class map name:c1, used by 1 times
match acl name:1
Displayed informationExplanation
Class map name:c1Name of the Class map
used by 1 timesUsed times
match acl name:1Classifying rule for the class map.

15.23 show policy-map

Command:

show policy-map []

Function:

Displays policy map of QoS.

Parameters:

is the policy map name.

Command mode:

Admin Mode.

Usage Guide:

Displays all configured policy-map or specified policy-map information.

Example:

Switch#show policy -map
Policy Map p1, used by 0 port
Class Map name: c1
policy CIR: 1000 CBS: 1000PIR: 200 PBS: 3000
conform-action:
transmit
exceed-action:
drop
violate-action:
drop
Displayed informationExplanation
Policy Map p1Name of policy map
Class map name:c1Name of the class map referred to
policy CIR: 1000 CBS: 1000 PIR: 200 PBS: 3000 conform-action: transmit exceed-action: drop violate-action: dropPolicy implemented

15.24 show mls qos interface

Command:

show mls qos interface [] [policy | queuing]

Function:

Displays QoS configuration information on a port.

Parameters:

is the port ID; policy is the policy setting on the port; queuing is the queue setting for the port.

Command mode:

Admin Mode and Common Mode.

Usage Guide:

In single rate single bucket mode, the messages can only red or green when passing police. In dual bucket mode, there are three colors of messages, they are GREEN, YELLOW, RED.

Example:

Switch #show mls qos interface ethernet 1/0/1
Ethernet 1/0/1
Default COS: 0
Default int-Prio: 0
Trust: COS DSCP
Pass-through-cos: NONE
Pass-through-dscp: NONE
Attached Policy Map for Ingress: 1
Classmapclassifiedgreenyellowred (in packets)
14509799676904503030
Display InformationExplanation
Ethernet1/0/1Port name
default cos: 0Default CoS value of the port
Default int-Prio: 0Default internal priority value of the port
Trust: COS DSCPThe trust state of the port
Pass-through-cos: NONEWhether forbid the modification of cos value
Pass-through-dscp: NONEWhether forbid the modification of dscp value
Attached Policy Map for Ingress: p1Policy name bound to port
ClassMapClassMap name
classifiedTotal data packets match this ClassMap. If there is no Accounting for Class Map, show NA
greenTotal green data packets match this ClassMap. If there is no Accounting forClass Map, show NA
yellowTotal yellow data packets match this ClassMap. If there is no Accounting for Class Map, show NA
redTotal red data packets match this ClassMap. If there is no Accounting for Class Map, show NA
Queue Algorithm:WDRR or PQ queue out method

Switch(config)#show mls qos interface ethernet1/0/1 queuing

Ethernet1/0/1:

Queue Algorithm: WDRR

Display InformationExplanation
Queue Algorithm:WDRR or PQ queue out method

Switch# show mls qos interface ethernet 1/0/1 policy

Ethernet1/0/1:

Attached Policy Map for Ingress: p1

Classmapclassifiedgreenyellowred (in packets)
c12010NA10
c230101010
c3NANANANA
Display InformationExplanation
Ethernet1/0/1Port name
Attached Policy Map for Ingress: p1Policy name bound to port
ClassMapClassMap name
classifiedTotal data packets match this ClassMap.
GreenTotal green data packets match this ClassMap.
YellowTotal yellow data packets match this ClassMap.
RedTotal red data packets match this ClassMap.

15.25 show mls qos maps

Command:

show mls qos maps [cos-intp | dscp-intp | intp-intp | intp-cos | intp-dscp | intp-dp | intp-queue]

Function:

Display the configuration of QoS mapping.

Parameters:

cos-intp: The mapping from ingress L2 CoS to internal priority dscp-intp: The mapping from ingress DSCP to internal priority intp-intp: The mapping from internal priority to internal priority intp-cos: The mapping from egress internal priority to L2 CoS intp-dscp: The mapping from egress internal priority to DSCP intp-dp: The mapping from egress internal priority to DP intp-queue: The mapping from internal priority to queue

Command mode:

Admin and Configuration Mode.

Usage Guide:

Display the map configuration information of QoS.

Example:

Display configuration information of the mapping table.

Switch#show mls qos maps
Ingress COS-TO-Internal-Priority map:
COS:01234567
INTP:08162432404856
Ingress DSCP-TO-Internal-Priority map:
d1 : d20123456789
0:0123456789
1:10111213141516171819
2:20212223242526272829
3:30313233343536373839
4:40414243444546474849
5:50515253545556575859

6: 60 61 62 63

Internal-Priority-TO-Internal-Priority-YELLOW map:

d1 : d20123456789
0:0123456789
1:10111213141516171819
2:20212223242526272829
3:30313233343536373839
4:40414243444546474849
5:50515253545556575859
6:60616263646566676869
7:70717273747576777879
8:80818283848586878889
9:90919293949596979899
10:100101102103104105106107108109
11:110111112113114115116117118119

Internal-Priority-TO-Internal-Priority-RED map:

d1 : d20123456789
0:0123456789
1:10111213141516171819
2:20212223242526272829
3:30313233343536373839
4:40414243444546474849
5:50515253545556575859
6:60616263646566676869
7:70717273747576777879
8:80818283848586878889
9:90919293949596979899
10:100101102103104105106107108109
11:110111112113114115116117118119

Egress Internal-Priority-TO-Drop-Precedence map:

d1 : d20123456789
0:0000000000
1:0000000000
2:0000000000
3:0000000000
4:0000000000
5:000000000
6:0000000000
7:0000000000
8:0000000000
9:0000000000
10:000000000
11:000000000

Egress Internal-Priority-TO-COS map:

d1 : d20123456789
0:00000000011
1:11111112222
2:2222333333
3:33444444444
4:55555555566
5:66666667777
6:77777777777
7:77777777777
8:7777777777
9:77777777777
10:7777777777
11:7777777777

Egress Internal-Priority-TO-DSCP map:

d1 : d20123456789
0:0123456789
1:10111213141516171819
2:20212223242526272829
3:30313233343536373839
4:40414243444546474849
5:50515253545556575859
6:60616263636363636363
7:63636363636363636363
8:63636363636363636363
9:63636363636363636363
10:63636363636363636363
11:63636363636363636363

Egress Internal-Priority-TO-Queue map:

d1 : d20123456789
0:0000000011
1:1111112222
2:2222333333
3:3344444444
4:5555555566
5:6666667777
6:7777000000
7:0011111111
8:2222222233
9:3333334444
10:4444555555
11:5566666666

15.26 show mls qos vlan

Command:

show mls qos vlan

Parameters:

v-id: the ranging from 1 to 4094.

Default:

None.

Examples:

Switch#show mls qos vlan 1

Vlan 1:

Attached Policy Map for Ingress: 1

Classmapclassifiedin-profileout-profile (in packets)
1NANANA

Switch(config)#show mls qos vlan 7

Vlan 7:

Attached Policy Map for Ingress: 7

Classmapclassifiedin-profileout-profile (in packets)
7000

15.27 show mls qos aggregate-policy

Command:

show mls qos aggregate-policy []

Function:

Show aggregate-policy information of QoS.

Parameters:

the aggregate-policy name

Command mode:

Admin and Configuration Mode.

Usage Guide:

Show all or the specified aggregate-policy configuration.

Example:

Switch(config)#show mls qos aggregate-policy a2 aggregate policy a2 10 10 10 exceed-action drop Not used by any Policy Map
Display InformationExplanation
aggregate policy a2 10 10 10 exceed-action dropaggregate-policy configuration
Not used by any Policy MapThe time for using aggregate-policy

15.28 transmit

Command:

Transmit

no transmit

Function:

Transmit data package that match the class, the no command cancels the assigned action.

Parameters:

the aggregate-policy name

Command mode:

Policy class map configuration mode.

Usage Guide:

Send the packet directly after configure this command.

Example:

Send the packet which satisfy c1.

Switch(config)#policy-map p1
Switch(Config-PolicyMap-p1)#class c1
Switch(Config-PolicyMap-p1-Class-c1)#transmit
Switch(Config-PolicyMap-p1-Class-c1)#exit
Switch(Config-PolicyMap-p1)#exit

Chapter 16 Commands for for Flow-based Redirection

16.1 access-group redirect to interface ethernet

Command:

access-group redirect to interface [ethernet | ]

no access-group redirect

Function:

Specify flow-based redirection; "no access-group redirect" command is used to delete flow-based redirection.

Parameters:

name of the flow, only supports digital standard IP ACL, digital extensive IP ACL, nomenclatural standard IP ACL, nomenclatural extensive IP ACL, digital standard IPv6 ACL, and nomenclatural standard IPv6 ACL. Parameters of Timerange and Portrange can not be set in ACL; the type of ACL should be Permit. the destination port of redirection.

Command Mode:

Physical Port Configuration Mode.

Usage Guide:

"no access-group redirect" command is used to delete flow-based redirection. Flow-based redirection function enables the switch to transmit the data frames meeting some special condition to another specified port.

Example:

Redirecting the frames whose source IP is 192.168.1.111 received from port 1 to port 6,

Switch(config)#access-list 1 permit host 192.168.1.111

Switch(config)# interface ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)# access-group 1 redirect to interface ethernet 1/0/6

16.2 show flow-based-redirect

Command:

show flow-based-redirect {interface [ethernet | ]}

Function:

Display the information of current flow-based redirection in the system/port.

Parameters:

  1. No specified port, display the information of all the flow-based redirection in the system.
  2. Specify ports in , display the information of the flow-based redirection configured in the ports listed in the interface-list.

Command Mode:

Admin Mode and Configuration Mode.

Usage Guide:

This command is used to display the information of current flow-based redirection in the system/port.

Example:

Switch(config)# show flow-based-redirect Flow-based-redirect config on interface ethernet 1/0/1: RX flow (access-list 1) is redirected to interface Ethernet1/0/6

Chapter 17 Commands for Egress QoS

17.1 mls qos egress green remark

Command:

[no] mls qos egress green remark

Function:

Set Egress QoS remarking to take effect for green packets, no command does not take effect to green packets.

Default:

Do not modify green packets.

Command Mode:

Global Mode

Usage Guide:

QoS attribute of green packets will be modified by remark table after enable the global configuration.

Example:

Egress remarking takes effect for green packets.

Switch(config)#mls qos egress green remark

17.2 mls qos map

Command:

mls qos map cos-cos

mls qos map cos-dscp

mls qos map dscp-cos to

mls qos map dscp-dscp to

no mls qos map (cos-cos | cos-dscp | dscp-cos | dscp-dscp)

Function:

Set mapping between Egress QoS remark tables, no command restores the default configuration.

Parameters:

cos-cos : Set mapping from cos to cos for Egress remark cos table cos-dscp : Set mapping from cos to dscp for Egress remark cos table dscp-cos : Set mapping from dscp to cos for Egress remark dscp table dscp-dscp : Set mapping from dscp to dscp for Egress remark dscp table : Packet's colors, including green、yellow、red : cos value, its range from 0 to 7 : dscp value, its range from 0 to 63 : 1 to 8 dscp values

Default:

default mapping:

COS-TO-COS-GREEN map:

COS:01234567
——
COS:01234567

COS-TO-COS-YELLOW map:

COS:01234567
·s
COS:01234567

COS-TO-COS-RED map:

COS:01234567
COS:01234567

COS-TO-DSCP-GREEN map:

COS:01234567
DSCP:08162432404856

COS-TO-DSCP-YELLOW map:

COS:01234567
DSCP:08162432404856

COS-TO-DSCP-RED map:

COS:01234567
--------

DSCP-TO-COS-GREEN map:

d1 : d20123456789
0:00000000011
1:11111112222
2:2222333333
3:33444444444
4:55555555566
5:66666667777
6:7777

DSCP-TO-COS-YELLOW map:

d1 : d20123456789
0:0000000011
1:1111112222
2:2222333333
3:3344444444
4:5555555566
5:6666667777
6:7777

DSCP-TO-COS-RED map:

d1 : d20123456789
0:00000000011
1:11111112222
2:22223333333
3:33444444444
4:55555555566
5:66666667777
6:7777

DSCP-TO-DSCP-GREEN map:

d1 : d20123456789
0:01023456789
1:10111213141516171819
2:20212223242526272829
3:30313233343536373839
4:40414243444546474849
5:50515253545556575859
6:60616263

DSCP-TO-DSCP-YELLOW map:

d1 : d20123456789
0:0923456789
1:10111213141516171819
2:20212223242526272829
3:30313233343536373839
4:40414243444546474849
5:50515253545556575859
6:60616263

DSCP-TO-DSCP-RED map:

d1 : d20123456789
0:0123456789
1:10111213141516171819
2:20212223242526272829
3:30313233343536373839
4:40414243444546474849
5:50515253545556575859
6:60616263

Command Mode:

Global Mode

Usage Guide:

Egress remark mapping table is a global table, it is used to distinguish QoS attributes for modifying packets with different colors.

Example:

Set yellow packet's dscp of 0 to 3.

Switch(config)#mls qos map dscp-dscp yellow 0 to 3

17.3 service-policy output

Command:

[no] service-policy input

Function:

Applies a policy map to the egress of the port; no command deletes the specified policy map applied to the port.

Parameters:

output applies the specified policy map to the egress of the port.

Default:

No policy map is bound to port.

Command Mode:

Port Mode.

Usage Guide:

Only a policy map can be applied to each direction of each port. Policy may not be bound to the port if it uses the rule or action which is not supported by EFP.

Example:

Bind policy-map p1 to egress Ethernet 1/0/1.

Switch(config)#interface ethernet 1/0/1

Switch(Config-If-Ethernet1/0/1)#service-policy output p1

17.4 service-policy output vlan

Command:

[no] service-policy output vlan

Function:

Applies a policy map to the VLAN interface; no command deletes the specified policy map applied to the VLAN interface.

Parameters:

output applies the specified policy map to the egress of VLAN interface.

Default:

No policy map is bound to VLAN interface.

Command Mode:

Global Mode.

Usage Guide:

Only a policy map can be applied to each direction of each VLAN. Policy may not be bound if it uses the rule or action which is not supported by EFP.

Example:

Bind policy p1 to egress vlan1.

Switch(config)#service-policy output p1 vlan 1

17.5 set

Command:

set {ip dscp <new-dscp> | ip precedence <new-precedence> | cos <new-cos> | c-vid <new-c-vid> | s-vid <new-s-vid> | s-tpid <new-s-tpid>}
no set {ip dscp | ip precedence | cos | c-vid | s-vid | s-tpid}

Function:

Assign a new DSCP, IP Precedence for the classified traffic; no command deletes the new value.

Parameters:

ip dscp <new-dscp> new DSCP value of IPv4 and IPv6 packets.
ip precedence <new-precedence> new IPv4 Precedence, only one can be selected for IPv4
Precedence and IP DSCP.
cos <new cos> new CoS value.
c-vid <new-c-vid> new c-vid value.
s-vid <new-s-vid> new s-vid value.
s-tpid <new-s-tpid> new s-tpid value.

Default:

Do not assign a new value.

Command Mode:

Policy Class-map Mode

Usage Guide:

Only the classified traffic matching the standard will be assigned the new values.

Example:

Set IP Precedence of the packets which satisfy c1 class rule as 3.

Switch(config)#policy-map p1
Switch(Config-PolicyMap-p1)#class c1
Switch(Config-PolicyMap-p1-Class-c1)#set ip precedence 3
Switch(Config-PolicyMap-p1-Class-c1)#exit
Switch(Config-PolicyMap-p1)#exit

17.6 show mls qos egress green remark

Command:

show mls qos egress green remark

Function:

Show whether Egress remarking mapping takes effect for green packets.

Command Mode:

Admin and configuration mode

Usage Guide:

When show mapping relation between Egress remarking table and green packets, it will show whether map green.

Example:

Show whether Egress remarking mapping takes effect for green packets.

Switch(config)#show mls qos egress green remark

Green remarking: Disable.

17.7 show mls qos maps

Command:

show mls qos maps (cos-cos | cos-dscp | dscp-cos | dscp-dscp)

Function:

Show Egress remarking mapping.

Parameters:

cos-cos : Set mapping from cos to cos for Egress remark cos table

cos-dscp : Set mapping from cos to dscp for Egress remark cos table

dscp-cos : Set mapping from dscp to cos for Egress remark dscp table

dscp-dscp : Set mapping from dscp to dscp for Egress remark dscp table

: Packet's colors, including green, yellow, red

Command Mode:

Admin and configuration mode

Usage Guide:

Show mapping of Egress remarking table.

Example:

Show mapping between cos-cos table and green packets.

Switch(config)#show mls qos maps cos-cos green

COS-TO-COS-GREEN map:

COS: 0 1 2 3 4 5 6 7

COS: 0 1 2 3 4 5 6 7

Green remarking: Disable.

Chapter 18 Commands for Flexible QinQ

18.1 add

Command:

add s-vid

no add s-vid

Function:

Add a specified external tag or inner tag for the packet which match the class map, no command cancels the operation.

Parameters:

s-vid specifies VID of an external VLAN Tag.

Default:

Do not add the tag.

Command Mode:

Policy class-map configuration mode

Usage Guide:

Add the external tag for the packet which match the class map after this command is configured.

Example:

Add an external VLAN Tag with VID of 2 for the packet which satisfy c1 class rule.

Switch(config)#policy-map p1

Switch(Config-PolicyMap-p1)#class c1

Switch(Config-PolicyMap-p1-Class-c1)#add s-vid 2

18.2 match

Command:

match {access-group <acl-index-or-name> | ip dscp <dscp-list>| ip precedence
<ip-precedence-list>| ipv6 access-group <acl-index-or-name>| ipv6 dscp <dscp-list> | ipv6
flowlabel <flowlabel-list> | vlan <vlan-list> | cos <cos-list>}
no match {access-group | ip dscp | ip precedence | ipv6 access-group | ipv6 dscp | ipv6
flowlabel | vlan | cos}

Function:

Configure the match standard of the class map; the no command deletes the specified match standard.

Parameters:

access-group <acl-index-or-name> match the specified IP ACL or MAC ACL, the parameters are the number or name of ACL
ip dscp <dscp-list> and ipv6 dscp <dscp-list> match the specified DSCP value, the parameter is a list of DSCP consisting of maximum 8 DSCP values, the ranging is 0 to 63 

ip precedence <ip-precedence-list> match the specified IP Precedence, the parameter is a IP Precedence list consisting of maximum 8 IP Precedence values with a valid range of 0 to 7 

ipv6 access-group <acl-index-or-name> match the specified IPv6 ACL, the parameter is the number or name of IPv6 ACL 

ipv6 flowlabel <flowlabel-list> match the specified IPv6 flow label, the parameter is IPv6 flow label value, the ranging is 0 to 1048575 

vlan <vlan-list> match the specified VLAN ID, the parameter is a VLAN ID list consisting of maximum 8 VLAN IDs, the ranging is 1 to 4094 

<cost-list> match the specified CoS value, the parameter is a CoS list consisting of maximum 8 CoS values, the ranging is 0 to 7

Default:

There is no match standard.

Command Mode:

Class-map Mode

Usage Guide:

Only one match standard can be configured in a class map. When configuring the ACL match, permit rule is the match option, it will apply Policy Map action. Deny rule is the excluding option, it does not apply Policy Map action. If it has been configured other match rule, the operation is failure, but configuring the same match rule will cover the previous.

Example:

reate a class-map named c1, and configure the class rule of the class-map to match packets with IP Precedence of 0.

Switch(config)#class-map c1
Switch(config-classmap-c1)#match ip precedence 0
Switch(config-classmap-c1)#exit

18.3 service-policy

Command:

service-policy in

no service-policy in

Function:

Bind the specified policy of flexible QinQ to the ingress of the port, the no command cancels the binding.

Parameters:

service-policy : The specified policy-map name of flexible QinQ.

Default:

No policy map is bound to port.

Command Mode:

Port Mode.

Usage Guide:

Only one policy map can be bound to each port, the function takes effect after the policy map is bound to a port.

Example:

Apply policy-map p1 to Ethernet port 1/0/1 for flexible QinQ.

Switch(Config-If-Ethernet1/0/1)#service-policy p1 in

18.4 set

Command:

set s-vid

no set s-vid

Function:

Assign the new cos and vid value to the packets which match the class map, no command cancels the operation.

Parameters:

s-vid specifies VID of an external VLAN Tag

Default:

Do not assign the value.

Command Mode:

Policy class-map configuration mode

Usage Guide:

Only assign the new value again for the classified flow that correspond the match standard.

Example:

Set an external VLAN Tag' VID as 3 for the packet which satisfy c2 class rule.

Switch(config)#policy-map p1

Switch(Config-PolicyMap-p1)#class c2

Switch(Config-PolicyMap-p1-Class-c2)#set s-vid 3

Switch(Config-PolicyMap-p1-Class-c2)#exit

Chapter 19 Commands for Layer 3 Forwarding

19.1 Commands for Layer 3 Interface

19.1.1 bandwidth

Command:

bandwidth

no bandwidth

Function:

Configure the bandwidth for Interface vlan. The "no bandwidth" command recovery the default value. The bandwidth of interface vlan is used to protocol account but not control the bandwidth of port. For instance, it is use the interface bandwidth (cost=10^8/bandwidth) when OSPF account the link cost, so change the bandwidth can result in OSPF link cost changed.

Parameters:

is the bandwidth for interface vlan. Range from 1bits to 10000000000 bits. It is can use unit "k, m, g". There are no decimal numbers after conversion.

Command mode:

VLAN Interface Mode

Default:

The default bandwidth for interface VLAN is 100,000,000bit.

Usage Guide:

This command only can be used at interface VLAN mode. The conversion of unit:

1g=1,000m=1,000,000k=1,000,000,000bit.

Example:

Configure the bandwidth for vlan1 is 50,000,000bit.

Switch(Config-if-Vlan1)#bandwidth 50m

19.1.2 description

Command:

description

no description

Function:

Configure the description information of VLAN interface. The no command will cancel the description information of VLAN interface.

Parameters:

is the description information of VLAN interface, the length should not exceed 256 characters.

Command mode:

VLAN Interface Mode

Default:

Do not configure.

Usage Guide:

The description information of VLAN interface behind description and shown under the configured VLAN.

Example:

Configure the description information of VLAN interface as test vlan.

Switch(config)#interface vlan 2

Switch(config-if-vlan2)#description test vlan

Configure the VRF description information to record the relation of VPN instance and any. The no operation of the command will cancel the VPN description information.

Parameters:

: Description text, the ranging from 1 to 256 characters.

Command mode:

VRF mode.

Default:

Not configured.

Usage Guide:

VRF description information behind description and shown under the configured VRF to supply the relative information.

Example:

Configure VRF description information as "associate with VRF-B VRF-C".

Switch(config)#ip vrf VRF-A

Switch(config-vrf)#description associate with VRF-B VRF-C

19.1.4 interface loopback

Command:

interface loopback no interface loopback

Function:

Create a Loopback interface; the no operation of this command will delete the specified Loopback interface.

Parameters:

is the ID of the new created Loopback interface.

Default:

There is no Loopback interface in factory defaults.

Command Mode:

Global Configuration Mode.

Usage Guide:

IDs of the VLANs taken up by a Loopback interfaces start from 1006. If Loopback take up a VLAN whose ID is larger than or equal with 1006, users are forbidden to configure the corresponding VLAN. If a VLAN after VLAN 1006 is already configured, such as VLAN 1006, then the Loopback interface will take up the first available VLAN after that VLAN, such as VLAN 1007.

Examples:

Enter the interface configuration mode of Loopback 1.

Switch(config)#interface loopback 1 Switch(Config-if-Loopback1)#

19.1.5 interface vlan

Command:

interface vlan no interface vlan

Function:

Create a VLAN interface (a Layer 3 interface); the "no interface vlan " command deletes the Layer 3 interface specified.

Parameters:

is the VLAN ID of the established VLAN, ranging from 1 to 4094.

Default:

No Layer 3 interface is configured upon switch shipment.

Command mode:

Global Mode

Usage Guide:

When creating a VLAN interface (Layer 3 interface), VLANs should be configured first, for details, see the VLAN chapters. When VLAN interface (Layer 3 interface) is created with this command, the VLAN interface (Layer 3 interface) configuration mode will be entered. After the creation of the VLAN interface (Layer 3 interface), interface vlan command can still be used to enter Layer 3 Port Mode.

Example:

Creating a VLAN interface (layer 3 interface).

Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#

19.1.6 ip vrf

Command:

ip vrf <vrf-name>
no ip vrf <vrf-name>

Function:

Configure the corresponding VPN instance, the no command cancel this VPN instance.

Parameters:

: Configure the name of VPN instance, the ranging from 1 to 64.

Default:

Not configured.

Command mode:

Global configuration mode.

Usage Guide:

Configure the corresponding VPN instance. There is no default VPN instance on PE, a PE can create multiple VPN instances and the name distinguishes the capital letter and small letter. Please pay attention: VPN instance takes effect after configure RD.

Example:

Switch(config)#ip vrf VRF-A

Switch(config-vrf)#

19.1.7 ip vrf forwarding vrfName

Command:

ip vrf forwarding <vrfName>
no ip vrf forwarding <vrfName>

Function:

Relate the interface to the specific VRF.

Parameters:

: Configure the name of VPN instance, the length is less than 32 characters.

Default:

Bind the interface to the master VRF.

Command mode:

Interface configuration mode.

Usage Guide:

If the interface needs to access internet, this command can be configured and an interface bind a VRF only, but a VRF can bind multiple interfaces.

Example:

Switch(config)#int vlan 9

Switch(Config-if-Vlan9)#ip vrf forwarding vpn1

19.1.8 rd

Command:

rd <ASN:nn_or_IP-address:nn>

Function:

Configure RD(Route Distinguish) of VRF.

Parameters:

ASN:nn_or_IP-address:nn is the IP address format of the route identification label.

Default:

Not configured.

Command mode:

VRF mode

Usage Guide:

The configured RD is for identifying different VPN each of which shall have a unique RD, VPN instance implement the space independence and address repeat through RD. But attention should be paid on that this setting is made up by AS number and a arbitrary number and RD can not be deleted directly.

Example:

Switch (config)#ip vrf VRF-A

Switch (config-vrf)# rd 300:3

Switch (config-vrf)#

19.1.9 route-target

Command:

route-target {import | export | both}

no route-target {import | export | both}

Function:

Configure the Route-Target of the specific VRF, the no command will delete this configuration.

Parameters:

import: Filter the route to judge whether VPN route join in this VRF.

export: The additional Route-Target when this VRF route is sent to the outside as a VPNv4 route, it is used to filterthe port.

both: import and export use the same Route-Target value.

: The Route-Target value.

Default:

Not configured.

Command mode:

VRF mode

Usage Guide:

RT is a BGP extended community, is used to filter the VPN route and implement the control of the VPN member relation of the direct-link site and the route rule. For the configured import rules, after check the route received by all BGP, add the matched route to BGP and send the route update message to BGP private network neighbor. For the configured export rules, after check all BGP route stored by BGP, add a export route-target to these routes and send the route update message to all public network. If import route-target of other VRF matches with this export route-target, copy the route to the matched VRF and send the route update to BGP private network neighbor.

Example:

Switch (config)#ip vrf VRF-A
Switch (config-vrf)# route-target both 100:1
Switch (config-vrf)#

19.1.10 show ip route vrf

Command:

show ip route vrf [bgp | database]

Parameters:

<vrf-name>: VRF name is created by if vrf <vrf-name>.  
bgp: Import the route through BGP.  
database: The database of IP route table.

Command mode:

Any modes.

Usage Guide:

Show the specific route protocol.

Example:

Switch#show ip route vrf vrf-a bgp
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:10 (Default for VRF DC1)
*> 11.1.1.0/24 11.1.1.64 0 0 200 ?
*> 20.1.1.0/24 11.1.1.64 0 0 200 ?

19.1.11 show ip vrf

Command:

show ip vrf []

Function:

Show the related RIP instance information with VPN route/forwarding instance, it can show fallback global option.

Parameters:

: Specify the name of VPN route/forwarding instance.

Default:

Not display.

Command mode:

Any modes.

Usage Guide:

This command exists in other route protocol. When using this command, the information of other related route protocol will be shown.

Example:

Show the related RIP instance information with VRF route/forwarding instance of IPI.

Switch# show ip vrf IPI
VRF IPI, FIB ID 1
Router ID: 11.1.1.1 (automatic)
Interfaces:
Vlan1
!
VRF IPI; (id=1); RIP enabled Interfaces:
Ethernet1/0/8
Name    Interfaces
IPI    Vlan1
Name    Default RD    Interfaces
IPI    Vlan1

19.1.12 shutdown

Command:

shutdown

no shutdown

Function:

Shut down the specified VLAN interface of the switch. The no operation of the command will enable the VLAN interface.

Command Mode:

VLAN Interface Configuration Mode.

Default:

The VLAN interface is enabled by default.

Usage Guide:

While shutting down the VLAN interface of the switch, it will not send data frames. If this interface needs to obtain an IP address via BOOTP/DHCP protocol, it should be enabled.

Example:

Enable the VLAN1 interface of the switch.

Switch(Config-if-Vlan1)#no shutdown

19.2 Commands for IPv4/v6 configuration

19.2.1 clear ip traffic

Command:

clear ip traffic

Function:

Clear the statistic information of IP protocol.

Command Mode:

Admin Mode

Usage Guide:

Clear the statistic information of receiving and sending packets for IP kernel protocol, including the statistic of receiving packets, sending packets and dropping packets and the error information of receiving and sending packets for IP protocol, ICMP protocol, TCP protocol and UDP protocol.

19.2.2 clear ipv6 neighbor

Command:

clear ipv6 neighbors

Function:

Clear the neighbor cache of IPv6.

Command Mode:

Admin Mode

Usage Guide:

This command can not clear static neighbor.

Example:

Clear neighbor list.

Switch#clear ipv6 neighbors

19.2.3 debug ip icmp

Command:

debug ip icmp

no debug ip icmp

Function:

The debugging for receiving and sending ICMP packets.

Command Mode:

Admin Mode

Example:

Switch#debug ip icmp
IP ICMP: sent, type 8, src 0.0.0.0, dst 20.1.1.1
DisplayDescription
IP ICMP: sentSend ICMP packets
type 8Type is 8 (PING request)
src 0.0.0.0Source IPv4 address
dst 20.1.1.1Destination IPv4 address

19.2.4 debug ip packet

Command:

debug ip packet

no debug ip packet

Function:

Enable the IP packet debug function: the "no debug IP packet" command disables this debug function.

Parameter:

None

Default:

IP packet debugging information is disabled by default.

Command mode:

Admin Mode

Usage Guide:

Displays statistics for IP packets received/sent, including source/destination address and bytes, etc.

Example:

Enabling IP packet debug.

Switch #debug ip packet

IP PACKET: sent, src 200.1.1.35, dst 224.0.0.9, size 312, proto 17, vrf 0

IP PACKET: rcvd, src 101.1.1.1, dst 224.0.0.9, size 312, proto 17, from Vlan200, vrf 0

19.2.5 debug ipv6 packet

Command:

debug ipv6 packet

no debug ipv6 packet

Function:

IPv6 data packets receive/send debug message.

Command Mode:

Admin Mode

Example:

Switch#debug ipv6 packet
IPv6 PACKET: rcvd, src <fe80::203:fff:fe01:2786>, dst <fe80::1>, size <64>, proto <58>, from Vlan1
Displayed informationExplanation
IPv6 PACKET: rcvdReceive IPv6 data report
Src <fe80::203:fff:fe01:2786>Source IPv6 address
Dst <fe80::1>Destination IPv6 address
size <64>Size of data report
proto <58>Protocol field in IPv6 header
from Vlan1IPv6 data report is collected from Layer 3 port vlan1

19.2.6 debug ipv6 icmp

Command:

debug ipv6 icmp

no debug ipv6 icmp

Function:

ICMP data packets receive/send debug message.

Command Mode:

Admin Mode

Example:

Switch#debug ipv6 icmp
IPv6 ICMP: sent, type <129>, src <2003::1>, dst <2003::20a:ebff:fe26:8a49> from Vlan1
Displayed informationExplanation
IPv6 ICMP: sentSend IPv6 data report
type <129>Ping protocol No.
Src <2003::1>Source IPv6 address
Dst <2003::20a:ebff:fe26:8a49>Destination IPv6 address
from Vlan1Layer 3 port being sent

19.2.7 debug ipv6 nd

Command:

debug ipv6 nd [ns | na | rs | ra | redirect ]

no debug ipv6 nd [ns | na | rs | ra | redirect]

Function:

Enable the debug of receiving and sending operations for specified types of IPv6 ND messages.

The ns, na, rs, ra and redirect parameters represent neighbor solicitation, neighbor advertisement, route solicitation, route advertisement and route redirect. No specification means to enable the debug for all five types of ND message. The no operation of this command will disable debug of receiving and sending operations for specified types of IPv6 ND messages, while no specification means to disable that for all five types of ND message.

Default:

The debug of receiving and sending operations for all five types of IPv6 ND messages is disabled by default.

Command Mode:

Admin Mode

Usage Guide:

The ND protocol is an essential part of IPv6. This command can display the ND message of a specified type for troubleshooting.

Example:

Switch#debug ipv6 nd

IPv6 ND: rcvd, type <136>, src , dst

Displayed informationExplanation
IPv6 ND: rcvdReceive ND data report
type <136>ND Type
SrcSource IPv6 address
DstDestination IPv6 address

19.2.8 debug ipv6 tunnel packet

Command:

debug ipv6 tunnel packet

no debug ipv6 tunnel packet

Function:

tunnel data packets receive/send debug message.

Parameter:

None

Default:

None

Command Mode:

Admin Mode

Example:

Switch#debug ipv6 tunnel packet
IPv6 tunnel: rcvd, type <136>, src <fe80::203:fff:fe01:2786>, dst <fe80::203:fff:fe01:59ba>
IPv6 tunnel packet : rcvd    src 178.1.1.1 dst 179.2.2.2 size 128 from tunnel1
Displayed informationExplanation
IPv6 tunnel packet : rcvdReceive tunnel data report
type <136>ND type
Src 178.1.1.1 dstTunnel source IPv4 address
Dst 179.2.2.2Tunnel destination IPv4 address

19.2.9 description

Command:

description

no description

Function:

Configure the tunnel description. The no operation of this command will delete the tunnel description.

Parameters:

is the tunnel description, its length can not exceed 256 characters.

Command Mode:

Tunnel Configuration Mode.

Default:

There is no tunnel description by default.

Usage Guide:

When there is more than one tunnel in the system, configuring description will help user with identifying the purposes of different tunnels.

Examples:

Set the tunnel description as toCernet2.

Switch(Config-if-Tunnel1)#description toCernet2

19.2.10 ipv6 proxy enable

Command:

ipv6 proxy enable

no ipv6 proxy enable

Function:

This command enable the IPv6 proxy function of a chassis switch. The no operation of this command will disable IPv6 proxy function.

Command Mode:

Global Configuration Mode.

Default:

The IPv6 proxy function in the system is disabled by default.

Usage Guide:

IPv6 proxy function means that, the board cards supporting IPv4 only will forward the IPv6 packets to the IPv6-supporting board cards in the system, implementing a process of wire-speed forwarding. The proxy provided by IPv6 board cards indirectly realizes the IPv6 hardware routing and forwarding function implemented by earlier board cards which only support IPv4.

Notice:

If the IPv6 proxy function is enabled, at least one board cards supporting IPv6 hardware forwarding should be plugged into the chassis switch. If all board cards in the chassis switch support IPv6 hardware forwarding, there would be no need to use the IPv6 proxy function. At present, the IPv6 proxy function does not support the proxy forwarding of IPv6 tunnel messages and multicast data messages.

Examples:

Enable the IPv6 proxy function.

Switch(config)#ipv6 proxy enable

19.2.11 ip address

Command:

ip address <ip-address> <mask> [secondary]
no ip address [<ip-address> <mask>] [secondary]

Function:

Set IP address and net mask of switch; the "no ip address [<ip-address><mask>] [secondary]" command deletes the IP address configuration.

Parameter:

<ip-address> is IP address, dotted decimal notation;
<mask> is subnet mask, dotted decimal notation;
[secondary] indicates that the IP address is configured as secondary IP address.

Command Mode:

VLAN interface configuration mode

Default:

The system default is no IP address configuration.

Usage Guide:

This command configures IP address on VLAN interface manually. If optional parameter secondary is not configured, then it is configured as the primary IP address of VLAN interface; if optional parameter secondary is configured, then that means the IP address is the secondary IP address of VLAN. One VLAN interface can only have one primary IP address and more than one secondary IP addresses. Primary IP and Secondary IP all can be used on SNMP/Web/Telnet management. Furthermore, the switch also provides BOOTP/DHCP manner to get IP address.

Example:

The IP address of switch VLAN1 interface is set to 192.168.1.10/24. 

Switch(Config-if-Vlan1)#ip address 192.168.1.10 255.255.255.0

19.2.12 ipv6 address

Command:

ipv6 address [eui-64]

no ipv6 address [eui-64]

Function:

Configure aggregately global unicast address, site-local address and link-local address for the interface.

Parameter:

Parameter is the prefix of IPv6 address, parameter is the prefix length of IPv6 address, which is between 3-128, eui-64 means IPv6 address is generated automatically based on eui64 interface identifier of the interface.

Command Mode:

Interface Configuration Mode.

