0% found this document useful (0 votes)

55 views385 pages

GS2210-48 3

Uploaded by

Phe0niX Bird

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

55 views385 pages

GS2210-48 3

Uploaded by

Phe0niX Bird

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 385

CLI Reference Guide

Ethernet Switch Series

Managed Ethernet Switches

Default Login Details Version 3.79~4.50 Edition 2, 12/2017

Out-of-Band http://192.168.0.1
MGMT Port
In-Band Ports http://DHCP-assigned IP
or
http://192.168.1.1
User Name admin
Password 1234

Copyright © 2017 Zyxel Communications Corporation

IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.

This is a Reference Guide for a series of products intended for people who want to configure the Switch
via Command Line Interface (CLI).

Note: Some commands or command options in this guide may not be available in your
product. See your product's User’s Guide for a list of supported features. Every effort has
been made to ensure that the information in this guide is accurate.

How To Use This Guide

1 Read Chapter 1 on page 10 for how to access and use the CLI (Command Line Interface).

2 Read Chapter 2 on page 13 to learn about the CLI user and privilege modes.

Do not use commands not documented in this guide.

Related Documentation
• Quick Start Guide
The Quick Start Guide shows how to connect the Switch and access the Web Configurator.
• User’s Guide
The User’s Guide explains how to use the Web Configurator to configure the Switch.

Note: It is recommended you use the Web Configurator to configure the Switch.
About This CLI Reference Guide

About This CLI Reference Guide

Intended Audience
This manual is intended for people who want to configure Zyxel Switches via Command Line Interface
(CLI).

The version number on the cover page refers to the latest firmware version supported by the Zyxel
Switches. This guide applies to version 3.79, 3.80, 3.90, 4.00, 4.10, 4.20, 4.30, 4.40 and 4.50 at the time of
writing.

Note: This guide is intended as a command reference for a series of products. Therefore many
commands in this guide may not be available in your product. See your User’s Guide
for a list of supported features and details about feature implementation.

Please refer to www.zyxel.com for product specific User Guides and product certifications.

How To Use This Guide

• Read the How to Access the CLI chapter for an overview of various ways you can get to the
command interface on your Switch.
• Use the Reference section in this guide for command syntax, description and examples. Each chapter
describes commands related to a feature.
• To find specific information in this guide, use the Contents Overview, the Index of Commands, or
search the PDF file. E-mail [email protected] if you cannot find the information you require.

Ethernet Switch CLI Reference Guide

3
Document Conventions

Document Conventions

Warnings and Notes

These are how warnings and notes are shown in this CLI Reference Guide.

Warnings tell you about things that could harm you or your device. See
your User’s Guide for product specific warnings.

Note: Notes tell you other important information (for example, other things you may need to
configure or helpful tips) or recommendations.

Syntax Conventions
This manual follows these general conventions:

• Zyxel’s switches may be referred to as the “Switch”, the “device”, the “system” or the “product” in this
Reference Guide.
• Units of measurement may denote the “metric” value or the “scientific” value. For example, “k” for
kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on.

Command descriptions follow these conventions:

• Commands are in courier new font.

• Required input values are in angle brackets <>; for example, ping <ip> means that you must
specify an IP address for this command.
• Optional fields are in square brackets []; for instance show logins [name], the name field is optional.
The following is an example of a required field within an optional field: snmp-server [contact
<system contact>], the contact field is optional. However, if you use contact, then you must
provide the system contact information.
• Lists (such as <port-list>) consist of one or more elements separated by commas. Each element
might be a single value (1, 2, 3, ...) or a range of values (1-2, 3-5, ...) separated by a dash.
• The | (bar) symbol means “or”.
• italic terms represent user-defined input values; for example, in snmp-server [contact <system
contact>], system contact can be replaced by the administrator’s name.
• A key stroke is denoted by square brackets and uppercase text, for example, [ENTER] means the
“Enter” or “Return” key on your keyboard.
• <cr> means press the [ENTER] key.
• An arrow (-->) indicates that this line is a continuation of the previous line.

Command summary tables are organized as follows:

Table 1 Example: Command Summary Table

COMMAND DESCRIPTION M P
show vlan Displays the status of all VLANs. E 3

vlan <1-4094> Enters config-vlan mode for the specified VLAN. Creates C 13
the VLAN, if necessary.

Ethernet Switch CLI Reference Guide

4
Document Conventions

Table 1 Example: Command Summary Table (continued)

COMMAND DESCRIPTION M P
inactive Disables the specified VLAN. C 13

no inactive Enables the specified VLAN. C 13

no vlan <1-4094> Deletes a VLAN. C 13

The Table title identifies commands or the specific feature that the commands configure.

The COMMAND column shows the syntax of the command.

• If a command is not indented, you run it in the enable or config mode. See Chapter 2 on page 13 for
more information on command modes.
• If a command is indented, you run it in a sub-command mode.

The DESCRIPTION column explains what the command does. It also identifies legal input values, if
necessary.

The M column identifies the mode in which you run the command.

• E: The command is available in enable mode. It is also available in user mode if the privilege level (P)
is less than 13.
• C: The command is available in config (not indented) or one of the sub-command modes (indented).

The P column identifies the privilege level of the command. If you don’t have a high enough privilege
level you may not be able to view or execute some of the commands. See Chapter 2 on page 13 for
more information on privilege levels.

Ethernet Switch CLI Reference Guide

5
Contents Overview

Contents Overview

Introduction .........................................................................................................................................9

How to Access and Use the CLI .......................................................................................................... 10

Privilege Level and Command Mode ................................................................................................ 13
Initial Setup ............................................................................................................................................ 18

Reference A-G ..................................................................................................................................25

AAA Commands .................................................................................................................................. 27

Anti-Arpscan ......................................................................................................................................... 30
ARP Commands ................................................................................................................................... 32
ARP Inspection Commands ................................................................................................................ 34
ARP Learning Commands ................................................................................................................... 39
Auto Configuration Commands ......................................................................................................... 40
Bandwidth Commands ........................................................................................................................ 42
BPDU Guard .......................................................................................................................................... 45
Broadcast Storm Commands .............................................................................................................. 46
CFM Commands .................................................................................................................................. 49
Classifier Commands ........................................................................................................................... 58
Cluster Commands .............................................................................................................................. 62
CLV Commands ................................................................................................................................... 65
Custom Default Commands ............................................................................................................... 71
Date and Time Commands ................................................................................................................. 72
Data Center Bridging Commands ..................................................................................................... 75
DHCP Commands ................................................................................................................................ 83
DHCP Snooping & DHCP VLAN Commands ..................................................................................... 88
DiffServ Commands ............................................................................................................................. 91
Display Commands .............................................................................................................................. 92
DVMRP Commands .............................................................................................................................. 93
Error Disable and Recovery Commands ........................................................................................... 95
Ethernet OAM Commands .................................................................................................................. 99
External Alarm Commands ............................................................................................................... 104
GARP Commands .............................................................................................................................. 106
Green Ethernet Commands .............................................................................................................. 108
GVRP Commands .............................................................................................................................. 112

Reference H-M ................................................................................................................................113

HTTPS Server Commands ................................................................................................................... 115

IEEE 802.1x Authentication Commands ........................................................................................... 118
IGMP and Multicasting Commands ................................................................................................. 121

Ethernet Switch CLI Reference Guide

6
Contents Overview

IGMP Snooping Commands ............................................................................................................. 123

IGMP Filtering Commands ................................................................................................................. 130
Interface Commands ........................................................................................................................ 132
Interface Loopback Mode ................................................................................................................ 137
Interface Route-domain Mode ........................................................................................................ 139
IP Commands ..................................................................................................................................... 140
IP Source Binding Commands .......................................................................................................... 145
IPv6 Commands ................................................................................................................................. 147
Layer 2 Protocol Tunnel (L2PT) Commands ..................................................................................... 173
Link Layer Discovery Protocol (LLDP) Commands .......................................................................... 176
Load Sharing Commands .................................................................................................................. 188
Logging Commands .......................................................................................................................... 190
Login Account Commands ............................................................................................................... 191
Loopguard Commands ..................................................................................................................... 193
MAC Address Commands ................................................................................................................. 195
MAC Authentication Commands .................................................................................................... 197
MAC-based VLAN .............................................................................................................................. 199
MAC Filter Commands ....................................................................................................................... 201
MAC Forward Commands ................................................................................................................ 203
MAC Pinning Commands .................................................................................................................. 204
Mirror Commands ............................................................................................................................... 206
MRSTP Commands ............................................................................................................................. 210
MSTP Commands ................................................................................................................................ 213
Multiple Login Commands ................................................................................................................ 218
MVR Commands ................................................................................................................................ 219

Reference N-S .................................................................................................................................221

OSPF Commands ................................................................................................................................ 223

Password Commands ........................................................................................................................ 230
PoE Commands .................................................................................................................................. 232
Policy Commands .............................................................................................................................. 235
Policy Route Commands ................................................................................................................... 239
Port Security Commands ................................................................................................................... 241
Port-based VLAN Commands ........................................................................................................... 243
PPPoE IA Commands ......................................................................................................................... 244
Private VLAN Commands .................................................................................................................. 250
Protocol-based VLAN Commands ................................................................................................... 255
Queuing Commands ......................................................................................................................... 257
RADIUS Commands ............................................................................................................................ 261
Remote Management Commands ................................................................................................. 263
RIP Commands ................................................................................................................................... 265
RMON ................................................................................................................................................... 267
Running Configuration Commands ................................................................................................. 274

Ethernet Switch CLI Reference Guide

7
Contents Overview

sFlow ..................................................................................................................................................... 277

Smart Isolation Commands ............................................................................................................... 279
SNMP Server Commands ................................................................................................................... 282
Stacking Commands ......................................................................................................................... 287
STP and RSTP Commands .................................................................................................................. 292
SSH Commands .................................................................................................................................. 296
Static Multicast Commands .............................................................................................................. 298
Static Route Commands ................................................................................................................... 300
Subnet-based VLAN Commands ..................................................................................................... 303
Syslog Commands .............................................................................................................................. 305

Reference T-Z ..................................................................................................................................306

TACACS+ Commands ........................................................................................................................ 307

Tech Support Commands ................................................................................................................. 308
TFTP Commands ................................................................................................................................. 311
Time Range Commands .................................................................................................................... 312
Traceroute Commands ..................................................................................................................... 314
Trunk Commands ................................................................................................................................ 315
trTCM Commands .............................................................................................................................. 318
VLAN Commands ............................................................................................................................... 321
VLAN IP Commands ........................................................................................................................... 327
VLAN Mapping Commands .............................................................................................................. 329
VLAN Port Isolation Commands ........................................................................................................ 331
VLAN Stacking Commands ............................................................................................................... 332
VLAN Trunking Commands ................................................................................................................ 335
Voice VLAN Commands .................................................................................................................... 336
VRRP Commands ............................................................................................................................... 339
ZULD Commands ................................................................................................................................ 342
Additional Commands ...................................................................................................................... 344

Appendices and Index of Commands .........................................................................................355

Ethernet Switch CLI Reference Guide

8
P ART I
Introduction
How to Access and Use the CLI (10)

Privilege Level and Command Mode (13)

Initial Setup (18)

9
CHAPTER 1
How to Access and Use the
CLI
This chapter introduces the command line interface (CLI).

1.1 Accessing the CLI

Use any of the following methods to access the CLI.

1.1.1 Console Port

1 Connect your computer to the console port on the Switch using the appropriate cable.

2 Use terminal emulation software with the following settings:

Table 2 Default Settings for the Console Port

SETTING DEFAULT VALUE
Terminal Emulation VT100
Baud Rate 9600 or 115200 bps
Parity None
Number of Data Bits 8
Number of Stop Bits 1
Flow Control None

3 Press [ENTER] to open the login screen.

1.1.2 Telnet

1 Connect your computer to one of the Ethernet ports.

2 Open a Telnet session to the Switch’s IP address. If this is your first login, use the default values.

Ethernet Switch CLI Reference Guide

10
Chapter 1 How to Access and Use the CLI

Table 3 Default Management IP Address

SETTING DEFAULT VALUE
IP Address 192.168.1.1
Subnet Mask 255.255.255.0

Make sure your computer IP address is in the same subnet, unless you are accessing the Switch through
one or more routers.

1.1.3 SSH

1 Connect your computer to one of the Ethernet ports.

2 Use a SSH client program to access the Switch. If this is your first login, use the default values in Table 3 on
page 11 and Table 4 on page 11. Make sure your computer IP address is in the same subnet, unless you
are accessing the Switch through one or more routers.

1.2 Logging in
Use the administrator username and password. If this is your first login, use the default values.

Table 4 Default User Name and Password

SETTING DEFAULT VALUE
User Name admin
Password 1234

Note: The Switch automatically logs you out of the management interface after five minutes
of inactivity. If this happens to you, simply log back in again.

1.3 Using Shortcuts and Getting Help

This table identifies some shortcuts in the CLI, as well as how to get help.

Table 5 CLI Shortcuts and Help

COMMAND / KEY(S) DESCRIPTION
history Displays a list of recently-used commands.

 (up/down arrow keys) Scrolls through the list of recently-used commands. You can edit any
command or press [ENTER] to run it again.
[CTRL]+U Clears the current command.

[TAB] Auto-completes the keyword you are typing if possible. For example, type
config, and press [TAB]. The Switch finishes the word configure.
? Displays the keywords and/or input values that are allowed in place of the ?.

help Displays the (full) commands that are allowed in place of help.

Ethernet Switch CLI Reference Guide

11
Chapter 1 How to Access and Use the CLI

1.4 Saving Your Configuration

When you run a command, the Switch saves any changes to its run-time memory. The Switch loses these
changes if it is turned off or loses power. Use the write memory command in enable mode to save the
current configuration permanently to non-volatile memory.

sysname# write memory

Note: You should save your changes after each CLI session. All unsaved configuration
changes are lost once you restart the Switch.

1.5 Logging Out

Enter logout to log out of the CLI. You have to be in user, enable, or config mode. See Chapter 2 on
page 13 for more information about modes.

Ethernet Switch CLI Reference Guide

12
CHAPTER 2
Privilege Level and
Command Mode
This chapter introduces the CLI privilege levels and command modes.

• The privilege level determines whether or not a user can run a particular command.
• If a user can run a particular command, the user has to run it in the correct mode.

2.1 Privilege Levels

Every command has a privilege level (0-14). Users can run a command if the session’s privilege level is
greater than or equal to the command’s privilege level. The session’s privilege level initially comes from
the login account’s privilege level, though it is possible to change the session’s privilege level after
logging in.

2.1.1 Privilege Levels for Commands

The privilege level of each command is listed in the Reference A-G chapters on page 25.

At the time of writing, commands have a privilege level of 0, 3, 13, or 14. The following table summarizes
the types of commands at each of these privilege levels.

Table 6 Types of Commands at Different Privilege Levels

PRIVILEGE LEVEL TYPES OF COMMANDS AT THIS PRIVILEGE LEVEL
0 Display basic system information.
3 Display configuration or status.
13 Configure features except for login accounts, SNMP user accounts, the authentication
method sequence and authorization settings, multiple logins, administrator and enable
passwords, and configuration information display.
14 Configure login accounts, SNMP user accounts, the authentication method sequence and
authorization settings, multiple logins, and administrator and enable passwords, and display
configuration information.

2.1.2 Privilege Levels for Login Accounts

You can manage the privilege levels for login accounts in the following ways:

• Using commands. Login accounts can be configured by the admin account or any login account
with a privilege level of 14. See Chapter 46 on page 191.

Ethernet Switch CLI Reference Guide

13
Chapter 2 Privilege Level and Command Mode

• Using vendor-specific attributes in an external authentication server. See the User’s Guide for more
information.

The admin account has a privilege level of 14, so the administrator can run every command. You
cannot change the privilege level of the admin account.

2.1.3 Privilege Levels for Sessions

The session’s privilege level initially comes from the privilege level of the login account the user used to
log in to the Switch. After logging in, the user can use the following commands to change the session’s
privilege level.

2.1.3.1 enable Command

This command raises the session’s privilege level to 14. It also changes the session to enable mode (if not
already in enable mode). This command is available in user mode or enable mode, and users have to
know the enable password.

In the following example, the login account user0 has a privilege level of 0 but knows that the enable
password is 123456. Afterwards, the session’s privilege level is 14, instead of 0, and the session changes to
enable mode.

sysname> enable
Password: 123456
sysname#

The default enable password is 1234. Use this command to set the enable password.

password <password>

<password> consists of 1-32 alphanumeric characters. For example, the following command sets the
enable password to 123456. See Chapter 101 on page 344 for more information about this command.

sysname(config)# password 123456

The password is sent in plain text and stored in the Switch’s buffers. Use this command to set the cipher
password for password encryption.

password cipher <password>

<password> consists of 32 alphanumeric characters. For example, the following command encrypts the
enable password with a 32-character cipher password. See Chapter 60 on page 230 for more
information about this command.

sysname(config)# password cipher qwertyuiopasdfghjklzxcvbnm123456

2.1.3.2 enable <0-14> Command

This command raises the session’s privilege level to the specified level. It also changes the session to
enable mode, if the specified level is 13 or 14. This command is available in user mode or enable mode,
and users have to know the password for the specified privilege level.

Ethernet Switch CLI Reference Guide

14
Chapter 2 Privilege Level and Command Mode

In the following example, the login account user0 has a privilege level of 0 but knows that the password
for privilege level 13 is pswd13. Afterwards, the session’s privilege level is 13, instead of 0, and the session
changes to enable mode.

sysname> enable 13
Password: pswd13
sysname#

Users cannot use this command until you create passwords for specific privilege levels. Use the following
command to create passwords for specific privilege levels.

password <password> privilege <0-14>

<password> consists of 1-32 alphanumeric characters. For example, the following command sets the
password for privilege level 13 to pswd13. See Chapter 101 on page 344 for more information about this
command.

sysname(config)# password pswd13 privilege 13

2.1.3.3 disable Command

This command reduces the session’s privilege level to 0. It also changes the session to user mode. This
command is available in enable mode.

2.1.3.4 show privilege command

This command displays the session’s current privilege level. This command is available in user mode or
enable mode.

sysname# show privilege

Current privilege level : 14

2.2 Command Modes

The CLI is divided into several modes. If a user has enough privilege to run a particular command, the
user has to run the command in the correct mode. The modes that are available depend on the
session’s privilege level.

2.2.1 Command Modes for Privilege Levels 0-12

If the session’s privilege level is 0-12, the user and all of the allowed commands are in user mode. Users
do not have to change modes to run any allowed commands.

Ethernet Switch CLI Reference Guide

15
Chapter 2 Privilege Level and Command Mode

2.2.2 Command Modes for Privilege Levels 13-14

If the session’s privilege level is 13-14, the allowed commands are in one of several modes.

Table 7 Command Modes for Privilege Levels 13-14 and the Types of Commands in Each One
MODE PROMPT COMMAND FUNCTIONS IN THIS MODE
enable sysname# Display current configuration, diagnostics,
maintenance.
config sysname(config)# Configure features other than those below.

config-interface sysname(config-interface)# Configure ports.

config-mvr sysname(config-mvr)# Configure multicast VLAN.

config-route- sysname(config-if)# Enable and enter configuration mode for an IPv4 or

domain IPv6 routing domain.
config-dvmrp sysname(config-dvmrp)# Configure Distance Vector Multicast Routing Protocol
(DVRMP).
config-igmp sysname(config-igmp)# Configure Internet Group Management Protocol
(IGMP).
config-ma sysname(config-ma)# Configure an Maintenance Association (MA) in
Connectivity Fault Management (CFM).
config-ospf sysname(config-ospf)# Configure Open Shortest Path First (OSPF) protocol.

config-rip sysname(config-rip)# Configure Routing Information Protocol (RIP).

config-vrrp sysname(config-vrrp)# Configure Virtual Router Redundancy Protocol (VRRP).

Each command is usually in one and only one mode. If a user wants to run a particular command, the
user has to change to the appropriate mode. The command modes are organized like a tree, and users
start in enable mode. The following table explains how to change from one mode to another.

Table 8 Changing Between Command Modes for Privilege Levels 13-14

MODE ENTER MODE LEAVE MODE
enable -- --

config configure exit

config-interface interface port-channel <port-list> exit

config-mvr mvr <1-4094> exit

config-vlan vlan <1-4094> exit

config-route-domain interface route domain <ip-address>/<mask-bits> exit

config-dvmrp router dvmrp exit

config-igmp router igmp exit

config-ospf router ospf <router-id> exit

config-rip router rip exit

config-vrrp router vrrp network <ip-address>/<mask-bits> exit

vr-id <1~7> uplink-gateway <ip-address>

Ethernet Switch CLI Reference Guide

16
Chapter 2 Privilege Level and Command Mode

2.3 Listing Available Commands

Use the help command to view the executable commands on the Switch. You must have the highest
privilege level in order to view all the commands. Follow these steps to create a list of supported
commands:

1 Log into the CLI. This takes you to the enable mode.

2 Type help and press [ENTER]. A list comes up which shows all the commands available in enable mode.
The example shown next has been edited for brevity’s sake.

sysname# help
Commands available:

help
logout
exit
history
enable <0-14>
enable <cr>
.
.
traceroute <ip|host-name> [vlan <vlan-id>][..]
traceroute help
ssh <1|2> <[user@]dest-ip> <cr>
ssh <1|2> <[user@]dest-ip> [command </>]
sysname#

3 Copy and paste the results into a text editor of your choice. This creates a list of all the executable
commands in the user and enable modes.

4 Type configure and press [ENTER]. This takes you to the config mode.

5 Type help and press [ENTER]. A list is displayed which shows all the commands available in config mode
and all the sub-commands. The sub-commands are preceded by the command necessary to enter
that sub-command mode. For example, the command name <name-str> as shown next, is preceded
by the command used to enter the config-vlan sub-mode: vlan <1-4094>.

sysname# help
.
.
no arp inspection log-buffer logs
no arp inspection filter-aging-time
no arp inspection <cr>
vlan <1-4094>
vlan <1-4094> name <name-str>
vlan <1-4094> normal <port-list>
vlan <1-4094> fixed <port-list>

6 Copy and paste the results into a text editor of your choice. This creates a list of all the executable
commands in config and the other submodes, for example, the config-vlan mode.

Ethernet Switch CLI Reference Guide

17
CHAPTER 3
Initial Setup
This chapter identifies tasks you might want to do when you first configure the Switch.

3.1 Changing the Administrator Password

Note: It is recommended you change the default administrator password. You can encrypt
the password using the password encryption command. See Chapter 60 on page
230 for more information.

Use this command to change the administrator password.

admin-password <pw-string> <Confirm-string>

where <pw-string> may be 1-32 alphanumeric characters long.

sysname# configure
sysname(config)# admin-password t1g2y7i9 t1g2y7i9

3.2 Changing the Enable Password

Note: It is recommended you change the default enable password. You can encrypt the
password using the password encryption command. See Chapter 60 on page 230 for
more information.

Use this command to change the enable password.

password <password>

where <password> may be 1-32 alphanumeric characters long.

sysname# configure
sysname(config)# password k8s8s3dl0

Ethernet Switch CLI Reference Guide

18
Chapter 3 Initial Setup

3.3 Prohibiting Concurrent Logins

By default, multiple CLI sessions are allowed via the console port or Telnet. See the User’s Guide for the
maximum number of concurrent sessions for your Switch. Use this command to prohibit concurrent
logins.

no multi-login

Console port has higher priority than Telnet. See Chapter 57 on page 218 for more multi-login
commands.

sysname# configure
sysname(config)# no multi-login

3.4 Changing the Management IP Address

The Switch has a different IP address in each VLAN. By default, the Switch has VLAN 1 with IP address
192.168.1.1 and subnet mask 255.255.255.0. Use this command in config-vlan mode to change the
management IP address in a specific VLAN.

ip address <ip> <mask>

This example shows you how to change the management IP address in VLAN 1 to 172.16.0.1 with subnet
mask 255.255.255.0.

sysname# configure
sysname(config)# vlan 1
sysname(config-vlan)# ip address default-management 172.16.0.1 255.255.255.0

Note: Afterwards, you have to use the new IP address to access the Switch.

3.5 Changing the Out-of-band Management IP Address

If your Switch has a MGMT port (also referred to as the out-of-band management port), then the Switch
can also be managed via this interface. By default, the MGMT port IP address is 192.168.0.1 and the
subnet mask is 255.255.255.0. Use this command in config mode to change the out-of-band
management IP address.

ip address <ip> <mask>

This example shows you how to change the out-of-band management IP address to 10.10.10.1 with
subnet mask 255.255.255.0 and the default gateway 10.10.10.254.

sysname# configure
sysname(config)# ip address 10.10.10.1 255.255.255.0
sysname(config)# ip address default-gateway 10.10.10.254

Ethernet Switch CLI Reference Guide

19
Chapter 3 Initial Setup

3.6 Using Auto Configuration

Follow the steps below to set up configurations on the Switch, so you can load an auto configuration file
automatically from a TFTP server when you reboot the Switch.

Note: You need to set up configurations on a DHCP server and TFTP server first to use auto
configuration.

1 Use this command to enable auto configuration on the Switch.

auto-config

sysname# config
sysname(config)# auto-config

2 Use this command to enable the DHCP mode for auto configuration.
auto-config dhcp

sysname# config
sysname(config)# auto-config dhcp

3 Use this command to configure the Switch as a DHCP client.

ip address default-management dhcp-bootp

sysname# config
sysname(config)# vlan 1
sysname(config-vlan)# ip address default-management dhcp-bootp

4 Use this command to enable DHCP option 60.

ip address default-management dhcp-bootp option-60

When you enable DHCP option 60, make sure you set up a Vendor Class Identifier. The Vendor Class
Identifier specifies the Zyxel switch that should receive the auto configuration file.
Skip this step if you are not enabling DHCP option 60.

sysname# config
sysname(config)# vlan 1
sysname(config-vlan)# ip address default-management dhcp-bootp option-60

5 Use this command to define a Vendor Class Identifier for DHCP option 60.
ip address default-management dhcp-bootp option-60 class-id <class-id>

In this example, we use “ZyxelCorp”.

Skip this step if you don’t need to define a Vendor Class Identifier.

sysname# config
sysname(config)# vlan 1
sysname(config-vlan)# ip address default-management dhcp-bootp option-60
class-id ZyxelCorp

Ethernet Switch CLI Reference Guide

20
Chapter 3 Initial Setup

6 Use this command to check the settings for auto configuration.

show running-config

GS2210# show running-config

Building configuration...

Current configuration:

vlan 1
name 1
normal ""
fixed 1-50
forbidden ""
untagged 1-50
ip address default-management dhcp-bootp
ip address default-management dhcp-bootp option-60 class-id ZyxelCorp
exit
pwr mode consumption
auto-config

7 You need to save the current configuration in a configuration file, so the Switch will load the auto
configuration files from the TFTP server automatically when rebooting
Use this command to save the current configuration in a configuration file.
write memory [<index>]
For [<index>], you can enter a value to save the current configuration to a specified configuration file.
1 is for Config 1, and 2 is for Config 2.

In this example, we save the current configuration to Config 1.

sysname# write memory 1

........................................................................
............................

8 Use this command to reboot the Switch.

reload config [1|2]
For [1|2], 1 is for Config 1, and 2 is for Config 2.

In this example, we load Config 1 to reboot the Switch.

Ethernet Switch CLI Reference Guide

21
Chapter 3 Initial Setup

sysname# reload config 1

Do you really want to reboot system with configuration file 1? [y/N]y
Bootbase Version: V1.05 | 12/19/2013 16:57:54
DRAM calibration...PASSED
RAM: Size = 131072 Kbytes

ZyNOS Version: V4.50(AAHW.0)b3_20171020_1 | 10/20/2017 16:9:36

Press any key to enter debug mode within 1 second.

....................
(Compressed)
Version: GS2210, start: b4962430
Length: 16F0668, Checksum: 03AA
Compressed Length: 2EE424, Checksum: 87A5
Copyright (c) 1994 - 2017 Zyxel Communications Corp.
initialize mgmt, initialize switch, ethernet address: 00:19:cb:00:00:01
Initializing MSTP.............
Initializing VLAN Database...
Initializing IP Interface...
Initializing Advanced Applications...
Initializing Command Line Interface...
Initializing Web Interface...
Restore System Configuration...
Start Auto Configuration...
..............
Try to download and restore configuration file from TFTP://10.90.90.11/
TestConf2
Downloading....
Get the file TestConf2, length 289 bytes.
Restoring......
Auto-config processes successfully.
Press ENTER to continue...

9 Use this command to check whether the auto configuration file was loaded successfully.
Show auto-config

Mode: DHCP
State: Success
Filename: TFTP://10.90.90.11/TestConf2

3.7 Using Custom Default

Follow the steps below to set up configurations on the Switch, so you can load a customized default file
when you reboot the Switch.

1 Use this command to enable custom default on the Switch.

custom-default

sysname# config
sysname(config)# custom-default

Ethernet Switch CLI Reference Guide

22
Chapter 3 Initial Setup

2 Use this command to save the current configuration settings permanently to a customized default file on
the Switch.
copy running-config custom-default

sysname# copy running-config custom-default

........................................................................
............................

3 Use this command to reboot the system and load a saved customized default file on the Switch.
reload custom-default

sysname# reload custom-default

Do you really want to restore system to custom default settings and
reboot?[y/N]y
.......

Bootbase Version: V1.05 | 12/19/2013 16:57:54

DRAM calibration...PASSED
RAM: Size = 131072 Kbytes
ZyNOS Version: V4.50(AAHW.0)b3_20171020_1 | 10/20/2017 16:9:36

Press any key to enter debug mode within 1 second.

3.8 Looking at Basic System Information

Use this command to look at general system information about the Switch.

show system-information

Ethernet Switch CLI Reference Guide

23
Chapter 3 Initial Setup

This is illustrated in the following example.

sysname# show system-information

Product Model : sysname

System Name : sysname
System Mode : Standalone
System Contact :
System Location :
System up Time : 98:26:28 (151f8939 ticks)
Ethernet Address : 00:19:cb:00:00:02
Bootbase Version : V1.02 | 08/27/2014
ZyNOS F/W Version : V4.20(AASS.0)b3 | 09/24/2014
Config Boot Image : 1
Current Boot Image : 1
RomRasSize : 8336318
sysname#

See Chapter 101 on page 344 for more information about these attributes.

3.9 Looking at the Operating Configuration

Use this command to look at the current operating configuration.

show running-config

This is illustrated in the following example.

sysname# show running-config

Building configuration...

Current configuration:

vlan 1
name 1
normal ""
fixed 1-52
forbidden ""
untagged 1-52
ip address 192.168.1.1 255.255.255.0
exit
interface route-domain 192.168.1.1/24
exit
pwr mode consumption

Ethernet Switch CLI Reference Guide

24
P ART II
Reference A-G
AAA Commands (27)

ARP Commands (32)

ARP Inspection Commands (34)

ARP Learning Commands (39)

Auto Configuration Commands (40)

Bandwidth Commands (42)

Broadcast Storm Commands (46)

CFM Commands (49)

Classifier Commands (58)

Cluster Commands (62)

CLV Commands (65)

Custom Default Commands (71)

Date and Time Commands (72)

Data Center Bridging Commands (75)

DHCP Commands (83)

DHCP Snooping & DHCP VLAN Commands (88)

DiffServ Commands (91)

25
Display Commands (92)

DVMRP Commands (93)

Error Disable and Recovery Commands (95)

Ethernet OAM Commands (99)

External Alarm Commands (104)

GARP Commands (106)

Green Ethernet Commands (108)

GVRP Commands (112)

26
CHAPTER 4
AAA Commands
Use these commands to configure authentication, authorization and accounting on the Switch.

4.1 Command Summary

The following section lists the commands for this feature.

Table 9 aaa authentication Command Summary

COMMAND DESCRIPTION M P
show aaa authentication Displays what methods are used for authentication. E 3

show aaa authentication enable Displays the authentication method(s) for checking E 3
privilege level of administrators.
aaa authentication enable Specifies which method should be used first, second, and C 14
<method1> [<method2> ...] third for checking privileges.

method: enable, radius, or tacacs+.

no aaa authentication enable Resets the method list for checking privileges to its default C 14
value.
show aaa authentication login Displays the authentication methods for administrator login E 3
accounts.
aaa authentication login Specifies which method should be used first, second, and C 14
<method1> [<method2> ...] third for the authentication of login accounts.

method: local, radius, or tacacs+.

no aaa authentication login Resets the method list for the authentication of login C 14
accounts to its default value.

Table 10 Command Summary: aaa accounting

COMMAND DESCRIPTION M P
show aaa accounting Displays accounting settings configured on the Switch. E 3

show aaa accounting update Display the update period setting on the Switch for E 3
accounting sessions.
aaa accounting update periodic Sets the update period (in minutes) for accounting C 13
<1-2147483647> sessions. This is the time the Switch waits to send an update
to an accounting server after a session starts.
no aaa accounting update Resets the accounting update interval to the default C 13
value.
show aaa accounting commands Displays accounting settings for recording command E 3
events.
aaa accounting commands Enables accounting of command sessions and specifies C 13
<privilege> stop-only tacacs+ the minimum privilege level (0-14) for the command
[broadcast] sessions that should be recorded. Optionally, sends
accounting information for command sessions to all
configured accounting servers at the same time.

Ethernet Switch CLI Reference Guide

27
Chapter 4 AAA Commands

Table 10 Command Summary: aaa accounting (continued)

COMMAND DESCRIPTION M P
no aaa accounting commands Disables accounting of command sessions on the Switch. C 13

show aaa accounting dot1x Displays accounting settings for recording IEEE 802.1x E 3
session events.
aaa accounting dot1x <start- Enables accounting of IEEE 802.1x authentication sessions C 13
stop|stop-only> and specifies the mode and protocol method. Optionally,
<radius|tacacs+> [broadcast] sends accounting information for IEEE 802.1x
authentication sessions to all configured accounting
servers at the same time.
no aaa accounting dot1x Disables accounting of IEEE 802.1x authentication sessions C 13
on the Switch.
show aaa accounting exec Displays accounting settings for recording administrative E 3
sessions via SSH, Telnet or the console port.
aaa accounting exec <start- Enables accounting of administrative sessions via SSH, C 13
stop|stop-only> Telnet and console port and specifies the mode and
<radius|tacacs+> [broadcast] protocol method. Optionally, sends accounting
information for administrative sessions via SSH, Telnet and
console port to all configured accounting servers at the
same time.
no aaa accounting exec Disables accounting of administrative sessions via SSH, C 13
Telnet or console on the Switch.
show aaa accounting system Displays accounting settings for recording system events, E 3
for example system shut down, start up, accounting
enabled or accounting disabled.
aaa accounting system Enables accounting of system events and specifies the C 13
<radius|tacacs+> [broadcast] protocol method. Optionally, sends accounting
information for system events to all configured accounting
servers at the same time.
no aaa accounting system Disables accounting of system events on the Switch. C 13

Table 11 aaa authorization Command Summary

COMMAND DESCRIPTION M P
show aaa authorization Displays authorization settings configured on the Switch. E 3

show aaa authorization dot1x Displays the authorization method used to allow an IEEE E 3
802.1x client to have different bandwidth limit or VLAN ID
assigned via the external server.
show aaa authorization exec Displays the authorization method used to allow an E 3
administrator which logs in the Switch through Telnet or SSH
to have different access privilege level assigned via the
external server.
aaa authorization console Enables authorization of allowing an administrator which C 14
logs in the Switch through the console port to have
different access privilege level assigned via the external
server.
aaa authorization dot1x radius Enables authorization for IEEE 802.1x clients using RADIUS. C 14

aaa authorization exec Specifies which method (radius or tacacs+) should be C 14

<radius|tacacs+> used for administrator authorization.

no aaa authorization console Disables authorization of allowing an administrator which C 14

logs in the Switch through the console port to have
different access privilege level assigned via the external
server.

Ethernet Switch CLI Reference Guide

28
Chapter 4 AAA Commands

Table 11 aaa authorization Command Summary (continued)

COMMAND DESCRIPTION M P
no aaa authorization dot1x Disables authorization of allowing an IEEE 802.1x client to C 14
have different bandwidth limit or VLAN ID assigned via the
external server.
no aaa authorization exec Disables authorization of allowing an administrator which C 14
logs in the Switch through Telnet or SSH to have different
access privilege level assigned via the external server.

Ethernet Switch CLI Reference Guide

29
CHAPTER 5
Anti-Arpscan
Use these commands to configure anti-Arpscan on the Switch.

5.1 Anti-Arpscan Overview

Address Resolution Protocol (ARP), RFC 826, is a protocol used to convert a network-layer IP address to a
link-layer MAC address. ARP scan is used to scan the network of a certain interface for alive hosts. It
shows the IP address and MAC addresses of all hosts found. Hackers could use ARP scan to find targets
in your network. Anti-arpscan is used to detect unusual ARP scan activity and block suspicious hosts or
ports.

Unusual ARP scan activity is determined by port and host thresholds that you set. A port threshold is
determined by the number of packets received per second on the port. If the received packet rate is
over the threshold, then the port is put into an Err-Disable state. You can recover the normal state of the
port manually if this happens and after you identify the cause of the problem.

A host threshold is determined by the number of ARP-request packets received per second. There is a
global threshold rate for all hosts. If the rate of a host is over the threshold, then that host is blocked by
using a MAC address filter. A blocked host is released automatically after the MAC aging time expires.

Note: A port-based threshold must be larger than the host-based threshold or the host-based
threshold will not work.

5.2 Command Summary

The following section lists the commands for this feature.

Table 12 anti arpscan Command Summary

COMMAND DESCRIPTION M P
anti arpscan Enables Anti-arpscan on the Switch. C 13

anti arpscan host threshold <2- Sets the maximum number of ARP-request packets C 13
100> allowed by a host before it is blocked. If the rate of a host is
over the threshold, then that host is blocked by using a
MAC address filter. A blocked host is released
automatically after the MAC aging time expires.
anti arpscan port threshold <2- Sets the maximum number of packets per second allowed C 13
255> on the port before it is blocked.

anti arpscan trust host <ip- Creates a trusted host identified by IP address and subnet C 13
address> <mask> [ name <name> ] mask.

Anti-arpscan is not performed on trusted hosts.

Ethernet Switch CLI Reference Guide

30
Chapter 5 Anti-Arpscan

Table 12 anti arpscan Command Summary (continued)

COMMAND DESCRIPTION M P
clear anti arpscan host Unblocks all hosts. E 13

clear anti arpscan host Unblocks all hosts connected to the specified port(s). E 13
interface port-channel <port-
list>
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
anti arpscan trust Sets the port as a trusted port. This prevents the port from C 13
being shutdown due to receiving too many ARP
messages.
no anti arpscan Disables Anti-arpscan on the Switch. C 13

no anti arpscan host threshold Resets the host threshold to its default value. C 13

no anti arpscan port threshold Resets the port threshold to its default value. C 13

no anti arpscan trust host <ip- Removes a trusted host. C 13

address> <mask>
show anti arpscan Displays what ports are trusted and are forwarding traffic E 3
or are disabled.
show anti arpscan host Displays the host that has been blocked. E 3

Ethernet Switch CLI Reference Guide

31
CHAPTER 6
ARP Commands
Use these commands to look at IP-to-MAC address mapping(s).

6.1 Command Summary

The following section lists the commands for this feature.

Table 13 arp Command Summary

COMMAND DESCRIPTION M P
arp aging-time <60-1000000> Sets how long dynamically learned ARP entries remain in C 13
the ARP table before they age out (and must be
relearned).
arp name <name> ip <ip-address> Creates a static ARP entry which will not age out. C 13
mac <mac-addr> vlan <vlan-id>
interface port-channel <port-
list>
arp name <name> ip <ip-address> Creates a static ARP entry but disables it. C 13
mac <mac-addr> vlan <vlan-id>
interface port-channel <port-
list> inactive
no arp ip <ip-address> mac <mac- Deletes a static ARP entry from the ARP table. C 13
addr> vlan <vlan-id>
no arp ip <ip-address> mac <mac- Enables the specified static ARP entry. C 13
addr> vlan <vlan-id> inactive
show ip arp Displays the ARP table. E 3

show ip arp count Displays the number of ARP entries in the ARP table. E 3

clear ip arp Removes all of the dynamic entries from the ARP table. E 13

clear ip arp interface port- Removes the dynamic entries learned on the specified E 13
channel <port-list> port.

clear ip arp ip <ip-address> Removes the dynamic entries learned with the specified IP E 13
address.

Ethernet Switch CLI Reference Guide

32
Chapter 6 ARP Commands

6.2 Command Examples

This example creates a static ARP entry and shows the ARP table on the Switch.

sysname# config
sysname(config)# arp name test ip 192.168.1.99 mac 00:c5:d8:01:23:45 vlan
1 interface port-channel 3
sysname(config)# exit
sysname# show ip arp
Index IP MAC VLAN Port Age(s) Type
1 192.168.1.1 00:19:cb:37:00:49 1 CPU 0 static
2 192.168.1.99 00:c5:d8:01:23:45 1 3 0 static
3 192.168.2.1 00:19:cb:37:00:49 465 CPU 0 static
sysname#

The following table describes the labels in this screen.

Table 14 show ip arp

LABEL DESCRIPTION
Index This field displays the index number.
IP This field displays the learned IP address of the device.
MAC This field displays the MAC address of the device.
VLAN This field displays the VLAN to which the device belongs.
Port This field displays the number of the port from which the IP address was learned.

CPU indicates this IP address is the Switch’s management IP address.

Age(s) This field displays how long the entry remains valid.
Type This field displays how the entry was learned.

dynamic: The Switch learned this entry from ARP packets.

Ethernet Switch CLI Reference Guide

33
CHAPTER 7
ARP Inspection Commands
Use these commands to filter unauthorized ARP packets in your network.

7.1 Command Summary

The following section lists the commands for this feature.

Table 15 arp inspection Command Summary

COMMAND DESCRIPTION M P
arp inspection Enables ARP inspection on the Switch. You still have to C 13
enable ARP inspection on specific VLAN and specify
trusted ports.
no arp inspection Disables ARP inspection on the Switch. C 13

show arp inspection Displays ARP inspection configuration details. E 3

clear arp inspection statistics Removes all ARP inspection statistics on the Switch. E 3

clear arp inspection statistics Removes ARP inspection statistics for the specified E 3
vlan <vlan-list> VLAN(s).

show arp inspection statistics Displays all ARP inspection statistics on the Switch. E 3

show arp inspection statistics Displays ARP inspection statistics for the specified VLAN(s). E 3
vlan <vlan-list>

Table 16 Command Summary: arp inspection filter

COMMAND DESCRIPTION M P
show arp inspection filter Displays the current list of MAC address filters that were E 3
[<mac-addr>] [vlan <vlan-id>] created because the Switch identified an unauthorized
ARP packet. Optionally, lists MAC address filters based on
the MAC address or VLAN ID in the filter.
clear arp inspection filter Delete all ARP inspection filters from the Switch. E 13

arp inspection filter-aging-time Specifies how long (1-2147483647 seconds) MAC address C 13
<1-2147483647> filters remain in the Switch after the Switch identifies an
unauthorized ARP packet. The Switch automatically
deletes the MAC address filter afterwards.
arp inspection filter-aging-time Specifies the MAC address filter to be permanent. C 13
none
no arp inspection filter-aging- Resets how long (1-2147483647 seconds) the MAC address C 13
time filter remains in the Switch after the Switch identifies an
unauthorized ARP packet to the default value.

Ethernet Switch CLI Reference Guide

34
Chapter 7 ARP Inspection Commands

Table 17 Command Summary: arp inspection log

COMMAND DESCRIPTION M P
show arp inspection log Displays the log settings configured on the Switch. It also E 3
displays the log entries recorded on the Switch.
clear arp inspection log Delete all ARP inspection log entries from the Switch. E 13

arp inspection log-buffer Specifies the maximum number (1-1024) of log messages C 13
entries <0-1024> that can be generated by ARP packets and not sent to
the syslog server.

If the number of log messages in the Switch exceeds this

number, the Switch stops recording log messages and
simply starts counting the number of entries that were
dropped due to unavailable buffer.
arp inspection log-buffer logs Specifies the number of syslog messages that can be sent C 13
<0-1024> interval <0-86400> to the syslog server in one batch and how often (1-86400
seconds) the Switch sends a batch of syslog messages to
the syslog server.
no arp inspection log-buffer Resets the maximum number (1-1024) of log messages that C 13
entries can be generated by ARP packets and not sent to the
syslog server to the default value.
no arp inspection log-buffer Resets the maximum number of syslog messages the C 13
logs Switch can send to the syslog server in one batch to the
default value.

Table 18 Command Summary: interface arp inspection

COMMAND DESCRIPTION M P
show arp inspection interface Displays the ARP inspection settings for the specified E 3
port-channel <port-list> port(s).

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
arp inspection trust Sets the port to be a trusted port for arp inspection. The C 13
Switch does not discard ARP packets on trusted ports for
any reason.
no arp inspection trust Disables this port from being a trusted port for ARP C 13
inspection.

Table 19 Command Summary: arp inspection vlan

COMMAND DESCRIPTION M P
show arp inspection vlan <vlan- Displays ARP inspection settings for the specified VLAN(s). E 3
list>
arp inspection vlan <vlan-list> Enables ARP inspection on the specified VLAN(s). C 13

no arp inspection vlan <vlan- Disables ARP inspection on the specified VLAN(s). C 13
list>
arp inspection vlan <vlan-list> Enables logging of ARP inspection events on the specified C 13
logging [all|none|permit|deny] VLAN(s). Optionally specifies which types of events to log.

no arp inspection vlan <vlan- Disables logging of messages generated by ARP C 13

list> logging inspection for the specified VLAN(s).

Ethernet Switch CLI Reference Guide

35
Chapter 7 ARP Inspection Commands

7.2 Command Examples

This example looks at the current list of MAC address filters that were created because the Switch
identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it
automatically creates a MAC address filter to block traffic from the source MAC address and source
VLAN ID of the unauthorized ARP packet.

sysname# show arp inspection filter

Filtering aging timeout : 300

MacAddress VLAN Port Expiry (sec) Reason

----------------- ---- ----- ------------ --------------
Total number of bindings: 0

The following table describes the labels in this screen.

Table 20 show arp inspection filter

LABEL DESCRIPTION
Filtering aging timeout This field displays how long the MAC address filters remain in the Switch after the Switch
identifies an unauthorized ARP packet. The Switch automatically deletes the MAC
address filter afterwards.
MacAddress This field displays the source MAC address in the MAC address filter.
VLAN This field displays the source VLAN ID in the MAC address filter.
Port This field displays the source port of the discarded ARP packet.
Expiry (sec) This field displays how long (in seconds) the MAC address filter remains in the Switch.
You can also delete the record manually (Delete).
Reason This field displays the reason the ARP packet was discarded.

MAC+VLAN: The MAC address and VLAN ID were not in the binding table.

IP: The MAC address and VLAN ID were in the binding table, but the IP address was not
valid.

Port: The MAC address, VLAN ID, and IP address were in the binding table, but the port
number was not valid.

This example looks at log messages that were generated by ARP packets and that have not been sent
to the syslog server yet.

sysname# show arp inspection log

Total Log Buffer Size : 32
Syslog rate : 5 entries per 1 seconds

Port Vlan Sender MAC Sender IP Pkts Reason

Time
---- ---- ----------------- --------------- ---- ---------- ----
---------------------
Total number of logs: 0

Ethernet Switch CLI Reference Guide

36
Chapter 7 ARP Inspection Commands

The following table describes the labels in this screen.

Table 21 show arp inspection log

LABEL DESCRIPTION
Total Log Buffer Size This field displays the maximum number (1-1024) of log messages that were
generated by ARP packets and have not been sent to the syslog server yet.

If the number of log messages in the Switch exceeds this number, the Switch stops
recording log messages and simply starts counting the number of entries that were
dropped due to unavailable buffer.
Syslog rate This field displays the maximum number of syslog messages the Switch can send to
the syslog server in one batch. This number is expressed as a rate because the batch
frequency is determined by the Log Interval.
Port This field displays the source port of the ARP packet.
Vlan This field displays the source VLAN ID of the ARP packet.
Sender MAC This field displays the source MAC address of the ARP packet.
Sender IP This field displays the source IP address of the ARP packet.
Pkts This field displays the number of ARP packets that were consolidated into this log
message. The Switch consolidates identical log messages generated by ARP
packets in the log consolidation interval into one log message.
Reason This field displays the reason the log message was generated.

dhcp deny: An ARP packet was discarded because it violated a dynamic binding
with the same MAC address and VLAN ID.

static deny: An ARP packet was discarded because it violated a static binding with
the same MAC address and VLAN ID.

deny: An ARP packet was discarded because there were no bindings with the same
MAC address and VLAN ID.

static permit: An ARP packet was forwarded because it matched a static binding.

dhcp permit: An ARP packet was forwarded because it matched a dynamic

binding.
Time This field displays when the log message was generated.
Total number of logs This field displays the number of log messages that were generated by ARP packets
and that have not been sent to the syslog server yet. If one or more log messages
are dropped due to unavailable buffer, there is an entry called overflow with the
current number of dropped log messages.

This example displays whether ports are trusted or untrusted ports for ARP inspection.

sysname# show arp inspection interface port-channel 1

Interface Trusted State Rate (pps) Burst Interval
--------- ------------- ---------- --------------
1 Untrusted 15 1

Ethernet Switch CLI Reference Guide

37
Chapter 7 ARP Inspection Commands

The following table describes the labels in this screen.

Table 22 show arp inspection interface port-channel

LABEL DESCRIPTION
Interface This field displays the port number. If you configure the * port, the settings are applied
to all of the ports.
Trusted State This field displays whether this port is a trusted port (Trusted) or an untrusted port
(Untrusted).

Trusted ports are connected to DHCP servers or other switches, and the Switch discards
DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too
high.
Rate (pps) This field displays the maximum number for DHCP packets that the Switch receives from
each port each second. The Switch discards any additional DHCP packets.
Burst Interval This field displays the length of time over which the rate of ARP packets is monitored for
each port. For example, if the Rate is 15 pps and the burst interval is 1 second, then the
Switch accepts a maximum of 15 ARP packets in every one-second interval. If the burst
interval is 5 seconds, then the Switch accepts a maximum of 75 ARP packets in every
five-second interval.

Ethernet Switch CLI Reference Guide

38
CHAPTER 8
ARP Learning Commands
Use these commands to configure how the Switch updates the ARP table.

8.1 Command Summary

The following section lists the commands for this feature.

Table 23 arp-learning Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
arp-learning <arp- Sets the ARP learning mode the Switch uses on the port. C 13
reply|gratuitous-arp|arp-
arp-reply: the Switch updates the ARP table only with
request> the ARP replies to the ARP requests sent by the Switch.

gratuitous-arp: the Switch updates its ARP table with

either an ARP reply or a gratuitous ARP request. A
gratuitous ARP is an ARP request in which both the source
and destination IP address fields are set to the IP address of
the device that sends this request and the destination
MAC address field is set to the broadcast address.

arp-request: the Switch updates the ARP table with both

ARP replies, gratuitous ARP requests and ARP requests.
no arp-learning Resets the ARP learning mode to its default setting (arp- C 13
reply).

8.2 Command Examples

This example changes the ARP learning mode on port 8 from arp-reply to arp-request.

sysname# configure
sysname(config)# interface port-channel 8
sysname(config-interface)# arp-learning arp-request

Ethernet Switch CLI Reference Guide

39
CHAPTER 9
Auto Configuration
Commands
Use these commands to configure auto configuration on the Switch.

9.1 Auto Configuration Overview

You can load an auto configuration file from a TFTP server automatically when you reboot the Switch.
The Switch must have a dynamic IP address assigned by a DHCP server. Also, make sure the Switch can
communicate with the TFTP server.

Note: You need to set up configurations on a DHCP server and TFTP server first to use auto
configuration.

9.2 Command Summary

The following section lists the commands for this feature.

Table 24 auto-config Command Summary

COMMAND DESCRIPTION M P
auto-config Enables auto configuration. When auto configuration is C 14
enabled, the Switch can receive an auto configuration
file.
no auto-config Disables auto configuration. C 14

auto-config dhcp Enables the DHCP mode for auto configuration. When C 14
auto configuration DHCP is enabled, the Switch can
receive an auto configuration file from a TFTP server. The
location of the TFTP server is provided by a DHCP server.
show auto-config The following information is displayed: E 3

• The mode that is used for auto configuration.

• The status to see whether an auto configuration file is
successfully loaded to the Switch after you reboot the
Switch.
• The name of the auto configuration file that is loaded
after you reboot the Switch.

See Chapter 93 on page 327 for the commands to enable and disable DHCP option 60.

Ethernet Switch CLI Reference Guide

40
Chapter 9 Auto Configuration Commands

9.3 Command Examples

See Section 3.6 on page 20 for an example of how to configure auto configuration on the Switch.

Ethernet Switch CLI Reference Guide

41
Chapter 10 Bandwidth Commands

C H A P T E R 10
Bandwidth Commands
Use these commands to configure the maximum allowable bandwidth for incoming or outgoing traffic
flows on a port.

Note: Bandwidth management implementation differs across Switch models.

• Some models use a single command (bandwidth-limit ingress) to control the incoming rate of
traffic on a port.
• Other models use two separate commands (bandwidth-limit cir and bandwidth-limit pir) to
control the Committed Information Rate (CIR) and the Peak Information Rate (PIR) allowed on a port.
The CIR and PIR should be set for all ports that use the same uplink bandwidth. If the CIR is reached,
packets are sent at the rate up to the PIR. When network congestion occurs, packets through the
ingress port exceeding the CIR will be marked for drop.

Note: The CIR should be less than the PIR.

See Section 10.2 on page 43 and Section 10.3 on page 44 for examples.

See also Chapter 91 on page 318 for information on how to use trTCM (Two Rate Three Color Marker) to
control traffic flow.

10.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 25 User-input Values: running-config

COMMAND DESCRIPTION
port-list The port number or a range of port numbers that you want to configure.

rate The rate represents a bandwidth limit. Different models support different rate limiting
incremental steps. See your User’s Guide for more information.

The following section lists the commands for this feature.

Table 26 Command Summary: bandwidth-control & bandwidth-limit

COMMAND DESCRIPTION M P
show interfaces config <port- Displays the current settings for bandwidth control on the E 3
list> bandwidth-control specified ports.

bandwidth-control Enables bandwidth control on the Switch. C 13

Ethernet Switch CLI Reference Guide

42
Table 26 Command Summary: bandwidth-control & bandwidth-limit (continued)
COMMAND DESCRIPTION M P
no bandwidth-control Disables bandwidth control on the Switch. C 13

interface port-channel <port- Enters subcommand mode for configuring the specified C 13
list> ports.

bandwidth-limit ingress Enables bandwidth limits for incoming traffic on the port(s). C 13

bandwidth-limit ingress Sets the maximum bandwidth allowed for incoming traffic C 13
<rate> on the port(s).

bandwidth-limit egress Enables bandwidth limits for outgoing traffic on the port(s). C 13

bandwidth-limit egress Sets the maximum bandwidth allowed for outgoing traffic C 13
<rate> on the port(s).

no bandwidth-limit ingress Disables ingress bandwidth limits on the specified port(s). C 13

no bandwidth-limit egress Disables egress bandwidth limits on the specified port(s). C 13

bandwidth-limit cir Enables commit rate limits on the specified port(s). C 13

bandwidth-limit cir <rate> Sets the guaranteed bandwidth allowed for the incoming C 13
traffic flow on a port. The commit rate should be less than
the peak rate. The sum of commit rates cannot be greater
than or equal to the uplink bandwidth.

Note: The sum of CIRs cannot be greater than or

equal to the uplink bandwidth.
bandwidth-limit pir Enables peak rate limits on the specified port(s). C 13

bandwidth-limit pir <rate> Sets the maximum bandwidth allowed for the incoming C 13
traffic flow on the specified port(s).
no bandwidth-limit cir Disables commit rate limits on the specified port(s). C 13

no bandwidth-limit pir Disables peak rate limits on the specified port(s). C 13

10.2 Command Examples: ingress

This example sets the outgoing traffic bandwidth limit to 5000 Kbps and the incoming traffic bandwidth
limit to 4000 Kbps for port 1.

sysname# configure
sysname(config)# bandwidth-control
sysname(config)# interface port-channel 1
sysname(config-interface)# bandwidth-limit egress 5000
sysname(config-interface)# bandwidth-limit ingress 4000
sysname(config-interface)# exit
sysname(config)# exit

This example deactivates the outgoing bandwidth limit on port 1.

sysname# configure
sysname(config)# interface port-channel 1
sysname(config-interface)# no bandwidth-limit egress
sysname(config-interface)# exit
sysname(config)# exit

Ethernet Switch CLI Reference Guide

43
10.3 Command Examples: cir & pir
This example sets the guaranteed traffic bandwidth limit on port 1 to 4000 Kbps and the maximum traffic
bandwidth limit to 5000 Kbps for port 1.

sysname# configure
sysname(config)# bandwidth-control
sysname(config)# interface port-channel 1
sysname(config-interface)# bandwidth-limit cir
sysname(config-interface)# bandwidth-limit cir 4000
sysname(config-interface)# bandwidth-limit pir
sysname(config-interface)# bandwidth-limit pir 5000
sysname(config-interface)# exit
sysname(config)# exit

This example displays the bandwidth limits configured on port 1.

sysname# show running-config interface port-channel 1 bandwidth-limit

Building configuration...

Current configuration:

interface port-channel 1
bandwidth-limit cir 4000
bandwidth-limit cir
bandwidth-limit pir 5000
bandwidth-limit pir

Ethernet Switch CLI Reference Guide

44
Chapter 11 BPDU Guard

C H A P T E R 11
BPDU Guard
Use these commands to configure BPDU guard on the Switch.

11.1 BPDU Guard Overview

A BPDU (Bridge Protocol Data Units) is a data frame that contains information about STP. STP-aware
switches exchange BPDUs periodically.

The BPDU guard feature allows you to prevent any new STP-aware switch from connecting to an existing
network and causing STP topology changes in the network. If there is any BPDU detected on the port(s)
on which BPDU guard is enabled, the Switch disables the port(s) automatically. You can then enable the
port(s) manually via the web configurator or the commands. With error-disable recovery, you can also
have the port(s) become active after a certain time interval.

11.2 Command Summary

The following section lists the commands for this feature.

Table 27 bpduguard Command Summary

COMMAND DESCRIPTION M P
bpduguard Enabled BPDU guard on the Switch. C 13

no bpduguard Disables BPDU guard on the Switch. C 13

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
bpduguard Enabled BPDU guard on the port(s). C 13

no bpduguard Disables BPDU guard on the port(s). C 13

show bpdupguard Displays whether BPDU guard is enabled on the Switch and E 3
the port status.

Ethernet Switch CLI Reference Guide

45
Chapter 12 Broadcast Storm Commands

C H A P T E R 12
Broadcast Storm Commands
Use these commands to limit the number of broadcast, multicast and destination lookup failure (DLF)
packets the Switch receives per second on the ports.

Note: Broadcast storm control implementation differs across Switch models.

• Some models use a single command (bmstorm-limit) to control the combined rate of broadcast,
multicast and DLF packets accepted on Switch ports.
• Other models use three separate commands (broadcast-limit, multicast-limit, dlf-limit) to
control the number of individual types of packets accepted on Switch ports.

See Section 12.2 on page 47 and Section 12.3 on page 47 for examples.

12.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 28 User-input Values: broadcast-limit, multicast-limit & dlf-limit

COMMAND DESCRIPTION
pkt/s Specifies the maximum number of packets per second accepted by a Switch
port.

The following section lists the commands for this feature.

Table 29 Command Summary: storm-control, bmstorm-limit, and bstorm-control

COMMAND DESCRIPTION M P
show interfaces config <port- Displays the current settings for broadcast storm control on E 3
list> bstorm-control the specified ports.

storm-control Enables broadcast storm control on the Switch. C 13

no storm-control Disables broadcast storm control on the Switch. C 13

interface port-channel <port- Enters subcommand mode for configuring the specified C 13
list> ports.

bmstorm-limit Enables broadcast storm control on the specified port(s). C 13

bmstorm-limit <rate> Specifies the maximum rate at which the Switch receives C 13
broadcast, multicast, and destination lookup failure (DLF)
packets on the specified port(s).

Different models support different rate limiting incremental

steps. See your User’s Guide for more information.
no bmstorm-limit Disables broadcast storm control on the specified port(s). C 13

Ethernet Switch CLI Reference Guide

46
Table 29 Command Summary: storm-control, bmstorm-limit, and bstorm-control (continued)
COMMAND DESCRIPTION M P
broadcast-limit Enables the broadcast packet limit on the specified C 13
port(s).
broadcast-limit <pkt/s> Specifies the maximum number of broadcast packets the C 13
Switch accepts per second on the specified port(s).

The Switch will generate a trap and/or log when the

actual rate is higher than the specified threshold.
no broadcast-limit Disables broadcast packet limit no the specified port(s). C 13

multicast-limit Enables the multicast packet limit on the specified port(s). C 13

multicast-limit <pkt/s> Specifies the maximum number of multicast packets the C 13

Switch accepts per second on the specified port(s).

The Switch will generate a trap and/or log when the

actual rate is higher than the specified threshold.
no multicast-limit Disables multicast packet limit on the specified port(s). C 13

dlf-limit Enables the DLF packet limit on the specified port(s). C 13

dlf-limit <pkt/s> Specifies the maximum number of DLF packets the Switch C 13
accepts per second on the specified port(s).
no dlf-limit Disables DLF packet limits no the specified port(s). C 13

12.2 Command Example: bmstorm-limit

This example enables broadcast storm control on port 1 and limits the combined maximum rate of
broadcast, multicast and DLF packets to 128 Kbps.

sysname# configure
sysname(config)# storm-control
sysname(config)# interface port-channel 1
sysname(config-interface)# bmstorm-limit
sysname(config-interface)# bmstorm-limit 128
sysname(config-interface)# exit
sysname(config)# exit

12.3 Command Example: broadcast-limit, multicast-limit

& dlf-limit
This example enables broadcast storm control on the Switch, and configures port 1 to accept up to:

• 128 broadcast packets per second,

• 256 multicast packets per second,

Ethernet Switch CLI Reference Guide

47
Chapter 12 Broadcast Storm Commands

• 64 DLF packets per second.

sysname# configure
sysname(config)# storm-control
sysname(config)# interface port-channel 1
sysname(config-interface)# broadcast-limit
sysname(config-interface)# broadcast-limit 128
sysname(config-interface)# multicast-limit
sysname(config-interface)# multicast-limit 256
sysname(config-interface)# dlf-limit
sysname(config-interface)# dlf-limit 64
sysname(config)# exit
sysname# show interfaces config 1 bstorm-control
Broadcast Storm Control Enabled: Yes

Port Broadcast|Enabled Multicast|Enabled DLF-Limit|Enabled

1 128 pkt/s|Yes 256 pkt/s|Yes 64 pkt/s|Yes

Ethernet Switch CLI Reference Guide

48
Chapter 13 CFM Commands

C H A P T E R 13
CFM Commands
Use these commands to configure the Connectivity Fault Management (CFM) on the Switch.

13.1 CFM Overview

The route between two users may go through aggregated switches, routers and/or DSLAMs owned by
independent organizations. A connectivity fault point generally takes time to discover and impacts
subscribers’ network access. IEEE 802.1ag is a Connectivity Fault Management (CFM) specification
which allows network administrators to identify and manage connection faults in order to ease
management and maintenance. Through discovery and verification of the path, CFM can detect and
analyze connectivity faults in bridged LANs.

The figure shown below is an example of a connection fault between switches in the service provider’s
network. CFM can be used to identify and management this kind of connection problem.

Figure 1 Connectivity Fault Example

CPE Service Provider Network CPE

13.1.1 How CFM Works

CFM sends pro-active Connectivity Check (CC) packets between two CFM-aware devices in the same
MD (Maintenance Domain) network. An MA (Maintenance Association) defines a VLAN and associated
ports on the device under an MD level. In this MA, a port can be an MEP (Maintenance End Point) port
or an MIP (Maintenance Intermediate Point) port.

Ethernet Switch CLI Reference Guide

49
Chapter 13 CFM Commands

•MEP port - has the ability to send pro-active connectivity check (CC) packets and get other MEP
port information from neighbor switches’ CC packets within an MA.
•MIP port - only forwards the CC packets.

CFM provides two tests to discover connectivity faults.

•Loopback test - similar to using “ping” in Microsoft DOS mode to check connectivity from your
computer to a host. In a loopback test, a MEP port sends a LBM (Loop Back Message) to a MIP port
and checks for an LBR (Loop Back Response). If no response is received, there might be a
connectivity fault between them.
•Link trace test - similar to using “tracert” in the Microsoft DOS mode to check connectivity from your
computer to a host. A link trace test provides additional connectivity fault analysis to get more
information on where the fault is. In a link trace test, a MEP port sends a LTM (Link Trace Message) to
a MIP port and checks for an LTR (Link Trace Response). If an MIP or MEP port does not respond to
the source MEP, this may indicate a fault. Administrators can take further action to check the fault
and resume services according to the line connectivity status report.

An example is shown next. A user cannot access the Internet. To check the problem, the administrator
starts the link trace test from A which is an MEP port to B which is also an MEP port. Each aggregation MIP
port between aggregated devices responds to the LTM packets and also forwards them to the next
port. A fault occurs at port C. A discovers the fault since it only gets the LTR packets from the ports
before port C.

Figure 2 MIP and MEP Example

A (port 2, MEP) C (port 17, MIP)

(port 18, MIP) B (port 8, MEP)

13.2 CFM Term Definition

This section lists the common term definition which appears in this chapter. Refer to User’s Guide for
more detailed information about CFM.