Usage Guide:

IPv6 address prefix can not be multicast address or any other specific IPv6 address, and different layer 3 interfaces can not configure the same address prefix. For global unicast address, the length of the prefix must be greater than or equal to 3. For site-local address and link-local address, the length of the prefix must be greater than or equal to 10. For interface loopback port, the length of the prefix must be equaled to 128.

Example:

Configure an IPv6 address on VLAN1 Layer 3 interface: the prefix is 2001:3f:ed8::99 and the length of the prefix is 64.

Switch(Config-if-Vlan1)#ipv6 address 2001:3f:ed8::99/64

19.2.13 ipv6 route

Command:

ipv6 route <ipv6-prefix / prefix-length> {<ipv6address> | <interface-type interface-number> | {<ipv6address> <interface-type interface-number>} | tunnel <tunnel no>} [<precedence>] no ipv6 route <ipv6-prefix / prefix-length> {<ipv6address> | <interface-type interface-number> | {<ipv6address> <interface-type interface-number>} | tunnel <tunnel no>} [<precedence>]

Function:

Set IPv6 static route.

Parameters:

Parameter <ipv6-prefix> is the destination prefix of IPv6 static route, parameter <prefix-length> is the length of IPv6 prefix, parameter <ipv6-address> is the next hop IPv6 address of the reachable network, parameter <interface-type interface-number> is the name of interface from which to reach the destination, <tunnel no> is the output tunnel number of the tunnel route, parameter <precedence> is the weight of this route, the range is 1-255, the default is 1

Default:

There is not any IPv6 static route which is configured by default.

Command Mode:

Global Mode

Usage Guide:

When the next hop IPv6 address is link-local address, the interface name must be specified. When the next hop IPv6 address is global aggregatable unicast address and site-local address, if no interface name of the exit is specified, it must be assured that the IP address of the next hop and the address of some interface of the switch must be in the same network segment. As for tunnel route, interface name can be directly specified.

Example:

Configure static route 1 with destination address 3ffe:589:dfc::88, prefix length 64 and next hop

2001:8fd:c32::99 (the router has been configured IPv6 address of 2001:8fd:c32::34/64).

Switch(config)#ipv6 route 3ffe:589:dfc::88/64 2001:8fd:c32::99

Configure static route 2 with destination 3ffe:ff7:123::55, prefix length 64, next hop

fe80::203:ff:89fd:46ac and exit interface name Vlan1.

Switch(config)#ipv6 route 3ffe:ff7:123::55/64 fe80::203:ff:89fd:46ac Vlan1

19.2.14 ipv6 redirect

Command:

ipv6 redirect

no ipv6 redirect

Function:

Enable IPv6 router redirect function. The no operation of this command will disable the function.

Command Mode:

Global Configuration Mode.

Default Settings:

IPv6 router redirect function is disabled by default.

Usage Guide:

If router A, router B, and node C are on the same network link, and router A forwards IPv6 packets from node C to router B, expecting router B to continue the forwarding, then router A will send an IPv6 ICMPv6 redirect message to node C-source of the packet, notifying it that the best next hop of this destination address is router B. By doing so, the forwarding overhead of router A will be decreased, so is the network transmission delay of node C.

Examples:

Enable IPv6 router redirect function.

Switch(config)# ipv6 redirect

19.2.15 ipv6 nd dad attempts

Command:

ipv6 nd dad attempts

no ipv6 nd dad attempts

Function:

Set Neighbor Solicitation Message number sent in succession by interface when setting Duplicate Address Detection.

Parameter:

is the Neighbor Solicitation Message number sent in succession by Duplicate Address Detection, and the value of must be in 0-10, NO command restores to default value 1.

Command Mode:

Interface Configuration Mode

Default:

The default request message number is 1.

Usage Guide:

When configuring an IPv6 address, it is required to process IPv6 Duplicate Address Detection, this command is used to configure the ND message number of Duplicate Address Detection to be sent, value being 0 means no Duplicate Address Detection is executed.

Example:

The Neighbor Solicitation Message number sent in succession by interface when setting Duplicate Address Detection is 3.

Switch(Config-if-Vlan1)# ipv6 nd dad attempts 3

19.2.16 ipv6 nd ns-interval

Command:

ipv6 nd ns-interval

no ipv6 nd ns-interval

Function:

Set the time interval of Neighbor Solicitation Message sent by the interface.

Parameter:

parameter is the time interval of sending Neighbor Solicitation Message,

value must be between 1-3600 seconds, no command restores the default value 1 second.

Command Mode:

Interface Configuration Mode

Default:

The default Request Message time interval is 1 second.

Default:

The value to be set will include the situation in all routing announcement on the interface. Generally,

very short time interval is not recommended.

Example:

Set Vlan1 interface to send out Neighbor Solicitation Message time interval to be 8 seconds.

Switch(Config-if-Vlan1)#ipv6 nd ns-interval 8

19.2.17 ipv6 nd suppress-ra

Command:

ipv6 nd suppress-ra

no ipv6 nd suppress-ra

Function:

Prohibit router announcement.

Command Mode:

Interface Configuration Mode

Default:

Router Announcement function is disabled.

Usage Guide:

no ipv6 nd suppress-ra command enable router announcement function.

Example:

Enable router announcement function.

Switch(Config-if-Vlan1)#no ipv6 nd suppress-ra

19.2.18 ipv6 nd ra-lifetime

Command:

ipv6 nd ra-lifetime

no ipv6 nd ra-lifetime

Function:

Configure the lifetime of router announcement.

Parameter:

parameter stands for the number of seconds of router announcement lifetime, value must be between 0-9000.

Command Mode:

Interface Configuration Mode

Default:

The number of seconds of router default announcement lifetime is 1800.

Usage Guide:

This command is used to configure the lifetime of the router on Layer 3 interface, seconds being 0 means this interface can not be used for default router, otherwise the value should not be smaller than the maximum time interval of sending router announcement. If no configuration is made, this value is equal to 3 times of the maximum time interval of sending routing announcement.

Example:

Set the lifetime of routing announcement is 100 seconds.

Switch(Config-if-Vlan1)#ipv6 nd ra-lifetime 100

19.2.19 ipv6 nd min-ra-interval

Command:

ipv6 nd min-ra-interval

no ipv6 nd min-ra-interval

Function:

Set the minimum time interval of sending routing message.

Parameter:

Parameter is number of seconds of the minimum time interval of sending routing announcement, must be between 3-1350 seconds.

Command Mode:

Interface Configuration Mode

Default:

The default minimum time interval of sending routing announcement is 200 seconds.

Usage Guide:

The minimum time interval of routing announcement should not exceed 3/4 of the maximum time interval.

Example:

Set the minimum time interval of sending routing announcement is 10 seconds.

Switch(Config-if-Vlan1)#ipv6 nd min-ra-interval 10

19.2.20 ipv6 nd max-ra-interval

Command:

ipv6 nd max-ra-interval

no ipv6 nd max-ra-interval

Function:

Set the maximum time interval of sending routing message.

Parameter:

Parameter is number of seconds of the time interval of sending routing announcement,

must be between 4-1800 seconds.

Command Mode:

Interface Configuration Mode

Default:

The default maximum time interval of sending routing announcement is 600 seconds.

Usage Guide:

The maximum time interval of routing announcement should be smaller than the lifetime value routing announcement.

Example:

Set the maximum time interval of sending routing announcement is 20 seconds.

Switch(Config-if-Vlan1)#ipv6 nd max-ra-interval 20

19.2.21 ipv6 nd prefix

Command:

ipv6 nd prefix { [ ]

[ no-autoconfig / off-link[no-autoconfig]]

no ipv6 nd prefix

Function:

Configure the address prefix and relative parameters for router announcement.

Parameter:

Parameter is the address prefix of the specified announcement, parameter is the length of the address prefix of the specified announcement, parameter is the valid lifetime of the prefix, parameter is the preferred lifetime of the prefix, and the valid lifetime must be no smaller than preferred lifetime. Parameter no-autoconfig says this prefix can not be used to automatically configure IPv6 address on the host in link-local. Parameter off-link says the prefix specified by router announcement message is not assigned to link-local, the node which sends data to the address including this prefix consider link-local as unreachable.

Command Mode:

Interface Configuration Mode

Default:

The default value of valid-lifetime is 2592000 seconds (30 days), the default value of preferred-lifetime is 604800 seconds (7 days). off-link is off by default, no-autoconfig is off by default.

Usage Guide:

This command allows controlling the router announcement parameters of every IPv6 prefix. Note that valid lifetime and preferred lifetime must be configured simultaneously.

Example:

Configure IPv6 announcement prefix as 2001:410:0:1::/64 on Vlan1, the valid lifetime of this prefix is 8640 seconds, and its preferred lifetime is 4320 seconds.

Switch(Config-if-Vlan1)#ipv6 nd prefix 2001:410:0:1::/64 8640 4320

19.2.22 ipv6 nd ra-hoplimit

Command:

ipv6 nd ra-hoplimit

Function:

Set the hoplimit of sending router advertisement.

Parameters:

is the hoplimit of sending router advertisement, ranging from 0 to 255.

Command Mode :

Interface Configuration Mode.

Default:

The default hoplimit of sending router advertisement is 64.

Example:

Set the hoplimit of sending router advertisement in interface vlan 1 as 128.

Switch#(Config-if-Vlan1)#ipv6 nd ra-hoplimit 128

19.2.23 ipv6 nd ra-mtu

Command:

ipv6 nd ra-mtu

Function:

Set the mtu of sending router advertisement.

Parameters:

is the mtu of sending router advertisement, ranging from 0 to 1500.

Command Mode :

Interface Configuration Mode.

Default:

The default mtu of sending router advertisement is 1500.

Example:

Set the mtu of sending router advertisement in interface vlan 1 as 500.

Switch#(Config-if-Vlan1)#ipv6 nd ra-mtu 500

19.2.24 ipv6 nd reachable-time

Command:

ipv6 nd reachable-time

Function:

Set the reachable-time of sending router advertisement.

Parameters:

is the reachable-time of sending router advertisement, ranging from 0 to 3600000 milliseconds.

Command Mode :

Interface Configuration Mode.

Default Settings:

The default reachable-time of sending router advertisement is 30000 milliseconds.

Example:

Set the reachable-time of sending router advertisement in interface vlan 1 as 100000 milliseconds.

Switch#(Config-if-Vlan1)#ipv6 nd reachable-time 100000

19.2.25 ipv6 nd retrans-timer

Command:

ipv6 nd retrans-timer

Function:

Set the retrans-timer of sending router advertisement.

Parameters:

is the retrans-timer of sending router advertisement, ranging from 0 to 4294967295 milliseconds.

Command Mode:

Interface Configuration Mode.

Default:

The default retrans-timer of sending router advertisement is 1000 milliseconds.

Example:

Set the reachable-time of sending router advertisement in interface vlan 1 as 10000 milliseconds.

Switch#(Config-if-Vlan1)#ipv6 nd retrans-timer 10000

19.2.26 ipv6 nd other-config-flag

Command:

ipv6 nd other-config-flag

Function:

Set the flag representing whether information other than the address information will be obtained via DHCPv6.

Command Mode :

Interface Configuration Mode.

Default:

Information other than the address information won't be obtained via DHCPv6.

Examples:

Set IPv6 information other than the address information in interface vlan 1 will be obtained via DHCPv6.

Switch#(Config-if-Vlan1)#ipv6 nd other-config-flag

19.2.27 ipv6 nd managed-config-flag

Command:

ipv6 nd managed-config-flag

Function:

Set the flag representing whether the address information will be obtained via DHCPv6.

Command Mode :

Interface Configuration Mode.

Default:

The address information won't be obtained via DHCPv6.

Examples:

Set IPv6 address information in interface vlan 1 will be obtained via DHCPv6.

Switch#(Config-if-Vlan1)#ipv6 nd managed-config-flag

19.2.28 ipv6 neighbor

Command:

ipv6 neighbor interface <interface-type

interface-number>

no ipv6 neighbor

Function:

Set static neighbor table entry.

Parameters:

Parameter ipv6-address is static neighbor IPv6 address, same to interface prefix parameter, parameter hardware-address is static neighbor hardware address, interface-type is Ethernet type, interface-name is Layer 2 interface name.

Command Mode:

Interface Configuration Mode

Default Situation:

There is not static neighbor table entry.

Usage Guide:

IPv6 address and multicast address for specific purpose and local address can not be set as neighbor.

Example:

Set static neighbor 2001:1:2::4 on port E1/0/1, and the hardware MAC address is 00-30-4f-89-44-bc.

Switch (Config-if-Vlan1)#ipv6 neighbor 2001:1:2::4 00-30-4f-89-44-bc interface Ethernet 1/0/1

19.2.29 interface tunnel

Command:

interface tunnel

no interface tunnel

Function:

Create/Delete tunnel.

Parameter:

Parameter is tunnel No.

Command Mode:

Interface Configuration Mode.

Usage Guide:

This command creates a virtual tunnel interface. Since there is not information such as specific tunnel mode and tunnel source, show ipv6 tunnel does not show the tunnel, enter tunnel mode after creating, under that model information such as tunnel source and destination can be specified. No command is to delete a tunnel.

Example:

Create tunnel 1.

Switch(Config)#interface tunnel 1

19.2.30 show ip interface

Command:

show ip interface [ | vlan ] brief

Function:

Show the brief information of the configured layer 3 interface.

Parameter:

Interface name; VLAN ID.

Parameter:

Interface name; VLAN ID.

Default:

Show all brief information of the configured layer 3 interface when no parameter is specified.

Example:

Restarter#show ip interface vlan1 brief

Index

Interface

IP-Address

Protocol

3001

Vlan1

192.168.2.11

up

19.2.31 show ip traffic

Command:

show ip traffic

Function:

Display statistics for IP packets.

Command mode:

Admin Mode

Usage Guide:

Display statistics for IP, ICMP, TCP, UDP packets received/sent.

Example:

Switch#show ip traffic
IP statistics:
Rcvd:3249810 total, 3180 local destination
0 header errors, 0 address errors
0 unknown protocol, 0 discards
Frags:0 reassembled, 0 timeouts
0 fragment rcvd, 0 fragment dropped
0 fragmented, 0 couldn't fragment, 0 fragment sent
Sent:0 generated, 3230439 forwarded
0 dropped, 0 no route
ICMP statistics:
Rcvd:0 total 0 errors 0 time exceeded
0 redirects, 0 unreachable, 0 echo, 0 echo replies
0 mask requests, 0 mask replies, 0 quench
0 parameter, 0 timestamp, 0 timestamp replies
Sent:0 total 0 errors 0 time exceeded
0 redirects, 0 unreachable, 0 echo, 0 echo replies
0 mask requests, 0 mask replies, 0 quench
0 parameter, 0 timestamp, 0 timestamp replies
TCP statistics:
TcpActiveOpens0, TcpAttemptFails0
TcpCurrEstab0, TcpEstabResets0
TcpInErrs0, TcpInSegs3180
TcpMaxConn0, TcpOutRsts3
TcpOutSegs0, TcpPassiveOpens8
TcpRetransSegs0, TcpRtoAlgorithm0
TcpRtoMax0, TcpRtoMin0
UDP statics:
UdpInDatagrams0, UdpInErrors0
UdpNoPorts0, UdpOutDatagrams0
Displayed informationExplanation
IP statistics :IP packet statistics.
Rcvd: 3249810 total, 3180 local destination0 header errors, 0 address errors0 unknown protocol, 0 discardsStatistics of total packets received,number of packets reached localdestination, number of packets haveheader errors, number of erroneousaddresses, number of packets ofunknown protocols; number of packetsdropped.
Frags : 0 reassembled, 0 timeouts0 fragment rcvd, 0 fragment dropped0 fragmented, 0 couldn't fragment, 0 fragmentsentFragmentation statistics: number ofpackets reassembled, timeouts,fragments received, fragments discarded,packets that cannot be fragmented,number of fragments sent, etc.
Sent : 0 generated, 0 forwarded0 dropped, 0 no routeStatistics for total packets sent, includingnumber of local packets, forwardedpackets, dropped packets and packetswithout route.
ICMP statistics :ICMP packet statistics.
Rcvd : 0 total 0 errors 0 time exceeded0 redirects, 0 unreachable, 0 echo, 0 echo replies0 mask requests, 0 mask replies, 0 quench0 parameter, 0 timestamp, 0 timestamp repliesStatistics of total ICMP packets receivedand classified information
Sent : 0 total 0 errors 0 time exceeded0 redirects, 0 unreachable, 0 echo, 0 echo replies0 mask requests, 0 mask replies, 0 quench0 parameter, 0 timestamp, 0 timestamp repliesStatistics of total ICMP packets sent andclassified information
TCP statistics:TCP packet statistics.
UDP statistics:UDP packet statistics.

19.2.32 show ipv6 interface

Command:

show ipv6 interface {brief|}

Function:

Show interface IPv6 parameters.

Parameter:

Parameter brief is the brief summarization of IPv6 status and configuration, and parameter interface-name is Layer 3 interface name.

Command Mode:

Admin and Configuration Mode

Usage Guide:

If only brief is specified, then information of all L3 is displayed, and you can also specify a specific Layer 3 interface.

Example:

Switch#show ipv6 interface Vlan1
Vlan1 is up, line protocol is up, dev index is 2004
Device flag 0x1203(UP BROADCAST ALLMULTI MULTICAST)
IPv6 is enabled
Link-local address(es):
fe80::203:fff:fe00:10 PERMANENT
Global unicast address(es):
3001::1 subnet is 3001::1/64 PERMANENT
Joined group address(es):
ff02::1
ff02::16
ff02::2
ff02::5
ff02::6
ff02::9
ff02::d
ff02::1:ff00:10
ff02::1:ff00:1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts is 1
ND managed_config_flag is unset 

ND other_config_flag is unset
ND NS interval is 1 second(s)
ND router advertisements is disabled
ND RA min-interval is 200 second(s)
ND RA max-interval is 600 second(s)
ND RA hoplimit is 64
ND RA lifetime is 1800 second(s)
ND RA MTU is 0
ND advertised reachable time is 0 millisecond(s)
ND advertised retransmit time is 0 millisecond(s)
Displayed informationExplanation
Vlan1Layer 3 interface name
[up/up]Layer 3 interface status
dev indexInternal index No.
fe80::203:fff:fe00:10Automatically configured IPv6 address of Layer 3 interface
3001::1Configured IPv6 address of Layer 3 interface

19.2.33 show ipv6 route

Command:

show ipv6 route [ | | / database | fib [local] | nsm

[connected | static | rip| ospf | bgp | isis| kernel| database]|statistics]

Function:

Display IPv6 routing table.

Parameter:

is destination network address; | is destination network address plus prefix length; connected is directly connected router; static is static router; rip is RIP router; ospf is OSPF router; bgp is BGP router; isis is ISIS router; kernel is kernel router; statistics shows router number; database is router database.

Command Mode:

Admin and Configuration Mode.

Usage Guide:

show ipv6 route only shows IPv6 kernal routing table (routing table in tcpip), database shows all routers except the local router, fib local shows the local router, statistics shows router statistics information.

Example:

Switch#show ipv6 route
Codes: C - connected, L - Local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP
C ::/0 via ::, tunnel3 256
S 2001:2::/32 via fe80::789, Vlan2 1024
S 2001:2:3:4::/64 via fe80::123, Vlan2 1024
O 2002:ca60:c801:1::/64 via ::, Vlan1 1024
C 2002:ca60:c802:1::/64 via ::, tunnel49 256
C 2003:1::/64 via ::, Vlan4 256
C 2003:1::5efe:0:0/96 via ::, tunnel26 256
S 2004:1:2:3::/64 via fe80:1::88, Vlan2 1024
O 2006:1::/64 via ::, Vlan1 1024
S 2008:1:2:3::/64 via fe80::250:baff:fef2:a4f4, Vlan1 1024
C 2008:2005:5:8::/64 via ::, Ethernet0 256
S 2009:1::/64 via fe80::250:baff:fef2:a4f4, Vlan1 1024
C 2022:1::/64 via ::, Ethernet0 256
O 3333:1:2:3::/64 via fe80::20c:ceff:fe13:eac1, Vlan12 1024
C 3ffe:501:ffff:1::/64 via ::, Vlan4 256
O 3ffe:501:ffff:100::/64 via ::, Vlan5 1024
O 3ffe:3240:800d:1::/64 via ::, Vlan1 1024
O 3ffe:3240:800d:2::/64 via ::, Vlan2 1024
O 3ffe:3240:800d:10::/64 via ::, Vlan12 1024
O 3ffe:3240:800d:20::/64 via fe80::20c:ceff:fe13:eac1, Vlan12 1024
C fe80::/64 via ::, Vlan1 256
C fe80::5efe:0:0/96 via ::, tunnel26 256
C ff00::/8 via ::, Vlan1 256
Displayed informationExplanation
IPv6 Routing TableIPv6 routing table status
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,I - IS-IS, B - BGP > - selected route, * - FIB route, p - stale infoAbbreviation display sign of every entry
S 2009:1::/64 via fe80::250:baff:fef2:a4f4, Vlan1 1024The static router in FIB table, of which the destination network segment is 2002::/64, via means passing fe80::250:baff:fef2:a4f4 is the next hop, VLAN1 is the exit interface name, 1024 is router weight.

19.2.34 show ipv6 neighbors

Command:

show ipv6 neighbors [{vlan|ethernet|tunnel} interface-number | interface-name | address ]

Function:

Display neighbor table entry information.

Parameter:

Parameter {vlan|ethernet|tunnel} interface-number|interface-name specify the lookup based on interface. Parameter ipv6-address specifies the lookup based on IPv6 address. It displays the whole neighbor table entry if without parameter.

Command Mode:

Admin and Configuration Mode

Example:

Switch#show ipv6 neighbors
IPv6 neighbour unicast items: 14, valid: 11, matched: 11, incomplete: 0, delayed: 0, manage items 5
IPv6 AddressHardware AddrInterfacePort
State
2002:ca60:c801:1:250:baff:fef2:a4f4 reachable00-50-ba-f2-a4-f4Vlan1Ethernet1/0/2
3ffe:3240:800d:1::100 reachable00-30-4f-01-27-86Vlan1Ethernet1/0/3
3ffe:3240:800d:1::8888 permanent00-02-01-00-00-00Vlan1Ethernet1/0/1
3ffe:3240:800d:1:250:baff:fef2:a4f4 reachable00-50-ba-f2-a4-f4Vlan1Ethernet1/0/4
3ffe:3240:800d:2::8888 permanent00-02-01-00-01-01Vlan2Ethernet1/0/16
3ffe:3240:800d:2:203:fff:fefe:3045 reachable00-30-4f-fe-30-45Vlan2Ethernet1/0/15
fe80::203:fff:fe01:2786 reachable00-30-4f-01-27-86Vlan1Ethernet1/0/5
fe80::203:fff:fefe:3045 reachable00-30-4f-fe-30-45Vlan2Ethernet1/0/17
fe80::20c:ceff:fe13:eac100-0c-ce-13-ea-c1Vlan12Ethernet1/0/20
reachable
fe80::250:baff:fef2:a4f400-50-ba-f2-a4-f4Vlan1Ethernet1/0/6
reachable
IPv6 neighbour table: 11 entries
Displayed informationExplanation
IPv6 AddresNeighbor IPv6 address
Hardware AddrNeighbor MAC address
InterfaceExit interface name
PortExit interface name
StateNeighbor status (reachable 、statle 、delay 、probe 、permanent 、incomplete 、unknow)

19.2.35 show ipv6 traffic

Command:

show ipv6 traffic

Function:

Display IPv6 transmission data packets statistics information.

Command Mode:

Admin and Configuration Mode

Example:

Switch#show ipv6 traffic
IP statistics:
Rcvd: 90 total, 17 local destination
0 header errors, 0 address errors
0 unknown protocol, 13 discards
Frags: 0 reassembled, 0 timeouts
0 fragment rcvd, 0 fragment dropped
0 fragmented, 0 couldn't fragment, 0 fragment sent
Sent: 110 generated, 0 forwarded
0 dropped, 0 no route
ICMP statistics:
Rcvd: 0 total 0 errors 0 time exceeded
0 redirects, 0 unreachable, 0 echo, 0 echo replies
Displayed informationExplanation
IP statisticsIPv6 data report statistics
Rcvd: 90 total, 17 local destination0header errors, 0 address errors0 unknown protocol, 13 discardsIPv6 received packets statistics
Frags: 0 reassembled, 0 timeouts0 fragment rcvd, 0 fragment dropped0fragmented, 0 couldn't fragment, 0 fragment sentIPv6 fragmenting statistics
Sent: 110 generated, 0 forwarded0 dropped, 0 no routeIPv6 sent packets statistics

19.2.36 show ipv6 redirect

Command:

show ipv6 redirect

Function:

Display the state IPv6 redirect switch.

Command Mode:

Admin Mode.

Usage Guide:

This command can be used to check whether the IPv6 redirect function in the system is enabled.

Examples:

Switch# show ipv6 redirect

ipv6 redirect is disabled

19.2.37 show ipv6 tunnel

Command:

show ipv6 tunnel []

Function:

Display tunnel information.

Parameter:

Parameter is tunnel No.

Command Mode:

Admin Mode.

Usage Guide:

If there is not tunnel number, then information of all tunnels are shown. If there is tunnel number, then the detailed information of specified tunnel is shown.

Example:

Switch#show ipv6 tunnel
namemodesourcedestinationnexthop
tunnel36to4178.1.1.1
Displayed informationExplanation
NameTunnel name
ModeTunnel type
SourceTunnel source ipv4 address
DestinationTunnel destination ipv4 address
NexthopTunnel next hop (only applies to ISATAP tunnel)

19.2.38 tunnel source

Command:

tunnel source { | | } no tunnel source

Function:

Configure tunnel source.

Parameter:

is the IPv4 address of tunnel source, must be the unicast address; is the IPv6 address of tunnel source; means the tunnel source address is the IPv4 address of the interface .

Command Mode:

Tunnel Configuration Mode.

Default Situation:

There is no IPv4/IPv6 address and interface name of tunnel source.

Usage Guide:

Set the source IPv4/IPv6 address or specify an interface name of the tunnel source address to configure the tunnel.

Example:

Configure tunnel source IPv4 address 202.89.176.6.

Switch(Config-if-Tunnel1)#tunnel source 202.89.176.6

19.2.39 tunnel destination

Command: .

tunnel destination no tunnel destination

Function:

Configure the IPv4/IPv6 address of the tunnel destination.

Parameter:

is the IPv4 address of tunnel destination, is the IPv6 address of tunnel destination.

Command Mode:

Tunnel Configuration Mode.

Default Situation:

There is no IPv4/IPv6 address of tunnel destination.

Usage Guide:

This command is used to configure the IPv4/IPv6 address of tunnel destination.

Example:

Configure tunnel destination 203.78.120.5.

Switch(Config-if-Tunnel1)#tunnel destination 203.78.120.5

19.2.40 tunnel nexthop

Command:

tunnel nexthop no tunnel nexthop

Function:

Configure tunnel next hop.

Parameter:

is the ipv4 address of tunnel next hop.

Command Mode:

Tunnel Configuration Mode.

Default Situation:

There is no IPv4 address of tunnel nexthop.

Usage Guide:

This command is for ISATAP tunnel, other tunnels won't check the configuration of nexthop. Notice: IPv4 address of ISATAP tunnel nexthop and IPv4 address of tunnel source should be in same segment.

Example:

Configure tunnel next hop 178.99.156.8.

Switch(Config-if-Tunnel1)#tunnel source 178.99.156.7

Switch(Config-if-Tunnel1)#tunnel nexthop 178.99.156.8

Switch(Config-if-Tunnel1)#tunnel mode ipv6ip isatap

19.2.41 tunnel mode

Command:

tunnel mode [[gre] | ipv6ip [6to4 | isatap]]

no tunnel mode

Function:

Configure Tunnel Mode.

Parameter:

gre is GRE tunnel.

Command Mode:

Tunnel Configuration Mode.

Usage Guide:

In configuring tunnel mode, only specifying ipv6ip indicates configuring tunnel. lpv6ip 6to4 indicates it is 6to4 tunnel, ipv6ip isatap indicates it is ISATAP tunnel.

Example:

Configure tunnel mode.

1、Switch(Config-if-Tunnel1)#tunnel mode ipv6ip

2、Switch(Config-if-Tunnel1)#tunnel mode ipv6ip 6to4

3、Switch(Config-if-Tunnel1)#tunnel mode ipv6ip isatap

19.3 Commands for IP Route Aggregation

19.3.1 ip fib optimize

Command:

ip fib optimize

no ip fib optimize

Function:

Enables the switch to use optimized IP route aggregation algorithm; the "no ip fib optimize" disables the optimized IP route aggregation algorithm.

Default:

Optimized IP route aggregation algorithm is disabled by default.

Command mode:

Global Mode.

Usage Guide:

This command is used to optimize the aggregation algorithm: if the route table contains no default route, the next hop most frequently referred to will be used to construct a virtual default route to simplify the aggregation result. This method has the benefit of more effectively simplifying the aggregation result. However, while adding a virtual default route to the chip segment route table reduces CPU load, it may introduce unnecessary data stream to switches of the next hop. In fact, part of local switch CPU load is transferred to switches of the next hop.

Example:

Disabling optimized IP route aggregation algorithm.

Switch(config)# no ip fib optimize

19.4 Commands for URPF

19.4.1 show urpf

Command:

show urpf

Function:

Display which interfaces have been enabled with URPF function.

Command Mode:

Admin and Configuration Mode

Example:

Switch#show urpf

19.4.2 urpf enable

Command:

urpf enable

no urpf enable

Function:

Enable the global URPF function.

Command mode:

Global Mode

Default:

The URPF protocol module is disabled by default.

Example:

Switch(config)#urpf enable

19.5 Commands for ARP Configuration

19.5.1 arp

Command:

arp {interface [ethernet] }

no arp

Function:

Configures a static ARP entry; the "no arp " command deletes a ARP entry of the specified IP address.

Parameters:

is the IP address, at the same field with interface address; is the MAC address; ethernet stands for Ethernet port; for the name of layer2 port.

Default:

No static ARP entry is set by default.

Command mode:

VLAN Interface Mode

Usage Guide:

Static ARP entries can be configured in the switch.

Example:

Configuring static ARP for interface VLAN1.

Switch(Config-if-Vlan1)#arp 1.1.1.1 ,A8-F7-E0-f0-12-34 interface eth 1/0/2

19.5.2 clear arp-cache

Command:

clear arp-cache

Function:

Clears ARP table.

Command mode:

Admin Mode

Example:

Switch#clear arp-cache

19.5.3 clear arp traffic

Command:

clear arp traffic

Function:

Clear the statistic information of ARP messages of the switch. For box switches, this command will only clear statistics of APP messages received and sent from the current boardcard.

Command mode:

Admin Mode

Example:

Switch#clear arp traffic

19.5.4 debug arp

Command:

debug arp {receive|send|state}

no debug arp {receive|send|state}

Function:

Enables the ARP debugging function; the "no debug arp {receive|send|state}" command disables this debugging function.

Parameter:

receive the debugging-switch of receiving ARP packets of the switch; send the debugging-switch of sending ARP packets of the switch; state the debugging-switch of APR state changing of the switch.

Default:

ARP debug is disabled by default.

Command mode:

Admin Mode.

Usage Guide:

Display contents for ARP packets received/sent, including type, source and destination address, etc.

Example:

Enabling ARP debugging.

Switch#debug arp receive

%Jan 01 01:05:53 2006 IP ARP: rcvd, type REQUEST, src 172.16.1.251, 00-e0-4c-88-ad-bc, dst 172.16.1.110, 00-00-00-00-00-flag 0x0, pkt type 1, intf Vlan100.

%Jan 01 01:05:53 2006 IP ARP: rcvd, type REQUEST, src 172.16.1.251, 00-e0-4c-88-ad-bc, dst 172.16.1.110, 00-00-00-00-00-flag 0x0, pkt type 1, intf Vlan100.

e%Jan 01 01:05:53 2006 IP ARP: rcvd, type REQUEST, src 172.16.1.251, 00-e0-4c-88-ad-bc, dst 172.16.1.110, 00-00-00-00-00-00 flag 0x0, pkt type 1, intf Vlan100.

%Jan 01 01:05:53 2006 IP ARP: rcvd, type REQUEST, src 172.16.1.251, 00-e0-4c-88-ad-bc, dst172.16.1.110, 00-00-00-00-00-flag 0x0, pkt type 1, intf Vlan100.

19.5.5 ip proxy-arp

Command:

ip proxy-arp

no ip proxy-arp

Function:

Enables proxy ARP for VLAN interface; the "no ip proxy-arp" command disables proxy ARP.

Default:

Proxy ARP is disabled by default.

Command mode:

VLAN Interface Mode

Usage Guide:

When an ARP request is received on the layer 3 interface, requesting an IP address in the same IP segment of the interface but not the same physical network, and the proxy ARP interface has been enabled, the interface will reply to the ARP with its own MAC address and forward the actual packets received. Enabling this function allows machines to physically be separated but in the same IP segment and communicate via the proxy ARP interface as if in the same physical network. Proxy ARP will check the route table to determine whether the destination network is reachable before responding to the ARP request; ARP request will only be responded if the destination is reachable.

Note: the ARP request matching default route will not use proxy.

Example:

Enabling proxy ARP for VLAN 1.

Switch(Config-if-Vlan1)#ip proxy-arp

19.5.6 show arp

Command:

show arp [] [] [] [type {static | dynamic}] [count] [vrf word]

Function:

Displays the ARP table.

Parameters:

is a specified IP address; stands for the entry for the identifier of specified VLAN; for entry of specified MAC address; static for static ARP entry; dynamic for dynamic ARP entry; count displays number of ARP entries; word is the specified vrf name.

Command mode:

Admin Mode

Usage Guide:

Displays the content of current ARP table such as IP address, MAC address, hardware type, interface name, etc.

Example:

Switch#show arp
ARP Unicast Items: 7, Valid: 7, Matched: 7, Verifying: 0, Incomplete: 0, Failed: 0, None: 0
AddressHardware AddrInterfacePortFlag
50.1.1.600-0a-eb-51-51-38Vlan50Ethernet1/0/11Dynamic
50.1.1.900-00-00-00-00-09Vlan50Ethernet1/0/1Static
150.1.1.200-00-58-fc-48-9fVlan150Ethernet1/0/4Dynamic
Displayed informationExplanation
Total arp itemsTotal number of ARP entries.
ValidARP entry number matching the filter conditions and attributing the legality states.
MatchedARP entry number matching the filter conditions.
VerifyingARP entry number at verifying again validity for ARP.
InCompletedARP entry number have ARP request sent without ARP reply.
FailedARP entry number at failed state.
NoneARP entry number at begin-found state.
AddressIP address of ARP entries.
Hardware AddressMAC address of ARP entries.
InterfaceLayer 3 interface corresponding to the ARP entry.
PortPhysical (Layer2) port corresponding to the ARP entry.
FlagDescribes whether ARP entry is dynamic or static.

19.5.7 show arp traffic

Command:

show arp traffic

Function:

Display the statistic information of ARP messages of the switch. For box switches, this command will only show statistics of APP messages received and sent from the current boardcard.

Command mode:

Admin and Config Mode

Usage Guide:

Display statistics information of received and sent APP messages.

Example:

Switch#show arp traffic

ARP statistics:

Rcvd: 10 request, 5 response

Sent: 5 request, 10 response

19.6 Commands for Hardware Tunnel Capacity

19.6.1 hardware tunnel-capacity

Command:

hardware tunnel-capacity

no hardware tunnel-capacity

Function:

Configure the maximum value of hardware tunnel-capacity, the no command restores the default value.

Parameters:

is the value of hardware tunnel-capacity, its range from 0 to 1024.

Default:

64

Command mode:

Global mode

Usage Guide:

This command is used to configure the maximum number of tunnel and MPLS forwarded by hardware. Increasing capacity will reduce hardware routing number supported by switch, vice versa.

Note: It needs to reset switch to enable the valid configuration.

Example:

Configure that hardware tunnel-capacity supports the maximum value of 200.

Switch(config)#hardware tunnel-capacity 200

Set successfully! Write and reload to take effect.

Switch(config)#exit

Switch#write

Switch#reload

Chapter 20 Commands for ARP

Scanning Prevention

20.1 anti-arpscan enable

Command:

anti-arpscan enable

no anti-arpscan enable

Function:

Globally enable ARP scanning prevention function; “no anti-arpscan enable” command globally disables ARP scanning prevention function.

Default Settings:

Disable ARP scanning prevention function.

Command Mode:

Global configuration mode

User Guide:

When remotely managing a switch with a method like telnet, users should set the uplink port as a Super Trust port before enabling anti-ARP-scan function, preventing the port from being shutdown because of receiving too many ARP messages. After the anti-ARP-scan function is disabled, this port will be reset to its default attribute, that is, Untrust port.

Example:

Enable the ARP scanning prevention function of the switch.

Switch(config)#anti-arpscan enable

20.2 anti-arpscan port-based threshold

Command:

anti-arpscan port-based threshold

no anti-arpscan port-based threshold

Function:

Set the threshold of received messages of the port-based ARP scanning prevention. If the rate of received ARP messages exceeds the threshold, the port will be closed. The unit is packet/second.

The “no anti-arpscan port-based threshold” command will reset the default value, 10 packets/second.

Parameters:

rate threshold, ranging from 2 to 200.

Default Settings:

10 packets /second.

Command Mode:

Global Configuration Mode.

User Guide:

the threshold of port-based ARP scanning prevention should be larger than the threshold of IP-based ARP scanning prevention, or, the IP-based ARP scanning prevention will fail.

Example:

Set the threshold of port-based ARP scanning prevention as 10 packets /second.

Switch(config)#anti-arpscan port-based threshold 10

20.3 anti-arpscan ip-based threshold

Command:

anti-arpscan ip-based threshold

no anti-arpscan ip-based threshold

Function:

Set the threshold of received messages of the IP-based ARP scanning prevention. If the rate of received ARP messages exceeds the threshold, the IP messages from this IP will be blocked. The unit is packet/second. The “no anti-arpscan ip-based threshold” command will reset the default value, 3 packets/second.

Parameters:

rate threshold, ranging from 1 to 200.

Default Settings:

3 packets/second.

Command Mode:

Global configuration mode

User Guide:

The threshold of port-based ARP scanning prevention should be larger than the threshold of IP-based ARP scanning prevention, or, the IP-based ARP scanning prevention will fail.

Example:

Set the threshold of IP-based ARP scanning prevention as 6 packets/second.

Switch(config)#anti-arpscan ip-based threshold 6

20.4 anti-arpscan trust

Command:

anti-arpscan trust [port | supertrust-port]

no anti-arpscan trust [port | supertrust-port]

Function:

Configure a port as a trusted port or a super trusted port;" no anti-arpscan trust " command will reset the port as an untrusted port.

Default Settings:

By default all the ports are non-trustful.

Command Mode:

Port configuration mode

User Guide:

If a port is configured as a trusted port, then the ARP scanning prevention function will not deal with this port, even if the rate of received ARP messages exceeds the set threshold, this port will not be closed, but the non-trustful IP of this port will still be checked. If a port is set as a super non-trustful port, then neither the port nor the IP of the port will be dealt with. If the port is already closed by ARP scanning prevention, it will be opened right after being set as a trusted port.

When remotely managing a switch with a method like telnet, users should set the uplink port as a Super Trust port before enabling anti-ARP-scan function, preventing the port from being shutdown because of receiving too many ARP messages. After the anti-ARP-scan function is disabled, this port will be reset to its default attribute, that is, Untrust port.

Example:

Set port ethernet 1/0/5 of the switch as a trusted port.

Switch(config)#in e1/0/5

Switch(Config-If-Ethernet1/0/5)# anti-arpscan trust port

20.5 anti-arpscan trust ip

Command:

anti-arpscan trust ip []

no anti-arpscan trust ip []

Function:

Configure trusted IP; "no anti-arpscan trust ip [] command reset the IP to non-trustful IP.

Parameters:

: Configure trusted IP address; : Net mask of the IP.

Default Settings:

By default all the IP are non-trustful. Default mask is 255.255.255.255

Command Mode:

Global configuration mode

User Guide:

If a port is configured as a trusted port, then the ARP scanning prevention function will not deal with this port, even if the rate of received ARP messages exceeds the set threshold, this port will not be closed. If the port is already closed by ARP scanning prevention, its traffic will be recovered right immediately.

Example:

Set 192.168.1.0/24 as trusted IP.

Switch(config)#anti-arpscan trust ip 192.168.1.0 255.255.255.0

20.6 anti-arpscan recovery enable

Command:

anti-arpscan recovery enable

no anti-arpscan recovery enable

Function:

Enable the automatic recovery function, "no anti-arpscan recovery enable" command will disable the function.

Default Settings:

Enable the automatic recovery function

Command Mode:

Global configuration mode

User Guide:

If the users want the normal state to be recovered after a while the port is closed or the IP is disabled, they can configure this function.

Example:

Enable the automatic recovery function of the switch.

Switch(config)#anti-arpscan recovery enable

20.7 anti-arpscan recovery time

Command:

anti-arpscan recovery time

no anti-arpscan recovery time

Function:

Configure automatic recovery time; “no anti-arpscan recovery time” command resets the automatic recovery time to default value.

Parameters:

Automatic recovery time, in second ranging from 5 to 86400.

Default Settings:

300 seconds.

Command Mode:

Global configuration mode

User Guide:

Automatic recovery function should be enabled first.

Example:

Set the automatic recovery time as 3600 seconds.

Switch(config)#anti-arpscan recovery time 3600

20.8 anti-arpscan log enable

Command:

anti-arpscan log enable

no anti-arpscan log enable

Function:

Enable ARP scanning prevention log function; "no anti-arpscan log enable" command will disable this function.

Default Settings:

Enable ARP scanning prevention log function.

Command Mode:

Global configuration mode

User Guide:

After enabling ARP scanning prevention log function, users can check the detailed information of ports being closed or automatically recovered by ARP scanning prevention or IP being disabled and recovered by ARP scanning prevention. The level of the log is "Warning".

Example:

Enable ARP scanning prevention log function of the switch.

Switch(config)#anti-arpscan log enable

20.9 anti-arpscan trap enable

Command:

anti-arpscan trap enable

no anti-arpscan trap enable

Function:

Enable ARP scanning prevention SNMP Trap function; "no anti-arpscan trap enable" command disable ARP scanning prevention SNMP Trap function.

Default Settings:

Disable ARP scanning prevention SNMP Trap function.

Command Mode:

Global configuration mode

User Guide:

After enabling ARP scanning prevention SNMP Trap function, users will receive Trap message whenever a port is closed or recovered by ARP scanning prevention, and whenever IP t is closed or recovered by ARP scanning prevention.

Example:

Enable ARP scanning prevention SNMP Trap function of the switch.

Switch(config)#anti-arpscan trap enable

20.10 show anti-arpscan

Command:

show anti-arpscan [trust [ip | port | supertrust-port] | prohibited [ip | port]]

Function:

Display the operation information of ARP scanning prevention function.

Default Settings:

Display every port to tell whether it is a trusted port and whether it is closed. If the port is closed, then display how long it has been closed. Display all the trusted IP and disabled IP.

Command Mode:

Admin Mode

User Guide:

Use "show anti-arpscan trust port" if users only want to check trusted ports. The reset follows the same rule.

Example:

Check the operating state of ARP scanning prevention function after enabling it.

Switch(config)#show anti-arpscan
Total port: 28

NamePort-propertybeShutshutTime(seconds)
Ethernet1/0/1untrustN0
Ethernet1/0/2untrustN0
Ethernet1/0/3untrustN0
Ethernet1/0/4untrustN0
Ethernet1/0/5untrustN0
Ethernet1/0/6untrustN0
Ethernet1/0/7untrustN0
Ethernet1/0/8untrustN0
Ethernet1/0/9untrustN0
Ethernet1/0/10untrustN0
Ethernet1/0/11untrustN0
Ethernet1/0/12untrustN0
Ethernet1/0/13untrustN0
Ethernet1/0/14untrustN0
Ethernet1/0/15untrustN0
Ethernet1/0/16trustN0
Ethernet1/0/17untrustN0
Ethernet1/0/18supertrustN0
Ethernet1/0/19untrustY30
Ethernet1/0/20trustN0
Ethernet1/0/21untrustN0
Ethernet1/0/22untrustN0
Ethernet1/0/23untrustN0
Ethernet1/0/24untrustN0
Ethernet1/0/25untrustN0
Ethernet1/0/26untrustN0
Ethernet1/0/27untrustN0
Ethernet1/0/28untrustN0

Prohibited IP:

IPshutTime(seconds)
1.1.1.2132

Trust IP:

192.168.99.5255.255.255.255
192.168.99.6255.255.255.255

20.11 debug anti-arpscan

Command:

debug anti-arpscan [port | ip]

no debug anti-arpscan [port | ip]

Function:

Enable the debug switch of ARP scanning prevention; "no debug anti-arpscan [port | ip]" command disables the switch.

Default Settings:

Disable the debug switch of ARP scanning prevention

Command Mode:

Admin Mode

User Guide:

After enabling debug switch of ARP scanning prevention users can check corresponding debug information or enable the port-based or IP-based debug switch separately whenever a port is closed by ARP scanning prevention or recovered automatically, and whenever IP t is closed or recovered.

Example:

Enable the debug function for ARP scanning prevention of the switch.

Switch(config)#debug anti-arpscan

Chapter 21 Commands for Preventing ARP, ND Spoofing

21.1 ip arp-security updateprotect

Command:

ip arp-security updateprotect

no ip arp-security updateprotect

Function:

Forbid ARP table automatic update. The "no ip arp-security updateprotect" command re-enables ARP table automatic update.

Default:

ARP table automatic update.

Command Mode:

Global Mode/ Interface configuration.

User Guide:

Forbid ARP table automatic update, the ARP packets conflicting with current ARP item (e.g. with same IP but different MAC or port) will be dropped, the others will be received to update aging timer or create a new item; so, the current ARP item keep unchanged and the new item can still be learned.

Example:

Switch(Config-if-Vlan1)#ip arp-security updateprotect.

Switch(config)#ip arp-security updateprotect.

21.2 ipv6 nd-security updateprotect

Command:

ipv6 nd-security updateprotect

no ipv6 nd-security updateprotect

Function:

Forbid ND automatic update function of IPv6 Version, the "no ipv6 nd-security updateprotect" command re-enables ND automatic update function.

Default:

ND update normally.

Command Mode:

Global Mode/ Interface configuration

User Guide:

Forbid ND table automatic update, the ND packets conflicting with current ND item (e.g. with same IP but different MAC or port) will be dropped, the others will be received to update aging timer or create a new item; so, the current ND item keep unchanged and the new item can still be learned.

Example:

Switch(Config-if-Vlan1)#ipv6 nd -security updateprotect

Switch(config)#ipv6 nd -security updateprotect

21.3 ip arp-security learnprotect

Command:

ip arp-security learnprotect

no ip arp-security learnprotect

Function:

Forbid ARP learning function of IPv4 Version, the "no ip arp-security learnprotect" command re-enables ARP learning function.

Default:

ARP learning enabled.

Command Mode:

Global Mode/ Interface Configuration.

Usage Guide:

This command is for preventing the automatic learning and updating of ARP. Unlike ip arp-security updateprotect, once this command implemented, there will still be timeout even if the switch keeps sending Request/Reply messages.

Example:

Switch(Config-if-Vlan1)# ip arp-security learnprotect

Switch(config)# ip arp-security learnprotect

21.4 ipv6 nd-security learnprotect

Command:

ipv6 nd-security learnprotect

no ipv6 nd-security learnprotect

Function:

Forbid ND learning function of IPv6 Version, the no command re-enables ND learning function.

Default:

ND learning enabled.

Command Mode:

Global Mode/ Interface Configuration.

Usage Guide:

This command is for preventing the automatic learning and updating of ND. Unlike ip nd-security updateprotect, once this command implemented, there will still be timeout even if the switch keeps sending Request/Reply messages.

Example:

Switch(Config-if-Vlan1)#ipv6 nd -security learnprotect

Switch(config)#ipv6 nd -security learnprotect

21.5 ip arp-security convert

Command:

ip arp-security convert

Function:

Change all of dynamic ARP to static ARP.

Command Mode:

Global Mode/ Interface configuration

Usage Guide:

This command will convert the dynamic ARP entries to static ones, which, in combination with disabling automatic learning, can prevent ARP binding. Once implemented, this command will lose its effect.

Example:

Switch(Config-if-Vlan1)#ip arp -security convert

Switch(config)#ip arp -security convert

21.6 ipv6 nd-security convert

Command:

ipv6 nd-security convert

Function:

Change all of dynamic ND to static ND.

Command Mode:

Global Mode/ Interface Configuration

Usage Guide:

This command will convert the dynamic ND entries to static ones, which, in combination with disabling automatic learning, can prevent ND binding. Once implemented, this command will lose its effect.

Example:

Switch (Config-if-Vlan1) #ipv6 nd -security convert Switch (config) #ipv6 nd -security conver

21.7 clear ip arp dynamic

Command:

clear ip arp dynamic

Function:

Clear all of dynamic ARP on interface.

Parameter:

None

Command Mode:

Interface Configuration

Usage Guide:

This command will clear dynamic entries before binding ARP. Once implemented, this command will lose its effect.

Example:

Switch(Config-if-Vlan1)#clear ip arp dynamic

21.8 clear ipv6 nd dynamic

Command:

clear ipv6 nd dynamic

Function:

Clear all of dynamic ND on interface.

Parameter:

None

Command mode:

Interface Configuration

Usage Guide:

This command will clear dynamic entries before binding ND. Once implemented, this command will lose its effect.

Example:

Switch(Config-if-Vlan1)#clear ipv6 nd dynamic

Chapter 22 Command for ARP GUARD

22.1 arp-guard ip

Command:

arp-guard ip

no arp-guard ip

Function:

Add a ARP GUARD address, the no command deletes ARP GUARD address.

Parameters:

is the protected IP address, in dotted decimal notation.

Default:

There is no ARP GUARD address by default.

Command Mode:

Port configuration mode

Usage Guide:

After configuring the ARP GUARD address, the ARP messages received from the ports configured ARP GUARD will be filtered. If the source IP addresses of the ARP message match the ARP GUARD address configured on this port, these messages will be judged as ARP cheating messages, which will be directly dropped instead of sending to the CPU of the switch or forwarding. 16 ARP GUARD addresses can be configured on each port.

Example:

Configure the ARP GUARD address on port ethernet1/0/1 as 100.1.1.1.

switch(config)#interface ethernet1/0/1
switch(Config-If-Ethernet 1/0/1)#arp-guard ip 100.1.1.1

Delete the ARP GUARD address on port ethernet1/0/1 as 100.1.1.1.

switch(config)#interface ethernet1/0/1
switch(Config-If-Ethernet 1/0/1)#no arp-guard ip 100.1.1.1

Chapter 23 Command for ARP Local Proxy

23.1 ip local proxy-arp

Command:

ip local proxy-arp

no ip local proxy-arp

Function:

Enable/disable the local ARP Proxy function of a specified interface.

Default Settings:

This function is disabled on all interfaces by default.

Command Mode:

Interface VLAN Mode.

User Guide:

This function is disabled on all interfaces by default, and differs from the original proxy-arp in that this function acts as an ARP Proxy inside the same layer-3 interface and thus directs the layer-3 forwarding of the switch.

Example:

Enable the local ARP Proxy function of interface VLAN1.

Switch(Config-if-Vlan1)# ip local proxy-arp

Chapter 24 Commands for Gratuitous ARP Configuration

24.1 ip gratuitous-arp

Command:

ip gratuitous-arp []

no ip gratuitous-arp

Function:

To enabled gratuitous ARP, and specify update interval for gratuitous ARP. The no form of this command will disable the gratuitous ARP configuration.

Parameters:

is the update interval for gratuitous ARP with its value limited between 5 and 1200 seconds and with default value as 300 seconds.

Command Mode:

Global Configuration Mode and Interface Configuration Mode.

Default:

Gratuitous ARP is disabled by default.

Usage Guide:

When configuring gratuitous ARP in global configuration mode, all the Layer 3 interfaces in the switch will be enabled to send gratuitous ARP request. If gratuitous ARP is configured in interface configuration mode, then only the specified interface is able to send gratuitous ARP requests. When configuring the gratuitous ARP, the update interval configuration from interface configuration mode has higher preference than that from the global configuration mode.

Example:

  1. To enable gratuitous ARP in global configuration mode, and set the update interval to be 400 seconds.

Switch>enable

Switch#config

Switch(config)#ip gratuitous-arp 400

  1. To enable gratuitous ARP for interface VLAN 10 and set the update interval to be 350 seconds.

Switch(config)#interface vlan 10

Switch(Config-if-Vlan10)#ip gratuitous-arp 350

24.2 show ip gratuitous-arp

Command:

show ip gratuitous-arp [interface vlan ]

Function:

To display configuration information about gratuitous ARP.

Parameters:

is the VLAN ID. The valid range for is between 1 and 4094.

Command Mode:

All the Configuration Modes.

Usage Guide:

In all the configuration modes, the command show ip gratuitous arp will display information about the gratuitous ARP configuration in global and interface configuration mode. The command show ip gratuitous-arp interface vlan will display information about the gratuitous ARP configuration about the specified VLAN interface.

Example:

  1. To display information about gratuitous ARP configuration in both global and interface configuration modes.
Switch#show ip gratuitous-arp
Gratuitous ARP send is Global enabled, Interval-Time is 300(s)
Gratuitous ARP send enabled interface vlan information:
NameInterval-Time(seconds)
Vlan1400
Vlan10350
  1. To display gratuitous ARP configuration information about interface VLAN 10.
Switch#show ip gratuitous-arp interface vlan 10
Gratuitous ARP send interface Vlan10 information:
NameInterval-Time(seconds)
Vlan10350

Chapter 25 Commands for Keepalive Gateway

25.1 keepalive gateway

Command:

keepalive gateway [{ / msec } [retry-count]]

no keepalive gateway

Function:

Enable keepalive gateway, configure the interval that ARP request packet is sent and the retry-count after detection is failing, the no command disables the function.

Parameters:

ip-address: IP address of the gateway

interval-seconds: The interval (unit is second) that ARP request packet is sent, ranging between 1 and 32767. If there is no configuration, the default is 10 seconds.

interval-millisecond: The interval (unit is millisecond) that ARP request packet is sent, ranging between 160 and 999.

retry-count: Determine the retry-count after detection is failing. If there is no configuration, the default is 5 times.

Default:

Disable keepalive gateway.

Command Mode:

Interface mode.

Usage Guide:

This command is supported by layer 3 switch and the detection method is used to point-to-point topology mode only.

Example:

Switch(config)#interface vlan 1

Switch(config-if-vlan1)#keealive gateway 1.1.1.1 3 10

25.2 show ip interface

Command:

show ip interface [interface-name]

Function:

Show IPv4 running status of the specified interface.

Parameters:

interface-name is the specified interface name. If there is no parameter, show IPv4 running status of all interfaces.

Command Mode:

Policy-class-map Mode.

Usage Guide:

Show IPv4 running status of the interface.

Example:

Switch(config)#show ip interface brief
IndexInterfaceIP-AddressProtocol
3001Vlan11.1.1.2up
9000Loopback127.0.0.1up

25.3 show keepalive gateway

Command:

show keepalive gateway [interface-name]

Function:

Show keepalive running status of the specified interface.

Parameters:

interface-name is the specified interface name. If there is no parameter, show keepalive running status of all interfaces.

Command Mode:

Admin and configuration mode.

Usage Guide:

Show keepalive running status of the interface.

Example:

Switch(config)#show keepalive gateway interface Vlan1 gateway 1.1.1.1 time 10s retry 1 remain 4 now UP

Chapter 26 Commands for DHCP

26.1 Commands for DHCP Server Configuration

26.1.1 bootfile

Command:

bootfile

no bootfile

Function:

Sets the file name for DHCP client to import on boot up; the "no bootfile" command deletes this setting.

Parameters:

is the name of the file to be imported, up to 255 characters are allowed.

Command Mode:

DHCP Address Pool Mode

Usage Guide:

Specify the name of the file to be imported for the client. This is usually used for diskless workstations that need to download a configuration file from the server on boot up. This command is together with the "next sever".

Example:

The path and filename for the file to be imported is "c:\temp\nos.img"

Switch(dhcp-1-config)#bootfile c:\temp\nos.img

Related Command:

next-server

26.1.2 clear ip dhcp binding

Command:

clear ip dhcp binding {

| all}

Function:

Deletes the specified IP address-hardware address binding record or all IP address-hardware address binding records.

Parameters:

is the IP address that has a binding record in decimal format. all refers to all IP addresses that have a binding record.

Command mode:

Admin Mode.

Usage Guide:

“show ip dhcp binding” command can be used to view binding information for IP addresses and corresponding DHCP client hardware addresses. If the DHCP server is informed that a DHCP client is not using the assigned IP address for some reason before the lease period expires, the DHCP server would not remove the binding information automatically. The system administrator can use this command to delete that IP address-client hardware address binding manually, if “all” is specified, then all auto binding records will be deleted, thus all addresses in the DHCP address pool will be reallocated.

Example:

Removing all IP-hardware address binding records. Switch#clear ip dhcp binding all show ip dhcp binding

26.1.3 clear ip dhcp conflict

Command: clear ip dhcp conflict {
| all } Function: Deletes an address present in the address conflict log. Parameters:
is the IP address that has a conflict record; all stands for all addresses that have conflict records. Command mode: Admin Mode. Usage Guide: "show ip dhcp conflict" command can be used to check which IP addresses are conflicting for use. The "clear ip dhcp conflict" command can be used to delete the conflict record for an address. If "all" is specified, then all conflict records in the log will be removed. When records are removed from the log, the addresses are available for allocation by the DHCP server. Example: The network administrator finds 10.1.128.160 that has a conflict record in the log and is no longer used by anyone, so he deletes the record from the address conflict log. Switch#clear ip dhcp conflict 10.1.128.160 Related Command: ip dhcp conflict logging, show ip dhcp conflict

26.1.4 clear ip dhcp server statistics

Command: clear ip dhcp server statistics Function: Deletes the statistics for DHCP server, clears the DHCP server count. Command mode: Admin Mode. Usage Guide: DHCP count statistics can be viewed with “show ip dhcp server statistics” command, all information is accumulated. You can use the “clear ip dhcp server statistics” command to clear the count for easier statistics checking. Example: Clearing the count for DHCP server. Switch#clear ip dhcp server statistics Related Command: show ip dhcp server statistics

26.1.5 client-identifier

Command: client-identifier no client-identifier Function: Specifies the unique ID of the user when binding an address manually; the "no client-identifier" command deletes the identifier. Parameters: is the user identifier, in dotted Hex format. Command Mode: DHCP Address Pool Mode Usage Guide: This command is used with "host" when binding an address manually. If the requesting client identifier matches the specified identifier, DHCP server assigns the IP address defined in "host" command to the client. Example: Specifying the IP address 10.1.128.160 to be bound to user with the unique id of 00-10-5a-60-af-12 in manual address binding. Switch(dhcp-1-config)#client-identifier 00-10-5a-60-af-12 Switch(dhcp-1-config)#host 10.1.128.160 24 Related Command: Host

26.1.6 debug ip dhcp client

Command: debug ip dhcp client {event | packet} no debug ip dhcp server {event | packet} Function: Enable the debugging of DHCP client, no command disables the debugging of DHCP client. Command Mode: Admin Mode Default: Disable the debugging.

26.1.7 debug ip dhcp relay

Command: debug ip dhcp server packet no debug ip dhcp server packet Function: Enable the debugging of DHCP relay, no command disables the debugging of DHCP relay. Command Mode: Admin Mode Default: Disable the debugging.

26.1.8 debug ip dhcp server

Command: debug ip dhcp server {events | linkage | packets} no debug ip dhcp server {events | linkage | packets} Function: Enables DHCP server debug information: the "no debug ip dhcp server {events | linkage} packets} command disables the debug information for DHCP server. Command Mode: Admin Mode. Default: Debug information is disabled by default.

26.1.9 default-router

Command: default-router [[...]] no default-router Function: Configures default gateway(s) for DHCP clients; the "no default-router" command deletes the default gateway. Parameters: ... are IP addresses, in decimal format. Default: No default gateway is configured for DHCP clients by default. Command Mode: DHCP Address Pool Mode Usage Guide: The IP address of default gateway(s) should be in the same subnet as the DHCP client IP, the switch supports up to 8 gateway addresses. The gateway address assigned first has the highest priority, and therefore address1 has the highest priority, and address2 has the second, and so on. Example: Configuring the default gateway for DHCP clients to be 10.1.128.2 and 10.1.128.100. Switch(dhcp-1-config)#default-router 10.1.128.2 10.1.128.100

26.1.10 dns-server

Command: dns-server [[...]] no dns-server Function: Configure DNS servers for DHCP clients; the "no dns-server" command deletes the default gateway. Parameters: ... are IP addresses, in decimal format. Default: No DNS server is configured for DHCP clients by default. Command Mode: DHCP Address Pool Mode Usage Guide: Up to 8 DNS server addresses can be configured. The DNS server address assigned first has the highest priority, therefore address 1 has the highest priority, and address 2 has the second, and so on. Example: Set 10.1.128.3 as the DNS server address for DHCP clients. Switch(dhcp-1-config)#dns-server 10.1.128.3

26.1.11 domain-name

Command: domain-name no domain-name Function: Configures the Domain name for DHCP clients; the "no domain-name" command deletes the domain name. Parameters: is the domain name, up to 255 characters are allowed. Command Mode: DHCP Address Pool Mode Usage Guide: Specifies a domain name for the client. Example: Specifying "digitalchina.com.cn" as the DHCP clients' domain name. Switch(dhcp-1-config)#domain-name digitalchina.com.cn

26.1.12 hardware-address

Command:

hardware-address [{Ethernet | IEEE802|}] no hardware-address

Function:

Specifies the hardware address of the user when binding address manually; the "no hardware-address" command deletes the setting.

Parameters:

is the hardware address in Hex; Ethernet | IEEE802 is the Ethernet protocol type, should be the RFC number defined for protocol types, from 1 to 255, e.g., 0 for Ethernet and 6 for IEEE 802.

Default:

The default protocol type is Ethernet,

Command Mode:

DHCP Address Pool Mode

Usage Guide:

This command is used with the "host" when binding address manually. If the requesting client hardware address matches the specified hardware address, the DHCP server assigns the IP address defined in "host" command to the client.

Example:

Specify IP address 10.1.128.160 to be bound to the user with hardware address 00-00-e2-3a-26-04 in manual address binding. Switch(dhcp-1-config)#hardware-address 00-00-e2-3a-26-04 Switch(dhcp-1-config)#host 10.1.128.160 24 Host

26.1.13 host

Command:

host
[ | ] no host

Function:

Specifies the IP address to be assigned to the user when binding addresses manually; the "no host" command deletes the IP address.

Parameters:

is the IP address in decimal format; is the subnet mask in decimal format; means mask is indicated by prefix. For example, mask 255.255.255.0 in prefix is "24", and mask 255.255.255.252 in prefix is "30".

Command Mode:

DHCP Address Pool Mode

Usage Guide:

If no mask or prefix is configured when configuring the IP address, and no information in the IP address pool indicates anything about the mask, the system will assign a mask automatically according to the IP address class. This command is used with “hardware address” command or “client identifier” command when binding addresses manually. If the identifier or hardware address of the requesting client matches the specified identifier or hardware address, the DHCP server assigns the IP address defined in “host” command to the client.

Example:

Specifying IP address 10.1.128.160 to be bound to user with hardware address 00-10-5a-60-af-12 in manual address binding. Switch(dhcp-1-config)#hardware-address 00-10-5a-60-af-12 Switch(dhcp-1-config)#host 10.1.128.160 24 hardware-address, client-identifier

26.1.14 ip dhcp conflict logging

Command:

ip dhcp conflict logging no ip dhcp conflict logging

Function:

Enables logging for address conflicts detected by the DHCP server; the "no ip dhcp conflict logging" command disables the logging.

Default:

Logging for address conflict is enabled by default.

Command mode:

Global Mode

Usage Guide:

When logging is enabled, once the address conflict is detected by the DHCP server, the conflicting address will be logged. Addresses present in the log for conflicts will not be assigned dynamically by the DHCP server until the conflicting records are deleted.

Example:

Disable logging for DHCP server. Switch(config)#no ip dhcp conflict logging clear ip dhcp conflict

26.1.15 ip dhcp excluded-address

Command:

ip dhcp excluded-address [] no ip dhcp excluded-address []

Function:

Specifies addresses excluding from dynamic assignment; the "no ip dhcp excluded-address [] command cancels the setting.

Parameters:

is the starting IP address, [] is the ending IP address.

Default:

Only individual address is excluded by default.

Command mode:

Global Mode

Usage Guide:

This command can be used to exclude one or several consecutive addresses in the pool from being assigned dynamically so that those addresses can be used by the administrator for other purposes.

Example:

Reserving addresses from 10.1.128.1 to 10.1.128.10 from dynamic assignment. Switch(config)#ip dhcp excluded-address 10.1.128.1 10.1.128.10

26.1.16 ip dhcp pool

Command: ip dhcp pool no ip dhcp pool Function: Configures a DHCP address pool and enter the pool mode; the "no ip dhcp pool "command deletes the specified address pool. Parameters: is the address pool name, up to 32 characters are allowed. Command mode: Global Mode Usage Guide: This command is used to configure a DHCP address pool under Global Mode and enter the DHCP address configuration mode. Example: Defining an address pool named "1". Switch(config)#ip dhcp pool 1 Switch(dhcp-1-config)#

26.1.17 ip dhcp conflict ping-detection enable

Command: ip dhcp conflict ping-detection enable no ip dhcp conflict ping-detection enable Function: Enable Ping-detection of conflict on DHCP server; the no operation of this command will disable the function. Default Settings: By default, Ping-detection of conflict is disabled. Command Mode: Global Configuration Mode. Usage Guide: To enable Ping-detection of conflict, one should enable the log of conflict addresses, when which is disabled, so will the ping-detection of conflict. When a client is unable to receive Ping request messages (when blocked by firewall, for example), this function will check local ARP according to allocated IP: if a designated IP has a corresponding ARP, then an address conflict exists; otherwise, allocate it to the client. Examples: Enable Ping-detection of conflict. Switch(config)#ip dhcp conflict ping-detection enable Related Command: ip dhcp conflict logging, ip dhcp ping packets, ip dhcp ping timeout

26.1.18 ip dhcp ping packets

Command:

ip dhcp ping packets no ip dhcp ping packets

Function:

Set the max number of Ping request (Echo Request) message to be sent in Ping-detection of conflict on DHCP server, whose default value is 2; the no operation of this command will restore the default value.

Parameters:

is the number of Ping request message to be sent in Ping-detection of conflict.

Default Settings:

No more than 2 Ping request messages will be sent by default.

Command Mode:

Global Configuration Mode.

Examples:

Set the max number of Ping request (Echo Request) message to be sent in Ping-detection of conflict on DHCP server as 3. Switch(config)#ip dhcp ping packets 3 ip dhcp conflict ping-detection enable, ip dhcp ping timeout

26.1.19 ip dhcp ping timeout

Command:

ip dhcp ping timeout no ip dhcp ping timeout

Function:

Set the timeout period (in ms) of waiting for a reply message (Echo Request) after each Ping request message (Echo Request) in Ping-detection of conflict on DHCP server, whose default value is 500ms. The no operation of this command will restore the default value.

Parameters:

is the timeout period of waiting for a reply message after each Ping request message in Ping-detection of conflict.

Default Settings:

The timeout period is 500ms by default.

Command Mode:

Global Configuration Mode.

Examples:

Set the timeout period (in ms) of waiting for each reply message (Echo Request) in Ping-detection of conflict on DHCP server as 600ms. Switch(config)#ip dhcp conflict timeout 600 ip dhcp conflict ping-detection enable, ip dhcp ping packets

26.1.20 lease

Command: lease { [] [][] | infinite } no lease Function: Sets the lease time for addresses in the address pool; the "no lease" command restores the default setting. Parameters: is number of days from 0 to 365; is number of hours from 0 to 23; is number of minutes from 0 to 59; infinite means perpetual use. Default: The default lease duration is 1 day. Command Mode: DHCP Address Pool Mode Usage Guide: DHCP is the protocol to assign network addresses dynamically instead of permanently, hence the introduction of ease duration. Lease settings should be decided based on network conditions: too long lease duration offsets the flexibility of DHCP, while too short duration results in increased network traffic and overhead. The default lease duration of switch is 1 day. Example: Setting the lease of DHCP pool "1" to 3 days 12 hours and 30 minutes. Switch(dhcp-1-config)#lease 3 12 30

26.1.21 netbios-name-server

Command: netbios-name-server [[...]] no netbios-name-server Function: Configures WINS servers' address; the "no netbios-name-server" command deletes the WINS server. Parameters: ... are IP addresses, in decimal format.

Default:

No WINS server is configured by default.

Command Mode:

DHCP Address Pool Mode

Usage Guide:

This command is used to specify WINS server for the client, up to 8 WINS server addresses can be configured. The WINS server address assigned first has the highest priority. Therefore, address 1 has the highest priority, and address 2 the second, and so on.

Example:

Setting the server address of DHCP pool "1" to 192.168.1.1. Switch(dhcp-1-config)#netbios-name-server 192.168.1.1

26.1.22 netbios-node-type

Command:

netbios-node-type {b-node | h-node | m-node | p-node | } no netbios-node-type

Function:

Sets the node type for the specified port; the "no netbios-node-type" command cancels the setting.

Parameters:

b-node stands for broadcasting node, h-node for hybrid node that broadcasts after point-to-point communication; m-node for hybrid node to communicate in point-to-point after broadcast; p-node for point-to-point node; is the node type in Hex from 0 to FF.

Default:

No client node type is specified by default.

Command Mode:

DHCP Address Pool Mode

Usage Guide:

If client node type is to be specified, it is recommended to set the client node type to h-node that broadcasts after point-to-point communication.

Example:

Setting the node type for client of pool 1 to broadcasting node. Switch(dhcp-1-config)#netbios-node-type b-node

26.1.23 network-address

Command:

network-address [ | ] no network-address

Function:

Sets the scope for assignment for addresses in the pool; the "no network-address" command cancels the setting.

Parameters:

is the network number; is the subnet mask in the decimal format; stands for mask in prefix form. For example, mask 255.255.255.0 in prefix is "24", and mask 255.255.255.252 in prefix is "30". Note: When using DHCP server, the pool mask should be longer or equal to that of layer 3 interface IP address in the corresponding segment.

Default:

If no mask is specified, default mask will be assigned according to the address class.

Command Mode:

DHCP Address Pool Mode

Usage Guide:

This command sets the scope of addresses that can be used for dynamic assignment by the DHCP server; one address pool can only have one corresponding segment. This command is exclusive with the manual address binding command “hardware address” and “host”.

Example:

Configuring the assignable address in pool 1 to be 10.1.128.0/24. Switch(dhcp-1-config)#network-address 10.1.128.0 24

26.1.24 next-server

Command:

next-server [[...]] no next-server

Function:

Sets the server address for storing the client import file; the "no next-server" command cancels the setting.

Parameters:

... are IP addresses, in the decimal format.

Command Mode:

DHCP Address Pool Mode

Usage Guide:

This command configures the address for the server hosting client import file. This is usually used for diskless workstations that need to download configuration files from the server on boot up. This command is used together with "bootfile".

Example:

Setting the hosting server address as 10.1.128.4. Switch(dhcp-1-config)#next-server 10.1.128.4

26.1.25 option

Command:

option <code> {ascii <string> | hex <hex> | ipaddress <ipaddress>}
no option <code>

Function:

Sets the network parameter specified by the option code; the "no option "command cancels the setting for option.

Parameters:

<code> is the code for network parameters;
<string> is the ASCII string up to 255 characters;
<hex> is a value in Hex that is no greater than 510 and must be of even length;
<ipaddress> is the IP address in decimal format, up to 63 IP addresses can be configured.

Command Mode:

DHCP Address Pool Mode

Usage Guide:

The switch provides common commands for network parameter configuration as well as various commands useful in network configuration to meet different user needs. The definition of option code is described in detail in RFC2123.

Example:

Setting the WWW server address as 10.1.128.240. Switch(dhcp-1-config)#option 72 ip 10.1.128.240

26.1.26 service dhcp

Command: service dhcp no service dhcp Function: Enables DHCP server; the "no service dhcp" command disables the DHCP service. Default: DHCP service is disabled by default. Command mode: Global Mode Usage Guide: Both DHCP server and DHCP relay are included in the DHCP service. When DHCP services are enabled, both DHCP server and DHCP relay are enabled. Switch can only assign IP address for the DHCP clients and enable DHCP relay when DHCP server function is enabled. Example: Enabling DHCP server. Switch(config)#service dhcp

26.1.27 show ip dhcp binding

Command: show ip dhcp binding [ [] [type {all | manual | dynamic}] [count] ] Function: Displays IP-MAC binding information. Parameters: is a specified IP address in decimal format; all stands for all binding types (manual binding and dynamic assignment); manual for manual binding; dynamic for dynamic assignment; count displays statistics for DHCP address binding entries. Command mode: Admin and Configuration Mode. Example:
Switch# show ip dhcp binding
IP addressHardware addressLease expirationType
10.1.1.23300-00-E2-3A-26-04InfiniteManual
10.1.1.25400-00-E2-3A-5C-D360Automatic
Displayed informationExplanation
IP addressIP address assigned to a DHCP client
Hardware addressMAC address of a DHCP client
Lease expirationValid time for the DHCP client to hold the IP address
TypeType of assignment: manual binding or dynamic assignment.

26.1.28 show ip dhcp conflict

Command: show ip dhcp conflict Function: Displays log information for addresses that have a conflict record. Command mode: Admin and Configuration Mode. Example:
Switch# show ip dhcp conflict
IP AddressDetection methodDetection Time
10.1.1.1PingFRI JAN 02 00:07:01 2002
Displayed informationExplanation
IP AddressConflicting IP address
Detection methodMethod in which the conflict is detected.
Detection TimeTime when the conflict is detected.