Table 30 CFM Term Definitions

TERM DESCRIPTION
CFM CFM (Connectivity Fault Management) is used to detect and analyze connectivity faults in
bridged LANs.
MD An MD (Maintenance Domain) is part of a network, where CFM can be done. The MD is
identified by a level number and contains both MEPs and MIPs. The Switch supports up to
eight MD levels (0 ~ 7) in a network. You can create multiple MDs on one MD level and
multiple MA groups in one MD.
MA An MA (Maintenance Association) is a group of MEPs and identified by a VLAN ID. One MA
should belong to one and only one MD group.
MEP An MEP (Maintenance End Point) port has the ability to send and reply to the CCMs, LBMs and
LTMs. It also gets other MEP port information from neighbor switches’ CCMs in an MA.
MIP An MIP (Maintenance Intermediate Point) port forwards the CCMs, LBMs, and LTMs and replies
the LBMs and LTMs by sending Loop Back Responses (LBRs) and Link Trace Responses (LTRs).

Ethernet Switch CLI Reference Guide

50
Chapter 13 CFM Commands

Table 30 CFM Term Definitions

TERM DESCRIPTION
Connectivity Connectivity Check (CC) enables an MEP port sending Connectivity Check Messages
Check (CCMs) periodically to other MEP ports. An MEP port collects CCMs to get other MEP
information within an MA.
Loop Back Test Loop Back Test (LBT) checks if an MEP port receives its LBR (Loop Back Response) from its
target after it sends the LBM (Loop Back Message). If no response is received, there might be a
connectivity fault between them.
Link Trace Test Link Trace Test (LTT) provides additional connectivity fault analysis to get more information on
where the fault is. In the link trace test, MIP ports also send LTR (Link Trace Response) to
response the source MEP port’s LTM (Link Trace Message). If an MIP or MEP port does not
respond to the source MEP, this may indicate a fault. Administrators can take further action to
check and resume services from the fault according to the line connectivity status report.

13.3 User Input Values

This section lists the common term definition appears in this chapter. Refer to User’s Guide for more
detailed information about CFM.

Table 31 CFM command user input values

USER INPUT DESCRIPTION
mep-id This is the maintenance endpoint identifier (1~8191).

ma-index This is the maintenance association (MA) index number (1~4294967295).

md-index This is the maintenance domain (MD) index number (1~4294967295).

mac-address This is the remote maintenance endpoint’s MAC address or a virtual MAC
address assigned to a port.

A Switch has one or two MAC addresses only. If you do not use virtual MAC
addresses with CFM, all CFM ports will use the Switch’s MAC address and
appear as one port. If you want unique CFM ports, you need to assign virtual
MAC addresses. If you use virtual MAC addresses, make sure that all virtual
MAC addresses are unique in both the Switch and the network to which it
belongs.

13.4 Command Summary

The following section lists the commands for this feature.

Table 32 CFM Command Summary

COMMAND DESCRIPTION M P
clear ethernet cfm linktrace Clears the link trace database. E 13

clear ethernet cfm mep-ccmdb Clears the MEP CCM database. E 13

clear ethernet cfm mip-ccmdb Clears the MIP CCM database. E 13

clear ethernet cfm mep-defects Clears the MEP-defects database. E 13

ethernet cfm Enables CFM on the Switch. C 13

Ethernet Switch CLI Reference Guide

51
Chapter 13 CFM Commands

Table 32 CFM Command Summary (continued)

COMMAND DESCRIPTION M P
ethernet cfm loopback remote-mep Specifies the remote MEP ID, local MEP ID, MA index E 13
<mep-id> mep <mep-id> ma <ma-index> and MD index to perform a loopback test.
md <md-index> [size <0-1500>][count This enables the MEP port (with the specified MEP ID)
<1-1024>] in a specified CFM domain to send the LBMs (Loop
Back Messages) to a specified remote end point.

You can also define the packet size (from 0 to 1500

bytes) and how many times the Switch sends the
LBMs.
ethernet cfm loopback mac <mac- Specifies the destination MAC address, local MEP ID, E 13
address> mep <mep-id> ma <ma-index> MA index and MD index to perform a loopback test.
md <md-index> [size <0-1500>][count This enables the MEP port (with the specified MEP ID)
<1-1024>] in a specified CFM domain to send the LBMs (Loop
Back Messages) to a specified remote end point.

You can also define the packet size (from 0 to 1500

bytes) and how many times the Switch sends the
LBMs.
ethernet cfm linktrace remote-mep Specifies the remote MEP ID, local MEP ID, MA index E 13
<mep-id> mep <mep-id> ma <ma-index> and MD index to perform a link trace test.
md <md-index> [mip-ccmdb][[ttl This enables the MEP port (with the specified MEP ID)
<ttl>] in a specified CFM domain to send the LTMs (Link
Trace Messages) to a specified remote end point.

mip-ccmdb: Specifies the MIP CCM DB, a database

that stores information (tuples of {Port, VID, MAC
address}) about MEPs in the MD when receiving
CCMs. The MIP CCM DB is used for fault isolation, such
as link trace and loop back. An entry can remains in
the MIP CCM DB for at least 24 hours.

ttl: This is the time-to-live value (the number of

transmissions, 64 hops by default). Sets this to stop a
test once it exceeds the time duration without
receiving any response.
ethernet cfm linktrace mac <mac- Specifies the destination MAC address, local MEP ID, E 13
address> mep <mep-id> ma <ma-index> MA index and MD index to perform a link trace test.
md <md-index> [mip-ccmdb][[ttl This enables the MEP port (with the specified MEP ID)
<ttl>] in a specified CFM domain to send the LTMs (Link
Trace Messages) to a specified remote end point.

mip-ccmdb: Specifies the MIP CCM DB, a database that

stores information (tuples of {Port, VID, MAC address})
about MEPs in the MD when receiving CCMs. The MIP
CCM DB is used for fault isolation, such as link trace and
loop back. An entry can remains in the MIP CCM DB for at
least 24 hours.

ttl: This is the time-to-live value (the number of

transmissions, 64 hops by default). Sets this to stop a
test once it exceeds the time duration without
receiving any response.

Ethernet Switch CLI Reference Guide

52
Chapter 13 CFM Commands

Table 32 CFM Command Summary (continued)

COMMAND DESCRIPTION M P
ethernet cfm ma <ma-index> format Creates an MA (Maintenance Association) and C 13
<vid|string|integer> name <ma-name> defines its VLAN ID under the MD. You can also define
md <md-index> primary-vlan <1-4094> the format which the Switch uses to send this MA
information in the domain (MD).

ma-name: Enters a VLAN ID, a descriptive name or a 2-

octet integer for the MA.

Note: If you set the format to vid, the VLAN ID

should be the same as the VLAN ID you
use to identify the MA.
cc-interval Sets how often an MEP sends a connectivity check C 13
<100ms|1s|10s|1min|10min> message (CCM).

mhf-creation < none | default | Sets MHF (MIP Half Function). C 13

explicit>
Select none and no MIP can be created
automatically for this MA.

Select default to automatically create MIPs for this

MA and on the ports belonging to this MA’s VLAN
when there are no lower configured MD levels or
there is an MEP at the next lower configured MD level
on the port.

Select explicit to automatically create MIPs for this

MA and on the ports belonging to this MA’s VLAN only
when there is an MEP at the next lower configured MD
level on the port.
id-permission < none | chassis Sets what’s to be included in the sender ID TLV (Type- C 13
| management | chassis- Length-Value) transmitted by CFM packets.
management> Select none to not include the sender ID TLV.

Select chassis to include the chassis information.

Select management to include the management

information.

Select chassis-management to include both chassis

and management information.
exit Exits from the config-ma mode. C 13

remote-mep <mep-id> Sets a remote MEP in an MA. C 13

mep <mep-id> interface port- Sets an MEP in an MA. C 13

channel <port> direction
up|down: The traffic direction.
<up|down> priority <0-7>
0-7: The priority value of the CCMs or LTMs transmitted
by the MEP. 1 is the lowest, then 2, 0 and 3 ~ 7.
mep <mep-id> interface port- Disables a specified MEP. C 13
channel <port> direction
<up|down> priority <0-7>
inactive
mep <mep-id> interface port- Enables Connectivity Check (CC) to allow an MEP C 13
channel <port> direction sending Connectivity Check Messages (CCMs)
<up|down> priority <0-7> cc- periodically to other MEPs.
enable
no remote-mep <mep-id> Deletes a specified destination MEP. C 13

Ethernet Switch CLI Reference Guide

53
Chapter 13 CFM Commands

Table 32 CFM Command Summary (continued)

COMMAND DESCRIPTION M P
no mep <mep-id> Deletes a specified MEP. C 13

no mep <mep-id> inactive Enables an MEP. C 13

no mep <mep-id> cc-enable Disallows an MEP sending Connectivity Check C 13

Messages (CCMs) periodically to other MEPs.
ethernet cfm md <md-index> format Creates an MD (Maintenance Domain) with the C 13
<dns|mac|string> name <md-name> specified name and level number.
level <0-7> md-name: Enters a domain name, MAC address or a
descriptive name for the MD.
ethernet cfm management-address- Sets the Switch to carry the host name and C 13
domain ip [<ip-addr>] management IP address for the VLAN to which an
MEP belongs or the specified IP address in CFM
packets.

This helps you to easily identify a remote MEP by its

host name and management IP address showed in
the link trace database and MEP-CCM database.
interface port-channel <port-list> Enters config-interface mode for configuring the C 13
specified port(s).
ethernet cfm virtual-mac <mac- Assigns a virtual MAC address(es) to the specified C 13
addr> port(s) so that each specified port can have its own
MAC address for CFM.

You cannot use the copy running-config

interface port-channel command to copy the
virtual MAC address from the specified port to other
ports.
no ethernet cfm virtual-mac Removes the virtual MAC address(es) and sets the C 13
port(s) to use the default system MAC address.
no ethernet cfm Disables CFM on the Switch. C 13

no ethernet cfm md <md-index> Deletes the specified MD. C 13

no ethernet cfm ma <ma-index> md Deletes an MA from the specified MD. C 13

<md-index>
no ethernet cfm management-address- Sets the Switch to not carry the host name and C 13
domain management IP address in CFM packets.

show ethernet cfm linktrace Displays the CFM link trace database information. E 13

show ethernet cfm local Displays the detailed settings of the configured MD(s) E 13
and MA(s).
show ethernet cfm local stack Displays a list of all maintenance points, such as MIP E 13
and MEP.
show ethernet cfm local stack mep Displays a list of the MEP(s). E 13

show ethernet cfm local stack mep Displays the specified MEP’s general, fault notification E 13
<mep-id> ma <ma-index> md <md- generator, continuity-check, loopback and link trace
index> information.

show ethernet cfm local stack mep Displays the specified MEP’s MEP-CCM database E 13
<mep-id> ma <ma-index> md <md- information. Each MEP maintains an MEP CCM
index> mep-ccmdb [remote-mep <mep- database which stores information about remote
id>] MEPs in the MA when receiving CCMs.

show ethernet cfm local stack mip Displays a list of the MIP(s). E 13

show ethernet cfm local stack mip Displays the MIP-CCM database. E 13
mip-ccmdb

Ethernet Switch CLI Reference Guide

54
Chapter 13 CFM Commands

Table 32 CFM Command Summary (continued)

COMMAND DESCRIPTION M P
show ethernet cfm remote Displays a list of MA(s), MEP(s) and the remote MEP(s) E 13
under the configured MD(s).
show ethernet cfm virtual-mac Displays all virtual MAC addresses. E 13

show ethernet cfm virtual-mac port Displays the MAC address(es) of the specified port(s). E 13
<port-list>

13.5 Command Examples

This example creates MD1 (with MD index 1 and level 1) and MA2 (with MA index 2 and VLAN ID 2) under
MD1 that defines a CFM domain.

sysname# config
sysname(config)# ethernet cfm md 1 format string name MD1 level 1
sysname(config)# ethernet cfm ma 2 format string name MA2 md 1 primary-
vlan 2
sysname(config-ma)# exit
sysname(config)# exit
sysname# write memory

Note: Remember to save new settings using the write memory command.

This example deletes MA2 (with MA index 2) from MD1 (with MD index 1).

sysname# config
sysname(config)# no ethernet cfm ma 2 md 1
sysname(config)# exit
sysname# write mem

This example creates MA3 (with MA index 3 and VLAN ID 123) under MD1, and associates port 1 as an
MEP port with MEP ID 301 in the specified CFM domain. This also sets MHF (MIP half function) to default to
have the Switch automatically create MIPs for this MA and on the ports belonging to this MA's VLAN
when there are no lower configured MD levels or there is a MEP at the next lower configured MD level
on the port. This also sets a remote MEP in MA3.

sysname# config
sysname(config)# ethernet cfm ma 3 format string name MA3 md 1 primary-vlan
123
sysname(config-ma)# mep 301 interface port-channel 1 direction up priority 2
sysname(config-ma)# mep 301 interface port-channel 1 direction up priority 2
cc-enable
sysname(config-ma)# mhf-creation default
sysname(config-ma)# remote-mep 117
sysname(config-ma)# exit
sysname(config)# exit
sysname# write mem

Ethernet Switch CLI Reference Guide

55
This example lists all CFM domains. In this example, only one MD (MD1) is configured. The MA3 with the
associated MEP port 1 is under this MD1.

sysname# show ethernet cfm local

MD Index: 1
MD Name: MD1(string)
MD Level: 1
MA Index: 3
MA Name: MA3(string)
Primary Vlan: 123
CC Interval: 1000 millisecond(s)
MHF Creation: default
ID Permission: none
MEP:301 (ACTIVE ) Port:1 Direction:DOWN Priority:5 CC-Enable:FALSE
sysname#

This example starts a loopback test and displays the test result on the console.

sysname# ethernet cfm loopback remote-mep 2 mep 1 ma 1 md 1

Sending 5 Ethernet CFM Loopback messages to remote-mepid 2, timeout is 5
seconds .....
sysname# Loopback: Successful
Success rate is 100 percent, round-trip min/avg/max = 0/0/0 ms
sysname#

This example displays all neighbors’ MEP port information in the MIP-CCM databases.

sysname# show ethernet cfm local stack mip mip-ccmdb

MIP CCM DB
Port VID Source Address Retained
---- ---- ----------------- ---------
2 1 00:19:cb:00:00:04 0 hr(s)
7 1 00:19:cb:00:00:06 0 hr(s)
sysname#

The following table describes the labels in this screen.

Table 33 show cfm-action mipccmdb

LABEL DESCRIPTION
Port Displays the number of the port on which this CCM was received.
VID Displays the MA VLAN ID of the last received CCM.
Source Address Displays the MAC address of the remote MEP.
Retained Displays how long an entry has been kept in the database.

Ethernet Switch CLI Reference Guide

56
Chapter 13 CFM Commands

This example assigns a virtual MAC address to port 3 and displays the MAC addresses of the ports 2 ~ 4.
The assigned virtual MAC address should be unique in both the Switch and the network to which it
belongs.

sysname# config
sysname(config)# interface port-channel 3
sysname(config-interface)# ethernet cfm virtual-mac 00:19:cb:12:34:56
sysname(config-interface)# exit
sysname(config)# exit
sysname# show ethernet cfm virtual-mac port 2-4
Virtual MACPort MAC
---- -----------------
2 00:19:cb:00:00:02
3 00:19:cb:12:34:56
4 00:19:cb:00:00:02
sysname#

This example sets the Switch to carry its host name and management IP address 192.168.100.1 in CFM
packets.

sysname# config
sysname(config)# ethernet cfm management-address-domain ip 192.168.100.1

This example shows remote MEP database information. The remote MEP has been configured to carry its
host name and a specified IP address in CFM packets.

sysnam# show ethernet cfm remote

MD Index: 1
MD Name: customer123(string)
MD Level: 2
MA Index: 1
MA Name: 123(vid)
Primary Vlan: 123
MEP: 11
Remote MEP ID: 1
MAC Address: 00:19:cb:6f:91:5a
Chassis Id: MGS-3712F
Management Address: 192.168.100.1:161
sysname#

Ethernet Switch CLI Reference Guide

57
Chapter 14 Classifier Commands

C H A P T E R 14
Classifier Commands
Use these commands to classify packets into traffic flows. After classifying traffic, policy commands
(Chapter 62 on page 235) can be used to ensure that a traffic flow gets the requested treatment in the
network.

14.1 Command Summary

The following section lists the commands for this feature.

Table 34 Command Summary: classifier

COMMAND DESCRIPTION M P
show classifier [<name>] Displays classifier configuration details. E 3

clear classifier match-count Removes the number of times all or the specified classifier rule is E 3
[<name>] applied.

Ethernet Switch CLI Reference Guide

58
Chapter 14 Classifier Commands

Table 34 Command Summary: classifier (continued)

COMMAND DESCRIPTION M P
classifier <name> < [weight Configures a classifier. Specify the parameters to identify the C 13
<0-65535> ][packet- format traffic flow:
<802.3untag|802.3tag| • weight: Enter the weight the priority of the Classifier rule
EtherIIuntag|EtherIItag>] when the match order is in manual mode. A higher weight
[priority <0-7>] [ inner- means a higher priority.
priority <0-7> ] [vlan • priority: Type 0 to classify traffic from any priority level or
type a priority level with 1 being the highest priority.
<vlan-id>] [ inner-vlan
• inner-priority: Type 0 to classify traffic from any inner priority
<vlan-id-list> ][ethernet- level or type a priority level with 1 being the highest priority.
type <ether- • vlan-id: Type 0 to classify traffic from any VLAN or type a specific
num|ip|ipx|arp|rarp|appletal VLAN ID number.
k|decnet|IPv6>] [source-mac • inner-vlan-id: Type 0 to classify traffic from any inner VLAN or
<src-mac-addr> [mask type a specific inner VLAN ID number.
<mask>]] [source-port <port- • ethernet-type: Enter one of the Ethernet types or type the
hexadecimal number that identifies an Ethernet type (see
list>] [ source-trunk Table 35 on page 60).
<trunk-list> ] [ • source-mac: Enter the source MAC address of the packet.
destination-port <port-list> • source-port: Enter any to classify traffic received on any port or
] [destination-mac <dest- type a specific port number.
mac-addr> [mask <mask>]] • source-trunk: Enter any to classify traffic from any trunk
[ip-packet-length <0-65535> group or type a specific trunk group ID number.
to <0-65525>] [dscp <0-63>] • destination-port: Enter any to classify traffic to any
destination port or type a specific port number.
[precedence <0-7>] [tos <0- • destination-mac: Enter the destination MAC address of
255>] [ipv6-dscp <0-63>] the packet.
[ip-protocol <protocol- • ip-protocol: Enter one of the protocols or type the port
num|tcp|udp|icmp|egp| number that identifies the protocol (see Table 36 on page
60).
ospf|rsvp|igmp|igp|pim|ipsec
• mask: type the mask for the specified MAC address to
> [establish-only]][ipv6- determine which bits a packet’s MAC address should
next-header <protocol- match. Enter “f” for each bit of the specified MAC address
num|tcp|udp|icmpv6> that the traffic’s MAC address should match. Enter “0” for
the bit(s) of the matched traffic’s MAC address, which can
[establish-only]][source-ip be of any hexadecimal character(s). For example, if you set
<src-ip-addr> [mask-bits the MAC address to 00:13:49:00:00:00 and the mask to
<mask-bits>]] [ipv6-source- ff:ff:ff:00:00:00, a packet with a MAC address of
00:13:49:12:34:56 matches this criteria.
ip <src-ipv6-addr> [prefix- • tos: Enter any to classify traffic from any ToS, or set an IP
length <prefix-length>] ] Precedence (the first 3 bits of the 8-bit ToS field) value and a
[source-socket <socket-num> Type of Service (the last 5 bits of the 8-bit ToS field) value.
[to <socket-num>] ]] • establish-only: Enter this to identify only TCP packets
used to establish TCP connections.
[destination-ip <dest-ip-
• source-ip: Enter the source IPv4 address of the packet.
addr> [mask-bits <mask-
• ipv6-source-ip: Enter the source IPv6 address of the
bits>]] [ipv6-destination-ip packet.
<dest-ipv6-addr> [prefix- • source-socket: (for UDP or TCP protocols only) Specify the
length <prefix-length>] ] protocol port number.
[destination-socket <socket- • destination-ip: Enter the destination IPv4 address of the
num> [to <socket-num>] ]] packet.
[time-range <name>] [log] • ipv6-destination-ip: Enter the destination IPv6 address
of the packet.
[count] [inactive]>
• destination-socket: (for UDP or TCP protocols only)
specify the protocol port number.
• time-range: Enter the name of a pre-defined time-range
rule.
• inactive: Disables this classifier.
no classifier <name> Deletes the classifier. C 13

If you delete a classifier you cannot use policy rule related

information.
no classifier <name> Enables a classifier. C 13
inactive

Ethernet Switch CLI Reference Guide

59
Table 34 Command Summary: classifier (continued)
COMMAND DESCRIPTION M P
classifier match-order Use manual to have classifier rules applied according to the C 13
<auto|manual> weight of each rule you configured. Use auto to have classifier
rules applied according to the layer of the item configured in
the rule.
classifier logging Creates a log when packets match a classifier rule during a C 13
defined time interval.
classifier logging interval Enter the length of the time period (in seconds) to count C 13
<0-65535> matched packets for a classifier rule. Enter an integer from 0-
65535. 0 means that no logging is done.
no classifier logging Disallows the Switch to create a log message when packets C 13
match a classifier rule during a defined time interval.

The following table shows some other common Ethernet types and the corresponding protocol number.

Table 35 Common Ethernet Types and Protocol Number

ETHERNET TYPE PROTOCOL NUMBER
IP ETHII 0800
X.75 Internet 0801
NBS Internet 0802
ECMA Internet 0803
Chaosnet 0804
X.25 Level 3 0805
XNS Compat 0807
Banyan Systems 0BAD
BBN Simnet 5208
IBM SNA 80D5
AppleTalk AARP 80F3

In an IPv4 packet header, the “Protocol” field identifies the next level protocol. The following table
shows some common IPv4 protocol types and the corresponding protocol number. Refer to http://
www.iana.org/assignments/protocol-numbers for a complete list.

Table 36 Common IPv4Protocol Types and Protocol Numbers

PROTOCOL TYPE PROTOCOL NUMBER
ICMP 1
TCP 6
UDP 17
EGP 8
L2TP 115

Ethernet Switch CLI Reference Guide

60
Chapter 14 Classifier Commands

14.2 Command Examples

This example creates a classifier for packets with a VLAN ID of 3. The resulting traffic flow is identified by
the name VLAN3. The policy command can use the name VLAN3 to apply policy rules to this traffic
flow. See the policy example in Chapter 62 on page 235.

sysname# config
sysname(config)# classifier VLAN3 vlan 3
sysname(config)# exit
sysname# show classifier
Index Active Name Rule
1 Yes VLAN3 VLAN = 3;

This example creates a classifier (Class1) for packets which have a source MAC address of
11:22:33:45:67:89 and are received on port 1. You can then use the policy command and the name
Class1 to apply policy rules to this traffic flow. See the policy example in Chapter 62 on page 235.

sysname# config
sysname(config)# classifier Class1 source-mac 11:22:33:45:67:89 source-port
1
sysname(config)# exit
sysname# show classifier
Index Active Name Rule
1 Yes Class1 SrcMac = 11:22:33:45:67:89; S...

The default value of match-order is auto. Use the following command to make weight work by
changing the default value of match-order to manual and configuring a classifier weight value where
the higher the weight, the higher the priority.

sysname# config
sysname(config)#classifier match-order manual
sysname(config)#classifier 1 weight 12345 source-port 1/1

Ethernet Switch CLI Reference Guide

61
Chapter 15 Cluster Commands

C H A P T E R 15
Cluster Commands
Use these commands to configure cluster management.

15.1 Command Summary

The following section lists the commands for this feature.

Table 37 cluster Command Summary

COMMAND DESCRIPTION M P
show cluster Displays cluster management status. E 3

cluster <vlan-id> Enables clustering in the specified VLAN group. C 13

no cluster Disables cluster management on the Switch. C 13

cluster name <cluster name> Sets a descriptive name for the cluster. C 13

<cluster name>: You may use up to 32 printable

characters (spaces are allowed).
show cluster candidates Displays the switches that are potential cluster members. E 3
The switches must be directly connected.
cluster member <mac> password Adds the specified device to the cluster. You have to C 13
<password> specify the password of the device too.

show cluster member Displays the cluster member(s) and their running status. E 3

show cluster member config Displays the current cluster member(s). E 3

show cluster member mac <mac> Displays the running status of the cluster member(s). E 3

cluster rcommand <mac> Logs into the CLI of the specified cluster member. C 13

no cluster member <mac> Removes the cluster member. C 13

Ethernet Switch CLI Reference Guide

62
15.2 Command Examples
This example creates the cluster CManage in VLAN 1. Then, it looks at the current list of candidates for
membership in this cluster and adds two switches to cluster.

sysname# configure
sysname(config)# cluster 1
sysname(config)# cluster name CManage
sysname(config)# exit
sysname# show cluster candidates
Clustering Candidates:
Index Candidates(MAC/HostName/Model)
0 00:13:49:00:00:01/ES-2108PWR/ES-2108PWR
1 00:13:49:00:00:02/GS-3012/GS-3012
2 00:19:cb:00:00:02/ES-3124/ES-3124
sysname# configure
sysname(config)# cluster member 00:13:49:00:00:01 password 1234
sysname(config)# cluster member 00:13:49:00:00:02 password 1234
sysname(config)# exit
sysname# show cluster member
Clustering member status:
Index MACAddr Name Status
1 00:13:49:00:00:01 ES-2108PWR Online
2 00:13:49:00:00:02 GS-3012 Online

The following table describes the labels in this screen.

Table 38 show cluster member

LABEL DESCRIPTION
Index This field displays an entry number for each member.
MACAddr This field displays the member’s MAC address.
Name This field displays the member’s system name.
Status This field displays the current status of the member in the cluster.

Online: The member is accessible.

Error: The member is connected but not accessible. For example, the member’s
password has changed, or the member was set as the manager and so left the
member list. This status also appears while the Switch finishes adding a new member to
the cluster.

Offline: The member is disconnected. It takes approximately 1.5 minutes after the link
goes down for this status to appear.

Ethernet Switch CLI Reference Guide

63
Chapter 15 Cluster Commands

This example logs in to the CLI of member 00:13:49:00:00:01, looks at the current firmware version on the
member Switch, logs out of the member’s CLI, and returns to the CLI of the manager.

sysname# configure
sysname(config)# cluster rcommand 00:13:49:00:00:01
Connected to 127.0.0.2
Escape character is '^]'.

User name: admin

Password: ****
Copyright (c) 1994 - 2007 ZyXEL Communications Corp.

ES-2108PWR# show version

Current ZyNOS version: V3.80(ABS.0)b2 | 05/28/2007
ES-2108PWR# exit
Telnet session with remote host terminated.

Closed
sysname(config)#

This example looks at the current status of the Switch’s cluster.

sysname# show cluster

Cluster Status: Manager
VID: 1
Manager: 00:13:49:ae:fb:7a

The following table describes the labels in this screen.

Table 39 show cluster

LABEL DESCRIPTION
Cluster Status This field displays the role of this Switch within the cluster.

Manager: This Switch is the device through which you manage the cluster member
switches.

Member: This Switch is managed by the specified manager.

None: This Switch is not in a cluster.

VID This field displays the VLAN ID used by the cluster.
Manager This field displays the cluster manager’s MAC address.

Ethernet Switch CLI Reference Guide

64
Chapter 16 CLV Commands

C H A P T E R 16
CLV Commands
Use these commands to configure VLAN settings on the Switch in clv mode. In Zyxel configuration mode,
you need to use the VLAN commands to configure a VLAN first, then specify the port(s) which you want
to configure and tag all outgoing frames with the specified VLAN ID. In clv mode, you need to specify
the port(s) first, then configure frames which you want to tag with the specified VLAN ID.

16.1 Command Summary

The following section lists the commands for this feature. There are three different ways that you can
configure ports on the Switch. Use Access mode to untag outgoing frames; usually connect a port in
Access mode to a computer. Use Trunk mode to tag outgoing frames; usually connect a port in Trunk
mode to another Switch. Use Hybrid mode to tag or untag outgoing frames; usually connect a port in
Hybrid mode to another Switch or computer.

Suppose port 1 is configured as a native VLAN with VLAN ID 100. Then all untagged incoming traffic that
goes out from port 1 will be tagged with VLAN ID 100.

Suppose port 2 is configured in Access mode. Then all outgoing traffic from port 2 will be untagged.

Suppose port 3 is configured in Trunk mode. Then all outgoing traffic from port 3 will be tagged with
VLAN ID 100.

Ethernet Switch CLI Reference Guide

65
Chapter 16 CLV Commands

Figure 3 Trunk - Access Mode Example

Table 40 vlan Command Summary

COMMAND DESCRIPTION M P
show vlan Displays the status of all VLANs. E 3

show vlan <vlan-id> Displays the status of the specified VLAN. E 3

Table 41 clv Command Summary

COMMAND DESCRIPTION M P
clv Enables clv mode. C 13

no clv Disables clv mode. C 13

Table 42 switchport mode Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
switchport mode Specifies VLAN configuration mode on the specified C 13
<access|trunk|hybrid> port(s).

• Use Access to untag outgoing frames with a VLAN ID.

• Use Trunk to tag outgoing frames with a VLAN ID.
• Use Hybrid to tag or untag outgoing frames with a
VLAN ID.
no switchport mode Resets VLAN configuration mode to the default switchport C 13
mode. The default switchport mode is hybrid mode.

Ethernet Switch CLI Reference Guide

66
Chapter 16 CLV Commands

Table 43 switchport access Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
switchport mode access Sets the specified interface in access mode. C 13

switchport access <vlan-id> Untags all outgoing frames with the specified VLAN ID. C 13

no switchport access vlan Resets all outgoing frames to the default VLAN ID. The C 13
default VLAN ID is VLAN 1.

Table 44 switchport trunk Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
switchport mode trunk Sets the specified interface in trunk mode. C 13

switchport trunk allowed Tags all outgoing frames with the specified VLAN ID. C 13
vlan <vlan-list>
no switchport trunk allowed Disables the specified VLAN trunk on the port(s). C 13
vlan <vlan-list>
switchport trunk allowed Tags all outgoing frames for all VLANs. C 13
vlan all
no switchport trunk allowed Disables all VLAN trunks on the port(s). C 13
vlan all
switchport trunk native vlan Tags all incoming untagged frames with the specified C 13
<vlan-id> VLAN ID. The default VLAN ID is VLAN 1 for all ports. Sets a
VLAN ID in the range 1 to 4094.
no switchport trunk native Resets all incoming untagged frames to the default VLAN C 13
vlan ID. The default VLAN ID is VLAN 1.

Table 45 switchport hybrid Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
switchport mode hybrid Sets the specified interface in hybrid mode. C 13

switchport hybrid allowed Tags all outgoing frames with the specified VLAN ID. C 13
vlan <vlan-list> tagged
switchport hybrid allowed Untags all outgoing frames with the specified VLAN ID. C 13
vlan <vlan-list> untagged
no switchport hybrid allowed Disables the specified VLAN ID on the port(s). C 13
vlan <vlan-list>
switchport hybrid pvid Tags all incoming untagged frames with the specified C 13
<vlan-id> VLAN ID.

no switchport hybrid pvid Resets all incoming untagged frames to the default VLAN C 13
<vlan-id> ID. The default VLAN ID is VLAN 1.

Ethernet Switch CLI Reference Guide

67
Chapter 16 CLV Commands

Table 46 switchport forbidden Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
switchport forbidden vlan Prohibits the specified port(s) from joining the specified C 13
add <vlan-list> VLAN group.

switchport forbidden vlan Prohibits the specified port(s) from joining all VLAN groups. C 13
add all
switchport forbidden vlan Sets forbidden port(s) in the specified VLAN to normal C 13
remove <vlan-list> port(s).

switchport forbidden vlan Sets all forbidden port(s) in the port list to normal port(s). C 13
remove all

16.2 Command Examples

This example configures clv mode.

sysname# config
sysname(config)# clv

Note: The following commands all have clv mode enabled.

This example configures clv for VLAN 20 on port 1.

sysname# config
sysname(config)# interface port-channel 1
sysname(config-interface)# switchport mode access
sysname(config-interface)# switchport access vlan 20
sysname(config-interface)# exit

This example activates clv for VLAN 100 and VLAN 20 on ports 1 to 3. This example prohibits ports 1 to 3
from joining VLAN 200.

sysname# config
sysname(config)# interface port-channel 1-3
sysname(config-interface)# switchport mode trunk
sysname(config-interface)# switchport trunk allowed vlan 100
sysname(config-interface)# switchport trunk native vlan 20
sysname(config-interface)# switchport forbidden vlan add 200
sysname(config-interface)# exit

Ethernet Switch CLI Reference Guide

68
This example configures port 4 as the tagged port in VLAN 20 and the untagged port in VLAN 100. This
example also configures 200 as the PVID on port 4.

sysname# config
sysname(config)# interface port-channel 4
sysname(config-interface)# switchport mode hybrid
sysname(config-interface)# switchport hybrid allowed vlan 20 tagged
sysname(config-interface)# switchport hybrid allowed vlan 100 untagged
sysname(config-interface)# switchport hybrid pvid 200
sysname(config-interface)# exit

This example shows the VLAN table.

sysname# show vlan

The Number of VLAN : 4
Idx. VID Status Elap-Time TagCtl
---- ---- --------- ----------- ----------------------------------
---

1 1 Static 145:03:37 Access :1-3,6-52

Trunk :

2 20 Static 1:47:09 Access :

Trunk :4

3 100 Static 26:04:36 Access :4

Trunk :1-3

4 200 Static 2:01:54 Access :

Trunk :

The following table describes the labels in this screen.

Table 47 show vlan

LABEL DESCRIPTION
The Number of VLAN This field displays the number of VLANs on the Switch.
Idx. This field displays an entry number for each VLAN.
VID This field displays the VLAN identification number.
Status This field displays how this VLAN was added to the Switch.

Dynamic: The VLAN was added via GVRP.

Static: The VLAN was added as a permanent entry

Other: The VLAN was added in another way, such as Multicast VLAN Registration
(MVR).
Elap-Time This field displays how long it has been since a dynamic VLAN was registered or a static
VLAN was set up.
TagCtl This field displays untagged and tagged ports.

Access: These ports do not tag outgoing frames with the VLAN ID.

Trunk: These ports tag outgoing frames with the VLAN ID.

Ethernet Switch CLI Reference Guide

69
Chapter 16 CLV Commands

This example shows the VLAN 100 status.

sysname# show vlan 100

802.1Q VLAN ID : 100
Name :
Status : Static
Elapsed Time : 26:05:15

Port Information Mode

---------------- ----
1 Trunk
2 Trunk
3 Trunk
4 Hybrid

Ethernet Switch CLI Reference Guide

70
Chapter 17 Custom Default Commands

C H A P T E R 17
Custom Default Commands
Use these commands to use custom default on the Switch.

17.1 Custom Default Overview

You can save the current configuration settings to a customized default file, so you can load it when
you reboot the Switch.

Note: For the GS2210 Series, when the custom default feature is enabled, Config 2 can’t be
used.

17.2 Command Summary

The following section lists the commands for this feature.

Table 48 custom-default Command Summary

COMMAND DESCRIPTION M P
custom-default Enables custom default. C 14

no custom-default Disables custom default. C 14

See Chapter 74 on page 274 for the commands to save the current configuration settings permanently
to a customized default file, and load it when rebooting the Switch.

17.3 Command Examples

See Section 3.7 on page 22 for an example of how to configure custom default on the Switch.

Ethernet Switch CLI Reference Guide

71
C H A P T E R 18
Date and Time Commands
Use these commands to configure the date and time on the Switch.

18.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 49 time User-input Values

COMMAND DESCRIPTION
week Possible values (daylight-saving-time commands only): first, second, third, fourth,
last.
day Possible values (daylight-saving-time commands only): Sunday, Monday, Tuesday, ....

month Possible values (daylight-saving-time commands only): January, February, March, ....

o’clock Possible values (daylight-saving-time commands only): 0-23

The following section lists the commands for this feature.

Table 50 time Command Summary

COMMAND DESCRIPTION M P
show time Displays current system time and date. E 3

time <hour:min:sec> Sets the current time on the Switch. C 13

hour: 0-23

min: 0-59

sec: 0-59

Note: If you configure Daylight Saving Time after

you configure the time, the Switch will apply
Daylight Saving Time.
time date <month/day/year> Sets the current date on the Switch. C 13

month: 1-12

day: 1-31

year: 1970-2037
time timezone <-1200|...|1200> Selects the time difference between UTC (formerly known C 13
as GMT) and your time zone.
time daylight-saving-time Enables daylight saving time. The current time is updated if C 13
daylight saving time has started.

Ethernet Switch CLI Reference Guide

72
Chapter 18 Date and Time Commands

Table 50 time Command Summary (continued)

COMMAND DESCRIPTION M P
time daylight-saving-time start- Sets the day and time when Daylight Saving Time starts. C 13
date <week> <day> <month>
In most parts of the United States, Daylight Saving Time
<o’clock> starts on the second Sunday of March at 2 A.M. local time.
In the European Union, Daylight Saving Time starts on the
last Sunday of March at 1 A.M. GMT or UTC, so the
o’clock field depends on your time zone.
time daylight-saving-time end- Sets the day and time when Daylight Saving Time ends. C 13
date <week> <day> <month>
In most parts of the United States, Daylight Saving Time
<o’clock> ends on the first Sunday of November at 2 A.M. local time.
In the European Union, Daylight Saving Time ends on the
last Sunday of October at 1 A.M. GMT or UTC, so the
o’clock field depends on your time zone.
no time daylight-saving-time Disables daylight saving on the Switch. C 13

time daylight-saving-time help Provides more information about the specified command. C 13

Table 51 timesync Command Summary

COMMAND DESCRIPTION M P
show timesync Displays time server information. E 3

timesync server <ip|domain name> Sets the IP address or domain name of the timeserver. The C 13
Switch attempts to connect to the timeserver for up to 60
seconds.

The Switch synchronizes with the time server in the

following situations:

• When the Switch starts up.

• Every 24 hours after the Switch starts up.
• When the time server IP address or protocol is
updated.
timesync <daytime|time|ntp> Sets the time server protocol. You have to configure a time C 13
server before you can specify the protocol.
no timesync Disables timeserver settings. C 13

18.2 Command Examples

This example sets the current date, current time, time zone, and daylight savings time.

sysname# configure
sysname(config)# time date 06/04/2007
sysname(config)# time timezone -600
sysname(config)# time daylight-saving-time
sysname(config)# time daylight-saving-time start-date second Sunday
--> March 2
sysname(config)# time daylight-saving-time end-date first Sunday
--> November 2
sysname(config)# time 13:24:00
sysname(config)# exit
sysname# show time
Current Time 13:24:03 (UTC-05:00 DST)
Current Date 2007-06-04

Ethernet Switch CLI Reference Guide

73
Chapter 18 Date and Time Commands

This example looks at the current time server settings.

sysname# show timesync

Time Configuration
-----------------------------
Time Zone :UTC -600
Time Sync Mode :USE_DAYTIME
Time Server IP Address :172.16.37.10

Time Server Sync Status:CONNECTING

The following table describes the labels in this screen.

Table 52 show timesync

LABEL DESCRIPTION
Time Zone This field displays the time zone.
Time Sync Mode This field displays the time server protocol the Switch uses. It displays NO_TIMESERVICE if
the time server is disabled.
Time Server IP Address This field displays the IP address of the time server.
Time Server Sync Status This field displays the status of the connection with the time server.

NONE: The time server is disabled.

CONNECTING: The Switch is trying to connect with the specified time server.

OK: Synchronize with time server done.

FAIL: Synchronize with time server fail.

Ethernet Switch CLI Reference Guide

74
Chapter 19 Data Center Bridging Commands

C H A P T E R 19
Data Center Bridging
Commands
At the time of writing, data center bridging can only be configured using commands on the Switch.

19.1 Overview
A traditional Ethernet network is best-effort, that is, frames may be dropped due to network congestion.
FCoE (Fiber Channel over Ethernet) transparently encapsulates fiber channel traffic into Ethernet, so
that you don’t need separate fiber channel and Ethernet switches.

Data Center Bridging (DCB) enhances Ethernet technology to adapt to the FCoE. It supports lossless
Ethernet traffic (no frames discarded when there is network congestion) and can allocate bandwidth
for different traffic classes, based on IEEE802.1p priority with a guaranteed minimum bandwidth. LAN
traffic (large number of flows and not latency-sensitive), SAN traffic (Storage Area Network, large
packet sizes and requires lossless performance), and IPC traffic (Inter-Process Communication, latency-
sensitive messages) can share the same physical connection while still having their own priority and
guaranteed minimum bandwidth.

You should configure DCB on any port that has both Ethernet and fiber channel traffic.

19.1.1 PFC, ETS, and DCBX Standards

DCB may use PFC, ETS, application priority and DCBX to adapt to the FCoE.

• PFC (Priority-based Flow Control, IEEE 802.1Qbb -2011) is a flow control mechanism that uses a PAUSE
frame to suspend traffic of a certain priority rather than drop it when there is network congestion
(lossless). If an outgoing (egress) port buffer is almost full, the Switch transmits a PAUSE frame to the
sender who just transmitted traffic requesting it to stop sending traffic of a certain priority to that port.
For example, say outgoing port 8 is receiving too much traffic of priorities 3-6 from port 1. Then if port 1
is configured with PFC priorities 3-6, port 1 can request the sender to suspend traffic with priorities 3-6.
Similarly, if the outgoing (egress) port 8 receives a PAUSE frame with PFC priorities 0-1, then if port 8 is
configured with PFC, it can suspend sending traffic with PFC priorities 0-1.
• ETS (Enhanced Transmission Selection, IEEE 802.1Qaz -2011) is used to allocate bandwidth for different
traffic classes, based on IEEE802.1p priority (0 to 7, allowing for eight types of traffic) with a
guaranteed minimum bandwidth.
• Application priority is used to globally assign a priority to all FCoE traffic on the Switch.

Ethernet Switch CLI Reference Guide

75
Chapter 19 Data Center Bridging Commands

• DCBX (Data Center Bridging capability eXchange, IEEE 802.1Qaz -2011) uses LLDP (Link Layer
Discovery Protocol) to advertize PFC, ETS and application priority information between switches. PFC
information should be consistent between connected switches, so PFC can be configured
automatically using DCBX.

The following table describes user-input values available in multiple commands for this feature.

Table 53 dcb User-input Values

COMMAND DESCRIPTION
<priority-list> Possible values range from 0 to 7.
<port-list> Possible values range from 1 to the number of ports on your Switch.
<id> Possible values for traffic class ID range from 1 to 100. 0 is a default traffic class and
cannot be modified or deleted.
<tc-idN> The traffic class ID for priority N (0 to 7). The traffic class ID range is from 1 to 100.
<name> Up to 32 printable ASCII characters. Names with spaces must be enclosed in quotes. For
example, “My Class”.
<weight> Possible values range from 1 to 127 for unicast or multicast weights.

Possible values range from 1 to 100 for WFQ traffic class weight.

19.2 Command Summary

This section shows the commands and examples for PFC, ETS, Application Priority and DCBX.

19.2.1 PFC
PFC should be configured the same on connected switch ports. If DCBX is used, then one switch port
must be configured to accept network configuration from the peer switch port (auto). If both switch
ports are configured to accept configuration (auto on both switch ports), then the configuration of the
switch port with the lowest MAC address hex value sum is used.

The following table lists the commands for this feature.

Table 54 priority-flow-control Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port-list> Enters config-interface mode for the specified port(s). C 13

priority-flow-control Enables PFC on the specified port(s). C 13

no priority-flow-control Disables PFC on the specified port(s). C 13

priority-flow-control auto Sets the port to accept PFC configuration from the C 13
connected Switch port.
priority-flow-control priority Sets the priority value(s) on the specified port(s). C 13
<priority-list>
no priority-flow-control Clears the priority value(s) on the specified port(s). C 13
priority
show priority-flow-control Displays PFC settings. E 3

Ethernet Switch CLI Reference Guide

76
Chapter 19 Data Center Bridging Commands

Table 54 priority-flow-control Command Summary (continued)

COMMAND DESCRIPTION M P
show priority-flow-control Displays PFC statistics on the specified port(s). E 3
statistics interface port-channel
<port-list>
clear priority-flow-control Clears PFC statistics on the specified port(s). E 13
statistics interface port-channel
<port-list>

19.2.2 PFC Command Examples

In the following example, PFC on switch A, port 1, is set to auto, so that it can accept the priority
configuration from the peer switch B. If switch A did not receive PFC PDU from switch B, then priority 2,
will be used by switch A.

switchA# configure
switchA(config)# interface port-channel 1
switchA(config-interface)# priority-flow-control auto
switchA(config-interface)# priority-flow-control priority 2

switchB# configure
switchB(config)# interface port-channel 1
switchB(config-interface)# priority-flow-control
switchB(config-interface)# priority-flow-control priority 3-5

Use the show command to see the PFC configuration. Operation-Priority shows whether switch A is using
switch B’s configured priorities or not.

In the following example, Switch A is using Switch B’s configured priorities.

switchA# show priority-flow-control

Port Admin Operation Admin-Priority Operation-Priority
--------------------------------------------------------------------
1 Auto On 2 3-5

In the following example, Switch A is NOT using Switch B’s configured priorities.

switchA# show priority-flow-control

Port Admin Operation Admin-Priority Operation-Priority
--------------------------------------------------------------------
1 Auto On 2 2

Ethernet Switch CLI Reference Guide

77
Chapter 19 Data Center Bridging Commands

This is an example showing how many pause frames of certain priorities were temporarily stopped
(transmitted or received) on port 1.

sysname# show priority-flow-control statistics interface port-channel 1

Port Number: 1
PFC Tx
Priority 0: 0
Priority 1: 0
Priority 2: 0
Priority 3: 0
Priority 4: 0
Priority 5: 0
Priority 6: 0
Priority 7: 0
PFC Rx
Priority 0: 0
Priority 1: 0
Priority 2: 0
Priority 3: 0
Priority 4: 0
Priority 5: 0
Priority 6: 0
Priority 7: 0

sysname#

19.2.3 ETS
An IEEE 802.1p priority is assigned to a traffic class with guaranteed minimum bandwidth. A traffic class
can use SP (Strict Priority) or WFQ (Weighted Fair Queue) queuing method. Available link bandwidth is
reserved first for SP traffic. The guaranteed minimum bandwidth for non-SP traffic (WFQ) is its weight
value by remaining available bandwidth. If a non-strict-priority-traffic-class does not consume its
allocated bandwidth, other non-strict-priority-traffic-classes can share the unused bandwidth according
to the weight ratio.

19.2.3.1 Notes on ETS

• Priority 0 does not mean the highest or lowest priority. Priority level of importance is mapped to a
queue level (with queue level 0, the lowest importance).
• You don’t automatically configure ETS using DCBX negotiation. ETS is configured manually on each
Switch.
• All priorities are mapped to traffic class ID 0 by default.
• The default traffic class (named Default) has ID 0, and is an SP traffic-class. It cannot be modified or
deleted.
• You can create up to 100 traffic class profiles, with ID from 1 to 100.
• The weight range of WFQ traffic-class can be from 1 to 100.
• Bandwidth can also be prioritized depending on whether traffic is unicast traffic or non-unicast
(broadcast, multicast, DLF) traffic. For example, 100:50 means twice as much unicast traffic to non-
unicast traffic is allowed when there is network congestion. The weight ranges of unicast and non-
unicast traffic can be from 1 to 127.

Ethernet Switch CLI Reference Guide

78
Chapter 19 Data Center Bridging Commands

The following table lists the commands for this feature.

Table 55 ets Command Summary

COMMAND DESCRIPTION M P
traffic-class <id> scheduler <sp | Creates a WFQ or SP traffic class with ID, weight and C 13
ets <weight>> [name <name>] (optional) name.

no traffic-class <id> Deletes the SP/WFQ traffic class with specified ID. C 13

show traffic-class Shows a summary of traffic class(es) created on the E 3

Switch.
interface port-channel <port-list> Enters config-interface mode for the specified port(s). C 13

ets Enable Enhanced Transmission Selection (ETS) queuing C 13

method. See Chapter 69 on page 257 for other
queuing methods.
ets traffic-class binding <tc- Binds priorities to a traffic class(es) on the specified C 13
id0> <tc-id1> <tc-id2> <tc-id3> port(s).
<tc-id4> <tc-id5> <tc-id6> <tc-
id7>
no ets traffic-class binding Resets traffic class binding priorities to default settings C 13
on the specified port(s).
unicast-nonunicast-weight Sets the unicast to non-unicast traffic weight ratio on C 13
<weight> <weight> the specified port(s).

19.2.4 ETS Command Example 1

This is an example where the non-editable default traffic class, ID 0, uses SP queuing. LAN and SAN traffic
uses WFQ queuing with equal weighting of 50 each.

Table 56 ETS Example Traffic Classes

TRAFFIC CLASS ID GUARANTEED BANDWIDTH NAME
0 SP Default
1 50 SAN
2 50 LAN

The guaranteed minimum bandwidth for both SAN and LAN traffic is 2.5Gbps with a link bandwidth of
10Gbps.

Table 57 ETS Example Traffic Bandwidths

NAME INCOMING TRAFFIC GUARANTEED OUTGOING TRAFFIC

BANDWIDTH (GBPS) MINIMUM BANDWIDTH BANDWIDTH (GBPS)
Default 5 5 (SP) 5
SAN 3 (10-5) * (50/(50+50)) = 2.5 2.5
LAN 4 (10-5) * (50/(50+50)) = 2.5 2.5

Create and name traffic class IDs, with weights for the non-SP traffic type.

sysname# configure
sysname(config)# traffic-class 1 scheduler ets 50 name LAN
sysname(config)# traffic-class 2 scheduler ets 50 name SAN

Ethernet Switch CLI Reference Guide

79
This command shows traffic class.

switch# show traffic-class

Traffic Class Profile Configuration:

Traffic Class ID Scheduler Weight Name

---------------- --------- ------ -------------------------------
0 sp - Default
1 ets 50 LAN
2 ets 50 SAN

Next, configure a port for traffic class(es) and bind priorities to traffic classes on a port. In the next
example, we configure port 1 and bind priorities 0, 1 and 2 to traffic class 2 (LAN), 3, 4, 5 and 6 to class 1
(SAN) and 7 to class 0, the default traffic class.

Table 58 ETS Example Priority Traffic Class ID Mapping

PRIORITY TRAFFIC CLASS ID NAME
0 2 LAN
1 2 LAN
2 2 LAN
3 1 SAN
4 1 SAN
5 1 SAN
6 1 SAN
7 0 Default

sysname(config)# interface port-channel 1

sysname(config-interface)# ets
sysname(config-interface)# ets traffic-class binding 2 2 2 1 1 1 1 0
sysname(config-interface)# unicast-nonunicast-weight 100 100
sysname(config-interface)# exit

19.2.5 Application Priority

Use the application priority command to assign a priority to all FCoE traffic on a switch.

The following table lists the commands for this feature.

Table 59 application priority Command Summary

COMMAND DESCRIPTION M P
lldp dcbx application <ether- Assigns the specified priority value to all FCoE traffic C 13
type><fcoe> priority <0-7> on the Switch.

no lldp dcbx application <ether- Clears priority value for all FCoE traffic on the Switch. C 13
type > <fcoe>

19.2.6 Application Priority Command Examples

In the following example, all FCoE traffic on the switch is assigned with priority 3.

switchA# configure
switchA(config)# lldp dcbx application ether-type fcoe priority 3

Ethernet Switch CLI Reference Guide

80
Chapter 19 Data Center Bridging Commands

Application priority can then be used in conjunction with ETS and PFC as shown in the following
examples.

This is an application priority command example with PFC.

switchA(config)# interface port-channel 5

switchA(config-interface)# priority-flow-control
switchA(config-interface)# priority-flow-control priority 3

switchB(config)# interface port-channel 6

switchB(config-interface)# priority-flow-control
switchB(config-interface)# priority-flow-control priority 3

This is an application priority command example with ETS.

• Default traffic class 0 with strict priority for priorities 0, 1, 2, 6, 7

• Traffic class 3 (for legacy Ethernet traffic): Guarantee bandwidth 40% for priority 4, 5
• Traffic class 4 (for FCoE traffic): Guarantee bandwidth 60% for priority 3
• Unicast to Non-Unicast weight ratio is 100:100
Table 60 ETS Example 2 Traffic Classes
PRIORITY TRAFFIC CLASS ID NAME
0 0 Default
1 0 Default
2 0 Default
3 4 FCoE
4 3 Ethernet
5 3 Ethernet
6 0 Default
7 0 Default

sysname# configure
sysname(config)# traffic-class 3 scheduler ets 40 name ethernet
sysname (config)# traffic-class 4 scheduler ets 60 name fcoe
sysname (config)# interface port-channel 6
sysname (config-interface)# ets
sysname (config-interface)# ets traffic-class binding 0 0 0 4 3 3 0 0
sysname (config-interface)# unicast-nonunicast-weight 100 100

19.2.7 DCBX
DCBX uses LLDP (Link Layer Discovery Protocol) to exchange PFC, ETS and application priority
information between switches. PFC information should be consistent between switches, so this can be
configured automatically using DCBX.

See Chapter 43 on page 176 for more information on LLDP.

In order for switches to exchange information, they must send their type-length values (TLVs) in order to
be able to read each other’s information.

Ethernet Switch CLI Reference Guide

81
Chapter 19 Data Center Bridging Commands

The following table lists the commands for this feature.

Table 61 dcbx Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port-list> Enters config-interface mode for the specified port(s). C 13

lldp org-specific-tlv dot1 Enables the sending of ETS TLVs on the specified C 13
dcbx-ets-configuration port(s).

lldp org-specific-tlv dot1 Enables the sending of PFC TLVs on the specified C 13
dcbx-pfc-configuration port(s).

lldp org-specific-tlv dot1 Enables the sending of application priority TLVs on the C 13
dcbx-application-priority specified port(s).

This is a DCBX command example.

sysname# configure
sysname(config)# lldp
interface port-channel 2
sysname(config-interface)# lldp admin-status tx-rx
sysname(config-interface)# lldp org-specific-tlv dot1 dcbx-ets-
configuration
sysname(config-interface)# lldp org-specific-tlv dot1 dcbx-pfc-
configuration
sysname(config-interface)# lldp org-specific-tlv dot1 dcbx-application-
priority
sysname(config-interface)#exit
sysname(config)# exit
sysname#

See Chapter 43 on page 176 for LLDP command examples.

Ethernet Switch CLI Reference Guide

82
Chapter 20 DHCP Commands

C H A P T E R 20
DHCP Commands
Use these commands to configure DHCP features on the Switch.

• Use the dhcp option commands to configure DHCP Option 82 profiles.

• Use the dhcp relay commands to configure DHCP relay for specific VLAN.
• Use the dhcp smart-relay commands to configure DHCP relay for all broadcast domains.
• Use the dhcp server commands to configure the Switch as a DHCP server. (This command is
available on a layer 3 Switch only.)

20.1 Command Summary

The following section lists the commands for this feature.

Table 62 dhcp option Command Summary

COMMAND DESCRIPTION M P
dhcp option profile <name> Creates a DHCPv4 option 82 profile. C 13
[ circuit-id [slot-port] [vlan]
[hostname] [string <string>] ] [
remote-id [mac] [string
<string>] ]
no dhcp option profile <name> Deletes the specified DHCPv4 option 82 profile. C 13

show dhcp option profile Displays DHCP option 82 profile settings. E 3

Table 63 dhcp relay Command Summary

COMMAND DESCRIPTION M P
show dhcp relay <vlan-id> Displays DHCP relay settings for the specified VLAN. E 3

dhcp relay <vlan-id> helper- Enables DHCP relay on the specified VLAN and sets the IP C 13
address <remote-dhcp-server1> address of up to 3 DHCP servers. Optionally, sets the Switch
[<remote-dhcp-server2>] to add relay agent information and system name.
[<remote-dhcp-server3>]
[option] [information] Note: You have to configure the VLAN before you
configure a DHCP relay for the VLAN. You
have to disable dhcp smart-relay before
you can enable dhcp relay.

Ethernet Switch CLI Reference Guide

83
Chapter 20 DHCP Commands

Table 63 dhcp relay Command Summary (continued)

COMMAND DESCRIPTION M P
dhcp relay <vlan-id> helper- Enables DHCP relay on the specified VLAN and sets the IP C 13
address <remote-dhcp-server1> address of up to 3 DHCP servers. Optionally, specify a pre-
[<remote-dhcp-server2>] defined DHCP option 82 profile that the Switch applies to
[<remote-dhcp-server3>] [option all ports in this VLAN.
profile <name>]
Note: You have to configure the VLAN before you
configure a DHCP relay for the VLAN. You
have to disable dhcp smart-relay before
you can enable dhcp relay.
dhcp relay <vlan-id> interface Specifies a pre-defined DHCP option 82 profile that the C 13
port-channel <port-list> option Switch applies to the specified port(s) in this VLAN. The
profile <name> Switch adds the Circuit ID sub-option and/or Remote ID
sub-option specified in the profile to DHCP requests that it
relays to a DHCP server.
dhcp relay <vlan-id> source- Specifies the source IP address that the Switch adds to C 13
address <ip-addr> DHCP requests from clients in this VLAN before forwarding
them.

The source IP address helps DHCP clients obtain an

appropriate IP address when you configure multiple
routing domains on a VLAN.
no dhcp relay <vlan-id> Disables DHCP relay. C 13

no dhcp relay <vlan-id> System name is not appended to option 82 information C 13

information field.

no dhcp relay <vlan-id> Sets the Switch to not apply a DHCP option 82 profile to the C 13
interface port-channel <port- specified port(s) in this VLAN.
list> option
no dhcp relay <vlan-id> source- Removes the source IP address setting and sets this field set C 13
address to 0.0.0.0. The Switch automatically sets the source IP
address of the DHCP requests to the IP address of the
interface on which the packet is received.
no dhcp relay <vlan-id> option Disables the relay agent information option 82. C 13

Table 64 dhcp relay-broadcast Command Summary

COMMAND DESCRIPTION M P
dhcp relay-broadcast The broadcast behavior of DHCP packets (within the C 13
VLAN(s) on which DHCP relay is enabled) will not be
terminated by the Switch.
no dhcp relay-broadcast The Switch terminates the broadcast behavior of DHCP C 13
packets within the VLAN(s) on which DHCP relay is
enabled.

Table 65 dhcp smart-relay Command Summary

COMMAND DESCRIPTION M P
show dhcp smart-relay Displays global DHCP relay settings. E 3

dhcp smart-relay Enables DHCP relay for all broadcast domains on the C 13
Switch.

Note: You have to disable dhcp relay before you

can enable dhcp smart-relay.
no dhcp smart-relay Disables global DHCP relay settings. C 13

Ethernet Switch CLI Reference Guide

84
Table 65 dhcp smart-relay Command Summary (continued)
COMMAND DESCRIPTION M P
dhcp smart-relay helper-address Sets the IP addresses of up to 3 DHCP servers. C 13
<remote-dhcp-server1> [<remote-
dhcp-server2>] [<remote-dhcp-
server3>]
dhcp smart-relay information Allows the Switch to add system name to agent C 13
information.
no dhcp smart-relay information System name is not appended to option 82 information C 13
field for global dhcp settings.
dhcp smart-relay interface port- Specifies a pre-defined DHCP option 82 profile that the C 13
channel <port-list> option Switch applies to the specified port(s).
profile <name>
Note: The profile you specify here has priority over
the one you set using the dhcp smart-relay
option profile <name> command.
dhcp smart-relay option Allows the Switch to add DHCP relay agent information. C 13

dhcp smart-relay option profile Specifies a pre-defined DHCPv4 option 82 profile that the C 13
<name> Switch applies to all ports. The Switch adds the Circuit ID
sub-option and/or Remote ID sub-option specified in the
profile to DHCP requests that it relays to a DHCP server.
no dhcp smart-relay interface Sets the Switch to not apply a DHCP option 82 profile to C 13
port-channel <port-list> the specified port(s).

no dhcp smart-relay option Disables the relay agent information option 82 for global C 13
dhcp settings.

Table 66 dhcp server Command Summary

COMMAND DESCRIPTION M P
dhcp server <vlan-id> starting- Enables DHCP server for the specified VLAN and specifies C 13
address <ip-addr> <subnet-mask> the TCP/IP configuration details to send to DHCP clients.
size-of-client-ip-pool <1-253>
dhcp server <vlan-id> starting- Enables DHCP server for the specified VLAN and specifies C 13
address <ip-addr> <subnet-mask> the TCP/IP configuration details to send to DHCP clients.
size-of-client-ip-pool <1-253> Including default gateway IP address and DNS server
[default-gateway <ip-addr>] information.
[primary-dns <ip-addr>]
[secondary-dns <ip-addr>]
no dhcp server <vlan-id> Disables DHCP server for the specified VLAN. C 13

no dhcp server <vlan-id> Disables DHCP server default gateway settings. C 13

default-gateway
no dhcp server <vlan-id> Disables DHCP primary DNS server settings. C 13
primary-dns
no dhcp server <vlan-id> Disables DHCP server secondary DNS settings. C 13
secondary-dns
show dhcp server Displays DHCP server settings. E 13

show dhcp server <vlan-id> Displays DHCP server settings in a specified VLAN. E 13

20.2 Command Examples

In this example, the Switch relays DHCP requests for the VLAN1 and VLAN2 domains. There is only one
DHCP server for DHCP clients in both domains.

Ethernet Switch CLI Reference Guide

85
Chapter 20 DHCP Commands

Figure 4 Example: Global DHCP Relay

DHCP Server:
192.168.1.100

VLAN1 VLAN2

This example shows how to configure the Switch for this configuration. DHCP relay agent information
option 82 is also enabled.

sysname# configure
sysname(config)# dhcp smart-relay
sysname(config)# dhcp smart-relay helper-address 192.168.1.100
sysname(config)# dhcp smart-relay option
sysname(config)# exit
sysname# show dhcp smart-relay
DHCP Relay Agent Configuration
Active: Yes
Remote DHCP Server 1:192.168.1.100
Remote DHCP Server 2: 0.0.0.0
Remote DHCP Server 3: 0.0.0.0
Option82: Enable Option82Inf: Disable

In this example, there are two VLANs (VIDs 1 and 2) in a campus network. Two DHCP servers are installed
to serve each VLAN. The Switch forwards DHCP requests from the dormitory rooms (VLAN 1) to the DHCP
server with IP address 192.168.1.100. DHCP requests from the academic buildings (VLAN 2) are sent to
the other DHCP server with IP address 172.16.10.100.

Figure 5 Example: DHCP Relay for Two VLANs

DHCP: 192.168.1.100

VLAN 1

VLAN 2 DHCP: 172.16.10.100

Ethernet Switch CLI Reference Guide

86
Chapter 20 DHCP Commands

This example shows how to configure these DHCP servers. The VLANs are already configured.

sysname# configure
sysname(config)# dhcp relay 1 helper-address 192.168.1.100
sysname(config)# dhcp relay 2 helper-address 172.16.10.100
sysname(config)# exit

In this example, the Switch is a DHCP server for clients on VLAN 1 and VLAN 2. The DHCP clients in VLAN 1
are assigned IP addresses in the range 192.168.1.100 to 192.168.1.200 and clients on VLAN 2 are assigned
IP addresses in the range 172.16.1.30 to 172.16.1.130.

Figure 6 Example: DHCP Relay for Two VLANs

DHCP Pool: 192.168.1.100-192.168.1.200 DHCP Pool: 172.16.1.30-172.16.1.130

VLAN 1 VLAN 2

This example shows how to configure the DHCP server for VLAN 1 with the configuration shown in Figure
6 on page 87. It also provides the DHCP clients with the IP address of the default gateway and the DNS
server.

sysname# configure
sysname(config)# dhcp server 1 starting-address 192.168.1.100
255.255.255.0 size-of-client-ip-pool 100 default-gateway 192.168.1.1
primary-dns 192.168.5.1

Ethernet Switch CLI Reference Guide

87
Chapter 21 DHCP Snooping & DHCP VLAN Commands

C H A P T E R 21
DHCP Snooping & DHCP
VLAN Commands
Use the dhcp snooping commands to configure the DHCP snooping on the Switch and the dhcp vlan
commands to specify a DHCP VLAN on your network. DHCP snooping filters unauthorized DHCP packets
on the network and builds the binding table dynamically.

21.1 Command Summary

The following section lists the commands for this feature.

Table 67 dhcp snooping Command Summary

COMMAND DESCRIPTION M P
show dhcp snooping Displays DHCP snooping configuration on the Switch. E 3

show dhcp snooping binding Displays the DHCP binding table. E 3

show dhcp snooping database Displays DHCP snooping database update statistics and E 3
settings.
show dhcp snooping database Displays DHCP snooping database update statistics in full E 3
detail detail form.

show dhcp snooping option [vlan Displays the DHCP option 82 profile that the Switch applies E 3
<vlan-list>] [interface <port- to ports in the specified VLAN or to the specified port(s).
list>]
dhcp snooping Enables DHCP Snooping on the Switch. C 13

no dhcp snooping Disables DHCP Snooping on the Switch. C 13

dhcp snooping database <tftp:// Specifies the location of the DHCP snooping database. C 13
host/filename> The location should be expressed like this: tftp://{domain
name or IP address}/directory, if applicable/file name; for
example, tftp://192.168.10.1/database.txt.
no dhcp snooping database Removes the location of the DHCP snooping database. C 13

dhcp snooping database timeout Specifies how long (10-65535 seconds) the Switch tries to C 13
<seconds> complete a specific update in the DHCP snooping
database before it gives up.
no dhcp snooping database Resets how long (10-65535 seconds) the Switch tries to C 13
timeout complete a specific update in the DHCP snooping
database before it gives up to the default value (300).
dhcp snooping database write- Specifies how long (10-65535 seconds) the Switch waits to C 13
delay <seconds> update the DHCP snooping database the first time the
current bindings change after an update.