26.1.29 show ip dhcp relay information option

Command: show ip dhcp relay information option Function: Show the relative configuration for DHCP relay option82. Command mode: Admin and Configuration Mode. Example: Set the admin mode timeout value to 6 minutes. Switch#show ip dhcp relay information option ip dhcp server relay information option(i.e. option 82) is enabled ip dhcp relay information option(i.e. option 82) is enabled

26.1.30 show ip dhcp server statistics

Command: show ip dhcp server statistics Function: Displays statistics of all DHCP packets for a DHCP server. Command mode: Admin and Configuration Mode. Example: Switch# show ip dhcp server statistics Address pools 3 Database agents 0 Automatic bindings 2 Manual bindings 0 Conflict bindings 0 Expired bindings 0 Malformed message 0 Message Received BOOTREQUEST 3814 DHCPDISCOVER 1899
DHCPREQUEST 6
DHCPDECLINE 0
DHCPRELEASE 1
DHCPINFORM 1
Message Send
BOOTREPLY 1911
DHCPOFFER 6
DHCPACK 6
DHCPNAK 0
DHCPRELAY 1907
DHCPFORWARD 0
Switch#
Displayed informationExplanation
Address poolsNumber of DHCP address pools configured.
Database agentsNumber of database agents.
Automatic bindingsNumber of addresses assigned automatically
Manual bindingsNumber of addresses bound manually
Conflict bindingsNumber of conflicting addresses
Expired bindingsNumber of addresses whose leases are expired
Malformed messageNumber of error messages.
Message ReceivedStatistics for DHCP packets received
BOOTREQUESTTotal packets received
DHCPDISCOVERNumber of DHCPDISCOVER packets
DHCPREQUESTNumber of DHCPREQUEST packets
DHCPDECLINENumber of DHCPDECLINE packets
DHCPRELEASENumber of DHCPRELEASE packets
DHCPINFORMNumber of DHCPINFORM packets
Message SendStatistics for DHCP packets sent
BOOTREPLYTotal packets sent
DHCPOFFERNumber of DHCPOFFER packets
DHCPACKNumber of DHCPACK packets
DHCPNAKNumber of DHCPNAK packets
DHCPRELAYNumber of DHCPRELAY packets
DHCPFORWARDNumber of DHCPFORWARD packets

26.2 Commands for DHCP Relay Configuration

26.2.1 ip forward-protocol udp bootps

Command: ip forward-protocol udp bootps no ip forward-protocol udp bootps Function: Sets DHCP relay to forward UPD broadcast packets on the port; the "no ip forward-protocol udp bootps"command cancels the service. Parameter: bootps forwarding UDP port as 67 DHCP broadcast packets. Default: Not forward UPD broadcast packets by default. Command mode: Global Mode Usage Guide: The forwarding destination address is set in the "ip helper-address" command and described later. Example: Setting DHCP packets to be forwarded to 192.168.1.5. Switch(config)#ip forward-protocol udp boots Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip helper-address 192.168.1.5

26.2.2 ip helper-address

Command: ip helper-address no ip helper-address Function: Specifies the destination address for the DHCP relay to forward UDP packets. The "no ip helper-address " command cancels the setting. Command mode: Interface Configuration Mode Usage Guide: The DHCP relay forwarding server address corresponds to the port forwarding UDP, i.e. DHCP relay forwards corresponding UDP packets only to the corresponding server instead of all UDP packets to all servers. When this command is run after "ip forward-protocol udp " command, the forwarding address configured by this command receives the UDP packets from . The combination of "ip forward-protocol udp " command and this command should be used for configuration.

26.2.3 show ip forward-protocol

Command: show ip forward-protocol Function: Show the configured port ID of the protocol which support the forwarding of broadcast packets, it means the port ID for forwarding DHCP packets. Command mode: Admin and configuration mode Example: Switch#show ip forward-protocol Forward protocol(UDP port): 67(active)

26.2.4 show ip helper-address

Command: show ip helper-address Function: Show the configuration relation for the port ID of the protocol (It can forward broadcast packets), the interface (It supports forwarding function) and the forwarded destination IP. Command mode: Admin and configuration mode Example: Switch#show ip helper-address Forward protocol Interface Forward server 67(active) Vlan1 192.168.1.1

Chapter 27 Commands for DHCPv6

27.1 clear ipv6 dhcp binding

Command:

clear ipv6 dhcp binding [] [pd ]

Function:

To clear one specified DHCPv6 assigned address binding record or all the IPv6 address binding records.

Parameter:

is the specified IPv6 address with binding record; is the specified IPv6 prefix with binding record; To clear all IPv6 address binding record if there is no specified record.

Command Mode:

Admin Configuration Mode.

Usage Guide:

DHCPv6 IPv6 address binding information can be displayed through the command show ipv6 dhcp binding. If DHCPv6 client does not use the DHCPv6 allocated IPv6 address but when the life time of the IPv6 address does not end, the DHCPv6 server will not remove its bind for this address. In this situation, the address binding information can be removed manually through this command; and if no parameter is appended, this command will remove all the address binding information, then all addresses and prefix will be assigned again in the DHCPv6 address pool.

Example:

To delete all binding record of IPv6 address and prefix. Switch# clear ipv6 dhcp binding

Relative Command:

show ipv6 dhcp binding

27.2 clear ipv6 dhcp conflict

Command:

clear ipv6 dhcp conflict [
]

Function:

Clear the address with the conflict record in address conflict log.

Parameter:

is the specified address with the conflict record, no specified address will clear all conflict records.

Command Mode:

Admin Mode

Usage Guide:

With show ipv6 dhcp conflict command, the user can check the conflict in which IP addresses. With this command, the user can clear the conflict record of an address. If no specified address will clear the conflict record of all addresses in log. After the conflict records are cleared in log, these addresses can be used by DHCPv6 server again.

Example:

When administrator checks the conflict logs, administrator discovers that address 2001::1 with the conflict record is not used, so its record will be cleared from address conflict files. Switch#clear ipv6 dhcp conflict 2001::1

27.3 clear ipv6 dhcp statistics

Command:

clear ipv6 dhcp statistics

Function:

Clear the statistic records of DHCPv6 packets, the statistic counter of DHCPv6 packets is cleared.

Command Mode:

Admin Mode.

Usage Guide:

With show ipv6 dhcp statistics command, the user can check the statistic information of the counter for DHCPv6 packets, all statistic information is an accumulative value. With this command will clear the counter to check the debugging conveniently.

Example:

Clear the counter of DHCPv6 packets. Switch#clear ipv6 dhcp statistics

27.4 debug ipv6 dhcp client packet

Command:

debug ipv6 dhcp client {event | packet} no debug ipv6 dhcp client {event | packet}

Function:

To enable the debugging messages for protocol packets of DHCPv6 prefix delegation client, the no form of this command will disable the debugging information.

Default:

Disabled.

Command Mode:

Admin Mode.

Example:

Switch# debug ipv6 dhcp client packet

27.5 debug ipv6 dhcp detail

Command:

debug ipv6 dhcp detail no debug ipv6 dhcp detail

Function:

To display the debug information of all kinds of packets received or sent by DHCPv6, the no form of this command disabled this function.

Default:

Disabled.

Command Mode:

Admin Mode.

Example:

Switch# debug ipv6 dhcp detail

27.6 debug ipv6 dhcp relay packet

Command:

debug ipv6 dhcp relay packet no debug ipv6 dhcp relay packet

Function:

To enable the debugging information for protocol packets of DHCPv6 relay, the no form of this command will disable the debugging.

Default:

Disabled.

Command Mode:

Admin Mode.

Example:

Switch# debug ipv6 dhcp relay packet

27.7 debug ipv6 dhcp server

Command:

debug ipv6 dhcp server { event | packet } no debug ipv6 dhcp server { event | packet }

Function:

To enable the debugging information of DHCPv6 server, the no form of this command will disable the debugging.

Parameter:

event is to enable debugging messages for DHCPv6 server events, such as address allocation; packet is for debugging messages of protocol packets of DHCPv6 server.

Default:

Disabled.

Command Mode:

Admin Mode.

Example:

Switch#debug ipv6 dhcp server packet

27.8 dns-server

Command:

dns-server no dns-server

Function:

To configure the IPv6 address of the DNS server for DHCPv6 client; the no form of this command will remove the DNS configuration.

Parameter:

is the IPv6 address of DNS Server.

Default:

No configured address pool of DNS Server by default.

Command Mode:

DHCPv6 Address Pool Configuration Mode.

Usage Guide:

For each address pool, at most three DNS server can be configured, and the addresses of the DNS server must be valid IPv6 addresses.

Example:

To configure the DNS Server address of DHCPv6 client as 2001:da8::1. Switch(dhcp-1-config)#dns-server 2001:da8::1

27.9 domain-name

Command:

domain-name no domain-name

Function:

To configure domain name of DHCPv6 client; the no form of this command will delete the domain name.

Parameter:

is the domain name, less than 32 characters.

Command Mode:

DHCPv6 Address Pool Configuration Mode.

Default:

The domain name parameter of address pool is not configured by default.

Usage Guide:

At most 3 domain names can be configured for each address pool.

Example:

To set the domain name of DHCPv6 client as test.com.cn Switch(dhcp-1-config)#domain-name test.com.cn

27.10 excluded-address

Command:

excluded-address no excluded-address

Function:

To configure the specified IPv6 address to be excluded from the address pool, the excluded address will not be allocated to any hosts; the no form of this command will remove the configuration.

Parameter:

is the IPv6 address to be excluded from being allocated to hosts in the address pool.

Default:

Disabled

Command Mode:

DHCPv6 address pool configuration mode.

Usage Guide:

This command is used to preserve the specified address from DHCPv6 address allocation.

Example:

To configure to exclude 2001:da8:123::1 from DHCPv6 address allocation. Switch(config)#excluded-address 2001:da8:123::1

27.11 ipv6 address

Command:

ipv6 address no ipv6 address

Function:

To configure the specified interface to use prefix delegation for address allocation. The no form of this command will disable the using of prefix delegation for address allocation.

Parameters:

is a string with its length no more than 32, designating or manual configuring the name of the address prefix defined in the prefix pool. is latter part of the IPv6 address excluding the address prefix, as well as its length.

Command Mode:

Interface Configuration Mode.

Default:

No global address is configured for interfaces by default.

Usage Guide:

The IPv6 address of an interface falls into two parts: and /. If routing advertisement has been enabled, the first 64 bits of the addresses will be advertised. The address generated by and combination will be removed, and the advertising of the prefix will be disabled. Only one can be configured for one prefix name.

Example:

If the prefix name my-prefix designates 2001:da8:221::/48, then the following command will add the address 2001:da8:221:2008::2008 to interface VLAN1. Switch(Config-if-Vlan1)# ipv6 address my-prefix 0:0:0:2008::2008/64

27.12 ipv6 dhcp client pd

Command:

ipv6 dhcp client pd [rapid-commit] no ipv6 dhcp client pd

Function:

To configure DHCPv6 prefix delegation client for the specified interface. The no form of this command will disable the DHCPv6 prefix delegation client and remove the allocated address prefix.

Parameters:

is the string with its length no more than 32, which designates the name of the address prefix. If rapid-commit optional is specified and the prefix delegation server enables the rapid-commit function, then the prefix delegation server will reply the prefix delegation client with the REPLY message directly. And the prefix delegation request will be accomplished by exchanging messages once.

Command Mode:

Interface Configuration Mode.

Default:

DHCPv6 prefix delegation client is not enabled by default.

Usage Guide:

This command is used to configure the prefix delegation client on the specified interface, an interface with prefix delegation client enabled will send SOLICIT packets to try to get address prefix from the server. If the prefix is retrieved correctly, the address prefix in the global address pool can be used by the ipv6 address command to generate a valid IPv6 address. This command is exclusive with ipv6 dhcp server and ipv6 dhcp relay destination. If the prefix delegation client is disabled for an interface, then the address prefix which is get from this interface through prefix delegation client, will be removed from the global address pool. Also the interface address which is generated by the prefix delegation client will be removed, and routing advertisement with the prefix will be disabled. If any general prefix has been configured by the ipv6 general-prefix command, the same prefix learnt from prefix delegation will be disagreed.

Example:

Switch(Config-if-Vlan1)#ipv6 dhcp client pd ClientA rapid-commit

27.13 ipv6 dhcp client pd hint

Command:

ipv6 dhcp client pd hint no ipv6 dhcp client pd hint

Function:

Designate the prefix demanded by the client and its length. The no operation of this command will delete that prefix and its length from the specified interface.

Parameters:

means the prefix demanded by the client and its length.

Command Mode:

Interface Configure Mode.

Default Settings:

There is no such configuration in the system by default.

Usage Guide:

The system designates a prefix and its length on the interface for a client. If client prefix-proxy demanding function is enabled on the interface and hint function is enabled on the switch, the user will have prior claim to the prefix it demands and the prefix length when the server allocates them. Only one hint prefix is allowed in the system.

Examples:

Switch(vlan-1-config)#ipv6 dhcp client pd hint 2001::/48

27.14 ipv6 dhcp pool

Command:

ipv6 dhcp pool no ipv6 dhcp pool

Function:

To configure the address pool for DHCPv6, and enter the DHCPv6 address pool configuration mode. In this mode, information such as the address prefix to be allocated, the DNS server addresses, and domain names, can be configured for the DHCPv6 client. The no form of this command will remove the configuration of the address pool.

Parameter:

< poolname> is the address pool name of DHCPv6 with its length no more than 32.

Default:

Any DHCPv6 address pool are not configured by default.

Command Mode:

Global Mode.

Usage Guide:

This command should be launched in global configuration mode, and falls in DHCPv6 address pool configuration mode if launched successfully. To remove a configured address pool, interface bindings related to the address pool, as well as the related address bindings will be removed.

Example:

To define an address pool, named 1. Switch(config)#ipv6 dhcp pool 1

27.15 ipv6 dhcp relay destination

Command:

ipv6 dhcp relay destination {[<ipv6-address>] [interface { <interface-name> | vlan <1-4096> } ] }
no ipv6 dhcp relay destination { [<ipv6-address>] [ interface { <interface-name> | vlan <1-4096> } ] }

Function:

To configure the destination to which the DHCPv6 relay forwards the DHCPv6 requests from the clients, the destination should be the address of an external DHCPv6 relay or the DHCPv6 server. The no form of this command will remove the configuration.

Parameters:

<ipv6-address> is the address of the destination to which the DHCPv6 relay forwards; <interface-name> or VLAN is the interface name or VLAN id which is used for forwarding of DHCPv6 requests, <interface-name> should be a lay three VLAN name, and the VLAN id is limited between 1 and 4096. If <ipv6-address> is a global unicast address, the interface parameter should not be configured; If <ipv6-address> is an local address, the interface parameter is required be configured; The destination address for the DHCPv6 server will be the multicast address of ALL_DHCP_Servers (FF05::1:3), if the interface parameter is configured only.

Command Mode:

Interface Configuration Mode.

Default:

By default, destination address for DHCPv6 relay is not configured.

Usage Guide:

This command is used to configure the DHCPv6 relay for the specified interface, the address should be the address of another DHCPv6 relay or the address DHCPv6 server. At most three relay addresses can be configured for an interface. To be mentioned, the DHCPv6 relay stops working only if all the relay destination address configurations have been removed. This command is mutually exclusive to "ipv6 dhcp server" and "ipv6 dhcp client pd" commands.

Example:

Switch(Config-if-Vlan1)#ipv6 dhcp relay destination 2001:da8::1

27.16 ipv6 dhcp server

Command:

ipv6 dhcp server [preference ] [rapid-commit] [allow-hint] no ipv6 dhcp server

Function:

This command configures the address pool which will be allocated by the DHCPv6 server through the specified interface. The no form of this command will remove the address pool configuration.

Parameters:

is a string with its length less than 32, which designates the name of the address pool which is associated with the specified interface. If the rapid-commit option has been specified, the DHCPv6 server send a REPLY packet to the client immediately after receiving the SOLICIT packet. If the preference option has been specified, will be the priority of the DHCPv6 server, with its value allowed between 0 and 255, and with 0 by default, the bigger the preference value is, the higher the priority of the DHCPv6 server. If the allow-hint option has been specified, the client expected value of parameters will be appended in its request packets.

Command Mode:

Interface Configuration Mode.

Default:

DHCPv6 address pool based on port is not configured by default.

Usage Guide:

This command configure the DHCPv6 address pool which is applied by the DHCPv6 server for the specified interface, as well as optional parameters. One port only can configure the one DHCPv6 address pool.

Example:

Switch(Config-if-Vlan1)#ipv6 dhcp server PoolA preference 80 rapid-commit allow-hint

27.17 ipv6 general-prefix

Command:

ipv6 general-prefix no ipv6 general-prefix

Function:

To define an IPv6 general prefix. The no form of this command will delete the configuration.

Parameter:

is a character string less than 32 characters, to use as IPv6 general prefix name. is defined as IPv6 general prefix.

Command Mode:

Global Mode.

Default:

IPv6 general prefix is not configured by default.

Usage Guide:

If IPv6 general prefix is configured, the interface will use the configured prefix for IPv6 address generating. Commonly, the general prefix is used for enterprise IPv6 prefix, and when entering an IPv6 address, users can simply add the address suffix of to the name of the general prefix. The configured address prefix will be reserved in the general address prefix pool. At most 8 general prefix can be configured at the same time. When trying to remove a configured general prefix name, the operation will fail if any interfaces used the configured prefix. Only one general prefix for a prefix name. The general prefix can not use the same prefix definition with prefixes learnt from prefix delegation.

Example:

To set the prefix of 2001:da8:221::/48 to general prefix my-prefix. Switch(config)# ipv6 general-prefix my-prefix 2001:da8:221::/48

27.18 ipv6 local pool

Command:

ipv6 local pool no ipv6 local pool

Function:

To configure the address pool for prefix delegation. The no form of this command will remove the IPv6 prefix delegation configuration.

Parameters:

is the name for the IPv6 address pool of the prefix delegation, the length name string should be less than 32. is the address prefix and its length of the prefix delegation. is the length of the prefix in the address pool which can be retrieved by the client, the assigned prefix length should be no less than the value of

Command Mode:

Global Mode.

Default:

No IPv6 prefix delegation address pool is configured by default.

Usage Guide:

This command should be used with the "prefix delegation pool" command to allocate address prefixes to the clients. If IPv6 prefix delegation is removed, the associated "prefix delegation" command will be in-effective either.

27.19 lifetime

Command:

lifetime { | infinity} { | infinity} no lifetime

Function:

To configure the life time for the addresses or the address prefixes allocated by DHCPv6. The no form of this command will restore the default setting.

Parameters:

and are the valid life time and preferred life time respectively for the allocated IPv6 addresses in the local address pool. Its value is allowed to be between 1 and 31536000 in seconds, and should never be bigger than . The infinity parameter designates the maximum life time.

Command Mode:

DHCPv6 Address Pool Configuration Mode.

Default:

The default valid life time and preferred life time are 2592000 seconds (30 days) and 604800 seconds (7 days) respectively.

Example:

To configure the valid life time as 1000 seconds, and the preferred life time as 600 seconds. Switch(config)#lifetime 1000 600

27.20 network-address

Command:

network-address <ipv6-pool-start-address> {<ipv6-pool-end-address> | <prefix-length>}
[eui-64]
no network-address

Function:

To configure the DHCPv6 address pool; the no form of this command will remove the address pool configuration.

Parameters:

is the start of the address pool; is the end of the address pool; is the length of the address prefix, which is allowed to be between 3 and 128, and 64 by default, the size of the pool will be determined by if it has been specified. and alternative options to determine the size of the IPv6 address pool. If is 64 and the eui-64 option has been configured, the DHCPv6 server will allocate IPv6 addresses according to the EUI-64 standard, or the DHCPv6 server will be allocating addresses sequentially.

Default:

No address pool is configured by default.

Command Mode:

DHCPv6 Address Pool Configuration Mode.

Usage Guide:

This command configures the address pool for the DHCPv6 server to allocate addresses, only one address range can be configured for each address pool. To be noticed, if the DHCPv6 server has been enabled, and the length of the IPv6 address prefix has been configured, the length of the prefix in the address pool should be no less than the length of the prefix of the IPv6 address of the respective layer three interfaces in the switch. If is bigger than , this command returns at once.

Example:

To configure the address range for address pool as 2001:da8:123::100-2001:da8:123::200. Switch(dhcp-1-config)#network-address 2001:da8:123::100 2001:da8:123::200

Relative Command:

excluded-address

27.21 prefix-delegation

Command:

prefix-delegation <ipv6-prefix/prefix-length> <client-DUID> [iaid <iaid>] [lifetime {<valid-time> | infinity} {<preferred-time> | infinity}]
no prefix-delegation <ipv6-prefix/prefix-length> <client-DUID> [iaid <iaid>]

Function:

To configure dedicated prefix delegation for the specified user. The no form of this command will remove the dedicated prefix delegation.

Parameters:

<ipv6-prefix/prefix-length> is the length of the prefix to be allocated to the client. <client-DUID> is the DUID of the client. DUID with the type of DUID-LLT and DUID-LL are supported, the DUID of DUID-LLT type should be of 14 characters. <iaid> is the value to be appended in the IA_PD field of the clients' requests. <valid-time> and <preferred-time> are the valid life time and the preferred life time of the IPv6 address allocated to the clients respectively, in seconds, and its value is allowed between 1 and 31536000. However, <preferred-time> should never be bigger than <valid-time>. If not configured, the default <valid-time> will be 2592000, while <preferred-time> will be 604800. The infinity parameter means the life time is infinity.

Command Mode:

DHCPv6 Address Pool Configuration Mode.

Default:

Disabled.

Usage Guide:

This command configures the specified IPv6 address prefix to bind with the specified client. If no IAID is configured, any IA of any clients will be able get this address prefix. At most eight static binding address prefix can be configured for each address pool. For prefix delegation, static binding is of higher priority than the prefix address pool.

Example:

The following command will allocate 2001:da8::/48 to the client with DUID as 0001000600000005000BBFAA2408, and IAID as 12. 

Switch(dhcp-1-config)#prefix-delegation 2001:da8::/48 0001000600000005000BBFAA2408iaid 12

27.22 prefix-delegation pool

Command:

prefix-delegation pool <poolname> [lifetime {<valid-time> | infinity} {<preferred-time> | infinity}]
no prefix-delegation pool <poolname>

Function:

o configure prefix delegation name used by DHCPv6 address pool. The no form of this command deletes the configuration.

Parameters:

<poolname> is the name of the address prefix pool, the length name string should be less than 32. <valid-time> and <preferred-time> are the valid life time and the preferred life time of the IPv6 address allocated to the clients respectively, in seconds, and its value is allowed between 1 and 31536000. However, <preferred-time> should never be bigger than <valid-time>. If not configured, the default <valid-time> will be 2592000, while <preferred-time> will be 604800. The infinity parameter means the life time is infinity.

Command Mode:

DHCPv6 address pool configuration mode.

Default:

The prefix delegation name used by DHCPv6 address pool is not configured.

Usage Guide:

This command configures the name of the address prefix pool for address allocation. If configured, the addresses in the prefix address pool will be allocated to the clients. This command can be used in association with the ipv6 local pool command. For one address pool, only one prefix delegation pool can be bound. When trying to remove the prefix name configuration, the prefix delegation service of the server will be unavailable, if both the address pool is not associated with the prefix delegation pool and no static prefix delegation binding is enabled.

Example:

Switch(dhcp-1-config)#prefix-delegation pool abc

27.23 service dhcpv6

Command: service dhcpv6 no service dhcpv6 Function: To enable DHCPv6 server function; the no form of this command disables the configuration. Default: Disabled. Command Mode: Global Mode. Usage Guide: The DHCPv6 services include DHCPv6 server function, DHCPv6 relay function, DHCPv6 prefix delegation function. All of the above services are configured on ports. Only when DHCPv6 server function is enabled, the IP address assignment of DHCPv6 client, DHCPv6 relay and DHCPv6 prefix delegation functions enabled can be configured on ports. Examp: To enable DHCPv6 server. Switch(config)#service dhcpv6

27.24 show ipv6 dhcp

Command: show ipv6 dhcp Function: To show the enable switch and DUID of DHCPv6 service. Command Mode: Admin and Configuration Mode. Usage Guide: To show the enable switch and DUID of DHCPv6 service, this command only can support the DUID type of DUID-LLT. The DUID types are the same not only displayed but also required in client and server identifier options. Example: Switch#show ipv6 dhcp DHCPv6 is enabled LLT DUID is <00:01:00:01:43:b7:1b:81:00:03:0f:01:5f:9d> LL DUID is <00:03:00:01:00:03:0f:01:5f:9d>

27.25 show ipv6 dhcp binding

Command:

show ipv6 dhcp binding [| pd |count]

Function:

To show all the address and prefix binding information of DHCPv6.

Parameter:

is the specified IPv6 address; count show the number of DHCPv6 address bindings.

Command Mode:

Admin and Configuration Mode.

Usage Guide:

To show all the address and prefix binding information of DHCPv6, include type, DUID, IAID, prefix, valid time and so on.

Example:

Switch#show ipv6 dhcp binding Client: iatype IANA, iaid 0x0e001d92 DUID: 00:01:00:01:0f:55:82:4f:00:19:e0:3f:d1:83 IANA leased address: 2001:da8::10 Preferred lifetime 604800 seconds, valid lifetime 2592000 seconds Lease obtained at %Jan 01 01:34:44 1970 Lease expires at %Jan 31 01:34:44 1970 (2592000 seconds left) The number of DHCPv6 bindings is 1

27.26 show ipv6 dhcp conflict

Command:

show ipv6 dhcp conflict

Function:

Show the log for the address that have a conflict record.

Command Mode:

Admin and Configuration Mode.

Example:

Switch# show ipv6 dhcp conflict

27.27 show ipv6 dhcp interface

Command:

show ipv6 dhcp interface []

Function:

To show the information for DHCPv6 interface.

Parameter:

is the name and number of interface, if the parameter is not provided, then all the DHCPv6 interface information will be shown.

Command Mode:

Admin and Configuration Mode.

Usage Guide:

To show the information for DHCPv6 interface, include Port Mode (Prefix delegation client, DHCPv6 server, DHCPv6 relay), and the relative conformation information under all kinds of mode.

Example:

Switch#show ipv6 dhcp interface vlan10 Vlan10 is in server mode Using pool: poolv6 Preference value: 20 Rapid-Commit is disabled

27.28 show ipv6 dhcp pool

Command:

show ipv6 dhcp pool []

Function:

To show the DHCPv6 address pool information.

Command Mode:

Admin and Configuration Mode.

Usage Guide:

is the DHCPv6 address pool name which configured already, and the length less than 32 characters. If the parameter is not provided, then all the DHCPv6 address pool information will be shown.

Example:

Switch#show ipv6 dhcp pool poolv6

27.29 show ipv6 dhcp statistics

Command: show ipv6 dhcp statistics Function: To show the statistic of all kinds of DHCPv6 packets by DHCPv6 server. Command Mode: Admin and Configuration Mode. Example:
Switch#show ipv6 dhcp server statistics
Address pools1
Active bindings0
Expiried bindings0
Malformed message0
MessageRecieved
DHCP6SOLICIT0
DHCP6ADVERTISE0
DHCP6REQUEST0
DHCP6REPLY0
DHCP6RENEW0
DHCP6REBIND0
DHCP6RELEASE0
DHCP6DECLINE0
DHCP6CONFIRM0
DHCP6RECONFIGURE0
DHCP6INFORMREQ0
DHCP6RELAYFORW0
DHCP6RELAYREPLY0
MessageSend
DHCP6SOLICIT0
DHCP6ADVERTISE0
DHCP6REQUEST0
DHCP6REPLY0
DHCP6RENEW0
DHCP6REBIND0
DHCP6RELEASE0
DHCP6DECLINE0
DHCP6CONFIRM0
DHCP6RECONFIGURE
DHCP6INFORMREQ0
DHCP6RELAYFORW0
DHCP6RELAYREPLY0
Show informationExplanation
Address poolsTo configure the number of DHCPv6 address pools;
Active bindingsThe number of auto assign addresses;
Expiried bindingsThe number of expiried bindings;
Malformed messageThe number of malformed messages;
Message RecievedThe statistic of received DHCPv6 packets.
DHCP6SOLICITThe number of DHCPv6 SOLICIT packets.
DHCP6ADVERTISEThe number of DHCPv6 ADVERTISE packets.
DHCPv6REQUESTThe number of DHCPv6 REQUEST packets.
DHCP6REPLYThe number of DHCPv6 REPLY packets.
DHCP6RENEWThe number of DHCPv6 RENEW packets.
DHCP6REBINDThe number of DHCPv6 REBIND packets.
DHCP6RELEASEThe number of DHCPv6 RELEASE packets.
DHCP6DECLINEThe number of DHCPv6 DECLINE packets.
DHCP6CONFIRMThe number of DHCPv6 CONFIRM packets.
DHCP6RECONFIGUREThe number of DHCPv6 RECONFIGURE packets.
DHCP6INFORMREQThe number of DHCPv6 INFORMREQ packets.
DHCP6RELAYFORWThe number of DHCPv6 RELAYFORW packets.
DHCP6RELAYREPLYThe number of DHCPv6 RELAYREPLY packets.
Message SendThe statistic of sending DHCPv6 packets
DHCP6SOLICITThe number of DHCPv6 SOLICIT packets.
DHCP6ADVERTISEThe number of DHCPv6 ADVERTISE packets.
DHCPv6REQUESTThe number of DHCPv6 REQUEST packets.
DHCP6REPLYThe number of DHCPv6 REPLY packets.
DHCP6RENEWThe number of DHCPv6 RENEW packets.

27.30 show ipv6 general-prefix

Command: show ipv6 general-prefix Function: To show the IPv6 general prefix pool information. Command Mode: Admin and Configuration Mode. Usage Guide: To show the IPv6 general prefix pool information, include the prefix number in general prefix pool, the name of every prefix, the interface of prefix obtained, and the prefix value. Example: Switch#show ipv6 general-prefix

27.31 show ipv6 local pool

Command: show ipv6 local pool Function: To show the statistic information of DHCPv6 prefix pool. Command Mode: Admin and Configuration Mode. Usage Guide: To show the statistic information of DHCPv6 prefix pool, include the name of prefix pool, the prefix and prefix length as well as assigned prefix length, the number of assigned prefix and information in DHCPv6 address pool. Example: Switch#show ipv6 local pool Pool Prefix Free In use a 2010::1/48 65536 0

Chapter 28 Commands for DHCP Option 82

28.1 debug ip dhcp relay packet

Command: debug ip dhcp relay packet Function: This command is used to display the information of data packets processing in DHCP Relay Agent, including the "add" and "peel" action of option 82. Command Mode: Admin Mode. Usage Guide: Use this command during the operation to display the procedure of data packets processing of the server and to display the corresponding option82 operation information. Identified option 82 information of the request message and the option 82 information returned by the reply message. Example: Display the information of data packets processing in DHCP Relay Agent. Switch(config)#debug ip dhcp relay packet

28.2 ip dhcp relay information option

Command: ip dhcp relay information option no ip dhcp relay information option Function: Set this command to enable the option82 function of the switch Relay Agent. The “no ip dhcp relay information option” command is used to disable the option82 function of the switch Relay Agent. Default Settings: The system disables the option82 function by default. Command Mode: Global configuration mode

Usage Guide:

Only the DHCP Relay Agents configuring with this command can add option82 to the DHCP request message, and let the server to process it. Before enabling this function, users should make sure that the DHCP service is enabled and the Relay Agent will transmit the udp broadcast messages whose destination port is 67.

Example:

Enable the option82 function of the Relay Agent. Switch(config)#service dhcp Switch(config)# ip forward-protocol udp bootps Switch(config)# ip dhcp relay information option

28.3 ip dhcp relay information option delimiter

Command:

ip dhcp relay information option delimiter [colon | dot | slash | space] no ip dhcp relay information option delimiter

Function:

Set the delimiter of each parameter for suboption of option82 in global mode, no command restores the delimiter as slash.

Command Mode:

Global mode

Default Settings:

slash (/").

User Guide:

Divide the parameters with the configured delimiters after users have defined them which are used to create suboption (remot-de, circuit-id) of option82 in global mode.

Example:

Set the parameter delimiters as dot (“.”) for suboption of option82. Switch(config)#ip dhcp relay information option delimiter dot

28.4 ip dhcp relay information option remote-id

Command:

ip dhcp relay information option remote-id {standard | } no ip dhcp relay information option remote-id

Function:

Set the suboption2 (remote ID option) content of option 82 added by DHCP request packets (They are received by the interface). The no command sets the additive suboption2 (remote ID option) format of option 82 as standard.

Parameters:

standard means the default VLAN MAC format. means the remote-id content of option 82 specified by users, its length can not exceed 64 characters.

Command Mode:

Global Mode

Default Settings:

Use standard format to set remote-id of option 82.

User Guide:

The additive option 82 information needs to associate with third-party DHCP server, it is used to specify the remote-id content by users when the standard remote-id format can not satisfy server's request.

Example:

Set the suboption remote-id of DHCP option82 as street-1-1. Switch(config)#ip dhcp relay information option remote-id street-1-1

28.5 ip dhcp relay information option remote-id format

Command:

ip dhcp relay information option remote-id format {default | vs-hp}

Function:

Set remote-id format of Relay Agent option82.

Parameters:

default means that remote-id is the VLAN MAC address with hexadecimal format, vs-hp means that remote-id is compatible with the remote-id format of HP manufacturer.

Command Mode:

Global mode

Default Setting:

default.

User Guide:

The default remote-id format defined as below: ![](images/5dcda668388a3a5a0be65fb4230e117723f142bff4918e7c0c79f359bf10308d.jpg)
text_image Remote option type Length 2 6 MAC 1 byte 1 byte 6 byte
MAC means VLAN MAC address. The compatible remote-id format with HP manufacturer defined as below: ![](images/2ae738706621658af5e907dd0009e81acc236a81517f6030f91db7622b8f7a69.jpg)
text_image Remote option type Length 2 4 IP 1 byte 1 byte 4 byte
IP means the primary IP address of layer 3 interface where DHCP packets from.

Example:

Set remote-id of Relay Agent option82 as the compatible format with HP manufacturer. Switch(config)#ip dhcp relay information option remote-id format vs-hp

28.6 ip dhcp relay information option self-defined remote-id

Command:

ip dhcp relay information option self-defined remote-id {hostname | mac | string WORD} no ip dhcp relay information option self-defined remote-id

Function:

Set creation method for option82, users can define the parameters of remote-id suboption by themselves.

Parameters:

WORD the defined character string of remote-id by themselves, the maximum length is 64.

Command Mode:

Global Mode

Default:

Using standard method.

User Guide:

After configure this command, if users do not configure remote-id on interface, it will create remote-id suboption for option82 according to self-defined method. For mac, use the format such as 00-02-d1-2e-3a-0d if it is filled to packets with ascii format, but hex format occupies 6 bytes. Each option will be filled to packets according to the configured order of the commands and divide them with delimiter (delimiter is ip dhcp relay information option delimiter configuration).

Example:

Set self-defined method and character string of remote-id suboption are hostname and abc respectively for option82. Switch(config)#ip dhcp relay information option self-defined remote-id hostname string abc

28.7 ip dhcp relay information option self-defined remote-id format

Command:

ip dhcp relay information option self-defined remote-id format [ascii | hex]

Function:

Set self-defined format of remote-id for relay option82.

Command Mode:

Global Mode

User Guide:

self-defined format use ip dhcp relay information option type self-defined remote-id to create remote-id format.

Example:

Set self-defined method of remote-id as hex for relay option82. Switch(config)# ip dhcp relay information option self-defined remote-id format hex

28.8 ip dhcp relay information option self-defined subscriber-id

Command:

ip dhcp relay information option self-defined subscriber-id {vlan | port | id (switch-id (mac | hostname)| remote-mac)| string WORD } no ip dhcp relay information option self-defined subscriber-id

Function:

Set creation method for option82, users can define the parameters of circute-id suboption by themselves.

Parameters:

WORD the defined character string of circuit-id by themselves, the maximum length is 64.

Command Mode:

Global Mode

Default:

Using standard method.

User Guide:

After configure this command, if users do not configure circuit-id on interface, it will create circuit-id suboption for option82 according to self-defined method. Self-defined format of circuit-id: if self-defined format is ascii, the filled format of vlan such as "Vlan2", the format of port such as "Ethernet1/0/1", the format of mac and remote-mac such as "00-02-d1-2e-3a-0d". If self-defined format is hex, the filled format of vlan occupies 2 bytes, port occupies 4 bytes, a byte means slot (for chassis switch, it means slot ID, for box switch, it is 1), a byte means Module (the default is 0), two bytes means port ID beginning from 1, mac and remote-mac occupy 6 bytes. Each option will be filled to packets according to the configured order of the commands and divide them with delimiter (delimiter is ip dhcp relay information option delimiter configuration).

Example:

Set self-defined method of circuit-id suboption as port, mac for option82. Switch(config)# ip dhcp relay information option self-defined subscriber-id port id switch-id mac

28.9 ip dhcp relay information option self-defined subscriber-id format

Command:

ip dhcp relay information option self-defined subscriber-id format [ascii | hex]

Function:

Set self-defined format of circuit-id for relay option82.

Command Mode:

Global Mode

Default:

ascii.

User Guide:

self-defined format use ip dhcp relay information option type self-defined subscriber-id to create circuit-id format.

Example:

Set self-defined format of circuit-id as hex for relay option82. Switch(config)# ip dhcp relay information option self-defined subscriber-id format hex

28.10 ip dhcp relay information option subscriber-id

Command:

ip dhcp relay information option subscriber-id {standard | } no ip dhcp relay information option subscriber-id

Function:

This command is used to set the format of option82 sub-option1(Circuit ID option) added to the DHCP request messages from interface, standard means the standard vlan name and physical port name format, like"Vlan2+Ethernet1/0/12", is the circuit-id contents of option82 specified by users, which is a string no longer than 64 characters. The"no ip dhcp relay information option subscriber-id" command will set the format of added option82 sub-option1 (Circuit ID option) as standard format.

Command Mode:

Interface configuration mode.

Default:

The system uses the standard format to set the circuit-id of option 82 by default.

User Guide:

Because the option 82 information added for the switch should cooperate with the third party DHCP server, if the standard circuit-id format of the switch cannot satisfy the server's request, this method will be provided for users to specify the contents of circuit-id according to the situation of the server.

Example:

Set the sub-option circuit-id of DHCP option82 as foobar. Switch(config-if-vlan1)#ip dhcp relay information option subscriber-id foobar

28.11 ip dhcp relay information option subscriber-id format

Command: ip dhcp relay information option subscriber-id format {hex | acsii | vs-hp} Function: Set subscriber-id format of Relay Agent option82. Parameters: hex means that subscriber-id is VLAN and port information with hexadecimal format, acsii means that subscriber-id is VLAN and port information with ACSII format. vs-hp means that subscriber-id is compatible with the format of HP manufacturer. Command Mode: Global Mode Default: ascii. User Guide: VLAN and port information with ASCII format, such as "Vlan1+Ethernet1/0/11", VLAN and port information with hexadecimal format defined as below: ![](images/c13393c568b216bd497b7f1c09a190a0be8148655ed89d16399c1b71882c0233.jpg)
text_image Suboption type Length Circuit ID type Length 1 8 0 6 VLAN Slot Module Port
1 byte 1 byte 1 byte 1 byte 2 byte 1 byte 1 byte 2 byte VLAN field fills in VLAN ID. For chassis switch, Slot means slot number, for box switch, Slot is 1; default Module is 0; Port means port number which begins from 1. The compatible subscriber-id format with HP manufacturer defined as below: ![](images/f3c3c1cdca1b5c60bb0e39d541af9f6dc75059b1d79577804448b8fce31f6cca.jpg)
text_image Suboption type Length 1 2 Port 1 byte 1 byte 2 byte
Port means port number which begins from 1. Example: Set subscriber-id format of Relay Agent option82 as hexadecimal format. Switch(config)#ip dhcp relay information option subscriber-id format hex

28.12 ip dhcp relay information policy

Command:

ip dhcp relay information policy {drop | keep | replace} no ip dhcp relay information policy

Function:

This command is used to set the retransmitting policy of the system for the received DHCP request message which contains option82. The drop mode means that if the message has option82, then the system will drop it without processing; keep mode means that the system will keep the original option82 segment in the message, and forward it to the server to process; replace mode means that the system will replace the option 82 segment in the existing message with its own option 82, and forward the message to the server to process. The “no ip dhcp relay information policy” will set the retransmitting policy of the option 82 DCHP message as “replace”.

Command Mode:

Interface configuration mode.

Default:

The system uses replace mode to replace the option 82 segment in the existing message with its own option 82.

User Guide:

Since the DHCP client messages might go through several DHCP Relay Agents when passed to the DHCP server, the latter Relay Agents on the path should set policies to decide how to process the option82 added by Relay Agents before them. The selection of option 82 retransmitting policies should take the configuration policy of the DHCP server into account.

Example:

Set the retransmitting policy of DHCP messages option 82 as keep. Switch(Config-if-Vlan1)# ip dhcp relay information policy keep

28.13 ip dhcp server relay information enable

Command:

ip dhcp server relay information enable no ip dhcp server relay information enable

Function:

This command is used to enable the switch DHCP server to identify option82. The "no ip dhcp server relay information enable" command will make the server ignore the option 82.

Command Mode:

Global configuration mode

Default:

The system disable the option82 identifying function by default.

User Guide:

If the users want the switch DHCP server to identify option82 and return option 82 information in the reply message, this command needs to be set, or, the switch DHCP server will ignore the option82.

Example:

Set the DHCP server to support option82 Switch(Config-if-Vlan1)# ip dhcp server relay information enable

28.14 show ip dhcp relay information option

Command:

show ip dhcp relay information option

Function:

This command will display the state information of the DHCP option 82 in the system, including option82 enabling switch, the interface retransmitting policy, the circuit ID mode and the switch DHCP server option82 enabling switch.

Command Mode:

Admin and Global Configuration Mode.

User Guide:

Use this command to check the state information of Relay Agent option82 during operation.

Example:

Switch#show ip dhcp relay information option ip dhcp server relay information option(i.e. option 82) is disabled ip dhcp relay information option(i.e. option 82) is enabled Vlan2: ip dhcp relay information policy keep ip dhcp relay information option subscriber-id standard Vlan3: ip dhcp relay information policy replace ip dhcp relay information option subscriber-id foobar

Chapter 29 Commands for DHCPv6 option37, 38

29.1 Commands for DHCPv6 option37, 38

29.1.1 address range

Command: address range no address range Function: This command is used to set address range for a DHCPv6 class in DHCPv6 address pool configuration mode, the no command is used to remove the address range. The prefix/plen form is not supported. Parameters: start-ip, defines the start address of the address pool end-ip, defines the end address of the address pool Command Mode: Admin Mode. Usage Guide: It is necessary to check the address range assigned to class in order to make sure that it doesn't exceed the address range of relevant address pool. A class is assigned a single address range and the address range assigned to different class in the same address pool can overlap. If you do not use this command to assign address range for a DHCPv6 class, then the range for it will be the whole subnet of the address pool by default. Example: Associate a DHCPv6 class named CLASS1 to dhcpv6 pool 1 and assign the address range from 2001:da8:100:1::2 to 2001:da8:100:1::30 for CLASS1. Switch(Config)#ipv6 dhcp pool 1 Switch(dhcp-1-config)#class CLASS1 Switch(dhcp-1-class-CLASS1-config)#address range 2001:da8:100:1::2 2001:da8:100:1::30

29.1.2 class

Command:

class no class

Function:

This command associates class to address pool in DHCPv6 address pool configuration mode and enters class configuration mode in address pool. Use the no command to remove the link.

Parameters:

class-name, the name of DHCPv6 class.

Command Mode:

DHCPv6 address pool configuration mode

Usage Guide:

It is recommended to define this class first using global command of IPv6 DHCP class. No class will be created if you input a class name which doesn't exist.

Example:

Associate the DHCPv6 class named CLASS1 to dhcpv6 pool 1. Switch(Config)#ipv6 dhcp pool 1 Switch(dhcp-1-config)#class CLASS1

29.1.3 ipv6 dhcp class

Command:

ipv6 dhcp class no ipv6 dhcp class

Function:

This command defines a DHCPv6 class and enters DHCPv6 class configuration mode, the no operation of this command removes this DHCPv6 class.

Parameters:

class-name, the name of DHCPv6 class which is a string with a length of less than 32

Command Mode:

Global configuration mode

Usage Guide:

Configure a group of option 37 or option 38, or configure option 37 and option 38 simultaneously in a DHCPv6 class. This command can be used when the server supports DHCPv6 class only.

Example:

Define a DHCPv6 class named CLASS1. Switch(Config)# ipv6 dhcp class CLASS1

29.1.4 ipv6 dhcp relay remote-id

Command:

ipv6 dhcp relay remote-id no ipv6 dhcp relay remote-id

Function:

This command is used to set the form of adding option 37 in received DHCPv6 request packets, of which is the remote-id in user-defined option 37 and it is a string with a length of less than 128. The no operation of this command restores remote-id in option 37 to enterprise-number together with vlan MAC address.

Parameters:

remote-id, user-defined content of option 37.

Default:

Using vlan MAC address as remote-id content by default such as "00-01-ac-12-23" with '-' hyphen.

Command Mode:

Interface configuration mode

Usage Guide:

Because the option 37 information added by switch may associate with third-party DHCPv6 servers, users can specify the remote-id content based on server condition when default remote-id of the switch cannot satisfy the demand of server. The enterprise-number together with vlan MAC address is used as the remote-id by default.

Example:

Enable abc as the remote-id of DHCPv6 option 37. Switch(Config-if-vlan1)# ipv6 dhcp relay remote-id abc

29.1.5 ipv6 dhcp relay remote-id option

Command:

ipv6 dhcp relay remote-id option no ipv6 dhcp relay remote-id option

Function:

This command enables switch relay to support the option 37, the no form of this command disables it.

Default:

Disable the relay option 37.

Command Mode:

Global configuration mode

Usage Guide:

Only after this command is configured, DHCPv6 relay agent can add option 37 in DHCPv6 request packets before sending it to server or next relay agent. Make sure that DHCPv6 service has been enabled before execute this command.

Example:

Enable the switch relay to support option 37. Switch(Config)#service dhcpv6 Switch(Config)#ipv6 dhcp relay remote-id option

29.1.6 ipv6 dhcp relay subscriber-id

Command:

ipv6 dhcp relay subscriber-id no ipv6 dhcp relay subscriber-id

Function:

This command is used to set the form of adding option 38 in received DHCPv6 request packets, of which is the subscriber-id in user-defined option 38 and it is a string with a length of less than 128. The no operation of this command restores subscriber-id in option 38 to vlan name together with port name such as "Vlan2+Ethernet1/0/2".

Parameters:

subscriber-id, user-defined content of option 38

Default:

Set subscriber-id in option 38 to vlan name together with port name.

Command Mode:

Interface configuration mode

Usage Guide:

Because the option 38 information added by switch may associate with third-party DHCPv6 servers, users can specify the subscriber-id content based on server condition when standard subscriber-id of the switch cannot satisfy the demand of server. The vlan name together with physical port name is used as the subscriber-id in option 38 by default.

Example:

Enable abc as the subscriber-id of DHCPv6 option 38. Switch(Config-if-vlan1)# ipv6 dhcp relay subscriber-id abc

29.1.7 ipv6 dhcp relay subscriber-id option

Command:

ipv6 dhcp relay subscriber-id option no ipv6 dhcp relay subscriber-id option

Function:

This command enables switch relay to support the option 38, the no form of this command disables it.

Default:

Disable the relay option 38.

Command Mode:

Global configuration mode

Usage Guide:

Only after this command is configured, DHCPv6 relay agent can add option 38 in DHCPv6 request packets before sending it to server or next relay agent. Make sure that DHCPv6 service has been enabled before execute this command. The option 38 of switch relay is disabled by default.

Example:

Enable the switch relay to support option 38. Switch(Config)#service dhcpv6 Switch(Config)#ipv6 dhcp relay subscriber-id option

29.1.8 ipv6 dhcp relay subscriber-id select delimiter

Command:

ipv6 dhcp relay subscriber-id select (sp | sv | pv | spv) delimiter WORD (delimiter WORD |) no ipv6 dhcp relay subscriber-id select delimiter

Function:

Configures user configuration options to generate subscriber-id. The no form of this command restores to its original default configuration, i.e. vlan name together with port name.

Parameters:

(sp | sv | pv | spv): a selection in combinations of slot, port and vlan, among which sp represents slot and port, sv represents slot and vlan, pv represents port and vlan, and spv represents slot, port and vlan. WORD: the delimiter between slot, port and vlan which ranges among (\#|.|.|;|:/|space). Note that there're two delimiter WORDs here, of which the former is the delimiter between slot and port and the latter is the one between port and vlan.

Command Mode:

Global configuration mode

Usage Guide:

The command has no effect on ports with self-defined subscriber-id. If user redefines the subscriber-id of the port after using the command, the user-defined one prevails. This configuration is null by default.

Example:

Switch(config)# ipv6 dhcp relay subscriber-id select sp delimiter #

29.1.9 ipv6 dhcp server remote-id option

Command:

ipv6 dhcp server remote-id option no ipv6 dhcp server remote-id option

Function:

This command enables DHCPv6 server to support the identification of option 37, the no form of this command disables it.

Default:

Do not support option 37.

Command Mode:

Global configuration mode

Usage Guide:

Configure this command if option 37 options is expected to be identified and processed by DHCPv6 server, otherwise they will be ignored. Option 37 is not supported by default.

Example:

Enable the DHCPv6 server to support option 37. Switch(Config)# ipv6 dhcp server remote-id option

29.1.10 ipv6 dhcp server select relay-forw

Command:

ipv6 dhcp server select relay-forw no ipv6 dhcp server select relay-forw

Function:

This command enables the DHCPv6 server to support selections when multiple option 37 or option 38 options exist and the option 37 and option 38 of relay-forw in the innermost layer are selected. The no operation of it restores the default configuration, i.e. selecting option 37 and option 38 of the original packets.

Default:

Selecting option 37 and option 38 of the original packets.

Command Mode:

Interface configuration mode

Usage Guide:

Make sure that the server has been enabled to support option 37 and option 38 before use this command. The system selects option 37 and option 38 of the original packets by default.

Example:

Configure that the vlan1 interface of DHCPv6 server selects option 37 and option 38 of relay-forw in the innermost layer. Switch (Config-if-vlan1)# ipv6 dhcp server select relay-forw

29.1.11 ipv6 dhcp server subscriber-id option

Command:

ipv6 dhcp server subscriber-id option no ipv6 dhcp server subscriber-id option

Function:

This command enables DHCPv6 server to support the identification of option 38, the no operation of this command disables it.

Default:

Do not support option 38.

Command Mode:

Global configuration mode

Usage Guide:

Configure this command if option 38 is expected to be identified and processed by DHCPv6 server, otherwise they will be ignored. option 38 is not supported by default.

Example:

Enable DHCPv6 server to support option 38. Switch(Config)# ipv6 dhcp server subscriber-id option

29.1.12 ipv6 dhcp snooping remote-id

Command:

ipv6 dhcp snooping remote-id no ipv6 dhcp snooping remote-id

Function:

This command is used to set the form of adding option 37 in received DHCPv6 request packets, of which is the content of remote-id in user-defined option 37 and it is a string with a length of less than 128. The no form of this command restores remote-id in option 37 to enterprise-number together with vlan MAC address.

Parameters:

remote-id, user-defined content of option 37.

Default:

Using vlan MAC address as remote-id content by default such as "00-01-ac-12-23" with '-' hyphen.

Command Mode:

Port mode

Usage Guide:

Because option 37 information added by switch may associate with third-party DHCPv6 servers, users can specify remote-id content based on server condition when standard remote-id of the switch cannot satisfy the demand of server. The enterprise-number together with vlan MAC address is used as the remote-id by default.

Example:

Enable abc as remote-id of DHCPv6 option 37. Switch(Config-if-Ethernet1/0/1)# ipv6 dhcp snooping remote-id abc

29.1.13 ipv6 dhcp snooping remote-id option

Command:

ipv6 dhcp snooping remote-id option no ipv6 dhcp snooping remote-id option

Function:

This command enables DHCPv6 SNOOPING to support option 37, the no form of this command disables it.

Default:

Disable.

Command Mode:

Global configuration mode

Usage Guide:

Only after this command is configured, DHCPv6 SNOOPING can add option 37 in DHCPv6 packets before sending it to server or relay agent. Make sure that DHCPv6 SNOOPING has been enabled before execute this command. The system disables option 37 of DHCPv6 SNOOPING by default.

Example:

Enable option 37 in DHCPv6 SNOOPING. Switch(Config)#ipv6 dhcp snooping enable Switch(Config)#ipv6 dhcp snooping remote-id option

29.1.14 ipv6 dhcp snooping remote-id policy

Command:

ipv6 dhcp snooping remote-id policy {drop | keep | replace} no ipv6 dhcp snooping remote-id policy

Function:

This command is used to configure the reforward policy of the system when receiving DHCPv6 packets with option 37, among which the drop mode means that the system simply discards it with option 37, keep mode means that the system keeps option 37 unchanged and forwards the packets to the server and replace mode means that the system replaces option 37 of current packets with its own before forwarding it to the server. The no operation of this command sets reforward policy of DHCPv6 packets with option 37 as replace.

Default:

Using replace mode to replace option 37 of current packets with system's own.

Command Mode:

Global configuration mode

Usage Guide:

Since DHCPv6 client packets may already include option 37 information, corresponding processing policy of DHCPv6 SNOOPING is required to develop. If the forwarding policy is set as replace, option 37 has to be enabled in advance. Use replace mode to replace option 37 of current packets with system's own by default.

Example:

Configure the reforward policy of DHCPv6 packets with option 37 as keep for DHCPv6 SNOOPING. Switch(Config)# ipv6 dhcp snooping remote-id policy keep

29.1.15 ipv6 dhcp snooping subscriber-id

Command:

ipv6 dhcp snooping subscriber-id no ipv6 dhcp snooping subscriber-id

Function:

This command is used to set the form of adding option 38 in received DHCPv6 request packets, of which is the content of subscriber-id in user-defined option 38 and it is a string with a length of less than 128. The no operation of this command restores subscriber-id in option 38 to vlan name together with port name such as "Vlan2+Ethernet1/0/2".

Parameters:

subscriber-id, user-defined content of option 38

Default:

Set subscriber-id in option 38 to vlan name together with port name.

Command Mode:

Port mode

Usage Guide:

Because option 38 information added by switch may associate with third-party DHCPv6 servers, users can specify subscriber-id content based on server condition when standard subscriber-id of the switch cannot satisfy the demand of server. The vlan name together with physical port name is used as subscriber-id in option 38 by default.

Example:

Enable abc as subscriber-id of DHCPv6 option 38. Switch(Config-if-Ethernet1/0/1)#ipv6 dhcp snooping subscriber-id abc

29.1.16 ipv6 dhcp snooping subscriber-id option

Command:

ipv6 dhcp snooping subscriber-id option no ipv6 dhcp snooping subscriber-id option

Function:

This command enables DHCPv6 SNOOPING to support option 38, the no form of this command disables it.

Default:

Disable option 38 of DHCPv6 SNOOPING.

Command Mode:

Global configuration mode

Usage Guide:

Only after this command is configured, DHCPv6 SNOOPING can add option 38 in DHCPv6 packets before sending it to server or relay agent. Make sure that DHCPv6 SNOOPING has been enabled before executing this command. The system disables option 38 of DHCPv6 SNOOPING by default.

Example:

Enable option 38 in DHCPv6 SNOOPING. Switch(Config)#ipv6 dhcp snooping enable Switch(Config)#ipv6 dhcp snooping subscriber-id option

29.1.17 ipv6 dhcp snooping subscriber-id policy

Command:

ipv6 dhcp snooping subscriber-id policy {drop | keep | replace} no ipv6 dhcp snooping subscriber-id policy

Function:

This command is used to set the reforward policy of the system when receiving DHCPv6 packets with option 38, among which the drop mode means that the system simply discards it with option 38, keep mode means that the system keeps option 38 unchanged and forwards the packets to the server and replace mode means that the system replaces option 38 of current packets with its own before forwarding it to the server. The no operation of this command sets the reforward policy of DHCPv6 packets with option 38 as replace.

Default:

Using replace mode to replace option 38 of current packets with system's own.

Command Mode:

Global configuration mode

Usage Guide:

Since DHCPv6 client packets may already include option 38 information, corresponding processing policy of DHCPv6 SNOOPING is requested to develop. If the reforward policy is set as replace, option 38 has to be enabled in advance. The system disables option 38 of DHCPv6 SNOOPING by default.

Example:

Set the reforward policy of DHCPv6 packets with option 38 as keep for DHCPv6 SNOOPING. Switch (Config)# ipv6 dhcp snooping subscriber-id policy keep

29.1.18 ipv6 dhcp snooping subscriber-id select delimiter

Command:

ipv6 dhcp snooping subscriber-id select (sp | sv | pv | spv) delimiter WORD (delimiter WORD | ) no ipv6 dhcp snooping subscriber-id select delimiter

Function:

Configure user configuration options to generate subscriber-id. The no form of this command restores to its original default configuration, i.e. vlan name together with port name.

Parameters:

(sp | sv | pv | spv), a selection from combinations of slot, port and vlan, among which sp represents slot and port, sv represents slot and vlan, pv represents port and vlan, and spv represents slot, port and vlan. WORD, the delimiter between slot, port and vlan which ranges among (\#|.|.|;|:|/|space). Note that there're two delimiter WORDs here, of which the former is the delimiter between slot and port while the latter is that between port and vlan.

Command Mode:

Global configuration mode

Usage Guide:

This command has no effect on ports with self-defined subscriber-id. If a user redefines subscriber-id of the port after configuring the command, the user-defined one prevails. This configuration is null by default.

Example:

Swithc(config)# ipv6 dhcp snooping subscriber-id select sv delimiter #

29.1.19 ipv6 dhcp use class

Command:

ipv6 dhcp use class no ipv6 dhcp use class

Function:

This command enables DHCPv6 server to support DHCPv6 class during address assignment, the no operation of this command disables it without removing the relative DHCPv6 class information that has been configured.

Default:

DHCPv6 server supports DHCPv6 class during address assignment.

Command Mode:

Global configuration mode

Usage Guide:

By default, DHCPv6 servers support DHCPv6 class during address assignment and the no form of this command doesn't remove DHCPv6 class information that has been configured. Make sure that DHCPv6 service has been enabled before using this command. DHCPv6 server supports DHCPv6 class during address assignment by default.

Example:

Configure DHCPv6 server to support DHCPv6 class during address assignment. Switch(Config)# ipv6 dhcp use class

29.1.20 remote-id subscriber-id

Command:

{remote-id [*] <remote-id> [*] | subscriber-id [*] <subscriber-id> [*]}
no {remote-id [*] <remote-id> [*] | subscriber-id [*] < subscriber-id> [*]}

Function:

This command configures option 37 and option 38 that match the class in IPv6 DHCP class configuration mode.

Parameters:

<remote-id>, a string with a length ranging from 1 to 128 bytes is used to match remote-id in option 37.
<subscriber-id>, a string with a length ranging from 1 to 128 bytes is used to match subscriber-id in option 38.
[*], match zero or more characters.

Command Mode:

IPv6 DHCP Class configuration mode

Usage Guide:

This command configures a mode which matches with the already-defined DHCPv6 class, and a DHCPv6 class may configure multiple commands. If this command is ignored and no mode configured in IPv6 DHCP Class mode, any remote-id or subscriber-id is considered to match with the DHCPv6 class, however, remote-id or subscriber-id must exist in DHCPv6 packet.

Example:

Configure some remote-id or subscriber-id belonging to DHCPv6 class named CLASS1. 
Switch (Config)# ipv6 dhcp class CLASS1
Switch (Dhcpv6-class)# remote-id abc* subscriber-id bcd*
Switch (Dhcpv6-class)# remote-id edf*
Switch (Dhcpv6-class)# subscriber *mmn

29.2 Commands for Monitoring and Debugging

29.2.1 debug ipv6 dhcp detail

Command: debug ipv6 dhcp detail Function: Display the debug about detailed content of various packets sent and received by DHCPv6. If packets with option 37 and option 38, they will also be displayed. This command is applied in the server side as well as the relay side. Command Mode: Admin mode Usage Guide: Enable/disable the display of detailed debug about packets sent and received by DHCPv6. Example: Switch# debug ipv6 dhcp detail %Jan 01 01:38:45 2006 DHCPv6 DETAILS: contents of SOLICIT packet %Jan 01 01:38:45 2006 transaction-ID: 0x00b2d47c %Jan 01 01:38:45 2006 elapsed time option(8), option-len 2 %Jan 01 01:38:45 2006 elapsed time: 0 %Jan 01 01:38:45 2006 client ID option(1), option-len 14 %Jan 01 01:38:45 2006 DUID: 00:01:00:01:0f:55:82:4f:00:19:e0:3f:d1:83 %Jan 01 01:38:45 2006 identity association option(3), option-len 12 %Jan 01 01:38:45 2006 IANA: 0x0e001d92, T1 0, T2 0 %Jan 01 01:38:45 2006 vendor class option(16), option-len 14 %Jan 01 01:38:45 2006 enterprise number : 311 %Jan 01 01:38:45 2006 option request option(6), option-len 6 %Jan 01 01:38:45 2006 requested-option: domain search list %Jan 01 01:38:45 2006 requested-option: DNS server list %Jan 01 01:38:45 2006 requested-option: vendor specific info %Jan 01 01:38:45 2006 remote-id option(37), option-len 14 %Jan 01 01:38:45 2006 remote-id : 0x0a0b0c %Jan 01 01:38:45 2006 subscriber-id option(38), option-len 16 %Jan 01 01:38:45 2006 subscriber-id : 0x0a0b0c0d

29.2.2 debug ipv6 dhcp relay packet

Command: debug ip dhcp relay packet Function: Display the information of relay packet processing. Command Mode: Admin mode Usage Guide: This command is used to display the process of relay packet processed by relay agent together with the action information of option 37 and option 38. Example: 
Switch# debug ip dhcpv6 relay packet
%May 19 16:45:34 2010 DHCPv6 RELAY PACKET: received msg0 from <fe80::211:22ff:fe33:4455> on <Vlan8>
%May 19 16:45:34 2010 DHCPv6 RELAY PACKET: add subscriber-id option "Vlan8+Ethernet1/0/12"

29.2.3 debug ipv6 dhcp snooping packet

Command: debug ipv6 dhcp snooping packet Function: Debug the packets of DHCPv6 SNOOPING. Corresponding information will also be displayed when adding or deleting option 37 and option 38. Command Mode: Admin mode Usage Guide: Enable/disable the information of DHCPv6 packets processed by DHCPv6 Snooping, including the type of received packet, source MAC and destination MAC, client DUID, i.e. the client identification, IA address, preferred lifetime, valid lifetime, and packet discard and so on. Example: 
switch#debug ipv6 dhcp snooping packet
dhcpv6 snooping packet debug is on
switch#%Jan 05 00:26:40 2006 DHCP6SNP EVENT: Parse packet SOLICIT from fe80::200:ff:fe00:1
src MAC 00-00-00-00-00-01 interface Ethernet1/0/23 vlan 24 

%Jan 05 00:26:40 2006 DHCP6SNP PACKET: Receive DHCPv6 packet SOLICIT from fe80::200:ff:fe00:1
src MAC 00-00-00-00-00-01, dst MAC 33-33-00-01-00-02,
interface Ethernet1/0/23 vlan 24,
transaction-ID 6137412, smac host flag 0, dmac host flag 0
%Jan 05 00:26:40 2006 DHCP6SNP PACKET: Forward packet SOLICIT (protocol 0x37)
%Jan 05 00:26:40 2006 DHCP6SNP PACKET: to vlan 24 except port Ethernet1/0/23 (designPort flag 0)
%Jan 05 00:26:40 2006 DHCP6SNP PACKET: and return packet to network stack switch#

29.2.4 show ipv6 dhcp relay option

Command:

show ipv6 dhcp relay option

Function:

Display the configuration of system relay agent, including the enable switch for option 37 and option 38.

Command Mode:

Admin mode

Usage Guide:

Use this command to check relay agents' configuration status for option 37 and option 38.

Example:

Switch#show ipv6 dhcp relay option
remote-id option enable
subscriber-id option enable
Interface Vlan 1: remote-id option configure "abc"

29.2.5 show ipv6 dhcp snooping option

Command:

show ipv6 dhcp snooping option

Function:

Display the configuration information of system snooping, including the enable switch for option 37 and option 38.

Command Mode:

Admin mode

Usage Guide:

Use this command to check snooping configuration status for option 37 and option 38.

Example:

Switch#show ipv6 dhcp snooping option
remote-id option enable
subscriber-id option enable
The slot port vlan select option is : port and vlan
The delimiter is : #

Chapter 30 Commands for DHCP Snooping

30.1 debug ip dhcp snooping binding

Command: debug ip dhcp snooping binding no debug ip dhcp snooping binding Function: This command is use to enable the DHCP SNOOPING debug switch to debug the state of binding data of DHCP SNOOPING. Command Mode: Admin mode Usage Guide: This command is mainly used to debug the state of DHCP SNOOPING task when it adds ARP list entries, dot1x users and trusted user list entries according to binding data.

30.2 debug ip dhcp snooping event

Command: debug ip dhcp snooping event no debug ip dhcp snooping event Function: This command is use to enable the DHCP SNOOPING debug switch to debug the state of DHCP SNOOPING task. Command Mode: Admin mode. Usage Guide: This command is mainly used to debug the state of DHCP SNOOPING task and available of outputting the state of checking binding data and executing port action and so on.

30.3 debug ip dhcp snooping packet

Command:

debug ip dhcp snooping packet no debug ip dhcp snooping packet

Function:

This command is used to enable the DHCP SNOOPING debug switch to debug the message-processing procedure of DHCP SNOOPING.

Command Mode:

Admin Mode.

Usage Guide:

The debug information that the DHCP SNOOPING is processing messages, including every step in the message-processing procedure: adding alarm information, adding binding information, transmitting DHCP messages, adding/peeling option 82 and etc.

30.4 debug ip dhcp snooping packet interface

Command:

debug ip dhcp snooping packet interface {[ethernet] } no debug ip dhcp snooping packet {[ethernet] }

Function:

This command is used to enable the DHCP SNOOPING debug switch to debug the information that DHCP SNOOPING is receiving a packet.

Parameters:

: Interface name.

Command Mode:

Admin Mode.

Usage Guide:

The information that DHCP Snooping is receiving messages from a specific port.

30.5 debug ip dhcp snooping update

Command:

debug ip dhcp snooping update no debug ip dhcp snooping update

Function:

This command is use to enable the DHCP snooping debug switch to debug the communication information between DHCP snooping and helper server.

Command Mode:

Admin Mode.

Usage Guide:

Debug the information of communication messages received and sent by DHCP snooping and helper server.

30.6 enable trustview key

Command:

enable trustview key {0 | 7} no enable trustview key

Function:

To configure DES encrypted key for private packets, this command is also the switch for the private packets encrypt and hash function enabled or not.

Parameter:

is character string length less than 16, which use as encrypted key. 0 for un-encrypted text for the password, while 7 for encrypted.

Command Mode:

Global Mode.

Default:

Disabled.

Usage Guide:

The switch communicates with the TrustView management system through private protocols. By default these packets are not encrypted. In order to prevent spoofing, it can be configured to encrypt these packets. And at the same time, the same password should be configured on TrustView server.

Example:

Enable encrypt or hash function of private message. Switch(config)# enable trustview key 0 digitalchina

30.7 ip dhcp snooping

Command:

ip dhcp snooping enable no ip dhcp snooping enable

Function:

Enable the DHCP Snooping function.

Command Mode:

Globe mode.

Default Settings:

DHCP Snooping is disabled by default.

Usage Guide:

When this function is enabled, it will monitor all the DHCP Server packets of non-trusted ports.

Example:

Enable the DHCP Snooping function. switch(config)#ip dhcp snooping enable

30.8 ip dhcp snooping action

Command:

ip dhcp snooping action {shutdown | blackhole} [recovery ] no ip dhcp snooping action

Function:

Set or delete the automatic defense action of a port.

Parameters:

shutdown: When the port detects a fake DHCP Server, it will be shutdown. blackhole: When the port detects a fake DHCP Server, the vid and source MAC of the fake packet will be used to block the traffic from this MAC. recovery: Users can set to recover after the automatic defense action being executed.(no shut ports or delete corresponding blackhole). second: Users can set how long after the execution of defense action to recover. The unit is second, and valid range is 10-3600.

Command Mode:

Port mode

Default Settings:

No default defense action.

Usage Guide:

Only when DHCP Snooping is globally enabled, can this command be set. Trusted port will not detect fake DHCP Server, so, will never trigger the corresponding defense action. When a port turns into a trusted port from a non-trusted port, the original defense action of the port will be automatically deleted.

Example:

Set the DHCP Snooping defense action of port ethernet1/0/1 as setting blackhole, and the recovery time is 30 seconds. 
switch(config)#interface ethernet 1/0/1
switch(Config-Ethernet1/0/1)#ip dhcp snooping action blackhole recovery 30

30.9 ip dhcp snooping action MaxNum

Command:

ip dhcp snooping action {|default}

Function:

Set the number of defense action that can be simultaneously take effect.

Parameters:

<maxNum>: the number of defense action on each port, the range of which is 1-200, and the value f which is 10 by default.
default: recover to the default value.

Command Mode:

Globe mode

Default Settings:

The default value is 10.

Usage Guide:

Set the max number of defense actions to avoid the resource exhaustion of the switch caused by attacks. If the number of alarm information is larger than the set value, then the earliest defense action will be recovered forcibly in order to send new defense actions.

Example:

Set the number of port defense actions as 100. switch(config)#ip dhcp snooping action 100

30.10 ip dhcp snooping binding

Command:

ip dhcp snooping binding enable no ip dhcp snooping binding enable

Function:

Enable the DHCP Snooping binding function

Command Mode:

Globe mode

Default Settings:

DHCP Snooping binding is disabled by default.

Usage Guide:

When the function is enabled, it will record the binding information allocated by DHCP Server of all trusted ports. Only after the DHCP SNOOPING function is enabled, the binding function can be enabled.

Example:

Enable the DHCP Snooping binding function. switch(config)#ip dhcp snooping binding enable

Relative Command:

ip dhcp snooping enable

30.11 ip dhcp snooping binding arp

Command:

ip dhcp snooping binding arp no ip dhcp snooping binding arp

Function:

Enable the DHCP Snooping binding ARP funciton.

Command Mode:

Globe mode

Default Settings:

DHCP Snooping binding ARP funciton is disabled by default.

Usage Guide:

When this function is enbaled, DHCP SNOOPING will add binding ARP list entries according to binding information. Only after the binding function is enabled, can the binding ARP function be enabled. Binding ARP list entries are static entries without configuration of reservation, and will be added to the NEIGHBOUR list directly. The priority of binding ARP list entries is lower than the static ARP list entries set by administrator, so can be overwritten by static ARP list entries; but, when static ARP list entries are deleted, the binding ARP list entries can not be recovered until the DHCP SNOOPING recapture the bidding information. Adding binding ARP list entries is used to prevent these list entries from being attacked by ARP cheating. At the same time, these static list entries need no reauthenticaiton, which can prevent the switch from the failing to reauthenticate ARP when it is being attacked by ARP scanning. Only after the DHCP SNOOPING binding function is enabled, the binding ARP function can be set.

Example:

Enable the DHCP Snooping binding ARP funciton. switch(config)#ip dhcp snooping binding arp

Relative Command:

ip dhcp snooping binding enable

30.12 ip dhcp snooping binding dot1x

Command:

ip dhcp snooping binding dot1x no ip dhcp snooping binding dot1x

Function:

Enable the DHCP Snooping binding DOT1X funciton.

Command Mode:

Port mode

Default Settings:

By default, the binding DOT1X funciton is disabled on all ports.

Usage Guide:

When this function is enabled, DHCP SNOOPING will notify the DOT1X module about the captured binding information as a DOT1X controlled user. This command is mutually exclusive to "ip dhcp snooping binding user-control" command. Only after the DHCP SNOOPING binding function is enabled, the binding ARP function can be set.

Example:

Enable the binding DOT1X funciton on port ethernet1/0/1. switch(config)#interface ethernet 1/0/1 switch(Config-Ethernet 1/0/1)# ip dhcp snooping binding dot1x

Relative Command:

ip dhcp snooping binding enable ip dhcp snooping binding user-control

30.13 ip dhcp snooping binding user

Command:

ip dhcp snooping binding user <mac> address <ipaddress> <mask> vlan <vid> interface [Ethernet] <ifname>
no ip dhcp snooping binding user <mac> interface [Ethernet] <ifname>

Function:

Configure the information of static binding users

Parameters:

<mac>: The MAC address of the static binding user, which is the only index of the binding user.
<ipaddress> <mask>: The IP address and mask of the static binding user.
<vid>: The VLAN ID which the static binding user belongs to.
<ifname>: The access interface of static binding user.

Command Mode:

Globe mode

Default Settings:

DHCP Snooping has no static binding list entry by default.

Usage Guide:

The static binding users is deal in the same way as the dynamic binding users captured by DHCP SNOOPING; the following actions are all allowed: notifying DOT1X to be a controlled user of DOT1X, adding a trusted user list entry directly, adding a binding ARP list entry. The static binding uses will never be aged, and have a priority higher than dynamic binding users. Only after the DHCP SNOOPING binding function is enabled, the static binding users can be enabled.

Example:

Configure static binding users. 
switch(config)#ip dhcp snooping binding user 00-30-4f-12-34-56 address 192.168.1.16 255.255.255.0 interface Ethernet 1/0/16

Relative Command:

ip dhcp snooping binding enable

30.14 ip dhcp snooping binding user-control

Command: ip dhcp snooping binding user-control no ip dhcp snooping binding user-control Function: Enable the binding user function. Command Mode: Port Mode. Default Settings: By default, the binding user function is disabled on all ports. Usage Guide: When this function is enabled, DHCP SNOOPING will treat the captured binding information as trusted users allowed to access all resources. This command is mutually exclusive to "ip dhcp snooping binding dot1x" command. Only after the DHCP SNOOPING binding function is enabled, the binding ARP function can be set. Example: Enable the binding USER funciton on port ethernet1/0/1. switch(config)#interface ethernet 1/0/1 switch(Config- Ethernet 1/0/1)# ip dhcp snooping binding user-control Relative Command: ip dhcp snooping binding enable ip dhcp snooping binding dot1x

30.15 ip dhcp snooping binding user-control max-user

Command:

ip dhcp snooping binding user-control max-user no ip dhcp snooping binding user-control max-user

Function:

Set the max number of users allowed to access the port when enabling DHCP Snooping binding user funciton; the no operation of this command will restore default value.