Ethernet Switch CLI Reference Guide

88
Table 67 dhcp snooping Command Summary (continued)
COMMAND DESCRIPTION M P
no dhcp snooping database write- Resets how long (10-65535 seconds) the Switch waits to C 13
delay update the DHCP snooping database the first time the
current bindings change after an update to the default
value (300).
dhcp snooping vlan <vlan-list> Specifies the VLAN IDs for VLANs you want to enable DHCP C 13
snooping on.
no dhcp snooping vlan <vlan- Specifies the VLAN IDs for VLANs you want to disable DHCP C 13
list> snooping on.

dhcp snooping vlan <vlan-list> Sets the Switch to add the system name to DHCP requests C 13
information that it broadcasts to the DHCP VLAN, if specified, or VLAN.

no dhcp snooping vlan <vlan- Sets the Switch to not add the system name to DHCP C 13
list> information requests that it broadcasts to the DHCP VLAN, if specified,
or VLAN.
dhcp snooping vlan <vlan-list> Specifies a pre-defined DHCP option 82 profile that the C 13
interface port-channel <port- Switch applies to the specified port(s) in the specified
list> option profile <name> VLAN.

no dhcp snooping vlan <vlan- Sets the Switch to not apply a DHCP option 82 profile to the C 13
list> interface port-channel specified port(s).
<port-list> option
dhcp snooping vlan <vlan-list> Sets the Switch to add the slot number, port number and C 13
option VLAN ID to DHCP requests that it broadcasts to the DHCP
VLAN, if specified, or VLAN.
no dhcp snooping vlan <vlan- Sets the Switch to not add the slot number, port number C 13
list> option and VLAN ID to DHCP requests that it broadcasts to the
DHCP VLAN, if specified, or VLAN.
dhcp snooping vlan <vlan-list> Specifies a pre-defined DHCP option 82 profile that the C 13
option profile <name> Switch applies to all ports in the specified VLAN.

no dhcp snooping vlan <vlan- Sets the Switch to not apply a DHCP option 82 profile to all C 13
list> option ports in the specified VLAN.

clear dhcp snooping database Delete all statistics records of DHCP requests going through E 13
statistics the Switch.

renew dhcp snooping database Loads dynamic bindings from the default DHCP snooping E 13
database.
renew dhcp snooping database Loads dynamic bindings from the specified DHCP E 13
<tftp://host/filename> snooping database.

interface port-channel <port- Enables a port or a list of ports for configuration. C 13

list>
dhcp snooping trust Sets this port as a trusted DHCP snooping port. Trusted ports C 13
are connected to DHCP servers or other switches, and the
Switch discards DHCP packets from trusted ports only if the
rate at which DHCP packets arrive is too high.
dhcp snooping limit rate Sets the maximum rate in packets per second (pps) that C 13
<pps> DHCP packets are allowed to arrive at a trusted DHCP
snooping port.
no dhcp snooping trust Disables this port from being a trusted port for DHCP C 13
snooping.
no dhcp snooping limit rate Resets the DHCP snooping rate to the default (0). C 13

Ethernet Switch CLI Reference Guide

89
The following table describes the dhcp-vlan commands.

Table 68 dhcp-vlan Command Summary

COMMAND DESCRIPTION M P
dhcp dhcp-vlan <vlan-id> Specifies the VLAN ID of the DHCP VLAN. C 13

no dhcp dhcp-vlan Disables DHCP VLAN on the Switch. C 13

21.2 Command Examples

This example:

• Enables DHCP snooping Switch.

• Sets up an external DHCP snooping database on a network server with IP address 172.16.37.17.
• Enables DHCP snooping on VLANs 1,2,3,200 and 300.
• Sets the Switch to add the slot number, port number and VLAN ID to DHCP requests that it broadcasts
to the DHCP VLAN.
• Sets ports 1 - 5 as DHCP snooping trusted ports.
• Sets the maximum number of DHCP packets that can be received on ports 1 - 5 to 100 packets per
second.
• Configures a DHCP VLAN with a VLAN ID 300.
• Displays DHCP snooping configuration details.
sysname(config)# dhcp snooping
sysname(config)# dhcp snooping database tftp://172.16.37.17/
snoopdata.txt
sysname(config)# dhcp snooping vlan 1,2,3,200,300
sysname(config)# dhcp snooping vlan 1,2,3,200,300 option
sysname(config)# interface port-channel 1-5
sysname(config-interface)# dhcp snooping trust
sysname(config-interface)# dhcp snooping limit rate 100
sysname(config-interface)# exit
sysname(config)# dhcp dhcp-vlan 300
sysname(config)# exit
sysname# show dhcp snooping
Switch DHCP snooping is enabled
DHCP Snooping is configured on the following VLANs:
1-3,200,300
Option 82 is configured on the following VLANs:
1-3,200,300
Appending system name is configured on the following VLANs:

DHCP VLAN is enabled on VLAN 300

Interface Trusted Rate Limit (pps)
--------- ------- ----------------
1 yes 100
2 yes 100
3 yes 100
4 yes 100
5 yes 100
6 no unlimited
7 no unlimited
8 no unlimited

Ethernet Switch CLI Reference Guide

90
Chapter 22 DiffServ Commands

C H A P T E R 22
DiffServ Commands
Use these commands to configure Differentiated Services (DiffServ) on the Switch.

22.1 Command Summary

The following section lists the commands for this feature.

Table 69 diffserv Command Summary

COMMAND DESCRIPTION M P
show diffserv Displays general DiffServ settings. E 3

diffserv Enables DiffServ on the Switch. C 13

no diffserv Disables DiffServ on the Switch. C 13

diffserv dscp <0-63> priority Sets the DSCP-to-IEEE 802.1q mappings. C 13

<0-7>
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
diffserv Enables DiffServ on the port(s). C 13

no diffserv Disables DiffServ on the port(s). C 13

Ethernet Switch CLI Reference Guide

91
C H A P T E R 23
Display Commands
Use these commands to display configuration information.

23.1 Command Summary

The following section lists the commands for this feature.

Table 70 display Command Summary

COMMAND DESCRIPTION M P
display user <[system][snmp]> Displays all or specific user account information in the C 14
configuration file.

system: Displays system account information, such as

admin, enable or login username and password.

snmp: Displays SNMP user account information.

no display user <[system][snmp]> Hide all or specific user account information in the C 14
configuration file.
display aaa Displays all or specific AAA information in the C 14
<[authentication][authorization][ configuration file.
server]> authentication: Displays authentication information in
the configuration file.

authorization: Displays authorization information in the

configuration file.

server: Displays authentication server information in the

configuration file.
no display aaa Hide all or specific AAA information in the configuration C 14
<[authentication][authorization][ file.
server]>

Ethernet Switch CLI Reference Guide

92
Chapter 24 DVMRP Commands

C H A P T E R 24
DVMRP Commands
This chapter explains how to use commands to activate the Distance Vector Multicast Routing Protocol
(DVMRP) on the Switch.

24.1 DVMRP Overview

DVMRP (Distance Vector Multicast Routing Protocol) is a protocol used for routing multicast data.
DVMRP is used when a router receives multicast traffic and it wants to find out if other multicast routers it
is connected to need to receive the data. DVMRP sends the data to all attached routers and waits for a
reply. Routers which do not need to receive the data (do not have multicast group member
connected) return a “prune” message, which stops further multicast traffic for that group from reaching
the router.

24.2 Command Summary

The following section lists the commands for this feature.

Table 71 Command Summary: DVMRP

COMMAND DESCRIPTION M P
show ip dvmrp group Displays DVMRP group information. E 3

show ip dvmrp interface Displays DVMRP interface information. E 3

show ip dvmrp neighbor Displays DVMRP neighbor information. E 3

show ip dvmrp prune Displays the DVMRP prune information. E 3

show ip dvmrp route Displays the DVMRP routes. E 3

show router dvmrp Displays DVMRP settings. E 3

router dvmrp Enables and enters the DVMRP configuration C 13

mode.
exit Leaves the DVMRP configuration mode. C 13

threshold <ttl-value> Sets the DVMRP threshold value. Multicast C 13

packets with TTL (Time-To-Live) value lower than
the threshold are not forwarded by the Switch.
no router dvmrp Disables DVMRP on the Switch. C 13

interface route-domain <ip-address>/ Enters the configuration mode for this routing C 13
<mask-bits> domain.

Ethernet Switch CLI Reference Guide

93
Chapter 24 DVMRP Commands

Table 71 Command Summary: DVMRP (continued)

COMMAND DESCRIPTION M P
ip dvmrp Activates this routing domain in participating in C 13
DVMRP.
no ip dvmrp Disables this routing domain from participating in C 13
DVMRP.

24.3 Command Examples

In this example, the Switch is configured to exchange DVMRP information with other DVMRP enabled
routers as shown next. The Switch is a DVMRP router (C). DVMRP is activated on IP routing domains
10.10.10.1/24 and 172.16.1.1/24 so that it can exchange DVMRP information with routers A and B.

Figure 7 DVMRP Network Example

A B

172.16.1.254
10.10.10.254

C D E

• Enables IGMP and DVMRP on the Switch.

• Enables DVMRP on the following routing domains: 10.10.10.1/24, 172.16.1.1/24.
• Displays DVMRP settings configured on the Switch.
sysname(config)# router igmp
sysname(config-igmp)# exit
sysname(config)# router dvmrp
sysname(config-dvmrp)# exit
sysname(config)# interface route-domain 10.10.10.1/24
sysname(config-if)# ip dvmrp
sysname(config-if)# exit
sysname(config)# interface route-domain 172.16.1.1/24
sysname(config-if)# ip dvmrp
sysname(config-if)# exit
sysname(config)# exit
sysname# show router dvmrp
TTL threshold: 50

IP Address Subnet Mask Active

----------------------------------------
10.10.10.1 255.255.255.0 Yes
172.16.1.1 255.255.255.0 Yes
192.168.1.1 255.255.255.0 No

Ethernet Switch CLI Reference Guide

94
Chapter 25 Error Disable and Recovery Commands

C H A P T E R 25
Error Disable and Recovery
Commands
Use these commands to configure the CPU protection and error disable recovery features on the
Switch.

25.1 CPU Protection Overview

Switches exchange protocol control packets in a network to get the latest networking information. If a
Switch receives large numbers of control packets, such as ARP, BPDU or IGMP packets, which are to be
processed by the CPU, the CPU may become overloaded and be unable to handle regular tasks
properly.

The CPU protection feature allows you to limit the rate of ARP, BPDU and IGMP packets to be delivered
to the CPU on a port. This enhances the CPU efficiency and protects against potential DoS attacks or
errors from other network(s). You then can choose to drop control packets that exceed the specified
rate limit or disable a port on which the packets are received.

25.2 Error-Disable Recovery Overview

Some features, such as loop guard or CPU protection, allow the Switch to shut down a port or discard
specific packets on a port when an error is detected on the port. For example, if the Switch detects that
packets sent out the port(s) loop back to the Switch, the Switch can shut down the port(s)
automatically. After that, you need to enable the port(s) or allow the packets on a port manually via the
web configurator or the commands. With error-disable recovery, you can set the disabled port(s) to
become active or start receiving the packets again after the time interval you specify.

25.3 User Input Values

This section lists the common term definition appears in this chapter.

Table 72 errdisable recovery command user input values

USER INPUT DESCRIPTION
port-list The port number or a range of port numbers that you want to configure.

Ethernet Switch CLI Reference Guide

95
25.4 Command Summary
The following section lists the commands for this feature.

Table 73 cpu-protection Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port- Enables a port or a list of ports for configuration. C 13
list>
cpu-protection cause Sets the maximum number of ARP, BPDU or IGMP packets C 13
<ARP|BPDU|IGMP> rate-limit that the specified port(s) are allowed to receive or transmit
<0-256> per second. 0 means no rate limit.

clear cpu-protection interface Resets the “Total Drop” counters for the specified port(s) to E 13
port-channel <port-list> cause zero (0). You can see the counter using the show cpu-
<ARP|BPDU|IGMP> protection command. The “Total Drops” means the
number of ARP, BPDU or IGMP packets that have been
dropped due to the Error Disable feature in rate-
limitation mode.
reset cpu-protection interface Sets the specified port(s) to handle all ARP, BPDU or IGMP E 13
port-channel <port-list> cause packets in stead of ignoring them, if the port(s) are in
<ARP|BPDU|IGMP> inactive-reason mode (set by using the errdisable
detet cause command).
show cpu-protection interface Shows the CPU Protection settings and the number of ARP, E 13
port-channel <port-list> BPDU and/or IGMP packets that has been dropped by the
Error Disable feature for the specified port(s).

Table 74 errdisable recovery Command Summary

COMMAND DESCRIPTION M P
errdisable detect cause Sets the Switch to detect if the number of ARP, BPDU or C 13
<ARP|BPDU|IGMP> IGMP packets exceeds the rate limit on port(s) (set by
using the cpu-protection cause command).
errdisable detect cause Sets the action that the Switch takes when the number of C 13
<ARP|BPDU|IGMP> mode <inactive- ARP, BPDU or IGMP packets exceeds the rate limit on
port|inactive-reason|rate- port(s).
limitation> inactive-port: The Switch shuts down the port.

inactive-reason: The Switch bypasses the processing of

the specified control packets (such as ARP or IGMP
packets), or drops all the specified control packets (such
as BPDU) on the port.

rate-limitation: The Switch drops the additional control

packets the port(s) have to handle in every one second.
errdisable recovery Turns on the disabled port recovery function on the Switch. C 13

errdisable recovery cause Enables the recovery timer for the specified feature that C 13
<loopguard|ARP|BPDU|IGMP> causes the Switch to shut down port(s).

errdisable recovery cause Sets how many seconds the Switch waits before enabling C 13
<loopguard|ARP|BPDU|IGMP> the port(s) which was shut down.
interval <30-2592000>
no errdisable detect cause Disables the rate limit for ARP, BPDU or IGMP packets on C 13
<ARP|BPDU|IGMP> port(s), set by using the cpu-protection cause
command.
no errdisable recovery Turns off the disabled port recovery function on the Switch. C 13

no errdisable recovery cause Disables the recovery timer for the specified feature that C 13
<loopguard|ARP|BPDU|IGMP> causes the Switch to shut down a port.

Ethernet Switch CLI Reference Guide

96
Chapter 25 Error Disable and Recovery Commands

Table 74 errdisable recovery Command Summary (continued)

COMMAND DESCRIPTION M P
show errdisable Displays which port(s) are detected (by Error Disable), the E 13
mode of the ports, and which packets (ARP, BPDU or
IGMP) are being detected.
show errdisable detect Displays the Error Disable settings including the available E 13
protocol of packets (ARP, BPDU or IGMP), the current
status (enabled or disabled), and the corresponding
action the Switch takes when a detected port is handling
packets over the limit.
show errdisable recovery Displays the disabled port recovery settings and after how E 13
many seconds which port(s) will be activated.

25.5 Command Examples

This example shows you how to configure the following:

• limit the number of ARP packets that port 7 can handle to 100 packets per second.
• set to shut down port 7 when the number ARP packets the port should handle exceeds the rate limit.
• display the CPU protection settings that you just set for port 7.
• display the Error Disable status and action mode for ARP packet handling.
systemname# config
systemname(config)# interface port-channel 7
systemname(config-interface)# cpu-protection cause ARP rate-limit 100
systemname(config-interface)# exit
systemname(config)# errdisable detect cause ARP
systemname(config)# errdisable detect cause ARP mode inactive-port
systemname(config)# exit
systemname# show cpu-protection interface port-channel 7
Port : 7

Reason Rate Mode Total Drops

------ ------- --------------- -----------
ARP 100 inactive-port -
BPDU 0 inactive-port -
IGMP 0 inactive-port -

systemname# show errdisable detect

Reason Status Mode

------ ------- ---------------
ARP enable inactive-port
BPDU enable rate-limitation
IGMP enable inactive-port
systemname#

This example enables the disabled port recovery function and the recovery timer for the loopguard
feature on the Switch. If a port is shut down due to the specified reason, the Switch activates the port

Ethernet Switch CLI Reference Guide

97
Chapter 25 Error Disable and Recovery Commands

300 seconds (the default value) later. This example also shows the number of the disabled port(s) and
the time left before the port(s) becomes active.

sysname# configure
sysname(config)# errdisable recovery
sysname(config)# errdisable recovery cause loopguard
sysname(config)# exit
sysname# show errdisable recovery
Errdisable Recovery Status:Enable

Reason Timer Status Time

---------- ------------ -------
loopguard Enable 300
ARP Disable 300
BPDU Disable 300
IGMP Disable 300

Interfaces that will be enabled at the next timeout:

Interface Reason Time left(sec) Mode

--------- ---------- -------------- ---------------
sysname#

Ethernet Switch CLI Reference Guide

98
Chapter 26 Ethernet OAM Commands

C H A P T E R 26
Ethernet OAM Commands
Use these commands to use the link monitoring protocol IEEE 802.3ah Link Layer Ethernet OAM
(Operations, Administration and Maintenance).

26.1 IEEE 802.3ah Link Layer Ethernet OAM

Implementation
Link layer Ethernet OAM (Operations, Administration and Maintenance) as described in IEEE 802.3ah is a
link monitoring protocol. It utilizes OAM Protocol Data Units or OAM PDU’s to transmit link status
information between directly connected Ethernet devices. Both devices must support IEEE 802.3ah.
Because link layer Ethernet OAM operates at layer two of the OSI (Open Systems Interconnection Basic
Reference) model, neither IP or SNMP are necessary to monitor or troubleshoot network connection
problems.

The Switch supports the following IEEE 802.3ah features:

• Discovery - this identifies the devices on each end of the Ethernet link and their OAM configuration.
• Remote Loopback - this can initiate a loopback test between Ethernet devices.

26.2 Command Summary

The following section lists the commands for this feature.

Table 75 ethernet oam Command Summary

COMMAND DESCRIPTION M P
show ethernet oam discovery Displays OAM configuration details and operational status E 3
<port-list> of the specified ports.

show ethernet oam statistics Displays the number of OAM packets transferred for the E 3
<port-list> specified ports.

show ethernet oam summary Displays the configuration details of each OAM activated E 3
port.
ethernet oam Enables Ethernet OAM on the Switch. C 13

no ethernet oam Disables Ethernet OAM on the Switch. C 13

ethernet oam remote-loopback Initiates a remote-loopback test from the specified port by E 13
start <port> sending Enable Loopback Control PDUs to the remote
device.

Ethernet Switch CLI Reference Guide

99
Chapter 26 Ethernet OAM Commands

Table 75 ethernet oam Command Summary (continued)

COMMAND DESCRIPTION M P
ethernet oam remote-loopback Terminates a remote-loopback test from the specified port E 13
stop <port> by sending Disable Loopback Control PDUs to the remote
device.
ethernet oam remote-loopback Performs a remote-loopback test from the specified port. E 13
test <port> [<number-of-packets> You can also define the allowable packet number and
[<packet-size>]] packet size of the loopback test frames.

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
ethernet oam Enables Ethernet OAM on the port(s). C 13

no ethernet oam Disables Ethernet OAM on the port(s). C 13

ethernet oam mode Specifies the OAM mode on the ports. C 13

<active|passive>
active: Allows the port to issue and respond to Ethernet
OAM commands.

passive: Allows the port to respond to Ethernet OAM

commands.
ethernet oam remote-loopback Sets the Switch to ignore loopback commands received C 13
ignore-rx on the ports.

ethernet oam remote-loopback Enables the remote loopback feature on the ports. C 13
supported
no ethernet oam remote- Sets the Switch to process loopback commands received C 13
loopback ignore-rx on the ports.

no ethernet oam remote- Disables the remote loopback feature on the ports. C 13
loopback supported
no ethernet oam mode Resets the OAM mode to the default value. C 13

26.3 Command Examples

This example enables Ethernet OAM on port 7 and sets the mode to active.

sysname# configure
sysname(config)# ethernet oam
sysname(config)# interface port-channel 7
sysname(config-interface)# ethernet oam
sysname(config-interface)# ethernet oam mode active
sysname(config-interface)# exit
sysname(config)# exit

Ethernet Switch CLI Reference Guide

100
This example performs Ethernet OAM discovery from port 7.

sysname# show ethernet oam discovery 7

Port 7
Local client
------------
OAM configurations:
Mode : Active
Unidirectional : Not supported
Remote loopback : Not supported
Link events : Not supported
Variable retrieval: Not supported
Max. OAMPDU size : 1518

Operational status:
Link status : Down
Info. revision : 3
Parser state : Forward
Discovery state : Active Send Local

The following table describes the labels in this screen.

Table 76 show ethernet oam discovery

LABEL DESCRIPTION
OAM configurations The remote device uses this information to determine what functions are supported.
Mode This field displays the OAM mode. The device in active mode (typically the service
provider's device) controls the device in passive mode (typically the subscriber's
device).

Active: The Switch initiates OAM discovery; sends information PDUs; and may send
event notification PDUs, variable request/response PDUs, or loopback control PDUs.

Passive: The Switch waits for the remote device to initiate OAM discovery; sends
information PDUs; may send event notification PDUs; and may respond to variable
request PDUs or loopback control PDUs.

The Switch might not support some types of PDUs, as indicated in the fields below.
Unidirectional This field indicates whether or not the Switch can send information PDUs to transmit
fault information when the receive path is non-operational.
Remote loopback This field indicates whether or not the Switch can use loopback control PDUs to put the
remote device into loopback mode.
Link events This field indicates whether or not the Switch can interpret link events, such as link fault
and dying gasp. Link events are sent in event notification PDUs and indicate when the
number of errors in a given interval (time, number of frames, number of symbols, or
number of errored frame seconds) exceeds a specified threshold. Organizations may
create organization-specific link event TLVs as well.
Variable retrieval This field indicates whether or not the Switch can respond to requests for more
information, such as requests for Ethernet counters and statistics, about link events.
Max. OAMPDU size This field displays the maximum size of PDU for receipt and delivery.
Operational status
Link status This field indicates that the link is up or down.
Info. revision This field displays the current version of local state and configuration. This two-octet
value starts at zero and increments every time the local state or configuration
changes.

Ethernet Switch CLI Reference Guide

101
Chapter 26 Ethernet OAM Commands

Table 76 show ethernet oam discovery (continued)

LABEL DESCRIPTION
Parser state This field indicates the current state of the parser.

Forward: The packet is forwarding packets normally.

Loopback: The Switch is in loopback mode.

Discard: The Switch is discarding non-OAMPDUs because it is trying to or has put the
remote device into loopback mode.
Discovery state This field indicates the state in the OAM discovery process. OAM-enabled devices use
this process to detect each other and to exchange information about their OAM
configuration and capabilities. OAM discovery is a handshake protocol.

Fault: One of the devices is transmitting OAM PDUs with link fault information, or the
interface is not operational.

Active Send Local: The Switch is in active mode and is trying to see if the remote
device supports OAM.

Passive Wait: The Switch is in passive mode and is waiting for the remote device to
begin OAM discovery.

Send Local Remote: This state occurs in the following circumstances.

• The Switch has discovered the remote device but has not accepted or rejected
the connection yet.
• The Switch has discovered the remote device and rejected the connection.
Send Local Remote OK: The Switch has discovered the remote device and has
accepted the connection. In addition, the remote device has not accepted or
rejected the connection yet, or the remote device has rejected the connected.

Send Any: The Switch and the remote device have accepted the connection. This is
the operating state for OAM links that are fully operational.

This example looks at the number of OAM packets transferred on port 1.

sysname# show ethernet oam statistics 1

Port 1
Statistics:
-----------
Information OAMPDU Tx : 0
Information OAMPDU Rx : 0
Event Notification OAMPDU Tx : 0
Event Notification OAMPDU Rx : 0
Loopback Control OAMPDU Tx : 0
Loopback Control OAMPDU Rx : 0
Variable Request OAMPDU Tx : 0
Variable Request OAMPDU Rx : 0
Variable Response OAMPDU Tx : 0
Variable Response OAMPDU Rx : 0
Unsupported OAMPDU Tx : 0
Unsupported OAMPDU Rx : 0

The following table describes the labels in this screen.

Table 77 show ethernet oam statistics

LABEL DESCRIPTION
Information OAMPDU Tx This field displays the number of OAM PDUs sent on the port.
Information OAMPDU Rx This field displays the number of OAM PDUs received on the port.

Ethernet Switch CLI Reference Guide

102
Table 77 show ethernet oam statistics (continued)
LABEL DESCRIPTION
Event Notification This field displays the number of unique or duplicate OAM event notification PDUs sent
OAMPDU Tx on the port.
Event Notification This field displays the number of unique or duplicate OAM event notification PDUs
OAMPDU Rx received on the port.
Loopback Control This field displays the number of loopback control OAM PDUs sent on the port.
OAMPDU Tx
Loopback Control This field displays the number of loopback control OAM PDUs received on the port.
OAMPDU Rx
Variable Request This field displays the number of OAM PDUs sent to request MIB objects on the remote
OAMPDU Tx device.
Variable Request This field displays the number of OAM PDUs received requesting MIB objects on the
OAMPDU Rx Switch.
Variable Response This field displays the number of OAM PDUs sent by the Switch in response to requests.
OAMPDU Tx
Variable Response This field displays the number of OAM PDUs sent by the remote device in response to
OAMPDU Rx requests.
Unsupported OAMPDU Tx This field displays the number of unsupported OAM PDUs sent on the port.
Unsupported OAMPDU Rx This field displays the number of unsupported OAM PDUs received on the port.

This example looks at the configuration of ports on which OAM is enabled.

sysname# show ethernet oam summary

OAM Config: U : Unidirection, R : Remote Loopback

L : Link Events , V : Variable Retrieval

Local Remote
------------- -----------------------------------------
Port Mode MAC Addr OUI Mode Config
----- ------- ----------------- ------ ------- --------
1 Active

The following table describes the labels in this screen.

Table 78 show ethernet oam summary

LABEL DESCRIPTION
Local This section displays information about the ports on the Switch.
Port This field displays the port number.
Mode This field displays the operational state of the port.
Remote This section displays information about the remote device.
MAC Addr This field displays the MAC address of the remote device.
OUI This field displays the OUI (first three bytes of the MAC address) of the remote device.
Mode This field displays the operational state of the remote device.
Config This field displays the capabilities of the Switch and remote device. THe capabilities are
identified in the OAM Config section.

Ethernet Switch CLI Reference Guide

103
Chapter 27 External Alarm Commands

C H A P T E R 27
External Alarm Commands
Use these commands to configure the external alarm features on the Switch.

27.1 Command Summary

The following section lists the commands for this feature.

Table 79 external-alarm Command Summary

COMMAND DESCRIPTION M P
external-alarm <index> name Sets the name of the specified external alarm. C 13
<name_string>
index: 1 ~ 4

name_string: Enters a name of up to 32 ASCII characters.

no external-alarm <index> Removes the name of the specified external alarm. C 13

no external-alarm all Removes the name of all external alarms. C 13

show external-alarm Displays external alarm settings and status. E 13

Ethernet Switch CLI Reference Guide

104
27.2 Command Examples
This example configures and shows the name and status of the external alarm(s).

sysname# configure
sysname(config)# external-alarm 1 name dooropen
sysname(config)# exit
sysname# show external-alarm
External Alarm 1

Status: Not asserted

Name: dooropen

External Alarm 2

Status: Not asserted

Name:

External Alarm 3

Status: Not asserted

Name:

External Alarm 4

Status: Not asserted

Name:
sysname#

Ethernet Switch CLI Reference Guide

105
Chapter 28 GARP Commands

C H A P T E R 28
GARP Commands
Use these commands to configure GARP.

28.1 GARP Overview

Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using
GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all
registrations. GARP timers set declaration timeout values.

28.2 Command Summary

The following section lists the commands for this feature.

Table 80 garp Command Summary

COMMAND DESCRIPTION M P
show garp Displays GARP information. E 3

garp join <100-65535> leave Configures GARP time settings (in milliseconds), including C 13
<200-65535> leaveall <200-65535> the join, leave and leave all timers for each port. Leave
Time must be at least two times larger than Join Timer, and
Leave All Timer must be larger than Leave Timer.

Ethernet Switch CLI Reference Guide

106
Chapter 28 GARP Commands

28.3 Command Examples

In this example, the administrator looks at the Switch’s GARP timer settings and decides to change
them. The administrator sets the Join Timer to 300 milliseconds, the Leave Timer to 800 milliseconds, and
the Leave All Timer to 11000 milliseconds.

sysname# show garp

GARP Timer
------------------------
Join Timer :200
Leave Timer :600
Leave All Timer :10000
sysname# configure
sysname(config)# garp join 300 leave 800 leaveall 11000
sysname(config)# exit
sysname# show garp

GARP Timer
------------------------
Join Timer :300
Leave Timer :800
Leave All Timer :11000

Ethernet Switch CLI Reference Guide

107
Chapter 29 Green Ethernet Commands

C H A P T E R 29
Green Ethernet Commands
Use these commands to configure green Ethernet.

29.1 Green Ethernet Overview

Green Ethernet reduces Switch port power consumption in the following ways.

• IEEE 802.3az Energy Efficient Ethernet (EEE)

If EEE is enabled, both sides of a link support EEE and there is no traffic, the port enters Low Power Idle
(LPI) mode. LPI mode turns off some functions of the physical layer (becomes quiet) to save power.
Periodically the port transmits a REFRESH signal to allow the link partner keep the link alive. When there
is traffic to be sent, a WAKE signal is sent to the link partner to return the link to active mode.
• Auto Power Down
Auto Power Down turns off almost all functions of the port’s physical layer functions when the link is
down, so the port only uses power to check for a link up pulse from the link partner. After the link up
pulse is detected, the port wakes up from Auto Power Down and operates normally.
• Short Reach
Traditional Ethernet transmits all data with enough power to reach the maximum cable length.
Shorter cables lose less power, so Short Reach saves power by adjusting the transmit power of each
port according to the length of cable attached to that port.

Note: Not all Switches supports Green Ethernet completely. Some may only support EEE.

First configure Green Ethernet on the Switch, then configure it on an interface.

29.2 Command Summary

The following section lists the commands for this feature.

Table 81 green-ethernet Command Summary

COMMAND DESCRIPTION M P
green-ethernet auto-power-down Enables automatic power down on the Switch. E 13

no green-ethernet auto-power-down Disables automatic power down on the Switch. E 13

green-ethernet eee Enables IEEE 802.3az Energy Efficient Ethernet on the E 13

Switch.
no green-ethernet eee Disables eee on the Switch. E 13

Ethernet Switch CLI Reference Guide

108
Table 81 green-ethernet Command Summary (continued)
COMMAND DESCRIPTION M P
green-ethernet short-reach Enables adjusting the transmission power of each port E 13
according to the length of cable attached to a port
on the Switch.
no green-ethernet short-reach Disables short-reach on the Switch. E 13

interface port-channel <port-list> Enters config-interface mode for the specified port(s). C 13

green-ethernet auto-power-down Enables automatic power down on the specified C 13

port(s).
no green-ethernet auto-power- Disables automatic power down on the specified C 13
down port(s).

green-ethernet eee Enables IEEE 802.3az Energy Efficient Ethernet on the C 13

specified port(s).
no green-ethernet eee Disable IEEE 802.3az Energy Efficient Ethernet on the C 13
specified port(s).
green-ethernet short-reach Enables adjusting the transmit power of the specified C 13
port(s) according to the length of cable attached to
the port.
no green-ethernet short-reach Disables adjusting the transmit power of the specified C 13
port(s) according to the length of cable attached to
the port.
show green-ethernet auto-power-down Shows automatic power down information. E 3

show green-ethernet eee Shows Energy Efficient Ethernet information. E 3

show green-ethernet short-reach Shows short reach information. E 3

29.3 Green Ethernet Command Example

In this example, the Switch supports EEE and auto power down per port, and short reach globally. The
following are explanations of the Status parameters:

EEE
• Active displays when EEE is enabled and the EEE port is up
• Inactive displays when EEE is enabled but the EEE port is down or the device connected to this port
does not support EEE
• Unsupported means the Switch cannot display the status.
• - means EEE is not enabled

Auto power down

• Normal means auto power down has not reduced the power on this link
• Power down means auto power down has reduced the power on this link
• Unsupported means the Switch cannot display the status.
• - means auto power down is not enabled

Short reach
• Normal means short reach has not reduced the power on this link
• Low power means short reach has reduced the power on this link

Ethernet Switch CLI Reference Guide

109
Chapter 29 Green Ethernet Commands

• Unsupported means the Switch cannot display the status.

• - means short reach is not enabled
sysname# configure
sysname(config)# green-ethernet eee
sysname(config)# green-ethernet short-reach
sysname(config)# green-ethernet auto-power-down
sysname(config)# interface port-channel 1-4
sysname(config-interface)# green-ethernet eee
sysname(config-interface)# green-ethernet auto-power-down
sysname(config-interface)# exit
sysname(config)# exit
sysname# show green-ethernet eee
EEE globally configuration : Enable

Port Port status Config Status

---- --------------- ------- ---------
1 100M/F Enable Active
2 Down Enable Inactive
3 100M/F Enable Unsupported
4 Down Disable -

sysname# show green-ethernet auto-power-down

Auto Power Down globally configuration : Enable

Port Config Status

---- ------- ----------
1 Enable Power down
2 Enable Normal
3 Enable Unsupported
4 Disable -

sysname# show green-ethernet short-reach

Short Reach globally configuration : Enable

sysname#

The following example shows how to configure short reach if the Switch supports short reach per port

sysname# configure
sysname(config)# green-ethernet short-reach

sysname# configure
sysname(config)# interface port-channel 1-4
sysname(config-interface)# green-ethernet short-reach

Ethernet Switch CLI Reference Guide

110
Chapter 29 Green Ethernet Commands

The following example shows the display for short reach if the Switch supports short reach per port and
showing the status

sysname# show green-ethernet short-reach

Global configuration : Enable

Port Config Status

---- ----------- --------------
1 Enable Low power
2 Disable -
3 Enable Unsupported
4 Enable Normal

Ethernet Switch CLI Reference Guide

111
Chapter 30 GVRP Commands

C H A P T E R 30
GVRP Commands
Use these commands to configure GVRP.

30.1 Command Summary

The following section lists the commands for this feature.

Table 82 gvrp Command Summary

COMMAND DESCRIPTION M P
show vlan1q gvrp Displays GVRP settings. E 13

vlan1q gvrp Enables GVRP. C 13

no vlan1q gvrp Disables GVRP on the Switch. C 13

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
gvrp Enables this function to permit VLAN groups beyond the C 13
local Switch.
no gvrp Disable GVRP on the port(s). C 13

30.2 Command Examples

This example shows the Switch’s GVRP settings.

sysname# show vlan1q gvrp

GVRP Support
-----------------------
gvrpEnable = YES
gvrpPortEnable:

This example turns off GVRP on ports 1-5.

sysname# configure
sysname(config)# interface port-channel 1-5
sysname(config-interface)# no gvrp
sysname(config-interface)# exit
sysname(config)# exit

Ethernet Switch CLI Reference Guide

112
P ART III
Reference H-M
HTTPS Server Commands (115)

IEEE 802.1x Authentication Commands (118)

IGMP and Multicasting Commands (121)

IGMP Snooping Commands (123)

IGMP Filtering Commands (130)

Interface Commands (132)

Interface Route-domain Mode (139)

IP Commands (140)

IP Source Binding Commands (145)

IPv6 Commands (147)

Layer 2 Protocol Tunnel (L2PT) Commands (173)

Link Layer Discovery Protocol (LLDP) Commands (176)

Load Sharing Commands (188)

Logging Commands (190)

Login Account Commands (191)

Loopguard Commands (193)

MAC Address Commands (195)

113
MAC Authentication Commands (197)

MAC Filter Commands (201)

MAC Forward Commands (203)

MAC Pinning Commands (204)

Mirror Commands (206)

MRSTP Commands (210)

MSTP Commands (213)

Multiple Login Commands (218)

MVR Commands (219)

114
C H A P T E R 31
HTTPS Server Commands
Use these commands to configure the HTTPS server on the Switch.

31.1 Command Summary

The following section lists the commands for this feature.

Table 83 https Command Summary

COMMAND DESCRIPTION M P
show https Displays the HTTPS settings, statistics, and sessions. E 3

show https certificate Displays the HTTPS certificates. E 3

show https key <rsa|dsa> Displays the HTTPS key. E 3

show https session Displays current HTTPS session(s). E 3

https cert-regeneration Re-generates a certificate. C 13

<rsa|dsa>

Ethernet Switch CLI Reference Guide

115
Chapter 31 HTTPS Server Commands

31.2 Command Examples

This example shows the current HTTPS settings, statistics, and sessions.

sysname# show https

Configuration
Version : SSLv3, TLSv1
Maximum session number: 64 sessions
Maximum cache number : 128 caches
Cache timeout : 300 seconds
Support ciphers :
DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA EDH-RSA-DES-
CBC3-SHA
EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA DES-CBC3-MD5 DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA AES128-SHA DHE-DSS-RC4-SHA IDEA-CBC-SHA RC4-
SHA
RC4-MD5 IDEA-CBC-MD5 RC2-CBC-MD5 RC4-MD5

Statistics:
Total connects : 0
Current connects : 0
Connects that finished: 0
Renegotiate requested : 0
Session cache items : 0
Session cache hits : 0
Session cache misses : 0
Session cache timeouts: 0

Sessions:
Remote IP Port Local IP Port SSL bytes Sock bytes

The following table describes the labels in this screen.

Table 84 show https

LABEL DESCRIPTION
Configuration
Version This field displays the current version of SSL (Secure Sockets Layer) and TLS (Transport
Layer Security).
Maximum session number This field displays the maximum number of HTTPS sessions the Switch supports.
Maximum cache number This field displays the maximum number of entries in the cache table the Switch
supports for HTTPS sessions.
Cache timeout This field displays how long entries remain in the cache table before they expire.
Support ciphers This field displays the SSL or TLS cipher suites the Switch supports for HTTPS sessions. The
cipher suites are identified by their OpenSSL equivalent names. If the name does not
include the authentication used, assume RSA authentication. See SSL v2.0, SSL v3.0, TLS
v1.0, and RFC 3268 for more information.
Statistics
Total connects This field displays the total number of HTTPS connections since the Switch started up.
Current connects This field displays the current number of HTTPS connections.
Connects that finished This field displays the number of HTTPS connections that have finished.
Renegotiate requested This field displays the number of times the Switch requested clients to renegotiate the
SSL connection parameters.

Ethernet Switch CLI Reference Guide

116
Chapter 31 HTTPS Server Commands

Table 84 show https (continued)

LABEL DESCRIPTION
Session cache items This field displays the current number of items in cache.
Session cache hits This field displays the number of times the Switch used cache to satisfy a request.
Session cache misses This field displays the number of times the Switch could not use cache to satisfy a
request.
Session cache timeouts This field displays the number of items that have expired in the cache.
Sessions
Remote IP This field displays the client’s IP address in this session.
Port This field displays the client’s port number in this session.
Local IP This field displays the Switch’s IP address in this session.
Port This field displays the Switch’s port number in this session.
SSL bytes This field displays the number of bytes encrypted or decrypted by the Secure Socket
Layer (SSL).
Sock bytes This field displays the number of bytes encrypted or decrypted by the socket.

This example shows the current HTTPS sessions.

sysname# show https session

SSL-Session:
Protocol : SSLv3
Cipher : RC4-MD5
Session-ID:
68BFB25BFAFEE3F0F15AB7B038EAB6BACE4AB7A4A6A5280E55943B7191057C96
Session-ID-ctx: 7374756E6E656C20534944
Master-Key:
65C110D9BD9BB0EE36CE0C76408C121DAFD1E5E3209614EB0AC5509CDB60D0904937DA4B
A5BA058B57FD7169ACDD4ACF
Key-Arg : None
Start Time: 2252
Timeout : 300 (sec)
Verify return code: 0 (ok)

The following table describes the labels in this screen.

Table 85 show https session

LABEL DESCRIPTION
Protocol This field displays the SSL version used in the session.
Cipher This field displays the encryption algorithms used in the session.
Session-ID This field displays the session identifier.
Session-ID-ctx This field displays the session ID context, which is used to label the data and cache in
the sessions and to ensure sessions are only reused in the appropriate context.
Master-Key This field displays the SSL session master key.
Key-Arg This field displays the key argument that is used in SSLv2.
Start Time This field displays the start time (in seconds, represented as an integer in standard UNIX
format) of the session.
Timeout This field displays the timeout for the session. If the session is idle longer than this, the
Switch automatically disconnects.
Verify return code This field displays the return code when an SSL client certificate is verified.

Ethernet Switch CLI Reference Guide

117
C H A P T E R 32
IEEE 802.1x Authentication
Commands
Use these commands to configure IEEE 802.1x authentication.

Note: Do not forget to configure the authentication server.

32.1 Guest VLAN Overview

When 802.1x port authentication is enabled on the Switch and its ports, clients that do not have the
correct credentials are blocked from using the port(s). You can configure your Switch to have one VLAN
that acts as a guest VLAN. If you enable the guest VLAN on a port, the user that is not IEEE 802.1x
capable or fails to enter the correct username and password can still access the port, but traffic from
the user is forwarded to the guest VLAN. That is, unauthenticated users can have access to limited
network resources in the same guest VLAN, such as the Internet. The rights granted to the guest VLAN
depends on how the network administrator configures switches or routers with the guest network
feature.

32.2 Command Summary

The following section lists the commands for this feature.

Table 86 port-access-authenticator Command Summary

COMMAND DESCRIPTION M P
no port-access-authenticator Disables port authentication on the Switch. C 13

no port-access-authenticator Disables EAPoL flood. C 13

eapol-flood
no port-access-authenticator Disables authentication on the listed ports. C 13
<port-list>
no port-access-authenticator Disables the re-authentication mechanism on the listed C 13
<port-list> reauthenticate port(s).

no port-access-authenticator Disables the guest VLAN feature on the listed ports. C 13

<port-list> guest-vlan
no port-access-authenticator Resets the guest VLAN host-mode to its default settings C 13
<port-list> guest-vlan Host-mode (Multi-host).
port-access-authenticator Enables 802.1x authentication on the Switch. C 13

Ethernet Switch CLI Reference Guide

118
Chapter 32 IEEE 802.1x Authentication Commands

Table 86 port-access-authenticator Command Summary (continued)

COMMAND DESCRIPTION M P
port-access-authenticator Floods EAPoL packets to all ports in the same VLAN. C 13
eapol-flood
EAPoL flood will not take effect when you enable 802.1x
authentication in the web configurator or CLI using port-
access-authenticator.
port-access-authenticator Enables 802.1x authentication on the specified port(s). C 13
<port-list>
port-access-authenticator Enables the guest VLAN feature on the listed ports. C 13
<port-list> guest-vlan
port-access-authenticator Sets the guest VLAN ID number on the listed ports. C 13
<port-list> guest-vlan <vlan-id>
port-access-authenticator Sets the Switch to authenticate only the first client that C 13
<port-list> guest-vlan Host-mode connects to the listed ports.
Multi-host If the first user enters the correct credential, any other users
are allowed to access the port without authentication.
Otherwise, they are all put in the guest VLAN. Once the first
user who did authentication logs out or disconnects from
the port, rest of the users are blocked until a user does the
authentication process again.
port-access-authenticator Sets the Switch to authenticate each client that connects C 13
<port-list> guest-vlan Host-mode to the listed ports. Optionally, sets the maximum number of
Multi-secure [<1-24>] the clients that the Switch authenticates on the port(s). The
maximum number supported varies by Switch (24 in this
example).
port-access-authenticator Sets the number of times the Switch tries to authenticate C 13
<port-list> max-req <1-10> client(s) before sending unresponsive ports to the guest
VLAN.
port-access-authenticator Sets the number of seconds the port(s) remains in the HELD C 13
<port-list> quiet-period <0- state and rejects further authentication requests from the
65535> client after a failed authentication exchange.

port-access-authenticator Sets the number of seconds the Switch waits for client's C 13
<port-list> supp-timeout <30- response to the challenge request before sending a
65535> request again.

port-access-authenticator Sets the number of seconds the Switch waits before re- C 13
<port-list> tx-period <1-65535> sending an identity request to clients on the listed ports.

port-access-authenticator Sets a subscriber to periodically re-enter his or her C 13

<port-list> reauthenticate username and password to stay connected to a specified
port.
port-access-authenticator Specifies how often (in seconds) a client has to re-enter the C 13
<port-list> reauth-period <1- username and password to stay connected to the
65535> specified port(s).

show port-access-authenticator Displays all port authentication settings. E 3

show port-access-authenticator Displays port authentication settings on the specified E 3

<port-list> port(s).

32.3 Command Examples

This example configures the Switch in the following ways:

Ethernet Switch CLI Reference Guide

119
Chapter 32 IEEE 802.1x Authentication Commands

1 Specifies RADIUS server 1 with IP address 10.10.10.1, port 1890 and the string secretKey as the password.

2 Specifies the timeout period of 30 seconds that the Switch will wait for a response from the RADIUS
server.

3 Enables port authentication on the Switch.

4 Enables port authentication on ports 4 to 8.

5 Activates reauthentication on ports 4-8.

6 Specifies 1800 seconds as the interval for client reauthentication on ports 4-8.

sysname(config)# radius-server host 1 10.10.10.1 auth-port 1890 key

--> secretKey
sysname(config)# radius-server timeout 30
sysname(config)# port-access-authenticator
sysname(config)# port-access-authenticator 4-8
sysname(config)# port-access-authenticator 4-8 reauthenticate
sysname(config)# port-access-authenticator 4-8 reauth-period 1800

This example configures the Switch in the following ways:

1 Enables the guest VLAN feature on port 8.

2 Puts port 8 in guest VLAN 200.

3 Sets host mode to multi-secure to have the Switch authenticate each client that connects to port 8.

sysname(config)# port-access-authenticator 8 guest-vlan

sysname(config)# port-access-authenticator 8 guest-vlan 200
sysname(config)# port-access-authenticator 8 guest-vlan Host-mode Multi-
secure

This example configures the Switch in the following ways:

1 Disables authentication on the Switch.

2 Disables re-authentication on ports 1, 3, 4, and 5.

3 Disables authentication on ports 1, 6, and 7.

sysname(config)# no port-access-authenticator
sysname(config)# no port-access-authenticator 1,3-5 reauthenticate
sysname(config)# no port-access-authenticator 1,6-7

Ethernet Switch CLI Reference Guide

120
C H A P T E R 33
IGMP and Multicasting
Commands
This chapter explains how to use commands to configure the Internet Group Membership Protocol
(IGMP) on the Switch. It also covers configuring the ports to remove the VLAN tag from outgoing
multicast packets on the Switch.

33.1 IGMP Overview

The Switch supports IGMP version 1 (IGMP-v1), version 2 (IGMP-v2) and IGMP version 3 (IGMP-v3). Refer
to RFC 1112, RFC 2236 and RFC 3376 for information on IGMP versions 1, 2 and 3 respectively. At start up,
the Switch queries all directly connected networks to gather group membership. After that, the Switch
periodically updates this information.

33.2 Command Summary

The following section lists the commands for this feature.

Table 87 IGMP Command Summary

COMMAND DESCRIPTION M P
router igmp Enables and enters the IGMP configuration C 13
mode.
exit Leaves the IGMP configuration mode. C 13

non-querier Sets the Switch to Non-Querier mode. (If the C 13

Switch discovers a multicast router with a lower
IP address, it will stop sending Query messages
on that network.)
no non-querier Disables non-querier mode on the Switch, (the C 13
multicast router always sends Query messages).
unknown-multicast-frame Specifies the action the Switch should perform C 13
<drop|flooding> when it receives unknown multicast frames.

no router igmp Disables IGMP on the Switch. C 13

interface route-domain <ip-address>/ Enters the configuration mode for the specified C 13
<mask-bits> routing domain.

ip igmp <v1|v2|v3> Enables IGMP in this routing domain and C 13

specifies the version of the IGMP packets that
the Switch should use.

Ethernet Switch CLI Reference Guide

121
Chapter 33 IGMP and Multicasting Commands

Table 87 IGMP Command Summary (continued)

COMMAND DESCRIPTION M P
ip igmp robustness-variable <2-255> Sets the IGMP robustness variable on the Switch. C 13
This variable specifies how susceptible the
subnet is to lost packets.
ip igmp query-interval <1-65535> Sets the IGMP query interval on the Switch. This C 13
variable specifies the amount of time in seconds
between general query messages sent by the
router.
ip igmp query-max-response-time <1- Sets the maximum time that the router waits for C 13
25> a response to a general query message.

ip igmp last-member-query-interval Sets the amount of time in seconds that the C 13

<1-25> router waits for a response to a group specific
query message.
no ip igmp Disables IP IGMP in this routing domain. C 13

show ip igmp group DIsplays the multicast groups learned by IGMP. E 3

show ip igmp interface Displays the IGMP status information per E 3

interface.
show ip igmp multicast Displays the multicast traffic information. E 3

show ip igmp timer Displays the IGMP timer settings. E 3

show router igmp Displays global IGMP settings. E 3

Table 88 IPMC Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port-list> Enters config-interface mode for the specified C 13
port(s).
ipmc egress-untag-vlan <vlan-id> Sets the Switch to remove the VLAN tag from IP C 13
multicast packets belonging to the specified
VLAN before transmission on this port.

Enter a VLAN group ID in this field. Enter 0 to set

the Switch not to remove any VLAN tags from
the packets.
no ipmc egress-untag-vlan Disables the ports from removing the VLAN tags C 13
from outgoing IP multicast packets.

33.3 Command Examples

This example configures IGMP on the Switch with the following settings:

• Sets the Switch to flood unknown multicast frames.

• Sets the Switch to non-querier mode.
• Configures the IP interface 172.16.1.1 with subnet mask 255.255.255.0 to route IGMP version 3 packets.
sysname(config)# router igmp
sysname(config-igmp)# non-querier
sysname(config-igmp)# unknown-multicast-frame flooding
sysname(config-igmp)# exit
sysname(config)# interface route-domain 172.16.1.1/24
sysname(config-if)# ip igmp v3

Ethernet Switch CLI Reference Guide

122
C H A P T E R 34
IGMP Snooping Commands
Use these commands to configure IGMP snooping on the Switch.

34.1 Command Summary

The following section lists the commands for this feature.

Table 89 igmp-flush Command Summary

COMMAND DESCRIPTION M P
igmp-flush Removes all multicast group information. E 13

Table 90 igmp-snooping Command Summary

COMMAND DESCRIPTION M P
clear igmp-snooping statistics all Removes all multicast statistics of the Switch. E 3

clear igmp-snooping statistics Removes the multicast statistics of the port(s). E 3

port
clear igmp-snooping statistics Removes the multicast statistics of the Switch. E 3
system
clear igmp-snooping statistics Removes the multicast statistics of the multicast VLAN(s) E 3
vlan
igmp-snooping Enables IGMP snooping. C 13

no igmp-snooping Disables IGMP snooping. C 13

igmp-snooping 8021p-priority <0-7> Sets the 802.1p priority for outgoing igmp snooping C 13
packets.
no igmp-snooping 8021p-priority Disables changing the priority of outgoing IGMP control C 13
packets.
igmp-snooping authentication- Sets how long the Switch waits before sending the C 13
timeout <0-3000> same access request again if the AAA server rejects the
host’s request to join a multicast group.
no igmp-snooping authentication- Resets the authentication timeout value to its default C 13
timeout setting.

igmp-snooping filtering Enables IGMP filtering on the Switch. Ports can only join C 13
multicast groups specified in their IGMP filtering profile.
igmp-snooping filtering profile Sets the range of multicast address(es) in a profile. C 13
<name> start-address <ip> end-
name: 1-32 alphanumeric characters
address <ip>
no igmp-snooping filtering Disables IGMP filtering on the Switch. C 13

no igmp-snooping filtering profile Removes the specified IGMP filtering profile. You C 13
<name> cannot delete an IGMP filtering profile that is assigned
to any ports.

Ethernet Switch CLI Reference Guide

123
Chapter 34 IGMP Snooping Commands

Table 90 igmp-snooping Command Summary (continued)

COMMAND DESCRIPTION M P
no igmp-snooping filtering profile Clears the specified rule of the specified IGMP filtering C 13
<name> start-address <ip> end- profile.
address <ip>
igmp-snooping host-timeout <1- Sets the host timeout value. C 13
16711450>
igmp-snooping leave-timeout <1- Sets the leave timeout value C 13
16711450>
igmp-snooping querier Enables the IGMP snooping querier on the Switch. C 13

no igmp-snooping querier Disables the IGMP snooping querier on the Switch. C 13

igmp-snooping leave-proxy Enables IGMP snooping leave-proxy mode. C 13

In this mode, the Switch sends a leave message with its

MAC address to the multicast router/switch only when it
receives the leave message from the last host in a
multicast group.
no igmp-snooping leave-proxy Disables IGMP snooping leave-proxy mode. C 13

In this mode, the Switch just snoops on and sends the

multicast router/switch all IGMP leave messages
without changing their source MAC addresses.
igmp-snooping report-proxy Enables IGMP snooping report-proxy mode. C 13

In this mode, the Switch acts as an IGMP v1/v2 report

proxy. The Switch not only checks IGMP packets
between multicast routers/switches and multicast hosts
to learn the multicast group membership, but also
replaces the source MAC address in an IGMP v1/v2
report with its own MAC address before forwarding to
the multicast router/switch. When the Switch receives
more than one IGMP v1/v2 join reports that request to
join the same multicast group, it only sends a new join
report with its MAC address. This helps reduce the
number of multicast join reports passed to the multicast
router/switch.
no igmp-snooping report-proxy Disables IGMP snooping report-proxy mode. C 13

In this mode, the Switch just snoops on and sends the

multicast router/switch all IGMP join messages without
changing their source MAC addresses, and forwards
multicast traffic to the hosts.
igmp-snooping reserved-multicast- Sets how to treat traffic with a reserved multicast C 13
frame <drop|flooding> address. Reserved multicast addresses are in the range
224.0.0.0 to 224.0.0.255.
igmp-snooping unknown-multicast- Sets how to treat traffic from unknown multicast groups. C 13
frame <drop|flooding>
show igmp-snooping Displays global IGMP snooping settings. E 3

show igmp-snooping filtering Displays IGMP filtering profile settings. E 3

profile
show igmp-snooping group all Displays all multicast group information. E 3

Ethernet Switch CLI Reference Guide

124
Chapter 34 IGMP Snooping Commands

Table 90 igmp-snooping Command Summary (continued)

COMMAND DESCRIPTION M P
show igmp-snooping group client < Displays client IP information for the specified multicast E 3
[vlan <vlan-list>] [interface VLAN(s), port(s) and/or multicast group(s).
port-channel <port-list>]
[multicast-group <group-address>]
>
show igmp-snooping group client Displays client IP information for all multicast groups on E 3
all the Switch.

show igmp-snooping group count Displays the total number of the multicast groups on the E 3
Switch.
show igmp-snooping group interface Displays the multicast group(s) to which the specified E 3
port-channel <port-list> port(s) belongs.

show igmp-snooping group interface Displays the number of the multicast group(s) to which E 3
port-channel <port-list> count the specified port(s) belongs.

show igmp-snooping group vlan Displays the multicast group(s) for the specified E 3
<vlan-list> multicast VLAN(s).

show igmp-snooping group vlan Displays the number of the multicast group(s) for the E 3
<vlan-list> count specified multicast VLAN(s).

show igmp-snooping querier Displays the IGMP query mode for the ports on the E 3
Switch.
show igmp-snooping statistics Displays the multicast statistics of the specified port(s). E 3
interface port-channel <port-list>
show igmp-snooping statistics Displays the multicast statistics of the Switch. E 3
system
show igmp-snooping statistics vlan Displays the multicast statistics of the specified multicast E 3
<vlan-list> VLAN(s).

show multicast [vlan] Displays multicast status, including the port number, E 3
VLAN ID and multicast group members on the Switch.
Optionally, displays the type of each multicast VLAN.

Table 91 igmp-snooping vlan Command Summary

COMMAND DESCRIPTION M P
show igmp-snooping vlan Displays the VLANs on which IGMP snooping is enabled. E 3

igmp-snooping vlan mode Specifies how the VLANs on which the Switch snoops IGMP C 13
<auto|fixed> packets are selected.

auto: The Switch learns multicast group membership on

any VLAN. See the User’s Guide for the maximum number
of VLANs the switch supports for IGMP snooping. The
Switch drops any IGMP control messages on other VLANs
after it reaches this maximum number (auto mode).

fixed: The Switch only learns multicast group membership

on specified VLAN(s). The Switch drops any IGMP control
messages for any unspecified VLANs (fixed mode). See
the User’s Guide for the maximum number of VLANs the
switch supports for IGMP snooping.

Ethernet Switch CLI Reference Guide

125
Chapter 34 IGMP Snooping Commands

Table 91 igmp-snooping vlan Command Summary (continued)

COMMAND DESCRIPTION M P
igmp-snooping vlan <vlan-id> Specifies which VLANs to perform IGMP snooping on if the C 13
[name <name>] mode is fixed. Optionally, sets a name for the multicast
VLAN.

name: 1-32 printable characters; spaces are allowed if you

put the string in double quotation marks (“).
no igmp-snooping vlan <vlan-id> Removes IGMP snooping configuration on the specified C 13
VLAN if the mode is fixed.

Table 92 interface igmp Command Summary

COMMAND DESCRIPTION M P
show interfaces config <port- Displays the group limits for IGMP snooping. E 3
list> igmp-group-limited
show interfaces config <port- Displays the immediate leave settings for IGMP snooping. E 3
list> igmp-immediate-leave
show interfaces config <port- Displays the IGMP query mode for the specified port(s). E 3
list> igmp-query-mode
show interfaces config <port- Displays the name(s) of the IGMP filtering profiles used for E 3
list> igmp-snooping filtering the specified port(s).

show interfaces config <port- Displays whether the group limit is enabled and the E 3
list> igmp-snooping group- maximum number of the multicast groups the specified
limited port(s) is allowed to join.

show interfaces config <port- Displays the IGMP leave mode of the specified port(s). E 3
list> igmp-snooping leave-mode
show interfaces config <port- Displays the IGMP querier mode of the specified port(s). E 3
list> igmp-snooping query-mode
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
igmp-snooping Enables IGMP snooping authentication on the port(s). C 13
authentication
When a multicast host (connected to the specified ports)
sends a message to join a multicast group, the Switch
sends an access request (that conatins the host
identification information) to an AAA server before
forwarding the join message to the multicast router/switch.
The Switch learns the multicast group membership when
the AAA server returns an access-accept. If the AAA server
returns an access-reject, the Switch will not learn the
multicast group membership, nor process the packet
further. If the multicast group and port has already been
learned, the Switch will not do the authentication again.
igmp-snooping fast-leave- Set the IGMP snooping fast leave timeout (in miliseconds) C 13
timeout <200-6348800> the Switch uses to update the forwarding table for the
port(s).

This defines how many seconds the Switch waits for an

IGMP report before removing an IGMP snooping
membership entry when an IGMP leave message is
received on this port from a host.
igmp-snooping filtering Assigns the specified IGMP filtering profile to the port(s). If C 13
profile <name> IGMP filtering is enabled on the Switch, the port(s) can only
join the multicast groups in the specified profile.

Ethernet Switch CLI Reference Guide

126
Chapter 34 IGMP Snooping Commands

Table 92 interface igmp Command Summary (continued)

COMMAND DESCRIPTION M P
igmp-snooping group-limited Enables the group limiting feature for IGMP snooping. You C 13
must enable IGMP snooping as well.
igmp-snooping group-limited Sets how the Switch deals with the IGMP reports when the C 13
action <deny|replace> maximum number of the IGMP groups a port can join is
reached.

deny: The Switch drops any new IGMP join report received
on this port until an existing multicast forwarding table
entry is aged out.

replace: The Switch replaces an existing entry in the

multicast forwarding table with the new IGMP report(s)
received on this port.
igmp-snooping group-limited Sets the maximum number of multicast groups allowed. C 13
number <number>
number: 0-255
igmp-snooping leave-mode Sets the Switch to remove an IGMP snooping membership C 13
<normal|immediate|fast> entry immediately (immediate) or wait for an IGMP report
before the normal (normal) or fast (fast) leave timeout
when an IGMP leave message is received on this port from
a host.
igmp-snooping leave-timeout Set the IGMP snooping normal leave timeout (in C 13
<200-6348800> miliseconds) the Switch uses to update the forwarding
table for the port(s).

This defines how many seconds the Switch waits for an

IGMP report before removing an IGMP snooping
membership entry when an IGMP leave message is
received on this port from a host.
igmp-snooping querier-mode Specifies whether or not and under what conditions the C 13
<auto|fixed|edge> port(s) is (are) IGMP query port(s). The Switch forwards
IGMP join or leave packets to an IGMP query port, treating
the port as being connected to an IGMP multicast router
(or server). You must enable IGMP snooping as well.

fixed: The Switch always treats the port(s) as IGMP query

port(s). Select this when you connect an IGMP multicast
server to the port(s).

auto: The Switch uses the port as an IGMP query port if the
port receives IGMP query packets.

edge: The Switch does not use the port as an IGMP query
port. The Switch does not keep any record of an IGMP
router being connected to this port. The Switch does not
forward IGMP join or leave packets to this port.
no igmp-snooping Disables IGMP snooping authentication on the port(s). The C 13
authentication Switch directly forwards the host’s join message to the
multicast router without sending an access request to the
AAA server for authentication.
no igmp-snooping filtering Prohibits the port(s) from joining any multicast groups if C 13
profile IGMP filtering is enabled on the Switch.

no igmp-snooping group- Disables multicast group limits. C 13

limited
igmp-group-limited Enables the group limiting feature for IGMP snooping. You C 13
must enable IGMP snooping as well.

Ethernet Switch CLI Reference Guide

127
Chapter 34 IGMP Snooping Commands

Table 92 interface igmp Command Summary (continued)

COMMAND DESCRIPTION M P
igmp-group-limited number Sets the maximum number of multicast groups allowed. C 13
<number>
number: 0-255
no igmp-group-limited Disables multicast group limits. C 13

igmp-immediate-leave Enables the immediate leave function for IGMP snooping. C 13

You must enable IGMP snooping as well.
no igmp-immediate-leave Disables the immediate leave function for IGMP snooping. C 13

igmp-querier-mode Specifies whether or not and under what conditions the C 13

<auto|fixed|edge> port(s) is (are) IGMP query port(s). The Switch forwards
IGMP join or leave packets to an IGMP query port, treating
the port as being connected to an IGMP multicast router
(or server). You must enable IGMP snooping as well.

fixed: The Switch always treats the port(s) as IGMP query

port(s). Select this when you connect an IGMP multicast
server to the port(s).

auto: The Switch uses the port as an IGMP query port if the
port receives IGMP query packets.

34.2 Command Examples

This example enables IGMP snooping on the Switch, sets the host-timeout value to 30 seconds, and
sets the Switch to drop packets from unknown multicast groups.

sysname(config)# igmp-snooping
sysname(config)# igmp-snooping host-timeout 30
sysname(config)# igmp-snooping unknown-multicast-frame drop

This example limits the number of multicast groups on port 1 to 5.

sysname# configure
sysname(config)# igmp-snooping
sysname(config)# interface port-channel 1
sysname(config-interface)# igmp-snooping group-limited
sysname(config-interface)# igmp-snooping group-limited number 5
sysname(config-interface)# exit
sysname(config)# exit
sysname# show interfaces config 1 igmp-snooping group-limited
Port Enable Max Multicast Group
1 YES 5

Ethernet Switch CLI Reference Guide

128
Chapter 34 IGMP Snooping Commands

This example shows the current multicast groups on the Switch.

sysname# show multicast

Multicast Status

Index VID Port Multicast Group Timeout

----- ---- ---- ---------------- -------

The following table describes the labels in this screen.

Table 93 show multicast

LABEL DESCRIPTION
Index This field displays an entry number for the VLAN.
VID This field displays the multicast VLAN ID.
Port This field displays the port number that belongs to the multicast group.
Multicast Group This field displays the IP multicast group addresses.
Timeout This field displays how long the port will belong to the multicast group.

This example shows the current multicast VLAN on the Switch.

sysname# show multicast vlan

Multicast Vlan Status

Index VID Type

----- ---- ----------
1 3 MVR

This example restricts ports 1-4 to multicast IP addresses 224.255.255.0 through 225.255.255.255.

sysname# configure
sysname(config)# igmp-snooping filtering
sysname(config)# igmp-snooping filtering profile example1 start-address
--> 224.255.255.0 end-address 225.255.255.255
sysname(config)# interface port-channel 1-4
sysname(config-interface)# igmp-snooping filtering profile example1
sysname(config-interface)# exit
sysname(config)# exit

Ethernet Switch CLI Reference Guide

129
C H A P T E R 35
IGMP Filtering Commands
Use these commands to configure IGMP filters and IGMP filtering on the Switch.

35.1 Command Summary

The following section lists the commands for this feature.

Table 94 igmp-filtering Command Summary

COMMAND DESCRIPTION M P
show igmp-filtering profile Displays IGMP filtering profile settings. E 3

igmp-filtering Enables IGMP filtering on the Switch. Ports can only join C 13
multicast groups specified in their IGMP filtering profile.
no igmp-filtering Disables IGMP filtering on the Switch. C 13

igmp-filtering profile <name> Sets the range of multicast address(es) in a profile. C 13

start-address <ip> end-address
name: 1-32 alphanumeric characters
<ip>
no igmp-filtering profile <name> Removes the specified IGMP filtering profile. You cannot C 13
delete an IGMP filtering profile that is assigned to any
ports.
no igmp-filtering profile <name> Clears the specified rule of the specified IGMP filtering C 13
start-address <ip> end-address profile.
<ip>
show interfaces config <port- Displays IGMP filtering settings. E 3
list> igmp-filtering
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
igmp-filtering profile Assigns the specified IGMP filtering profile to the port(s). If C 13
<name> IGMP filtering is enabled on the Switch, the port(s) can only
join the multicast groups in the specified profile.
no igmp-filtering profile Prohibits the port(s) from joining any multicast groups if C 13
IGMP filtering is enabled on the Switch.