Parameters:

the max number of users allowed to access the port, from 0 to 1024.

Command Mode:

Port Configuration Mode.

Default Settings:

The max number of users allowed by each port to access is 1024.

Usage Guide:

This command defines the max number of trust users distributed according to binding information, with ip dhcp snooping binding user-contrl enabled on the port. By default, the number is 1024. Considering the limited hardware resources of the switch, the actual number of trust users distributed depends on the resource amount. If a bigger max number of users is set using this command, DHCP Snooping will distribute the binding informaiton of untrust users to hardware to be trust users as long as there is enough available resources. Otherwise, DHCP Snooping will change the distributed binging informaiton accordint to the new smaller max user number. When the number of distributed bingding informaiton entries reaches the max limit, no new DHCP will be able to become trust user or to access other network resources via the switch.

Examples:

Enable DHCP Snooping binding user funtion on Port ethernet1/0/1, setting the max number of user allowed to access by Port Ethernet1/0/1 as 5. Switch(Config-If-Ethernet1/0/1)# ip dhcp snooping binding user-control max-user 5 ip dhcp snooping binding user-control

30.16 ip dhcp snooping information enable

Command:

ip dhcp snooping information enable no ip dhcp snooping information enable

Function:

This command will enable option 82 function of DHCP Snooping on the switch, the no operation of this command will disable that function.

Default Settings:

Option 82 function is disabled in DHCP Snooping by default.

Command Mode:

Global Configuration Mode.

Usage Guide:

Only by implementing this command, can DHCP Snooping add standard option 82 to DHCP request messages and forward the message. The format of option1 in option 82 (Circuit ID option) is standard vlan name plus physical port name, like "vlan1+ethernet1/12". That of option2 in option 82 (remote ID option) is CPU MAC of the switch, like "00030f023301". If a DHCP request message with option 82 options is received, DHCP Snooping will replace those options in the message with its own. If a DHCP reply message with option 82 options is received, DHCP Snooping will dump those options in the message and forward it. This command and "ip dhcp snooping option82 enable" command are mutually exclusive.

Examples:

Enable option 82 function of DHCP Snooping on the switch. Switch(config)#ip dhcp snooping enable Switch(config)# ip dhcp snooping binding enable Switch(config)# ip dhcp snooping information enable

30.17 ip dhcp snooping information option allow-untrusted

Command:

ip dhcp snooping information option allow-untrusted no ip dhcp snooping information option allow-untrusted

Function:

This command is used to set that allow untrusted ports of DHCP snooping to receive DHCP packets with option82 option. When disabling this command, all untrusted ports will drop DHCP packets with option82 option.

Command Mode:

Global Mode

Default:

Drop DHCP packets with option82 option received by untrusted ports.

Usage Guide:

Usually the switch with DHCP snooping function connects the terminal user directly, so close allow-untrusted by default to avoid option82 option added by user privately. Please set uplink port as trust port when enabling the uplink of DHCP snooping function.

Example:

Enable the function that receives DHCP packets with option82. Switch(config)#ip dhcp snooping information option allow-untrusted

30.18 ip dhcp snooping information option delimiter

Command:

ip dhcp snooping information option delimiter [colon | dot | slash | space] no ip dhcp snooping information option delimiter

Function:

Set the delimiter of each parameter for suboption of option82 in global mode, no command restores the delimiter as slash.

Default Settings:

slash (/").

Command Mode:

Global mode

Usage Guide:

Divide parameters with the configured delimiters after users have defined them which are used to create suboption (remote-id, circuit-id) of option82 in global mode.

Example:

Set the parameter delimiters as dot (“.”) for suboption of option82. Switch(config)# ip dhcp snooping information option delimiter dot

30.19 ip dhcp snooping information option remote-id

Command:

ip dhcp snooping information option remote-id {standard | } no ip dhcp snooping information option remote-id

Function:

Set the suboption2 (remote ID option) content of option 82 added by DHCP request packets (they are received by the port). The no command sets the additive suboption2 (remote ID option) format of option 82 as standard.

Parameters:

standard means the default VLAN MAC format. means the remote-id content of option 82 specified by users, its length can not exceed 64 characters.

Command Mode:

Global Mode

Default:

Use standard format to set remote-id.

Usage Guide:

The additive option 82 needs to associate with third-party DHCP server, it is used to specify the remote-id content by users when the standard remote-id format can not satisfy server's request.

Example:

Set the suboption remote-id of DHCP option82 as street-1-1. Switch(config)#ip dhcp snooping information option remote-id street-1-1

30.20 ip dhcp snooping information option self-defined remote-id

Command:

ip dhcp snooping information option self-defined remote-id {hostname | mac | string WORD} no ip dhcp snooping information option self-defined remote-id

Function:

Set creation method for option82, users can define the parameters of remote-id suboption by themselves.

Parameters:

WORD the defined character string of remote-id by themselves, the maximum length is 64.

Command Mode:

Global Mode

Default:

Using standard method.

Usage Guide:

After configure this command, if users do not configure ip dhcp snooping information option remote-id globally, it will create remote-id suboption for option82 according to self-defined method. For mac, use the format such as 00-02-d1-2e-3a-0d if it is filled to packets with ascii format, but hex format occupies 6 bytes. Each option will be filled to packets according to the configured order of the commands and divide them with delimiter (delimiter is ip dhcp snooping information option delimiter configuration).

Example:

Set self-defined method and character string of remote-id suboption are mac and abc respectively for option82. Switch(config)# ip dhcp snooping information option self-defined remote-id mac string abc

30.21 ip dhcp snooping information option self-defined remote-id format

Command:

ip dhcp snooping information option self-defined remote-id format [ascii | hex]

Function:

Set self-defined format of remote-id for snooping option82.

Command Mode:

Global Mode

Default:

ascii.

Usage Guide:

self-defined format use ip dhcp snooping information option type self-defined remote-id to create remote-id format.

Example:

Set self-defined format of remote-id as hex for snooping option82. Switch(config)# ip dhcp snooping information option self-defined remote-id format hex

30.22 ip dhcp snooping information option self-defined subscriber-id

Command:

ip dhcp snooping information option self-defined subscriber-id {vlan | port | id (switch-id (mac | hostname)| remote-mac) | string WORD} no ip dhcp snooping information option type self-defined subscriber-id

Function:

Set creation method for option82, users can define the parameters of circute-id suboption by themselves.

Parameters:

WORD the defined character string of circuit-id by themselves, the maximum length is 64.

Command Mode:

Global Mode

Default:

Using standard method.

Usage Guide:

After configure this command, if users do not configure circuit-id on port, it will create circuit-id suboption for option82 according to self-defined method. Self-defined format of circuit-id: if self-defined subscriber-id format is ascii, the filled format of vlan such as "Vlan2", the format of port such as "Ethernet1/0/1", the format of mac and remote-mac such as "00-02-d1-2e-3a-0d". If self-defined format is hex, the filled format of vlan occupies 2 bytes, port occupies 4 bytes, a byte means slot (for chassis switch, it means slot ID, for box switch, it is 1), a byte means Module (the default is 0), two bytes means port ID beginning from 1, mac and remote-mac occupy 6 bytes. Each option will be filled to packets according to the configured order of the commands and divide them with delimiter (delimiter is ip dhcp snooping information option delimiter configuration).

Example:

Set self-defined method of circuit-id suboption as vlan, port, mac and remote-mac for option82. Switch(config)#ip dhcp snooping information option self-defined subscriber-id vlan port id remote-mac

30.23 ip dhcp snooping information option self-defined subscriber-id format

Command:

ip dhcp snooping information option self-defined subscriber-id format [ascii | hex]

Function:

Set self-defined format of circuit-id for snooping option82.

Command Mode:

Global Mode

Default:

ascii.

Usage Guide:

self-defined format uses ip dhcp snooping information option type self-defined subscriber-id to create circuit-id format.

Example:

Set self-defined format of circuit-id as hex for snooping option82. Switch(config)#ip dhcp snooping information option self-defined subscriber-id format hex

30.24 ip dhcp snooping information option subscriber-id

Command:

ip dhcp snooping information option subscriber-id {standard | } no ip dhcp snooping information option subscriber-id

Function:

Set the suboption1 (circuit ID option) content of option 82 added by DHCP request packets (they are received by the port). The no command sets the additive suboption1 (circuit ID option) format of option 82 as standard.

Parameters:

standard means the standard format of VLAN name and physical port name, such as Vlan2+Ethernet1/0/12. means the circuit-id content of option 82 specified by users, its length can not exceed 64 characters.

Command Mode:

Port Mode

Default:

Use standard format to set circuit-id.

Usage Guide:

The additive option 82 needs to associate with third-party DHCP server, it is used to specify the circuit-id content by user when the standard circuit-id format can not satisfy server's request.

Example:

Set the suboption circuit-id of DHCP option82 as P2. Switch(config)#ip dhcp snooping information option subscriber-id P2

30.25 ip dhcp snooping information option subscriber-id format

Command: ip dhcp snooping information option subscriber-id format {hex | acsii | vs-hp} Function: This command is used to set subscriber-id format of DHCP snooping option82. Parameters: hex means that subscriber-id is VLAN and port information with hexadecimal format, acsii means that subscriber-id is VLAN and port information with ACSII format. vs-hp means that subscriber-id is compatible with the format of HP manufacturer. Command Mode: Global mode Default: ascii. User Guide: VLAN and port information with ASCII format, such as Vlan1+Ethernet1/0/11, VLAN and port information with hexadecimal format defined as below: ![](images/ff396ad7b7a9f96dd6648036da22665314a31b202d50e4dc4abb0f8b09a5273d.jpg)
text_image Suboption type Length Circuit ID type Length 1 8 0 6 VLAN Slot Module Port
1 byte 1 byte 1 byte 1 byte 2 byte 1 byte 1 byte 2 byte VLAN field fill in VLAN ID. For chassis switch, Slot means slot number, for box switch, Slot is 1; default Module is 0; Port means port number which begins from 1. The compatible subscriber-id format with HP manufacturer defined as below: ![](images/5addac4b47fc36fdc7ab10674c22909a3f2c87b227ce76369c7d0d8eba872f37.jpg)
text_image Suboption type Length 1 2 Port 1 byte 1 byte 2 byte
Port means port number which begins from 1. Example: Set subscriber-id format of DHCP snooping option82 as hexadecimal format. Switch(config)#ip dhcp snooping information option subscriber-id format hex

30.26 ip dhcp snooping limit-rate

Command:

ip dhcp snooping limit-rate no ip dhcp snooping limit-rate

Function:

Set the DHCP message rate limit

Parameters:

: The number of DHCP messages transmitted in every minute, ranging from 0 to 100. Its default value is 100. 0 means that no DHCP message will be transmitted.

Command Mode:

Globe mode

Default Settings:

The default value is 100.

Usage Guide:

After enabling DHCP snooping, the switch will monitor all the DHCP messages and implement software transmission. The software performance of the switch is relative to the type of the switch, its current load and so on. SGS-6341 Series switch message rate limit is 100pps.

Example:

Set the message transmission rate as 50pps. switch(config)#ip dhcp snooping limit-rate 50

30.27 ip dhcp snooping trust

Command:

ip dhcp snooping trust no ip dhcp snooping trust

Function:

Set or delete the DHCP Snooping trust attributes of a port.

Command Mode:

Port mode

Default Settings:

By default, all ports are non-trusted ports

Usage Guide:

Only when DHCP Snooping is globally enabled, can this command be set. When a port turns into a trusted port from a non-trusted port, the original defense action of the port will be automatically deleted; all the security history records will be cleared (except the information in system log).

Example:

Set port ethernet1/0/1 as a DHCP Snooping trusted port switch(config)#interface ethernet 1/0/1 switch(Config- Ethernet 1/0/1)#ip dhcp snooping trust

30.28 ip user helper-address

Command:

ip user helper-address [port ] source [secondary] no ip user helper-address [secondary]

Function:

Set the address and port of HELPER SERVER.

Parameters:

: The IP address of HELPER SERVER 的 IP in dotted-decimal notation. udp\_port: The UDP port of HELPER SERVER, the range of which is 1—65535, and its default value is 9119. src\_addr: The local management IP address of the switch, in dotted-decimal notation. secondary: Whether it is a secondary SERVER address.

Command Mode:

Global mode

Default Settings:

There is no HELPER SERVER address by default.

Usage Guide:

DHCP SNOOPING will send the monitored binding information to HELPER SERVER to save it. If the switch starts abnormally, it can recover the binding data from HELPER SERVER. The HELPER SERVER function usually is integrated into server packet. The DHCP SNOOPING and HELPER SERVER use the UDP protocol to communicate, and guarantee the arrival of retransmitted data. HELPER SERVER configuration can also be used to sent DOT1X user data from the server, the detail of usage is described in the chapter of "dot1x configuration". Two HELPER SERVER addresses are allowed, DHCP SNOOPING will try to connect to PRIMARY SERVER in the first place. Only when the PRIMARY SERVER is unreachable, will the switch c HELPER SERVER connects to SECONDARY SERVER.

Please pay attention:

source address is the effective management IP address of the switch, if the management IP address of the switch changes, this configuration should be updated in time.

Example:

Set the local management IP address as 100.1.1.1, primary HELPER SERVER address as 100.1.1.100 and the port as default value. 
switch(config)#interface vlan 1
switch(Config- If-Vlan1)#ip address 100.1.1.1 255.255.255.0
switch(Config-if-Vlan1)exit
switch(config)#ip user helper-address 100.1.1.100 source 100.1.1.1

30.29 ip user private packet version two

Command:

ip user private packet version two no ip user private packet version two

Function:

The switch choose private packet version two to communicate with trustview.

Command Mode:

Global Mode.

Default:

The switch choose private packet version one to communicate with DCBI.

Usage Guide:

If the DCBI access control system is applied, the switch should be configured to use private protocol of version one to communicate with the DCBI server. However, if TrustView is applied, version two should be applied.

Example:

To configure the switch choose private packet version two to communicate with security management background system. switch(config)#ip user private packet version two

30.30 show ip dhcp snooping

Command:

show ip dhcp snooping [interface [ethernet] ]

Function:

Display the current configuration information of dhcp snooping or display the records of defense actions of a specific port.

Parameters:

: The name of the specific port.

Command Mode:

Admin and Global Configuration Mode.

Usage Guide:

If there is no specific port, then display the current configuration information of dhcp snooping, otherwise, display the records of defense actions of the specific port. Example:
switch#show ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping binding arp: disabled
DHCP Snooping maxnum of action info:10
DHCP Snooping limit rate: 100(pps), switch ID: 0003.0F12.3456
DHCP Snooping dropped packets: 0, discarded packets: 0
DHCP Snooping alarm count: 0, binding count: 0, expired binding: 0, request binding: 0
interfacetrustactionrecoveryalarm numbind num
Ethernet1/0/1trustnone0second00
Ethernet1/0/2untrustnone0second00
Ethernet1/0/3untrustnone0second00
Ethernet1/0/4untrustnone0second01
Ethernet1/0/5untrustnone0second20
Ethernet1/0/6untrustnone0second00
Ethernet1/0/7untrustnone0second00
Ethernet1/0/8untrustnone0second01
Ethernet1/0/9untrustnone0second00
Ethernet1/0/10untrustnone0second00
Ethernet1/0/11untrustnone0second00
Ethernet1/0/12untrustnone0second00
Ethernet1/0/13untrustnone0second00
Ethernet1/0/14untrustnone0second00
Ethernet1/0/15untrustnone0second00
Ethernet1/0/16untrustnone0second00
Ethernet1/0/17untrustnone0second00
Ethernet1/0/18untrustnone0second00
Ethernet1/0/19untrustnone0second00
Ethernet1/0/20untrustnone0second00
Ethernet1/0/21untrustnone0second00
Ethernet1/0/22untrustnone0second00
Ethernet1/0/23untrustnone0second00
Ethernet1/0/24untrustnone0second00
Displayed InformationExplanation
DHCP Snooping is enableWhether the DHCP Snooping is globally enabled or disabled.
DHCP Snooping binding arpWhether the ARP binding function is enabled.
DHCP Snooping maxnum of action infoThe number limitation of port defense actions
DHCP Snooping limit rateThe rate limitation of receiving packets
switch IDThe switch ID is used to identify the switch, usually using the CPU MAC address.
DHCP Snooping dropped packetsThe number of dropped messages when the received DHCP messages exceeds the rate limit.
discarded packetsThe number of discarded packets caused by the communication failure within the system. If the CPU of the switch is too busy to schedule the DHCP SNOOPING task and thus can not handle the received DHCP messages, such situation might happen.
DHCP Snooping alarm count:The number of alarm information.
binding countThe number of binding information.
expired bindingThe number of binding information which is already expired but has not been deleted. The reason why the expired information is not deleted immediately might be that the switch needs to notify the helper server about the information, but the helper server has not acknowledged it.
request bindingThe number of REQUEST information
interfaceThe name of port
trustThe truest attributes of the port
actionThe automatic defense action of the port
recoveryThe automatic recovery time of the port
alarm numThe number of history records of the port automatic defense actions
bind numThe number of port-relative binding information.
switch#show ip dhcp snooping int Ethernet1/0/1
interface Ethernet1/0/1 user config:
trust attribute: untrust
action: none
binding dot1x: disabled
binding user: disabled
recovery interval:0(s)
Alarm info: 0
Binding info: 0
Expired Binding: 0
Request Binding: 0
Displayed InformationExplanation
interfaceThe name of port
trust attributeThe truest attributes of the port
actionThe automatic defense action of the port
recovery intervalThe automatic recovery time of the port
maxnum of alarm infoThe max number of automatic defense actions that can be recorded by the port
binding dot1xWhether the binding dot1x function is enabled on the port
binding userWhether the binding user function is enabled on the port.
Alarm infoThe number of alarm information.
Binding infoThe number of binding information.
Expired BindingThe expired binding information
Request BindingREQUEST information

30.31 show ip dhcp snooping binding all

Command: show ip dhcp snooping binding all Function: Display the current global binding information of DHCP snooping. Command Mode: Admin and Global Configuration Mode. Usage Guide: This command can check the global binding information of DHCP snooping, each table entry includes the corresponding MAC address, IP address, port name, VLAN ID and the flag of the binding state. Example: switch#show ip dhcp snooping binding all ip dhcp snooping static binding count:1169, dynamic binding count:0
MACIP addressInterfaceVlan IDFlag
00-00-00-00-11-11192.168.40.1Ethernet1/0/11S
00-00-00-00-00-10192.168.40.10Ethernet1/0/21D
00-00-00-00-00-11192.168.40.11Ethernet1/0/41D
00-00-00-00-00-12192.168.40.12Ethernet1/0/41D
00-00-00-00-00-13192.168.40.13Ethernet1/0/41SU
00-00-00-00-00-14192.168.40.14Ethernet1/0/41SU
00-00-00-00-00-15192.168.40.15Ethernet1/0/51SL
00-00-00-00-00-16192.168.40.16Ethernet1/0/51SL
The flag explanation of the binding state: S The static binding is configured by shell command D The dynamic binding type U The binding is uploaded to the server R The static binding is configured by the server O DHCP response with the option82 L The hardware drive is announced by the binding X Announcing dot1x module is successful E Announcing dot1x module is failing

30.32 show trustview status

Command: show trustview status Function: To show all kinds of private packets state information, which sending or receiving from TrustView (inter security management background system). Command Mode: Admin and Global Configuration Mode. Usage Guide: This command can be used for debugging the communication messages between the switch and the TrustView server, messages such as protocol version notification, encryption negotiation, free resource and web URL redirection, and the number of forced log-off messages, as well as the number of forced accounting update messages, can be displayed. Example: Switch#show trustview status Primary TrustView Server 200.101.0.9:9119 TrustView version2 message inform succeeded TrustView inform free resource succeeded TrustView inform web redirect address succeeded TrustView inform user binding data succeeded TrustView version2 message encrypt/digest enabled Key: 08:02:33:34:35:36:37:38 Rcvd 106 encrypted messages, in which MD5-error 0 messages, DES-error 0 messages Sent 106 encrypted messages Free resource is 200.101.0.9/255.255.255.255 Web redirect address for unauthenticated users is Rcvd 0 force log-off packets Rcvd 19 force accounting update packets Using version two private packet

Chapter 31 Commands for Routing Policy

31.1 ip prefix-list description

Command: ip prefix-list description no ip prefix-list description Function: Configure the description of the prefix-list. The "no ip prefix-list description" command deletes the description contents. Parameter: is the name of the prefix-list, is the description contents. Command Mode: Global Mode Usage Guide: This command can be used for explaining and describing a prefix-list, e.g. the application and attention matters of the prefix-list. Example: 
Switch#config terminal
Switch(config)#ip prefix-list 3 description This list is used by BGP

31.2 ip prefix-list seq

Command:

ip prefix-list <list_name> [seq <sequence_number>] <deny | permit> <any / ip_addr/mask_length [ge <min_prefix_len>] [le <max_prefix_len>]
no ip prefix-list <list_name> [seq <sequence_number>] [<deny | permit> <any / ip_addr/mask_length [ge <min_prefix_len>] [le <max_prefix_len>]

Function:

Configure the prefix-list. The "no ip prefix-list <list_name> [seq <sequence_number>] [<deny | permit> < any / ip_addr/mask_length [ge <min_prefix_len>] [le <max_prefix_len>]]" command deletes the prefix-list.

Parameter:

<list_name> is the name of prefix-list, "seq" shows the following parameters is the sequence number, <sequence_number> is the sequence number, "deny" means deny this route, "permit" means permit this route, "any" means adaptive to all packets with any prefix as well as any mask length, ip_addr/mask_length shows the prefix address (dotted decimal notation) and the length of mask, "ge" means greater than or equal to, <min_prefix_len> is the minimum length of prefix to be matched (ranging between 0~32), "le" means less than or equal to, <max_prefix_len> is the maximum length of prefix to be matched (ranging between 0~32).

Command Mode:

Global Mode

Usage Guide:

A prefix-list is identified by a prefix-list name. Each prefix-list may include several items each of which independently specifies a matching scope of network prefix-list type which is identified with a sequence-number. sequence-number specifies the sequence of matching check in the prefix-list. In the matching process the switch check in turn every items identified by "sequence-number" ascending. Once certain item obtains the conditions then the prefix-list filter is passed (without proceeding into the next item check)

Attentions should be paid on that at least one item match mode should be "permit" when more than one prefix-list items is defined. The deny mode items can be previously defined so to remove the unsuitable routing messages fast. However if all items are at deny mode then none of the routes would be able to pass the filter of this prefix-list. We here can define a "permit 0.0.0.0/0 ge 0 le 32" item after several defined "deny mode" items so to grant the passage for all other routing messages.

Example:

Switch#config terminal Switch(config)#ip prefix-list mylist seq 12345 deny 10.0.0.0/8 le 22 ge 14

31.3 ip prefix-list sequence-number

Command:

ip prefix-list sequence-number no ip prefix-list sequence-number

Function:

Enable the sequence-number auto-creation function, the "no ip prefix-list sequence-number" command close the prefix-list sequence-number.

Default:

Sequence-number auto-creation enabled.

Command Mode:

Global Mode

Usage Guide:

The command can be used to close the prefix-list sequence-number.

Example:

Switch(config)#no ip prefix-list sequence-number

31.4 match as-path

Command:

match as-path no match as-path []

Function:

Configure the AS path domain for matching the BGP routing messages. The "no match as-path [] "delete this configuration.

Parameter:

is the name of access-list.

Command Mode:

route-map mode

Usage Guide:

This command matches the AS path domain of the BGP routing message following the rules specified in the as-path list. If the matching succeeded, then the “permit” or “deny” action in the route-map is performed.

Example:

Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#match as-path 60

31.5 match community

Command:

match community <community-list-name | community-list-num> [exact-match]
no match community [<community-list-name | community-list-num> [exact-match]]

Function:

Configure the community attributes of BGP routing messages. The “no match community [<community-list-name | community-list-num > [exact-match]]” command deletes this configuration.

Parameter:

<community-list-name > is the name of the community-list, <community-list-num> is the community-list sequence number, ranging between 1~99 (Standard ACL) or 100~199 (Extended ACL), [exact-match] means precise matching.

Command Mode:

route-map mode

Usage Guide:

This command matches the community attributes of the BGP routing message following the rules specified in the community list. If the matching succeeded, then the “permit” or “deny” action in the route-map is performed.

Example:

Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#match community 100 exact-match

31.6 match interface

Command:

match interface <interface-name>
no match interface [<interface-name>]

Function:

Configure to match the interfaces. The "no match interface [<interface-name>]\"deletes this configuration.

Parameter:

“<interface-name>”is the name of the interface.

Command Mode:

route-map mode

Usage Guide:

This command matches according to the next-hop messages in the route. If the matching succeeded, then the "permit" or "deny" action in the route-map is performed. This command is only used in RIP and OSPF protocols.

Example:

Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#match interface vlan1

31.7 match ip

Command:

match ip <address | next-hop> <ip-acl -name | ip-acl -num | prefix-list list-name>
no match ip <address | next-hop> [<ip-acl -name | ip-acl -num | prefix-list list-name>]

Function:

Configure the routing prefix or next-hop. The "no match ip <address / next-hop> [<ip-acl -name | ip-acl -num | prefix-list list-name>]\" deletes this configuration.

Parameter:

<address > means matching the routing prefix, <next-hop>means matching the routing next-hop, <ip-acl -name> is the name of ip access-list, <ip-acl -num> is the ip access-list sequence number, ranging between 1~199 or 1300~2699 (extension scope), prefix-list means the matching should follow the prefix-list rules, list-name is the name of prefix-list.

Command Mode:

route-map mode

Usage Guide:

This command matches according to the next-hop messages or routing prefix in the route. If the matching succeeded, then the “permit” or “deny” action in the route-map is performed.

Example:

Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#match ip address prefix-list mylist

31.8 match ipv6 address

Command:

match ipv6 address no match ipv6 address []

Function:

Configure the prefix for ipv6 routing. If the no form command is enabled, the configuration will be removed.

Parameters:

address is the routing prefix to be matched. is the name of ipv6 access list. Or when the prefix-list is configured. list-name will be the list name to be matched.

Command Mode:

route map mode

Usage Guide:

When this command is enabled, the prefix-list in the routing table will be used for routing decision. And if matched, the permit deny operation in the route map will be executed.

Example:

Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#match ipv6 address prefix-list mylist

31.9 match ipv6 next-hop

Command:

match ipv6 next-hop no match ipv6 next-hop []

Function:

Configure the next hop for ipv6 routing. The no form command will disable the configuration.

Parameters:

next-hop is the next station for routing. ipv6-address is the ipv6 address for the ip address of the interface on the next station.

Command Mode:

route map mode

Usage Guide:

If this command is configured, packets will be delivered according to the next hop information in the routing table. If matched, the permit or deny operation in the route map will be executed.

Example:

Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)# match ipv6 next-hop 2000::1

31.10 match metric

Command: 
match metric <metric-val>
no match metric [<metric-val>]
Function: Match the metric value in the routing message. The "no match metric []" deletes the configuration. Parameter: 
<metric-val> is the metric value, ranging between 0~4294967295.
Command Mode: 
route-map mode
Usage Guide: This command matches according to metric value in the route. If the matching succeeded, then the "permit" or "deny" action in the route-map is performed. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#match metric 60

31.11 match origin

Command: match origin no match origin Function: Configure to matching with the origin of the BGP routing message. The "no match origin " deletes the configuration. Parameter: egp means the route is learnt from the external gateway protocols, igp means the route is learnt from the internal gateway protocols, incomplete means the route origin is uncertain. Command Mode: route-map mode Usage Guide: This command matches according to origin message in the BGP route. If the matching succeeded, then the "permit" or "deny" action in the route-map is performed. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#match origin egp

31.12 match route-type

Command:

match route-type external no match route-type external []

Function:

Configure to matching with the route type of OSPF routing message. The "no match route-type external []\" deletes the configuration.

Parameter:

type-1 means match with the OSPF type 1 external route, type-2 means match with the OSPF type 2 external route.

Command Mode:

route-map mode

Usage Guide:

This command matches according to the type of OSPF routes (OSPF AS-external LSA type is either type 1 or type 2). If the matching succeeded, then the "permit" or "deny" action in the route-map is performed.

Example:

Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#match route-type external type-1

31.13 match tag

Command:

match tag no match tag []

Function:

Configure to matching with the tag domain of the OSPF routing message. The “no match tag []” deletes this configuration.

Parameter:

is the tag value, ranging between 0\~4294967295.

Command Mode:

route-map mode

Usage Guide:

This command matches according to the tag value in the OSPF route. If the matching succeeded, then the “permit” or “deny” action in the route-map is performed.

Example:

Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#match tag 60

31.14 route-map

Command:

route-map <map_name> {deny | permit} <sequence_num>
no route-map <map_name> [{deny | permit} <sequence_num>]

Function:

Configure the route-map and entering the route-map mode. The "no route-map <map_name> [{deny | permit} <sequence_num>] command deletes route-map.

Parameter:

<map_name> is the name of route-map, permit sets route-map matching mode to permit mode, deny sets route-map matching mode to permit mode( set sub will not be executed under this mode ), <sequence_num> is the route-map sequence number, ranging between 1~65535.

Command Mode:

Global Mode

Usage Guide:

A route-map may consist of several nodes each of which is a check unit. The check sequence among nodes is identified by sequence-number. "permit" means the node filter will be passed if all match subs are obtained by current route and then further all the set sub of this node will be executed without entering the check in the next node; if the match subs can not be met, the proceed to the check in next node. Relation among different node should be "or", namely one node check passed then the route filter is passed when the switch checks each node in turn in the route-map. Attentions should be paid on that at least one node match mode should be "permit" when more than one node is defined. When a route-map is used for filtering routing messages, if certain routing message can not pass any node check, then it is considered denied by the route-map. If all nodes in the route-map are set to deny mode, then all routing message should not be able to pass that route-map.

Example:

Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#match as-path 60
Switch(config-route-map)#set weight 30

31.15 set aggregator

Command: 
set aggregator as <as-number> <ip_addr>
no set aggregator as [<as-number> <ip_addr>]
Function: 
Assign an AS number for BGP aggregator. The "no set aggregator as [<as-number> <ip_addr>]\" deletes this configuration.
Parameter: 
<as-number> is the AS number, <ip_addr> is the ip address of the aggregator shown in decimal notation.
Command Mode: 
route-map mode
Usage Guide: 
To use this command, one match clause should at first be defined.
Example: 
Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#set aggregator as 200 10.1.1.1

31.16 set as-path

Command: 
set as-path prepend <as-num>
no set as-path prepend [<as-num>]
Function: 
Add AS numbers in the AS path domain of the BGP routing message. The "no set as-path prepend [<as-num>] command deletes this configuration.
Parameter: 
<as-num> is the AS number, circulating inputting several numbers is available.
Command Mode: 
route-map mode
Usage Guide: 
To add AS number in the As domain of the BGP, the AS path length should be lengthened so to affect the best neighbor path option. To use this command, one match clause should at first be defined.
Example: 
Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#set as-path prepend 200 100.100

31.17 set atomic-aggregate

Command:

set atomic-aggregate no set atomic-aggregate

Function:

Configure the atomic aggregate attributes. The "no set atomic-aggregate" command deletes this configuration.

Command Mode:

route-map mode

Usage Guide:

The BGP informs other BGP speaker by the atomic aggregate attributes. Local system selects a sub-specified route other than the more specified routes included in it. To use this command, one match clause should at first be defined.

Example:

Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set atomic-aggregate

31.18 set comm-list

Command:

set comm-list delete no set comm-list delete

Function:

Configure to delete the community attributes from the inbound or outbound routing messages. The "no set comm-list delete" command deletes the configuration.

Parameter:

is the name of community list, is the sequence number of community list, ranging between 1\~99 (standard community list) or 100\~199 (extended community list).

Command Mode:

route-map mode

Example:

Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set comm-list 100 delete

31.19 set community

Command:

set community [AA:NN] [internet] [local-AS] [no-advertise] [no-export] [none] [additive] no set community [AA:NN] [internet] [local-AS] [no-advertise] [no-export] [none] [additive]

Function:

Configure the community attributes of the BGP routing message. The “no set community [AA:NN] [internet] [local-AS] [no-advertise] [no-export] [none] [additive]” command deletes this configuration.

Parameter:

[AA:NN] is the community attribute value, [internet] is the internet scope, [local-AS] means this route do not announce outside the local AS (but can announce among the sub AS within the confederation), [no-advertise] means this route do not send to any neighbor, [no-export] means this route do not send to EBGP neighbors, [none] means delete the community attributes from the prefix of this route, [additive] means add following existing community attributes.

Command Mode:

route-map mode

Usage Guide:

To use this command, one match clause should at first be defined.

Example:

Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#set community local-as additive

31.20 set extcommunity

Command:

set extcommunity <rt | soo> <AA:NN>
no set extcommunity <rt | soo> [<AA:NN>]

Function:

Configure the extended community attributes of the BGP routing message. The "no set extcommunity [] command deletes this configuration.

Parameter:

is the route target, is the site of origin, is the value of community attributes, amongst AA is AS number, ranging from 1 to 4294967295, it can be shown in decimal notation (such as 6553700) or delimiter method (such as 100.100), NN is a random two byte number.

Command Mode:

route-map mode

Usage Guide:

To use this command, one match clause should at first be defined.

Example:

Set rt as 100:10 
Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#set extcommunity rt 100:10
Set soo as 200.200:10 
Switch(config)#route-map r1 permit 10
Switch(config-route-map)#set extcommunity soo 200.200:10

31.21 set ip next-hop

Command:

set ip next-hop <ip_addr>
no set ip next-hop [<ip_addr>]

Function:

Configure the next-hop of the route. The "no set ip next-hop [] command deletes the configuration.

Parameter:

is the ip address of next-hop shown with dotted decimal notation.

Command Mode:

route-map mode

Example:

Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#set ip next-hop 10.2.2.2

31.22 set local-preference

Command: set local-preference no set local-preference [] Function: Configure the local priority of BGP route. The "no set local-preference [] command deletes this configuration. Parameter: is the value of local priority, ranging between 0\~4294967295. Command Mode: route-map mode Usage Guide: The local priority attribute is the priority level of a route. A route with a higher local priority level when compared with other route of the same destination, will be more preferred than other route. The local priority validates only within this AS and will not be transported to EBGP neighbors. To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set local-preference 60

31.23 set metric

Command: set metric < metric\_val> no set metric [< metric\_val>] Function: Configure the metric value of the route. The "no set metric [] command deletes the configuration. Parameter: is the metric value, ranging between 1\~4294967295. Command Mode: route-map mode

Usage Guide:

The metric value only affects the path option from external neighbors to local AS. The less the metric value is the higher is the priority. Under normal circumstances only the path metric value of the neighbors of the same AS will be compared. To extend the comparison to the metric values of different neighbor path, the bgp always-compare-med command should be configured. To use this command, one match clause should at first be defined.

Example:

Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set metric 60

31.24 set metric-type

Command:

set metric-type no set metric-type []

Function:

Configure the metric type of the OSPF routing message. The "no set metric-type [] command deletes this configuration.

Parameter:

type-1 means matches the OSPF type 1 external route, type-2 means matches the OSPF type 2 external route.

Command Mode:

route-map mode

Usage Guide:

To use this command, one match clause should at first be defined.

Example:

Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set metric-type type-1

31.25 set origin

Command:

set origin <egp | igp | incomplete >
no set origin [<egp | igp | incomplete>]

Function:

Configure the origin code of the BGP routing message. The "no set origin [] command deletes this configuration.

Parameter:

egp means the route is learnt from the external gateway protocols, igp means the route is learnt from the internal gateway protocols, incomplete means the route origin is uncertain.

Command Mode:

route-map mode

Usage Guide:

To use this command, one match clause should at first be defined.

Example:

Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#set origin egp

31.26 set originator-id

Command:

set originator-id <ip_addr>
no set originator-id [<ip_addr>]

Function:

Configure the origin ip address of the BGP routing message. The "no set originator-id [] command deletes the configuration.

Parameter:

is the ip address of the route source shown by dotted decimal notation.

Command Mode:

route-map mode

Usage Guide:

To use this command, one match clause should at first be defined.

Example:

Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#set originator-id 10.1.1.1

31.27 set tag

Command: 
set tag <tag_val>
no set tag [<tag_val>]
Function: Configure the tag domain of OSPF routing messages. The "no set tag []" command deletes this configuration. Parameter: 
<tag-val> is the tag value, ranging between 0~4294967295.
Command Mode: 
route-map mode
Usage Guide: There is a route-tag domain at the AS-external-LSA type LSA. The domain is normally identified by other routing protocols. To use this command, one match clause should at first be defined. Example: 
Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#set tag 60

31.28 set vpnv4 next-hop

Command: 
set vpnv4 next-hop <ip_addr>
no set vpnv4 next-hop [<ip_addr>]
Function: Configure the next-hop of BGP VPNv4 routing message. The "no set vpnv4 next-hop [] command deletes the configuration. Parameter: is the next-hop ip address of VPNv4 route shown by dotted decimal notation. Command Mode: 
route-map mode
Usage Guide: To use this command, one match clause should at first be defined. Example: 
Switch#config terminal
Switch(config)#route-map r1 permit 5
Switch(config-route-map)#set vpnv4 next-hop 10.1.1.1

31.29 set weight

Command: set weight no set weight [] Function: Configure the weight value of BGP routing message. The "no set weight [] command deletes this configuration. Parameter: is weight value, ranging between 0\~4294967295 Command Mode: route-map mode Usage Guide: Weight value is adopted to facilitate the best path option and validates only within the local switch. While there are several route to the same destination the one with higher priority is more preferred. To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set weight 60

31.30 show ip prefix-list

Command: 
show ip prefix-list [<list-name> [<ip_addr/len> [first-match | longer] | seq <sequence-number>]]
Function: Show by prefix-list names. Parameter: is the name of prefix-list, is the prefix ip address and the length of mask, first-match stands for the first route table matched with specified ip address, longer means longer prefix is required, seq means show by sequence number, is the sequence number, ranging between 0\~4294967295. Command Mode: Admin mode Usage Guide: All prefix-list will be listed when no prefix-list name is specified.

Example:

Switch#show ip prefix-list
ip prefix-list 1: 1 entries
deny any
ip prefix-list mylist: 1 entries
deny 1.1.1.1/8
Switch#show ip prefix-list mylist 1.1.1.1/8
seq 5 deny 1.1.1.1/8 (hit count: 0, recount: 0)
Displayed informationExplanation
ip prefix-list mylist: 1 entriesShow a prefix-list named mylist which includes 1 instance.
seq 5 deny 1.1.1.1/8 (hit count: 0, recount: 0)Show the prefix-list contents sequence numbered 5. hit count: 0 means being hit 0 time, recount: 0 means referred 0 time.

31.31 show ip prefix-list

Command:

show ip prefix-list [ []

Function:

Display the contents of the prefix list.

Parameters:

When detail is enabled, detail of prefix-list will be displayed. For summary, it is similar but a summary will be displayed. is the name of the prefix list.

Default:

None.

Command Mode:

Privileged mode and configuration mode

Usage Guide:

If no prefix list name is specified, all the prefix list will be displayed.

Example:

Switch#show ip prefix-list detail mylist
ip prefix-list mylist:
count: 2, range entries: 0, sequences: 5 - 10
seq 5 deny 1.1.1.1/8 (hit count: 0, refcount: 0)
seq 10 permit 2.2.2.2/8 (hit count: 0, refcount: 0)
Switch#show ip prefix-list summary mylist ip prefix-list mylist: count: 2, range entries: 0, sequences: 5 – 10
Displayed informationExplanation
ip prefix-list mylist:To display the prefix list which named mylist.
count: 2, range entries: 0, sequences: 5 - 10count : 2 means there are two prefix list instances. sequences: 5-10 means the sequence number. 5 is the starting sequence number, while 10 is the ending.
deny 1.1.1.1/8 (hit count: 0, refcount: 0)deny 1.1.1.1/8 is contents of the prefix list. hit count:0 means the rule has been matched for zero times. And refcount:0 means the rule is referenced for zero times.

31.32 show route-map

Command: show route-map Function: Show the content of route-map. Command Mode: Admin mode Example: Switch# show route-map route-map a, deny, sequence 10 Match clauses: as-path 60 Set clauses: metric 10
Displayed informationExplanation
route-map a, deny, sequence 10route-map a means the name of route map is a, deny means the deny mode, sequence 10 means the sequence number is 10
Match clauses:Match sub
as-path 60Detailed contents in the Match sub
Set clauses:Set sub
metric 10Detailed content in the Set clause

31.33 show router-id

Command: show router-id Function: Show the content of router-id. Command Mode: Admin and Configuration Mode Example: 1: Switch#show router-id Router ID: 20.1.1.1 (automatic) 2: Switch#show router-id Router ID: 20.1.1.2 (config)

Chapter 32 Commands for Static Route

32.1 ip route

Command:

ip route {<ip-prefix><mask> | <ip-prefix>/<prefix-length>} {<gateway-address> |
<gateway-interface>} [<distance>]
no ip route {<ip-prefix><mask> | <ip-prefix>/<prefix-length>} [<gateway-address> |
<gateway-interface>] [<distance>]

Function:

Configure the static route. The "no ip route { | /} [ | ] [] command deletes the static route.

Parameter:

The and are respectively destination IP address and subnet mask, shown in dotted decimal notation; and are respectively the destination IP address and the length of prefix; is the next-hop IP address shown in dotted decimal notation; is the next-hop interface, is the manage distance of route management, ranging between 1\~255.

Default:

The management distance of static routing is defaulted at 1.

Command Mode:

Global Mode.

Usage Guide:

When configuring the next-hop of static routing, both by specifying the next-hop IP address of the route data packet and the exit interface are available. The default distance values of each route type in the layer 3 switch of our company are listed below:
Route TypeDistance Value
Direct Route0
Static Route1
OSPF110
RIP120
IBGP200
EBGP20
The direct route has the highest priority when each route management distance value remain unchanged and followed by static route, EBGP、OSPF、RIP、IBGP.

Example:

Example 1. Add a static route 
Switch(config)#ip route 1.1.1.0 255.255.255.0 2.1.1.1
Example 2. Add default route 
Switch(config)#ip route 0.0.0.0 0.0.0.0 2.2.2.1

32.2 ip route vrf

Command:

ip route vrf {|} {|null0}[<1-255>] no ip route vrf {|} {|null0}[<1-255>] Function: Configure the static route for the specific VRF. Before use this command, VPN route forwarding instance must be configured. The no form command will delete the configuration.

Parameters:

: The specific VRF name. : The destination IP address. : The sub-net mask shown in dotted decimal format. : The prefix length. : The next hop address. null0: Black hole route. <1-255>: Management distance.

Command Mode:

Global configuration mode. Usage Guide: Configure the static route of VRF-A, the destination IP as 10.1.1.10, the mask as 24 bits, the next hop as 10.1.1.1, the management distance is default: Switch(config)# ip route vrf VRF-A 10.1.1.10 255.255.255.0 10.1.1.1 Switch(config)#

32.3 show ip route

Command:

show ip route [ | | | connected | static | rip | ospf | bgp | isis | kernel | statistics | database [connected | static | rip | ospf | bgp | isis | kernel] | fib[statistics]]

Function:

Show the route table.

Parameter:

is the destination network address; / is the destination network address plus the length of prefix; connected is direct route; static is static route; rip is RIP route; ospf is OSPF route; bgp is BGP route; isis is ISIS route; kernel is kernel route; statistics shows the number of routes; database is route database; fib is kernel route table.

Command Mode:

Admin mode

Usage Guide:

Show all the contents in the route table including: route type, destination network, mask, next-hop address, interface, etc

Example:

switch#show ip route Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area \* - candidate default Gateway of last resort is 210.0.0.3 to network 0.0.0.0 S\* 0.0.0.0/0 [1/0] via 210.0.0.3, Vlan1 C 127.0.0.0/8 is directly connected, Loopback O IA 172.16.11.0/24 [110/40] via 210.14.0.1, Vlan3014, 00:00:47 O IA 172.16.12.0/24 [110/40] via 210.14.0.1, Vlan3014, 00:00:47 O IA 172.16.13.0/24 [110/40] via 210.14.0.1, Vlan3014, 00:00:47 O IA 172.16.14.0/24 [110/40] via 210.14.0.1, Vlan3014, 00:00:47 O IA 172.16.15.0/24 [110/50] via 210.14.0.1, Vlan3014, 00:00:47 O E2 172.16.100.0/24 [110/0] via 210.14.0.1, Vlan3014, 00:00:46
Displayed informationExplanation
C –connectedDirect route, namely the segment directly connected with the layer 3 switch
S –staticStatic route, the route manually configured by users
R - RIP derivedRIP route, acquired by layer 3 switch through the RIP protocol.
O - OSPF derivedOSPF route, acquired by layer 3 switch through the OSPF protocol
A- OSPF ASERoute introduced by OSPF
B- BGP derivedBGP route, acquired by the BGP protocol.
DestinationTarget network
MaskTarget network mask
NexthopNext-hop IP address
InterfaceNext-hop pass-by layer 3 swtich interfaces
PreferenceRoute priority. If other types of route to the target network exists, the kernel route will only shows those with high priority.

32.4 show ip route vrf

Command:

show ip route vrf [connected | static | rip| ospf | bgp | isis| kernel|statistics] database[connected | static | rip| ospf | bgp | isis|kernel]] show ip route fib vrf [default|main|local]

Function:

Show the routing tables entries.

Parameters:

is the name of the forwarding instance of VPN route; is the destination address; / are the network address for the destination as well as the length of the network mask; connected is for direct route; static is for static route; rip is for the RIP route protocol; ospf is for the OSPF route protocol; bgp is for the BGP route protocol; isis is for the ISIS route protocol; kernel is for the kernel route protocol; statistics are the number of route entries to be displayed; database is for the route database; fib is for the core route table.

Command Mode:

all modes.

Usage Guide:

To display the contents of the VPN routing table, including routing type, destination network address, address mask, the address and interface for the next hop, etc.

Chapter 33 Commands for RIP

33.1 accept-lifetime

Command: 
accept-lifetime <start-time> {<end-time>| duration<seconds>| infinite} no accept-lifetime
Function: 
Use this command to specify a key accept on the key chain as a valid time period. The "no accept-lifetime" command deletes this configuration.
Parameter: 
<start-time> parameter specifies the start time of the time period, of which the form should be:
<start-time>={{hh:mm:ss><month><day><year>/<hh:mm:ss><day><month><year}}
<hh:mm:ss> specify the concrete valid time of accept-lifetime in hours, minutes and second
<day> specifies the date of valid, ranging between 1 -31
<month> specifies the month of valid shown with the first three letters of the month, such as Jan
<year> specifies the year of valid start, ranging between 1993 - 2035
<end-time> specifies the due of the time period, of which the form should be:
<end-time>={{hh:mm:ss><month><day><year>/<hh:mm:ss><day><month><year}}
<hh:mm:ss> specify the concrete valid time of accept-lifetime in hours, minutes and second
<day> specifies the date of valid, ranging between 1 -31
<month> specifies the month of valid shown with the first three letters of the month, such as Jan
<year> specifies the year of valid start, ranging between 1995 - 2035
<seconds> the valid period of the key in seconds, ranging between 1-2147483646
Infinite means the key will never be out of date.
Default: No default configuration. Command Mode: keychain-key mode Example: 
The example below shows the accept-lifetime configuration of key 1 on the keychain named mychain. 

Switch# config terminal
Switch(config)# key chain mychain
Switch(config-keychain)# key 1
Switch(config-keychain-key)# accept-lifetime 03:03:01 Dec 3 2004 04:04:02 Oct 6 2006
Related Command: key key-string key chain send-lifetime

33.2 address-family ipv4

Command:

address-family ipv4 vrf no address-family ipv4 vrf

Function:

Configure this command to enable the routing message switching among VRF and enter the address-family mode. The "no address-family ipv4 vrf " command deletes the RIP instances related to this VPN routing/forwarding instance.

Parameter:

specifies the name of VPN routing/forwarding instances.

Command Mode:

router mode

Usage Guide:

This command is only used on PE router. A VPN routing/forwarding instance must be generated with command ip vrf prior to using this command by which the VPN routing/forwarding instances can be related to RIP instances.

Example:

Switch# config terminal Switch(config)# router rip Switch(config-router)# address-family ipv4 vrf VRF1 Switch(config-router-af)#

33.3 clear ip rip route

Command:

clear ip rip route { | kernel | static | connected | rip | ospf | isis | bgp | all}

Function:

Clear specific route in the RIP route table.

Parameter:

Clear the routes which match the destination address from the RIP route table. specifies the IP address prefix and its length of the destination address kernel delete kernel routes from the RIP route table static delete static routes from the RIP route table connected delete direct routes from the RIP route table rip only delete RIP routes from the RIP route table ospf only delete OSPF routes from the RIP route table isis only delete ISIS routes from the RIP route table bgp only delete BGP routes from the RIP route table all delete all routes from the RIP route table

Default:

No default configurations.

Command Mode:

Admin mode

Usage Guide:

Use this command with the all parameter will delete all learnt route in the RIP route which will be immediately recovered except for rip route. The dynamic learnt RIP route can only be recovered by studying one more time.

Example:

Switch# clear ip rip route 10.0.0.0/8 Switch# clear ip rip route ospf

33.4 debug rip

Command:

debug rip [events| nsm| packet[recv|send][detail]| all] no debug rip [events| nsm| packet[recv|send][detail]| all]

Function:

Open various RIP adjustment switches and show various adjustment debugging messages. The “no debug rip [events| nsm| packet[recv|send][detail]| all]” command close corresponding debugging switch.

Parameter:

events shows the debugging messages of RIP events nsm shows the communication messages between RIP and NSM packet shows the debugging messages of RIP data packets recv shows the messages of the received data packets send shows the messages of the sent data packets detail shows the messages of received or sent data packets Default: Debug switch closed.

Command Mode:

Admin mode and global mode

Example:

Switch# debug rip packet Switch#1970/01/01 01:01:43 IMI: SEND[Vlan1]: Send to 224.0.0.9:520 1970/01/01 01:01:43 IMI: SEND[Vlan1]: Send to 224.0.0.9:520 1970/01/01 01:01:47 IMI: RECV[Vlan1]: Receive from 20.1.1.2:520

33.5 debug rip redistribute message send

Command:

debug rip redistribute message send no debug rip redistribute message send

Function:

To enable the debugging of sending messages for routing redistribution messages from OSPF process or BGP protocol for RIP. The no form of this command will disable the debugging messages.

Default:

Close the debug by default.

Command Mode:

Admin Mode.

Example:

Switch#debug rip redistribute message send Switch#no debug rip redistribute message send

33.6 debug rip redistribute route receive

Command:

debug rip redistribute route receive no debug rip redistribute route receive

Function:

To enable debugging of received messages from NSM for RIP. The no form of this command will disable debugging of received messages from NSM for RIP.

Default:

Close the debug by default.

Command Mode:

Admin Mode.

Example:

Switch#debug rip redistribute route receive Switch#no debug rip redistribute route receive

33.7 default-information originate

Command:

default-information originate no default-information originate

Function:

Allow the network 0.0.0.0 to be redistributed into the RIP. The “no default-information originate” disable this function.

Default:

Disabled

Command Mode:

Router mode and address-family mode

Example:

Switch# config terminal Switch(config)# router rip Switch(config-router)# default-information originate

33.8 default-metric

Command:

default-metric no default-metric

Function:

Set the default metric value of the introduced route. The "no default-metric" command restores the default value to 1.

Parameter:

is the metric value to be set, ranging between 1\~16.

Default:

Default route metric value is 1.

Command Mode:

Router mode and address-family mode

Usage Guide:

default-metric command is used for setting the default route metric value of the routes from other routing protocols when distributed into the RIP routes. When using the redistribute commands for introducing routes from other protocols, the default route metric value specified by default-metric will be adopted if no specific route metric value is set.

Example:

Set the default route metric value to 3 for introducing routes from other routing protocols into the RIP routes. Switch(config-router)#default-metric 3

Relevant Commands:

Redistribute

33.9 distance

Command:

distance <number> [<A.B.C.D/M>] [<access-list-name / access-list-number>]
no distance [<A.B.C.D/M>]

Function:

Set the managing distance with this command. The “no distance []” command restores the default value to 120.

Parameter:

specifies the distance value, ranging between 1 to 255. specifies the network prefix and its length. specifies the access-list number or name applied.

Default:

The default managing distance of RIP is 120.

Command Mode:

Router mode and address-family mode

Usage Guide:

In case there are routes from two different routing protocols to the same destination, the managing distance is then used for selecting routes. The less the managing distance of the route protocol is, the more reliable will be the route acquired from the protocol.

Example:

Switch# config terminal Switch(config)# router rip Switch(config-router)# distance 8 10.0.0.0/8 mylist

33.10 distribute-list

Command:

distribute-list { |prefix} {in|out}[] no distribute-list { |prefix} {in|out}[]

Function:

This command uses access-list or prefix-list to filter the route update packets sent and received. The "no distribute-list { |prefix} {in|out} [] command cancels this route filter function.

Parameter:

is the name or access-list number to be applied. is the name of the prefix-list to be applied. specifies the name of interface to be applied with route filtering.

Default:

The function in default situation is disabled.

Command Mode:

Router mode and address-family mode

Usage Guide:

The filter will be applied to all the interfaces in case no specific interface is set.

Example:

Switch# config terminal
Switch(config)# router rip
Switch(config-router)# distribute-list prefix myfilter in vlan 1

33.11 exit-address-family

Command:

exit-address-family

Function:

Exit address-family mode

Command Mode:

address-family mode

Example:

Switch(config)# router rip
Switch(config-router)# address-family ipv4 vrf IPI
Switch(config-router-af)# exit-address-family
Switch(config-router)#

33.12 ip rip aggregate-address

Command: ip rip aggregate-address A.B.C.D/M no ip rip aggregate-address A.B.C.D/M Function: To configure RIP aggregation route. The no form of this command will delete this configuration. Parameter: A.B.C.D/M:IPv4 address and mask length. Command Mode: Router Mode or Interface Configuration Mode. Default: Disabled. Usage Guide: If to configure aggregation route under router mode, RIP protocol must be enabled. If configured under interface configuration mode, RIP protocol may not be enabled, but the aggregation router can operation after the RIP protocol be enabled on interface. Example: To configure aggregation route as 192.168.20.0/22 globally. Switch(config)#router rip Switch(config-router) #ip rip agg 192.168.20.0/22

33.13 ip rip authentication key-chain

Command: ip rip authentication key no ip rip authentication key-chain Function: Use this command to enable RIPv2 authentication on an interface and further configures the adopted key chain. The "no ip rip authentication key-chain" command cancels the authentication. Parameter: is the name of the adopted key chain. There may be spaces in the string. The input ends with an enter and the string should not be longer than 256 bytes. Command Mode: Interface Configuration Mode.

Usage Guide:

If the authentication is only configured without configuring the key chain or password used by the interface, the authentication does no effect. If mode has not been configured prior to configuring this command, the mode will be set to plaintext authentication. The "no ip rip authentication key" command will cancel the authentication which only cancels the authentication process when sending or receiving data packet other than set non authentication mode.

Example:

Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip authentication key my key Relevant Commands: key, key chain

33.14 ip rip authentication mode

Command:

ip rip authentication mode {text|md5} no ip rip authentication mode {ext|md5}

Function:

Configure the authentication mode; the "no ip rip authentication mode {ext|md5}" command restores to the default authentication mode namely text authentication mode.

Parameter:

text means text authentication; md5 means MD5 authentication.

Default:

Not configured authentication.

Command Mode:

Interface Configuration Mode.

Usage Guide:

RIP-I do not support authentication which the RIP-II supports two authentication modes: text authentication (i.e. Simple authentication) and data packet authentication (i.e. MD5 authentication). This command should be used associating the ip rip authentication key or ip rip authentication string. Independently configuration will not lead to authentication process.

Example:

Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip authentication mode md5 ip rip authentication key-chain, ip rip authentication string

33.15 ip rip authentication string

Command:

ip rip authentication string no ip rip authentication string

Function:

Set the password used in RIP authentication. The "no ip rip authentication string" cancels the authentication.

Parameter:

is the password used in authentication of which the length should be 1-16 characters with space available. The password should end with enter.

Command Mode:

Interface mode

Usage Guide:

The ip rip authentication key will not be able to be configured when this command is configured, key id value is required in MD5 authentication which is 1 when use this command. The mode will be set to plaintext authentication in case no mode configuration is available. The "no ip rip authentication string" command will cancel the authentication which only cancels the authentication process when sending or receiving data packet other than set non authentication mode. Input ip rip authentication string aaa aaa to set the password as aaa aaa which is 7 characters.

Example:

Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip authentication string guest ip rip authentication mode

33.16 ip rip authentication cisco-compatible

Command:

ip rip authentication cisco-compatible no ip rip authentication cisco-compatible

Function:

After configured this command, the cisco RIP packets will be receivable by configuring the plaintext authentication or MD5 authentication.

Default:

Not configured

Command Mode:

Interface mode

Usage Guide:

After authentication is configured on the cisco router, the RIP packets will exceeds the length of the defined standard length of the protocol once the number of route items is greater than 25. By configuring this command the over-lengthen RIP packets will be receivable other than denied.

Example:

Switch# config terminal
Switch(config)# interface vlan 1
Switch(Config-if-Vlan1)# ip rip authentication cisco-compatible
ip rip authentication mode

33.17 ip rip receive-packet

Command:

ip rip receive-packet no ip rip receive-packet

Function:

Set the interface to be able to receivable RIP packets; the "no ip rip receive-packet" command set the interface to be unable to receivable RIP packets.

Default:

Interface receives RIP packets.

Command Mode:

Interface Configuration Mode.

Example:

Switch# config terminal
Switch(config)# interface vlan 1
Switch(Config-if-Vlan1)# ip rip receive-packet
ip rip send-packet

33.18 ip rip receive version

Command:

ip rip receive version { 1 | 2|1 2 } no ip rip receive version

Function:

Set the version information of the RIP packets the interface receives. The default version is 2; the "no ip rip receive version" command restores the value set by using the version command.

Parameter:

1 and 2 respectively stands for RIP version 1 and RIP version 2, 1 2 stands for the RIP versions 1, 2.

Default:

Version 2

Command Mode:

Interface Configuration Mode.

Example:

Switch# config terminal
Switch(config)# interface vlan 1
Switch(Config-if-Vlan1)# ip rip receive version 1 2
Version

33.19 ip rip send-packet

Command:

ip rip send-packet
no ip rip send-packet

Function:

Set the Interface to be able to receive the RIP packets; the "no ip rip send-packet" set the interface to be unable to receive the RIP packets.

Default:

Interface sends RIP packets.

Command Mode:

Interface Configuration Mode.

Example:

Switch# config terminal
Switch(config)# interface vlan 1
Switch(Config-if-Vlan1)# ip rip send-packet
ip rip receive-packet

33.20 ip rip send version

Command:

ip rip send version { 1 | 2 | 1-compatible | 1 2} no ip rip send version

Function:

Set the version information of the RIP packets the interface receives. The default version is 2; the "no ip rip send version" command restores the value set by using the version command.

Parameter:

1 and 2 respectively stands for RIP version 1 and RIP version 2, 1 2 stands for the RIP versions 1, 2.

Default:

Version 2

Command Mode:

Interface Configuration Mode.

Example:

Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip send version 1 Version

33.21 ip rip split-horizon

Command:

ip rip split-horizon [poisoned] no ip rip split-horizon

Function:

Enable split horizon. The "no ip rip split-horizon" disables the split horizon.

Parameter:

[poisoned] means configure the split horizon with poison reverse.

Default:

Split Horizon with poison reverse by default.

Command Mode:

Interface Configuration Mode.

Usage Guide:

The split horizon is for preventing the Routing Loops, namely preventing the layer 3 switches from broadcasting the routes which is learnt from the same interface on which the route to be broadcasted.

Example:

Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip split-horizon poisoned

33.22 key

Command: key no key Function: This command is for managing and adding keys in the key chain. The "no key "command deletes one key. Parameter: is key ID, ranging between 0-2147483647. Command Mode: Keychain mode and keychain-key mode Usage Guide: The command permits entering the keychain-key mode and set the passwords corresponding to the keys. Example: 
Switch# config terminal
Switch(config)# key chain mychain
Switch(config-keychain)# key 1
Switch(config-keychain-key)#
Relevant Commands: key chain, key-string, accept-lifetime, send-lifetime

33.23 key chain

Command: key chain no key chain < name-of-chain > Function: This command is for entering a keychain manage mode and configure a keychain. The "no key chain < name-of-chain >" deletes one keychain. Parameter: is the name string of the keychain the length of which is not specifically limited. Command Mode: Global Mode Example: 
Switch# config terminal
Switch(config)# key chain mychain
Switch(config-keychain)#
Relevant Commands: key, key-string, accept-lifetime, send-lifetime

33.24 key-string

Command:

key-string <text>
no key-string <text>

Function:

Configure a password corresponding to a key. The "no key-string " command delete the corresponding password.

Parameter:

is a character string without length limit. However when referred by RIP authentication only the first 16 characters will be used.

Command Mode:

Keychain-key mode

Usage Guide:

This command is for configure different passwords for keys with different ID.

Example:

Switch# config terminal
Switch(config)# key chain mychain
Switch(config-keychain)# key 1
Switch(config-keychain-key)# key-string prime
key, key chain, accept-lifetime, send-lifetime

33.25 maximum-prefix

Command:

maximum-prefix [] no maximum-prefix

Function:

Configure the maximum number of RIP routes in the route table. The "no maximum-prefix" command cancels the limit.

Parameter:

the maximum number of RIP route, ranging between 1-65535; a warning is given when the number rate of current route exceeds ranging between 1-100, default at 75.

Command Mode:

router mode

Usage Guide:

The maximum RIP route only limits the number of routes learnt through RIP but not includes direct route or the RIP static route configured by the route command. The base on which the comparison is performed is the number of route marked R in the show ip route database, and also the number of RIP routes displayed in the show ip route statistics command.

Example:

Switch# config terminal Switch(config)# router rip Switch(config-router)# maximum-prefix 150

33.26 neighbor

Command:

neighbor no neighbor

Function:

Specify the destination address requires targeted-peer sending. The “no neighbor " command cancels the specified address and restores all gateways to trustable.

Parameter:

is the specified destination address for the sending, shown in dotted decimal notation.

Default:

Not sending to any targeted-peer destination address.

Command Mode:

Router mode

Usage Guide:

When used accompany with passive-interface command it can be configured to only sending routing messages to specific neighbor.

Example:

Switch# config terminal Switch(config)# router rip Switch(config-router)# neighbor 1.1.1.1 passive-interface

33.27 network

Command: network no network Function: Configure the RIP protocol network. Parameter: is the IP address prefix and its length in the network. is the name of a interface. Default: Not running RIP protocol Command Mode: Router mode and address-family mode Usage Guide: Use this command to configure the network for sending or receiving RIP update packets. If the network is not configured, all interfaces of the network will not be able to send or receive data packets. Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# network 10.0.0.0/8 Switch(config-router)# network vlan 1 Related Command: show ip rip, clear ip rip

33.28 offset-list

Command: offset-list {in|out} [] no offset-list {in|out} [] Function: Add an offset value to the metric value of the routes learnt by RIP. The "no offset-list {in|out} [] command disables this function.

Parameter:

is the access-list or name to be applied. is the added offset value, ranging between 0-16; is the specific interface name

Default:

Default offset value is the metric value defined by the system.

Command Mode:

Router mode and address-family mode

Example:

Switch# config terminal
Switch(config)# router rip
Switch(config-router)# offset-list 1 in 5 vlan 1
access-list

33.29 passive-interface

Command:

passive-interface <ifname>
no passive-interface <ifname>

Function:

Set the RIP layer 3 switch blocks RIP broadcast on specified interface, on which the RIP data packets will only be sent to layer 3 switches configured with neighbor.

Parameter:

is the name of specific interface.

Default:

Not configured

Command Mode:

Router mode

Example:

Switch# config terminal
Switch(config)# router rip
Switch(config-router)# passive-interface vlan 1
show ip rip

33.30 recv-buffer-size

Command: recv-buffer-size no recv-buffer-size Function: This command configures the size of UDP receiving buffer zone of RIP; the "no recv-buffer-size" command restores the system default. Parameter: is the buffer zone size in bytes, ranging between 8192-2147483647. Default: 8192 bytes. Command Mode: Router mode Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# recv-buffer-size 23456789

33.31 redistribute

Command: redistribute {kernel |connected| static| ospf [] | isis| bgp} [metric] [route-map] no redistribute {kernel |connected| static| ospf [] | isis| bgp} [metric] [route-map] Function: Introduce the routes learnt from other routing protocols into RIP. Parameter: kernel introduce from kernel routes; connected introduce from direct routes; static introduce from static routes; ospf introduce from OSPF routes. process-id is OSPF process ID, if there is no parameter that means the process by default, range between 1 to 65535; isis introduce from ISIS routes; bgp introduce from BGP routes; is the metric value assigned to the introduced route, ranging between 0 to 16; is the probe pointing to the route map for introducing routes.

Command Mode:

Router Mode and address-family Mode

Usage Guide:

Under the address-family mode, the parameter kernel and ISIS is unavailable.

Example:

Switch# config terminal Switch(config)# router rip Switch(config-router)# redistribute kernel route-map ipi To redistribute OSPFv2 routing information to RIP. Switch(config)# router rip Switch(config-router)# redistribute ospf 2

33.32 route

Command:

route no route

Function:

This command configures a static RIP route. The "no route " command deletes this route.

Parameter:

Specifies this destination IP address prefix and its length.

Command Mode:

Router mode

Usage Guide:

The command add a static RIP route, and is mainly used for debugging. Routes configured by this command will not appear in kernel route table but in the RIP route database.

Example:

Switch# config terminal Switch(config)# router rip Switch(config-router)# route 1.0.0.0/8

33.33 router rip

Command: router rip no router rip Function: Enable the RIP routing process and enter the RIP mode; the "no router rip" command closes the RIP routing protocol. Default: Not running RIP route. Command Mode: Global mode Usage Guide: This command is the switch for starting the RIP routing protocol which is required to be open before configuring other RIP protocol commands. Example: Enable the RIP protocol mode Switch(config)#router rip Switch(config-router)#

33.34 send-lifetime

Command: send-lifetime {| duration| infinite} no send-lifetime Function: Use this command to specify a key on the keychain as the time period of sending keys. The "no send-lifetime" cancels this configuration. Parameter: parameter specifies the starting time of the time period, which is: ={/} Specify the concrete valid time of accept-lifetime in hours, minutes and second Specifies the date of valid, ranging between 1 -31 month> Specifies the month of valid shown with the first three letters of the month, such as Jan Specifies the year of valid start, ranging between 1993 - 2035 
end-time> Specifies the due of the time period, of which the form should be:
end-time>={{hh:mm:ss><month><day><year>/<hh:mm:ss><day><month><year>}
<hh:mm:ss> Specify the concrete valid time of accept-lifetime in hours, minutes and second
<day> Specifies the date of valid, ranging between 1 -31
<month> Specifies the month of valid shown with the first three letters of the month, such as Jan
<year> Specifies the year of valid start, ranging between 1993 -2035
<seconds> is the valid period of the key in seconding and ranging between 1-2147483646
Default: No default configuration Command Mode: Keychain-key mode Example: The example below shows the send-lifetime configuration on the keychain named mychain for key 1. 
Switch# config terminal
Switch(config)# key chain mychain
Switch(config-keychain)# key 1
Switch(config-keychain-key)# send-lifetime 03:03:01 Dec 3 2004 04:04:02 Oct 6 2006
Related Command: key, key-string, key chain, accept-lifetime

33.35 show debugging rip

Command: show debugging rip Function: Show RIP event debugging, RIP packet debugging and RIP nsm debugging status. Command Mode: Admin and configuration mode Example: 
Switch# show debugging rip
RIP debugging status:
RIP event debugging is on
RIP packet detail debugging is on
RIP NSM debugging is on

33.36 show ip protocols rip

Command: show ip protocols rip Function: Show the RIP process parameter and statistics information. Command Mode: Admin and configuration mode Example:
show ip protocols rip
Routing Protocol is "rip"
Sending updates every 30 seconds with +/-50%, next due in 8 seconds
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interface is not set
Incoming update filter list for all interface is not set
Default redistribution metric is 1
Redistributing: static
Default version control: send version 2, receive version 2
InterfaceSendRecvKey-chain
Vlan122
Routing for Networks:
Vlan1
Vlan2
Routing Information Sources:
GatewayDistanceLast UpdateBad PacketsBad Routes
20.1.1.112000:00:3100
Distance: (default is 120)
Displayed informationExplanation
Sending updates every 30 seconds with +/-50%, next due in 8 secondsSending update every 30 secs
Timeout after 180 seconds, garbage collect after 120 secondsThe route time-out event period is 180 secs, the garbage collect time is 120 seconds
Outgoing update filter list for all interface is not setOutgoing update filter list for allinterface is not set
Incoming update filter list for all interface is not setIncoming update filter list for all interface is not set
Default redistribution metric is 1Default redistribution metric is 1
Redistributing: staticRedistributing the static route into the RIP route
Default version control: send version 2, receive version 2Interface Send Recv Key-chainEthernet0/0/8 2 2The configuration of interface receiving and sending packets.Receive version is 2, keychain 1 not configured.
Routing for Networks:Vlan1Vlan2The segment running RIP is the Vlan 1 and Vlan 2
Routing Information Sources:Gateway Distance Last Update Bad Packets Bad Routes20.1.1.1 120 00:00:31 0 0Routing information sourcesThe badpacketand bad routes from the gateway 20.1.1.1 are all 0.31 seconds have passed since the last route update. The manage distance is 120
Distance: (default is 120)Default manage distance is 120

33.37 show ip rip

Command: show ip rip Function: Show the routes in the RIP route data base. Command Mode: Admin mode Example: show ip rip Codes: R - RIP, K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP
NetworkNext HopMetric FromIf Time
R 12.1.1.0/2420.1.1.12 20.1.1.1Vlan1 02:51
R 20.1.1.0/241Vlan1
Amongst R stands for RIP route, namely a RIP route with the destination network address 12.1.1.0, the network prefix length as 24, next-hop address at 20.1.1.1. It is learnt from the Ethernet port E1/8 with a metric value of 2, and still has 2 minutes 51 seconds before time out.

33.38 show ip rip database

Command: show ip rip database Function: Show the routes in the RIP route database. Command Mode: Admin mode Example:
Switch# show ip rip databaseCodes: R - RIP, K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS,B –BGP
NetworkNext HopMetric FromIfTime
R 10.1.1.0/241Vlan1
R 20.1.1.0/241Vlan2
Command: show ip rip

33.39 show ip rip interface

Command: show ip rip interface [] Function: Show the RIP related messages. Parameter: is the name of the interface to show the messages. Command Mode: Admin mode Example:
Switch# show ip rip interface vlan 1
Vlan1 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:10.1.1.1/24

33.40 show ip rip aggregate

Command: show ip rip aggregate Function: To display the information of IPv4 aggregation route. Command Mode: Admin and Configuration Mode. Usage Guide: This command is used to display which interface the aggregation route be configured, Metric, Count, Suppress and so on. If configured under global mode, then the interface display “----”, “Metric” is metric. “Count” is the number of learned aggregation routes. “Suppress” is the times of aggregation. Example: To display the information of IPv4 aggregation route.
NetworkAggregated IfnameMetric Count Suppress
192.168.0.0/16Vlan1120
192.168.4.0/22----120
192.168.4.0/24----111
Vlan1111
Displayed informationExplanation
NetworkRoute prefix and prefix length.
Aggregated IfnameTo configure the interface name of the aggregation route. If the route aggregated globally, then display “----”.
MetricMetric of aggregation route.
CountThe number of learned aggregation route.
SuppressThe times of aggregated for aggregation route.

33.41 timers basic

Command:

timers basic no timers basic

Function:

Adjust the RIP timer update, timeout, and garbage collecting time. The "no timers basic" command restores each parameters to their default values.

Parameter:

<update> time interval of sending update packet, shown in seconds and ranging between 5-2147483647;
<invalid> time period after which the RIP route is advertised dead, shown in seconds and ranging between 5-2147483647;
<garbage> is the hold time in which the a route remains in the routing table after advertised dead, shown in seconds and ranging between 5-2147483647.

Default:

<update> defaulted at 30;
<invalid> defaulted at 180;
<garbage> defaulted at 120

Command Mode:

Router mode

Usage Guide:

The system is defaulted broadcasting RIPng update packets every 30 seconds; and the route is considered invalid after 180 seconds but still exists for another 120 seconds before it is deleted from the routing table.

Example:

Set the RIP update time to 20 seconds and the timeout period to 80 second, the garbage collecting time to 60 seconds. Switch(Config-Router)#timers basic 20 80 60

33.42 version

Command:

version {1| 2} no version

Function:

Configure the version of all RIP data packets sent/received by router interfaces: the "no version" restores the default configuration.

Parameter:

1 is version 1 rip; 2 is version 2 rip.

Default:

Sent and received data packet is version 2 by default.

Command Mode:

Router mode and address-family mode

Usage Guide:

1. refers to that each interface of the layer 3 switch only sends/receives the RIP-I data packets. 2. refers to that each interface of the layer 3 switch only sends/receives the RIP-II data packets. The RIP-II data packet is the default version.

Example:

Configure the version of all RIP data packets sent/received by router interfaces to version 2. Switch(config-router)#version 2 ip rip receive version ip rip send version

Chapter 34 Commands for RIPng

34.1 clear ipv6 route

Command:

clear ipv6 rip route {| kernel |static | connected |rip |ospf |isis | bgp |all }

Function:

Clear specific route from the RIPng route table.

Parameter:

Clears the route exactly match with the destination address from the RIP route table. is the destination address shown in hex notation with prefix length. kernel delete kernel route from the RIPng route table static delete static route from the RIPng route table connected delete direct route from the RIPng route table rip delete RIPng route from the RIPng route table only ospf delete IPv6 OSPF route from the RIPng route table only bgp delete IPv6 BGP route from the RIPng route table only ISIS delete ivp6 isis route from the RIPng route table only all delete all routes from the RIPng route table

Default:

No default configuration

Command Mode:

Admin mode

Usage Guide:

All routes in the RIPng route table will be deleted by using this command with all parameters.

Example:

Switch#clear ipv6 rip route 2001:1:1::/64 Switch#clear ipv6 rip route ospf

34.2 default-information originate

Command:

default-information originate no default-information originate

Function:

Permit redistributing the network 0:: into RIPng. The “no default-information originate” disables this function.