Ethernet Switch CLI Reference Guide

130
Chapter 35 IGMP Filtering Commands

35.2 Command Examples

This example restricts ports 1-4 to multicast IP addresses 224.255.255.0 through 225.255.255.255.

sysname# configure
sysname(config)# igmp-filtering
sysname(config)# igmp-filtering profile example1 start-address
--> 224.255.255.0 end-address 225.255.255.255
sysname(config)# interface port-channel 1-4
sysname(config-interface)# igmp-filtering profile example1
sysname(config-interface)# exit
sysname(config)# exit

Ethernet Switch CLI Reference Guide

131
C H A P T E R 36
Interface Commands
Use these commands to configure basic port settings.

36.1 Command Summary

The following section lists the commands for this feature.

Table 95 interface Command Summary

COMMAND DESCRIPTION M P
clear interface <port-num> Clears all statistics for the specified port. E 13

interface port-channel <port-list> Enters config-interface mode for the specified port(s). C 13

bpdu-control Sets how Bridge Protocol Data Units (BPDUs) are used C 13
<peer|tunnel|discard|network> in STP port states.

peer: process any BPDU (Bridge Protocol Data Units)

received on this port.

tunnel: forward BPDUs received on this port.

discard: drop any BPDU received on this port.

network: process a BPDU with no VLAN tag and

forward a tagged BPDU.
cx4-length <0.5|1|3|5|10|15> Sets the number of meters for the length of the C 13
10GBASE-CX4 cable you use to connect between the
Switch and another switch for stacking.
flow-control Enables interface flow control. Flow control regulates C 13
transmissions to match the bandwidth of the receiving
port.
frame-type Choose to accept both tagged and untagged C 13
<all|tagged|untagged> incoming frames (all), just tagged incoming frames
(tagged) or just untagged incoming frames on a port
(untagged).

Note: Not all switch models support accepting

untagged frames on a port.
inactive Disables the specified port(s) on the Switch. C 13

intrusion-lock Enables intrusion lock on the port(s) and a port cannot C 13

be connected again after you disconnected the
cable.

Note: Intrusion lock is not available on a 10

Gigabit Ethernet port.

Ethernet Switch CLI Reference Guide

132
Chapter 36 Interface Commands

Table 95 interface Command Summary (continued)

COMMAND DESCRIPTION M P
media-type 10g <SFP+|DAC10G> Sets the media type of the SFP+ module that is C 13
attached to the 10 Gigabit interface.

On the Switch that has a 10 Gigabit interface, such as

the SFP+ slot, you can insert either an SFP+ transceiver
or an SFP+ Direct Attach Copper (DAC). An SFP+
Direct Attach Copper (DAC) is an SFP+ housing that
has no optical module but uses a fixed-length passive
copper cable assembly, which reduces cost and
power significantly.
name <port-name-string> Sets a name for the port(s). C 13

port-name-string: up to 64 English keyboard

characters
no flow-control Disables flow control on the port(s). C 13

no inactive Enables the port(s) on the Switch. C 13

no intrusion-lock Disables intrusion-lock on a port so that a port can be C 13

connected again after you disconnected the cable.
pvid <1-4094> The default PVID is VLAN 1 for all ports. Sets a PVID in C 13
the range 1 to 4094 for the specified interface.
qos priority <0-7> Sets the quality of service priority for an interface. C 13

speed-duplex <auto|10-half|10- Sets the duplex mode (half or full) and speed C 13
full|100-half|100-full|1000- (10, 100, 1000, 10000 or 40000 Mbps) of the
full|1000-auto|10000- connection on the interface. Select auto (auto-
full|40000-full> negotiation) to let the specified port(s) negotiate with
a peer to obtain the connection speed and duplex
mode.
no interface <port-num> Resets the port counters for the specified port(s). E 13

show interfaces <port-list> Displays the current interface status for the specified E 3
port(s).
show interfaces config <port-list> Displays current interface configuration for the E 3
specified port(s).
show interfaces utilization Displays the percentage of actual transmitted and E 3
received frames on a port as a percentage of the link
speed.

Ethernet Switch CLI Reference Guide

133
Chapter 36 Interface Commands

36.2 Command Examples

This example looks at the current status of port 1.

sysname# show interfaces 1

Port Info Port NO. :1
Link :100M/F
Status :FORWARDING
LACP :Disabled
TxPkts :7214
RxPkts :395454
Errors :0
Tx KBs/s :0.0
Rx KBs/s :0.0
Up Time :127:26:26
TX Packet Unicast :7214
Multicast :0
Broadcast :163
Pause :0
Tagged :0
RX Packet Unicast :395454
Multicast :186495
Broadcast :200177
Pause :0
Control :0
TX Collison Single :0
Multiple :0
Excessive :0
Late :0
Error Packet RX CRC :0
Runt :0
Distribution 64 :285034
65 to 127 :31914
128 to 255 :22277
256 to 511 :50546
512 to 1023 :1420
1024 to 1518 :4268
Giant :0

The following table describes the labels in this screen.

Table 96 show interfaces

LABEL DESCRIPTION
Port Info
Port NO. This field displays the port number you are viewing.
Link This field displays the speed (either 10M for 10 Mbps, 100M for 100 Mbps, 1000M for
1Gbps, 1000M for 1Gbps, 10000M for 10Gbps or 40000M for 40Gbps) and the duplex (F
for full duplex or H for half duplex). It also shows the cable type (Copper or Fiber). This
field displays Down if the port is not connected to any device.
Status If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port. If
STP is disabled, this field displays FORWARDING if the link is up, otherwise, it displays
STOP.
LACP This field shows if LACP is enabled on this port or not.
TxPkts This field shows the number of transmitted frames on this port

Ethernet Switch CLI Reference Guide

134
Chapter 36 Interface Commands

Table 96 show interfaces (continued)

LABEL DESCRIPTION
RxPkts This field shows the number of received frames on this port
Errors This field shows the number of received errors on this port.
Tx KBs/s This field shows the number kilobytes per second transmitted on this port.
Rx KBs/s This field shows the number of kilobytes per second received on this port.
Up Time This field shows the total amount of time the connection has been up.
Tx Packet

The following fields display detailed information about packets transmitted.

Unicast This field shows the number of good unicast packets transmitted.
Multicast This field shows the number of good multicast packets transmitted.
Broadcast This field shows the number of good broadcast packets transmitted.
Pause This field shows the number of 802.3x Pause packets transmitted.
Tagged This field shows the number of packets with VLAN tags transmitted.
Rx Packet

The following fields display detailed information about packets received.

Unicast This field shows the number of good unicast packets received.
Multicast This field shows the number of good multicast packets received.
Broadcast This field shows the number of good broadcast packets received.
Pause This field shows the number of 802.3x Pause packets received.
Control This field shows the number of control packets received (including those with CRC
error) but it does not include the 802.3x Pause packets.
TX Collision

The following fields display information on collisions while transmitting.

Single This is a count of successfully transmitted packets for which transmission is inhibited by
exactly one collision.
Multiple This is a count of successfully transmitted packets for which transmission was inhibited
by more than one collision.
Excessive This is a count of packets for which transmission failed due to excessive collisions.
Excessive collision is defined as the number of maximum collisions before the
retransmission count is reset.
Late This is the number of times a late collision is detected, that is, after 512 bits of the
packets have already been transmitted.
Error Packet The following fields display detailed information about packets received that were in
error.
RX CRC This field shows the number of packets received with CRC (Cyclic Redundant Check)
error(s).
Runt This field shows the number of packets received that were too short (shorter than 64
octets), including the ones with CRC errors.
Distribution
64 This field shows the number of packets (including bad packets) received that were 64
octets in length.
65-127 This field shows the number of packets (including bad packets) received that were
between 65 and 127 octets in length.
128-255 This field shows the number of packets (including bad packets) received that were
between 128 and 255 octets in length.

Ethernet Switch CLI Reference Guide

135
Chapter 36 Interface Commands

Table 96 show interfaces (continued)

LABEL DESCRIPTION
256-511 This field shows the number of packets (including bad packets) received that were
between 256 and 511 octets in length.
512-1023 This field shows the number of packets (including bad packets) received that were
between 512 and 1023 octets in length.
1024-1518 This field shows the number of packets (including bad packets) received that were
between 1024 and 1518 octets in length.
Giant This field shows the number of packets (including bad packets) received that were
between 1519 octets and the maximum frame size.

The maximum frame size varies depending on your switch model. See Product
Specification chapter in your User’s Guide.

This example configures ports 1, 3, 4, and 5 in the following ways:

1 Sets the IEEE 802.1p quality of service priority to four (4).

2 Sets the name “Test”.

3 Sets the speed to 100 Mbps in half duplex mode.

sysname(config)# interface port-channel 1,3-5

sysname(config-interface)# qos priority 4
sysname(config-interface)# name Test
sysname(config-interface)# speed-duplex 100-half

This example configures ports 1-5 in the following ways:

1 Sets the default port VID to 200.

2 Sets these ports to accept only tagged frames.

sysname (config)# interface port-channel 1-5

sysname (config-interface)# pvid 200
sysname (config-interface)# frame-type tagged

Ethernet Switch CLI Reference Guide

136
C H A P T E R 37
Interface Loopback Mode
In order to configure layer 3 routing features on the Switch, you must enter the interface loopback
mode in the CLI.

37.1 Command Summary

The following section lists the commands for this feature.

Table 97 Interface Loopback Command Summary:

COMMAND DESCRIPTION M P
interface loopback <0-7> Sets a number for this loopback interface C 13
configuration.
no interface loopback <0-7> Resets the loopback interface configuration for the C 13
specified number(s).
inactive Disables the specified loopback interface. C 13

no inactive Enables the specified loopback interface. C 13

ip address <ip-address> <mask> Sets the IP address and subnet mask of the Switch in C 13
the specified loopback interface.
no ip address <ip-address> Deletes the IP address and subnet mask from this C 13
<mask> loopback interface.

name <name> Sets a descriptive name of the loopback interface C 13

setting for identification purposes.
show interface loopback Displays current IPv4 loopback interfaces you E 3
configured.
show interface loopback <0-7> Displays the IPv4 loopback interface configuration for E 3
the specified number(s).

37.2 Command Examples

This example configures IPv4 loopback interface on the Switch with the following settings:

• Enter the configuration mode.

Ethernet Switch CLI Reference Guide

137
Chapter 37 Interface Loopback Mode

• Create the loopback interface 0 with IP address 192.168.2.1, subnet mask 255.255.255.0, name
loopback0 and interface status.
sysname# config
sysname(config)# interface loopback 0
sysname(config-if)# inactive
sysname(config-if)# ip address 192.168.2.1 255.255.255.0
sysname(config-if)# name loopback0
sysname(config-if)# exit
sysname(config)# exit
sysname# show interface loopback 0

Ethernet Switch CLI Reference Guide

138
C H A P T E R 38
Interface Route-domain
Mode
In order to configure layer 3 routing features on the Switch, you must enter the interface routing domain
mode in the CLI.

38.1 Command Summary

The following section lists the commands for this feature.

Table 98 Interface Route Domain Command Summary:

COMMAND DESCRIPTION M P
interface route-domain <ip- Enters the configuration mode for this routing domain. C 13
address>/<mask-bits>
The mask-bits are defined as the number of bits in the
subnet mask. Enter the subnet mask number preceded
with a “/”. To find the bit number, convert the subnet mask
to binary and add all of the 1’s together. Take
“255.255.255.0” for example. 255 converts to eight 1’s in
binary. There are three 255’s, so add three eights together
and you get the bit number (24).
exit Exits from the interface routing-domain configuration C 13
mode.

38.2 Command Examples

Use this command to enable/create the specified routing domain for configuration.

• Enter the configuration mode.

• Enable default routing domain (the 192.168.1.1 subnet) for configuration.
• Begin configuring for this domain.
sysname# config
sysname(config)# interface route-domain 192.168.1.1/24
sysname(config-if)#

Ethernet Switch CLI Reference Guide

139
C H A P T E R 39
IP Commands
Use these commands to configure the management port IP address, default domain name server and
to look at IP domains.

Note: See Chapter 82 on page 300 for static route commands.

Note: See Chapter 40 on page 145 for IP source binding commands.

39.1 Command Summary

The following section lists the commands for this feature.

Table 99 ip Command Summary

COMMAND DESCRIPTION M P
show ip Displays current IPv4 interfaces. E 0

show ipv6 Displays current IPv6 interfaces. E 0

ip address <ip> <mask> Sets the IP address of the MGMT port (for out-of-band E 0
management) on the Switch.
ip address default-gateway <ip> Sets the default gateway for the out-of-band C 13
management interface on the Switch.
ip name-server <ip|ipv6> Sets the IPv4 and/or IPv6 address(es) of the domain C 13
name server(s).
no ip name-server <all|ip|ipv6> Removes all or the specified DNS server. C 13

show ip iptable all [IP|VID|PORT] Displays the IP address table. You can sort the table E 3
based on the IP address, VLAN ID or the port number.
show ip iptable count Displays the number of IP interfaces configured on the E 3
Switch.
show ip iptable static Displays the static IP address table. E 3

show ip name-server Displays the DNS server adress(es) on the Switch. E 3

Table 100 tcp and udp Command Summary

COMMAND DESCRIPTION M P
show ip tcp Displays IP TCP information. E 3

show ip udp Displays IP UDP information. E 3

kick tcp <session id> Disconnects the specified TCP session. E 13

session id: Display the session id by running the show ip

tcp command. See Section 39.2 on page 141 for an
example.

Ethernet Switch CLI Reference Guide

140
Chapter 39 IP Commands

39.2 Command Examples

This example configures two DNS server addresses and displays the settings.

sysname# configure
sysname(config)# ip name-server 10.1.2.3 2001::123
sysname# show ip name-server
Name Server Table:
Server Address Source
-------------- ------
10.1.2.3 Static
2001::123 Static
sysname#

This example shows the TCP statistics and listener ports. See RFC 1213 for more information.

GS2210# show ip tcp

( 1)tcpRtoAlgorithm 4 ( 2)tcpRtoMin 30
( 3)tcpRtoMax 6400000 ( 4)tcpMaxConn 4294967295
( 5)tcpActiveOpens 0 ( 6)tcpPassiveOpens 0
( 7)tcpAttemptFails 0 ( 8)tcpEstabResets 0
( 9)tcpCurrEstab 0 (10)tcpInSegs 0
(11)tcpOutSegs 0 (12)tcpRetransSegs 0
(14)tcpInErrs 0 (15)tcpOutRsts 0
(17)tcpHcInSegs 0 (18)tcpHcOutSegs 0
&TCB Rcv-Q Snd-Q Rcv-Wnd Snd-Wnd Local socket Remote socket
State
82ca2290 0 0 128 1 0.0.0.0:22 0.0.0.0:0
Listen
82ca2058 0 0 22400 1 0.0.0.0:443 0.0.0.0:0
Listen (S)
82c92130 0 0 16384 1 0.0.0.0:21 0.0.0.0:0
Listen
82c92014 0 0 16384 1 0.0.0.0:80 0.0.0.0:0
Listen (S)
82c91ef8 0 0 128 1 0.0.0.0:23 0.0.0.0:0
Listen (S)
82e0cb5c 0 0 0 0 :::443 :::0
Listen (S)
82e04b10 0 0 0 0 :::21 :::0
Listen
82e04934 0 0 0 0 :::80 :::0
Listen (S)
82e04758 0 0 0 0 :::23 :::0
Listen (S)

Ethernet Switch CLI Reference Guide

141
Chapter 39 IP Commands

The following table describes the labels in this screen.

Table 101 show ip tcp

LABEL DESCRIPTION
tcpRtoAlgorithm This field displays the algorithm used to determine the timeout value that is used for
retransmitting unacknowledged octets.
tcpRtoMin This field displays the minimum timeout (in milliseconds) permitted by a TCP
implementation for the retransmission timeout. More refined semantics for objects of
this type depend upon the algorithm used to determine the retransmission timeout. In
particular, when the timeout algorithm is rsre(3), an object of this type has the
semantics of the LBOUND quantity described in RFC 793.
tcpRtoMax This field displays the maximum timeout (in milliseconds) permitted by a TCP
implementation for the retransmission timeout. More refined semantics for objects of
this type depend upon the algorithm used to determine the retransmission timeout. In
particular, when the timeout algorithm is rsre(3), an object of this type has the
semantics of the UBOUND quantity described in RFC 793.
tcpMaxConn This field displays the maximum number of TCP connections the Switch can support. If
the maximum number is dynamic, this field displays -1.
tcpActiveOpens This field displays the number of times TCP connections have made a direct transition
to the SYN-SENT state from the CLOSED state.
tcpPassiveOpens This field displays the number of times TCP connections have made a direct transition
to the SYN-RCVD state from the LISTEN state.
tcpAttemptFails This field displays the number of times TCP connections have made a direct transition
to the CLOSED state from either the SYN-SENT state or the SYN-RCVD state, plus the
number of times TCP connections have made a direct transition to the LISTEN state
from the SYN-RCVD state.
tcpEstabResets This field displays the number of times TCP connections have made a direct transition
to the CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state.
tcpCurrEstab This field displays the number of TCP connections for which the current state is either
ESTABLISHED or CLOSE-WAIT.
tcpInSegs This field displays the total number of segments received in a 32-bit count, including
those received in error. This count includes segments received on currently established
connections.
tcpOutSegs This field displays the total number of segments sent in a 32-bit count, including those
on current connections but excluding those containing only retransmitted octets.
tcpRetransSegs This field displays the total number of TCP segments transmitted containing one or more
previously transmitted octets.
tcpInErrs This field displays the total number of segments received with error (for example, bad
TCP checksums).
tcpOutRsts This field displays the number of TCP segments sent containing the RST flag.
tcpHcInSegs This field displays the total number of segments received in a 64-bit count, including
those received in error. This count includes segments received on currently established
connections.
tcpHcOutSegs This field displays the total number of segments sent in a 64-bit count, including those
on current connections but excluding those containing only retransmitted octets.
This section displays the current TCP listeners.
&TCB This field displays the session ID.
Rcv-Q This field displays the items on the receive queue in this connection.
Snd-Q This field displays the sequence number of the first unacknowledged segment on the
send queue in this connection.
Rcv-Wnd This field displays the receiving window size in this connection. It determines the
amount of received data that can be buffered.

Ethernet Switch CLI Reference Guide

142
Chapter 39 IP Commands

Table 101 show ip tcp (continued)

LABEL DESCRIPTION
Snd-Wnd This field displays the sending window size in this connection. It is offered by the remote
device.
Local socket This field displays the local IP address and port number in this TCP connection. In the
case of a connection in the LISTEN state that is willing to accept connections for any IP
interface associated with the node, the value is 0.0.0.0.
Remote socket This field displays the remote IP address and port number in this TCP connection.
State This field displays the state of this TCP connection.

The only value which may be set by a management station is deleteTCB(12).

Accordingly, it is appropriate for an agent to return a `badValue' response if a
management station attempts to set this object to any other value.

If a management station sets this object to the value deleteTCB(12), then this has the
effect of deleting the TCB (as defined in RFC 793) of the corresponding connection on
the managed node, resulting in immediate termination of the connection.

As an implementation-specific option, a RST segment may be sent from the managed

node to the other TCP endpoint (note however that RST segments are not sent reliably).

This example shows the UDP statistics and listener ports. See RFC 1213 for more information.

GS2210# show ip udp

( 1)udpInDatagrams 0 ( 2)udpNoPorts 0
( 3)udpInErrors 0 ( 4)udpOutDatagrams 0
( 8)udpHcInDatagrams 0 ( 9)udpHcOutDatagrams 0
&UCB Rcv-Q Local socket
82398cac 0 0.0.0.0:68
82398c50 0 0.0.0.0:67
82392d70 0 0.0.0.0:161
822ae07c 0 0.0.0.0:1026
822ae020 0 0.0.0.0:1025
822aa41c 0 0.0.0.0:1024
822aa3c0 0 0.0.0.0:53
822aa364 0 0.0.0.0:69
822a9e5c 0 0.0.0.0:263
82adabf8 0 :::161

The following table describes the labels in this screen.

Table 102 show ip udp

LABEL DESCRIPTION
udpInDatagrams This field displays the total number of UDP datagrams in a 32-bit count delivered to UDP
users.
udpNoPorts This field displays the total number of received UDP datagrams for which there was no
application at the destination port.
udpInErrors This field displays the number of received UDP datagrams that could not be delivered
for reasons other than the lack of an application at the destination port.
udpOutDatagrams This field displays the total number of UDP datagrams in a 32-bit count sent by the
Switch.
udpHcInDatagrams This field displays the total number of UDP datagrams in a 64-bit count delivered to UDP
users.

Ethernet Switch CLI Reference Guide

143
Table 102 show ip udp (continued)
LABEL DESCRIPTION
udpHcOutDatagrams This field displays the total number of UDP datagrams in a 64-bit count sent by the
Switch.
&UCB This field displays the process ID.
Rcv-Q This field displays the queue number of pending datagrams in this connection.
Local socket This field displays the local IP address and port number for this UDP listener. In the case
of a UDP listener that is willing to accept datagrams for any IP interface associated
with the node, the value is 0.0.0.0.

Ethernet Switch CLI Reference Guide

144
Chapter 40 IP Source Binding Commands

C H A P T E R 40
IP Source Binding
Commands
Use these commands to manage the bindings table for IP source guard.

40.1 Command Summary

The following section lists the commands for this feature.

Table 103 ip source binding Command Summary

COMMAND DESCRIPTION M P
show ip source binding [<mac- Displays the bindings configured on the Switch, optionally E 3
addr>] [...] based on the specified parameters.

show ip source binding help Provides more information about the specified command. E 3

ip source binding arp-freeze Create static bindings from any previously learned ARP C 13
entries in the Switch's ARP table and add them in the IP
source guard static binding table.
ip source binding arp-freeze Create static bindings from previously learned ARP entries C 13
interface port-channel <port- containing the specified port number and add them in the
list> IP source guard static binding table.

ip source binding arp-freeze Create static bindings from previously learned ARP entries C 13
vlan <vlan-list> containing the specified VLAN ID and add them in the IP
source guard static binding table.
ip source binding <mac-addr> Creates a static binding for ARP inspection. C 13
vlan <vlan-id> <ip> [interface
port-channel <interface-id>]
no ip source binding <mac-addr> Removes the specified static binding. C 13
vlan <vlan-id>

Ethernet Switch CLI Reference Guide

145
40.2 Command Examples
This example shows the current binding table.

sysname# show ip source binding

MacAddress IpAddress Lease Type VLAN Port
----------------- --------------- ------------ ------------- ---- ---
Total number of bindings: 0

The following table describes the labels in this screen.

Table 104 show ip source binding

LABEL DESCRIPTION
MacAddress This field displays the source MAC address in the binding.
IpAddress This field displays the IP address assigned to the MAC address in the binding.
Lease This field displays how many days, hours, minutes, and seconds the binding is valid; for
example, 2d3h4m5s means the binding is still valid for 2 days, 3 hours, 4 minutes, and 5
seconds. This field displays infinity if the binding is always valid (for example, a static
binding).
Type This field displays how the switch learned the binding.

static: This binding was learned from information provided manually by an

administrator.
VLAN This field displays the source VLAN ID in the binding.
Port This field displays the port number in the binding. If this field is blank, the binding applies
to all ports.

Ethernet Switch CLI Reference Guide

146
Chapter 41 IPv6 Commands

C H A P T E R 41
IPv6 Commands

41.1 IPv6 Overview

IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in
IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. At the time
of writing, the Switch supports the following features.

• Static address assignment (see Section 41.1.1 on page 147) and stateless autoconfiguration (see
Stateless Autoconfiguration on page 150)
• Neighbor Discovery Protocol (see Neighbor Discovery Protocol (NDP) on page 151)
• Remote Management using SNMP, Telnet, HTTP and FTP services (see Chapter 71 on page 263)
• ICMPv6 (see ICMPv6 on page 151)
• IPv4/IPv6 dual stack; the Switch can run IPv4 and IPv6 at the same time.
• DHCPv6 client and relay (see DHCPv6 on page 150)
• Multicast Listener Discovery (MLD) snooping and proxy (see Multicast Listener Discovery on page 152)

For more information on IPv6 addresses, refer to RFC 2460 and RFC 4291.

41.1.1 IPv6 Addressing

The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an
example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000.

IPv6 addresses can be abbreviated in two ways:

• Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000

can be written as 2001:db8:1a2b:15:0:0:1a2f:0.
• Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can
only appear once in an IPv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can
be written as 2001:0db8::1a2f:0000:0000:0015 or 2001:0db8:0000:0000:1a2f::0015.

41.1.2 IPv6 Terms

IPv6 Prefix and Prefix Length

Similar to an IPv4 subnet mask, IPv6 uses an address prefix to represent the network address. An IPv6
prefix length specifies how many most significant bits (start from the left) in the address compose the
network address. The prefix length is written as “/x” where x is a number. For example,

2001:db8:1a2b:15::1a2f:0/32

Ethernet Switch CLI Reference Guide

147
Chapter 41 IPv6 Commands

means that the first 32 bits (2001:db8) is the subnet prefix.

Interface ID
In IPv6, an interface ID is a 64-bit identifier. It identifies a physical interface (for example, an Ethernet
port) or a virtual interface (for example, the management IP address for a VLAN). One interface should
have a unique interface ID.

Link-local Address
A link-local address uniquely identifies a device on the local network (the LAN). It is similar to a “private IP
address” in IPv4. You can have the same link-local address on multiple interfaces on a device. A link-
local unicast address has a predefined prefix of fe80::/10. The link-local unicast address format is as
follows.

Table 105 Link-local Unicast Address Format

1111 1110 10 0 Interface ID

10 bits 54 bits 64 bits

Global Address
A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4.
The global address format as follows.

Table 106 Global Address Format

001 Global ID Subnet ID Interface ID

3 bits 45 bits 16 bits 64 bits

The global ID is the network identifier or prefix of the address and is used for routing. This may be
assigned by service providers.

The subnet ID is a number that identifies the subnet of a site.

Multicast Addresses
In IPv6, multicast addresses provide the same functionality as IPv4 broadcast addresses. Broadcasting is
not supported in IPv6. A multicast address allows a host to send packets to all hosts in a multicast group.

Multicast scope allows you to determine the size of the multicast group. A multicast address has a
predefined prefix of ff00::/8. The following table describes some of the predefined multicast addresses.

Table 107 Predefined Multicast Address

MULTICAST ADDRESS DESCRIPTION

FF01:0:0:0:0:0:0:1 All hosts on a local node.
FF01:0:0:0:0:0:0:2 All routers on a local node.
FF02:0:0:0:0:0:0:1 All hosts on a local connected link.
FF02:0:0:0:0:0:0:2 All routers on a local connected link.

Ethernet Switch CLI Reference Guide

148
Chapter 41 IPv6 Commands

Table 107 Predefined Multicast Address (continued)

MULTICAST ADDRESS DESCRIPTION

FF05:0:0:0:0:0:0:2 All routers on a local site.
FF05:0:0:0:0:0:1:3 All DHCP severs on a local site.

The following table describes the multicast addresses which are reserved and can not be assigned to a
multicast group.

Table 108 Reserved Multicast Address

MULTICAST ADDRESS
FF00:0:0:0:0:0:0:0
FF01:0:0:0:0:0:0:0
FF02:0:0:0:0:0:0:0
FF03:0:0:0:0:0:0:0
FF04:0:0:0:0:0:0:0
FF05:0:0:0:0:0:0:0
FF06:0:0:0:0:0:0:0
FF07:0:0:0:0:0:0:0
FF08:0:0:0:0:0:0:0
FF09:0:0:0:0:0:0:0
FF0A:0:0:0:0:0:0:0
FF0B:0:0:0:0:0:0:0
FF0C:0:0:0:0:0:0:0
FF0D:0:0:0:0:0:0:0
FF0E:0:0:0:0:0:0:0
FF0F:0:0:0:0:0:0:0

Loopback
A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1”
in IPv4.

Unspecified
An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have
its own address. It is similar to “0.0.0.0” in IPv4.

EUI-64
The EUI-64 (Extended Unique Identifier) defined by the IEEE (Institute of Electrical and Electronics
Engineers) is an interface ID format designed to adapt with IPv6. It is derived from the 48-bit (6-byte)
Ethernet MAC address as shown next. EUI-64 inserts the hex digits fffe between the third and fourth bytes

Ethernet Switch CLI Reference Guide

149
Chapter 41 IPv6 Commands

of the MAC address and complements the seventh bit of the first byte of the MAC address. See the
following example.

MAC 00 : 13 : 49 : 12 : 34 : 56

EUI-64 02 : 13 : 49 : FF : FE : 12 : 34 : 56

Stateless Autoconfiguration
With stateless autoconfiguration in IPv6, addresses can be uniquely and automatically generated.
Unlike DHCPv6 (Dynamic Host Configuration Protocol version six) which is used in IPv6 stateful
autoconfiguration, the owner and status of addresses don’t need to be maintained by a DHCP server.
Every IPv6 device is able to generate its own and unique IP address automatically when IPv6 is initiated
on its interface. It combines the prefix and the interface ID (generated from its own Ethernet MAC
address, see Interface ID and EUI-64) to form a complete IPv6 address.

When IPv6 is enabled on a device, its interface automatically generates a link-local address (beginning
with fe80).

When the interface is connected to a network with a router and the ipv6 address autoconfig
command is issued on the Switch, it generates 1another address which combines its interface ID and
global and subnet information advertised from the router. This is a routable global IP address.

DHCPv6
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that
allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration
information to DHCP clients. DHCPv6 servers and clients exchange DHCP messages using UDP.

Each DHCP client and server has a unique DHCP Unique IDentifier (DUID), which is used for identification
when they are exchanging DHCPv6 messages. The DUID is generated from the MAC address, time,
vendor assigned ID and/or the vendor's private enterprise number registered with the IANA. It should not
change over time even after you reboot the device.

Identity Association
An Identity Association (IA) is a collection of addresses assigned to a DHCP client, through which the
server and client can manage a set of related IP addresses. Each IA must be associated with exactly
one interface. The DHCP client uses the IA assigned to an interface to obtain configuration from a DHCP
server for that interface. Each IA consists of a unique IAID and associated IP information.
The IA type is the type of address in the IA. Each IA holds one type of address. IA_NA means an identity
association for non-temporary addresses and IA_TA is an identity association for temporary addresses.
An IA_NA option contains the T1 and T2 fields, but an IA_TA option does not. The DHCPv6 server uses T1
and T2 to control the time at which the client contacts with the server to extend the lifetimes on any
addresses in the IA_NA before the lifetimes expire. After T1, the client sends the server (S1) (from which
the addresses in the IA_NA were obtained) a Renew message. If the time T2 is reached and the server

1. In IPv6, all network interfaces can be associated with several addresses.

Ethernet Switch CLI Reference Guide

150
Chapter 41 IPv6 Commands

does not respond, the client sends a Rebind message to any available server (S2). For an IA_TA, the
client may send a Renew or Rebind message at the client's discretion.
T2
T1

Renew Renew Renew

Rebind
to S1 to S1 to S1
to S2
Renew Renew Renew Rebind
to S1 to S1 to S1 to S2

DHCP Relay Agent

A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between
the DHCP server and clients. When a client cannot use its link-local address and a well-known multicast
address to locate a DHCP server on its network, it then needs a DHCP relay agent to send a message to
a DHCP server that is not attached to the same network.

The DHCP relay agent can add the remote identification (remote-ID) option and the interface-ID option
to the Relay-Forward DHCPv6 messages. The remote-ID option carries a user-defined string, such as the
system name. The interface-ID option provides slot number, port information and the VLAN ID to the
DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply messages before the relay
agent sends the packets to the clients. The DHCP server copies the interface-ID option from the Relay-
Forward message into the Relay-Reply message and sends it to the relay agent. The interface-ID should
not change even after the relay agent restarts.

ICMPv6
Internet Control Message Protocol for IPv6 (ICMPv6 or ICMP for IPv6) is defined in RFC 4443. ICMPv6 has
a preceding Next Header value of 58, which is different from the value used to identify ICMP for IPv4.
ICMPv6 is an integral part of IPv6. IPv6 nodes use ICMPv6 to report errors encountered in packet
processing and perform other diagnostic functions, such as "ping".

Neighbor Discovery Protocol (NDP)

The Neighbor Discovery Protocol (NDP) is a protocol used to discover other IPv6 devices and track
neighbor’s reachability in a network.

An IPv6 device uses the following ICMPv6 messages types:

• Neighbor solicitation: A request from a host to determine a neighbor’s link-layer address (MAC
address) and detect if the neighbor is still reachable. A neighbor being “reachable” means it
responds to a neighbor solicitation message (from the host) with a neighbor advertisement message.
• Neighbor advertisement: A response from a node to announce its link-layer address.
• Router solicitation: A request from a host to locate a router that can act as the default router and
forward packets.
• Router advertisement: A response to a router solicitation or a periodical multicast advertisement from
a router to advertise its presence and other parameters.

Ethernet Switch CLI Reference Guide

151
Chapter 41 IPv6 Commands

IPv6 Cache
An IPv6 host is required to have a neighbor cache, destination cache, prefix list and default router list.
The Switch maintains and updates its IPv6 caches constantly using the information from response
messages. In IPv6, the Switch configures a link-local address automatically, and then sends a neighbor
solicitation message to check if the address is unique. If there is an address to be resolved or verified, the
Switch also sends out a neighbor solicitation message. When the Switch receives a neighbor
advertisement in response, it stores the neighbor’s link-layer address in the neighbor cache. When the
Switch uses a router solicitation message to query for a router and receives a router advertisement
message, it adds the router’s information to the neighbor cache, prefix list and destination cache. The
Switch creates an entry in the default router list cache if the router can be used as a default router.

When the Switch needs to send a packet, it first consults the destination cache to determine the next
hop. If there is no matching entry in the destination cache, the Switch uses the prefix list to determine
whether the destination address is on-link and can be reached directly without passing through a router.
If the address is onlink, the address is considered as the next hop. Otherwise, the Switch determines the
next-hop from the default router list or routing table. Once the next hop IP address is known, the Switch
looks into the neighbor cache to get the link-layer address and sends the packet when the neighbor is
reachable. If the Switch cannot find an entry in the neighbor cache or the state for the neighbor is not
reachable, it starts the address resolution process. This helps reduce the number of IPv6 solicitation and
advertisement messages.

Multicast Listener Discovery

The Multicast Listener Discovery (MLD) protocol (defined in RFC 2710) is derived from IPv4's Internet
Group Management Protocol version 2 (IGMPv2). MLD uses ICMPv6 message types, rather than IGMP
message types. MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3.

MLD allows an IPv6 switch or router to discover the presence of MLD listeners who wish to receive
multicast packets and the IP addresses of multicast groups the hosts want to join on its network.

MLD snooping and MLD proxy are analogous to IGMP snooping and IGMP proxy in IPv4.

MLD filtering controls which multicast groups a port can join.

MLD Messages
A multicast router or switch periodically sends general queries to MLD hosts to update the multicast
forwarding table. When an MLD host wants to join a multicast group, it sends an MLD Report message
for that address.

An MLD Done message is equivalent to an IGMP Leave message. When an MLD host wants to leave a
multicast group, it can send a Done message to the router or switch. If the leave mode is not set to
immediate, the router or switch sends a group-specific query to the port on which the Done message is
received to determine if other devices connected to this port should remain in the group.

MLD Port Role

A port on the Switch can be either a downstream port or upstream port in MLD. A downstream port (DSP
in the figure) connects to MLD hosts and acts as a multicast router to send MLD queries and listen to the
MLD host’s Report and Done messages. An upstream port (USP in the figure) connects to a multicast

Ethernet Switch CLI Reference Guide

152
Chapter 41 IPv6 Commands

router and works as a host to send Report or Done messages when receiving queries from a multicast
router.

Proxy
Snooping
USP

DSP

MLD Snooping-Proxy
MLD snooping-proxy is a Zyxel-proprietary feature. IPv6 MLD proxy allows only one upstream interface on
a switch, while MLD snooping-proxy supports more than one upstream port on a switch. The upstream
port in MLD snooping-proxy can report group changes to a connected multicast router and forward
MLD messages to other upstream ports. This helps especially when you want to have a network that uses
STP to provide backup links between switches and also performs MLD snooping and proxy functions.
MLD snooping-proxy, like MLD proxy, can minimize MLD control messages and allow better network
performance.

In MLD snooping-proxy, if one upstream port is learned via snooping, all other upstream ports on the
same device will be added to the same group. If one upstream port requests to leave a group, all other
upstream ports on the same device will also be removed from the group.

In the following MLD snooping-proxy example, all connected upstream ports (1 ~7) are treated as one
interface. The connection between ports 8 and 9 is blocked by STP to break the loop. If there is one

Ethernet Switch CLI Reference Guide

153
Chapter 41 IPv6 Commands

query from a router (X) or MLD Done or Report message from any upstream port, it will be broadcast to
all connected upstream ports.

X
Query
1

2
9

3 8

4 7
Report
5 6

Done

41.2 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 109 ipv6 User-input Values

COMMAND DESCRIPTION
interface-type VLAN. The Switch supports only the VLAN interface type at the time of writing.

interface-number A VLAN ID number.

The following section lists the commands for this feature.

Table 110 ipv6 address Command Summary

COMMAND DESCRIPTION M P
interface vlan <1-4094> Enters config-route-domain mode for the specified C 13
VLAN. Creates the VLAN, if necessary.
ipv6 Globally enables IPv6 in this VLAN. The Switch then C 13
creates a link-local address automatically. Use “show
ipv6” to see the generated address.
ipv6 address <ipv6-address>/ Manually configures a static IPv6 global address for the C 13
<prefix> VLAN.

ipv6 address <ipv6-address>/ Manually configures a static IPv6 global address for the C 13
<prefix> eui-64 VLAN and have the interface ID be generated
automatically using the EUI-64 format.
ipv6 address <ipv6-address>/ Manually configures a static IPv6 link-local address for C 13
<prefix> link-local the VLAN.

Ethernet Switch CLI Reference Guide

154
Chapter 41 IPv6 Commands

Table 110 ipv6 address Command Summary (continued)

COMMAND DESCRIPTION M P
ipv6 address autoconfig Use the command to have the Switch generate an C 13
IPv6 global address automatically in this VLAN after the
Switch obtains the VLAN network information from a
router.

Note: Make sure an IPv6 router is available in the

VLAN network before using this command
on the Switch.
ipv6 address default-gateway Sets the default gateway for the VLAN. When an C 13
<gateway-ipv6-address> interface cannot find a routing information for a
frame’s destination, it forwards the packet to the
default gateway.
ipv6 address dhcp client <ia- Sets the Switch to get a non-temporary IP address from C 13
na> the DHCP server.

ipv6 address dhcp client <ia- Sets the Switch to get a non-temporary IP address from C 13
na> [rapid-commit] the DHCP server for this VLAN. Optionally, sets the
Switch to send its DHCPv6 Solicit message with a Rapid
Commit option to obtain information from the DHCP
server by a rapid two-message exchange. The Switch
discards any Reply messages that do not include a
Rapid Commit option. The DHCPv6 server should also
support the Rapid Commit option to have it work well.
ipv6 address dhcp client Sets the time interval (in seconds) at which the Switch C 13
information refresh minimum exchanges other configuration information with a
<600-4294967295> DHCPv6 server again.

ipv6 address dhcp client Sets the Switch to obtain DNS server IPv6 addresses or a C 13
option <[dns][domain-list]> list of domain names from the DHCP server.

no ipv6 Disables IPv6 in this VLAN. C 13

no ipv6 address <ipv6- Removes a specified static global address. C 13

address>/<prefix>
no ipv6 address <ipv6- Removes a specified static global address whose C 13
address>/<prefix> eui-64 interface ID was generated using the EUI-64 format.

no ipv6 address <ipv6- Removes a specified static link-local address. C 13

address>/<prefix> link-local
no ipv6 address autoconfig Disables IPv6 address autoconfiguration in this VLAN. C 13

no ipv6 address default- Removes the default gateway address for this VLAN. C 13
gateway
no ipv6 address dhcp client Disables the DHCP client feature in this VLAN. C 13

no ipv6 address dhcp client sets the Switch to not include a Rapid Commit option C 13
[rapid-commit] in its DHCPv6 Solicit message for this VLAN.

no ipv6 address dhcp client Sets the Switch to not obtain the DNS server information C 13
option from the DHCP server.

no ipv6 address dhcp client Sets the Switch to not obtain DNS server IPv6 addresses C 13
option <[dns][domain-list]> or a list of domain names from the DHCP server.

restart ipv6 dhcp client vlan <1- Sets the Switch to send a Release message for the E 13
4094> assigned IPv6 address to the DHCP server and start
DHCP message exchange again.
show ipv6 Displays IPv6 settings in all VLANs on the Switch. E 3

show ipv6 dhcp Displays the Switch’s DHCPv6 DUID. E 3

Ethernet Switch CLI Reference Guide

155
Chapter 41 IPv6 Commands

Table 110 ipv6 address Command Summary (continued)

COMMAND DESCRIPTION M P
show ipv6 dhcp vlan <1-4094> Displays the DHCPv6 settings for the specified VLAN, E 3
including DHCPv6 mode, the IA type and the IAID.
show ipv6 <interface-type> Displays IPv6 settings for a specified interface on the E 3
<interface-number> Switch.

Table 111 ipv6 dhcp relay Command Summary

COMMAND DESCRIPTION M P
ipv6 dhcp relay vlan <1-4094> Enables DHCPv6 relay agent and configures the C 13
helper-address <remote-dhcp- remote DHCP server address for the specified VLAN.
server>
ipv6 dhcp relay vlan <1-4094> Sets the Switch to add the interface-ID option in the C 13
option interface-id DHCPv6 requests from the clients in the specified VLAN
before the Switch forwards them to a DHCP server.
ipv6 dhcp relay vlan <1-4094> Sets the Switch to add the remote-ID option in the C 13
option remote-id <remote-id> DHCPv6 requests from the clients in the specified VLAN
before the Switch forwards them to a DHCP server. This
also specifies a string (up to 64 printable ASCII
characters) to be carried in the remote-ID option.
no ipv6 dhcp relay vlan <1-4094> Disables DHCPv6 relay agent in the specified VLAN. C 13

no ipv6 dhcp relay vlan <1-4094> Sets the Switch to not add the interface-ID option in C 13
option interface-id the DHCPv6 requests from the clients in the specified
VLAN before the Switch forwards them to a DHCP
server.
no ipv6 dhcp relay vlan <1-4094> Sets the Switch to not add the remote-ID option in the C 13
option remote-id DHCPv6 requests from the clients in the specified VLAN
before the Switch forwards them to a DHCP server.

Table 112 ipv6 dhcp trust Command Summary

COMMAND DESCRIPTION M P
ipv6 dhcp trust Enables IPv6 DHCP trust to set whether ports are trusted C 13
or untrusted ports for DHCP snooping. All ports are
untrusted ports by default.
no ipv6 dhcp trust Disables IPv6 DHCP trust. All ports are automatically C 13
trusted.
interface port-channel <port-list> Enters config-interface mode for the specified port(s). C 13

ipv6 dhcp trust Configures this port as a trusted port. Trusted ports are C 13
connected to DHCPv6 servers or other switches.
no ipv6 dhcp trust Configures this port as an untrusted port. Untrusted C 13
ports are connected to subscribers, and the Switch
discards DHCPv6 packets from untrusted ports in the
following situations:

• The packet is a DHCPv6 server packet (for

example, ADVERTISE, REPLY, or RELAY-REPLY).
• The source MAC address and source IP address in
the packet do not match any of the current
bindings.

Ethernet Switch CLI Reference Guide

156
Chapter 41 IPv6 Commands

Table 113 ipv6 icmp and ping6 Command Summary

COMMAND DESCRIPTION M P
ipv6 icmp error-interval <0- Sets the average transmission rate of ICMPv6 error C 13
2147483647> [bucket-size <1-200>] messages the Switch generates, such as Destination
Unreachable message, Packet Too Big message, Time
Exceeded message and Parameter Problem message.

error-interval: specifies a time period (in

milliseconds) during which packets of up to the bucket
size (10 by default) can be transmitted. 0 means no
limit.

Note: The Switch applies the time interval in

increments of 10. For example, if you set a
time interval from 1280 to 1289
milliseconds, the Switch uses the time
interval of 1280 milliseconds.

bucket-size: Defines the maximum number of

packets which are allowed to transmit in a given time
interval. If the bucket is full, subsequent error messages
are suppressed.
ping6 <ipv6-address> <[-i Sends IPv6 ping packets to the specified Ethernet E 0
<interface-type> <interface- device.
number>] [-t] [-l <1-1452>] [-n <1- interface-type: the Switch supports only the VLAN
65535>] [-s <ipv6-address>] interface type at the time of writing.

interface-number: The VLAN ID to which the Ethernet

device belongs.

-l <1-1452>: Specifies the size of the ping packet.

-t: Sends ping packets to the Ethernet device

indefinitely. Press [CTRL]+C to terminate the Ping
process.

-n <1-65535>: Specifies how many times the Switch

sends the ping packets.

-s <ipv6-address>: Specifies the source IPv6 address

of the pin packets.
show ipv6 mtu The Switch uses Path MTU Discovery to discover Path E 3
MTU (PMTU), that is, the minimum link MTU of all the links
in a path to the destination. If the Switch receives an
ICMPv6 Packet Too Big error message after sending a
packet, it adjusts the next packet size according to the
suggested MTU in the error message.

Displays IPv6 path MTU information on the Switch.

Table 114 ipv6 mld snooping-proxy Command Summary

COMMAND DESCRIPTION M P
clear ipv6 mld snooping-proxy Removes all MLD snooping-proxy statistics of the E 13
statistics all Switch.

clear ipv6 mld snooping-proxy Removes the MLD snooping-proxy statistics of the E 13
statistics port port(s).

clear ipv6 mld snooping-proxy Removes the MLD snooping-proxy statistics of the E 13
statistics system Switch.

Ethernet Switch CLI Reference Guide

157
Chapter 41 IPv6 Commands

Table 114 ipv6 mld snooping-proxy Command Summary (continued)

COMMAND DESCRIPTION M P
clear ipv6 mld snooping-proxy Removes the MLD snooping-proxy statistics of the E 13
statistics vlan multicast VLAN(s).

interface port-channel <port-list> Enters config-interface mode for the specified port(s). C 13

ipv6 mld snooping-proxy Enables multicast group limits for MLD snooping-proxy. C 13
filtering group-limited
ipv6 mld snooping-proxy Sets the maximum number of the multicast groups the C 13
filtering group-limited number port(s) is allowed to join.
<number> number: 0 - 255
ipv6 mld snooping-proxy Assigns the specified MLD filtering profile to the port(s). C 13
filtering profile <name> If MLD filtering is enabled on the Switch, the port(s) can
only join the multicast groups in the specified profile.
no ipv6 mld snooping-proxy Disables multicast group limits for MLD snooping. C 13
filtering group-limited
no ipv6 mld snooping-proxy Disables MLD filtering on the port(s) and allows the C 13
filtering profile port(s) to join any group.

ipv6 mld snooping-proxy Enables IPv6 MLD snooping-proxy on the Switch. C 13

ipv6 mld snooping-proxy 8021p- Sets the default IEEE 802.1p priority in the MLD C 13
priority <0-7> messages.

ipv6 mld snooping-proxy filtering Enables MLD filtering on the Switch. C 13

ipv6 mld snooping-proxy filtering Adds an MLD filtering profile and sets the range of the C 13
profile <name> start-address <ip> multicast address(es).
end-address <ip>
ipv6 mld snooping-proxy vlan Enables MLD snooping-proxy on the specified VLAN. C 13
<vlan-id>
ipv6 mld snooping-proxy vlan Specifies the downstream port(s) on the Switch. The C 13
<vlan-id> downstream interface port(s) will work as a multicast router to send MLD
port-channel <port-list> queries and listen to the MLD host’s join and leave
messages.
ipv6 mld snooping-proxy vlan Sets the fast leave timeout (in milliseconds) for the C 13
<vlan-id> downstream interface specified downstream port(s).
port-channel <port-list> fast- This defines how many seconds the Switch waits for an
leave-timeout <2-16775168> MLD report before removing an MLD snooping
membership entry (learned on a downstream port)
when an MLD Done message is received on this port
from a host.
ipv6 mld snooping-proxy vlan Set the MLD snooping normal leave timeout (in C 13
<vlan-id> downstream interface milliseconds) the Switch uses to update the forwarding
port-channel <port-list> leave- table for the specified downstream port(s).
timeout <2-16775168> This defines how many seconds the Switch waits for an
MLD report before removing an MLD snooping
membership entry (learned on a downstream port)
when an MLD Done message is received on this port
from a host.

Ethernet Switch CLI Reference Guide

158
Chapter 41 IPv6 Commands

Table 114 ipv6 mld snooping-proxy Command Summary (continued)

COMMAND DESCRIPTION M P
ipv6 mld snooping-proxy vlan Sets the leave mode for the specified downstream C 13
<vlan-id> downstream interface port(s) in a specified VLAN.
port-channel <port-list> mode This specifies whether Switch removes an MLD
<immediate | normal | fast> snooping membership entry (learned on a downstream
port) immediately (immediate) or wait for an MLD
report before the normal (normal) or fast (fast) leave
timeout when an MLD leave message is received on
this port from a host.
ipv6 mld snooping-proxy vlan Sets the amount of time (in milliseconds) between C 13
<vlan-id> downstream query- general query messages sent by the downstream port.
interval <1000-31744000>
ipv6 mld snooping-proxy vlan Sets the maximum time (in milliseconds) that the Switch C 13
<vlan-id> downstream query-max- waits for a response to a general query message sent
response-time <1000-25000> by the downstream port.

ipv6 mld snooping-proxy vlan Specifies the upstream (host) port(s) on the Switch. The C 13
<vlan-id> upstream interface port- port(s) will work as an MLD host to send join or leave
channel <port-list> messages when receiving queries from the multicast
router.
ipv6 mld snooping-proxy vlan Sets the amount of time (in milliseconds) between the C 13
<vlan-id> upstream last-listener- MLD group-specific queries sent by an upstream port
query-interval <1-8387584> when an MLD Done message is received. This value
should be exactly the same as what’s configured in the
connected multicast router.

This value is used to calculate the amount of time an

MLD snooping membership entry (learned only on the
upstream port) can remain in the forwarding table
after a Done message is received.

When an MLD Done message is received, the Switch

sets the entry’s lifetime to be: last-listener-query-
interval x robustness-variable
ipv6 mld snooping-proxy vlan Sets the amount of time (in milliseconds) between C 13
<vlan-id> upstream query-interval general query messages sent by the router connected
<1000-31744000> to the upstream port. This value should be exactly the
same as what’s configured in the connected multicast
router.

This value is used to calculate the amount of time an

MLD snooping membership entry (learned only on the
upstream port) can remain in the forwarding table.

When an MLD Report message is received, the Switch

sets the timeout period of the entry to be: query-
interval x robustness-variable + query-max-
response-time

Ethernet Switch CLI Reference Guide

159
Chapter 41 IPv6 Commands

Table 114 ipv6 mld snooping-proxy Command Summary (continued)

COMMAND DESCRIPTION M P
ipv6 mld snooping-proxy vlan Sets the amount of time (in milliseconds) the router C 13
<vlan-id> upstream query-max- connected to the upstream port waits for a response to
response-time <1000-25000> an MLD general query message. This value should be
exactly the same as what’s configured in the
connected multicast router.

This value is used to calculate the amount of time an

MLD snooping membership entry (learned only on the
upstream port) can remain in the forwarding table.

When an MLD Report message is received, the Switch

sets the timeout period of the entry to be: query-
interval x robustness-variable + query-max-
response-time

When an MLD Done message is received, the Switch

sets the entry’s lifetime to be: last-listener-query-
interval x robustness-variable
ipv6 mld snooping-proxy vlan Sets the number of queries. A multicast address entry C 13
<vlan-id> upstream robustness- (learned only on an upstream port by snooping) is
variable <1-25> removed from the forwarding table when there is no
response to the configured number of queries sent by
the router connected to the upstream port. This value
should be exactly the same as what’s configured in the
connected multicast router.

This value is used to calculate the amount of time an

MLD snooping membership entry (learned only on the
upstream port) can remain in the forwarding table.
no ipv6 mld snooping-proxy Disables IPv6 MLD snooping-proxy on the Switch. C 13

no ipv6 mld snooping-proxy Disables IPv6 MLD filtering on the Switch. C 13

filtering
no ipv6 mld snooping-proxy Removes the specified MLD filtering profile. C 13
filtering profile <name>
no ipv6 mld snooping-proxy Removes the range of multicast address(es) from the C 13
filtering profile <name> start- specified filtering profile.
address <ip> end-address <ip>
no ipv6 mld snooping-proxy vlan Disables MLD snooping-proxy on the specified VLAN. C 13
<vlan-id>
no ipv6 mld snooping-proxy vlan Sets the specified port(s) to not be a downstream C 13
<vlan-id> downstream interface port(s) for the specified VLAN.
port-channel <port-list>
no ipv6 mld snooping-proxy vlan Sets the specified port(s) to not be an upstream port(s) C 13
<vlan-id> upstream interface port- for the specified VLAN.
channel <port-list>
show interfaces config <port-list> Displays whether MLD filtering is enabled and the E 3
mld snooping-proxy filtering maximum MLD group number for the specified port(s).
group-limited
show interfaces config <port-list> Displays the name of the filtering profile for the E 3
mld snooping-proxy filtering specified port(s).
profile
show ipv6 mld snooping-proxy Displays whether MLD snooping-proxy is enabled on E 3
the Switch and on which VLAN(s).

Ethernet Switch CLI Reference Guide

160
Chapter 41 IPv6 Commands

Table 114 ipv6 mld snooping-proxy Command Summary (continued)

COMMAND DESCRIPTION M P
show ipv6 mld snooping-proxy Displays whether MLD filtering is enabled on the Switch E 3
filtering profile and the filtering profile settings.

show ipv6 mld snooping-proxy group Displays the multicast group addresses learned on the E 3
Switch’s ports.
show ipv6 mld snooping-proxy Displays the MLD snooping-proxy statistics of the E 3
statistics interface port-channel specified port(s).
<port-list>
show ipv6 mld snooping-proxy Displays the MLD snooping-proxy statistics of the E 3
statistics system Switch.

show ipv6 mld snooping-proxy Displays the MLD snooping-proxy statistics of the E 3
statistics vlan <vlan-list> specified multicast VLAN(s).

show ipv6 mld snooping-proxy vlan Displays MLD proxy settings for the specified VLAN. E 3
<vlan-id>
show ipv6 multicast Displays the multicast group addresses learned on the E 3
Switch’s ports and the timeout values.

Table 115 ipv6 nd Command Summary

COMMAND DESCRIPTION M P
interface vlan <1-4094> Enters config-route-domain mode for the specified C 13
VLAN. Creates the VLAN, if necessary.
ipv6 nd dad-attempts <0-600> Sets the number of consecutive neighbor solicitations C 13
the Switch sends for this VLAN.

The Switch uses Duplicate Address Detection (DAD)

with neighbor solicitation and advertisement messages
to check whether an IPv6 address is already in use
before assigning it to an interface, such as the link-
local address it creates through stateless address
autoconfiguration for this VLAN.

To turn off the DAD for this VLAN, set the number of
DAD attempts to 0.
ipv6 nd managed-config-flag Configures the Switch to set the “managed address C 13
configuration” flag (the M flag) to 1 in IPv6 router
advertisements, which means hosts use DHCPv6 to
obtain IPv6 stateful addresses.
ipv6 nd ns-interval <1000- Specifies the time interval (in milliseconds) at which C 13
3600000> neighbor solicitations are re-sent for this VLAN.

ipv6 nd other-config-flag Configures the Switch to set the “Other stateful C 13

configuration” flag (the O flag) to 1 in IPv6 router
advertisements, which means hosts use DHCPv6 to
obtain additional configuration settings, such as DNS
information.

Ethernet Switch CLI Reference Guide

161
Chapter 41 IPv6 Commands

Table 115 ipv6 nd Command Summary (continued)

COMMAND DESCRIPTION M P
ipv6 nd prefix <ipv6-prefix>/ Sets the Switch to include the specified IPv6 prefix, C 13
<prefix-length> <[valid- prefix length and optional parameters in router
lifetime <0-4294967295>] advertisements for this VLAN.
[preferred-lifetime <0- valid-lifetime: sets how long in seconds the prefix is
4294967295>] [no-autoconfig] valid for on-link determination.
[no-onlink] [no-advertise]>
preferred-lifetime: sets how long (in seconds) that
addresses generated from the prefix via stateless
address autoconfiguration remain preferred.

no-autoconfig: indicates the hosts can not use this

prefix for stateless address autoconfiguration.

no-onlink: indicates this prefix can not be used for

on-link determination.

no-advertise: sets the Switch to not include the

specified IPv6 prefix, prefix length and optional
parameters in router advertisements for this VLAN.
ipv6 nd prefix <ipv6-prefix>/ Sets the Switch to include the specified IPv6 prefix and C 13
<prefix-length> prefix length in router advertisements for this VLAN.

ipv6 nd ra interval minimum <3- Specifies the minimum and maximum time intervals at C 13
1350> maximum <4-1800> which the Switch sends router advertisements for this
VLAN.
ipv6 nd ra lifetime <0-9000> Sets how long (in seconds) the router in router C 13
advertisements can be used as a default router for this
VLAN.
ipv6 nd ra suppress Sets the Switch to not send router advertisements and C 13
responses to router solicitations for this VLAN.
ipv6 nd reachable-time <1000- Specifies how long (in milliseconds) a neighbor is C 13
3600000> considered reachable for this VLAN.

no ipv6 nd dad-attempts Resets the number of the DAD attempts to the default C 13
settings (3).
no ipv6 nd managed-config-flag Configures the Switch to set the “managed address C 13
configuration” flag (the M flag) to 0 in IPv6 router
advertisements, which means hosts do not use DHCPv6
to obtain IPv6 stateful addresses.
no ipv6 nd ns-interval Resets the time interval between retransmissions of C 13
neighbor solicitations to the default setting (1000
milliseconds).
no ipv6 nd other-config-flag Configures the Switch to set the “Other stateful C 13
configuration” flag (the O flag) to 0 in IPv6 router
advertisements, which means hosts do not use DHCPv6
to obtain additional configuration settings, such as DNS
information.
no ipv6 nd prefix <ipv6- Sets the Switch to not include the specified IPv6 prefix C 13
prefix>/<prefix-length> and prefix length in router advertisements for this VLAN.

no ipv6 nd ra interval Resets the minimum and maximum time intervals C 13

between retransmissions of router advertisements for
this VLAN to the default settings.
no ipv6 nd ra lifetime Resets the lifetime of a router in router advertisements C 13
to the default setting (1800 seconds).
no ipv6 nd ra suppress Enables the sending of router advertisements and C 13
responses to router solicitations on this interface.

Ethernet Switch CLI Reference Guide

162
Chapter 41 IPv6 Commands

Table 115 ipv6 nd Command Summary (continued)

COMMAND DESCRIPTION M P
no ipv6 nd reachable-time Resets the reachable time of a neighbor to the default C 13
setting (30000 milliseconds).
ipv6 hop-limit <1-255> Sets the maximum number of hops on which an IPv6 C 13
packet is allowed to transmit before it is discarded by
an IPv6 router, which is similar to the TTL field in IPv4.
ipv6 route <ipv6-prefix>/<prefix- Creates a static route to forward packets with the C 13
length> <next-hop> specified IPv6 prefix and prefix length to a specific
gateway.
ipv6 route <ipv6-prefix>/<prefix- Creates a static route to forward packets with the C 13
length> <next-hop> <interface- specified IPv6 prefix and prefix length to a specific
type> <interface-number> gateway in a VLAN.

no ipv6 hop-limit Resets the maximum number of hops in router C 13

advertisements to the default setting.
no ipv6 route <ipv6-prefix>/ Removes an IPv6 static route. C 13
<prefix-length>
show ipv6 route Displays IPv6 routing information on the Switch. E 3

show ipv6 route static Displays static IPv6 routing information on the Switch. E 3

show ipv6 prefix Displays all IPv6 prefix information on the Switch. E 3

show ipv6 prefix <interface-type> Displays IPv6 prefix information for the specified E 3
<interface-number> interface (VLAN).

Table 116 ipv6 neighbor Command Summary

COMMAND DESCRIPTION M P
clear ipv6 neighbor Removes all IPv6 neighbor information on the Switch. E 13

clear ipv6 neighbor <interface- Removes IPv6 neighbor information for a specified E 13
type> <interface-number> interface on the Switch.

ipv6 neighbor <interface-type> Creates a static IPv6 neighbor entry in the IPv6 cache C 13
<interface-number> <ipv6-address> for this VLAN.
<mac-address>
no ipv6 neighbor <interface-type> Removes a static IPv6 neighbor entry from the IPv6 C 13
<interface-number> <ipv6-address> cache.

show ipv6 neighbor Displays the IPv6 neighbor devices on the Switch E 3

show ipv6 neighbor <interface- Displays IPv6 neighbor devices for a specified interface E 3
type> <interface-number> on the Switch.

show ipv6 router Displays all IPv6 router advertisement information on E 3

the Switch.
show ipv6 router <interface-type> Displays IPv6 router advertisement information for a E 3
<interface-number> specified interface on the Switch.

show ipv6 neighbor address Displays and arranges the data according to IPv6 E 3
address of the neighboring device.
show ipv6 neighbor count Displays the number of the neighboring device(s). E 3

Ethernet Switch CLI Reference Guide

163
Chapter 41 IPv6 Commands

Table 116 ipv6 neighbor Command Summary (continued)

COMMAND DESCRIPTION M P
show ipv6 neighbor interface Displays and arranges the data according to IPv6 E 3
interface on which the IPv6 address is created or
through which the neighboring device can be
reached.
show ipv6 neighbor mac Displays and arranges the data according to MAC E 3
address of the IPv6 interface on which the IPv6 address
is configure or the MAC address of the neighboring
device.

Table 117 ipv6 snooping policy Command Summary

COMMAND DESCRIPTION M P
ipv6 snooping policy <name> Enters sub-command mode for creating an IPv6 C 13
snooping policy.
limit address-count <number> Sets the number of IPv6 addresses and prefixes learned C 13
using the IPv6 snooping policy.

The maximum limit address count is the maximum size

of the IPv6 source guard binding table.
no limit address-count Removes the maximum limit address count setting. C 13

prefix-glean Allows the Switch to learn the IPv6 prefix and length C 13
from DHCPv6 sniffed packets.
no prefix-glean Disables IPv6 prefix gleaning. C 13

protocol dhcp Enables DHCP snooping to have the Switch sniff C 13

DHCPv6 packets sent from a DHCPv6 server to a
DHCPv6 client.
no protocol dhcp Disables DHCP snooping. C 13

no ipv6 snooping policy <name> Removes the specified IPv6 snooping policy. C 13

interface vlan <1-4094> Enters config-route-domain mode for the specified C 13

VLAN. Creates the VLAN, if necessary.
ipv6 snooping attach-policy Enables a IPv6 snooping policy on the specified VLAN C 13
<name> interface.

no ipv6 snooping attach-policy Disables the IPv6 snooping policy on the VLAN C 13
interface.
show ipv6 snooping policy [<name>] Displays all or the specified IPv6 snooping policy E 3
settings.

Table 118 ipv6 source binding Command Summary

COMMAND DESCRIPTION M P
clear ipv6 source binding [address Removes all or the dynamic IPv6 source binding entries E 13
<ipv6-address> | prefix <ipv6- snooped with the specified IPv6 address and/or prefix
address/prefix-length>] address.

ipv6 source binding <ipv6-address Creates an IPv6 source binding table entry. C 13
|ipv6-address/prefix-length> [mac
<mac-addr>] [vlan <vlan-id>]
[interface port-channel <port-
list>]
no ipv6 source binding <ipv6- Removes a static IPv6 source binding entry with the C 13
address|ipv6-address/prefix- specified IPv6 address and/or prefix address.
length>

Ethernet Switch CLI Reference Guide

164
Chapter 41 IPv6 Commands

Table 118 ipv6 source binding Command Summary (continued)

COMMAND DESCRIPTION M P
show ipv6 source binding Displays all the current dynamic and static bindings on E 3
the Switch.
show ipv6 source binding [ipv6- Displays the IPv6 source binding table, based on the E 3
address|ipv6-address/prefix- specified parameters.
length] [mac <mac-address>] [vlan
<vlan-id>] [interface port-channel
<port-list>] [dhcpv6-snooping
|static]>
show ipv6 source binding count Displays the number of IPv6 source binding entries. E 3

Table 119 ipv6 source guard Command Summary

COMMAND DESCRIPTION M P
ipv6 source-guard policy <name> Enters sub-command mode for creating an IPv6 source C 13
guard policy.
permit link-local Allows data traffic from all link-local addresses. C 13

no permit link-local Blocks data traffic from all link-local addresses. C 13

validate address Sets IPv6 source guard to forward valid IPv6 addresses C 13
that are stored in the binding table.
no validate address Sets IPv6 source guard to not forward valid IPv6 C 13
addresses that are stored in the binding table.
validate prefix Sets IPv6 source guard to forward valid IPv6 prefixes C 13
that are stored in the binding table.
no validate prefix Sets IPv6 source guard to not forward valid IPv6 prefixes C 13
that are stored in the binding table.
show ipv6 source-guard policy Displays information of all IPv6 source guard policies on E 3
[<name>] the Switch or the specified IPv6 source guard policy.