Default:

Disabled

Command Mode:

Router mode

Example:

Switch#config terminal Switch(config)#router ipv6 rip Switch(config-router)#default-information originate

34.3 default-metric

Command:

default-metric no default-metric

Function:

Set the default metric route value of the introduced route; the "no default-metric" restores the default value.

Parameter:

is the route metric value to be set, ranging between 1\~16.

Default:

Default route metric value is 1.

Command Mode:

Router mode

Usage Guide:

default-metric command is used for setting the default route metric value of the routes from other routing protocols when distributed into the RIPng routes. When using the redistribute commands for introducing routes from other protocols, the default route metric value specified by default-metric will be adopted if no specific route metric value is set.

Example:

Set the default route metric value of the routes from other routing protocols when distributed into the RIPng routes as 3. Switch(config-router)#default-metric 3 redistribute

34.4 distance

Command:

distance <number> [<ipv6-address>] [<access-list-name / access-list-number>] no distance [<ipv6-address>]

Function:

Set the managing distance with this command. The “no distance []” command restores the default value to 120.

Parameter:

<number> specifies the distance value, ranging between 1-255.
<ipv6-address> is the local link address or its prefix.
<access-list-name/access-list-number> specifies the access-list number or name applied.

Default:

The default managing distance of RIP is 120.

Command Mode:

Router mode and address-family mode.

Usage Guide:

In case there are routes from two different routing protocols to the same destination, the managing distance is then used for selecting routes. The less the managing distance of the route protocol is, the more reliable will be the route acquired from the protocol.

Example:

Switch#config terminal
Switch(config)#router rip
Switch(config-router)#distance 8 fe80:1111::4200:21ff:fe00:11 mylist

34.5 distribute-list

Command:

distribute-list {access-list-name> |prefix<prefix-list-name>} {in|out} [<ifname>|vlan <vlan-id>]
no distribute-list {access-list-name> |prefix<prefix-list-name>} {in|out} [<ifname>|vlan <vlan-id>]

Function:

This command uses access-list or prefix-list to filter the route renews messages sent and received. The “no distribute-list {access-list-name> |prefix<prefix-list-name>} {in|out} [<ifname>|vlan <vlan-id>]” command cancels this filter function.

Parameter:

<access-list-name> is the name or access-list number to be applied.
<prefix-list-name> is the name of the prefix-list to be applied.
<ifname> specifies the name of interface to be applied with route filtering.

Default:

Function disabled by RIPng by default.

Command Mode:

Router mode

Usage Guide:

The filter will be applied to all interfaces if no specific interface is set.

Example:

Switch#config terminal
Switch(config)#router ipv6 rip
Switch(config-router)#distribute-list prefix myfilter in Vlan1

34.6 debug ipv6 rip

Command:

debug ipv6 rip [events| nsm| packet [recv|send][detail]| all] no debug ipv6 rip [events| nsm| packet [recv|send][detail]| all]

Function:

For opening various debugging switches of RIPng, showing various debugging messages. The "no debug ipv6 rip [events| nsm| packet [recv|send][detail]| all]" command close the corresponding debugging switch.

Parameter:

events shows the debugging message of RIPng events nsm shows the communication messages between RIPng and NSM. packet shows the debugging messages of RIPng data packets recv shows the messages of the received data packets send shows the messages of the sent data packets detail shows the messages of the data packets received or sent.

Default:

Not enabled

Command Mode:

Admin mode

Example:

Switch#debug ipv6 rip packet
Switch#1970/01/01 21:15:08 IMI: SEND[Ethernet1/0/10]: Send to [ff02::9]:521
1970/01/01 21:15:08 IMI: SEND[Ethernet1/0/2]: Send to [ff02::9]:521
1970/01/01 21:15:09 IMI: RECV[Ethernet1/0/10]: Receive from [fe80::20b:46ff:fe57:8e60]:521
1970/01/01 21:15:09 IMI: RECV[Ethernet1/0/10]: 3000:1:1::/64 is filtered by access-list dclist
1970/01/01 21:15:09 IMI: RECV[Ethernet1/0/10]: 3ffe:1:1::/64 is filtered by access-list dclist
1970/01/01 21:15:15 IMI: RECV[Ethernet1/0/2]: Receive from [fe80::203:fff:fe01:257c]:521

34.7 debug ipv6 rip redistribute message send

Command:

debug ipv6 rip redistribute message send no debug ipv6 rip redistribute message send

Function:

To enable the debugging of sending messages for routing redistribution messages from OSPFv3 or other external process for RIPng. The no form of this command will disable the debugging messages.

Default:

Close the debug by default.

Command Mode:

Admin Mode.

Example:

Switch# debug ipv6 rip redistribute message send Switch# no debug ipv6 rip redistribute message send

34.8 debug ipv6 rip redistribute route receive

Command:

debug ipv6 rip redistribute route receive no debug ipv6 rip redistribute route receive

Function:

To enable the debugging switch received from NSM for redistribution of routing information for RIPng. The no form of this command will disable the debugging switch.

Default:

Close the debug by default.

Command Mode:

Admin Mode.

Example:

Switch#debug ipv6 rip redistribute route receive Switch# no debug ipv6 rip redistribute route receive

34.9 ipv6 rip aggregate-address

Command: ipv6 rip aggregate-address X:X::X:X/M no ipv6 rip aggregate-address X:X::X:X/M Function: To configure IPv6 aggregation route. The no form of this command deletes the IPv6 aggregation route. Parameter: X:X::X:X/M: IPv6 address and prefix length. Command Mode: Router Mode or Interface Configuration Mode. Default: No aggregation route configured. Usage Guide: If to configure aggregation route under router mode, RIPng protocol must be enabled. If configured under interface configuration mode, RIPng protocol may not be enabled, but the aggregation route can operation after the RIPng protocol be enabled on interface. Example: To configure aggregation route as 2001:3f:ed8::99/64 globally. Switch(config)#router rip Switch(config-router) #ipv6 rip agg 2001:3f:ed8::99/64

34.10 ipv6 rip split-horizon

Command: ipv6 rip split-horizon [poisoned] no ipv6 rip split-horizon Function: Permit the split horizon. The "no ipv6 rip split-horizon" disables the split horizon. Parameter: [poisoned] configures split horizon with poison reverse. Default: Split horizon with poison reverse.

Command Mode:

Interface Configuration Mode.

Usage Guide:

The split horizon is for preventing the routing loops, namely preventing the layer 3 switch from broadcasting a route at the interface from which the very route is learnt. The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully.

Example:

Switch#config terminal Switch(config)#interface Vlan1 Switch(config-if-Vlan1)#ipv6 rip split-horizon poisoned

34.11 ipv6 router rip

Command:

ipv6 router rip no ipv6 router rip

Function:

Enable RIPng on the interface. The "no ipv6 router rip" command disables RIPng on the interface.

Default:

Not configured

Command Mode:

Interface Configuration Mode.

Usage Guide:

The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully.

Example:

Switch#config terminal Switch(config)#interface Vlan1 Switch(Config-if-Vlan1)#ipv6 router rip

34.12 neighbor

Command:

neighbor <ipv6-address> {<ifname> vlan <vlan-id>}
no neighbor <ipv6-address> {<ifname> vlan <vlan-id>}

Function:

Specify the destination address for fixed sending. The "no neighbor <ipv6-address> <iframe> vlan <vlan-id> "cancels the specified address defined and restores all trusted gateways.

Parameter:

<ipv6-address> is the IPv6 Link-local address specified for sending and shown in colon hex notation without the prefix length. <ifname> is the name of interface.

Default:

Not sending to any fixed destination address.

Command Mode:

Router mode

Usage Guide:

When used associating passive-interface command it would be able to send routing messages to specified neighbor only.

Example:

Switch#config terminal
Switch(config)#router ipv6 rip
Switch(config-router)#neighbor FE80:506::2 Vlan1 

passive-interface

34.13 offset-list

Command: 
offset-list <access-list-number|access-list-name> {in|out} <number>[<ifname>|vlan <vlan-id>]
no offset-list <access-list-number|access-list-name> {in|out}<number>[<ifname>|vlan <vlan-id>]
Function: 
Add an offset value on the routing metric value learnt by RIPng. The "no offset-list <access-list-number|access-list-name> {in|out}<number >[<ifname>|vlan <vlan-id>] command disables this function.
Parameter: 
<access-list-number /access-list-name> is the access-list or name to be applied.
<number> is the additional offset value, ranging between 0-16;
<ifname> is the name of specific interface.
Default: 
The default offset value is the metric value of the interface defined by the system.
Command Mode: 
Router mode
Example: 
Switch#config terminal
Switch(config)#router ipv6 rip
Switch(config-router)#offset-list 1 in 5 Vlan1
Related Command: 
access-list

34.14 passive-interface

Command: 
passive-interface<ifname>/vlan <vlan-id>
no passive-interface<ifname>/vlan <vlan-id>
Function: Set the RIPng layers 3 switches to block RIPng broadcast on the specified interfaces, and only send the RIPng data packet to the layer 3 switch which is configured with neighbor. Parameter: is the specific interface name. Default: Not configured Command Mode: Router mode Example: 
Switch#config terminal
Switch(config)#router ipv6 rip
Switch(config-router)#passive-interface Vlan1
Related Command: show ipv6 rip

34.15 redistribute

Command: 
redistribute {kernel |connected| static| ospf| isis| bgp} [metric<value>] [route-map<word>]
no redistribute {kernel |connected| static| ospf| isis| bgp} [metric<value>] [route-map<word>]
Function: Introduce the routes learnt from other routing protocols into RIPng. Parameter: 
kernel introduce from kernel routes
connected introduce from direct routes
static introduce from static routes
ospf introduce from IPv6 OSPF routes
isis introduce from IPv6 ISIS routes
bgp introduce from IPv6 BGP routes
is the metric value assigned to the introduced route, ranging between 0-16 is the probe poining to the route map for introducing routes

Command Mode:

Router mode

Example:

Switch#config terminal Switch(config)#router ipv6 rip Switch(config-router)#redistribute kernel route-map ip

34.16 redistribute ospf

Command:

redistribute ospf [] [metric] [route-map] no redistribute ospf []

Function:

To redistribute routing information from external OSPFv3 processes to RIPng process. The no form of this command will remove the introduced OSPFv3 routing entries.

Parameters:

process-tag is the string tag for OSPFv3 process with maximum length limited within 15 characters. If not specified, the default process will be used. metric is the metric for the introduced routing entries, limited between 0 and 16. route-map is the pointer to the introduced routing map.

Default:

Not redistributed by default.

Command Mode:

RIPng Configuration Mode.

Example:

To redistribute OSPFv3 ABC routing ro RIPng. Switch(config)#router ipv6 rip Switch (config-router)#redistribute ospf abc

34.17 route

Command:

route no route

Function:

This command configures a static RIPng route. The "no route " command deletes this route.

Parameter:

Specifies this destination IPv6 address prefix and its length show in colon hex notation.

Usage Guide:

The command adds a static RIPng route, and is mainly used for debugging. Routes configured by this command will not appear in kernel route table but in the RIPng route database, however it could be located by using the show ipv6 rip command.

Command Mode:

Router mode

Example:

Switch#config terminal
Switch(config)#router ipv6 rip
Switch(config-router)#route 3ffe:1234:5678::1/64

34.18 router ipv6 rip

Command:

router ipv6 rip
no router ipv6 rip

Function:

Enable RIPng routing process and entering RIPng mode; the "no router ipv6 rip" of this command disables the RIPng routing protocol.

Default:

RIPng routing not running.

Command Mode:

Global mode

Usage Guide:

This command is for enabling the RIPng routing protocol, this command should be enabled before performing other global configuration of the RIPng protocol.

Example:

Enable the RIPng protocol mode. Switch(config)#router ipv6 rip

34.19 show debugging ipv6 rip

Command: show debugging ipv6 rip Function: Show RIPng debugging status for following debugging options: nsm debugging, RIPng event debugging, RIPng packet debugging and RIPng nsm debugging. Command Mode: Admin mode Example: 
Switch#show debugging ipv6 rip
RIPng debugging status:
RIPng event debugging is on
RIPng packet detail debugging is on
RIPng NSM debugging is on

34.20 show ipv6 rip interface

Command: show ipv6 rip interface Function: Make sure the interface and line protocols is up. Command Mode: Admin mode Example: 
Switch(config)#show ipv6 rip interface
Loopback is up, line protocol is up
RIPng is not enabled on this interface
Vlan1 is up, line protocol is up
Routing Protocol: RIPng
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IPv6 interface address:
3000:1:1::1/64
fe80::203:fff:fe0c:cda/64
Displayed informationExplanations
Vlan1 is up, line protocol is upInterface is Up
Routing Protocol: RIPThe routing protocol running on the interface is RIPng
Passive interface: DisabledPassive-interface disabled
Split horizon: Enabled with Poisoned ReversedThe split horizon is enabled with poisoned reversed on the interface.
IP interface address:3000:1:1::1/64fe80::203:fff:fe01:429e/64IPv6 address of the interface

34.21 show ipv6 rip redistribute

Command: show ipv6 rip redistribute Function: Show the configuration information of redistributed other out routing to RIPng. Default: Not shown by default. Command Mode: Admin Mode and Configuration Mode. Example: Switch#show ipv6 rip redistribute

34.22 show ipv6 protocols rip

Command: show ipv6 protocols rip Function: Show the RIPng process parameters and statistic messages. Command Mode: Admin mode Example:
Switch(config)#show ipv6 protocols rip
Routing Protocol is "RIPng"
Sending updates every 30 seconds with +/-50%, next due in 1 second
Timeout after 180 seconds, garbage collect after 120 seconds
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Ethernet1/10 filtered by dclist
Default redistribute metric is 1
Redistributing: static
Interface
Vlan10
Vlan2
Routing for Networks:
Displayed informationExplanations
Sending updates every 30 seconds with +/-50%, next due in 1 secondsSending updates every 30 seconds
Timeout after 180 seconds, garbage collect after 120 secondsThe route timeout time is 180 seconds, the garbage collect time is 120 seconds
Outgoing update filter list for all interface is not setOutgoing update filter list for all interface is not set
Incoming update filter list for all interface is not setIncoming update filter list for all interface is not set
Default redistribution metric is 1Default redistribution metric is 1
Redistributing: staticRedistricting the static route into the RIP routes
InterfaceVlan10Vlan2The interfaces running RIP is Vlan 10 and Vlan 2

34.23 show ipv6 rip

Command: show ipv6 rip Function: Show RIPng Routing. Command Mode: Admin mode Example: Switch#show ipv6 rip Codes: R - RIP, K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP, a - aggregate, s - suppressed
NetworkNext HopIfMetTagTime
2000:1:1::/64::Vlan210
2001:1:1::/64fe80::203:fff:fe01:257cVlan22002:40
3000:1:1::/64::Vlan1010
3010:1:1::/64::--10
Amongst R stands for RIP route, namely a RIP route with the destination network address 2001:1:1::/64, next-hop address at fe80::203:fff:fe01:257c. It is learnt from the Ethernet port VLAN2 with a metric value of 2, and still has 2 minutes 40 seconds before time out. Equal Command: show ipv6 rip database

34.24 show ipv6 rip database

Command: show ipv6 rip database Function: Show messages related to RIPng database. Command Mode: Admin mode Example: Switch#show ipv6 rip database Equal Command: show ipv6 rip

34.25 show ipv6 rip aggregate

Command: show ipv6 rip aggregate Function: To display the information of IPv6 aggregation route. Command Mode: Admin and Configuration Mode. Usage Guide: This command is used to display which interface the aggregation route be configured, Metric, Count, Suppress and so on, if configured under global mode, then the interface display “----”. “Metric” is metric. “Count” is the number of learned aggregation routes. “Suppress” is the times of aggregation. Example: To display the information of IPv6 aggregation route. Switch(config-router)#show ipv rip agg Aggregate information of ripng
NetworkAggregated IfnameMetric Count Suppress
2001::/16Vlan1120
2001:1::/32----120
2001:1:2::/60Vlan1111
----111
Displayed informationExplanation
NetworkRoute prefix and prefix length.
AggregatedTo configure the interface name of the aggregation route. If the route aggregated globally, then display “---”.
Ifname
MetricMetric of aggregation route.
CountThe number of learned aggregation routes.
SuppressThe times of aggregated for aggregation route.

34.26 show ipv6 rip redistribute

Command: show ipv6 rip redistribute Function: Show the configuration information of redistributed other out routing to RIPng. Default: Not shown by default. Command Mode: Admin Mode and Configuration Mode. Example: Switch#show ipv6 rip redistribute

34.27 timers basic

Command: timers basic no timers basic Function: Adjust the RIP timer update, timeout, and garbage collecting time. The "no timers basic" command restores each parameters to their default values. Parameter: time interval of sending update packet, shown in seconds and ranging between 5-2147483647; time period after which the RIP route is advertised dead, shown in seconds and ranging between 5-2147483647; is the hold time in which the a route remains in the routing table after advertised dead, shown in seconds and ranging between 5-2147483647. Default: defaulted at 30; defaulted at 180; defaulted at120 Command Mode: Router mode Usage Guide: The system is defaulted broadcasting RIPng update packets every 30 seconds; and the route is considered invalid after 180 seconds but still exists for another 120 seconds before it is deleted from the routing table. Example: Set the RIP update time to 20 seconds and the timeout period to 80 second, the garbage collecting time to 60 seconds. Switch(Config-Router)#timers basic 20 80 60

Chapter 35 Commands for OSPF

35.1 area authentication

Command: area authentication [message-digest] no area authentication Function: Configure the authentication mode of the OSPF area; the "no area authentication" command restores the default value. Parameter: is the area number which could be shown in digit, ranging between 0 to 4294967295, or in IP address. message-digest is proved by MD5 authentication, or be proved by simple plaintext authentication if not choose this parameter. Default: No authentication. Command Mode: OSPF protocol mode Usage Guide: Set the authentication mode to plaintext authentication or MD5 authentication. The authentication mode is also configurable under interface mode of which the priority is higher than those in the area. It is required to use ip ospf authentication-key to set the password while no authentication mode configured at the interface and the area is plaintext authentication, and use ip ospf message-digest key command to configure MD5 key if is MD5 authentication. The area authentication mode could not affect the authentication mode of the interface in this area. Example: Set the authentication mode in area 0 to MD5. Switch(config-router)#area 0 authentication message-digest

35.2 area default-cost

Command: 
area <id> default-cost <cost> 

no area <id> default-cost
Function: Configure the cost of sending to the default summary route in stub or NSSA area; the "no area default-cost" command restores the default value. Parameter: is the area number which could be shown as digits 0\~4294967295, or as an IP address; ranges between <0-16777215>. Default: Default OSPF cost is 1. Command Mode: OSPF protocol mode Usage Guide: The command is only adaptive to the ABR router connected to the stub area or NSSA area. Example: Set the default-cost of area 1 to 10. Switch(config-router)#area 1 default-cost 10

35.3 area filter-list

Command: area filter-list {access|prefix} {in|out} no area filter-list {access|prefix} {in|out} Function: Configure the filter broadcasting summary routing on the ABR; the "no area filter-list {access|prefix} {in|out}" command restores the default value. Parameter: is the area number which could be shown in digits ranging between 0\~4294967295, or as an IP address; access-list is appointed for use in access, so is prefix-list for prefix; is the name of the filter, the length of which is between 1-256; in means from other areas to this area, out means from this area to other areas. Default: No filter configured. Command Mode: OSPF protocol mode

Usage Guide:

This command is used for restraining routes from specific area from spreading between this area and other areas.

Example:

Set a filter on the area 1. Switch(config)#access-list 1 deny 172.22.0.0 0.0.0.255 Switch(config)#access-list 1 permit any Switch(config)#router ospf 100 Switch(config-router)#area 1 filter-list access 1 in

35.4 area nssa

Command:

area nssa [TRANSLATOR| no-redistribution |DEFAULT-ORIGINATE | no-summary] no area nssa [TRANSLATOR| no-redistribution | DEFAULT-ORIGINATE | no-summary]

Function:

Set the area to Not-So-Stubby-Area (NSSA) area.

Parameter:

is the area number which could be digits ranging between 0~4294967295, and also as an IP address. TRANLATOR = translator-role {candidate|never|always}, specifies the LSA translation mode for routes: candidate means if the router is elected translator, Type 7 LSA can be translated to Type-5 LSA, the default is candidate. never means the router will never translate Type 7 LSA to Type 5 LSA. always means the route always translate Type 7 LSA to Type 5 LSA. no-redistribution means never distribute external-LSA to NSSA. DEFAULT-ORIGINATE=default-information-originate [metric <0-16777214>] [metric-type <1-2>], generate the Type-7 LSA. metric <0-16777214> specify the metric value. metric-type <1-2> specifies the metric value type of external-LSA, default value is 2. no-summary shows not injecting area route to the NSSA.

Default:

No NSSA area defined by default.

Command Mode:

OSPF protocol mode

Usage Guide:

The same area can not be both NSSA and stub at the same time.

Example:

Set area 3 to NSSA. Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#area 0.0.0.51 nssa Switch(config-router)#area 3 nssa default-information-originate metric 34 metric-type 2 translator-role candidate no-redistribution

35.5 area range

Command:

area <id> range <address> [advertise| not-advertise| substitute]
no area <id> range <address>

Function:

Aggregate OSPF route on the area border. The "no area <id> range <address>" cancels this function.

Parameter:

<id> is the area number which could be digits ranging between 0~4294967295, and also as an IP address.
<address>=<A.B.C.D/M> specifies the area network prefix and its length.
advertise: Advertise this area, which is the default.
not-advertise : Not advertise this area.
substitute= substitute <A.B.C.D/M>: advertise this area as another prefix.
<A.B.C.D/M>: Replace the network prefix to be advertised in this area.

Default:

Not set.

Command Mode:

OSPF protocol mode

Usage Guide:

Use this command to aggregate routes inside an area. If the network IDs in this area are not configured continuously, a summary route can be advertised by configuring this command on ABR. This route consists of all single networks belong to specific range.

Example:

Switch#config terminal
Switch(config)# router ospf 100
Switch(config-router)# area 1 range 192.16.0.0/24

35.6 area stub

Command:

area stub [no-summary] no area stub [no-summary]

Function:

Define a area to a stub area. The "no area stub [no-summary]" command cancels this function.

Parameter:

is the area number which could be digits ranging between 0\~4294967295, and also as an IP address. no-summary: The area border routes stop sending link summary announcement to the stub area.

Default:

Not defined.

Command Mode:

OSPF protocol mode

Usage Guide:

Configure area stub on all routes in the stub area. There are two configuration commands for the routers in the stub area: stub and default-cost. All routers connected to the stub area should be configured with area stub command. As for area border routers connected to the stub area, their introducing cost is defined with area default-cost command.

Example:

Switch # config terminal Switch (config)# router ospf 100 Switch (config-router)# area 1 stub area default-cost

Command:

area virtual-link A.B.C.D {AUTHENTICATION | AUTH\_KEY | INTERVAL} no area virtual-link A.B.C.D [AUTHENTICATION | AUTH\_KEY | INTERVAL]

Function:

Configure a logical link between two backbone areas physically divided by non-backbone area. The "no area virtual-link A.B.C.D [AUTHENTICATION | AUTH\_KEY | INTERVAL]" command removes this virtual-link.

Parameter:

is the area number which could be digits ranging between 0\~4294967295, and also as an IP address. AUTHENTICATION = authentication [message-digest[message-digest-key <1-255> md5 ] |null|AUTH\_KEY]. authentication : Enable authentication on this virtual link. message-digest: Authentication with MD-5. null : Overwrite password or packet summary with null authentication. AUTH\_KEY= authentication-key . : A password consists of less than 8 characters. INTERVAL= [dead-interval | hello-interval | message-digest-key<1-255>md5 | retransmit-interval | transmit-delay] . : The delay or interval seconds, ranging between 1\~65535. : A neighbor is considered offline for certain dead interval without its group messages which the default is 40 seconds. : The time interval before the router sends a hello group message, default is 10 seconds. : Authentication key with MD-5. : The time interval before a router retransmitting a group message, default is 5 seconds. : The time delay before a router sending a group messages, default is 1 second.

Command Mode:

OSPF protocol mode

Usage Guide:

In the OSPF all non-backbone areas will be connected to a backbone area. If the connection to the backbone area is lost, virtual link will repair this connection. You can configure virtual link between any two backbone area routers connected with the public non-backbone area. The protocol treat routers connected by virtual links as a point-to-point network.

Example:

Switch#config terminal Switch(config) #router ospf 100 Switch(config-router) #area 1 virtual-link 10.10.11.50 hello 5 dead 20

Relevant Commands:

area authentication, show ip ospf, show ip ospf virtual-links

35.8 auto-cost reference-bandwidth

Command: auto-cost reference-bandwidth no auto-cost reference-bandwidth Function: This command sets the way in which OSPF calculate the default metric value. The "no auto-cost reference-bandwidth" command only configures the cost to the interface by types. Parameter: reference bandwidth in Mbps, ranging between 1\~4294967. Default: Default bandwidth is 100Mbps. Command Mode: OSPF protocol mode Usage Guide: The interface metric value is acquired by divide the interface bandwidth with reference bandwidth. This command is mainly for differentiate high bandwidth links. If several high bandwidth links exist, their cost can be assorted by configuring a larger reference bandwidth value. Example: 
Switch#config terminal
Switch(config)#router ospf 100
Switch(config-router)#auto-cost reference-bandwidth 50
Relative Command: ip ospf cost

35.9 compatible rfc1583

Command: 
compatible rfc1583
no compatible rfc1583
Function: This command configures to rfc1583 compatible. The "no compatible rfc1583" command close the compatibility. Default: Rfc 2328 compatible by default. Command Mode: OSPF protocol mode Example: 
Switch#config terminal
Switch(config)#router ospf 100
Switch(config-router)#compatible rfc1583

35.10 clear ip ospf process

Command:

clear ip ospf [] process

Function:

Use this command to clear and restart OSPF routing processes. One certain OSPF process will be cleared by specifying the process ID, or else all OSPF processes will be cleared.

Default:

No default configuration.

Command Mode:

Admin mode

Example:

Switch#clear ip ospf process

35.11 debug ospf events

Command:

debug ospf events [abr|asbr|lsa|nssa|os|router|vlink] no debug ospf events [abr|asbr|Isa|nssa|os|router|vlink]

Function:

Open debugging switches showing various OSPF events messages; the "no debug ospf events [abr|asbr|lsa|nssa|os|router|vlink]" command closes the debugging switch.

Default:

Closed

Command Mode:

Admin and global mode

Example:

Switch#debug ospf events router

35.12 debug ospf ifsm

Command:

debug ospf ifsm [status|events|timers] no debug ospf ifsm [status|events|timers]

Function:

Open debugging switches showing the OSPF interface states; the "no debug ospf ifsm [status|events|timers]" command closes this debugging switches.

Default:

Closed

Command Mode:

Admin mode and global mode

Example:

Switch#debug ospf ifsm events

35.13 debug ospf Isa

Command:

debug ospf Isa [generate|flooding|install|maxage|refresh] no debug ospf Isa [generate|flooding|install|maxage|refresh]

Function:

Open debugging switches showing showing link state announcements; the "no debug ospf Isa [generate|flooding|install|maxage|refresh]" closes the debugging switches.

Default:

Closed

Command Mode:

Admin mode and global mode

Example:

Switch#debug ospf Isa generate

35.14 debug ospf nfsm

Command:

debug ospf nfsm [status|events|timers] no debug ospf nfsm [status|events|timers]

Function:

Open debugging switches showing OSPF neighbor state machine; the "no debug ospf nfsm [status|events|timers]" command closes this debugging switch.

Default:

Closed

Command Mode:

Admin mode and global mode

Example:

Switch#debug ospf nfsm events

35.15 debug ospf nsm

Command:

debug ospf nsm [interface|redistribute] no debug ospf nsm [interface|redistribute]

Function:

Open debugging switches showing OSPF NSM, the "no debug ospf nsm [interface|redistribute]" command closes this debugging switch.

Default:

Closed

Command Mode:

Admin mode and global mode

Example:

Switch#debug ospf nsm interface

35.16 debug ospf packet

Command:

debug ospf packet [dd | detail | hello | ls-ack | ls-request | ls-update | recv | detail] no debug ospf packet [dd | detail | hello | ls-ack | ls-request | ls-update | recv | detail]

Function:

Open debugging switches showing OSPF packet messages; the "no debug ospf packet [dd] detail | hello | ls-ack | ls-request | ls-update | recv | detail]” command closes this debugging switch.

Default:

Closed

Command Mode:

Admin mode and global mode

Example:

Switch#debug ospf packet hello

35.17 debug ospf route

Command:

debug ospf route [ase|ia|install|spf] no debug ospf route [ase|ia|install|spf]

Function:

Open debugging switches showing OSPF related routes; the "no debug ospf route [ase|ia|install|spf]" command closes this debugging switch.

Default:

Closed

Command Mode:

Admin mode and global mode

Example:

Switch#debug ospf route spf

35.18 debug ospf redistribute message send

Command:

debug ospf redistribute message send no debug ospf redistribute message send

Function:

To enable debugging of sending command from OSPF process redistributed to other OSPF process routing. The no form of command disables debugging of sending command from OSPF process redistributed to other OSPF process routing.

Default:

Disabled.

Command Mode:

Admin Mode.

Example:

To enable debugging of sending command from OSPF process redistributed to other OSPF process routing. Switch#debug ospf redistribute message send

35.19 debug ospf redistribute route receive

Command:

debug ospf redistribute route receive no debug ospf redistribute route receive

Function:

To enable/disable debugging switch of received routing message from NSM for OSPF process.

Parameter:

None.

Default:

Disabled.

Command Mode:

Admin Mode.

Usage Guide:

None.

Example:

To enable debugging switch of received routing message from NSM for OSPF process. Switch# debug ospf redistribute route receive

35.20 default-information originate

Command:

default-information originate [always | METRIC | METRICTYPE | ROUTEMAP] no default-information originate

Function:

This command create a default external route to OSPF route area; the "no default-information originate" closes this feature.

Parameter:

always: Whether default route exist in the software or not, the default route is always advertised. METRIC = metric : Set the metric value for creating default route, ranges between 0\~16777214, default metric value is 0. METRICTYPE = metric-type {1|2} set the OSPF external link type of default route. 1 Set the OSPF external type 1 metric value. 2 Set the OSPF external type 2 metric value. ROUTEMAP = route-map . specifies the route map name to be applied.

Default:

Default metric value is 10, default OSPF external link type is 2.

Command Mode:

OSPF protocol mode

Usage Guide:

When introducing route into OSPF route area with this command, the system will behaves like an ASBR.

Example:

Switch#config terminal
Switch(config)#router ospf 100
Switch(config-router)#default-information originate always metric 23 metric-type 2 route-map myinfo

Relevant Commands:

route-map

35.21 default-metric

Command: default-metric no default-metric Function: The command set the default metric value of OSPF routing protocol; the "no default-metric" returns to the default state. Parameter: , metric value, ranging between 0\~16777214. Default: Built-in, metric value auto translating. Command Mode: OSPF protocol mode Usage Guide: When the default metric value makes the metric value not compatible, the route introducing still goes through. If the metric value can not be translated, the default value provides alternative option to carry the route introducing on. This command will result in that all introduced route will use the same metric value. This command should be used associating redistribute. Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#default-metric 100

35.22 distance

Command: distance {|ROUTEPARAMETER} no distance ospf Function: Configure OSPF manage distance base on route type. The "no distance ospf" command restores the default value. Parameter: , OSPF routing manage distance, ranging between 1\~235 ROUTEPARAMETER= ospf {ROUTE1|ROUTE2|ROUTE3}. ROUTE1= external , Configure the distance learnt from other routing area. distance value, ranging between 1\~255. ROUTE2= inter-area , configure the distance value from one area to another area. manage distance value, ranging between 1\~255. ROUTE3= intra-area Configure all distance values in one area. Manage distance value, ranging between 1\~255.

Default:

Default distance value is 110.

Command Mode:

OSPF protocol mode

Usage Guide:

Manage distance shows the reliability of the routing message source. The distance value may range between 1\~255. The larger the manage distance value is, the lower is its reliability.

Example:

Switch#config terminal
Switch(config)#router ospf 100
Switch(config-router)#distance ospf inter-area 20 intra-area 10 external 40

35.23 distribute-list

Command:

distribute-list out {kernel |connected| static| rip| isis| bgp} no distribute-list out {kernel |connected| static| rip| isis| bgp}

Function:

Filter network in the routing update. The "no distribute-list out {kernel |connected| static| rip| isis| bgp}" command disables this function.

Parameter:

is the access-list name to be applied. out: Filter the sent route update. kernel Kernel route. connected Direct route. static Static route. rip RIP route. isis ISIS route. bgp BGP route.

Command Mode:

OSPF protocol mode

Usage Guide:

When distributing route from other routing protocols into the OSPF routing table, we can use this command.

Example:

Example below is the advertisement based on the access-list list 1 of the BGP route. Switch#config terminal Switch(config)#access-list I1 permit 172.10.0.0 0.0.255.255 Switch(config)#router ospf 100 Switch(config-router)#distribute-list 1 out bgp Switch(config-router)#redistribute bgp

35.24 filter-policy

Command:

filter-policy no filter-policy

Function:

Use access list to filter the route obtained by OSPF, the no command cancels the route filtering.

Parameter:

: Access list name will be applied, it can use numeric standard IP access list and naming standard IP access list to configure.

Default:

There is no default configuration.

Command Mode:

OSPF protocol mode

Usage Guide:

This command is used to filter the route obtained by OSPF. Do not filter any routes when the specified access list is not exist, for the routes which do not match permit rule of access list, they will be filtered. One access list can be set for this command, only the last configuration takes effect when configuring many times.

Example:

Use access list 1 to filter the routes which do not belong to 172.10.0.0/16 segment. Switch#config terminal Switch(config)#access-list 1 permit 172.10.0.0 0.0.255.255 Switch(config)#router ospf Switch(config-router)#filter-policy 1

35.25 host area

Command: 
host <host-address> area <area-id> [cost <cost>]
no host <host-address> area <area-id> [cost <cost>]
Function: 
Use this command to set a stub host entire belongs to certain area. The “[no] host <host-address> area <area-id> [cost <cost>]” command cancels this configuration.
Parameter: 
<host-address> is host IP address show in dotted decimal notation.
<area-id> area ID shown in dotted decimal notation or integer ranging between 0~4294967295.
<cost> specifies the entire cost, which is a integer ranging between 0~65535 and defaulted at 0.
Default: No entire set. Command Mode: OSPF protocol mode Usage Guide: With this command you can advertise certain specific host route out as stub link. Since the stub host belongs to special router in which setting host is not important. Example: 
Switch#config terminal
Switch(config)#router ospf 100
Switch(config-router)#host 172.16.10.100 area 1
Switch(config-router)#host 172.16.10.101 area 2 cost 10

35.26 ip ospf authentication

Command: 
ip ospf [<ip-address>] authentication [message-digest|null]
no ip ospf [<ip-address>] authentication
Function: Specify the authentication mode required in sending and receiving OSPF packets on the interfaces; the "no ip ospf [] authentication" command cancels the authentication.

Parameter:

is the interface IP address, shown in dotted decimal notation. message-digest: Use MD5 authentication. null: no authentication applied, which resets the password or MD5 authentication applied on the interface.

Default:

Authentication not required in receiving OSPF packets on the interface.

Command Mode:

Interface Configuration Mode.

Example:

Switch#config terminal
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip ospf authentication message-digest

35.27 ip ospf authentication-key

Command:

ip ospf [] authentication-key no ip ospf [] authentication

Function:

Specify the authentication key required in sending and receiving OSPF packet on the interface; the "no ip ospf [] authentication" cancels the authentication key.

Parameter:

<ip-address> is the interface IP address shown in dotted decimal notation;
<LINE> specifies the key required in the plaintext authentication.

Default:

Authentication not required in receiving OSPF packets on the interface.

Command Mode:

Interface Configuration Mode.

Example:

Switch#config terminal
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip ospf authentication-key password

35.28 ip ospf cost

Command: ip ospf [] cost no ip ospf [] cost Function: Specify the cost required in running OSPF protocol on the interface; the "no ip ospf [] cost" command restores the default value. Parameter: is the interface IP address shown in dotted decimal notation. is the cost of OSPF protocol ranging between 1\~65535. Default: Default OSPF cost on the interface is auto-figure out based bandwidth. Command Mode: Interface Configuration Mode. Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf cost 3

35.29 ip ospf database-filter

Command: ip ospf [] database-filter all out no ip ospf [] database-filter Function: The command opens LSA database filter switch on specific interface; the "no ip ospf [] database-filter" command closes the filter switch. Parameter: is the interface IP address shown in dotted decimal notation; all: All LSAs. out: Sent LSAs. Default: Filter switch Closed. Command Mode: Interface Configuration Mode. Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf database-filter all out

35.30 ip ospf dead-interval

Command:

ip ospf [<ip-address>] dead-interval <time>
no ip ospf [<ip-address>] dead-interval

Function:

Specify the dead interval for neighboring layer 3 switch; the "no ip ospf [] dead-interval" command restores the default value.

Parameter:

is the interface IP address shown in dotted decimal notation;
Table of contents Click a title to access it
Manual assistant
Powered by Anthropic
Waiting for your message
Product information

Brand : Planet

Model : SGS-6341-48T4X

Category : Switch