Ethernet Switch CLI Reference Guide

165
Chapter 41 IPv6 Commands

41.3 Command Examples

This example shows how to enable IPv6 in VLAN 1 and display the link-local address the Switch
automatically generated and other IPv6 information for the VLAN.

sysname# config
sysname(config)# interface vlan 1
sysname(config-vlan)# ipv6
sysname(config-vlan)# exit
sysname(config)# exit
sysname# show ipv6 vlan 1
VLAN : 1 (VLAN1)
IPv6 is enabled.
MTU is 1500 bytes.
ICMP error messages limited to 10 every 100 milliseconds.
Stateless Address Autoconfiguration is disabled.
Link-Local address is fe80::219:cbff:fe6f:9159 [preferred]
Global unicast address(es):
Joined group address(es):
ff02::2
ff01::1
ff02::1
ff02::1:ff6f:9159
ND DAD is enabled, number of DAD attempts: 1
ND NS-interval is 1000 milliseconds
ND reachable time is 30000 milliseconds
ND router advertised managed config flag is disable
ND router advertised other config flag is disable
ND router advertisements are sent every 200 to 600 seconds
ND router advertisements lifetime 1800 seconds

This example shows how to manually configure two IPv6 addresses (one uses the EUI-64 format, one
doesn’t) in VLAN 1, and then display the result. Before using ipv6 address commands, you have to
enable IPv6 in the VLAN and this has the Switch generate a link-local address for the interface.

Ethernet Switch CLI Reference Guide

166
Chapter 41 IPv6 Commands

There are three addresses created in total for VLAN 1. The address “2001:db8:c18:1:219:cbff:fe00:1/64” is
created with the interface ID “219:cbff:fe00:1“ generated using the EUI-64 format. The address
“2001:db8:c18:1::12b/64” is created exactly the same as what you entered in the command.

sysname# config
sysname(config)# interface vlan 1
sysname(config-vlan)# ipv6
sysname(config-vlan)# ipv6 address 2001:db8:c18:1::127/64 eui-64
sysname(config-vlan)# ipv6 address 2001:db8:c18:1::12b/64
sysname(config-vlan)# exit
sysname(config)# exit
sysname# show ipv6
VLAN : 1 (VLAN1)
IPv6 is enabled.
MTU is 1500 bytes.
ICMP error messages limited to 10 every 100 milliseconds.
Stateless Address Autoconfiguration is disabled.
Link-Local address is fe80::219:cbff:fe00:1 [preferred]
Global unicast address(es):
2001:db8:c18:1::12b/64 [preferred]
2001:db8:c18:1:219:cbff:fe00:1/64 [preferred]
Joined group address(es):
ff02::1:ff00:12b
ff02::2
ff01::1
ff02::1
ff02::1:ff6f:9159
ND DAD is enabled, number of DAD attempts: 1
ND NS-interval is 1000 milliseconds
ND reachable time is 30000 milliseconds
ND router advertised managed config flag is disable
ND router advertised other config flag is disable
ND router advertisements are sent every 200 to 600 seconds
ND router advertisements lifetime 1800 seconds

This example shows the Switch owns (L displays in the T field) two manually configured (permanent) IP
addresses, 2001::1234 and fe80::219:cbff:fe00:1. It also displays a neighbor fe80::2d0:59ff:feb8:103c in
VLAN 1 is reachable from the Switch.

sysname# show ipv6 neighbor

Address MAC S T Interface
--------------------------------------- ----------------- -- - ------------
2001::1234 00:19:cb:0:0:0:1 R L vlan 1
fe80::219:cbff:fe00:1 00:19:cb:0:0:0:1 R L vlan 1
fe80::2d0:59ff:feb8:103c 00:d0:59:b8:10:3c R D vlan 1

S: reachable(R),stale(S),delay(D),probe(P),invalid(IV),incomplete(I),unknown(?)
T: local(L),dynamic(D),static(S),other(O)

The following table describes the labels in this screen.

Table 120 show ipv6 neighbor

LABEL DESCRIPTION
Address This is the IPv6 address of the Switch or a neighboring device.
MAC This is the MAC address of the neighboring device or itself.

Ethernet Switch CLI Reference Guide

167
Chapter 41 IPv6 Commands

Table 120 show ipv6 neighbor (continued)

LABEL DESCRIPTION
S This field displays whether the neighbor IPv6 interface is reachable. In IPv6,
“reachable” means an IPv6 packet can be correctly forwarded to a neighbor node
(host or router) and the neighbor can successfully receive and handle the packet. The
available options in this field are:

• reachable(R): The interface of the neighboring device is reachable. (The Switch

has received a response to the initial request.)
• stale(S): The last reachable time has expired and the Switch is waiting for a
response to another initial request. The field displays this also when the Switch
receives an unrequested response from the neighbor’s interface.
• delay(D): The neighboring interface is no longer known to be reachable, and
traffic has been sent to the neighbor recently. The Switch delays sending request
packets for a short to give upper-layer protocols a chance to determine
reachability.
• probe(P): The Switch is sending request packets and waiting for the neighbor’s
response.
• invalid(IV): The neighbor address is with an invalid IPv6 address.
• unknown(?): The status of the neighboring interface can not be determined for
some reason.
• incomplete(I): Address resolution is in progress and the link-layer address of the
neighbor has not yet been determined (see RFC 2461). The interface of the
neighboring device did not give a complete response.
T This field displays the type of an address mapping to a neighbor interface. The
available options in this field are:

• other(O): none of the following type.

• dynamic(D): The IP address to MAC address can be successfully resolved using
IPv6 Neighbor Discovery protocol (See Neighbor Discovery Protocol (NDP)). Is it
similar as IPv4 ARP (Address Resolution protocol).
• static(S): The interface address is statically configured.
• local(L): A Switch interface is using the address.
Interface This field displays the IPv6 interface.
Expire This displays how long (hhhmmmsss) an address can be used before it expires. If an
address is manually configured, it displays permanent (never expires).

This example sends ping requests to an Ethernet device with IPv6 address fe80::2d0:59ff:feb8:103c in
VLAN 1. The device also responds the pings.

sysname# ping6 ffe80::2d0:59ff:feb8:103c -i vlan 1

PING6(56=40+8+8 bytes) fe80::219:cbff:fe00:1 --> fe80::2d0:59ff:feb8:103c
16 bytes from fe80::2d0:59ff:feb8:103c, icmp_seq=0 hlim=64 time=1.0 ms
16 bytes from fe80::2d0:59ff:feb8:103c, icmp_seq=1 hlim=64 time=1.0 ms
16 bytes from fe80::2d0:59ff:feb8:103c, icmp_seq=2 hlim=64 time=1.0 ms

--- fe80::2d0:59ff:feb8:103c ping6 statistics ---

3 packets transmitted, 3 packets received, 0.0 % packet loss
round-trip min/avg/max = 1.0 /1.0 /1.0 ms
sysname#

Ethernet Switch CLI Reference Guide

168
Chapter 41 IPv6 Commands

This example configures a static IPv6 route to forward packets with IPv6 prefix 2100:: and prefix length 64
to the gateway with IPv6 address fe80::219:cbff:fe01:101 in VLAN 1.

sysname# config
sysname(config)# ipv6 route 2100::/64 fe80::219:cbff:fe01:101 vlan 1
sysname(config)# exit
sysname# show ipv6 route
Terminology:
C - Connected, S - Static
Destination/Prefix Length Type
Next Hop Interface
------------------------------------------------------------
2001:db8:c18:1::/64 C
:: VLAN1
2100::/64 S
fe80::219:cbff:fe01:101 VLAN1
sysname#

41.4 Example - Enabling IPv6 on Windows XP/2003

By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6
install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig
command to see auto-generated IP addresses.

C:\>ipv6 install
Installing...
Succeeded.

C:\>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 10.1.1.46
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::2d0:59ff:feb8:103c%4
Default Gateway . . . . . . . . . : 10.1.1.254

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%5
Default Gateway . . . . . . . . . :

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : fe80::5efe:10.1.1.46%2
Default Gateway . . . . . . . . . :

Ethernet Switch CLI Reference Guide

169
Chapter 41 IPv6 Commands

IPv6 is installed and enabled by default in Windows Vista. Use the “ipconfig” command to check your
automatic configured IPv6 address as well. You should see at least one IPv6 address available for the
interface on your computer.

41.5 Example - HTTP Accessing the Switch Using IPv6

How you access the Switch using HTTP varies depending on the operating system (OS) and the type of
browser you use and the type of address you want to access.

Note: It’s recommended to use Internet Explorer 7.0 or FireFox to access the Switch’s web GUI.

Table 121 Specifying the Switch Address for HTTP Access

OS DESTINATION INTERNET EXPLORER 7.0 FIREFOX
Windows A link-local address Use http://address
XP
The address should be converted using the following procedure.

1. Use a dash “-” to replace each colon “:” in an IPv6 address.

2. Append the Ethernet interface identifier you want to use to connect to the
Switch. But replace the percentage character “%” with “s”.

3. Append “.ipv6-literal.net” at the end.

For example, the Switch uses an address fe80::1234:5678. The Ethernet interface
identifier you want to use on your computer to access the Switch is %4. You
have to type the following to access the Switch.

http://fe80--1234-5678-1s4.ipv6-literal.net.
A global address Use http://[address]
Windows A link-local address For example, http://[fe80--1234-5678-1]
Vista
A global address

This example shows you how to access the Switch using HTTP on Windows XP.

1 Make sure you have enabled IPv6 on your computer (see Section 41.4). Use the ipconfig command in
the command prompt to check the IPv6 address on your computer. The example uses an interface with
address “fe80::2d0:59ff:feb8:103c” to access the Switch. So its Ethernet interface identifier is %4 and will
be used later to make a ping.

C:\>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Ethernet Switch CLI Reference Guide

170
2 Check the Switch IPv6 address(es) you want to ping. In this example, there are two IPv6 addresses in
VLAN 1. One is a link-local address (fe80::219:cbff:fe00:1/64) and the other one is a global address
(2001::1234/64).

sysname# show ipv6

VLAN ID : 1
IPv6 Status : Enable

Origin IP Address/PrefixLength Status Expire

--------- ------------------------------------------- ---------- -------
manual fe80::219:cbff:fe00:1/64 preferred permanent
manual 2001::1234/64 preferred permanent

3 In order to access the Switch through its link-local address, do the address conversion (See Table 121 on
page 170).

3a Use a dash “-” to replace each colon “:” in an IPv6 address. Then the address becomes:
fe80--219-cbff-fe00-1

3b In the step 1, the Ethernet interface identifier you want to use to connect to the Switch is “%4”.
Replace the percentage character “%” with “s” and then append it to the address. The address
becomes:
fe80--219-cbff-fe00-1s4

3c Append “.ipv6-literal.net” at the end. The address becomes:

fe80--219-cbff-fe00-1s4.ipv6-literal.net
Open an Internet Explorer 7.0 browser and type http://fe80--219-cbff-fe00-1s4.ipv6-
literal.net. The login page appears.

4 Alternatively, you can use the global address to access the Switch. Type http://[2001::1234] on
your browser and the login page appears.

Ethernet Switch CLI Reference Guide

171
Chapter 41 IPv6 Commands

Ethernet Switch CLI Reference Guide

172
Chapter 42 Layer 2 Protocol Tunnel (L2PT) Commands

C H A P T E R 42
Layer 2 Protocol Tunnel
(L2PT) Commands

42.1 Command Summary

The following section lists the commands for this feature.

Table 122 l2pt Command Summary

COMMAND DESCRIPTION M P
clear l2protocol-tunnel Removes all layer 2 protocol tunneling counters. E 13

interface port-channel <port-list> Enters config-interface mode for configuring the C 13

specified port(s).
l2protocol-tunnel Enables layer 2 protocol tunneling for CDP (Cisco C 13
Discovery Protocol), STP (Spanning Tree Protocol) and
VTP (VLAN Trunking Protocol) packets on the specified
port(s).
l2protocol-tunnel cdp Enables layer 2 protocol tunneling for CDP packets on C 13
the specified port(s).
l2protocol-tunnel mode Sets the L2PT mode for the specified port(s) C 13
<access|tunnel>
access: for ingress ports at the edge of the service
provider's network. The Switch encapsulates the
incoming layer 2 protocol packets and forward them
to the tunnel port(s).

Note: You can enable L2PT services for STP,

LACP, VTP, CDP, UDLD, and PAGP on the
access port(s) only.

tunnel: for egress ports at the edge of the service

provider's network. The Switch decapsulates the
encapsulated layer 2 protocol packets received on a
tunnel port by changing the destination MAC address
to the original one, and then forward them to an
access port. If the service(s) is not enabled on an
access port, the protocol packets are dropped.
l2protocol-tunnel point-to- Enables point-to-point layer 2 protocol tunneling for C 13
point LACP (Link Aggregation Control Protocol), PAgP (Port
Aggregation Protocol) and UDLD (UniDirectional Link
Detection) packets on the specified port(s).
l2protocol-tunnel point-to- Enables point-to-point layer 2 protocol tunneling for C 13
point lacp LACP packets on the specified port(s).

Ethernet Switch CLI Reference Guide

173
Table 122 l2pt Command Summary (continued)
COMMAND DESCRIPTION M P
l2protocol-tunnel point-to- Enables point-to-point layer 2 protocol tunneling for C 13
point pagp PAgP packets on the specified port(s).

l2protocol-tunnel point-to- Enables point-to-point layer 2 protocol tunneling for C 13

point udld UDLD packets on the specified port(s).

l2protocol-tunnel stp Enables layer 2 protocol tunneling for STP packets on C 13

the specified port(s).
l2protocol-tunnel vtp Enables layer 2 protocol tunneling for CDP packets on C 13
the specified port(s).
no l2protocol-tunnel Disables layer 2 protocol tunneling for CDP, VTP and C 13
STP packets on the specified port(s).
no l2protocol-tunnel cdp Disables layer 2 protocol tunneling for CDP packets on C 13
the specified port(s).
no l2protocol-tunnel point-to- Disables point-to-point layer 2 protocol tunneling for C 13
point LACP, PAgP and UDLD packets on the specified
port(s).
no l2protocol-tunnel point-to- Disables point-to-point layer 2 protocol tunneling for C 13
point lacp LACP packets on the specified port(s).

no l2protocol-tunnel point-to- Disables point-to-point layer 2 protocol tunneling for C 13

point pagp PAgP packets on the specified port(s).

no l2protocol-tunnel point-to- Enables point-to-point layer 2 protocol tunneling for C 13

point udld UDLD packets on the specified port(s).

no l2protocol-tunnel stp Disables layer 2 protocol tunneling for STP packets on C 13

the specified port(s).
no l2protocol-tunnel vtp Disables layer 2 protocol tunneling for VTP packets on C 13
the specified port(s).
l2protocol-tunnel Enables layer 2 protocol tunneling on the Switch. C 13

l2protocol-tunnel mac <mac-addr> Sets the destination MAC address used for C 13
encapsulating layer 2 protocol packets received on
an access port.
no l2protocol-tunnel Disables layer 2 protocol tunneling on the Switch. C 13

show l2protocol-tunnel Displays layer 2 protocol tunneling settings and E 13

counters for all ports.
show l2protocol-tunnel interface Displays layer 2 protocol tunneling settings and E 13
port-channel <port-list> counters for the specified port(s).

42.2 Command Examples

This example enables L2PT on the Switch and sets the destination MAC address for encapsulating layer 2
protocol packets received on an access port.

sysname# configure
sysname(config)# l2protocol-tunnel
sysname(config)# l2protocol-tunnel mac 00:10:23:45:67:8e
sysname(config)#

Ethernet Switch CLI Reference Guide

174
Chapter 42 Layer 2 Protocol Tunnel (L2PT) Commands

This example enables L2PT for STP, CDP and VTP packets on port 3. It also sets L2PT mode to access for
this port.

sysname(config)# interface port-channel 3

sysname(config-interface)# l2protocol-tunnel
sysname(config-interface)# l2protocol-tunnel mode access
sysname(config-interface)# exit
sysname(config)# exit

This example sets L2PT mode to tunnel for port 4.

sysname(config)# interface port-channel 4

sysname(config-interface)# l2protocol-tunnel mode tunnel
sysname(config-interface)# exit
sysname(config)# exit

This example displays L2PT settings and status on port 3. You can also see how many CDP, STP, VTP,
LACP, PAgP and UDLD packets received on this port are encapsulated, decapsulated or dropped.

sysname# show l2protocol-tunnel interface port-channel 3

Status : Running
Layer 2 Protocol Tunneling: Enable
Destination MAC Address: 00:10:23:45:67:8e

Port Protocol State Encapsulation Decapsulation Drop

Counter Counter Counter
---- -------- ------ ------------- ------------- -------
3 cdp Enable 0 0 0
stp Enable 1280 2548 0
vtp Enable 0 0 0
lacp Disable 0 0 0
pagp Disable 0 0 0
udld Disable 0 0 0
sysname#

Ethernet Switch CLI Reference Guide

175
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

C H A P T E R 43
Link Layer Discovery Protocol
(LLDP) Commands

43.1 LLDP Overview

The LLDP (Link Layer Discovery Protocol) is a layer 2 protocol. It allows a network device to advertise its
identity and capabilities on the local network. It also allows the device to maintain and store information
from adjacent devices which are directly connected to the network device. This helps an administrator
discover network changes and perform necessary network reconfiguration and management. The
device information is encapsulated in the LLDPDUs (LLDP data units) in the form of TLV (Type, Length,
Value). Device information carried in the received LLDPDUs is stored in the standard MIB.

The Switch supports these basic management TLVs.

• End of LLDPDU (mandatory)

• Chassis ID (mandatory)
• Port ID (mandatory)
• Time to Live (mandatory)
• Port Description (optional)
• System Name (optional)
• System Description (optional)
• System Capabilities (optional)
• Management Address (optional)

The Switch also supports the IEEE 802.1 and IEEE 802.3 organizationally-specific TLVs.

Annex F of the LLDP specification defines the following set of IEEE 802.1 organizationally specific TLVs:

• Port VLAN ID TLV (optional)

• Port and Protocol VLAN ID TLV (optional)

Annex G of the LLDP specification defines the following set of IEEE 802.3 Organizationally Specific TLVs:

• MAC/PHY Configuration/Status TLV (optional)

• Power via MDI TLV (optional)
• Link Aggregation TLV (optional)
• Maximum Frame Size TLV (optional)

The optional TLVs are inserted between the Time To Live TLV and the End of LLDPDU TLV.

Ethernet Switch CLI Reference Guide

176
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

LLDP-MED (Link Layer Discovery Protocol for Media Endpoint Devices) is an enhanced extension to LLDP
especially for voice applications. You can use LLDP-MED to advertise location-based information of
emergency calls and/or network policies for voice/video streaming.

43.2 Command Summary

The following section lists the commands for this feature.

Table 123 lldp Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port-list> Enters config-interface mode for configuring the C 13
specified port(s).
lldp admin-status <disabled|tx- Sets LLDP operating mode. C 13
only|rx-only|tx-rx>
disabled: the port(s) can’t send or receive LLDP
packets.

tx-only: the port(s) can only send LLDP packets.

rx-only: the port(s) can only receive LLDP packets.

tx-rx: the port(s) can send or receive LLDP packets.

lldp basic-tlv management- Enables the sending of Management Address TLVs on C 13
address the port(s).

lldp basic-tlv port-description Enables the sending of Port Description TLVs on the C 13
port(s).
lldp basic-tlv system- Enables the sending of System Capabilities TLVs on the C 13
capabilities port(s).

lldp basic-tlv system- Enables the sending of System Description TLVs on the C 13
description port(s).

lldp basic-tlv system-name Enables the sending of System Name TLVs on the C 13
port(s).
lldp med location civic [county Sets civic location information, such as street address C 13
<county>] [city <city>] and city name.
[division <division>]
[neighbor <neighbor>]
[street <street>]
[leading-street-direction
<value>] [trailing-street-
suffix <value>] [street-suffix
<value>] [house-number <num>]
[house-number-suffix <value>]
[landmark <landmark>]
[additional-location <value>]
[name <value>] [zip-code
<value>] [building <value>]
[unit <value>] [floor <value>]
[room-number <value>]
[place-type <value>]
[postal-community-name <value>]
[post-office-box <value>]
[additional-code <value>]

Ethernet Switch CLI Reference Guide

177
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

Table 123 lldp Command Summary (continued)

COMMAND DESCRIPTION M P
lldp med location coordinate Sets coordinate location information. C 13
[latitude <north|south>
Latitude value: -90º to 90º
<value>][longitude <west|east >
<value>][altitude Longtitude value: -180º to 180º
<meters|floor> <value>][datum
Altitude value: -2097151 to 2097151 in meters or -
<WGS84|NAD83-NAVD88|NAD83-
2097151 to 2097151 in the number of floors
MLLW>]
lldp med location elin Sets location information of a caller by its ELIN C 13
<number> (Emergency Location Identifier Number).

number: a ten-digit phone number

lldp med network-policy Sets a network policy for the specified application. C 13
<voice|voice-signaling|guest-
voice|guest-voice-
signaling|softphone-
voice|video-
conferencing|streaming-
video|video-signaling>
[tagged|untagged][vlan <vlan-
id>][priority <priority>][dscp
<dscp>]
lldp med topology-change- Enables the sending of LLDP-MED topology change C 13
notification traps when devices are connected to or
disconnected from the specified ports.
lldp notification Enables the sending of LLDP traps. C 13

lldp org-specific-tlv dot1 Enables the sending of IEEE 802.1 Port and Protocol C 13
port-protocol-vlan-id VLAN ID TLVs, which contains the VLAN ID and
indicates whether the VLAN is enabled and
supported.
lldp org-specific-tlv dot1 Enables the sending of IEEE 802.1 Port VLAN ID TLVs, C 13
port-vlan-id which contains the port’s VLAN ID.

lldp org-specific-tlv dot3 Enables the sending of IEEE 802.3 Link Aggregation C 13
link-aggregation TLVs, which shows the link aggregation status of the
port(s).
lldp org-specific-tlv dot3 mac- Enables the sending of IEEE 802.3 MAC/PHY C 13
phy Configuration/Status TLV, which shows duplex and
rate settings and indicates whether auto negotiation
is supported on the port.
lldp org-specific-tlv dot3 max- Enables the sending of IEEE 802.3 Maximum Frame Size C 13
frame-size TLVs on the port(s).

lldp org-specific-tlv dot3 Enables the sending of IEEE 802.3 Power via MDI TLVs, C 13
power-via-mdi which indicates whether power can be supplied via a
media dependent interface (MDI) on the port(s).
lldp org-specific-tlv med Enables the sending of location TLVs on the port(s). C 13
location
lldp org-specific-tlv med Enables the sending of network policy TLVs on the C 13
network-policy port(s).

no lldp admin-status Resets the port(s) to default setting on sending or C 13

receiving LLDP packets.
no lldp basic-tlv management- Disables the sending of Management Address TLVs on C 13
address the port(s).

Ethernet Switch CLI Reference Guide

178
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

Table 123 lldp Command Summary (continued)

COMMAND DESCRIPTION M P
no lldp basic-tlv port- Disables the sending of Port Description TLVs on the C 13
description port(s).

no lldp basic-tlv system- Disables the sending of System Capabilities TLVs on C 13

capabilities the port(s).

no lldp basic-tlv system- Disables the sending of System Description TLVs on the C 13
description port(s).

no lldp basic-tlv system-name Disables the sending of System Name TLVs on the C 13
port(s).
no lldp med location Deletes all location identification. C 13

no lldp med location Deletes location identification of the specified type. C 13

<civic|coordinate|elin>
no lldp med network-policy Deletes network policies for all connected media C 13
endpoint devices.
no lldp med network-policy Deletes network policies for the specified C 13
<voice|voice-signaling|guest- applications.
voice|guest-voice-
signaling|softphone-voice|vid
eo-conferencing|streaming-
video|video-signaling>
no lldp med topology-change- Disables the sending of LLDP-MED topology change C 13
notification traps.

no lldp notification Disables the sending of LLDP traps. C 13

no lldp org-specific-tlv dot1 Disables the sending of IEEE 802.1 Port and Protocol C 13
port-protocol-vlan-id VLAN ID TLVs on the port(s).

no lldp org-specific-tlv dot1 Disables the sending of IEEE 802.1 Port VLAN ID TLVs on C 13
port-vlan-id the port(s).

no lldp org-specific-tlv dot3 Disables the sending of IEEE 802.3 Link Aggregation C 13
link-aggregation TLVs on the port(s).

no lldp org-specific-tlv dot3 Disables the sending of IEEE 802.3 MAC/PHY C 13

mac-phy Configuration/Status TLVs on the port(s).

no lldp org-specific-tlv dot3 Disables the sending of IEEE 802.3 Maximum Frame C 13
max-frame-size Size TLVs on the port(s).

no lldp org-specific-tlv dot3 Disables the sending of IEEE 802.3 Power via MDI TLVs C 13
power-via-mdi on the port(s).

lldp Enables the LLDP feature on the Switch. C 13

lldp reinitialize-delay <1-10> Sets a number of seconds for LLDP wait to initialize on C 13
a port.
lldp transmit-delay <1-8192> Sets the delay (in seconds) between the successive C 13
LLDPDU transmissions initiated by value or status
changes in the Switch MIB.

Ethernet Switch CLI Reference Guide

179
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

Table 123 lldp Command Summary (continued)

COMMAND DESCRIPTION M P
lldp transmit-hold <2-10> Sets the time-to-live (TTL) multiplier of the LLDP C 13
packets. The device information on the neighboring
devices ages out and is discarded when its
corresponding TTL expires. The TTL value is to multiply
the TTL multiplier by the LLDP packets transmitting
interval.

Note: Make sure the LLDP packet transmitting

interval is shorter than its TTL to have the
Switch’s device information being
updated in the neighboring devices
before it ages out.
lldp transmit-interval <5-32768> Sets the interval (in seconds) the Switch waits before C 13
sending LLDP packets.
no lldp Disables the LLDP feature on the Switch. C 13

show lldp config Displays the global LLDP settings on the Switch. E 3

show lldp config interface port- Displays the LLDP settings on the specified port(s). E 3
channel <port-list>
show lldp info local Displays the Switch’s device information. E 3

show lldp info local interface Displays the LLDP information for the specified port(s). E 3
port-channel <port-list>
show lldp info remote Displays the device information from the neighboring E 3
devices.
show lldp info remote interface Displays the neighboring device information received E 3
port-channel <port-list> on the specified port(s).

show lldp statistic Displays LLDP statistics on the Switch. E 3

show lldp statistic interface port- Displays LLDP statistics of the specified port(s). E 3
channel <port-list>
clear lldp statistic Resets the LLDP statistics counters to zero. E 13

clear lldp remote_info Deletes all device information from the neighboring E 13
devices.
clear lldp remote_info interface Deletes remote device information on the specified E 13
port-channel <port-list> port(s).

43.3 Command Examples

This example enables LLDP on the Switch, sets port 2 to send and receive LLDP packets and allows the
Switch to send optional basic management TLVs (such as management-address, port-description and

Ethernet Switch CLI Reference Guide

180
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

system-description TLVs) on port 2. This example also shows the LLDP settings on port 2 and global LLDP
settings on the Switch.

sysname# configure
sysname(config)# lldp
sysname(config)# interface port-channel 2
sysname(config-interface)# lldp admin-status tx-rx
sysname(config-interface)# lldp basic-tlv management-address
sysname(config-interface)# lldp basic-tlv port-description
sysname(config-interface)# lldp basic-tlv system-description
sysname(config-interface)# exit
sysname(config)# exit
sysname# show lldp config interface port-channel 2
LLDP Port Configuration:
Port AdminStatus Notification BasicTLV Dot1TLV Dot3TLV
2 tx-rx Disable P-D-M -- ----
Basic TLV Flags: (P)Port Description, (N)System Name, (D)System
Description
(C)System Capabilities, (M)Management Address
802.1 TLV Flags: (P)Port & Protocol VLAN ID, (V)Port VLAN ID
802.3 TLV Flags: (L)Link Aggregation, (M)MAC/PHY Configuration/Status
(F)Maximun Frame Size, (P)Power Via MDI
sysname# show lldp config
LLDP Global Configuration:
Active: Yes
Transmit Interval: 30 seconds
Transmit Hold: 4
Transmit Delay: 2 seconds
Reinitialize Delay: 2 seconds

sysname#

See Chapter 19 on page 75 for DCB configuration and examples.

This example shows global Switch LLDP settings.

sysname# show lldp config

LLDP Global Configuration:
Active: No
Transmit Interval: 30 seconds
Transmit Hold: 4
Transmit Delay: 2 seconds
Reinitialize Delay: 2 seconds

sysname#

The following table describes the labels in this screen.

Table 124 Switch LLDP settings

LABEL DESCRIPTION
Active This displays whether LLDP is enabled on the Switch. It is disabled by default.
Transmit Interval This displays how long the Switch waits before sending LLDP packets.

Ethernet Switch CLI Reference Guide

181
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

Table 124 Switch LLDP settings (continued)

LABEL DESCRIPTION
Transmit Hold This displays the time-to-live (TTL) multiplier of LLDP frames. The device information on
the neighboring devices ages out and is discarded when its corresponding TTL expires.
The TTL value is to multiply the TTL multiplier by the LLDP packets transmitting interval.
Transmit Delay This displays the delay (in seconds) between the successive LLDP PDU transmissions
initiated by value or status changes in the Switch MIB.
Reinitialize Delay This displays the number of seconds for LLDP to wait before initializing on a port.

This example shows LLDP settings on a port.

sysname# show lldp config interface port-channel 2

LLDP Port Configuration:
Port AdminStatus Notification BasicTLV Dot1TLV Dot3TLV
2 tx-rx Disable ----- --EFA ----
Basic TLV Flags: (P)Port Description, (N)System Name, (D)System Description
(C)System Capabilities, (M)Management Address
802.1 TLV Flags: (P)Port & Protocol VLAN ID, (V)Port VLAN ID
(E)DCBX ETS Configuration, (F)DCBX PFC Configuration
(A)DCBX Application Priority Configuration
802.3 TLV Flags: (L)Link Aggregation, (M)MAC/PHY Configuration/Status
(F)Maximum Frame Size, (P)Power Via MDI
sysname#

The following table describes the labels in this screen.

Table 125 LLDP settings on a port

LABEL DESCRIPTION
Port This displays the port number with this LLDP configuration.
AdminStatus This displays whether LLDP transmission and/or reception is allowed on this port.
Notification This displays whether LLDP notification is enabled on this port.
BasicTLV This shows which Basic TLC flags are enabled on this port. For example, ‘N’ is System
Name.
Dot1TLV This shows which 802.1 TLV flags are enabled on this port. For example, ‘V’ is Port VLAN
ID.
Dot3TLV This shows which 802.3 TLV flags are enabled on this port. For example, ‘L’ is Link
Aggregation.
BasicTLV Flags The Basic TLV Flags are (P) Port Description, (N) System Name, (D) System Description,
(C) System Capabilities, and (M) Management Address.
802.1TLV Flags The 802.1 TLV Flags are (P) Port & Protocol VLAN ID, (V) Port VLAN ID, (E) DCBX ETS
Configuration, (F) DCBX PFC Configuration and (A) DCBX Application Priority
Configuration.
802.3TLV Flags The 802.3 TLV Flags are (L) Link Aggregation, (M) MAC/PHY Configuration/Status, (F)
Maximum Frame Size, and (P) Power Via MDI.

Ethernet Switch CLI Reference Guide

182
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

This example shows global Switch LLDP statistics.

sysname# show lldp statistic

LLDP Global Statistic:
Neighbor Entries List Last Update: 0:00:00
New Neighbor Entries Count: 0
Neighbor Entries Deleted Count: 0
Neighbor Entries Dropped Count: 0
Neighbor Entries Ageout Count: 0

sysname#

The following table describes the labels in this screen.

Table 126 Switch LLDP statistics

LABEL DESCRIPTION
Neighbor Entries List Last Update This displays the time the LLDP database was last updated for this and
neighboring Switches.
New Neighbor Entries Count This displays the number of new neighbors added to the LLDP database
since the last update.
Neighbor Entries Deleted Count This displays the number of neighbors deleted from the LLDP database since
the last update.
Neighbor Entries Dropped Count This displays the number of neighbors dropped from the LLDP database
since the last update.
Neighbor Entries Ageout Count This displays the number of neighbors with expired TTLs since the last update.

This example shows LLDP statistics on a port

sysname#

The following table describes the labels in this screen.

Table 127 LLDP statistics on a port

LABEL DESCRIPTION
Local Port This displays the port number with these LLDP statistics.
Frames Discarded This displays the number of discarded frames on this port.
Frames Invalid This displays the number of invalid frames on this port.
Frames Received This displays the number of frames received on this port.
Frames Sent This displays the number of frames sent on this port.
TLVs Unrecognized This displays the number of unrecognized TLVS on this port.

Ethernet Switch CLI Reference Guide

183
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

Table 127 LLDP statistics on a port (continued)

LABEL DESCRIPTION
TLVs Discarded This displays the number of discarded TLVs on this port.
Neighbor Ageouts This displays the number of neighbors with expired TTLs on this port.

This example shows local Switch (the Switch you’re accessing) LLDP information

sysname# show lldp info local

LLDP Global Local Device Information:
Chassis ID Subtype: mac-address
Chassis ID: 00:19:cb:00:00:02
System Name: sysname
System Description: V4.00(AAEW.0)b7 | 12/11/2012
System Capabilities Supported: Bridge
System Capabilities Enabled: Bridge
Management Address :
Management Address Subtype: ipv4 / all-802
Interface Number Subtype: unknown
Interface Number: 0
Object Identifier: 0

sysname#

The following table describes the labels in this screen.

Table 128 Local LLDP Information

LABEL DESCRIPTION
LLDP Global Local Device This contains the chassis ID subtype, chassis ID, and system name.
Information
System Description This shows the firmware version number and date released.
System Capabilities This shows what functionality the Switch supports.
Supported
System Capabilities This shows what functionality is enabled on the Switch.
Enabled
Management Address This contains the management address subtype, interface number subtype, interface
number, and object identifier.

Ethernet Switch CLI Reference Guide

184
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

This example shows local Switch (the Switch you’re accessing) LLDP information on a port.

sysname#

The following table describes the labels in this screen.

Table 129 Local Switch LLDP information on a port

LABEL DESCRIPTION
LLDP Local Device This displays the local port, port ID, and port description.
Information Detail
Port VLAN ID This displays the VLAN ID for this port.
DCBX Application Priority This displays the priority given to FCoE traffic on the Switch.
DCBX ETS Configuration This displays the Willing Bit, Max Traffic Classes, and Traffic Class binding for each
priority.
DCBX PFC Configuration This displays the Willing Bit, PFC capability, and priority enable list.
MAC PHY Configuration & This displays the AN Supported, AN Enabled, AN Advertised Capability, Oper MAU type
Status
Link Aggregation This displays the capability, status, and port ID.
Max Frame Size This displays the maximum frame size on this port.

Ethernet Switch CLI Reference Guide

185
This example shows remote Switch (the Switch connected to the port on the Switch you’re accessing)
LLDP information.

sysname# show lldp info remote interface port-channel 2

LLDP Remote Device Information Detail:
Local Port: 2
Chassis ID Subtype: mac-address
Chassis ID: 00:19:cb:00:00:02
Port ID Subtype: local-assigned
Port ID: 47
Time To Live: 120
Extended TLV Info 802.1 OUI (hex value) = 00-80-c2
-Port VLAN ID
-ID: 1
-DCBX Application Priority
ether-type: fcoe Priority: 2
-DCBX ETS Configuration
-Willing Bit: False
-Max Traffic Classes: 3
-Priority-Group 7: Strict-priority, Priority-list:-
-Priority-Group 6: Strict-priority, Priority-list:-
-Priority-Group 5: Strict-priority, Priority-list:-
-Priority-Group 4: Strict-priority, Priority-list:-
-Priority-Group 3: Strict-priority, Priority-list:-
-Priority-Group 2: Strict-priority, Priority-list:7
-Priority-Group 1: ETS Bandwidth 50%, Priority-list:3-6
-Priority-Group 0: ETS Bandwidth 50%, Priority-list:0-2
-DCBX PFC Configuration
-Willing Bit: True
-PFC capability: 8
-Priority enable list: 0-2
Extended TLV Info 802.3 OUI (hex value) = 00-12-0f
-Max Frame Size
-Frame Size: 1518
--------------------------------------------------
sysname#

The following table describes the labels in this screen.

Table 130 Remote Switch LLDP information

LABEL DESCRIPTION
LLDP Remote Device This contains the following information:
Information Detail
Local Port This is the local port number which receives the LLDPDU from the remote Switch.
Chassis ID Subtype This displays how the chassis of the remote Switch is identified.
Chassis ID This displays the chassis ID of the remote Switch. The chassis ID is identified by the
chassis ID subtype.
Port ID Subtype This displays how the port is identified.
Port ID This is the ID of the remote Switch.
Time To Live This displays the time-to-live (TTL) multiplier of LLDP frames. The device information on
the neighboring devices ages out and is discarded when its corresponding TTL expires.
The TTL value is to multiply the TTL multiplier by the LLDP frames transmitting interval.
Extended TLV Info 802.1 The 802.1 organizationally specific TLVs start with the 24-bit organizationally unique
OUI (hex value) identifier (OUI) and a 1 byte organizationally specific subtype followed by data. Each
organization is responsible for managing their subtypes.
Port VLAN ID This TLV displays the VLAN ID for the remote Switch.

Ethernet Switch CLI Reference Guide

186
Chapter 43 Link Layer Discovery Protocol (LLDP) Commands

Table 130 Remote Switch LLDP information (continued)

LABEL DESCRIPTION
DCBX Application Priority This TLV displays the priority given to FCoE traffic on the remote Switch.
DCBX ETS Configuration This TLV displays the willing bit, ETS capability and traffic class settings configured by ETS
on the remote Switch.
DCBX PFC Configuration This TLV displays the willing bit, PFC capability, and enabled priority list configured by
PFC on the remote Switch.
Extended TLV Info 802.3 The 802.3 organizationally specific TLVs start with the 24-bit organizationally unique
OUI (hex value) identifier (OUI) and a 1 byte organizationally specific subtype followed by data. Each
organization is responsible for managing their subtypes.
Max Frame Size This TLV displays the maximum transmission unit (MTU) sent by the remote Switch.

Ethernet Switch CLI Reference Guide

187
C H A P T E R 44
Load Sharing Commands

44.1 Load Sharing Overview

The Switch learns the next-hop(s) using ARP and determines routing path(s) for a destination. The Switch
supports Equal-Cost MultiPath (ECMP) to forward packets destined to the same device through different
routing paths of equal path cost. This allows you to balance or share traffic loads between multiple
routing paths when the Switch is connected to more than one next-hop. ECMP works with static routes
or a routing protocol, such as OSPF.

With ECMP, packets are routed through the paths of equal cost according to the hash algorithm output.

The maximum number of paths for one ECMP (Equal-Cost MultiPath) route varies by Switch. A smaller
number of maximum-paths means more ECMP routes are allowed and a larger number of maximum-
paths means fewer ECMP routes are allowed.

The number of paths for a static route for ECMP cannot be bigger than the maximum-paths value.

Throughput may be influenced while configuring ECMP maximum-paths.

44.2 Command Summary

The following section lists the commands for this feature.

Table 131 load-sharing Command Summary

COMMAND DESCRIPTION M P
ip load-sharing Enables load sharing on the Switch. C 13

ip load-sharing <sip|sip-dip> Sets the criteria the Switch uses to determine the routing C 13
path for a packet.

sip: the Switch uses a hash algorithm to convert a

packet’s source IP address into a hash value which acts as
an index to a route path.

sip-dip: the Switch uses a hash algorithm to convert a

packet’s source and destination IP addresses into a hash
value which acts as an index to a route path.
ip load-sharing aging-time <0- Sets the time interval (from 0 to 86400 in increments of 10) C 13
86400> in seconds at which the Switch sends an ARP request to
update a resolved next-hop’s MAC address.
ip load-sharing discover-time Sets the time interval (from 0 to 86400 in increments of 10) C 13
<0-86400> in seconds at which the Switch sends an ARP request to
update an unresolved next-hop’s MAC address.

Ethernet Switch CLI Reference Guide

188
Table 131 load-sharing Command Summary (continued)
COMMAND DESCRIPTION M P
ip load-sharing maximum-path Set the maximum number of paths for one ECMP (Equal- C 13
Cost MultiPath) route.
no ip load-sharing Disables load sharing on the Switch. C 13

44.3 Command Examples

This example enables Equal-Cost MultiPath (ECMP) routing on the Switch and sets the Switch to use a
packet’s source and destination IP addresses to determine the routing path for the packet.

sysname# configure
sysname(config)# ip load-sharing
sysname(config)# ip load-sharing sip-dip
sysname(config)#

Ethernet Switch CLI Reference Guide

189
C H A P T E R 45
Logging Commands
Use these commands to manage system logs.

45.1 Command Summary

The following section lists the commands for this feature.

Table 132 logging Command Summary

COMMAND DESCRIPTION M P
show logging Displays system logs. E 3

Press [CTRL]+C to terminate the process.

clear logging Clears system logs. E 13

45.2 Command Examples

This example displays the system logs.

sysname# show logging

1 Thu Jan 1 00:02:08 1970 PP05 -WARN SNMP TRAP 3: link up
2 Thu Jan 1 00:03:14 1970 INFO adjtime task pause 1 day
3 Thu Jan 1 00:03:16 1970 PP0f -WARN SNMP TRAP 26: Event On Trap
4 Thu Jan 1 00:03:16 1970 PINI -WARN SNMP TRAP 1: warm start
5 Thu Jan 1 00:03:16 1970 PINI -WARN SNMP TRAP 3: link up
6 Thu Jan 1 00:03:16 1970 PINI INFO main: init completed
7 Thu Jan 1 00:00:13 1970 PP26 INFO adjtime task pause 1 day
8 Thu Jan 1 00:00:14 1970 PP0f -WARN SNMP TRAP 26: Event On Trap
9 Thu Jan 1 00:00:14 1970 PINI -WARN SNMP TRAP 0: cold start
10 Thu Jan 1 00:00:14 1970 PINI INFO main: init completed
11 Thu Jan 1 00:00:04 1970 PP05 -WARN SNMP TRAP 3: link up
11 Thu Jan 1 00:00:04 1970 PP05 -WARN SNMP TRAP 3: link up
sysname#

Ethernet Switch CLI Reference Guide

190
Chapter 46 Login Account Commands

C H A P T E R 46
Login Account Commands
Use these commands to configure login accounts on the Switch.

46.1 Password Encryption

See Section 60.1 on page 230 for information on this feature.

46.2 Command Summary

The following section lists the commands for this feature.

Table 133 logins Command Summary

COMMAND DESCRIPTION M P
show logins Displays login account information. E 3

logins username <name> password Creates account with the specified user name and sets C 14
[cipher] <password> privilege the password and privilege. The privilege level is applied
<0-14> the next time the user logs in.

name: 1-32 alphanumeric characters.

password: 32 alphanumeric characters.

cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used for password
encryption. To encrypt the password, use the password
encryption command.
no logins username <name> Removes the specified account. C 14

Ethernet Switch CLI Reference Guide

191
46.3 Command Examples
This example creates a new user user2 with privilege 13.

sysname# config
sysname(config)# logins username user2 password 1234 privilege 13
sysname(config)# exit
sysname# show logins
Login Username Privilege
1 user2 13
2 0
3 0
4 0

Ethernet Switch CLI Reference Guide

192
Chapter 47 Loopguard Commands

C H A P T E R 47
Loopguard Commands
Use these commands to configure the Switch to guard against loops on the edge of your network. The
Switch shuts down a port if the Switch detects that packets sent out on the port loop back to the Switch.

47.1 Command Summary

The following section lists the commands for this feature.

Table 134 loopguard Command Summary

COMMAND DESCRIPTION M P
show loopguard Displays which ports have loopguard enabled as well as E 3
their status.
loopguard Enables loopguard on the Switch. C 13

no loopguard Disables loopguard on the Switch. C 13

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
loopguard Enables the loopguard feature on the port(s). You have to C 13
enable loopguard on the Switch as well. The Switch shuts
down a port if the Switch detects that packets sent out on
the port loop back to the Switch.

Note: The loop guard feature can not be enabled

on the ports that have Spanning Tree Protocol
(RSTP, MRSTP or MSTP) enabled.
no loopguard Disables the loopguard feature on the port(s). C 13

clear loopguard Clears loopguard counters. E 13

Ethernet Switch CLI Reference Guide

193
47.2 Command Examples
This example enables loopguard on ports 1-3.

sysname# configure
sysname(config)# loopguard
sysname(config)# interface port-channel 1-3
sysname(config-interface)# loopguard
sysname(config-interface)# exit
sysname(config)# exit
sysname# show loopguard
LoopGuard Status: Enable

Port Port LoopGuard Total Total Bad Shutdown

No Status Status TxPkts RxPkts Pkts Time
---- -------- --------- -------- -------- ---- ------------------
1 Active Enable 0 0 0 00:00:00 UTC Jan 1 1970
2 Active Enable 0 0 0 00:00:00 UTC Jan 1 1970
3 Active Enable 0 0 0 00:00:00 UTC Jan 1 1970
4 Active Disable 0 0 0 00:00:00 UTC Jan 1 1970
--------------------------------- SNIP ---------------------------------

The following table describes the labels in this screen.

Table 135 show loopguard

LABEL DESCRIPTION
LoopGuard Status This field displays whether or not loopguard is enabled on the Switch.
Port No This field displays the port number.
Port Status This field displays whether or not the port is active.
LoopGuard Status This field displays whether or not loopguard is enabled on the port.
Total TxPkts This field displays the number of packets that have been sent on this port since
loopguard was enabled on the port.
Total RxPkts This field displays the number of packets that have been received on this port since
loopguard was enabled on the port.
Bad Pkts This field displays the number of invalid probe packets that were received on this port.
Shutdown Time This field displays the last time the port was shut down because a loop state was
detected.

Ethernet Switch CLI Reference Guide

194
Chapter 48 MAC Address Commands

C H A P T E R 48
MAC Address Commands
Use these commands to look at the MAC address table and to configure MAC address learning. The
Switch uses the MAC address table to determine how to forward frames.

48.1 Command Summary

The following section lists the commands for this feature.

Table 136 mac, mac-aging-time, and mac-flush Command Summary

COMMAND DESCRIPTION M P
show mac-aging-time Displays MAC learning aging time. E 3

mac-aging-time <10-1000000> Sets learned MAC aging time in seconds. C 13

show mac address-table all Displays MAC address table. You can sort by MAC E 3
[<sort>] address, VID or port.

sort: MAC, VID, or PORT.

show mac address-table count Displays the total number of MAC addresses in the MAC E 3
address table.
show mac address-table port Displays the MAC address table for the specified port(s). E 3
<port-list> [<sort>] Sorted by MAC, Port or VID.

sort: MAC, VID, or PORT.

show mac address-table static Displays the static MAC address table. E 3

show mac address-table vlan Displays the MAC address table for the specified VLAN(s). E 3
<vlan-list> [<sort>] Optionally, sorted by MAC, Port or VID.

sort: MAC, VID, or PORT.

show mac address-table mac <mac- Displays a specified MAC entry. E 3
addr>
show mac address-table multicast Displays the multicast MAC addresses learned by the E 3
Switch.
mac-flush [<port-num>] Clears the MAC address table. Optionally, removes all E 13
learned MAC address on the specified port.
mac-transfer dynamic-to-filter Displays and changes a dynamically learned MAC C 13
mac <mac-addr> address entry into a MAC filtering entry.

mac-transfer dynamic-to-filter Displays and changes all dynamically learned MAC C 13

interface port-channel <port- address entries on the specified port(s) into MAC filtering
list> entries.

mac-transfer dynamic-to-filter Displays and changes all dynamically learned MAC C 13

vlan <vlan-list> address entries in the specified VLAN(s) into MAC filtering
entries

Ethernet Switch CLI Reference Guide

195
Table 136 mac, mac-aging-time, and mac-flush Command Summary (continued)
COMMAND DESCRIPTION M P
mac-transfer dynamic-to-forward Displays and changes a dynamically learned MAC C 13
mac <mac-addr> address entry into a MAC forwarding entry.

mac-transfer dynamic-to-forward Displays and changes all MAC addresses dynamically C 13

interface port-channel <port- learned on the specified port(s) into static MAC addresses.
list>
mac-transfer dynamic-to-forward Displays and changes all dynamically learned MAC C 13
vlan <vlan-list> addresses in the specified VLAN(s) into static MAC
addresses.

48.2 Command Examples

This example shows the current MAC address table.

sysname# show mac address-table all

Port VLAN ID MAC Address Type
2 1 00:00:e8:7c:14:80 Dynamic
2 1 00:04:80:9b:78:00 Dynamic
2 1 00:0f:fe:ad:58:ab Dynamic
2 1 00:13:49:6b:10:55 Dynamic
2 1 00:13:d3:f0:7e:f0 Dynamic
2 1 00:18:f8:04:f5:67 Dynamic
2 1 00:80:c8:ef:81:d3 Dynamic
2 1 00:a0:c5:00:00:01 Dynamic

The following table describes the labels in this screen.

Table 137 show mac address-table

LABEL DESCRIPTION
Port This is the port from which the above MAC address was learned.

Drop: The entry is created from a filtering rule.

VLAN ID This is the VLAN group to which this frame belongs.
MAC Address This is the MAC address of the device from which this frame came.
Type This shows whether the MAC address is dynamic (learned by the Switch) or static
(manually entered using mac-forward commands, see Chapter 52 on page 203).

Ethernet Switch CLI Reference Guide

196
Chapter 49 MAC Authentication Commands

C H A P T E R 49
MAC Authentication
Commands
Use these commands to configure MAC authentication on the Switch.

49.1 MAC Authentication Overview

MAC authentication allows you to validate access to a port based on the MAC address and password
of the client.

Note: You also need to configure a RADIUS server (see Chapter 70 on page 261).

See also Chapter 32 on page 118 for IEEE 802.1x port authentication commands and Chapter 64 on
page 241 for port security commands.

49.2 Command Summary

The following section lists the commands for this feature.

Table 138 mac-authentication Command Summary

COMMAND DESCRIPTION M P
show mac-authentication Displays MAC authentication settings for the Switch. E 3

show mac-authentication config Displays MAC authentication settings on a port by port E 3

basis with authentication statistics for each port.
mac-authentication Enables MAC authentication on the Switch. C 13

mac-authentication nameprefix Sets the prefix appended to the MAC address before it is C 13
<name-string> sent to the RADIUS server for authentication. The prefix can
be up to 32 printable ASCII characters.
mac-authentication password Sets the password sent to the RADIUS server for clients using C 13
<name-string> MAC authentication. The password can be up to 32
printable ASCII characters.
mac-authentication timeout <1- Specifies the amount of time before the Switch allows a C 13
3000> client MAC address that fails authentication to try and
authenticate again.

This settings is superseded by the mac-aging-time

command.

Ethernet Switch CLI Reference Guide

197
Table 138 mac-authentication Command Summary (continued)
COMMAND DESCRIPTION M P
no mac-authentication Disables MAC authentication on the Switch. C 13

no mac-authentication timeout Sets the MAC address entries learned via MAC C 13
authentication to never age out.
interface port-channel <port- Enables a port or a list of ports for configuration. C 13
list>
mac-authentication Enables MAC authentication via a RADIUS server on the C 13
port(s).
no mac-authentication Disables MAC authentication via a RADIUS server on the C 13
port(s).
mac-authentication trusted- Sets the clients in the specified VLAN(s) to access the C 13
vlan <vlan-list> port(s) and the connected networks without MAC
authentication.
no mac-authentication Removes the trusted VLAN settings. C 13
trusted-vlan <vlan-list>

49.3 Command Examples

This example enables MAC authentication on the Switch. Specifies the name prefix clientName and the
MAC authentication password Lech89. Next, MAC authentication is activated on ports 1 - 5 and
configuration details are displayed.

sysname(config)# mac-authentication
sysname(config)# mac-authentication nameprefix clientName
sysname(config)# mac-authentication password Lech89
sysname(config)# interface port-channel 1-5
sysname(config-interface)# mac-authentication
sysname(config-interface)# exit
sysname(config)# exit
sysname# show mac-authentication
NamePrefix: clientName
Password: Lech89
Update Time: None
Deny Number: 0

Ethernet Switch CLI Reference Guide

198
Chapter 50 MAC-based VLAN

C H A P T E R 50
MAC-based VLAN
Use these commands to bind a client source MAC address to a VLAN on the Switch.

50.1 MAC-based VLAN Overview

The MAC-based VLAN feature assigns incoming untagged packets to a VLAN and classifies the traffic
based on the source MAC address of the packet. When untagged packets arrive at the switch, the
source MAC address of the packet is looked up in a MAC to VLAN mapping table.

If an entry is found, the corresponding VLAN ID is assigned to the packet. The assigned VLAN ID is verified
against the VLAN table. If the VLAN is valid, ingress processing on the packet continues; otherwise, the
packet is dropped.

This feature allows users to change ports without having to reconfigure the VLAN, which allows better
mobility. You can assign priority to the MAC-based VLAN and define a MAC to VLAN mapping table by
entering a specified source MAC address in the MAC-based VLAN using a command. You can also
delete a MAC-based VLAN entry using a command described below.

50.2 Command Summary

The following section lists the commands for this feature.

Table 139 MAC-based VLAN Command Summary

COMMAND DESCRIPTION M P
mac-based-vlan name <name> Adds a binding client source MAC address to a VLAN and C 13
source-mac <mac-addr> vlan sets priority level.
<vlan-id> priority <0-7> Name: 1-32 alphanumeric characters
no mac-based-vlan source-mac Removes a binding client source MAC address to a VLAN. C 13
<mac-addr>
show mac-based-vlan Show status of the MAC-based VLAN. E 13

Ethernet Switch CLI Reference Guide

199
50.3 Command Example: add source MAC address
This example adds a binding source MAC address to a MAC-based VLAN with MAC address
00:11:22:33:44:55, VLAN ID number 3 and priority level 6..

sysname(config)# mac-based-vlan name test source-mac 00:11:22:33:44:55 vlan

3 priority 6
sysname(config)
sysname(config)# exit
sysname# show mac-based-vlan
Index Name Source MAC VLAN Priority
1 test 00:11:22:33:44:55 3 6

50.4 Command Example: remove source MAC address

This example deletes a binding source MAC address to a MAC-based VLAN with MAC address
00:11:22:33:44:55.

sysname(config)# no mac-based-vlan source-mac 00:11:22:33:44:55

sysname(config)# exit

Ethernet Switch CLI Reference Guide

200
C H A P T E R 51
MAC Filter Commands
Use these commands to filter traffic going through the Switch based on the MAC addresses and VLAN
group (ID).

Note: Use the running configuration commands to look at the current MAC filter settings. See
Chapter 74 on page 274.

Note: MAC filtering implementation differs across Switch models.

• Some models allow you to specify a filter rule and discard all packets with the specified MAC address
(source or destination) and VID.
• Other models allow you to choose whether you want to discard traffic originating from the specified
MAC address and VID (src), sent to the specified MAC address (dst) or both.

See Section 51.2 on page 202 and Section 51.3 on page 202 for examples.

51.1 Command Summary

The following section lists the commands for this feature.

Table 140 mac-filter Command Summary

COMMAND DESCRIPTION M P
mac-filter name <name> mac <mac- Configures a static MAC address port filtering rule. C 13
addr> vlan <vlan-id>
name: 1-32 alphanumeric characters
no mac-filter mac <mac-addr> Deletes the specified MAC filter rule. C 13
vlan <vlan-id>
mac-filter name <name> mac <mac- Disables a static MAC address port filtering rule. C 13
addr> vlan <vlan-id> inactive
name: 1-32 alphanumeric characters
no mac-filter mac <mac-addr> Enables the specified MAC-filter rule. C 13
vlan <vlan-id> inactive
mac-filter name <name> mac <mac- Specifies the source and or destination filter parameters. C 13
addr> vlan <vlan-id> drop
<src|dst|both>

Ethernet Switch CLI Reference Guide

201
Chapter 51 MAC Filter Commands

51.2 Command Example

This example creates a MAC filter called “filter1” that drops packets coming from or going to the MAC
address 00:12:00:12:00:12 on VLAN 1.

sysname(config)# mac-filter name filter1 mac 00:12:00:12:00:12 vlan 1

51.3 Command Example: Filter Source

The next example is for Switches that support the filtering of frames based on the source or destination
MAC address only. This example creates a filter “sourcefilter” that drops packets originating from the
MAC address af:af:01:01:ff:02 on VLAN 2.

sysname(config)# mac-filter name sourcefilter mac af:af:01:01:ff:02 vlan 2

drop src

Ethernet Switch CLI Reference Guide

202
C H A P T E R 52
MAC Forward Commands
Use these commands to configure static MAC address forwarding.

Note: Use the mac commands to look at the current mac-forward settings. See Chapter 48 on
page 195.

52.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 141 mac-forward User-input Values

COMMAND DESCRIPTION
name 1-32 alphanumeric characters

The following section lists the commands for this feature.

Table 142 mac-forward Command Summary

COMMAND DESCRIPTION M P
mac-forward name <name> mac Configures a static MAC address forwarding rule. C 13
<mac-addr> vlan <vlan-id>
interface <interface-id>
no mac-forward mac <mac-addr> Removes the specified MAC forwarding entry, belonging C 13
vlan <vlan-id> interface to a VLAN group forwarded through an interface.
<interface-id>
mac-forward name <name> mac Disables a static MAC address forwarding rule. C 13
<mac-addr> vlan <vlan-id>
interface <interface-id>
inactive
no mac-forward mac <mac-addr> Enables the specified MAC address, belonging to a VLAN C 13
vlan <vlan-id> interface group forwarded through an interface.
<interface-id> inactive

Ethernet Switch CLI Reference Guide

203
Chapter 53 MAC Pinning Commands

C H A P T E R 53
MAC Pinning Commands
Use these commands to configure MAC pinning to set a port or multiple ports to have priority over other
ports in MAC address learning. That means when a MAC address (and VLAN ID) is learned on a MAC-
pinning-enabled port, the MAC address will not be learned on any other port until the aging time for the
dynamically learned MAC address in the table expires.

53.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 143 mac-pinning User-input Values

COMMAND DESCRIPTION
port-list The port number or a range of port numbers that you want to configure. Possible
values range from 1 to the number of ports on your Switch.

The following section lists the commands for this feature.

Table 144 mac-pinning Command Summary

COMMAND DESCRIPTION M P
mac-pinning Enables MAC pinning on the Switch. C 13

no mac-pinning Disables MAC pinning on the Switch. C 13

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
mac-pinning Enables MAC pinning on the specified port(s). C 13

no mac-pinning Disables MAC pinning on the specified port(s). C 13

show mac-pinning Displays MAC pinning settings E 3

Ethernet Switch CLI Reference Guide

204
Chapter 53 MAC Pinning Commands

53.2 Command Examples

This example enables MAC pinning on the Switch and port 3. It also shows the MAC pinning status.

sysname(config)# interface port-channel 3

sysname(config-interface)# mac-pinning
sysname(config-interface)# exit
sysname(config)# exit
sysname# show mac-pinning

MAC Pinning Status: Enable

Port Active
---- --------
1 No
2 No
3 Yes
4 No
5 No
6 No
7 No
8 No
9 No
10 No
11 No
12 No
13 No
14 No
15 No
16 No
17 No
18 No
19 No
20 No
21 No
22 No
23 No
24 No
25 No
26 No
27 No
28 No
sysname#

Ethernet Switch CLI Reference Guide

205
Chapter 54 Mirror Commands

C H A P T E R 54
Mirror Commands
Use these commands to copy a traffic flow for one or more ports to a monitor port (the port you copy
the traffic to) so that you can examine the traffic on the monitor port without interference.

In local port mirroring, the mirroring ports (through which traffic you copy passes) and the monitor port
are on the same device.

In remote port mirroring (RMirror), the mirroring ports and monitor port can be on different devices in a
network. You can use it to monitor multiple switches across your network. The traffic from the source
device’s mirroring port(s) is sent to a reflector port for VLAN tagging and copied to the connected
port(s). Traffic are then carried over the specified remote port mirroring (RMirror) VLAN and sent to the
destination device’s monitor port through the connected ports that connect to other switches.

Single-Destination RMirror
If the mirrored traffic is forwarded to one single destination switch, you can disable the reflector port. The
Switch adds RMirror VLAN tag and forwards mirrored traffic from the mirroring port to the connected
port directly.

Multi-Destination RMirror
If you configure more than one connected port on the source switch to forward the mirrored traffic to
multiple destination switches, you must enable a reflector port on the source switch.

Note: Use the running configuration commands to look at the current mirror settings. See
Chapter 74 on page 274.

Note: mirror-filter commands are not supported on all Switch models.

54.1 Command Summary

The following section lists the commands for this feature.

Table 145 mirror Command Summary

COMMAND DESCRIPTION M P
mirror-port Enables port mirroring on the Switch. C 13

mirror-port <port-num> Specifies the monitor port (the port to which traffic flow is C 13
copied) for port mirroring.
no mirror-port Disables port mirroring on the Switch. C 13

Ethernet Switch CLI Reference Guide

206
Table 145 mirror Command Summary (continued)
COMMAND DESCRIPTION M P
no mirror-port <port-num> Removes the specified monitor port. C 13

port-num: in a modular switch, enter the port number

preceded by a slot number and backslash (/). For
example, 3/11 indicates port 11 on the card in the third
slot.
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
port-list: in a modular switch, enter the port number
preceded by a slot number and backslash (/). For
example, 3/11 indicates port 11 on the card in the third
slot. Use a comma (,) to separate individual ports or a dash
(-) to indicates a range of ports. For example, “3/11,4/5” or
“3/7-3/9”.
mirror Enables port mirroring in the interface. C 13

mirror dir Enables port mirroring for incoming (ingress), outgoing C 13

<ingress|egress|both> (egress) or both incoming and outgoing (both) traffic.

no mirror Disables port mirroring on the port(s). C 13

Table 146 mirror-filter Command Summary

COMMAND DESCRIPTION M P
mirror-filter egress mac <mac- Copies outgoing frames with the specified source or C 13
addr> destination MAC address from mirrored ports to the
monitor port.
mirror-filter egress type This command works with the previous command, C 13
<all|dest|src> mirror-filter egress mac.

all: Specifies that the Switch should copy all outgoing

traffic from mirrored ports.

dest: Specifies that the Switch should copy all outgoing

traffic with the specified destination MAC address from
mirrored ports.

src: Specifies that the Switch should copy outgoing traffic

with the specified source MAC address from mirrored
ports.
mirror-filter ingress mac <mac- Copies incoming frames matching with the specified C 13
addr> source or destination MAC address from mirrored ports to
the monitor port.
mirror-filter ingress type This command works with the previous command, C 13
<all|dest|src> mirror-filter ingress mac.

all: Specifies that the Switch should copy all outgoing

traffic from mirrored ports.

dest: Specifies that the Switch should copy all incoming

traffic with the specified destination MAC address from
mirrored ports.

src: Specifies that the Switch should copy all incoming

traffic with the specified source MAC address from
mirrored ports.
show mirror Displays mirror settings of the Switch. E 3

Ethernet Switch CLI Reference Guide

207
Chapter 54 Mirror Commands

Table 147 rmirror Command Summary

COMMAND DESCRIPTION M P
rmirror vlan <vlan-id> Enters config-rmirror mode to create a remote port mirroring C 13
(RMirror) VLAN through which the mirrored traffic is forwarded.
connected-port <port-list> Sets the port(s) that helps forward mirrored traffic to other C 13
connected switches and/or receive mirrored traffic from other
connected port in the same RMirror VLAN.
no connected-port <port- Removes the specified connected port(s) from this RMirror C 13
list> VLAN.

destination monitor-port Sets the port to which you copy the traffic in order to examine it C 13
<port-num> in more detail without interfering with the traffic flow on the
<untagged|tagged> original port(s). You can also set whether to add the RMirror
VLAN tag to mirrored traffic on the monitor port.
no destination monitor-port Removes the destination monitor port from this RMirror VLAN. C 13

inactive Disables the RMirror VLAN. C 13

no inactive Enables the RMirror VLAN. C 13

source 8021p-priority <0 - Sets the priority of the mirrored traffic in this VLAN. C 13
7>
source mirror-port <port- Sets the port(s) on which traffic is mirrored and the traffic flow C 13
list> dir to be copied to the monitor port when the Switch is the source
<ingress|egress|both> device in remote port mirroring.

no source mirror-port <port- Sets the Switch to not mirror any traffic on the specified port(s). C 13
list>
no source mirror-port <port- Sets the Switch to not mirror outgoing (egress) traffic on the C 13
list> dir egress specified port(s).

no source mirror-port <port- Sets the Switch to not mirror incoming (ingress) traffic on the C 13
list> dir ingress specified port(s).

source reflector-port Enables the source reflector port. C 13

source reflector-port <port- Sets the port that adds the RMirror VLAN tag to all mirrored C 13
num> traffic and forwards traffic to the connected port(s) in the same
RMirror VLAN.
no source reflector-port Removes the source reflector port. C 13

no rmirror vlan <vlan-id> Removes the specified RMirror VLAN. C 13

show rmirror vlan Displays all RMirror VLANs settings on the Switch. E 3

show rmirror vlan <vlan-id> Displays the specified RMirror VLAN settings. E 3

54.2 Command Examples

This example enables port mirroring and copies outgoing traffic from ports 1, 4, 5, and 6 to port 3.

sysname(config)# mirror-port
sysname(config)# mirror-port 3
sysname(config)# interface port-channel 1,4-6
sysname(config-interface)# mirror
sysname(config-interface)# mirror dir egress

Ethernet Switch CLI Reference Guide

208
Chapter 54 Mirror Commands

This example displays the mirror settings of the Switch after you configured in the example above.

sysname# show mirror

Mirroring: enable
Monitor port: 3

Mirrored port: 1,4-6

Ingress:
Egress: 1,4-6
Both:

This example creates an RMirror VLAN with a VLAN ID of 200 on the Switch, sets port 6 as the reflector
port and sets the priority of mirrored traffic to 3 in this RMirror VLAN when the Switch is the source device.
This example also specifies the ports (4 and 5) on which traffic will be mirrored and shows the RMirror
VLAN settings.

sysname# configure
sysname(config)# rmirror vlan 200
sysname(config-rmirror)# source reflector-port 6
sysname(config-rmirror)# source reflector-port
sysname(config-rmirror)# source 8021p-priority 3
sysname(config-rmirror)# source mirror-port 4,5
sysname(config-rmirror)# exit
sysname(config)# exit
sysname# show rmirror vlan 200
RMirror VLAN:200 Active=Yes
----------------------------------------
Source
802.1p priority :3
Mirror-port :
Ingress :
Egress :
Both :4-5
Reflector-port
Active :Yes
Port :6
Destination
Monitor-port :
Connected-port :

sysname#

Ethernet Switch CLI Reference Guide

209
C H A P T E R 55
MRSTP Commands
Use these commands to configure MRSTP on the Switch.

55.1 MRSTP Overview

The Switch allows you to configure multiple instances of Rapid Spanning Tree Protocol (RSTP) as defined
in the following standard.

• IEEE 802.1w Rapid Spanning Tree Protocol

See Chapter 79 on page 292 for information on RSTP commands and Chapter 56 on page 213 for
information on MSTP commands.

55.2 Command Summary

The following section lists the commands for this feature.

Table 148 Command Summary: mrstp

COMMAND DESCRIPTION M P
show mrstp <tree-index> Displays multiple rapid spanning tree configuration for E 3
the specified tree.

tree-index: this is a number identifying the RSTP tree

configuration.

Note: The number of MRSTP tree configurations

supported differs by model. Refer to your
User’s Guide for details.
spanning-tree mode Specifies the STP mode you want to implement on the C 13
<RSTP|MRSTP|MSTP> Switch.

mrstp <tree-index> Activates the specified MRSTP configuration. C 13

mrstp <tree-index> priority <0- Sets the bridge priority of the Switch for the specified C 13
61440> MRSTP configuration.

mrstp <tree-index> hello-time <1- Sets the Hello Time, Maximum Age and Forward Delay C 13
10> maximum-age <6-40> forward- values on the Switch for the specified MRSTP
delay <4-30> configuration.

mrstp interface <port-list> Activates MRSTP on the specified ports. C 13

Ethernet Switch CLI Reference Guide

210
Chapter 55 MRSTP Commands

Table 148 Command Summary: mrstp

COMMAND DESCRIPTION M P
mrstp interface <port-list> edge- Sets the specified ports as edge ports. This allows the C 13
port port to transition to a forwarding state immediately
without having to go through the listening and
learning states.

Note: An edge port becomes a non-edge port

as soon as it receives a Bridge Protocol
Data Units (BPDU).
no mrstp interface <port-list> Sets the listed ports as non-edge ports. C 13
edge-port
mrstp interface <port-list> path- Sets a path cost to the specified ports. C 13
cost <1-65535>
mrstp interface <port-list> Sets the priority value to the specified ports for MRSTP. C 13
priority <0-255>
mrstp interface <port-list> Enables root guard on the specified port in order to C 13
rootguard prevent the switch(es) attached to the port from
becoming the root bridge.
no mrstp interface <port-list> Disables root guard on a port. C 13
rootguard
mrstp interface <port-list> tree- Assigns the specified port list to a specific MRSTP C 13
index <tree-index> configuration.

no mrstp <tree-index> Disables the specified MRSTP configuration. C 13

no mrstp interface <port-list> Disables the MRSTP assignment from the specified C 13
port(s).

55.3 Command Examples

This example configures MRSTP in the following way:

• Enables MRSTP on the Switch.

• Activates tree 1 and sets the bridge priority, Hello Time, Maximum Age and Forward Values for this
RSTP configuration.
• Activates MRSTP for ports 1-5 and sets path cost on these ports to 127.
• Adds ports 1-5 to tree index 1.
sysname(config)# spanning-tree mode mrstp
sysname(config)# mrstp 1
sysname(config)# mrstp 1 priority 16384
sysname(config)# mrstp 1 hello-time 2 maximum-age 15 forward-delay 30
sysname(config)# mrstp interface 1-5
sysname(config)# mrstp interface 1-5 path-cost 127
sysname(config)# mrstp interface 1-5 tree-index 1

Ethernet Switch CLI Reference Guide

211
Chapter 55 MRSTP Commands

In this example, we enable MRSTP on ports 21-24. Port 24 is connected to the host while ports 21-23 are
connected to another switch.

sysname(config)# configure
sysname(config)# spanning-tree mode MRSTP
sysname(config)# mrstp 1
sysname(config)# mrstp interface 21-24
sysname(config)# no mrstp interface 21-23 edge-port

Ethernet Switch CLI Reference Guide

212
Chapter 56 MSTP Commands

C H A P T E R 56
MSTP Commands
Use these commands to configure Multiple Spanning Tree Protocol (MSTP) as defined in IEEE 802.1s.

56.1 Command Summary

The following section lists the commands for this feature.

Table 149 mstp Command Summary

COMMAND DESCRIPTION M P
show mstp Displays MSTP configuration for the Switch. E 3

spanning-tree mode Specifies the STP mode you want to implement on the C 13
<RSTP|MRSTP|MSTP> Switch.

mstp Activates MSTP on the Switch. C 13

no mstp Disables MSTP on the Switch. C 13

mstp configuration-name <name> Sets a name for an MSTP region. C 13

name: 1-32 printable characters

mstp revision <0-65535> Sets the revision number for this MST Region C 13
configuration.
mstp hello-time <1-10> maximum-age Sets Hello Time, Maximum Age and Forward Delay. C 13
<6-40> forward-delay <4-30>
hello-time: The time interval in seconds between
BPDU (Bridge Protocol Data Units) configuration
message generations by the root switch.

maximum-age: The maximum time (in seconds) the

Switch can wait without receiving a BPDU before
attempting to reconfigure.

forward-delay: The maximum time (in seconds) the

Switch will wait before changing states.
mstp max-hop <1-255> Sets the maximum hop value before BPDUs are C 13
discarded in the MST Region.
mstp interface port-channel <port- Sets the specified ports as edge ports. This allows the C 13
list> edge-port port to transition to a forwarding state immediately
without having to go through the listening and
learning states.

Note: An edge port becomes a non-edge port

as soon as it receives a Bridge Protocol
Data Units (BPDU).
no mstp interface port-channel Sets the listed ports as non-edge ports. C 13
<port-list> edge-port

Ethernet Switch CLI Reference Guide

213
Chapter 56 MSTP Commands

Table 149 mstp Command Summary (continued)

COMMAND DESCRIPTION M P
mstp interface port-channel <port- Enables root guard on the specified port in order to C 13
list> rootguard prevent the switch(es) attached to the port from
becoming the root bridge.
no mstp interface port-channel Disables root guard on a port. C 13
<port-list> rootguard

Table 150 mstp instance Command Summary

COMMAND DESCRIPTION M P
show mstp instance <number> Displays the specified MSTP instance configuration. E 3

no mstp instance <number> Disables the specified MSTP instance on the Switch. C 13

mstp instance <number> priority <0- Specifies the bridge priority of the instance. C 13
61440>
priority: Must be a multiple of 4096.
mstp instance <number> vlan <vlan- Specifies the VLANs that belongs to the instance. C 13
list>
no mstp instance <number> vlan <1- Disables the assignment of specific VLANs from an C 13
4094> MST instance.

mstp instance <number> interface Specifies the ports you want to participate in this MST C 13
port-channel <port-list> instance.

no mstp instance <number> interface Disables the assignment of specific ports from an MST C 13
port-channel <port-list> instance.

mstp instance <number> interface Specifies the cost of transmitting a frame to a LAN C 13
port-channel <port-list> path-cost through the port(s). It is recommended you assign it
<1-65535> according to the speed of the bridge.

mstp instance <number> interface Sets the priority for the specified ports. Priority decides C 13
port-channel <port-list> priority which port should be disabled when more than one
<0-255> port forms a loop in a Switch. Ports with a higher
priority numeric value are disabled first.

Ethernet Switch CLI Reference Guide

214
56.2 Command Examples
This example shows the current MSTP configuration.

sysname# show mstp

(a)BridgeMaxAge: 20 (seconds)
(b)BridgeHelloTime: 2 (seconds)
(c)BridgeForwardDelay: 15 (seconds)
(d)BridgeMaxHops: 128
(e)TransmissionLimit: 3
(f)ForceVersion: 3
(g)MST Configuration ID
Format Selector: 0
Configuration Name: 001349aefb7a
Reveision Number: 0
Configuration Digest: 0xAC36177F50283CD4B83821D8AB26DE62
msti vlans mapped
-----------------------------
0 1-4094
-----------------------------

The following table describes the labels in this screen.

Table 151 show mstp

LABEL DESCRIPTION
BridgeMaxAge This field displays the maximum time (in seconds) the Switch can wait without receiving
a configuration message before attempting to reconfigure.
BridgeHelloTime This field displays the time interval (in seconds) at which the Switch transmits a
configuration message.
BridgeForwardDelay This field displays the time (in seconds) the Switch will wait before changing states (that
is, listening to learning to forwarding).
BridgeMaxHops This field displays the number of hops (in seconds) in an MSTP region before the BPDU is
discarded and the port information is aged.
TransmissionLimit This field displays the maximum number of BPDUs that can be transmitted in the interval
specified by BridgeHelloTime.
ForceVersion This field indicates whether BPDUs are RSTP (a value less than 3) or MSTP (a value
greater than or equal to 3).
MST Configuration ID
Format Selector This field displays zero, which indicates the use of the fields below.
Configuration Name This field displays the configuration name for this MST region.
Revision Number This field displays the revision number for this MST region.
Configuration Digest A configuration digest is generated from the VLAN-MSTI mapping information.

This field displays the 16-octet signature that is included in an MSTP BPDU. This field
displays the digest when MSTP is activated on the system.
msti This field displays the MSTI ID.
vlans mapped This field displays which VLANs are mapped to an MSTI.

Ethernet Switch CLI Reference Guide

215
This example shows the current CIST configuration (MSTP instance 0).

sysname# show mstp instance 0

Bridge Info: MSTID: 0
(a)BridgeID: 8000-001349aefb7a
(b)TimeSinceTopoChange: 756003
(c)TopoChangeCount: 0
(d)TopoChange: 0
(e)DesignatedRoot: 8000-001349aefb7a
(f)RootPathCost: 0
(g)RootPort: 0x0000
(h)RootMaxAge: 20 (seconds)
(i)RootHelloTime: 2 (seconds)
(j)RootForwardDelay: 15 (seconds)
(k)BridgeMaxAge: 20 (seconds)
(l)BridgeHelloTime: 2 (seconds)
(m)BridgeForwardDelay: 15 (seconds)
(n)ForceVersion: mstp
(o)TransmissionLimit: 3

(p)CIST_RRootID: 8000-001349aefb7a
(q)CIST_RRootPathCost: 0

The following table describes the labels in this screen.

Table 152 show mstp instance

LABEL DESCRIPTION
MSTID This field displays the MSTI ID.
BridgeID This field displays the unique identifier for this bridge, consisting of bridge priority plus
MAC address.
TimeSinceTopoChange This field displays the time since the spanning tree was last reconfigured.
TopoChangeCount This field displays the number of times the spanning tree has been reconfigured.
TopoChange This field indicates whether or not the current topology is stable.

0: The current topology is stable.

1: The current topology is changing.

DesignatedRoot This field displays the unique identifier for the root bridge, consisting of bridge priority
plus MAC address.
RootPathCost This field displays the path cost from the root port on this Switch to the root switch.
RootPort This field displays the priority and number of the port on the Switch through which this
Switch must communicate with the root of the Spanning Tree.
RootMaxAge This field displays the maximum time (in seconds) the root switch can wait without
receiving a configuration message before attempting to reconfigure.
RootHelloTime This field displays the time interval (in seconds) at which the root switch transmits a
configuration message.
RootForwardDelay This field displays the time (in seconds) the root switch will wait before changing states
(that is, listening to learning to forwarding).
BridgeMaxAge This field displays the maximum time (in seconds) the Switch can wait without receiving
a configuration message before attempting to reconfigure.
BridgeHelloTime This field displays the time interval (in seconds) at which the Switch transmits a
configuration message.
BridgeForwardDelay This field displays the time (in seconds) the Switch will wait before changing states (that
is, listening to learning to forwarding).
ForceVersion This field indicates whether BPDUs are RSTP (a value less than 3) or MSTP (a value
greater than or equal to 3).

Ethernet Switch CLI Reference Guide

216
Chapter 56 MSTP Commands

Table 152 show mstp instance (continued)

LABEL DESCRIPTION
TransmissionLimit This field displays the maximum number of BPDUs that can be transmitted in the interval
specified by BridgeHelloTime.
CIST_RRootID This field displays the unique identifier for the CIST regional root bridge, consisting of
bridge priority plus MAC address.
CIST_RRootPathCost This field displays the path cost from the root port on this Switch to the CIST regional root
switch.

This example adds the Switch to the MST region MSTRegionNorth. MSTRegionNorth is on revision number
1. In MSTRegionNorth, VLAN 2 is in MST instance 1, and VLAN 3 is in MST instance 2.

sysname# configure
sysname(config)# mstp
sysname(config)# mstp configuration-name MSTRegionNorth
sysname(config)# mstp revision 1
sysname(config)# mstp instance 1 vlan 2
sysname(config)# mstp instance 2 vlan 3
sysname(config)# exit

Ethernet Switch CLI Reference Guide

217
Chapter 57 Multiple Login Commands

C H A P T E R 57
Multiple Login Commands
Use these commands to configure multiple administrator logins on the Switch.

57.1 Command Summary

The following section lists the commands for this feature.

Table 153 multi-login Command Summary

COMMAND DESCRIPTION M P
show multi-login Displays multi-login information. E 3

multi-login Enables multi-login. C 14

no multi-login Disables another administrator from logging into Telnet or C 14

SSH.

57.2 Command Examples

This example shows the current administrator logins.

sysname# show multi-login

[session info ('*' denotes your session)]
index session remote ip
----- ---------- ---------------
1 telnet-d 172.16.5.15
* 2 telnet-d 172.16.5.15

The following table describes the labels in this screen.

Table 154 show multi-login

LABEL DESCRIPTION
index This field displays a sequential number for this entry. If there is an asterisk (*) next to the
index number, this entry is your session.
session This field displays the service the administrator used to log in.
remote ip This field displays the IP address of the administrator’s computer.

Ethernet Switch CLI Reference Guide

218
Chapter 58 MVR Commands

C H A P T E R 58
MVR Commands
Use these commands to configure Multicast VLAN Registration (MVR).

58.1 Command Summary

The following section lists the commands for this feature.

Table 155 mvr Command Summary

COMMAND DESCRIPTION M P
show mvr Shows the MVR status. E 3

show mvr <vlan-id> Shows the detailed MVR status and MVR group E 3
configuration for a VLAN.
mvr <vlan-id> Enters config-mvr mode for the specified MVR (multicast C 13
VLAN registration). Creates the MVR, if necessary.
8021p-priority <0-7> Sets the IEEE 802.1p priority of outgoing MVR packets. C 13

inactive Disables these MVR settings. C 13

no inactive Enables these MVR settings. C 13

mode <dynamic|compatible> Sets the MVR mode (dynamic or compatible). C 13

name <name> Sets the MVR name for identification purposes. C 13

name: 1-32 English keyboard characters

receiver-port <port-list> Sets the receiver port(s).An MVR receiver port can only C 13
receive multicast traffic in a multicast VLAN.
no receiver-port <port-list> Disables the receiver port(s).An MVR receiver port can only C 13
receive multicast traffic in a multicast VLAN.
source-port <port-list> Sets the source port(s).An MVR source port can send and C 13
receive multicast traffic in a multicast VLAN.
no source-port <port-list> Disables the source port(s).An MVR source port can send C 13
and receive multicast traffic in a multicast VLAN.
tagged <port-list> Sets the port(s) to tag VLAN tags. C 13

no tagged <port-list> Sets the port(s) to untag VLAN tags. C 13

group <name> start-address Sets the multicast group range for the MVR. C 13
<ip> end-address <ip>
name: 1-32 English keyboard characters
no group Disables all MVR group settings. C 13

no group <name-str> Disables the specified MVR group setting. C 13

no mvr <vlan-id> Removes an MVR configuration of the specified VLAN from C 13

the Switch.

Ethernet Switch CLI Reference Guide

219
Chapter 58 MVR Commands

58.2 Command Examples

This example configures MVR in the following ways:

1 Enters MVR mode. This creates a multicast VLAN with the name multivlan and the VLAN ID of 3.

2 Specifies source ports 2, 3, 5 for the multicast group.

3 Specifies receiver ports 6-8 for the multicast group.

4 Specifies dynamic mode for the multicast group.

5 Configures MVR multicast group addresses 224.0.0.1 through 224.0.0.255 by the name of ipgroup.

6 Exits MVR mode.

sysname(config)# mvr 3
sysname(config-mvr)# name multivlan
sysname(config-mvr)# source-port 2,3,5
sysname(config-mvr)# receiver-port 6-8
sysname(config-mvr)# mode dynamic
sysname(config-mvr)# group ipgroup start-address 224.0.0.1 end-address
--> 224.0.0.255
sysname(config-mvr)# exit

Ethernet Switch CLI Reference Guide

220
P ART IV
Reference N-S
OSPF Commands (223)

Password Commands (230)

PoE Commands (232)

Policy Commands (235)

Policy Route Commands (239)

Port Security Commands (241)

Port-based VLAN Commands (243)

PPPoE IA Commands (244)

Private VLAN Commands (250)

Protocol-based VLAN Commands (255)

Queuing Commands (257)

RADIUS Commands (261)

Remote Management Commands (263)

RIP Commands (265)

RMON (267)

Running Configuration Commands (274)

sFlow (277)

221
Smart Isolation Commands (279)

SNMP Server Commands (282)

Stacking Commands (287)

STP and RSTP Commands (292)

SSH Commands (296)

Static Multicast Commands (298)

Static Route Commands (300)

Subnet-based VLAN Commands (303)

Syslog Commands (305)

222
C H A P T E R 59
OSPF Commands
This chapter explains how to use commands to configure the Open Shortest Path First (OSPF) routing
protocol on the Switch.

59.1 OSPF Overview

OSPF (Open Shortest Path First) is a link-state protocol designed to distribute routing information within an
autonomous system (AS). An autonomous system is a collection of networks using a common routing
protocol to exchange routing information.

59.2 Command Summary

The following section lists the commands for this feature.

Table 156 OSPF Command Summary

COMMAND DESCRIPTION M P
show ip ospf database Displays OSPF link state database E 3
information.
show ip ospf interface Displays OSPF interface settings. E 3

show ip ospf neighbor Displays OSPF neighbor information. E 3

show ip protocols Displays the routing protocol the Switch is E 3

using and its administrative distance value.
show router ospf Displays OSPF settings. E 3

show router ospf area Displays OSPF area settings. E 3

show router ospf network Displays OSPF network (or interface) settings. E 3

show router ospf redistribute Displays OSPF redistribution settings. E 3

show router ospf virtual-link Displays OSPF virtual link settings. E 3

interface route-domain <ip-address>/<mask- Enters the configuration mode for this C 13

bits> routing domain.

ip ospf authentication-key <key> Specifies the authentication key for OSPF. C 13

no ip ospf authentication-key <key> Disables OSPF authentication in this routing C 13

domain.
ip ospf authentication-same-aa Sets the same OSPF authentication settings C 13
in the routing domain as the associated
area.
ip ospf authentication-same-as-area Sets the same OSPF authentication settings C 13
in the routing domain as the associated
area.

Ethernet Switch CLI Reference Guide

223
Chapter 59 OSPF Commands

Table 156 OSPF Command Summary (continued)

COMMAND DESCRIPTION M P
no ip ospf authentication-same-aa Sets the routing domain not to use the same C 13
OSPF authentication settings as the area.
no ip ospf authentication-same-as-area Sets the routing domain not to use the same C 13
OSPF authentication settings as the area.
ip ospf cost <1-65535> Sets the OSPF cost in this routing domain. C 13

no ip ospf cost <1-65535> Resets the OSPF cost in the routing domain C 13
to default.
ip ospf retransmit-interval <1-65535> Sets the OSPF retransmission interval in this C 13
routing domain.
ip ospf transmit-delay <1-65535> Sets the OSPF transmission delay in this C 13
routing domain.
ip ospf dead-interval <1-65535> Sets the OSPF dead interval in this routing C 13
domain.
ip ospf hello-interval <1-65535> Sets the OSPF hello interval in this routing C 13
domain.
ip ospf message-digest-key <key> Sets the OSPF authentication key in this C 13
routing domain.
no ip ospf message-digest-key <key> Disables the routing domain from using a C 13
security key in OSPF.
ip ospf priority <0-255> Sets the OSPF priority for the interface. C 13
Setting this value to 0 means that this router
will not participate in router elections.
no ip ospf priority <0-255> Resets the OSPF priority for the interface. C 13

router ospf <router-id> Enables and enters the OSPF configuration C 13

mode.
area <area-id> Enables and sets the area ID. C 13

no area <area-id> Removes the specified area. C 13

area <area-id> authentication Enables simple authentication for the area. C 13

area <area-id> authentication message- Enables MD5 authentication for the area. C 13
digest
no area <area-id> authentication Sets the area to use no authentication C 13
(None).
area <area-id> default-cost <0- Sets the cost to the area. C 13
16777215>
no area <area-id> default-cost Sets the area to use the default cost (15). C 13

area <area-id> name <name> Sets a descriptive name for the area for C 13
identification purposes.
area <area-id> stub Enables and sets the area as a stub area. C 13

no area <area-id> stub Disables stub network settings in the area. C 13

area <area-id> stub no-summary Sets the stub area not to send any LSA (Link C 13
State Advertisement).
no area <area-id> stub no-summary Sets the stub area to send LSAs (Link State C 13
Advertisements).
area <area-id> nssa Enables and sets the area as a not-so-stubby C 13
area.
no area <area-id> nssa Disables not-so-stubby network settings in C 13
the area.

Ethernet Switch CLI Reference Guide

224
Chapter 59 OSPF Commands

Table 156 OSPF Command Summary (continued)

COMMAND DESCRIPTION M P
area <area-id> nssa no-summary Sets the not-so-stubby area not to send any C 13
LSA (Link State Advertisement).
no area <area-id> nssa no-summary Sets the not-so-stubby area to send LSAs C 13
(Link State Advertisements).
area <area-id> virtual-link <router- Sets the virtual link ID information for the C 13
id> area.

no area <area-id> virtual-link Deletes the virtual link from the area. C 13
<router-id>
area <area-id> virtual-link <router- Enables simple authentication and sets the C 13
id> authentication-key <key> authentication key for the specified virtual
link in the area.
no area <area-id> virtual-link Resets the authentication settings on this C 13
<router-id> authentication-key virtual link.

area <area-id> virtual-link <router- Sets the virtual link to use the same C 13
Id> authentication-same-as-area authentication method as the area.

no area <area-id> virtual-link Resets the authentication settings on this C 13

<router-id> authentication-same-as- virtual area.
area
area <area-id> virtual-link <router- Enables MD5 authentication and sets the C 13
id> message-digest-key <keyid> md5 key ID and key for the virtual link in the area.
<key>
no area <area-id> virtual-link Resets the authentication settings on this C 13
<router-id> message-digest-key virtual link.

area <area-id> virtual-link <router- Sets a descriptive name for the virtual link for C 13
id> name <name> identification purposes.

area <area-id> virtual-link <router- Sets the retransmission interval for the virtual C 13
id> retransmit-interval <1-65535> link in the area.

area <area-id> virtual-link <router- Sets the transmission delay for the virtual link C 13
id> transmit-delay <1-65535> in the area.

area <area-id> virtual-link <router- Sets the dead interval for the virtual link in C 13
id> dead-interval <1-65535> the area.

area <area-id> virtual-link <router- Sets the hello interval for the virtual link in the C 13
id> hello-interval <1-65535> area.

Ethernet Switch CLI Reference Guide

225
Chapter 59 OSPF Commands

Table 156 OSPF Command Summary (continued)

COMMAND DESCRIPTION M P
distance <10-255> When two different routing protocols, such C 13
as RIP and OSPF provide multiple routes to
the same destination, the Switch can use
the administrative distance of the route
source to determine which routing protocol
to use and add the route to the routing
table.

Sets the administrative distance (from 10 to

255) that is assigned to the routes learned by
OSPF.

The lower the administrative distance value

is, the more preferable the routing protocol
is. If two routes have the same administrative
distance value, the Switch uses the route
that has the lowest metric value.

Note: You cannot set two routing

protocols to have the same
administrative distance.
exit Leaves the router OSPF configuration mode. C 13

network <ip-addr/bits> area <area-id> Creates an OSPF area. C 13

no network <ip-addr/bits> Deletes the OSPF network. C 13

redistribute rip metric-type <1|2> Sets the Switch to learn RIP routing C 13
metric <0-16777215> information which will use the specified
metric information.
redistribute rip Sets the Switch to redistribute RIP routing C 13
information.

Route redistribution allows your Switch to

import and translate external routes
learned through other routing protocols (RIP
and Static) into the OSPF network
transparently.
no redistribute rip Sets the Switch not to learn RIP routing C 13
information.
redistribute static metric-type <1|2> Sets the Switch to learn static routing C 13
metric <0-16777215> information which will use the specified
metric information.
redistribute static Sets the switch to redistribute static routing C 13
information.

Route redistribution allows your Switch to

import and translate external routes
learned through other routing protocols (RIP
and Static) into the OSPF network
transparently.
no redistribute static Sets the Switch not to learn static routing C 13
information.
passive-iface <ip-addr/bits> Sets the interface to be passive. A passive C 13
interface does not send or receive OSPF
traffic.
no passive-iface <ip-addr/bits> Sets the interface to not be passive. C 13

Ethernet Switch CLI Reference Guide

226
Chapter 59 OSPF Commands

Table 156 OSPF Command Summary (continued)

COMMAND DESCRIPTION M P
summary-address <ip-address> <mask> Sets a summary address which is a network C 13
IP address used to cover more than one
network routing entry in order to reduce the
routing table size.
no summary-address <ip-address> <mask> Removes a summary address. C 13

show router ospf summary-address Displays all summary addresses on the E 3

Switch.
no router ospf Disables OSPF on the Switch. C 13

59.3 Command Examples

In this example, the Switch (A) is an Area Border Router (ABR) in an OSPF network.

Figure 8 OSPF Network Example

Area 1
Area 0
Backbone

IP: 172.16.1.1
A

This example enables OSPF on the Switch, sets the router ID to 172.16.1.1, configures an OSPF area ID as
0.0.0.0 (backbone) and enables simple authentication.

sysname(config)# router ospf 172.16.1.1

sysname(config-ospf)# area 0.0.0.0
sysname(config-ospf)# area 0.0.0.0 authentication
sysname(config-ospf)# area 0.0.0.0 name backbone
sysname(config-ospf)# network 172.16.1.1/24 area 0.0.0.0
sysname# show router ospf area
index:1 active:Y name:backbone
area-id:0.0.0.0 auth:SIMPLE
stub-active:N stub-no-sum:N default-cost:15

Ethernet Switch CLI Reference Guide

227
Chapter 59 OSPF Commands

This example configures an OSPF interface for the 172.16.1.1/24 network and specifies to use simple
authentication with the key 1234abcd. The priority for the Switch is also set to 1, as this router should
participate in router elections.

sysname(config)# interface route-domain 172.16.1.1/24

sysname(config-if)# ip ospf authentication-key abcd1234
sysname(config-if)# ip ospf priority 1
sysname# show ip ospf interface
swif2 is up, line protocol is up
Internet Address 172.16.1.1/24, Area 0.0.0.0
Router ID 172.16.1.1, Network Type BROADCAST, Cost: 15
Transmit Delay is 1 sec, State Waiting, Priority 1
No designated router on this network
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:04
Neighbor Count is 0, Adjacent neighbor count is 0

In this example, the Switch (Z) is a redistributor between a RIP network and an OSPF network. It
summarizes 4 routing entries 192.168.8.0/24 ~ 192.168.11.0/24 (learned from RIP router A) into 192.168.8.0/
22 and then sends it to OSPF router B.

Figure 9 OSPF Redistribution Summary Address Example

RIP OSPF
IP: 172.16.1.1
A Z B

Redistributor
192.168.8.0/24
192.168.9.0/24 192.168.8.0/22
192.168.10.0/24
192.168.11.0/24

Ethernet Switch CLI Reference Guide

228
Chapter 59 OSPF Commands

This example shows you how to enable the redistribution for RIP protocol and then show all redistribution
entries.

sysname# config
sysname(config)# router ospf 172.16.1.1
sysname(config-ospf)# redistribute rip metric-type 1 metric 123
sysname(config-ospf)# exit
sysname(config)# exit
sysname# show ip ospf database

OSPF Router with ID (172.16.1.1)

(Omit not external part °K)

AS External Link States

Link ID ADV Router Age Seq# CkSum Route

192.168.8.0 192.168.2.2 618 0x80000001 0x02f6 E1 192.168.8.0/24
192.168.9.0 192.168.2.2 618 0x80000001 0xf601 E1 192.168.9.0/24
192.168.10.0 192.168.2.2 618 0x80000001 0xeb0b E1 192.168.10.0/24
192.168.11.0 192.168.2.2 618 0x80000001 0xe015 E1 192.168.11.0/24

From the example above, the third octet of all the four network IP addresses is 00001000, 00001001,
00001010, 000001011 respectively. The first 4 digits (000010) are the common part among these IP
addresses. So 192.168.8.0/22 can be used to represent all of the 4 networks. The following example
shows you how to configure the OSPF summary address and then show all redistribution entries.

sysname# config
sysname(config)# router ospf 172.16.1.1
sysname(config-ospf)# summary-address 192.168.8.0 255.255.252.0
sysname(config-ospf)# exit
sysname(config)# exit
sysname# show ip ospf database

OSPF Router with ID (172.16.1.1)

(Omit not external part °K)

AS External Link States

Link ID ADV Router Age Seq# CkSum Route

192.168.8.0 192.168.2.2 6 0x80000001 0xf209 E1 192.168.8.0/22

Ethernet Switch CLI Reference Guide

229
C H A P T E R 60
Password Commands
Use these commands to configure passwords for specific privilege levels on the Switch.

60.1 Password Encryption

Password encryption provides service providers a means to securely enter administrator and login
passwords. By default, passwords are sent in plain text. Plain text passwords are also stored temporarily in
the Switch’s spt and temp buffers. By enabling password encryption, you can hide these plain text
passwords in transit as well as in the device buffers.

60.2 Command Summary

The following section lists the commands for this feature.

Table 157 password Command Summary

COMMAND DESCRIPTION M P
admin-password <pw-string> Changes the administrator password. C 14
<confirm-string>
pw-string: 1-32 alphanumeric characters

confirm-string: 1-32 alphanumeric characters

admin-password [cipher] <pw- Changes the administrator password. C 14
string>
cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used in password
encryption. To encrypt the password, use the password
encryption command.

pw-string: 32 alphanumeric characters

password [cipher] <pw-string> Changes the password for the highest privilege level or, C 14
[privilege <0-14>] optionally, the specified privilege.

cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used in password
encryption. To encrypt the password, use the password
encryption command.

password: 32 alphanumeric characters

no password privilege <0-14> Clears the password for the specified privilege level and C 14
prevents users from entering the specified privilege level.
password encryption Encrypts all passwords configured on the Switch. The C 14
encrypted secret will be preceded by the word "cipher" in
the configuration file (called running-config)."
no password encryption Disables password encryption. The encrypted password C 14
will not be changed back to plain text.

Ethernet Switch CLI Reference Guide

230
Chapter 60 Password Commands

60.3 Command Examples

See Section 2.1.3.2 on page 14.

Ethernet Switch CLI Reference Guide

231
C H A P T E R 61
PoE Commands
Use these commands to configure Power over Ethernet (PoE). These are applicable for PoE models only.

61.1 Command Summary

The following section lists the commands for this feature.

Table 158 pwr Command Summary

COMMAND DESCRIPTION M P
show pwr Displays information about port power consumption E 3
and Power over Ethernet (PoE). Only available on
models with the PoE feature.
show poe-status This command is available for PoE models only. E 0

Displays information about Power over Ethernet (PoE)

availability and usage.
pwr interface <port-list> Enables PoE (Power over Ethernet) on the specified C 13
port(s).
pwr interface <port-list> max-power Sets the maximum amount of power the PD could use C 13
<1000-33000> from the Switch on the specified port(s).

no pwr interface <port-list> max- Removes the maximum power settings for the C 13
power specified port(s). The PD(s) that is connected to the
port(s) then can use power up to the Switch’s total
power budget.
pwr interface <port-list> priority Sets the PD priority on a port to allow the Switch to C 13
<critical|high|low> allocate power to higher priority ports when the
remaining power is less than the consumed power.

critical > high >low

Note: Available for non-full power models only.

no pwr interface <port-list> Disables PoE (Power over Ethernet) on the specified C 13
port(s).
pwr mibtrap Enables PoE MIB traps on the Switch. Traps are C 13
initiated when the usage reaches the limit set by the
pwr usagethreshold command.
no pwr mibtrap Disables PoE MIB traps on the Switch. C 13

pwr mode Set the power management mode. C 13

<classification|consumption>
• Classification - Reserve the maximum power to
each PD according to the priority level.
• Consumption - Reserve the consuming power to
each PD.
pwr usagethreshold <1-99> Sets the percentage of power usage which initiates C 13
MIB traps.

Ethernet Switch CLI Reference Guide

232
Chapter 61 PoE Commands

61.2 Command Examples

This example enables Power over Ethernet (PoE) on ports 1-4 and enables traps when the power usage
reaches 25%.

sysname# configure
sysname(config)# pwr interface 1-4
sysname(config)# pwr usagethreshold 25
sysname(config)# pwr mibtrap
sysname(config)# exit

This example sets the maximum amount of power allowed for port 2 to 7500 mW.

sysname# configure
sysname(config)# pwr interface 2 max-power 7500
sysname(config)# exit

This example shows the current status and configuration of Power over Ethernet.

GS2200# sh pwr
PoE Mode : Classification mode
Total Power:220.0(W)
Consuming Power:0.0(W)
Allocated Power:0.0 (W)
Remaining Power:220.0(W)
Averaged Junction Temperature: 38 (c), 98 (f).
Port State PD Class Priority Consumption (mW) MaxPower(mW)
---- ------ --- ----- -------- ---------------- ------------
1 Enable off 0 Low 0 0
2 Enable off 0 Low 0 7500
3 Enable off 0 Low 0 0
4 Enable off 0 Low 0 0
5 Enable off 0 Low 0 0
6 Enable off 0 Low 0 0
7 Enable off 0 Low 0 0
8 Enable off 0 Low 0 0
9 Enable off 0 Low 0 0
10 Enable off 0 Low 0 0
11 Enable off 0 Low 0 0
12 Enable off 0 Low 0 0
13 Enable off 0 Low 0 0
14 Enable off 0 Low 0 0
15 Enable off 0 Low 0 0
16 Enable off 0 Low 0 0
17 Enable off 0 Low 0 0
18 Enable off 0 Low 0 0
19 Enable off 0 Low 0 0
20 Enable off 0 Low 0 0
21 Enable off 0 Low 0 0
22 Enable off 0 Low 0 0
23 Enable off 0 Low 0 0
24 Enable off 0 Low 0 0

Ethernet Switch CLI Reference Guide

233
Chapter 61 PoE Commands

The following table describes the labels in this screen.

Table 159 show pwr

LABEL DESCRIPTION
Averaged Junction This field displays the internal temperature of the PoE chipset.
Temperature
Port This field displays the port number.
State This field indicates whether or not PoE is enabled on this port.
PD This field indicates whether or not a powered device (PD) is allowed to receive power
from the Switch on this port.
Class This field displays the maximum power level at the input of the PoE-enabled devices
connected to this port. The range of the maximum power used by the PD is described
below.

0: 0.44~12.95 W

1: 0.44~3.84 W

2: 3.84~6.49 W

3: 6.49~12.95 W
Priority When the total power requested by the PDs exceeds the total PoE power budget on
the Switch, the Switch uses the PD priority to provide power to ports with higher priority.
Consumption (mW) This field displays the amount of power the Switch is currently supplying to the PoE-
enabled devices connected to this port.
MaxPower(mW) This field displays the maximum amount of power the Switch can supply to the PoE-
enabled devices connected to this port.
Total Power This field displays the total power the Switch can provide to PoE-enabled devices.
Consuming Power This field displays the amount of power the Switch is currently supplying to the PoE-
enabled devices.
Allocated Power This field displays the total amount of power the Switch has reserved for PoE after
negotiating with the PoE device(s).

Note: If the management mode is set to Consumption, this field shows NA.
Remaining Power This field displays the amount of power the Switch can still provide for PoE.

Note: The Switch must have at least 16 W of remaining power in order to

supply power to a PoE device, even if the PoE device requested less
than 16 W.

Ethernet Switch CLI Reference Guide

234
C H A P T E R 62
Policy Commands
Use these commands to configure policies based on the classification of traffic flows. A classifier
distinguishes traffic into flows based on the configured criteria. A policy rule defines the treatment of a
traffic flow.

Note: Configure classifiers before you configure policies. See Chapter 14 on page 58 for more
information on classifiers.

62.1 Command Summary

The following section lists the commands for this feature.

Table 160 policy Command Summary

COMMAND DESCRIPTION M P
show policy Displays all policy related information. E 3

show policy <name> Displays the specified policy related information. E 3

Ethernet Switch CLI Reference Guide

235
Chapter 62 Policy Commands

Table 160 policy Command Summary

COMMAND DESCRIPTION M P
policy <name> classifier Configures a policy with the specified name. C 13
<classifier-list> <[vlan <vlan-
name: 32 alphanumeric characters
id>][egress-port <port-
num>][priority <0-7>][dscp <0- Specifies which classifiers this policy applies to.
63>][tos <0-7>][bandwidth classifier-list: names of classifiers separated by
<bandwidth>][egress-port <port- commas.
list>][outgoing-packet-format
<tagged|untagged>][out-of- Specifies the parameters related to the actions:
profile-dscp <0-63>][forward- egress-port: an outbound port number
action
<drop|forward|egressmask>] [ priority: IEEE 802.1p priority field
priority-action <[prio-set|set- bandwidth: bandwidth limit in Kbps, actions can be
prio-as-inner-prio |prio- assigned to packets which exceed the bandwidth limit
replace-tos] [queue-action (out-or-profile).
<prio-set|prio-queue|prio-
replace-tos>][diffserv-action out-of-profile-dscp: sets a DSCP number, if you want
to replace or remark the DSCP number for out-of-profile
<diff-set-tos|diff-replace-
traffic.
priority|diff-set-
dscp>][outgoing- Specifies the actions for this policy:
mirror][outgoing- • priority-action: tells the Switch to:
eport][outgoing-non-unicast- - replace the packet’s IEEE 802.1p priority field with the
eport][outgoing-set- priority you specified in the priority parameter
vlan][metering][out-of-profile- (prio-set)
- replace the packet’s IEEE 802.1p priority field with the
action <[change-dscp][drop][ existing customer priority level carried in the frames
forward] [set-drop- (set-prio-as-inner-prio)
precedence]>][inactive]> - replace the IEEE 802.1p priority field with the tos
parameter value (prio-replace-tos).
• queue-action: tells the Switch to:
- set the IEEE 802.1p priority you specified in the
priority parameter (prio-set)
- sends the packet to priority queue (prio-queue)
- replace the IEEE 802.1p priority field with the tos
parameter value (prio-replace-tos).
• diffserv-action - chooses whether you want to set
the ToS field with the value you specified for the tos
parameter (diff-set-tos), replaces the IP ToS with
IEEE 802.1p priority value (diff-replace-priority) or
sets the DSCP field with the dscp parameter value
(diff-set-dscp)
• outgoing-mirror - sends the packet to the mirror
port.
• outgoing-eport - sends the packet to the egress
port.
• outgoing-non-unicast-eport - sends the
broadcast, dlf or multicast packets (marked for
dropping or to be sent to the CPU) to the egress port.
• metering - enables bandwidth limitations on the traffic
flows.
• out-of-profile-action - specifies the actions to
take for packets that exceed the bandwidth
limitations:
- replaces the DSCP field with the value in the out-of-
profile-dscp parameter (change-dscp).
- discards the out of profile packets (drop).
- queues the packets that are marked for dropping
(forward).
- marks the out of profile traffic and drops it when
network is congested (set-drop-precedence).
• inactive - disables the policy rule.

Ethernet Switch CLI Reference Guide

236
Chapter 62 Policy Commands

Table 160 policy Command Summary

egress-port: an outbound port number

priority: IEEE 802.1p priority field

bandwidth: bandwidth limit in Kbps, packets which

exceed the bandwidth limit are dropped.
Specifies the actions for this policy:

• queue-action: tells the Switch to:

- set the IEEE 802.1p priority you specified in the
priority parameter (prio-set)
• outgoing-eport - sends the packet to the egress
port.
• outgoing-set-vlan - replaces the VLAN ID of the
packets with the one you configured.
• rate-limit - enables bandwidth limitations on the
traffic flows.
inactive - disables the policy rule.
no policy <name> Deletes the policy. C 13

no policy <name> inactive Enables a policy. C 13

62.2 Command Examples

This example creates a policy (highPriority) for the traffic flow identified via classifier VLAN3 (see the
classifier example in Chapter 14 on page 58). This policy replaces the IEEE 802.1 priority field with the IP
ToS priority field (value 7) for VLAN3 packets.

sysname(config)# policy highPriority classifier VLAN3 tos 7 queue-action

prio-replace-tos
sysname(config)# exit
sysname# show policy highPriority
Policy highPriority:
Classifiers:
VLAN3;
Parameters:
VLAN = 1; Priority = 0; DSCP = 0; TOS = 7;
Egress Port = 1; Outgoing packet format = tagged;
Bandwidth = 0; Out-of-profile DSCP = 0;
Action:
Replace the 802.1 priority field with the IP TOS value;

Ethernet Switch CLI Reference Guide

237
Chapter 62 Policy Commands

This example creates a policy (Policy1) for the traffic flow identified via classifier Class1 (see the classifier
example in Chapter 14 on page 58). This policy forwards Class1 packets to port 8.

sysname(config)# policy Policy1 classifier Class1 egress-port 8 outgoing-

eport
sysname(config)# exit
sysname# show policy Policy1
Policy Policy1:
Classifiers:
Class1;
Parameters:
VLAN = 1; Priority = 0;
Egress Port = 8;
Bandwidth = 64;
Action:
Send the packet to the egress port;
sysname#

Ethernet Switch CLI Reference Guide

238
C H A P T E R 63
Policy Route Commands
Use these commands to configure policy route to override the default routing behavior and alter the
packet forwarding. Policy-based routing is based on the classification of traffic flows and applied to
incoming packets prior to the normal routing. A classifier distinguishes traffic into flows based on the
configured criteria.

Note: Configure layer-3 classifiers before you configure policy routing. See Chapter 14 on
page 58 for more information on classifiers.

63.1 Command Summary

The following section lists the commands for this feature.

Table 161 policy-route Command Summary

COMMAND DESCRIPTION M P
show ip policy-route Displays all policy routing profile settings. E 3

show ip policy-route <name> Displays the specified policy routing profile settings. E 3

name: 32 alphanumeric characters

show ip policy-route <name> Displays settings for the specified policy routing rule in a E 3
sequence <number> profile.

sequence: sets the rule number from 1 to 64. The ordering

of policy routing rules is important as rules are applied in
turn.
ip policy-route <name> Sets a a policy routing profile with the specified name. You C 13
must configure a profile before you can configure a rule.
ip policy-route <name> inactive Disables a policy routing profile. C 13

ip policy-route <name> sequence Configures a policy routing rule in the specified profile. C 13
<number> <permit|deny>
permit|deny: turns on or off this policy routing rule.
classifier <classifier> next-hop
<ip-addr> classifier: sets the name of active layer 3 classifier to
which this rule applies.

next-hop: sets the IP address of the gateway to which the

Switch forwards the matched traffic.
no ip policy-route <name> Deletes the specified policy routing profile. C 13

no ip policy-route <name> Enables a policy routing profile. C 13

inactive
no ip policy-route <name> Deletes a rule from the specified policy routing profile. C 13
sequence <number>

Ethernet Switch CLI Reference Guide

239
Chapter 63 Policy Route Commands

63.2 Command Examples

By default, the Switch forwards all packets to the default gateway. This example configures a layer 3
classifier (Class-1) to group traffic with source IP address 192.168.2.13. This example also creates a policy
routing rule in profile Profile-1 to set the Switch to forward packets that match the layer 3 classifier to the
gateway with IP address 10.1.1.99. It then shows the policy routing information.

sysname# configure
sysname(config)# classifier Class-1 source-ip 192.168.2.13 mask-bits 24
sysname(config)# ip policy-route Profile-1 sequence 5 permit classifier
Class-1 next-hop 10.1.1.99
sysname(config)# exit
sysname# show ip policy-route
ActiveProfile Name Sequence State Classifier

-----------------------------------------------------------------
Yes Profile-1 5 permit Class-1

sysname# show ip policy-route Profile-1 sequence 5

Policy route profile: Profile-1 Yes
Information: permit 5
Classifier: Class-1
Action:
Next hop: 10.1.1.99
Matched policy route: 19074 packets
sysname#

Ethernet Switch CLI Reference Guide

240
C H A P T E R 64
Port Security Commands
Use these commands to allow only packets with dynamically learned MAC addresses and/or
configured static MAC addresses to pass through a port on the Switch. For maximum port security,
enable port security, disable MAC address learning and configure static MAC address(es) for a port.

Note: It is not recommended you disable both port security and MAC address learning
because this will result in many broadcasts.

64.1 Command Summary

The following section lists the commands for this feature.

Table 162 port-security Command Summary

COMMAND DESCRIPTION M P
show port-security Displays all port security settings. E 3

show port-security <port-list> Displays port security settings on the specified port(s). E 3

port-security Enables port security on the Switch. C 13

no port-security Disables port security on the device. C 13

port-security <port-list> Enables port security on the specified port(s). C 13

no port-security <port-list> Disables port security on the specified port(s). C 13

port-security <port-list> learn Disables MAC address learning on the specified port(s). C 13
inactive
no port-security <port-list> Enables MAC address learning on the specified ports. C 13
learn inactive
port-security <port-list> Limits the number of (dynamic) MAC addresses that may C 13
address-limit <number> be learned on the specified port(s).

port-security <port-list> MAC- Stops MAC address learning and enables port security on C 13
freeze the port(s).

Note: All previously-learned dynamic MAC

addresses are saved to the static MAC
address table.
port-security <port-list> vlan Limits the number of (dynamic) MAC addresses that may C 13
<vlan-id> address-limit <number> be learned on the specified port(s) in a specified VLAN.
no port-security <port-list> Removes the specified VLAN MAC address limit. C 13
vlan <vlan-id> address-limit

Ethernet Switch CLI Reference Guide

241
Chapter 64 Port Security Commands

Table 162 port-security Command Summary (continued)

COMMAND DESCRIPTION M P
port-security <port-list> vlan Disables the specified VLAN MAC address limit. C 13
<vlan-id> address-limit <number>
inactive
no port-security <port-list> Enables the specified VLAN MAC address limit. C 13
vlan <vlan-id> address-limit
inactive

64.2 Command Examples

This example enables port security on port 1 and limits the number of learned MAC addresses to 5.

sysname# configure
sysname(config)# port-security
sysname(config)# port-security 1
sysname(config)# no port-security 1 learn inactive
sysname(config)# port-security 1 address-limit 5
sysname(config)# exit
sysname# show port-security 1
Port Security Active : YES
Port Active Address Learning Limited Number of Learned MAC Address
01 Y Y 5

Ethernet Switch CLI Reference Guide

242
C H A P T E R 65
Port-based VLAN
Commands
Use these commands to configure port-based VLAN.

Note: These commands have no effect unless port-based VLAN is enabled.

65.1 Command Summary

The following section lists the commands for this feature.

Table 163 egress Command Summary

COMMAND DESCRIPTION M P
show interfaces config <port- Displays outgoing port information for the specified ports. E 3
list> egress
vlan-type <802.1q|port-based> Specifies the VLAN type. C 13

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
egress set <port-list> Sets the outgoing traffic port list for a port-based VLAN. C 13

no egress set <port-list> Removes the specified ports from the outgoing traffic port C 13
list.

65.2 Command Examples

This example looks at the ports to which incoming traffic from ports 1 and 2 can be forwarded.

sysname# show interfaces config 1-2 egress

Port 1: Enabled egress ports cpu, eg1
Port 2: Enabled egress ports cpu, eg1-eg4

Ethernet Switch CLI Reference Guide

243
C H A P T E R 66
PPPoE IA Commands
Use these commands if you want the Switch to add a vendor-specific tag to PADI (PPPoE Active
Discovery Initiation) and PADR (PPPoE Active Discovery Request) packets from PPPoE clients. This tag
gives a PPPoE termination server additional information (such as the port number, VLAN ID, and MAC
address) that the server can use to identify and authenticate a PPPoE client.

66.1 PPPoE Intermediate Agent Overview

A PPPoE Intermediate Agent (PPPoE IA) is deployed between a PPPoE server and PPPoE clients. It helps
the PPPoE server identify and authenticate clients by adding subscriber line specific information to
PPPoE discovery packets from clients on a per-port or per-port-per-VLAN basis before forwarding them
to the PPPoE server.

66.1.1 Port State

Every port is either a trusted port or an untrusted port for the PPPoE intermediate agent. This setting is
independent of the trusted/untrusted setting for DHCP snooping or ARP inspection. You can also specify
the agent sub-options (circuit ID and remote ID) that the Switch adds to PADI and PADR packets from
PPPoE clients.

Trusted ports are connected to PPPoE servers.

• If a PADO (PPPoE Active Discovery Offer), PADS (PPPoE Active Discovery Session-confirmation), or
PADT (PPPoE Active Discovery Terminate) packet is sent from a PPPoE server and received on a
trusted port, the Switch forwards it to all other ports.
• If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port, the Switch
forwards it to other trusted port(s).

Note: The Switch will drop all PPPoE discovery packets if you enable the PPPoE intermediate
agent and there are no trusted ports.

Untrusted ports are connected to subscribers.

• If a PADI, PADR, or PADT packet is sent from a PPPoE client and received on an untrusted port, the
Switch adds a vendor-specific tag to the packet and then forwards it to the trusted port(s).
• The Switch discards PADO and PADS packets which are sent from a PPPoE server but received on an
untrusted port.

Ethernet Switch CLI Reference Guide

244
Chapter 66 PPPoE IA Commands

66.2 Command Summary

The following section lists the commands for this feature.

Table 164 PPPoE Intermediate Agent Command Summary

COMMAND DESCRIPTION M P
clear pppoe intermediate-agent Removes all statistics records of PPPoE packets on the E 13
statistics Switch.

clear pppoe intermediate-agent Removes statistics records of PPPoE packets for the E 13
statistics vlan <vlan-list> specified VLAN(s).

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
pppoe intermediate-agent Sets the specified port(s) as PPPoE IA trusted port(s). C 13
trust
pppoe intermediate-agent Specifies a string the Switch adds into the Agent Circuit ID C 13
format-type circuit-id sub-option for PPPoE discovery packets received on this
string <string> port. Spaces are allowed.

string: up to 63 ASCII characters

pppoe intermediate-agent Specifies a string the Switch adds into the Agent Remote ID C 13
format-type remote-id string sub-option for PPPoE discovery packets received on this
<string> port. Spaces are allowed.

string: up to 63 ASCII characters

pppoe intermediate-agent Specifies a string the Switch adds into the Agent Circuit ID C 13
vlan <vlan-id> format-type sub-option for PPPoE discovery packets received on this
circuit-id string <string> VLAN on the specified port. Spaces are allowed.

The Circuit ID you configure for a specific VLAN on a port

has the highest priority.
pppoe intermediate-agent Specifies a string the Switch adds into the Agent Remote ID C 13
vlan <vlan-id> format-type sub-option for PPPoE discovery packets received on this
remote-id string <string> VLAN on the specified port. Spaces are allowed.

The Remote ID you configure for a specific VLAN on a port

has the highest priority.
no pppoe intermediate-agent Sets the specified port(s) PPPoE IA untrusted port(s). C 13
trust
no pppoe intermediate-agent Disables the PPPoE IA Circuit ID settings for the specified C 13
format-type circuit-id port(s).

no pppoe intermediate-agent Disables the PPPoE IA Remote ID settings for the specified C 13
format-type remote-id port(s).

no pppoe intermediate-agent Disables the PPPoE IA Circuit ID settings for the specified C 13
vlan <vlan-id> format-type port(s) on the specified VLAN(s).
circuit-id
no pppoe intermediate-agent Disables the PPPoE IA Remote ID settings for the specified C 13
vlan <vlan-id> format-type port(s) on the specified VLAN(s).
remote-id
no pppoe intermediate-agent Disables PPPoE IA globally. C 13

no pppoe intermediate-agent vlan Disables the PPPoE IA Remote ID settings for the specified C 13
<vlan-list> remote-id VLAN(s).

Ethernet Switch CLI Reference Guide

245
Chapter 66 PPPoE IA Commands

Table 164 PPPoE Intermediate Agent Command Summary (continued)

COMMAND DESCRIPTION M P
no pppoe intermediate-agent Removes the access-node-identifier you have set. C 13
format-type access-node-
identifier
no pppoe intermediate-agent Removes the identifier-string you have set. C 13
format-type identifier-string
no pppoe intermediate-agent Sets the Switch to not add the Switch’s host name to the C 13
format-type identifier-string identifier-string.
hostname
no pppoe intermediate-agent vlan Disables PPPoE IA for the specified VLAN(s). C 13
<vlan-list>
no pppoe intermediate-agent vlan Disables the PPPoE IA Circuit ID settings for the specified C 13
<vlan-list> circuit-id VLAN(s).

pppoe intermediate-agent Enables PPPoE Intermediate Agent (PPPoE IA) globally. C 13

pppoe intermediate-agent format- Sets the Switch to add the Switch’s host name to the C 13
type identifier-string hostname identifier-string.
pppoe intermediate-agent format- Sets the access-node-identifier string. C 13
type access-node-identifier
string: Enter up to 20 alphanumeric characters to identify
string <string> the PPPoE intermediate agent. Hyphens (-) and spaces are
also allowed. The default is the Switch’s host name.
pppoe intermediate-agent format- This command sets the following: C 13
type identifier-string string
• a string that the Switch adds in the Agent Circuit ID
<string> option sub-option
<s|p|v|sp|sv|pv|spv> delimiter • the variables to generate and add in the Agent Circuit
<#|.|,|;|/| |> ID sub-option,
• a delimiter to separate the identifier-string, slot ID, port
number and/or VLAN ID from each other.
string: You can up to 63 printable characters. Spaces
are allowed.

option <s|p|v|sp|sv|pv|spv>: s, p and v indicate slot,

port, vlan, and sp, sv, pv and spv indicate combinations of
slot-port, slot-VLAN, port-VLAN and slot-port-VLAN
respectively. The Switch enters a zero into the PADI and
PADR packets for the slot value.

delimiter <#|.|,|;|/| |>: You can use a pound key

(#), semi-colon (;), period (.), comma (,), forward slash (/)
or a space.
pppoe intermediate-agent vlan Enables PPPoE IA for the specified VLAN(s). C 13
<vlan-list>
pppoe intermediate-agent vlan Enables the PPPoE IA Circuit ID settings for the specified C 13
<vlan-list> circuit-id VLAN(s).

pppoe intermediate-agent vlan Enables the PPPoE IA Remote ID settings for the specified C 13
<vlan-list> remote-id VLAN(s).

show pppoe intermediate-agent Shows the PPPoE IA settings. E 13

show pppoe intermediate-agent Shows the statistics of PPPoE packets handled (received, E 13
statistic forwarded and dropped) by PPPoE IA on the Switch.

show pppoe intermediate-agent Shows the statistics of PPPoE packets for the specified E 13
statistic vlan <vlan-list> VLAN(s).

Ethernet Switch CLI Reference Guide

246
Chapter 66 PPPoE IA Commands

66.3 Command Examples

This is an example of how to enable and disable PPPoE IA on the Switch.

sysname# configure
sysname(config)# pppoe intermediate-agent
sysname(config)# no pppoe intermediate-agent

This is an example of how to enable and configure PPPoE IA for VLANs.

sysname# configure
sysname(config)# pppoe intermediate-agent vlan 2
sysname(config)# pppoe intermediate-agent vlan 5,9,11
sysname(config)# pppoe intermediate-agent vlan 1 circuit-id
sysname(config)# pppoe intermediate-agent vlan 3,6 remote-id
sysname(config)# no pppoe intermediate-agent vlan 2-10
sysname(config)# no pppoe intermediate-agent vlan 1 circuit-id
sysname(config)# no pppoe intermediate-agent vlan 3,6 remote-id

This is an example of how to set a PPPoE IA trust port.

sysname# configure
sysname(config)# interface port-channel 3
sysname(config-interface)# pppoe intermediate-agent trust
sysname(config-interface)# no pppoe intermediate-agent trust

This example is more advanced. It assumes a PPPoE IA client is connected to port 2 and a PPPoE IA
server is connected to port 5. If we want PPPoE IA to work, port 2 and port 5 must be belong to the some
VLAN and the PPPoE IA must be enabled globally and in this corresponding VLAN. We also need to set
port 5 as trust port. Then the last thing we need to do is to decide which sub-options the received PADI,
PADR, or PADT packet needs to carry. Here, assume both circuit-id and remote-id should be carried.

sysname# configure
sysname(config)# vlan 2
sysname(config-vlan)# fixed 2,5
sysname(config-vlan)# untagged 2,5
sysname(config-vlan)# exit
sysname(config)# pppoe intermediate-agent
sysname(config)# pppoe intermediate-agent vlan 2
sysname(config)# interface port-channel 2
sysname(config-interface)# pvid 2
sysname(config-interface)# exit
sysname(config)# interface port-channel 5
sysname(config-interface)# pvid 2
sysname(config-interface)# pppoe intermediate-agent trust
sysname(config-interface)# exit
sysname(config)# pppoe intermediate-agent vlan 2 circuit-id
sysname(config)# pppoe intermediate-agent vlan 2 remote-id

Ethernet Switch CLI Reference Guide

247
Chapter 66 PPPoE IA Commands

66.3.1 Vendor-Specific Tag Examples

The following examples show you how to configure the vendor-specific tag for PPPoE IA. They assume
there is a PPPoE IA client connected to port 2 and PPPoE IA server (or up-link port) connected to port 5.

sysname# configure
sysname(config)# pppoe intermediate-agent
sysname(config)# pppoe intermediate-agent format-type access-node-
identifier string test
sysname(config)# pppoe intermediate-agent vlan 1
sysname(config)# pppoe intermediate-agent vlan 1 circuit-id
sysname(config)# pppoe intermediate-agent vlan 1 remote-id
sysname(config)# interface port-channel 5
sysname(config-interface)# pppoe intermediate-agent trust
sysname(config-interface)#exit

This is a variation of the previous one and uses the same initial setup (client on port 2, server on port 5).

sysname# configure
sysname(config)# pppoe intermediate-agent
sysname(config)# pppoe intermediate-agent format-type identifier-string
string PrivateTest option spv delimiter /
sysname(config)# pppoe intermediate-agent vlan 1
sysname(config)# pppoe intermediate-agent vlan 1 circuit-id
sysname(config)# pppoe intermediate-agent vlan 1 remote-id
sysname(config)# interface port-channel 5
sysname(config-interface)# pppoe intermediate-agent trust
sysname(config-interface)#exit

Because we didn't assign the appended string for remote-id in examples 1 and 2, the Switch appends a
string to carry the client's MAC address as default. If we want the remote-id to carry the
"ForPortVlanRemoteIdTest" information for a specific VLAN on a port, we can add the following
configuration:

sysname# configure
sysname(config)# interface port-channel 2
sysname(config-interface)# pppoe intermediate-agent vlan 1 format-type
remote-id string ForPortVlanRemoteIdTest
sysname(config-interface)# exit

Similarly, we can let the circuit-id carry the information which we configure:

sysname# configure
sysname(config)# interface port-channel 2
sysname(config-interface)# pppoe intermediate-agent vlan 1 format-type
circuit-id string ForPortVlanCircuitIdTest
sysname(config-interface)# exit

Ethernet Switch CLI Reference Guide

248
Chapter 66 PPPoE IA Commands

Additionally, we can let the circuit-id or remote-id carry the user-configured information from a specific
port whose priority is less than the specific VLAN on a port setting:

sysname# configure
sysname(config)# interface port-channel 2
sysname(config-interface)# pppoe intermediate-agent format-type circuit-
id string ForPortCircuitIdTest
sysname(config-interface)# pppoe intermediate-agent format-type remote-
id string ForPortRemoteIdTest
sysname(config-interface)# exit

Since we didn't assign the appended string for remote-id in example 1 and 2, it will carry the client's
MAC address as default.

Ethernet Switch CLI Reference Guide

249
C H A P T E R 67
Private VLAN Commands
This chapter explains how to use commands to configure (legacy) Private VLANs (PVLAN) on the Switch.

67.1 Legacy PVLAN Overview

Private VLAN allows you to do port isolation within a VLAN in a simple way. In private VLAN, a
promiscuous port can communicate with any port in the same VLAN. While an isolated port can
communicate with the promiscuous port(s) only.

Figure 10 Private VLAN Example

2 6 10

VLAN 123
Isolated ports: 2 ~ 6
Promiscuous port: 10

Note: If you change the VLAN settings, make sure you keep at least one port in the
promiscuous port list for a VLAN with private VLAN enabled. Otherwise, this VLAN is
blocked from the whole network.

67.1.1 Legacy PVLAN Command Summary

The following section lists the commands for this feature.

Table 165 private-vlan (legacy) Command Summary

COMMAND DESCRIPTION M P
no private-vlan <vlan-id> Removes the specified private VLAN rule. C 13

no private-vlan <vlan-id> Enables the specified private VLAN rule. C 13

inactive

Ethernet Switch CLI Reference Guide

250
Chapter 67 Private VLAN Commands

Table 165 private-vlan (legacy) Command Summary (continued)

COMMAND DESCRIPTION M P
private-vlan name <name> vlan Sets a private VLAN rule. You specify which port(s) in a C 13
<vlan-id> promiscuous-port VLAN is not isolated by adding it to the promiscuous port
<port-list> list. The Switch automatically adds other ports in this VLAN
to the isolated port list and block traffic between the
isolated ports.

Enter a name, VLAN ID and the promiscuous ports. You

can enter individual ports separated by a comma or a
range of ports by using a dash. For example, 1,3,5-8
indicates ports 1 and 3 and ports 5 through 8 are the
promiscuous ports.
private-vlan name <name> vlan Disables a private VLAN rule. C 13
<vlan-id> promiscuous-port
<port-list> inactive
private-vlan name <name> vlan Sets a private VLAN rule for the specified VLAN. The Switch C 13
<vlan-id> automatically adds all ports (except the uplink port(s)) in
this VLAN to the isolated port list and blocks traffic
between the isolated ports. The uplink ports in the VLAN
are always in the promiscuous port list.
private-vlan name <name> vlan Disables a private VLAN rule. C 13
<vlan-id> inactive
show private-vlan Displays the settings and status of all private VLAN rules on E 3
the Switch.
show private-vlan <vlan-id> Displays the settings and status of the specified private E 3
VLAN rule on the Switch.

67.1.2 Command Examples

This example sets a private VLAN rule (pvlan-123) that applies to VLAN 123. Ports 7 and 8 are the
promiscuour ports in VLAN 123. Other ports in this VLAN are added to the isolated port list automatically
and cannot communicate with each other. The isolated ports in VLAN 123 can send and receive traffic
from ports 7 and 8. This example also shows all private VLAN rules configured on the Switch.

sysname# configure
sysname(config)# private-vlan name pvlan-123 vlan 123 promiscuous-port 7-8
sysname(config)# exit
sysname# show private-vlan
Private VLAN: 123 Active: Yes
Name Promiscuous Port
------------ --------------------------
pvlan-123 7-8
sysname#

This example sets a private VLAN rule (pvlan-111) that applies to VLAN 111. Ports 1, 2 and 24 belong to
VLAN 111. Ports 1 and 2 are added to the isolated port list automatically and cannot communicate with
each other. Port 24 is the uplink port and also the promiscuous port in this VLAN. The isolated ports in

Ethernet Switch CLI Reference Guide

251
Chapter 67 Private VLAN Commands

VLAN 111 can send and receive traffic from the uplink port 24. This example also shows all private VLAN
rules configured on the Switch.

sysname# configure
sysname(config)# private-vlan name pvlan-111 vlan 111
sysname(config)# exit
sysname# show private-vlan
Private VLAN: 111 Active: Yes
Name Promiscuous Port
------------ --------------------------
pvlan-111 24
sysname#

67.2 Private VLAN

Use Private VLAN if you want you to block traffic between ports in the same VLAN. Community and
Isolated VLANs are secondary private VLANs that must be associated with a Primary private VLAN.

• Primary: Ports in a Primary VLAN are promiscuous and they can communicate with all promiscuous
ports in the same primary VLAN, and all ports in associated community and isolated VLANs. They
cannot communicate with ports in different primary VLANs.
• Community: Ports in a Community VLAN can communicate with promiscuous ports in an associated
Primary VLAN and other community ports in the same Community VLAN. They cannot communicate
with ports in Isolated VLANs, non-associated Primary VLAN promiscuous ports nor community ports in
different Community VLANs.
• Isolated: Ports in an Isolated VLAN can communicate with promiscuous ports in an associated Primary
VLAN only. They cannot communicate with other isolated ports in the same Isolated VLAN, non-
associated Primary VLAN promiscuous ports nor any community ports.

Tagged private VLANs can span switches but trunking ports must be VLAN-trunking ports.

67.2.1 Command Summary

The following section lists the commands for this feature.

Table 166 private-vlan Command Summary

COMMAND DESCRIPTION M P
vlan <vlan-id> Enters config-vlan mode for the specified VLAN. Creates C 13
the VLAN, if necessary.
private-vlan <primary | Configures the specified VLAN as a Primary VLAN, Isolated C 13
isolated | community> VLAN or a Community VLAN.

private-vlan association Primary private VLANs can associate with several C 13

<secondary-vlan-list> (secondary) Community private VLANs and up to one
(secondary) Isolated private VLAN. Specify a primary
private VLAN, then associate it with a secondary VLAN(s)
using this command.
no private-vlan <primary | Disables the VLAN as a Primary, Isolated or Community C 13
isolated | community> VLAN.

no private-vlan association Removes all association between the primary VLAN and C 13
secondary VLANs.

Ethernet Switch CLI Reference Guide

252
Chapter 67 Private VLAN Commands

Table 166 private-vlan Command Summary (continued)

COMMAND DESCRIPTION M P
no private-vlan association Removes association between the primary VLAN and the C 13
<secondary-vlan-list> specified secondary VLAN(s).

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
private-vlan mode Configures PVLAN on a port. Set the associated PVLAN ID, C 13
<promiscuous | isolated | type of private VLAN and specify whether outgoing frames
community> association from this port are tagged or not.
<vlan-id> dot1q <tagged |
untagged>
no private-vlan mode Removes PVLAN mode configuration. C 13

show vlan private-vlan Displays the settings and status of all private VLAN rules on E 3
the Switch.
show vlan private-vlan <vlan-id> Displays the settings and status of the specified private E 3
VLAN rule on the Switch.

67.2.2 Command Example

This example sets private VLAN 100 as a primary private VLAN, private VLAN 101 as a community private
VLAN and private VLAN 102 as an isolated private VLAN. VLANs 101 and 102 are secondary private
VLANs that are associated primary private VLAN 101. Use the specified show command to display all
private VLAN configurations on the switch.

Ethernet Switch CLI Reference Guide

253
Chapter 67 Private VLAN Commands

Primary PVLAN 100 is then mapped to port 2 on the Switch and outgoing frames from port 2 will be
tagged.

sysname# configure
sysname(config)# vlan 100
sysname(config-vlan)# private-vlan primary
sysname(config-vlan)# exit
sysname(config)# vlan 101
sysname(config-vlan)# private-vlan community
sysname(config-vlan)# exit
sysname(config)# vlan 102
sysname(config-vlan)# private-vlan isolated
sysname(config-vlan)# exit
sysname(config)# vlan 100
sysname(config-vlan)# private-vlan association 101,102
sysname(config-vlan)# exit
sysname(config)# exit
sysname# show vlan private-vlan
Private Vlan:
Primary Secondary Type Ports
------- --------- ---------- --------------------
100 Primary
100 102 Isolated
100 101 Community
sysname#
sysname# configure
sysname(config)# interface port-channel 2
sysname(config-interface)# private-vlan mode promiscuous association 100-->
dot1q tagged
sysname(config-interface)# exit
sysname(config)#

Ethernet Switch CLI Reference Guide

254
C H A P T E R 68
Protocol-based VLAN
Commands
Use these commands to configure protocol based VLANs on the Switch.

68.1 Protocol-based VLAN Overview

Protocol-based VLANs allow you to group traffic based on the Ethernet protocol you specify. This allows
you to assign priority to traffic of the same protocol.

See also Chapter 83 on page 303 for subnet-based VLAN commands and Chapter 92 on page 321 for
VLAN commands.

68.2 Command Summary

The following section lists the commands for this feature.

Table 167 protocol-based-vlan Command Summary

COMMAND DESCRIPTION M P
show interfaces config <port- Displays the protocol based VLAN settings for the specified E 3
list> protocol-based-vlan port(s).

interface port-channel <port- Enters subcommand mode for configuring the specified C 13
list> ports.

Ethernet Switch CLI Reference Guide

255
Chapter 68 Protocol-based VLAN Commands

Table 167 protocol-based-vlan Command Summary (continued)

COMMAND DESCRIPTION M P
protocol-based-vlan name Creates a protocol based VLAN with the specified C 13
<name> ethernet-type <ether- parameters.
num|ip|ipx|arp|rarp|appleta name - Use up to 32 alphanumeric characters.
lk|decnet> vlan <vlan-id>
priority <0-7> ether-num - if you don’t select a predefined Ethernet
protocol (ip, ipx, arp, rarp, appletalk or decnet), type
the protocol number in hexadecimal notation with a
prefix, "0x". For example, type 0x0800 for the IP protocol
and type 0x8137 for the Novell IPX protocol.

Note: Protocols in the hexadecimal number range

0x0000 to 0x05ff are not allowed.

priority - specify the IEEE 802.1p priority that the Switch

assigns to frames belonging to this VLAN.
no protocol-based-vlan Disables protocol based VLAN of the specified protocol on C 13
ethernet-type <ether- the port.
num|ip|ipx|arp|rarp|appleta
lk|decnet>

68.3 Command Examples

This example creates an IP based VLAN called IP_VLAN on ports 1-4 with a VLAN ID of 200 and a priority
6.

sysname(config)# interface port-channel 1-4

sysname(config-interface)# protocol-based-vlan name IP_VLAN ethernet-type ip
--> vlan 200 priority 6
sysname(config-interface)# exit
sysname(config)# exit
sysname# show interfaces config 1-4 protocol-based-vlan
Name Port Packet type Ethernet type Vlan Priority Active
------- ---- ----------- ------------- ---- -------- ------
IP_VLAN 1 EtherII ip 200 6 Yes
IP_VLAN 2 EtherII ip 200 6 Yes
IP_VLAN 3 EtherII ip 200 6 Yes
IP_VLAN 4 EtherII ip 200 6 Yes
sysname#

Ethernet Switch CLI Reference Guide

256
C H A P T E R 69
Queuing Commands
Use queuing commands to help solve performance degradation when there is network congestion.

Note: Queuing method configuration differs across Switch models.

• Some models allow you to select a queuing method on a port-by-port basis. For example, port 1 can
use Strictly Priority Queuing and ports 2-8 can use Weighted Round Robin.
• Other models allow you to specify one queuing method for all the ports at once.

69.1 Queuing Overview

The following queuing algorithms are supported by Zyxel Switches:

Note: Check your User’s Guide for queuing algorithms supported by your model.

• Strictly Priority Queuing (SPQ) - services queues based on priority only. As traffic comes into the Switch,
traffic on the highest priority queue, Q7 is transmitted first. When that queue empties, traffic on the
next highest-priority queue, Q6 is transmitted until Q6 empties, and then traffic is transmitted on Q5
and so on. If higher priority queues never empty, then traffic on lower priority queues never gets sent.

Note: Switch models which have only 4 queues, support a limited version of SPQ. The highest
level queue is serviced using SPQ and the remaining queues use WRR queuing.

• Weighted Fair Queuing (WFQ)- guarantees each queue's minimum bandwidth based on its
bandwidth weight (portion) when there is traffic congestion. WFQ is activated only when a port has
more traffic than it can handle. Queues with larger weights get more guaranteed bandwidth than
queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available
bandwidth across the different traffic queues. By default, the weight for Q0 is 1, for Q1 is 2, for Q2 is 3,
and so on. Guaranteed bandwidth is calculated as follows:

Queue Weight x Port Speed

Total Queue Weight

For example, using the default setting, Q0 on Port 1 gets a guaranteed bandwidth of:

1 x 100 Mbps = 3 Mbps

1+2+3+4+5+6+7+8

• Weighted Round Robin Scheduling (WRR) - services queues on a rotating basis and is activated only
when a port has more traffic than it can handle. A queue is a given an amount of bandwidth based
on the queue weight value. Queues with larger weights get more service than queues with smaller
weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across
the different traffic queues and returns to queues that have not yet emptied.

Ethernet Switch CLI Reference Guide

257
Chapter 69 Queuing Commands

• Hybrid Mode: WRR & SPQ or WFQ & SPQ - some switch models allow you to configure higher priority
queues to use SPQ and use WRR or WFQ for the lower level queues.

69.2 Command Summary: Port by Port Configuration

The following section lists the commands for this feature.

Table 168 Queuing Command Summary

COMMAND DESCRIPTION M P
queue priority <0-7> level <0-7> Sets the IEEE 802.1p priority level-to-physical queue C 13
mapping.

priority <0-7>: IEEE 802.1p defines up to eight separate

traffic types by inserting a tag into a MAC-layer frame that
contains bits to define class of service. Frames without an
explicit priority tag are given the default priority of the
ingress port.

level <0-7>: The Switch has up to 8 physical queues that

you can map to the 8 priority levels. On the Switch, traffic
assigned to higher index queues gets through faster while
traffic in lower index queues is dropped if the network is
congested.

Note: Some models only support 4 queues.

interface port-channel <port- Enters subcommand mode for configuring the specified C 13
list> ports.

spq Sets the switch to use Strictly Priority Queuing (SPQ) on the C 13
specified ports.
ge-spq <q0|q1| ... |q7> Enables SPQ starting with the specified queue and C 13
subsequent higher queues on the Gigabit ports.
hybrid-spq lowest-queue Enables SPQ starting with the specified queue and C 13
<q0|q1| ... |q7> subsequent higher queues on the ports.

hybrid-spq <q0|q1|...|q7> Enables SPQ starting with the specified queue and C 13
subsequent higher queues on the ports.
no hybrid-spq Disables SPQ starting with the specified queue and C 13
subsequent higher queues on the ports.
wrr Sets the switch to use Weighted Round Robin (WRR) on the C 13
specified ports.
wfq Sets the switch to use Weighted Fair Queuing (WFQ) on the C 13
specified ports.
weight <wt1> <wt2> ... <wt8> Assigns a weight value to each physical queue on the C 13
Switch. When the Switch is using WRR or WFQ, bandwidth is
divided across different traffic queues according to their
weights. Queues with larger weights get more service than
queues with smaller weights. Weight values range: 1-15.
wrr <wt1> <wt2> ... <wt8> Assigns a weight value to each physical queue on the C 13
Switch.

Ethernet Switch CLI Reference Guide

258
Chapter 69 Queuing Commands

69.3 Command Examples: Port by Port Configuration

This example configures WFQ on ports 1-5 and assigns weight values (1,2,3,4,12,13,14,15) to the physical
queues (Q0 to Q8).

sysname(config)# interface port-channel 1-5

sysname(config-interface)# wfq
sysname(config-interface)# weight 1 2 3 4 12 13 14 15

69.4 Command Summary: System-Wide Configuration

The following section lists the commands for this feature.

Table 169 Queueing Command Summary

COMMAND DESCRIPTION M P
queue priority <0-7> level <0-7> Sets the IEEE 802.1p priority level-to-physical queue C 13
mapping.

priority <0-7>: IEEE 802.1p defines up to eight separate

traffic types by inserting a tag into a MAC-layer frame that
contains bits to define class of service. Frames without an
explicit priority tag are given the default priority of the
ingress port.

level <0-7>: The Switch has up to 7 physical queues that

you can map to the 8 priority levels. On the Switch, traffic
assigned to higher index queues gets through faster while
traffic in lower index queues is dropped if the network is
congested.

Note: Some models only support 4 queues.

spq Sets the Switch to use Strictly Priority Queuing (SPQ). C 13

wrr Sets the Switch to use Weighted Round Robin (WRR). C 13

wfq Sets the Switch to use Weighted Fair Queuing (WFQ). C 13

fe-spq <q0|q1| ... |q7> Enables SPQ starting with the specified queue and C 13
subsequent higher queues on the 10/100 Mbps ports.

69.5 Command Examples: System-Wide

This example configures WFQ on the Switch and assigns weight values (1,2,3,4,12,13,14,15) to the
physical queues (Q0 to Q8).

sysname(config)# wfq
sysname(config)# interface port-channel 1-5
sysname(config-interface)# weight 1 2 3 4 12 13 14 15

Ethernet Switch CLI Reference Guide

259
Chapter 69 Queuing Commands

This example configures the Switch to use WRR as a queuing method but configures the Gigabit ports 9-
12 to use SPQ for queues 5, 6 and 7.

sysname(config)# wrr
sysname(config)# interface port-channel 9-12
sysname(config-interface)# ge-spq 5

Ethernet Switch CLI Reference Guide

260
C H A P T E R 70
RADIUS Commands
Use these commands to configure external RADIUS (Remote Authentication Dial-In User Service) servers.

70.1 Command Summary

The following section lists the commands for this feature.

Table 170 radius-server Command Summary

COMMAND DESCRIPTION M P
show radius-server Displays RADIUS server settings. E 3

radius-server host <index> <ip> Specifies the IP address of the RADIUS authentication C 14
[auth-port <socket-number>] [key server. Optionally, sets the UDP port number and shared
[cipher] <key-string>] secret.

index: 1 or 2.

cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used in password
encryption. To encrypt the password, use the password
encryption command.

key-string: 1-32 alphanumeric characters.

radius-server mode <index- Specifies how the Switch decides which RADIUS server to C 14
priority|round-robin> select if you configure multiple servers.

index-priority: The Switch tries to authenticate with the

first configured RADIUS server. If the RADIUS server does not
respond, then the Switch tries to authenticate with the
second RADIUS server.

round-robin: The Switch alternates between RADIUS

servers that it sends authentication requests to.
radius-server timeout <1-1000> Specify the amount of time (in seconds) that the Switch C 14
waits for an authentication request response from the
RADIUS server.

In index-priority mode, the timeout is divided by the

number of servers you configure. For example, if you
configure two servers and the timeout is 30 seconds, then
the Switch waits 15 seconds for a response from each
server.
no radius-server <index> Resets the specified RADIUS server to its default values. C 14

Table 171 radius-accounting Command Summary

COMMAND DESCRIPTION M P
show radius-accounting Displays RADIUS accounting server settings. E 3

radius-accounting timeout <1- Specifies the RADIUS accounting server timeout value. C 13
1000>

Ethernet Switch CLI Reference Guide

261
Chapter 70 RADIUS Commands

Table 171 radius-accounting Command Summary (continued)

COMMAND DESCRIPTION M P
radius-accounting host <index> Specifies the IP address of the RADIUS accounting server. C 13
<ip> [acct-port <socket-number>] Optionally, sets the port number and key of the external
[key [cipher] <key-string>] RADIUS accounting server.

index: 1 or 2.

cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used in password
encryption. To encrypt the password, use the password
encryption command.

key-string: 1-32 alphanumeric characters.

no radius-accounting <index> Resets the specified RADIUS accounting server to its C 13
default values.

70.2 Command Examples

This example sets up one primary RADIUS server (172.16.10.10) and one secondary RADIUS server
(172.16.10.11). The secondary RADIUS server is also the accounting server.

sysname# configure
sysname(config)# radius-server mode index-priority
sysname(config)# radius-server host 1 172.16.10.10
sysname(config)# radius-server host 2 172.16.10.11
sysname(config)# radius-accounting host 1 172.16.10.11
sysname(config)# exit

Ethernet Switch CLI Reference Guide

262
C H A P T E R 71
Remote Management
Commands
Use these commands to specify a group of one or more “trusted computers” from which an
administrator may use one or more services to manage the Switch and to decide what services you
may use to access the Switch.

71.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 172 remote-management User-input Values

COMMAND DESCRIPTION
index 1-4

The following section lists the commands for this feature.

Table 173 remote-management Command Summary

COMMAND DESCRIPTION M P
show remote-management [index] Displays all secured client information or, optionally, a E 3
specific group of secured clients.
remote-management <index> Enables the specified group of trusted computers. C 13

no remote-management <index> Disables the specified group of trusted computers. C 13

remote-management <index> start- Specifies a group of trusted computer(s) from which an C 13

addr <ip> end-addr <ip> service administrator may use the specified service(s) to manage
<[telnet] [ftp] [http] [icmp] the Switch. Group 0.0.0.0 - 0.0.0.0 refers to every
[snmp] [ssh] [https]> computer.

no remote-management <index> Disables the specified service(s) for the specified group of C 13
service <[telnet] [ftp] [http] trusted computes.
[icmp] [snmp] [ssh] [https]>

Table 174 service-control Command Summary

COMMAND DESCRIPTION M P
show service-control Displays service control settings. E 3

service-control console Defines the timeout period (in minutes) for a management C 13
<timeout> session via the console port.

service-control ftp Allows FTP access to the Switch. C 13

service-control ftp <socket- Specifies the service port for the FTP service and defines C 13
number> <timeout> the timeout period (in minutes).

Ethernet Switch CLI Reference Guide

263
Chapter 71 Remote Management Commands

Table 174 service-control Command Summary (continued)

COMMAND DESCRIPTION M P
no service-control ftp Disables FTP access to the Switch. C 13

service-control http Allows HTTP access to the Switch. C 13

service-control http <socket- Specifies the service port for the HTTP service and defines C 13
number> <timeout> the timeout period (in minutes).

timeout: 1-255
no service-control http Disables HTTP access to the Switch. C 13

service-control https Allows HTTPS access to the Switch. C 13

service-control https <socket- Specifies the service port for the HTTPS service. C 13
number>
no service-control https Disables HTTPS access to the Switch. C 13

service-control icmp Allows ICMP management packets. C 13

no service-control icmp Disables ICMP access to the Switch. C 13

service-control snmp Allows SNMP management. C 13

no service-control snmp Disables SNMP access to the Switch. C 13

service-control ssh Allows SSH access to the Switch. C 13

service-control ssh <socket- Specifies the service port for the SSH service. C 13
number>
no service-control ssh Disables SSH access to the Switch. C 13

service-control telnet Allows Telnet access to the Switch. C 13

service-control telnet <socket- Specifies the service port for the Telnet service and defines C 13
number> <timeout> the timeout period (in minutes).

no service-control telnet Disables Telnet access to the Switch. C 13

71.2 Command Examples

This example allows computers in subnet 172.16.37.0/24 to access the Switch through any service except
SNMP, allows the computer at 192.168.10.1 to access the Switch only through SNMP, and prevents other
computers from accessing the Switch at all.

sysname# configure
sysname(config)# remote-management 1 start-addr 172.16.37.0 end-addr
--> 172.16.37.255 service telnet ftp http icmp ssh https
sysname(config)# remote-management 2 start-addr 192.168.10.1 end-addr
--> 192.168.10.1 service snmp
sysname(config)# exit

This example disables all SNMP and ICMP access to the Switch.

sysname# configure
sysname(config)# no service-control snmp
sysname(config)# no service-control icmp
sysname(config)# exit

Ethernet Switch CLI Reference Guide

264
C H A P T E R 72
RIP Commands
This chapter explains how to use commands to configure the Routing Information Protocol (RIP) on the
Switch.

72.1 RIP Overview

RIP is a protocol used for exchanging routing information between routers on a network. Information is
exchanged by routers periodically advertising a routing table. The Switch can be configured to receive
and incorporate routing table information sent from other routers, to only send routing information to
other routers, both send and receive routing information, or to neither send nor receive routing
information to or from other routers on the network.

72.2 Command Summary

The following section lists the commands for this feature.

Table 175 rip Command Summary

COMMAND DESCRIPTION M P
show router rip Displays global RIP settings. E 3

show ip protocols Displays the routing protocol the Switch is using and E 3
its administrative distance value.
router rip Enables and enters the RIP configuration mode on C 13
the Switch.
distance <10-255> When two different routing protocols, such as RIP C 13
and OSPF provide multiple routes to the same
destination, the Switch can use the administrative
distance of the route source to determine which
routing protocol to use and add the route to the
routing table.

Sets the administrative distance (from 10 to 255)

that is assigned to the routes learned by RIP.

The lower the administrative distance value is, the

more preferable the routing protocol is. If two
routes have the same administrative distance
value, the Switch uses the route that has the lowest
metric value.

Note: You cannot set two routing protocols to

have the same administrative distance.
exit Leaves the RIP configuration mode. C 13

no router rip Disables RIP on the Switch. C 13

Ethernet Switch CLI Reference Guide

265
Chapter 72 RIP Commands

Table 175 rip Command Summary (continued)

COMMAND DESCRIPTION M P
interface route-domain <ip-address>/ Enters the configuration mode for this routing C 13
<mask-bits> domain.

72.3 Command Examples

This example:

• Enables RIP.
• Enters the IP routing domain 172.16.1.1 with subnet mask 255.255.255.0.
• Sets the RIP direction in this routing domain to Both and the version to 2 with subnet broadcasting
(v2b); the Switch will send and receive RIP packets in this routing domain.
sysname(config)# router rip
sysname(config-rip)# exit
sysname(config)# interface route-domain 172.16.1.1/24
sysname(config-if)# ip rip direction Both version v2b

Ethernet Switch CLI Reference Guide

266
C H A P T E R 73
RMON

73.1 RMON Overview

Similar to SNMP, RMON (Remote Network Monitor) allows you to gather and monitor network traffic.

Both SNMP and RMON use an agent, known as a probe, which are software processes running on
network devices to collect information about network traffic and store it in a local MIB (Management
Information Base). With SNMP, a network manager has to constantly poll the agent to obtain MIB
information. The probe on the Switch communicates with the network manager via SNMP.

RMON groups contain detailed information about specific activities. The following table describes the
four RMON groups that your Switch supports.

Table 176 Supported RMON Groups

GROUP DESCRIPTION
Statistics Records current network traffic information on a specified Ethernet port.
History Records historical network traffic information on a specified Ethernet port for a certain time period.
Alarm Provides alerts when configured alarm conditions are met.
Event Defines event generation and resulting actions to be taken based on an alarm.

73.2 User Input Values

This section lists the common term definition appears in this chapter.

Table 177 rmon command user input values

USER INPUT DESCRIPTION
event-index This is an event’s index number in the event table, between 1 and 65535.

alarm-index This is an alarm’s index number in the alarm table, between 1 and 65535.

etherstats- This is an entry’s index number in the Ethernet statistics table, between 1 and 65535.
index
historycontrol This is an entry’s index number in the history control table, between 1 and 65535.
-index
owner This is a person’s name who will handle the event, alarm, historycontrol, or Ethernet statistics
entry.
interface-id This is a port that the Switch will poll for data.

Ethernet Switch CLI Reference Guide

267
Chapter 73 RMON

73.3 Command Summary

The following section lists the commands for this feature.

Table 178 rmon Command Summary

COMMAND DESCRIPTION M P
rmon alarm alarmtable <alarm-index> Sets an alarm that occurs when the sampled C 13
variable <variable> interval <interval- data exceeds the specified threshold. See
integer> sample-type <absolute|delta> Section 73.3.2 on page 269 for more
startup-alarm <startup-alarm> rising- information.
threshold <rising-integer> <event-index>
falling-threshold <falling-integer>
<event-index> [owner <owner>]
rmon event eventtable <event-index> [log] Sets the actions that the Switch takes when C 13
[trap <community>] [owner <owner>] an associated alarm is generated by the
[description <description>] Switch.

log: set this to have the Switch record the

logs for the alarm

trap <community>: set this to have the

Switch send a trap with the specified
community.

description: the description of the event.

rmon history historycontrol Sets RMON history configuration settings. C 13
<historycontrol-index> buckets <1-65535>
buckets <1-65535>: the number of data
interval <1-3600> port-channel <interface- samplings the network manager requests
id> [owner <owner>] the Switch to store. At the time of writing, the
Switch can only store up to 200 data
samplings although you can configure a
bucket number higher than 200.

interval <1-3600>: the time in seconds

between data samplings.
rmon statistics etherstats <etherstats- Sets to collect network traffic on the C 13
index> port-channel <interface-id> [owner specified Ethernet port since the last time
<owner>] the Switch was reset.

no rmon alarm alarmtable <alarm-index> Removes the specified alarm’s settings. C 13

no rmon event eventtable <event-index> Removes the action’s settings of the C 13

specified event.
no rmon history historycontrol Removes the RMON history configuration C 13
<historycontrol-index> settings for the specified event.

no rmon statistics etherstats <etherstats- Stops collecting network traffic for the C 13
index> specified event.

show rmon alarm alarmtable [alarm-index] Displays all or the specified alarm settings. E 3

show rmon event eventtable [event-index] Displays all or the specified event settings. E 3

show rmon history historycontrol [index Displays all historical network traffic statistics E 3
<historycontrol-index>] or only the specified entry’s.

show rmon history historycontrol port- Displays historical network traffic statistics for E 3
channel <interface-id> the specified port.

Ethernet Switch CLI Reference Guide

268
Chapter 73 RMON

Table 178 rmon Command Summary (continued)

COMMAND DESCRIPTION M P
show rmon statistics etherstats [index Displays all current network traffic statistics or E 3
<etherstats-index>] only the specified entry’s.

show rmon statistics etherstats port- Displays current network traffic statistics for E 3
channel <interface-id> the specified port.

73.3.1 RMON Event Command Example

This example shows how to configure the Switch’s action when an RMON event using the following
settings:

• event index number: 2

• enable event logging and SNMP traps: Yes
• the trap’s community: public
• who will handle this alarm: operator
• additional description for this event entry: test

This example also shows how to display the setting results.

ras# config
ras(config)# rmon event eventtable 2 log trap public owner operator description test
ras(config)# exit
ras# show rmon event eventtable 2
Event 2 owned by operator is valid
eventType: logandtrap
eventCommunity: public
eventDescription: test

73.3.2 RMON Alarm Command Example

Syntax:

rmon alarm alarmtable <alarm-index> variable <variable> interval <interval-integer>

sample-type <absolute|delta> startup-alarm <startup-alarm> rising-threshold
<rising-integer> <event-index> falling-threshold <falling-integer> <event-index>
[owner <owner>]

Ethernet Switch CLI Reference Guide

269
Chapter 73 RMON

where

1-65535 This is an alarm’s index number in the alarm table.

variable This is the variable(s) whose data is sampled. The allowed options are:

• [ifType.<port>]
• [ifMtu.<port>]
• [ifSpeed.<port>]
• [ifAdminStatus.<port>]
• [ifOperStatus.<port>]
• [ifLastChange.<port>]
• [ifInOctets.<port>]
• [ifInUcastPkts.<port>]
• [ifInNUcastPkts.<port>]
• [ifInDiscards.<port>]
• [ifInErrors.<port>]
• [ifInUnknownProtos.<port>]
• [ifOutOctets.<port>]
• [ifOutUcastPkts.<port>]
• [ifOutNUcastPkts.<port>]
• [ifOutDiscards.<port>]
• [ifOutErrors.<port>]
• [ifOutQLen.<port>]
• [sysMgmtCPUUsage.<index>]
• [sysMemoryPoolUtil.<index>]
• [<OID>]
interval-integer This is the time interval (in seconds) between data samplings.

absolute|delta This is the method of obtaining the sample value and calculating the value to be
compared against the thresholds.

• absolute - the sampling value of the selected variable will be compared

directly with the thresholds.
• delta - the last sampling value of the selected variable will be subtracted from
the current sampling value first. Then use the difference to compare with the
thresholds.
startup-alarm Specify when the Switch should generate an alarm regarding to the rising and/or
falling thresholds.

• risingAlarm - the Switch generates an alarm if the sampling value (or

calculated value) is greater than or equal to the rising threshold.
• fallingAlarm - the Switch generates an alarm if the sampling value (or
calculated value) is less than or equal to the falling threshold.
• risingOrFallingAlarm - the Switch generates an alarm either when the
sampling value (or calculated value) is greater than or equal to the rising
threshold or when the sampling value (or calculated value) is less than or equal
to the falling threshold.
rising-integer Specify an integer for the rising threshold. When the value is greater or equal to this
threshold, the Switch generates an alarm.
rising-event-index Specify an event’s index number (between 0 and 65535). The Switch will take the
corresponding action of the selected event for the rising alarm. Set this to 0 if you
do not want to take any action for the alarm.
falling-integer Specify an integer for the falling threshold. When the value is smaller or equal to this
threshold, the Switch generates an alarm.
falling-event-index Specify an event’s index number (between 0 and 65535). The Switch will take the
corresponding action of the selected event for the falling alarm. Set this to 0 if you
do not want to take any action for the alarm.
owner Specify who should handle this alarm.

This example shows you how to configure an alarm using the following settings:

Ethernet Switch CLI Reference Guide

270
Chapter 73 RMON

• alarm index number: 2

• variable: getting the number of errored packets received on port 1
• how often to get a data sample: every 60 seconds
• sampling method: delta
• when to send an alarm: when the value is higher than the rising threshold
• the rising threshold: 50
• which event’s action should be taken for the rising alarm: 2 (see Section 73.3.1 on page 269)
• the falling threshold: 0
• which event’s action should be taken for the falling alarm: 0 (see Section 73.3.1 on page 269)
• who will handle this alarm: operator

This example also shows how to display the setting results.

ras# config
ras(config)# rmon alarm alarmtable 2 variable ifInErrors.1 interval 60 sample-type
delta startup-alarm rising rising-threshold 50 2 falling-threshold 0 2 owner operator
ras(config)# exit
ras# show rmon alarm alarmtable
Alarm 2 owned by operator is valid
alarmVariable: ifInErrors.1
alarmInterval: 60
alarmSampleType: delta
alarmStartupAlarm: rising
alarmRisingThreshold: 50
alarmRisingEventIndex: 2
alarmFallingThreshold: 0
alarmFallingEventIndex: 0
Last value monitored: 0
ras#

73.3.3 RMON Statistics Command Example

This example shows how to configure the settings to display current network traffic statistics using the
following settings:

• the Ethernet statistics table entry’s index number: 1

• collecting data samples from which port: 12

Ethernet Switch CLI Reference Guide

271
Chapter 73 RMON

This example also shows how to display the data collection results.

ras# config
ras(config)# rmon statistics etherstats 1 port-channel 12
ras(config)# exit
ras# show rmon statistics etherstats index 1
Statistics 1 owned by is valid
Monitor on interface port-channel 12
etherStatsDropEvents: 0
etherStatsOctets: 1576159
etherStatsPkts: 19861
etherStatsBroadcastPkts: 16721
etherStatsMulticastPkts: 1453
etherStatsCRCAlignErrors: 2
etherStatsUndersizePkts: 0
etherStatsOversizePkts: 0
etherStatsFragments: 0
etherStatsJabbers: 0
etherStatsCollisions: 0
Packet length distribution:
64: 17952
65-127: 666
128-255: 671
256-511: 509
512-1023: 26
1024-1518: 37
ras#

73.3.4 RMON History Command Example

This example shows how to configure the settings to display historical network traffic statistics using the
following settings:

• the history control table entry’s index number: 1

• how many data sampling data you want to store: 10
• time interval between data samplings: 10 seconds
• collecting data samples from which port: 12

Ethernet Switch CLI Reference Guide

272
Chapter 73 RMON

This example also shows how to display the data collection results.

ras# config
ras(config)# rmon history historycontrol 1 buckets 10 interval 10 port-channel 12
ras(config)# exit
ras# show rmon history historycontrol index 1
History control 1 owned by is valid
Monitors interface port-channel 12 every 10 sec.
historyControlBucketsRequested: 10
historyControlBucketsGranted: 10
Monitored history 1:
Monitored at 0 days 00h:08m:59s
etherHistoryIntervalStart: 539
etherHistoryDropEvents: 0
etherHistoryOctets: 667217
etherHistoryPkts: 7697
etherHistoryBroadcastPkts: 5952
etherHistoryMulticastPkts: 505
etherHistoryCRCAlignErrors: 2
etherHistoryUndersizePkts: 0
etherHistoryOversizePkts: 0
etherHistoryFragments: 0
etherHistoryJabbers: 0
etherHistoryCollisions: 0
etherHistoryUtilization: 72
Monitored history 2:
Monitored at 0 days 00h:09m:08s
etherHistoryIntervalStart: 548
etherHistoryDropEvents: 0
etherHistoryOctets: 673408
etherHistoryPkts: 7759
etherHistoryBroadcastPkts: 5978
etherHistoryMulticastPkts: 519
etherHistoryCRCAlignErrors: 2
etherHistoryUndersizePkts: 0
etherHistoryOversizePkts: 0
etherHistoryFragments: 0
etherHistoryJabbers: 0
etherHistoryCollisions: 0
etherHistoryUtilization: 0
ras#

Ethernet Switch CLI Reference Guide

273
C H A P T E R 74
Running Configuration
Commands
Use these commands to back up and restore configuration and firmware.

74.1 Switch Configuration File

When you configure the Switch using either the CLI (Command Line Interface) or web configurator, the
settings are saved as a series of commands in a configuration file on the Switch called running-
config. You can perform the following with a configuration file:

• Back up Switch configuration once the Switch is set up to work in your network.
• Restore a previously-saved Switch configuration.
• Use the same configuration file to set all switches (of the same model) in your network to the same
settings.

You may also edit a configuration file using a text editor. Make sure you use valid commands.

Note: The Switch rejects configuration files with invalid or incomplete commands.

74.2 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 179 running-config User-input Values

COMMAND DESCRIPTION
attribute Possible values: active, name, speed-duplex, bpdu-control, flow-control,
intrusion-lock, vlan1q, vlan1q-member, bandwidth-limit, vlan-stacking,
port-security, broadcast-storm-control, mirroring, port-access-
authenticator, queuing-method, igmp-filtering, spanning-tree, mrstp,
protocol-based-vlan, port-based-vlan, mac-authentication, trtcm,
ethernet-oam, loopguard, arp-inspection, dhcp-snooping.

Ethernet Switch CLI Reference Guide

274
Chapter 74 Running Configuration Commands

The following section lists the commands for this feature.

Table 180 running-config Command Summary

COMMAND DESCRIPTION M P
show running-config [interface Displays the current configuration file. This file contains the E 3
port-channel <port-list> commands that change the Switch's configuration from
[<attribute> [<...>]]] the default settings to the current configuration.
Optionally, displays current configuration on a port-by-port
basis.
show running-config help Provides more information about the specified command. E 3

show running-config page Displays the current configuration file page by page. E 3

copy running-config interface Clones (copies) the attributes from the specified port to C 13
port-channel <port> <port-list> other ports. Optionally, copies the specified attributes from
[<attribute> [<...>]] one port to other ports.

copy running-config custom- Saves the current configuration settings permanently to a E 14

default customized default file on the Switch.

copy running-config help Provides more information about the specified command. C 13

copy running-config slot <slot> Clones (copies) the attributes from the specified slot to C 13
<slot-list> other slots.

copy running-config slot <slot> Copies the specified attributes from one slot to other slots. C 13
<slot-list> [bandwidth-limit
...]
erase running-config Resets the Switch to the factory default settings. E 13

erase running-config interface Resets to the factory default settings on a per-port basis E 13
port-channel <port-list> and optionally on a per-feature configuration basis.
[<attribute> [<...>]]
erase running-config help Provides more information about the specified command. E 13

reload custom-default Reboots the system and loads a saved customized default E 14
file on the Switch.

Note: This will save the customized default

configuration settings to both Configuration 1
and Configuration 2.

Note: If you did not save a customized default file in

the web configurator or CLI using copy
running-config custom-default, then the
factory default file is restored. You will then
have to make all your configurations again on
the Switch.

Note: For the GS2210 Series, you need to enable

custom default in the web configurator or CLI
using custom-default first.

Note: For the GS2210 Series, if you had saved a

Config 2 file in the web configurator or CLI
using write memory [<index>], but didn’t
save a customized default file, then the
Config 2 file is restored.

Ethernet Switch CLI Reference Guide

275
Chapter 74 Running Configuration Commands

Table 180 running-config Command Summary (continued)

COMMAND DESCRIPTION M P
reload factory-default Resets the Switch to the factory default settings, including E 14
default user name and password.
sync running-config Uses the current configuration on the active management E 13
card to update the current configuration on the standby
management card.

74.3 Command Examples

This example resets the Switch to the factory default settings.

sysname# erase running-config

sysname# write memory

This example copies all attributes of port 1 to port 2 and copies selected attributes (active, bandwidth
limit and STP settings) from port 1 to ports 5-8

sysname# configure
sysname(config)# copy running-config interface port-channel 1 2
sysname(config)# copy running-config interface port-channel 1 5-8 active
bandwidth-limit spanning-tree

Ethernet Switch CLI Reference Guide

276
C H A P T E R 75
sFlow
This chapter shows you how to configure sFlow to have the Switch monitor traffic in a network and send
information to an sFlow collector for analysis.

75.1 sFlow Overview

sFlow (RFC 3176) is a standard technology for monitoring switched networks. An sFlow agent embedded
on a switch or router gets sample data and packet statistics from traffic forwarded through its ports. The
sFlow agent then creates sFlow data and sends it to an sFlow collector. The sFlow collector is a server
that collects and analyzes sFlow datagram. An sFlow datagram includes packet header, input and
output interface, sampling process parameters and forwarding information.

sFlow minimizes impact on CPU load of the Switch as it analyzes sample data only. sFlow can
continuously monitor network traffic and create reports for network performance analysis and
troubleshooting. For example, you can use it to know which IP address or which type of traffic caused
network congestion.

75.2 Command Summary

The following section lists the commands for this feature.

Table 181 sflow Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port-list> Enters config-interface mode for the specified port(s). C 13

no sflow Disables sFlow on this port. C 13

no sflow collector <ip- Removes the specified collector IP address from the C 13
address> port.

sflow Enables sFlow on this port. The Switch will monitor traffic C 13
on this port and generate and send sFlow datagram to
the specified collector.
sflow collector <ip-address> Specifies a collector for this port. You can set a time C 13
[poll-interval <20-120>] interval (from 20 to 120 in seconds) the Switch waits
[sample-rate <256-65535>] before sending the sFlow datagram and packet
counters for this port to the collector. You can also set
a sample rate (N) from 256 to 65535. The Switch
captures every one out of N packets for this port to
create sFlow datagram.
no sflow Disables the sFlow agent on the Switch. C 13

no sflow collector <ip-address> Removes an sFlow collector entry. C 13

sflow Enables the sFlow agent on the Switch. C 13

Ethernet Switch CLI Reference Guide

277
Chapter 75 sFlow

Table 181 sflow Command Summary (continued)

COMMAND DESCRIPTION M P
sflow collector <ip-address> [udp- Configures an sFlow collector and the UDP port the C 13
port <udp-port>] Switch uses to send sFlow datagram to the collector.
The default UDP port is 6343.
show sflow Displays sFlow settings on the Switch. E 3

75.3 Command Examples

This example enables the sFlow agent on the Switch and configures an sFlow collector with the IP
address 10.1.1.58 and UDP port 6343. This example also enables sFlow on ports 1, 2, 3 and 4 and
configures the same collector, sample rate and poll interval for these ports.

sysname(config)# sflow
sysname(config)# sflow collector 10.1.1.58 udp-port 6343
sysname(config)# interface port-channel 1,2,3,4
sysname(config-interface)# sflow
sysname(config-interface)# sflow collector 10.1.1.58 poll-interval 120
sample-rate 2500
sysname(config-interface)# exit
sysname(config)# exit
sysname# show sflow
sFlow version: 5
sFlow Global Information:
sFlow Status: Active
index Collector Address UDP port
----- ----------------- --------
1 10.1.1.58 6343

sFlow Port Information:

Port Active Sample-rate Poll-interval Collector Address
---- ------ ----------- ------------- -----------------
1 Yes 2500 120 10.1.1.58
2 Yes 2500 120 10.1.1.58
3 Yes 2500 120 10.1.1.58
4 Yes 2500 120 10.1.1.58
5 No 32768 120 0.0.0.0
6 No 32768 120 0.0.0.0
7 No 32768 120 0.0.0.0
....

Ethernet Switch CLI Reference Guide

278
C H A P T E R 76
Smart Isolation Commands
This chapter explains how to use commands to configure smart isolation on the Switch.

76.1 Smart Isolation Overview

To block traffic between two specific ports within the Switch, you can use port isolation or private VLAN
(see Chapter 67 on page 250 for more information). However, it does not work across multiple switches.
For example, broadcast traffic from isolated ports on a switch (say B) can be forwarded to all ports on
other switches (A and C), including the isolated ports.

B
Isolated ports: 2~6
Root port: 7
Designated port: 8

Smart isolation allows you to prevent isolated ports on different switches from transmitting traffic to each
other. After you enable RSTP/MRSTP and smart isolation on the Switch, the designated port(s) will be
added to the isolated port list. In the following example, switch A is the root bridge. Switch B’s root port 7
connects to switch A and switch B’s designated port 8 connects to switch C. Traffic from isolated ports
on switch B can only be sent through non-isolated port 1 or root port 7 to switch A. This prevents isolated

Ethernet Switch CLI Reference Guide

279
Chapter 76 Smart Isolation Commands

ports on switch B sending traffic through designated port 8 to switch C. Traffic received on designated
port 8 from switch C will not be forwarded to any other isolated ports on switch B.

B
Before Smart Isolation:
Isolated ports: 2~6
Root port: 7
Designated port: 8
After Smart Isolation:
Isolated ports: 2~6, 8
C
Root port: 7
Designated port: 8

You should enable RSTP or MRSTP before you can use smart isolation on the Switch. If the network
topology changes, the Switch automatically updates the isolated port list with the latest designated
port information.

Note: The uplink port connected to the Internet should be the root port. Otherwise, with smart
isolation enabled, the isolated ports cannot access the Internet.

76.2 Command Summary

The following section lists the commands for this feature.

Table 182 smart-isolation Command Summary

COMMAND DESCRIPTION M P
no smart-isolation Disables smart isolation on the Switch. C 13

show smart-isolation Enables smart isolation on the Switch. E 3

smart-isolation Displays the smart isolation status and information on the C 13

Switch.

76.3 Command Examples

This example enables smart isolation and displays smart isolation status and information on the Switch.
You should have configured RSTP or MRSTP on the Switch in order to have smart isolation work by adding
the designated port(s) to the isolated port list. You also have created VLAN 200 and configured a

Ethernet Switch CLI Reference Guide

280
Chapter 76 Smart Isolation Commands

private VLAN rule for VLAN 200 to put ports 3, 4 and 5 in the isolated port list. In this example, the
designated port 7 is added to the isolated port list after smart isolation is enabled.

sysname# configure
sysname(config)# spanning-tree mode rstp
sysname(config)# spanning-tree
sysname(config)# spanning-tree priority 32768
sysname(config)# spanning-tree 3-5, 7-8
sysname(config)# vlan 200
sysname(config-vlan)# fixed 3-5, 7-8
sysname(config-vlan)# untagged 3-5, 7-8
sysname(config-vlan)# exit
sysname(config)# private-vlan name pvlan-200 vlan 200 promiscuous-port 7-8
sysname(config)# smart-isolation
sysname(config)# exit
sysname# show smart-isolation
smart isolation enable

Private VLAN:
Original VLAN:
VLAN 200
isolated 3-5
promiscuous 7-8

Smart Isolated VLAN:

VLAN 200
isolated 3-5,7
promiscuous 8

sysname#

The following table describes the labels in this screen.

Table 183 show smart-isolation

LABEL DESCRIPTION
Port isolation This section is available only when you have configured port isolation on the Switch.

The following fields display the port isolation information before and after smart
isolation is enabled.
original isolated ports This field displays the isolated port list before smart isolation is enabled.
smart isolated ports This field displays the isolated port list after smart isolation is enabled.
Private VLAN This section is available only when you have configured private VLAN on the Switch.

The following fields display the private VLAN information before and after smart
isolation is enabled.
Original VLAN This section displays the VLAN ID and isolated and promiscuous port list before smart
isolation is enabled
Smart Isolated VLAN This section displays the VLAN ID and isolated and promiscuous port list after smart
isolation is enabled

Ethernet Switch CLI Reference Guide

281
C H A P T E R 77
SNMP Server Commands
Use these commands to configure SNMP on the Switch.

77.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 184 snmp-server User-input Values

COMMAND DESCRIPTION
property 1-32 alphanumeric characters

options aaa: authentication, authorization, accounting.

interface: linkup, linkdown, autonegotiation, lldp, transceiver-ddm.

ip: ping, traceroute.

switch: stp, mactable, rmon, cfm.

system: coldstart, warmstart, fanspeed, temperature, voltage, reset, timesync,

intrusionlock, loopguard, errdisable, poe.

The following section lists the commands for this feature.

Table 185 snmp-server Command Summary

COMMAND DESCRIPTION M P
show snmp-server Displays SNMP settings. E 3

snmp-server <[contact <system- Sets the geographic location and the name of the person C 13
contact>] [location <system- in charge of this Switch.
location>]> system-contact: 1-32 English keyboard characters;
spaces are allowed.

system-location: 1-32 English keyboard characters;

spaces are allowed.
snmp-server version Sets the SNMP version to use for communication with the C 13
<v2c|v3|v3v2c> SNMP manager.

snmp-server get-community Sets the get community. Only for SNMPv2c or lower. C 13
[cipher] <property>
cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used in password
encryption. To encrypt the password, use the password
encryption command.
snmp-server set-community Sets the set community. Only for SNMPv2c or lower. C 13
[cipher] <property>
cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used in password
encryption. To encrypt the password, use the password
encryption command.

Ethernet Switch CLI Reference Guide

282
Chapter 77 SNMP Server Commands

Table 185 snmp-server Command Summary (continued)

COMMAND DESCRIPTION M P
snmp-server trap-community Sets the trap community. Only for SNMPv2c or lower. C 13
[cipher] <property>
cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used in password
encryption. To encrypt the password, use the password
encryption command.
snmp-server trap-destination Sets the IP addresses of up to four SNMP managers C 13
<ip> [udp-port <socket-number>] (stations to send your SNMP traps to). You can configure
[version <v1|v2c|v3>] [username up to four managers.
<name>]
snmp-server trap-destination Sets the types of SNMP traps that should be sent to the C 13
<ip> enable traps specified SNMP manager.
<aaa|interface|ip|switch|system options: enter the trap type you want to configure here,
> [options] such as timesync, intrusionlock, loopguard, errdisable, poe,
loginrecord, linkup, linkdown, autonegotiation, lldp,
transceiver-ddm, storm-control, zuld, authentication,
authorization, accounting, ping, traceroute, stp,
mactable, rmon, cfm, or classifier.
no snmp-server trap-destination Deletes the specified SNMP manager. C 13
<ip>
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
snmp trap [options] Enables sending of SNMP traps on this port. The Switch C 13
sends the related traps received on this port to the SNMP
manager.

options: enter the trap type you want to configure here,

such as intrusionlock, loopguard, errdisable, poe, linkup,
linkdown, autonegotiation, lldp, transceiver-ddm, storm-
control, or zuld.
no snmp trap [options] Disables sending of SNMP traps on this port. The Switch C 13
sends the related traps received on this port to the SNMP
manager.

options: enter the trap type you want to configure here,

such as intrusionlock, loopguard, errdisable, poe, linkup,
linkdown, autonegotiation, lldp, transceiver-ddm, storm-
control, or zuld.

Ethernet Switch CLI Reference Guide

283
Chapter 77 SNMP Server Commands

Table 185 snmp-server Command Summary (continued)

COMMAND DESCRIPTION M P
snmp-server username <name> sec- Sets the authentication level for SNMP v3 user C 14
level <noauth|auth|priv> [auth authentication. Optionally, specifies the authentication
<md5|sha> auth-password [cipher] and encryption methods for communication with the
<password>] | [priv <des|aes> SNMP manager.
priv-password [cipher] name: Enter the SNMP username.
<password>] group <group-name>
noauth: Use the username as the password string sent to
the SNMP manager. This is equivalent to the Get, Set and
Trap Community in SNMP v2c. This is the lowest security
level.

auth: Implement an authentication algorithm for SNMP

messages sent by this user.

priv: Implement privacy settings and encryption for SNMP

messages sent by this user. This is the highest security level.

auth-password: Set the authentication password for

SNMP messages sent by this user.

priv-password: Set the privacy settings password for

SNMP messages sent by this user.

group-name: Set the View-based Access Control Model

(VACM) group. Available group names are:

admin: The user belongs to the admin group and has

maximum access rights to the Switch.
readwrite: The user can read and configure the
Switch except for confidential options (such as user
account and AAA configuration options.)
readonly: The user can read but cannot make any
configuration changes.
cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used in password
encryption. To encrypt the password, use the password
encryption command.

Note: The settings on the SNMP manager must be

set at the same security level or higher than
the security level settings on the Switch.
no snmp-server username <name> Removes the specified SNMP user’s information. C 14

show snmp-server [user] Displays the SNMP information on the Switch. The user E 3
flag displays SNMP user information.

Table 186 snmp-server trap-destination enable traps Command Summary

COMMAND DESCRIPTION M P
snmp-server trap-destination Enables sending SNMP traps to a manager. C 13
<ip> enable traps
no snmp-server trap-destination Disables sending of SNMP traps to a manager. C 13
<ip> enable traps
snmp-server trap-destination Sends all AAA traps to the specified manager. C 13
<ip> enable traps aaa
no snmp-server trap-destination Prevents the Switch from sending any AAA traps to the C 13
<ip> enable traps aaa specified manager.

snmp-server trap-destination Sends the specified AAA traps to the specified manager. C 13
<ip> enable traps aaa <options>

Ethernet Switch CLI Reference Guide

284
Chapter 77 SNMP Server Commands

Table 186 snmp-server trap-destination enable traps Command Summary (continued)

COMMAND DESCRIPTION M P
no snmp-server trap-destination Prevents the Switch from sending the specified AAA traps C 13
<ip> enable traps aaa <options> to the specified manager.

snmp-server trap-destination Sends all interface traps to the specified manager. C 13

<ip> enable traps interface
no snmp-server trap-destination Prevents the Switch from sending any interface traps to the C 13
<ip> enable traps interface specified manager.

snmp-server trap-destination Sends the specified interface traps to the specified C 13

<ip> enable traps interface manager.
<options>
no snmp-server trap-destination Prevents the Switch from sending the specified interface C 13
<ip> enable traps interface traps to the specified manager.
<options>
snmp-server trap-destination Sends all IP traps to the specified manager. C 13
<ip> enable traps ip
no snmp-server trap-destination Prevents the Switch from sending any IP traps to the C 13
<ip> enable traps ip specified manager.

snmp-server trap-destination Sends the specified IP traps to the specified manager. C 13

<ip> enable traps ip <options>
no snmp-server trap-destination Prevents the Switch from sending the specified IP traps to C 13
<ip> enable traps ip <options> the specified manager.

snmp-server trap-destination Sends all switch traps to the specified manager. C 13

<ip> enable traps switch
no snmp-server trap-destination Prevents the Switch from sending any switch traps to the C 13
<ip> enable traps switch specified manager.

snmp-server trap-destination Sends the specified switch traps to the specified manager. C 13
<ip> enable traps switch
<options>
no snmp-server trap-destination Prevents the Switch from sending the specified switch traps C 13
<ip> enable traps switch to the specified manager.
<options>
snmp-server trap-destination Sends all system traps to the specified manager. C 13
<ip> enable traps system
no snmp-server trap-destination Prevents the Switch from sending any system traps to the C 13
<ip> enable traps system specified manager.

snmp-server trap-destination Sends the specified system traps to the specified manager. C 13
<ip> enable traps system
<options>
no snmp-server trap-destination Prevents the Switch from sending the specified system C 13
<ip> enable traps system traps to the specified manager.
<options>

Ethernet Switch CLI Reference Guide

285
Chapter 77 SNMP Server Commands

77.2 Command Examples

This example sets the Switch to not send the linkup and linkdown traps received on port 3 to the SNMP
manager.

sysname# configure
sysname(config)# interface port-channel 3
sysname(config-interface)# no snmp trap linkup linkdown

This example shows you how to display the SNMP information on the Switch.

sysname# show snmp-server

[General Setting]
SNMP Version : v2c
Get Community : public
Set Community : public
Trap Community : public

[ Trap Destination ]
Index Version IP Port Username
----- ------- ------------ ---- --------
1 v2c 0.0.0.0 162
2 v2c 0.0.0.0 162
3 v2c 0.0.0.0 162
4 v2c 0.0.0.0 162

This example shows you how to display all SNMP user information on the Switch.

sysname# show snmp-server user

[ User Information ]
Index Name SecurityLevel GroupName
----- ------ ------------- --------------
1 admin noauth admin

Ethernet Switch CLI Reference Guide

286
C H A P T E R 78
Stacking Commands

78.1 Overview
Stacking is directly connecting Switches to form a larger system that behaves as a single Switch or a
virtual chassis with increased port density.

The last two SFP ports of your Switch are dedicated for Switch stacking. These are the Switches that
support stacking at the time of writing.

Table 187 Switch Stacking

MODELS WITH STACKING SUPPORT
XGS3700-24
XGS3700-24HP
XGS3700-48
XGS3700-48HP
XGS4600-32
XGS4600-32F

Note: Up to 8 Switches (XGS3700 Series) or 4 Switches (XGS4600 Series) per stack are allowed.

You can manage each Switch in the stack from a master Switch using its web configurator or console.
Each Switch supports up to two stacking channels. Use the master Switch to assign a ‘slot ID’ for each
‘linecard’ non-master Switch. ‘Slot’ refers to a Switch in the ‘virtual chassis’ stack.

You can build a Switch stack using a ring or chain topology. In a ring topology, the last Switch is
connected to the first.

Note: When you change modes, all configurations except user accounts, but including
running configuration, config01 and config02 will be erased and the Switch will reboot
with a new config01. Therefore, you should back up previous configurations if you want
to reload them later.

Stacking will automatically choose a master Switch in a stack but you can overwrite that by actively
forcing a Switch to become a master Switch using the Stacking force-master command. This master
Switch will have the highest priority over all other stacked Switches even when they have same priority
value.

If two or more Switches have Stacking force-master enabled, then the Switch will use Stacking
priority to determine which is master. If they have the same Stacking priority, then the Switch
with the longest up-time is selected. Uptime is measured in increments of 10 minutes. The Switch with the
higher number of increments is selected. If they have the same uptime, then the Switch with the lowest
MAC address will be the master.

This is the master election priority in a stack system:

Ethernet Switch CLI Reference Guide

287
Chapter 78 Stacking Commands

1 Stacking force-master

2 Highest Stacking priority

3 Longest System Up Time

4 Lowest MAC Address

Note: Master election occurs when stacking / standalone mode changes or when a stacking
port is temporarily disconnected in stacking mode.

78.2 Command Summary

The following section lists the commands for this feature.

Table 188 stacking Command Summary

COMMAND DESCRIPTION M P
show stacking Shows stacking slot status. E 3

show stacking slot status Shows stacking information on each slot. E 3

show running-config Shows current Switch configuration including stacking slot E 3

summary.

Press [CTRL]+C to terminate the process.

show stacking slot <number> Shows stacking details for the specified slot. E 3

show system-information Shows Switch stacking mode. E 3

Stacking Enables stacking when the Switch is in standalone mode. C 13

The Switch will automatically reboot with a new config01.
no Stacking Enables standalone when the Switch is in stacking mode. C 13
The Switch will automatically reboot with a new config01.
Stacking priority <1-63> Sets switch stacking priority. C 13

Stacking force-master Enables force master mode which makes this Switch the C 13
master in the stack.
no Stacking force-master Disables force master mode. C 13

Stacking slot-id <current slot- Sets selected slot to auto mode. C 13

id> renumber auto
Stacking slot-id <current slot- Sets selected slot to new slot ID. C 13
id> renumber <new slot-id>
reload stacking-default Resets all configurations done since the change to E 13
stacking mode except username and password back to
the original settings.

Ethernet Switch CLI Reference Guide

288
Chapter 78 Stacking Commands

78.3 Command Examples

Use show system-information to show current Switch stacking mode.

sysname# show system-information

Product Model : XGS3700-48HP

System Name : XGS3700
System Mode : Standalone
System Contact :
System Location :
System up Time : 67:58:37 (e965d83 ticks)
Ethernet Address : 00:19:cb:00:00:02
Bootbase Version : V1.00 | 03/27/2013
ZyNOS F/W Version : V4.20(AAGF.0)b4 | 08/12/2014
Config Boot Image : 1
Current Boot Image : 1
RomRasSize : 6550116
sysname#

Use the following procedure to create a stack:

1 Select a Switch to be the master. Change its mode to stacking mode. You will see a message asking you
to confirm the change. Press [Y] to confirm and the Switch will reboot automatically using a new
config01.

2 After reboot completes, the master LED will turn on.

3 Force the Switch to be master, configure stacking priority to a high value, such as 63 and set its slot ID to
1.

sysname# configure terminal

sysname(config)# stacking
System will erase all configuration and reboot. Continue? [y/N]y
< reboot…….>

sysname(config)# stacking force-master

sysname(config)# stacking priority 63
sysname(config)# stacking slot-id 1 renumber 1

4 Change a second Switch to stacking mode and wait for it to finish rebooting automatically. This master
LED will also turn on.

sysname# configure terminal

sysname(config)# stacking
System will erase all configuration and reboot. Continue? [y/N]y
< reboot…….>

Ethernet Switch CLI Reference Guide

289
Chapter 78 Stacking Commands

5 Connect the two Switches using the stacking ports for the Switch defined.

6 The second Switch master LED will then turn off, and its Sys LED will blink while it's initializing. Please wait
until it stops blinking, indicating that it has joined the stack.

7 Repeat steps 4 to 6 to connect other Switches to the stack.

Use these commands to then see the stacking status of the stack, see details of the slots in the stack and
see details of an individual slot.

sysname# show stacking

Slot Id Type Status MAC address Role
------- ------------ ------ ----------------- ------
*1 XGS3700-48HP active 00:19:cb:00:00:02 master
2 - - - -
3 - - - -
4 - - - -
5 - - - -
6 - - - -
7 - - - -
8 - - - -

Stacking Topology:Chain
sysname#
sysname# show stacking slot status
Slot Name Status Up Time Version(Running/Flash1/Flash2)
---- ------------ -------- ----------- ------------------------------
*1 XGS3700-48HP active 68:20:57 V4.20(AAGF.0)b4
V4.20(AAGF.0)b4
V4.10(AAGF.5)b1
2 inactive
3 inactive
4 inactive
5 inactive
6 inactive
7 inactive
8 inactive

sysname#
sysname# show stacking slot 1
Stacking Slot 1 Information
Stacking : active
Role : master
Force Master Mode : active
Priority : 63
Slot ID after reboot : 1
Stacking Status : active
Master Capable : auto
Stacking MAC Address : 00:19:cb:00:00:02
Stacking-channel 1 : down
Stacking-channel 2 : down
Stacking Up Time : 68:19:41
ZyNOS Version
Running : V4.20(AAGF.0)b4
Flash 1 : V4.20(AAGF.0)b4
Flash 2 : V4.10(AAGF.5)b1
sysname#

Ethernet Switch CLI Reference Guide

290
Chapter 78 Stacking Commands

Use these commands to see the stacking mode on a Switch.

sysname# show running-config

Building configuration...

Current configuration:

;; slot 1 type XGS3700-48HP

stacking force-master
vlan 1
name 1
fixed 1/1-1/50
forbidden ""
untagged 1/1-1/50
ip address 172.23.30.223 255.255.0.0
exit
interface route-domain 172.23.30.223/16
exit
ip address 192.168.0.1 255.255.0.0
ip address default-gateway 192.168.0.254
service-control http 80 255
service-control console 255
service-control telnet 23 255
sysname#

sysname# show system-information

Product Model : XGS3700-48HP

System Name : XGS3700
System Mode : Stacking
System Contact :
System Location :
System up Time : 67:58:37 (e965d83 ticks)
Ethernet Address : 00:19:cb:00:00:02
Bootbase Version : V1.00 | 03/27/2013
ZyNOS F/W Version : V4.20(AAGF.0)b4 | 08/12/2014
Config Boot Image : 1
Current Boot Image : 1
RomRasSize : 6550116
sysname#

Ethernet Switch CLI Reference Guide

291
C H A P T E R 79
STP and RSTP Commands
Use these commands to configure Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol
(RSTP) as defined in the following standards.

• IEEE 802.1D Spanning Tree Protocol

• IEEE 802.1w Rapid Spanning Tree Protocol

See Chapter 55 on page 210 and Chapter 56 on page 213 for more information on MRSTP and MSTP
commands respectively. See also Chapter 47 on page 193 for information on loopguard commands.

79.1 Command Summary

The following section lists the commands for this feature.

Table 189 spanning-tree Command Summary

COMMAND DESCRIPTION M P
show spanning-tree config Displays Spanning Tree Protocol (STP) settings. E 3

spanning-tree mode Specifies the STP mode you want to implement on the C 13
<RSTP|MRSTP|MSTP> Switch.

spanning-tree Enables STP on the Switch. C 13

no spanning-tree Disables STP on the Switch. C 13

spanning-tree hello-time <1-10> Sets Hello Time, Maximum Age and Forward Delay. C 13
maximum-age <6-40> forward-delay
hello-time: The time interval in seconds between BPDU
<4-30> (Bridge Protocol Data Units) configuration message
generations by the root switch.

maximum-age: The maximum time (in seconds) the Switch

can wait without receiving a BPDU before attempting to
reconfigure.

forward-delay: The maximum time (in seconds) the

Switch will wait before changing states.
spanning-tree priority <0-61440> Sets the bridge priority of the Switch. The lower the numeric C 13
value you assign, the higher the priority for this bridge.

priority: Must be a multiple of 4096.

spanning-tree <port-list> Enables STP on a specified ports. C 13

no spanning-tree <port-list> Disables STP on listed ports. C 13

Ethernet Switch CLI Reference Guide

292
Chapter 79 STP and RSTP Commands

Table 189 spanning-tree Command Summary (continued)

COMMAND DESCRIPTION M P
spanning-tree <port-list> edge- Sets the specified ports as edge ports. This allows the port C 13
port to transition to a forwarding state immediately without
having to go through the listening and learning states.

Note: An edge port becomes a non-edge port as

soon as it receives a Bridge Protocol Data
Units (BPDU).
no spanning-tree <port-list> Sets the listed ports as non-edge ports. C 13
edge-port
spanning-tree <port-list> path- Specifies the cost of transmitting a frame to a LAN through C 13
cost <1-65535> the port(s). It is assigned according to the speed of the
bridge.
spanning-tree <port-list> Sets the priority for the specified ports. Priority decides C 13
priority <0-255> which port should be disabled when more than one port
forms a loop in a Switch. Ports with a higher priority numeric
value are disabled first.
spanning-tree <port-list> Enables root guard on the specified port in order to C 13
rootguard prevent the switch(es) attached to the port from
becoming the root bridge.
no spanning-tree <port-list> Disables root guard on a port. C 13
rootguard
spanning-tree help Provides more information about the specified command. C 13

79.2 Command Examples

This example configures STP in the following ways:

1 Enables STP on the Switch.

2 Sets the bridge priority of the Switch to 0.

3 Sets the Hello Time to 4, Maximum Age to 20 and Forward Delay to 15.

4 Enables STP on port 5 with a path cost of 150.

5 Sets the priority for port 5 to 20.

sysname(config)# spanning-tree
sysname(config)# spanning-tree priority 0
sysname(config)# spanning-tree hello-time 4 maximum-age 20 forward-delay
--> 15
sysname(config)# spanning-tree 5 path-cost 150
sysname(config)# spanning-tree 5 priority 20

Ethernet Switch CLI Reference Guide

293
Chapter 79 STP and RSTP Commands

This example shows the current STP settings.

sysname# show spanning-tree config

Bridge Info:
(a)BridgeID: 8000-001349aefb7a
(b)TimeSinceTopoChange: 9
(c)TopoChangeCount: 0
(d)TopoChange: 0
(e)DesignatedRoot: 8000-001349aefb7a
(f)RootPathCost: 0
(g)RootPort: 0x0000
(h)MaxAge: 20 (seconds)
(i)HelloTime: 2 (seconds)
(j)ForwardDelay: 15 (seconds)
(k)BridgeMaxAge: 20 (seconds)
(l)BridgeHelloTime: 2 (seconds)
(m)BridgeForwardDelay: 15 (seconds)
(n)TransmissionLimit: 3
(o)ForceVersion: 2

The following table describes the labels in this screen.

Table 190 show spanning-tree config

LABEL DESCRIPTION
BridgeID This field displays the unique identifier for this bridge, consisting of bridge priority plus
MAC address.
TimeSinceTopoChange This field displays the time since the spanning tree was last reconfigured.
TopoChangeCount This field displays the number of times the spanning tree has been reconfigured.
TopoChange This field indicates whether or not the current topology is stable.

0: The current topology is stable.

1: The current topology is changing.

DesignatedRoot This field displays the unique identifier for the root bridge, consisting of bridge priority
plus MAC address.
RootPathCost This field displays the path cost from the root port on this Switch to the root switch.
RootPort This field displays the priority and number of the port on the Switch through which this
Switch must communicate with the root of the Spanning Tree.
MaxAge This field displays the maximum time (in seconds) the root switch can wait without
receiving a configuration message before attempting to reconfigure.
HelloTime This field displays the time interval (in seconds) at which the root switch transmits a
configuration message.
ForwardDelay This field displays the time (in seconds) the root switch will wait before changing states
(that is, listening to learning to forwarding).
BridgeMaxAge This field displays the maximum time (in seconds) the Switch can wait without receiving
a configuration message before attempting to reconfigure.
BridgeHelloTime This field displays the time interval (in seconds) at which the Switch transmits a
configuration message.
BridgeForwardDelay This field displays the time (in seconds) the Switch will wait before changing states (that
is, listening to learning to forwarding).

Ethernet Switch CLI Reference Guide

294
Chapter 79 STP and RSTP Commands

Table 190 show spanning-tree config (continued)

LABEL DESCRIPTION
TransmissionLimit This field displays the maximum number of BPDUs that can be transmitted in the interval
specified by BridgeHelloTime.
ForceVersion This field indicates whether BPDUs are RSTP (a value less than 3) or MSTP (a value
greater than or equal to 3).

In this example, we enable RSTP on ports 21-24. Port 24 is connected to the host while ports 21-23 are
connected to another switch

sysname(config)# configure
sysname(config)# spanning-tree
sysname(config)# spanning-tree 21-24
sysname(config)# no spanning-tree 21-23 edge-port

Ethernet Switch CLI Reference Guide

295
C H A P T E R 80
SSH Commands
Use these commands to configure SSH on the Switch.

80.1 Command Summary

The following section lists the commands for this feature.

Table 191 ssh Command Summary

COMMAND DESCRIPTION M P
show ssh Displays general SSH settings. E 3

show ssh session Displays current SSH session(s). E 3

show ssh known-hosts Displays known SSH hosts information. E 3

ssh known-hosts <host-ip> Adds a remote host to which the Switch can access using C 13
<1024|ssh-rsa|ssh-dsa> <key> SSH service.

no ssh known-hosts <host-ip> Removes the specified remote hosts from the list of all C 13
known hosts.
no ssh known-hosts <host-ip> Removes the specified remote hosts with the specified C 13
<1024|ssh-rsa|ssh-dsa> public key (1024-bit RSA1, RSA or DSA).

show ssh key <rsa1|rsa|dsa> Displays internal SSH public and private key information. E 3

no ssh key <rsa1|rsa|dsa> Disables the secure shell server encryption key. Your Switch C 13
supports SSH versions 1 and 2 using RSA and DSA
authentication.
ssh <1|2> <[user@]dest-ip> Connects to an SSH server with the specified SSH version E 3
[command </>] and, optionally, adds commands to be executed on the
server.

80.2 Command Examples

This example disables the secure shell RSA1 encryption key and removes remote hosts 172.165.1.8 and
172.165.1.9 (with an SSH-RSA encryption key) from the list of known hosts.

sysname(config)# no ssh key rsa1

sysname(config)# no ssh known-hosts 172.165.1.8
sysname(config)# no ssh known-hosts 172.165.1.9 ssh-rsa

Ethernet Switch CLI Reference Guide

296
Chapter 80 SSH Commands

This example shows the general SSH settings.

sysname# show ssh

Configuration
Version : SSH-1 & SSH-2 (server & client), SFTP (server)
Server : Enabled
Port : 22
Host key bits : 1024
Server key bits : 768
Support authentication: Password
Support ciphers : AES, 3DES, RC4, Blowfish, CAST
Support MACs : MD5, SHA1
Compression levels : 1~9

Sessions:
Proto Serv Remote IP Port Local IP Port Bytes In
Bytes Out

The following table describes the labels in this screen.

Table 192 show ssh

LABEL DESCRIPTION
Configuration
Version This field displays the SSH versions and related protocols the Switch supports.
Server This field indicates whether or not the SSH server is enabled.
Port This field displays the port number the SSH server uses.
Host key bits This field displays the number of bits in the Switch’s host key.
Server key bits This field displays the number of bits in the SSH server’s public key.
Support authentication This field displays the authentication methods the SSH server supports.
Support ciphers This field displays the encryption methods the SSH server supports.
Support MACs This field displays the message digest algorithms the SSH server supports.
Compression levels This field displays the compression levels the SSH server supports.
Sessions This section displays the current SSH sessions.
Proto This field displays the SSH protocol (SSH-1 or SSH-2) used in this session.
Serv This field displays the type of SSH state machine (SFTP or SSH) in this session.
Remote IP This field displays the IP address of the SSH client.
Port This field displays the port number the SSH client is using.
Local IP This field displays the IP address of the SSH server.
Port This field displays the port number the SSH server is using.
Bytes In This field displays the number of bytes the SSH server has received from the SSH client.
Bytes Out This field displays the number of bytes the SSH server has sent to the SSH client.

Ethernet Switch CLI Reference Guide

297
C H A P T E R 81
Static Multicast Commands
Use these commands to tell the Switch how to forward specific multicast frames to specific port(s). You
can also configure which to do with unknown multicast frames using the router igmp unknown-
multicast-frame command (see Table 87 on page 121).

81.1 Command Summary

The following section lists the commands for this feature.

Table 193 multicast-forward Command Summary

COMMAND DESCRIPTION M P
show mac address-table multicast Displays the multicast MAC address table. E 3

multicast-forward name <name> Creates a new static multicast forwarding rule. The rule C 13
mac <mac-addr> vlan <vlan-id> name can be up to 32 printable ASCII characters.
inactive mac-addr: Enter a multicast MAC address which identifies
the multicast group. The last binary bit of the first octet pair
in a multicast MAC address must be 1. For example, the
first octet pair 00000001 is 01 and 00000011 is 03 in
hexadecimal, so 01:00:5e:00:00:0A and 03:00:5e:00:00:27
are valid multicast MAC addresses.

vlan-id: A VLAN identification number.

Note: Static multicast addresses do not age out.

multicast-forward name <name> Associates a static multicast forwarding rule with specified C 13
mac <mac-addr> vlan <vlan-id> port(s) within a specified VLAN.
interface port-channel <port-
list>
no multicast-forward mac <mac- Removes a specified static multicast rule. C 13
addr> vlan <vlan-id>
no multicast-forward mac <mac- Activates a specified static multicast rule. C 13
addr> vlan <vlan-id> inactive

Ethernet Switch CLI Reference Guide

298
Chapter 81 Static Multicast Commands

81.2 Command Examples

This example shows the current multicast table. The Type field displays User for rules that were manually
added through static multicast forwarding or displays System for rules the Switch has automatically
learned through IGMP snooping.

sysname# show mac address-table multicast

MAC Address VLAN ID Type Port
01:02:03:04:05:06 1 User 1-2
01:02:03:04:05:07 2 User 2-3
01:02:03:04:05:08 3 User 1-12
01:02:03:04:05:09 4 User 9-12
01:a0:c5:aa:aa:aa 1 System 1-12

This example removes a static multicast forwarding rule with multicast MAC address (01:00:5e:06:01:46)
which belongs to VLAN 1.

sysname# no multicast-forward mac 01:00:5e:06:01:46 vlan 1

This example creates a static multicast forwarding rule. The rule forwards frames with destination MAC
address 01:00:5e:00:00:06 to ports 10~12 in VLAN 1.

sysname# configure
sysname(config)# multicast-forward name AAA mac 01:00:5e:00:00:06 vlan 1
interface port-channel 10-12

Ethernet Switch CLI Reference Guide

299
C H A P T E R 82
Static Route Commands
Use these commands to tell the Switch how to forward IP traffic. IP static routes are used by layer-2
Switches to ensure they can respond to management stations not reachable via the default gateway
and to proactively send traffic, for example when sending SNMP traps or conducting IP connectivity
tests using ping.

Layer-3 Switches use static routes to forward traffic via gateways other than those defined as the default
gateway.

82.1 Command Summary

The following section lists the commands for this feature.

Table 194 ip route Command Summary

COMMAND DESCRIPTION M P
show ip route Displays the IP routing table. E 3

show ip route static Displays the static routes. E 3

ip route <ip> <mask> <next-hop- Creates a static route. If the <ip> <mask> already exists, C 13
ip> [metric <metric>] [name the Switch deletes the existing route first. Optionally, also
<name>] [inactive] sets the metric, sets the name, and/or deactivates the
static route.

metric: 1-15

name: 1-10 English keyboard characters

Note: If the <next-hop-ip> is not directly

connected to the Switch, you must make the
static route inactive.
no ip route <ip> <mask> Removes a specified static route. C 13

no ip route <ip> <mask> <next- Removes a specified static route. C 13

hop-ip>
no ip route <ip> <mask> inactive Enables a specified static route. C 13

no ip route <ip> <mask> <next- Enables a specified static route. C 13

hop-ip> inactive

Ethernet Switch CLI Reference Guide

300
Chapter 82 Static Route Commands

82.2 Command Examples

This example shows the current routing table.

sysname# show ip route

Dest FF Len Device Gateway Metric stat Timer Use

Route table in VPS00

172.16.37.0 00 24 swp00 172.16.37.206 1 041b 0 1494
127.0.0.0 00 16 swp00 127.0.0.1 1 041b 0 0
0.0.0.0 00 0 swp00 172.16.37.254 1 801b 0 12411

Original Global Route table

The following table describes the labels in this screen.

Table 195 show ip route

LABEL DESCRIPTION
Dest This field displays the destination network number. Along with Len, this field defines the
range of destination IP addresses to which this entry applies.
FF This field is reserved.
Len This field displays the destination subnet mask. Along with Dest, this field defines the
range of destination IP addresses to which this entry applies.
Device This field is reserved.
Gateway This field displays the IP address to which the Switch forwards packets whose
destination IP address is in the range defined by Dest and Len.
Metric This field displays the cost associated with this entry.
stat This field is reserved.
Timer This field displays the number of remaining seconds this entry remains valid. It displays 0
if the entry is always valid.
Use This field displays the number of times this entry has been used to forward packets.

In this routing table, you can create an active static route if the <next-hop-ip> is in 172.16.37.0/24 or
127.0.0.0/16. You cannot create an active static route to other IP addresses.

For example, you cannot create an active static route that routes traffic for 192.168.10.1/24 to
192.168.1.1.

sysname# configure
sysname(config)# ip route 192.168.10.1 255.255.255.0 192.168.1.1
Error : The Action is failed. Please re-configure setting.

You can create this static route if it is inactive, however.

sysname# configure
sysname(config)# ip route 192.168.10.1 255.255.255.0 192.168.1.1 inactive

Ethernet Switch CLI Reference Guide

301
Chapter 82 Static Route Commands

You can create an active static route that routes traffic for 192.168.10.1/24 to 172.16.37.254.

sysname# configure
sysname(config)# ip route 192.168.10.1 255.255.255.0 172.16.37.254
sysname(config)# exit
sysname# show ip route static
Idx Active Name Dest. Addr. Subnet Mask Gateway Addr.
Metric
01 Y static 192.168.10.1 255.255.255.0 172.16.37.254 1

Ethernet Switch CLI Reference Guide

302
C H A P T E R 83
Subnet-based VLAN
Commands
Use these commands to configure subnet-based VLANs on the Switch.

83.1 Subnet-based VLAN Overview

Subnet-based VLANs allow you to group traffic based on the source IP subnet you specify. This allows
you to assign priority to traffic from the same IP subnet.

See also Chapter 68 on page 255 for protocol-based VLAN commands and Chapter 92 on page 321 for
VLAN commands.

83.2 Command Summary

The following section lists the commands for this feature.

Table 196 subnet-based-vlan Command Summary

COMMAND DESCRIPTION M P
show subnet-vlan Displays subnet based VLAN settings on the Switch. E 3

subnet-based-vlan Enables subnet based VLAN on the Switch. C 13

subnet-based-vlan dhcp-vlan- Sets the Switch to force the DHCP clients to obtain their IP C 13
override addresses through the DHCP VLAN.

subnet-based-vlan name <name> Specifies the name, IP address, subnet mask, VLAN ID of C 13
source-ip <ip> mask-bits <mask- the subnet based VLAN you want to configure along with
bits> vlan <vlan-id> priority the priority you want to assign to the outgoing frames for
<0-7> this VLAN.

subnet-based-vlan name <name> Specifies the name, IP address, subnet mask, source-port C 13
source-ip <ip> mask-bits <mask- and VLAN ID of the subnet based VLAN you want to
bits> source-port <port> vlan configure along with the priority you want to assign to the
<vlan-id> priority <0-7> outgoing frames for this VLAN.

Note: Implementation on a per port basis is not

available on all models.
subnet-based-vlan name <name> Disables the specified subnet-based VLAN. C 13
source-ip <ip> mask-bits <mask-
bits> vlan <vlan-id> priority
<0-7> inactive
no subnet-based-vlan Disables subnet-based VLAN on the Switch. C 13

Ethernet Switch CLI Reference Guide

303
Chapter 83 Subnet-based VLAN Commands

Table 196 subnet-based-vlan Command Summary (continued)

COMMAND DESCRIPTION M P
no subnet-based-vlan source-ip Removes the specified subnet from the subnet-based C 13
<ip> mask-bits <mask-bits> VLAN configuration.

no subnet-based-vlan dhcp-vlan- Disables the DHCP VLAN override setting for subnet-based C 13
override VLAN(s).

83.3 Command Examples

This example configures a subnet-based VLAN (subnet1VLAN) with priority 6 and a VID of 200 for traffic
received from IP subnet 172.16.37.1/24.

sysname# subnet-based-vlan name subnet1VLAN source-ip 172.16.37.1 mask-bits

--> 24 vlan 200 priority 6
sysname(config)# exit
sysname# show subnet-vlan

Global Active :Yes

Name Src IP Mask-Bits Vlan Priority Entry Active
----------- ----------- --------- ---- -------- ------------
subnet1VLAN 172.16.37.1 24 200 6 1

Ethernet Switch CLI Reference Guide

304
C H A P T E R 84
Syslog Commands
Use these commands to configure the device’s system logging settings and to configure the external
syslog servers.

84.1 Command Summary

The following table describes user-input values available in multiple commands for this feature.

Table 197 syslog User-input Values

COMMAND DESCRIPTION
type Possible values: system, interface, switch, aaa, ip.

The following section lists the commands for this feature.

Table 198 syslog Command Summary

COMMAND DESCRIPTION M P
syslog Enables syslog logging. C 13

no syslog Disables syslog logging. C 13

Table 199 syslog server Command Summary

COMMAND DESCRIPTION M P
syslog server <ip-address> level Sets the IPv4 or IPv6 address of the syslog server and the C 13
<level> [udp <socket-number>] severity level. The default UDP port is 514.

level: 0-7
no syslog server <ip-address> Deletes the specified syslog server. C 13

syslog server <ip-address> Disables syslog logging to the specified syslog server. C 13
inactive
no syslog server <ip-address> Enables syslog logging to the specified syslog server. C 13
inactive

Table 200 syslog type Command Summary

COMMAND DESCRIPTION M P
syslog type <type> Enables syslog logging for the specified log type. C 13

syslog type <type> facility <0- Sets the file location for the specified log type. C 13
7>
syslog type commands privilege Sets a command privilege level. The Switch will only C 13
<0-14> generate logs for commands that have a privilege level
greater than or equal to the specified privilege level.
no syslog type <type> Disables syslog logging for the specified log type. C 13

Ethernet Switch CLI Reference Guide

305
P ART V
Reference T-Z
TACACS+ Commands (307)

Tech Support Commands (308)

TFTP Commands (311)

Time Range Commands (312)

Trunk Commands (315)

trTCM Commands (318)

VLAN Commands (321)

VLAN IP Commands (327)

VLAN Mapping Commands (329)

VLAN Port Isolation Commands (331)

VLAN Stacking Commands (332)

VLAN Trunking Commands (335)

Voice VLAN Commands (336)

VRRP Commands (339)

Additional Commands (344)

306
C H A P T E R 85
TACACS+ Commands
Use these commands to configure external TACACS+ (Terminal Access Controller Access-Control
System Plus) servers.

85.1 Command Summary

The following section lists the commands for this feature.

Table 201 tacacs-server Command Summary

COMMAND DESCRIPTION M P
show tacacs-server Displays TACACS+ server settings. E 3

tacacs-server host <index> <ip> Specifies the IP address of the specified TACACS+ server. C 14
[auth-port <socket-number>] [key Optionally, sets the port number and key of the TACACS+
[cipher] <key-string>] server.

index: 1 or 2.

cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used in password
encryption. To encrypt the password, use the password
encryption command.

key-string: 1-32 alphanumeric characters.

tacacs-server mode <index- Specifies the mode for TACACS+ server selection. C 14
priority|round-robin>
tacacs-server timeout <1-1000> Specifies the TACACS+ server timeout value. C 14

no tacacs-server <index> Disables TACACS+ authentication on the specified server. C 14

Table 202 tacacs-accounting Command Summary

COMMAND DESCRIPTION M P
show tacacs-accounting Displays TACACS+ accounting server settings. E 3

tacacs-accounting timeout <1- Specifies the TACACS+ accounting server timeout value. C 13
1000>
tacacs-accounting host <index> Specifies the IP address of the specified TACACS+ C 13
<ip> [acct-port <socket-number>] accounting server. Optionally, sets the port number and
[key [cipher] <key-string>] key of the external TACACS+ accounting server.

index: 1 or 2.

cipher: inform the Switch that the string after the word
"cipher" is an encrypted secret. This is used in password
encryption. To encrypt the password, use the password
encryption command.

key-string: 1-32 alphanumeric characters.

no tacacs-accounting <index> Disables TACACS+ accounting on the specified server. C 13

Ethernet Switch CLI Reference Guide

307
C H A P T E R 86
Tech Support Commands

86.1 Tech-Support Overview

The Tech-Support feature is a log Enhancement tool that logs useful information such as CPU utilization
history, memory and Mbuf (Memory Buffer) information and crash reports for issue analysis that’s
collected by customer support should you have difficulty with your Switch. The Tech Support Command
Line Interface eases your effort in obtaining these reports. Type show tech-support command to see
the log reports.

86.2 Command Summary

The following section lists the commands for this feature.

Table 203 Tech Support Command Summary

COMMAND DESCRIPTION M P
show tech-support Shows all tech-support log reports. E 13

show tech-support cpu Shows CPU history log. The log report holds 7 days of CPU E 13
log data and is stored in volatile memory (RAM). The data
is lost if the Switch is turned off or in event of power outage.
After 7 days, the logs wrap around and new ones and
replace the earliest ones.
show tech-support memory Shows the last memory session log before the Switch is E 13
turned off or in event of power outage.
show tech-support mbuf Shows the mbuf that is higher than the threshold. Default E 13
mbuf value is 50.
show tech-support crash Shows the last crash log before the Switch is turned off or in E 13
event of power outage.
tech-support cpu <threshold> Sets the CPU threshold and time value for CPU utilization C 13
keep <time> history report. Default CPU value is 80 and time 5.

cpu threshold: a number between and including 50 and

100.

time: a number between and including 5 to 60.

tech-support mbuf <threshold> Sets the Memory Buffer threshold for mbuf report. C 13

mbuf threshold: a number between and including 50 to

100.

Ethernet Switch CLI Reference Guide

308
Chapter 86 Tech Support Commands

86.3 command examples

This example sets the mbuf threshold to 60%, checks the mbuf threshold setting and generates the mbuf
log report.

sysname# config <cr>

sysname(config)#
sysname(config)# tech-support mbuf 60 <cr>
sysname (config)#
sysname(config)# exit <cr>
sysname# show run <cr>
sysname# Building configuration...
Current configuration:
tech-support mbuf 60
sysname#
sysname# show tech-support mbuf
Tech-support version: v1.1
time : 0:23:18#@###### show system-information
###########################msc
lock = 1398080

Product Model : GS2210-24

System Name : GS2210
System Contact :
System Location :
System up Time : 0:23:18 (22220 ticks)
Ethernet Address : 00:19:cb:ba:11:01
Bootbase Version : V1.00 | 12/18/2013
ZyNOS F/W Version : V4.10(AAND.0)20140120 | 01/20/2014
Config Boot Image : 1
Current Boot Image : 1
RomRasSize : 3206408

time : 0:23:18#@###### show time

#########################################msc
lock = 1398090
Current Time 00:23:08 (UTC)
Current Date 1970-01-01

time : 0:23:18#@###### mbuf log

#####################################msclock
= 1398090
time: 1970-1-1 0:19:8
Pool ID: 0, Type: 0, used/max cnt: 19/20
8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c
8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c
8005c92c 8005c92c 8005c92c
Pool ID: 0, Type: 1, used/max cnt: 17/20
8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c
8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c 8005c92c
8005c92c
Pool ID: 0, Type: 2, used/max cnt: 3/60
8005c92c 8005c92c 0
Pool ID: 1, Type: 0, used/max cnt: 0/96
Pool ID: 1, Type: 1, used/max cnt: 0/96
Pool ID: 1, Type: 2, used/max cnt: 0/300

Ethernet Switch CLI Reference Guide

309
Chapter 86 Tech Support Commands

This example sets the CPU threshold to 80 and time to 5. Then uses the command show logging to see
the log.

sysname# config <cr>

sysname(config)#
sysname(config)# tech-support cpu 80 keep 5 <cr>
sysname (config)#
sysname(config)# exit <cr>
sysname#
sysname# show logging
1 Jan 01 02:52:55 IN authentication: CLI user admin login
2 Jan 01 02:52:54 NO authentication: Console authentication failure
[username: ]
3 Jan 01 00:01:20 NO system: System cold start
4 Jan 01 00:01:20 AL system: System has reset without management
command
5 Jan 01 00:01:00 IN system: CPU utilization is over 80 and keep 5
second, driver count = 0.
6 Jan 01 00:01:00 IN system: CPU utilization is over 80 and keep 5
second, driver count = 0.
7 Jan 01 00:01:00 IN system: CPU utilization is over 80 and keep 5
second, driver count = 0.
8 Jan 01 00:00:55 IN authentication: CLI user admin login
9 Jan 01 00:01:19 NO system: System cold start
10 Jan 01 00:01:19 AL system: System has reset without management
command
11 Jan 01 00:01:00 IN system: CPU utilization is over 80 and keep 5
second, driver count = 0.
12 Jan 01 00:01:00 IN system: CPU utilization is over 80 and keep 5
second, driver count = 0.
13 Jan 01 00:01:00 IN system: CPU utilization is over 80 and keep 5
second, driver count = 0.
14 Jan 01 00:46:09 DE interface: Port 43 link down
15 Jan 01 00:45:31 DE interface: Port 48 link down
16 Jan 01 00:45:26 DE interface: Port 36 link down
17 Jan 01 00:45:25 DE interface: Port 26 link down
18 Jan 01 00:45:21 DE interface: Port 43 link up
19 Jan 01 00:45:21 DE interface: Port 36 link up
-- more --, next page: Space, continue: c, quit: ESC

Ethernet Switch CLI Reference Guide

310
C H A P T E R 87
TFTP Commands
Use these commands to back up and restore configuration and firmware via TFTP.

87.1 Command Summary

The following section lists the commands for this feature.

Table 204 tftp Command Summary

COMMAND DESCRIPTION M P
copy tftp flash <ip> <remote- Restores firmware via TFTP. E 13
file>
copy tftp config <index> <ip> Restores configuration with the specified filename from the E 13
<remote-file> specified TFTP server to the specified configuration file on
the Switch.

index: 1 or 2

Use reload config <1|2> to restart the Switch and use

the restored configuration.

Note: This overwrites the configuration on the Switch

with the file from the TFTP server.
copy tftp config merge <index> Merges configuration with the specified filename from the E 13
<ip> <remote-file> specified TFTP server with the specified configuration file on
the Switch.

index: 1 or 2

Use reload config <1|2> to restart the Switch and use

the restored configuration.

Note: This joins the configuration on the Switch with

the one on the TFTP server, keeping the
original configuration file and simply adding
those parts that are different.
copy running-config tftp <ip> Backs up running configuration to the specified TFTP server E 13
<remote-file> with the specified file name.

Ethernet Switch CLI Reference Guide

311
C H A P T E R 88
Time Range Commands

88.1 About Time Range

You can set a time range for time-oriented features such as Classifier ACL (Access Control List) rule
which categorizes data packets into different network traffic flows. The advantage of the time range
feature is that it allows you to schedule the active time of configurations. Time range can be configured
in two ways - Absolute and Periodic. Absolute is a fixed time range with a start and end time. Periodic
is recurrence of a time range and doesn’t have an end time.

88.2 Command Summary

The following section lists the commands for this feature.

Table 205 time-range Command Summary

COMMAND DESCRIPTION M P
show time-range <name> Displays details on the named rule. C 3

time-range <name> [ absolute Creates an absolute time-range rule that has a set start E 13
start <hh:mm> <1-31> <jan-dec> and end time and date (absolute). name is the name of
<1970-2037> end <hh:mm> <1-31> the time-range rule.
<jan-dec> <1970-2037>
time-range <name> [ periodic <[ Creates a periodic time-range rule that recurs at the E 13
<monday|tuesday|wednesday|thurs specified time and day (periodic). name is the name of
day|friday|saturday|sunday><hh: the time-range rule.
mm> to
monday|tuesday|wednesday|thursd
ay|friday|saturday|sunday>
<hh:mm>][<[monday][tuesday][wed
nesday][thursday][friday][satur
day][sunday]|daily|weekdays|wee
kend> <hh:mm> to <hh:mm>]
no time-range <name> Removes the specified time-range rule. C 13

Ethernet Switch CLI Reference Guide

312
Chapter 88 Time Range Commands

88.3 Command Examples

The following are some examples of using the time-range commands.

sysname#
sysname# configure terminal
sysname(config)# time-range work absolute start 08:00 1 jan 2015 end
17:30 31 dec 2015
sysname(config)#exit
sysname# show time-range work
Time range work:
Absolute start 08:00 1 January 2015 end 17:30 31 December 2015

sysname(config)# time-range work2 periodic monday 08:00 to friday 17:30

monday 08:00 to friday 17:30
sysname(config)# exit
sysname# show time-range work2
Time range work2:
Periodic Monday 08:00 to Friday 17:30
sysname#

Ethernet Switch CLI Reference Guide

313
C H A P T E R 89
Traceroute Commands

89.1 Traceroute Overview

Traceroute is a tool to display the path a packet takes between two endpoints.

89.2 Command Summary

The following section lists the commands for this feature.

Table 206 traceroute Command Summary

COMMAND DESCRIPTION M P
traceroute <ip|host-name> [vlan Displays the path a packet takes to the specified Ethernet E 0
<vlan-id>] [ttl <1-255>] [wait device with an IPv4 address.
<1-60>] [queries <1-10>] vlan <vlan-id>: Specifies the VLAN ID to which the
Ethernet device belongs.

ttl <1-255>: Specifies the Time To Live (TTL) period. This is

to set the maximum number of the hops (routers) a packet
can travel through.

wait <1-60>: Specifies the time period to wait for a

response to a probe before running another traceroute.

queries <1-10>: Specifies how many times the Switch

performs the traceroute function.
traceroute help Provides more information about the specified command. E 0

traceroute6 <ipv6-addr|host- Displays the route a packet takes to the specified Ethernet E 0
name> <[ttl <1-255>] [wait <1- device with an IPv6 address.
60>] [queries <1-10> ]> vlan <vlan-id>: Specifies the VLAN ID to which the
Ethernet device belongs.

ttl <1-255>: Specifies the Time To Live (TTL) period. This is

to set the maximum number of the hops (routers) a packet
can travel through.

wait <1-60>: Specifies the time period to wait for a

response to a probe before running another traceroute.

queries <1-10>: Specifies how many times the Switch

performs the traceroute function.
traceroute6 help Provides more information about the specified command. E 0

Ethernet Switch CLI Reference Guide

314
C H A P T E R 90
Trunk Commands
Use these commands to logically aggregate physical links to form one logical, higher-bandwidth link.
The Switch adheres to the IEEE 802.3ad standard for static and dynamic (Link Aggregate Control
Protocol, LACP) port trunking.

Note: Different models support different numbers of trunks (T1, T2, ...). This chapter uses a
model that supports six trunks (from T1 to T6).

90.1 Command Summary

The following section lists the commands for this feature.

Table 207 trunk Command Summary

COMMAND DESCRIPTION M P
show trunk Displays link aggregation information. E 3

trunk <T1|T2|T3|T4|T5|T6> Activates a trunk group. C 13

no trunk <T1|T2|T3|T4|T5|T6> Disables the specified trunk group. C 13

trunk <T1|T2|T3|T4|T5|T6> Sets the traffic distribution type used for the specified trunk C 13
criteria <src-mac|dst-mac|src- group.
dst-mac|src-ip|dst-ip|src-dst-
ip>
no trunk <T1|T2|T3|T4|T5|T6> Returns the traffic distribution type used for the specified C 13
criteria trunk group to the default (src-dst-mac).

trunk <T1|T2|T3|T4|T5|T6> Adds a port(s) to the specified trunk group. C 13

interface <port-list>
no trunk <T1|T2|T3|T4|T5|T6> Removes ports from the specified trunk group. C 13
interface <port-list>
trunk <T1|T2|T3|T4|T5|T6> lacp Enables LACP for a trunk group. C 13

no trunk <T1|T2|T3|T4|T5|T6> Disables LACP in the specified trunk group. C 13

lacp
trunk interface <port-list> Defines LACP timeout period (in seconds) for the specified C 13
timeout <lacp-timeout> port(s).

lacp-timeout: 1 or 30

Table 208 lacp Command Summary

COMMAND DESCRIPTION M P
show lacp Displays LACP (Link Aggregation Control Protocol) settings. E 3

lacp Enables Link Aggregation Control Protocol (LACP). C 13

Ethernet Switch CLI Reference Guide

315
Chapter 90 Trunk Commands

Table 208 lacp Command Summary (continued)

COMMAND DESCRIPTION M P
no lacp Disables the link aggregation control protocol (dynamic C 13
trunking) on the Switch.
lacp system-priority <1-65535> Sets the priority of an active port using LACP. C 13

90.2 Command Examples

This example activates trunk 1 and places ports 5-8 in the trunk using static link aggregation.

sysname(config)# trunk t1
sysname(config)# trunk t1 interface 5-8

This example disables trunk one (T1) and removes ports 1, 3, 4, and 5 from trunk two (T2).

sysname(config)# no trunk T1
sysname(config)# no trunk T2 interface 1,3-5

This example looks at the current trunks.

sysname# show trunk

Group ID 1: inactive
Status: -
Member number: 0
Group ID 2: inactive
Status: -
Member number: 0
Group ID 3: inactive
Status: -
Member number: 0

The following table describes the labels in this screen.

Table 209 show trunk

LABEL DESCRIPTION
Group ID This field displays the trunk ID number and the current status.

inactive: This trunk is disabled.

active: This trunk is enabled.

Status This field displays how the ports were added to the trunk.

-: The trunk is disabled.

Static: The ports are static members of the trunk.

LACP: The ports joined the trunk via LACP.

Member Number This field shows the number of ports in the trunk.
Member This field is displayed if there are ports in the trunk.

This field displays the member port(s) in the trunk.

Ethernet Switch CLI Reference Guide

316
Chapter 90 Trunk Commands

This example shows the current LACP settings.

sysname# show lacp

AGGREGATOR INFO:
ID: 1
[(0000,00-00-00-00-00-00,0000,00,0000)][(0000,00-00-00-00-00-00
-->,0000,00,0000)]
LINKS :
SYNCS :

ID: 2
[(0000,00-00-00-00-00-00,0000,00,0000)][(0000,00-00-00-00-00-00
-->,0000,00,0000)]
LINKS :
SYNCS :

ID: 3
[(0000,00-00-00-00-00-00,0000,00,0000)][(0000,00-00-00-00-00-00
--> ,0000,00,0000)]
LINKS :
SYNCS :

The following table describes the labels in this screen.

Table 210 show lacp

LABEL DESCRIPTION
ID This field displays the trunk ID to identify a trunk group, that is, one logical link
containing multiple ports.
[(0000,00-00-00-00-00- This field displays the system priority, MAC address, key, port priority, and port number.
00,0000,00,0000)]
LINKS In some switches this displays the ports whose link state are up.

In other switches this displays the ports which belong to this trunk group.
SYNCS These are the ports that are currently transmitting data as one logical link in this trunk
group.

Ethernet Switch CLI Reference Guide

317
C H A P T E R 91
trTCM Commands
This chapter explains how to use commands to configure the Two Rate Three Color Marker (trTCM)
feature on the Switch.

91.1 trTCM Overview

Two Rate Three Color Marker (trTCM, defined in RFC 2698) is a type of traffic policing that identifies
packets by comparing them to two user-defined rates: the Committed Information Rate (CIR) and the
Peak Information Rate (PIR). trTCM then tags the packets:

• red - if the packet exceeds the PIR

• yellow - if the packet is below the PIR, but exceeds the CIR
• green - if the packet is below the CIR

The colors reflect the packet’s loss priority and the Switch changes the packet’s DiffServ Code Point
(DSCP) value based on the color.

91.2 Command Summary

The following section lists the commands for this feature.

Table 211 trtcm Command Summary

COMMAND DESCRIPTION M P
trtcm Enables trTCM on the Switch. C 13

trtcm mode <color-aware|color-blind> Sets the mode for trTCM on the Switch. C 13

no trtcm Disables trTCM feature on the Switch. C 13

no trtcm dscp profile <name> Removes the specified DSCP profile. C 13

trtcm dscp profile <name> dscp green <0- Configures a DSCP profile to specify the DSCP C 13
63> yellow <0-63> red <0-63> values that you want to assign to packets
based on the color they are marked via trTCM
show interfaces config <port-list> trtcm Displays DSCP profile settings on the specified E 3
dscp profile port(s).

show trtcm dscp profile Displays all DSCP profiles settings on the E 3
Switch.
interface port-channel <port-list> Enters subcommand mode for configuring the C 13
specified ports.
trtcm Enables trTCM on the specified port(s). C 13

no trtcm Disables trTCM on the port(s). C 13

Ethernet Switch CLI Reference Guide

318
Chapter 91 trTCM Commands

Table 211 trtcm Command Summary (continued)

COMMAND DESCRIPTION M P
trtcm cir <rate> Sets the Commit Information Rate on the C 13
port(s).
trtcm pir <rate> Sets the Peak Information Rate on the port(s). C 13

trtcm dscp green <0-63> Specifies the DSCP value to use for packets C 13
with low packet loss priority.
trtcm dscp yellow <0-63> Specifies the DSCP value to use for packets C 13
with medium packet loss priority.
trtcm dscp red <0-63> Specifies the DSCP value to use for packets C 13
with high packet loss priority.
trtcm dscp profile <name> Specifies the DSCP profile that you want to C 13
apply to packets on the port(s).
no trtcm dscp profile Sets the Switch to apply the default DSCP C 13
profile to packets on the port(s).

91.3 Command Examples

This example activates trTCM on the Switch with the following settings:

• Sets the Switch to inspect the DSCP value of packets (color-aware mode).
• Enables trTCM on ports 1-5.
• Sets the Committed Information Rate (CIR) to 4000 Kbps.
• Sets the Peak Information Rate (PIR) to 4500 Kbps.
• Specifies DSCP value 7 for green packets, 22 for yellow packets and 44 for red packets.
sysname(config)# trtcm
sysname(config)# trtcm mode color-aware
sysname(config)# interface port-channel 1-5
sysname(config-interface)# trtcm
sysname(config-interface)# trtcm cir 4000
sysname(config-interface)# trtcm pir 4500
sysname(config-interface)# trtcm dscp green 7
sysname(config-interface)# trtcm dscp yellow 22
sysname(config-interface)# trtcm dscp red 44
sysname(config-interface)# exit
sysname(config)# exit
sysname# show running-config interface port-channel 1 trtcm
Building configuration...

Current configuration:
interface port-channel 1
trtcm
trtcm cir 4000
trtcm pir 4500
trtcm dscp green 7
trtcm dscp yellow 22
trtcm dscp red 44
exit

Ethernet Switch CLI Reference Guide

319
Chapter 91 trTCM Commands

This examples activates trTCM on the Switch with the following settings:

• Enable trTCM on the Switch

• Enable Diffserv on the Switch
• Set the Switch to inspect the DSCP value of packets (color-aware mode)
• Create a trTCM DSCP profile with the name “abc”, and set DSCP value 1 for green packets, 2 for
yellow packets, 3 for red packets
• Associate the profile “abc” with port 1
• Enable trTCM on port 1
• Enable Diffserv on port 1
• Set the Committed Information Rate (CIR) to 4000 Kpbs
• Set the Peak Information Rate (PIR) to 4500 Kbps
• Display the settings of this example
sysname# config
sysname(config)# trtcm
sysname(config)# diffserv
sysname(config)# trtcm mode color-aware
sysname(config)# trtcm dscp profile abc dscp green 1 yellow 2 red 3
sysname(config)# interface port-channel 1
sysname(config-interface)# trtcm
sysname(config-interface)# diffserv
sysname(config-interface)# trtcm dscp profile abc
sysname(config-interface)# trtcm cir 4000
sysname(config-interface)# trtcm pir 4500
sysname(config-interface)# exit
sysname(config)# exit
sysname # show running-config
Building configuration...

Current configuration:

vlan 1
name 1
normal ""
fixed 1-28
forbidden ""
untagged 1-28
ip address default-management 192.168.1.1 255.255.255.0
exit
trtcm
trtcm mode color-aware
trtcm dscp profile abc dscp green 1 yellow 2 red 3
interface port-channel 1
diffserv
trtcm
trtcm cir 4000
trtcm pir 4500
trtcm dscp profile abc
exit
diffserv
sysname #

Ethernet Switch CLI Reference Guide

320
C H A P T E R 92
VLAN Commands
Use these commands to configure IEEE 802.1Q VLAN.

Note: See Chapter 93 on page 327 for VLAN IP commands.

92.1 VLAN Overview

A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical
networks. Devices on a logical network belong to one group. A device can belong to more than one
group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same
group(s); the traffic must first go through a router.

Note: VLAN is unidirectional; it only governs outgoing traffic.

92.2 VLAN Configuration Overview

1 Use the vlan <vlan-id> command to configure or create a VLAN on the Switch. The Switch
automatically enters config-vlan mode. Use the exit command when you are finished configuring the
VLAN.

2 Use the interface port-channel <port-list> command to set the VLAN settings on a port. The
Switch automatically enters config-interface mode. Use the pvid <vlan-id> command to set the
VLAN ID you created for the port-list in the PVID table. Use the exit command when you are finished
configuring the ports.

sysname (config)# vlan 2000

sysname (config-vlan)# name up1
sysname (config-vlan)# fixed 5-8
sysname (config-vlan)# no untagged 5-8
sysname (config-vlan)# exit
sysname (config)# interface port-channel 5-8
sysname (config-interface)# pvid 2000
sysname (config-interface)# exit

Note: See Chapter 36 on page 132 for interface port-channel commands.

Ethernet Switch CLI Reference Guide

321
Chapter 92 VLAN Commands

92.3 Command Summary

The following section lists the commands for this feature.

Table 212 vlan Command Summary

COMMAND DESCRIPTION M P
show vlan Displays the status of all VLANs. E 3

show vlan <vlan-id> Displays the status of the specified VLAN. E 3

show vlan <vlan-id> counters Displays concurrent incoming packet statistics of the E 3
specified VLAN and refreshes every 10 seconds until you
press the [ESC] button.
show vlan <vlan-id> interface Displays concurrent incoming packet statistics of the E 3
port-channel <port-num> counters specified port in the specified VLAN and refreshes every 10
seconds until you press the [ESC] button.
vlan-type <802.1q|port-based> Specifies the VLAN type. C 13

vlan <vlan-id> Enters config-vlan mode for the specified VLAN. Creates C 13
the VLAN, if necessary.
fixed <port-list> Specifies the port(s) to be a permanent member of this C 13
VLAN group.
no fixed <port-list> Sets fixed port(s) to normal port(s). C 13

forbidden <port-list> Specifies the port(s) you want to prohibit from joining this C 13
VLAN group.
no forbidden <port-list> Sets forbidden port(s) to normal port(s). C 13

inactive Disables the specified VLAN. C 13

no inactive Enables the specified VLAN. C 13

name <name> Specifies a name for identification purposes. C 13

name: 1-64 English keyboard characters

normal <port-list> Specifies the port(s) to dynamically join this VLAN group C 13
using GVRP
untagged <port-list> Specifies the port(s) you don’t want to tag all outgoing C 13
frames transmitted with this VLAN Group ID.
no untagged <port-list> Specifies the port(s) you want to tag all outgoing frames C 13
transmitted with this VLAN Group ID.
no vlan <vlan-id> Deletes a VLAN. C 13

The following section lists the commands for the ingress checking feature.

Note: VLAN ingress checking implementation differs across Switch models.

• Some models enable or disable VLAN ingress checking on all the ports via the vlan1q ingress-
check command.

Ethernet Switch CLI Reference Guide

322
Chapter 92 VLAN Commands

• Other models enable or disable VLAN ingress checking on each port individually via the ingress-
check command in the config-interface mode.
Table 213 vlan1q ingress-check Command Summary
COMMAND DESCRIPTION M P
show vlan1q ingress-check Displays ingress check settings on the Switch. E 3

vlan1q ingress-check Enables ingress checking on the Switch. The Switch C 13

discards incoming frames on a port for VLANs that do not
include this port in its member set.
no vlan1q ingress-check Disables ingress checking on the Switch. C 13

Table 214 ingress-check Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port-list> Enters config-interface mode for the specified port(s). C 13

ingress-check Enables ingress checking on the specified ports. The C 13

Switch discards incoming frames for VLANs that do not
include this port in its member set.
no ingress-check Disables ingress checking on the specified ports. C 13

92.4 Command Examples

This example configures ports 1 to 5 as fixed and untagged ports in VLAN 2000.

sysname (config)# vlan 2000

sysname (config-vlan)# fixed 1-5
sysname (config-vlan)# untagged 1-5

This example deletes entry 2 in the static VLAN table.

sysname (config)# no vlan 2

This example shows the VLAN table.

sysname# show vlan

The Number of VLAN: 3
Idx. VID Status Elap-Time TagCtl
---- ---- -------- ------------ ------------------------
1 1 Static 0:12:13 Untagged :1-2
Tagged :

2 100 Static 0:00:17 Untagged :

Tagged :1-4

3 200 Static 0:00:07 Untagged :1-2

Tagged :3-8

Ethernet Switch CLI Reference Guide

323
Chapter 92 VLAN Commands

The following table describes the labels in this screen.

Table 215 show vlan

Dynamic: The VLAN was added via GVRP.

Static: The VLAN was added as a permanent entry

Untagged: These ports do not tag outgoing frames with the VLAN ID.

Tagged: These ports tag outgoing frames with the VLAN ID.

This example enables ingress checking on ports 1-5.

sysname (config)# interface port-channel 1-5

sysname (config-vlan)# ingress-check

Ethernet Switch CLI Reference Guide

324
Chapter 92 VLAN Commands

This example displays concurrent incoming packet statistics for VLAN 1.

MGS-3712# show vlan 1 counters

-------- Press ESC to finish -------
System up time: 0:59:02
Vlan Info Vlan Id. :1
Packet KBs/s :0.0
Packets :2
Multicast :0
Broadcast :2
Tagged :0
Distribution 64 :2
65 to 127 :0
128 to 255 :0
256 to 511 :0
512 to 1023 :0
1024 to 1518 :0
Giant :0

-------- Press ESC to finish -------

System up time: 0:59:12
Vlan Info Vlan Id. :1
Packet KBs/s :0.384
Packets :10
Multicast :0
Broadcast :10
Tagged :0
Distribution 64 :10
65 to 127 :0
128 to 255 :0
256 to 511 :0
512 to 1023 :0
1024 to 1518 :0
Giant :0

The following table describes the labels in this screen.

Table 216 show vlan counters

LABEL DESCRIPTION
System up time This field shows the total amount of time the connection has been up.
VLAN Info This field displays the VLAN ID you are viewing.
Packet
KBs/s This field shows the number kilobytes per second flowing through this VLAN.
Packets This field shows the number of good packets (unicast, multicast and broadcast) flowing
through this VLAN.
Multicast This field shows the number of good multicast packets flowing through this VLAN.
Broadcast This field shows the number of good broadcast packets flowing through this VLAN.
Tagged This field shows the number of VLAN-tagged packets flowing through this VLAN.
Distribution
64 This field shows the number of packets (including bad packets) received that were 64
octets in length.
65-127 This field shows the number of packets (including bad packets) received that were
between 65 and 127 octets in length.

Ethernet Switch CLI Reference Guide

325
Chapter 92 VLAN Commands

Table 216 show vlan counters (continued)

LABEL DESCRIPTION
128-255 This field shows the number of packets (including bad packets) received that were
between 128 and 255 octets in length.
256-511 This field shows the number of packets (including bad packets) received that were
between 256 and 511 octets in length.
512-1023 This field shows the number of packets (including bad packets) received that were
between 512 and 1023 octets in length.
1024-1518 This field shows the number of packets (including bad packets) received that were
between 1024 and 1518 octets in length.
Giant This field shows the number of packets (including bad packets) received that were
between 1519 octets and the maximum frame size.

The maximum frame size varies depending on your switch model. See Product
Specification chapter in your User's Guide.

Ethernet Switch CLI Reference Guide

326
C H A P T E R 93
VLAN IP Commands
Use these commands to configure the default gateway device and add IP domains for VLAN.

93.1 IP Interfaces Overview

The Switch needs an IP address for it to be managed over the network. The factory default IP address is
192.168.1.1. The subnet mask specifies the network number portion of an IP address. The factory default
subnet mask is 255.255.255.0.

93.2 Command Summary

The following section lists the commands for this feature.

Table 217 vlan ip address Command Summary

COMMAND DESCRIPTION M P
show vlan <vlan-id> Displays the status of the specified VLAN. E 3

vlan <1-4094> Enters config-vlan mode for the specified VLAN. Creates C 13
the VLAN, if necessary.
ip address default- Configures the Switch to get the in-band management IP C 13
management dhcp-bootp address from a DHCP server.

no ip address default- Configures the Switch to use the static in-band C 13

management dhcp-bootp management IP address. The Switch uses the default IP
address of 192.168.1.1 if you do not configure a static IP
address.
ip address default-management Enables DHCP option 60. When you enable DHCP option C 13
dhcp-bootp option-60 60, make sure you set up a Vendor Class Identifier.
no ip address default- Disables DHCP option 60. C 13
management dhcp-bootp option-
60
ip address default-management Defines a Vendor Class Identifier for DHCP option 60. C 13
dhcp-bootp option-60 class-id
<class-id>
no ip address default- Reset the Vendor Class Identifier for DHCP option 60 to C 13
management dhcp-bootp option- default settings.
60 class-id
ip address default- Sets and enables the in-band management IP address C 13
management <ip-address> and subnet mask.
<mask>
ip address default- Releases the in-band management IP address provided C 13
management dhcp-bootp by a DHCP server.
release

Ethernet Switch CLI Reference Guide

327
Chapter 93 VLAN IP Commands

Table 217 vlan ip address Command Summary (continued)

COMMAND DESCRIPTION M P
ip address default- Updates the in-band management IP address provided by C 13
management dhcp-bootp renew a DHCP server.

ip address <ip-address> Sets the IP address and subnet mask of the Switch in the C 13
<mask> specified VLAN.

ip address <ip-address> Sets the IP address and subnet mask of the Switch in the C 13
<mask> manageable specified VLAN. Some switch models require that you
execute this command to ensure that remote
management via HTTP, Telnet or SNMP is activated.
no ip address <ip-address> Deletes the IP address and subnet mask from this VLAN. C 13
<mask>
ip address default-gateway Sets a default gateway IP address for this VLAN. C 13
<ip-address>
no ip address default- Deletes the default gateway from this VLAN. C 13
gateway

93.3 Command Examples

See Section 3.4 on page 19 for an example of how to configure a VLAN management IP address

Ethernet Switch CLI Reference Guide

328
C H A P T E R 94
VLAN Mapping Commands
Use these commands to configure VLAN mapping on the Switch. With VLAN mapping enabled, the
Switch can map the VLAN ID and priority level of packets received from a private network to those used
in the service provider’s network. The Switch discards the tagged packets that do not match an entry in
the VLAN mapping table.

Note: You can not enable VLAN mapping and VLAN stacking at the same time.

94.1 Command Summary

The following section lists the commands for this feature.

Table 218 vlan mapping Command Summary

COMMAND DESCRIPTION M P
no vlan-mapping Disables VLAN mapping on the Switch. C 13

no vlan-mapping interface port- Removes the specified VLAN mapping rule. C 13

channel <port> vlan <1-4094>
no vlan-mapping interface port- Enables the specified VLAN mapping rule. C 13
channel <port> vlan <1-4094>
inactive
vlan-mapping Enables VLAN mapping on the Switch. C 13

vlan-mapping name <name> Creates a VLAN mapping rule. C 13

interface port-channel <port>
vlan <1-4094> translated-vlan
<1-4094> priority <0-7>
vlan-mapping name <name> Disables the specified VLAN mapping rule. C 13
interface port-channel <port>
vlan <1-4094> translated-vlan
<1-4094> priority <0-7> inactive
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
vlan-mapping Enables VLAN mapping on the port(s). C 13

no vlan-mapping Disables VLAN mapping on the port(s). C 13

Ethernet Switch CLI Reference Guide

329
Chapter 94 VLAN Mapping Commands

94.2 Command Examples

This example enables VLAN mapping on the Switch and creates a VLAN mapping rule to translate the
VLAN ID from 123 to 234 in the packets received on port 4.

sysname# configure
sysname(config)# vlan-mapping
sysname(config)# vlan-mapping name test interface port-channel 4 vlan 123
translated-vlan 234 priority 3
sysname(config)#

This example enables VLAN mapping on port 4.

sysname# configure
sysname(config)# interface port-channel 4
sysname(config-interface)# vlan-mapping
sysname(config-interface)# exit
sysname(config)#

Ethernet Switch CLI Reference Guide

330
C H A P T E R 95
VLAN Port Isolation
Commands
Use these commands to configure VLAN port isolation on the Switch. VLAN port isolation allows each
port to communicate only with the CPU management port and the uplink ports, but not to
communicate with each other.

95.1 Command Summary

The following section lists the commands for this feature.

Table 219 vlan1q port-isolation Command Summary

COMMAND DESCRIPTION M P
show vlan1q port-isolation Displays port isolation settings. E 3

vlan1q port-isolation Enables VLAN port isolation. C 13

no vlan1q port-isolation Disables VLAN port isolation. C 13

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
no vlan1q port-isolation Enables VLAN port isolation on the port(s). C 13

vlan1q port-isolation Disables VLAN port isolation on the port(s). C 13

Ethernet Switch CLI Reference Guide

331
C H A P T E R 96
VLAN Stacking Commands
Use these commands to add an outer VLAN tag to the inner IEEE 802.1Q tagged frames that enter your
network.

96.1 Command Summary

The following section lists the commands for this feature.

Table 220 vlan-stacking Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
vlan-stacking priority <0-7> Sets the priority of the specified port(s) in port-based VLAN C 13
stacking.
vlan-stacking role Sets the VLAN stacking port roles of the specified port(s). C 13
<normal|access|tunnel>
normal: The Switch ignores frames received (or
transmitted) on this port with VLAN stacking tags.

access: the Switch adds the SP TPID tag to all incoming

frames received on this port.

tunnel: (available for Gigabit and faster ports only) for

egress ports at the edge of the service provider's network.

Note: In order to support VLAN stacking on a port,

the port must be able to allow frames of 1526
Bytes (1522 Bytes + 4 Bytes for the second tag)
to pass through it.
vlan-stacking SPVID <1-4094> Sets the service provider VID of the specified port(s). C 13

vlan-stacking tunnel-tpid Sets a four-digit hexadecimal number from C 13

<tpid>
0000 to FFFF that the Switch adds in the outer VLAN tag of
the outgoing frames sent on the tunnel port(s).
no vlan-stacking Disables VLAN stacking on the Switch. C 13

no vlan-stacking selective-qinq Removes the specified selective VLAN stacking rule. C 13

interface port-channel <port>
cvid <vlan-id>
no vlan-stacking selective-qinq Enables the specified selective VLAN stacking rule. C 13
interface port-channel <port>
cvid <vlan-id> inactive
show vlan-stacking Displays VLAN stacking settings. E 3

vlan-stacking Enables VLAN stacking on the Switch. C 13

Ethernet Switch CLI Reference Guide

332
Chapter 96 VLAN Stacking Commands

Table 220 vlan-stacking Command Summary (continued)

COMMAND DESCRIPTION M P
vlan-stacking <sptpid> Sets the SP TPID (Service Provider Tag Protocol Identifier). C 13

SP TPID is a standard Ethernet type code identifying the

frame and indicating whether the frame carries IEEE
802.1Q tag information. Enter a four-digit hexadecimal
number from 0000 to FFFF.
vlan-stacking selective-qinq Creates a selective VLAN stacking rule. C 13
name <name> interface port-
cvid: 1 - 4094. This is the VLAN tag carried in the packets
channel <port> cvid <cvid> spvid from the subscribers.
<spvid> priority <0-7>
spvid: 1 - 4094: This is the service provider’s VLAN ID (the
outer VLAN tag).
vlan-stacking selective-qinq Disables the specified selective VLAN stacking rule. C 13
name <name> interface port-
channel <port> cvid <cvid> spvid
<spvid> priority <0-7> inactive

96.2 Command Examples

In the following example figure, both A and B are Service Provider’s Network (SPN) customers with VPN
tunnels between their head offices and branch offices respectively. Both have an identical VLAN tag for
their VLAN group. The service provider can separate these two VLANs within its network by adding tag
37 to distinguish customer A and tag 48 to distinguish customer B at edge device x and then stripping
those tags at edge device y as the data frames leave the network.

Figure 11 Example: VLAN Stacking

VLAN 24 VLAN 24

Customer A Customer A
SPN
x A: 37, 24 y

B: 48, 24

VLAN 24 VLAN 24

Customer B Customer B

Ethernet Switch CLI Reference Guide

333
Chapter 96 VLAN Stacking Commands

This example shows how to configure ports 1 and 2 on the Switch to tag incoming frames with the
service provider’s VID of 37 (ports are connected to customer A network). This example also shows how
to set the priority for ports 1 and 2 to 3.

sysname(config)# vlan-stacking
sysname(config)# interface port-channel 1-2
sysname(config-interface)# vlan-stacking role access
sysname(config-interface)# vlan-stacking spvid 37
sysname(config-interface)# vlan-stacking priority 3
sysname(config-interface)# exit
sysname(config)# exit
sysname# show vlan-stacking
Switch Vlan Stacking Configuration
Operation: active
STPID: 0x8100

Port Role SPVID Priority

01 access 37 3
02 access 37 3
03 access 1 0
04 access 1 0
05 access 1 0
06 access 1 0
07 access 1 0
08 access 1 0
....

Ethernet Switch CLI Reference Guide

334
C H A P T E R 97
VLAN Trunking Commands
Use these commands to decide what the Switch should do with frames that belong to unknown VLAN
groups.

97.1 Command Summary

The following section lists the commands for this feature.

Table 221 vlan-trunking Command Summary

COMMAND DESCRIPTION M P
interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
vlan-trunking Enables VLAN trunking on ports connected to other C 13
switches or routers (but not ports directly connected to
end users). This allows frames belonging to unknown VLAN
groups to go out via the VLAN-trunking port.
no vlan-trunking Disables VLAN trunking on the port(s). C 13

Ethernet Switch CLI Reference Guide

335
C H A P T E R 98
Voice VLAN Commands
Use these commands to set up Voice VLAN on the Switch.

98.1 Voice VLAN Overview

Voice VLAN ensures that the sound quality of an IP phone is preserved from deteriorating when the data
traffic on the Switch ports is high. It groups the voice traffic with defined priority into an assigned VLAN
which enables the separation of voice and data traffic coming onto the Switch port.

You can set priority level to the Voice VLAN and add MAC address of IP phones from specific
manufacturers by using its ID from the Organizationally Unique Identifiers (OUI).

See below commands and examples to set up the Voice VLAN.

98.2 Command Summary

The following section lists the commands for this feature.

Table 222 Voice VLAN Command Summary

COMMAND DESCRIPTION M P
voice-vlan <vlan-id> Sets the Voice VLAN ID. C 13

voice-vlan priority <0-7> Sets the Voice VLAN priority level. C 13

voice-vlan oui <mac-addr> mask Sets the Voice VLAN device’s OUI address, mask address C 13
<mask-addr> description and device manufacturer description.
<description>
no voice-vlan Disables Voice VLAN configuration. C 13

no voice-vlan oui <mac-addr> Removes the OUI from the Voice VLAN. C 13
mask <mask-addr>
show voice-vlan Show Voice VLAN status. E 3

Ethernet Switch CLI Reference Guide

336
Chapter 98 Voice VLAN Commands

98.3 Command Example

This example configures Voice VLAN to port number 5, priority level number 6 and displays Voice VLAN
session.

sysname# configure
sysname(config)# voice-vlan 5
sysname(config)# voice-vlan priority 6
sysname(config)# exit
sysname# show voice-vlan
Voice VLAN : enable
VLAN ID : 5
Priority : 6
Port Mode Tagging VLAN Membership
1 normal tagged no
2 normal tagged no
3 normal tagged no
4 normal tagged no
5 normal tagged no
6 normal tagged no
7 normal tagged no
8 normal tagged no
9 normal tagged no
10 normal tagged no
11 fixed tagged yes
12 fixed tagged yes
13 fixed tagged yes
14 fixed tagged yes
15 fixed tagged yes
16 fixed tagged yes
17 fixed tagged yes
18 fixed tagged yes
19 fixed tagged yes
20 fixed tagged yes
21 forbidden tagged no
22 forbidden tagged no
23 forbidden tagged no
24 forbidden tagged no
25 forbidden tagged no
26 forbidden tagged no
27 forbidden tagged no
28 forbidden tagged no

Ethernet Switch CLI Reference Guide

337
Chapter 98 Voice VLAN Commands

This example sets the VLAN ports for Voice VLAN as seen in the above example. Normal port is 5 to 10,
Fixed port is 11 to 20 and forbidden port is 21 to 28. Port numbers can be higher if the Switch model has
48 ports.

sysname# configure
sysname(config)# vlan 5
sysname(config-vlan)# normal 5-10
sysname(config-vlan)# fixed 11-20
sysname(config-vlan)# forbidden 21-28
sysname(config-vlan)# exit
sysname# show voice-vlan
Voice VLAN : enable
VLAN ID : 5
Priority : 6
Port Mode Tagging VLAN Membership
1 normal tagged no
2 normal tagged no
3 normal tagged no
4 normal tagged no
5 normal tagged no
6 normal tagged no
7 normal tagged no
8 normal tagged no
9 normal tagged no
10 normal tagged no
11 fixed tagged yes
12 fixed tagged yes
13 fixed tagged yes
14 fixed tagged yes
15 fixed tagged yes
16 fixed tagged yes
17 fixed tagged yes
18 fixed tagged yes
19 fixed tagged yes
20 fixed tagged yes
21 forbidden tagged no
22 forbidden tagged no
23 forbidden tagged no
24 forbidden tagged no
25 forbidden tagged no
26 forbidden tagged no
27 forbidden tagged no
28 forbidden tagged no

Ethernet Switch CLI Reference Guide

338
C H A P T E R 99
VRRP Commands
This chapter explains how to use commands to configure the Virtual Router Redundancy Protocol
(VRRP) on the Switch.

99.1 VRRP Overview

VRRP is a protocol that allows you to configure redundant router connections. The protocol reduces
downtime in case of a single link failure. Multiple routers are connected and one is elected as the
master router. If the master router fails, then one of the backup routers takes over the routing function
within a routing domain.

99.2 Command Summary

The following section lists the commands for this feature.

Table 223 VRRP Command Summary

COMMAND DESCRIPTION M P
router vrrp network <ip-address>/<mask- Adds a new VRRP network and enters the C 13
bits> vr-id <1~7> uplink-gateway <ip- VRRP configuration mode.
address>
name <name> Sets a descriptive name of the VRRP setting C 13
for identification purposes.
priority <1~254> Sets the priority of the uplink-gateway. C 13

interval <1~255> Sets the time interval (in seconds) between C 13

Hello message transmissions.
primary-virtual-ip <ip-address> Sets the primary VRRP virtual gateway IP C 13
address.
no primary-virtual-ip <ip-address> Resets the primary VRRP virtual gateway IP C 13
address.
secondary-virtual-ip <ip-address> Sets the secondary VRRP virtual gateway IP C 13
address.
no secondary-virtual-ip Sets the network to use the default C 13
secondary virtual gateway (0.0.0.0).
no primary-virtual-ip Resets the network to use the default C 13
primary virtual gateway (interface IP
address).
inactive Disables the VRRP settings. C 13

no inactive Activates this VRRP. C 13

no preempt Disables VRRP preemption mode. C 13

Ethernet Switch CLI Reference Guide

339
Chapter 99 VRRP Commands

Table 223 VRRP Command Summary (continued)

COMMAND DESCRIPTION M P
preempt Enables preemption mode. C 13

exit Exits from the VRRP command mode. C 13

no router vrrp network <ip-address>/<mask- Deletes VRRP settings. C 13

bits> vr-id <1~7>
interface route-domain <ip-address>/<mask- Sets the VRRP authentication key. C 13
bits> ip vrrp authentication-key <key>
key: Up to 8 alphanumeric characters.
interface route-domain <ip-address>/<mask- Resets the VRRP authentication key. C 13
bits> no ip vrrp authentication-key
show router vrrp Displays VRRP settings. C 13

99.3 Command Examples

The following figure shows a VRRP network example with the switches (A and B) implementing one
virtual router VR1 to ensure the link between the host X and the uplink gateway G. Host X is configured
to use VR1 (192.168.1.254) as the default gateway. Switch A has a higher priority, so it is the master
router. Switch B, having a lower priority, is the backup router.

Figure 12 Example: VRRP

10.10.1.252
Priority = 200
PVID = 100 A

X 172.16.1.1
PVID = 200
VRID = 1
Ethernet

Default Gateway 172.16.1.200

10.10.1.254
VR1
10.10.1.254

B
PVID = 200
172.16.1.10

10.10.1.253
Priority = 100
PVID = 100

Ethernet Switch CLI Reference Guide

340
Chapter 99 VRRP Commands

This example shows how to create the IP routing domains and configure the Switch to act as router A in
the topology shown in Figure 12 on page 340.

sysname# config
sysname(config)# vlan 100
sysname(config-vlan)# fixed 1-4
sysname(config-vlan)# untagged 1-4
sysname(config-vlan)# ip address 10.10.1.252 255.255.255.0
sysname(config-vlan)# exit
sysname(config) interface port-channel 1-4
sysname(config-interface)# pvid 100
sysname(config-interface)# exit
sysname(config)# vlan 200
sysname(config-vlan)# fixed 24-28
sysname(config-vlan)# untagged 24-28
sysname(config-vlan)# ip address 172.16.1.1 255.255.255.0
sysname(config-vlan)# exit
sysname(config)# interface port-channel 24-28
sysname(config-interface)# pvid 200
sysname(config-interface)# exit
sysname(config)# router vrrp network 10.10.1.252/24 vr-id 1 uplink-gateway
172.16.1.200
sysname(config-vrrp)# name VRRP-networkA
sysname(config-vrrp)# priority 200
sysname(config-vrrp)# interval 2
sysname(config-vrrp)# primary-virtual-ip 10.10.1.254
sysname(config-vrrp)# exit
sysname(config)#

This example shows how to create the IP routing domains and configure the Switch to act as router B in
the topology shown in Figure 12 on page 340.

sysname# config
sysname(config)# vlan 100
sysname(config-vlan)# fixed 1-4
sysname(config-vlan)# untagged 1-4
sysname(config-vlan)# ip address 10.10.1.253 255.255.255.0
sysname(config-vlan)# exit
sysname(config) interface port-channel 1-4
sysname(config-interface)# pvid 100
sysname(config-interface)# exit
sysname(config)# vlan 200
sysname(config-vlan)# fixed 24-28
sysname(config-vlan)# untagged 24-28
sysname(config-vlan)# ip address 172.16.1.10 255.255.255.0
sysname(config-vlan)# exit
sysname(config)# interface port-channel 24-28
sysname(config-interface)# pvid 200
sysname(config-interface)# exit
sysname(config)# router vrrp network 10.10.1.253/24 vr-id 1 uplink-gateway
172.16.1.200
sysname(config-vrrp)# name VRRP-networkB
sysname(config-vrrp)# interval 2
sysname(config-vrrp)# primary-virtual-ip 10.10.1.254
sysname(config-vrrp)# exit
sysname(config)#

Ethernet Switch CLI Reference Guide

341
C H A P T E R 100
ZULD Commands
Use these commands to configure ZULD on the Switch.

100.1 ZULD Overview

A unidirectional link is a connection where the link is up on both ends, but only one end can receive
packets. This may happen if OAM was initially enabled but then disabled, there are misconfigured
transmitting or receiving lines or the hardware is malfunctioning. Zyxel Unidirectional Link Detection
(ZULD) is a layer-2 protocol that can detect and disable these physical one-way links before they cause
loops or communication malfunction.

ZULD must be enabled on the Switch and the port(s) in order to detect unidirectional links by monitoring
OAMPDUs.

Note: Ports advertise their unidirectional link detection capability using OAMPDUs, so all
connected devices must support OAM as well as ZULD.

Note: OAM must be enabled on other connected devices too. If OAM is not enabled initially,
ZULD will not work.

100.2 Command Summary

The following section lists the commands for this feature.

Table 224 zuld Command Summary

COMMAND DESCRIPTION M P
zuld Enables ZULD on the Switch. C 13

no zuld Disables ZULD on the Switch. C 13

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
zuld Enables ZULD on the specified port(s). C 13

no zuld Disables ZULD on the specified port(s). C 13

zuld mode Configures the ZULD mode. C 13

<normal|aggressive>
normal: ZULD only sends a syslog and trap when it detects
a unidirectional link.

aggressive: ZULD shuts down the port (puts it into an

ErrDisable state) as well as sends a syslog and trap when it
detects a unidirectional link.

Ethernet Switch CLI Reference Guide

342
Chapter 100 ZULD Commands

Table 224 zuld Command Summary (continued)

COMMAND DESCRIPTION M P
zuld probe-time <5-65535> Sets the length of time that ZULD waits before declaring C 13
that a link is unidirectional. When the probe time expires,
and one port (either on the Switch or the connected
device) still has not received an OAMPDU, then ZULD
declares that the link is unidirectional.
show zuld [<port-list>] Displays ZULD details and link state for all ports or the E 3
specified port(s).
show zuld summary Displays ZULD details of each port in a summary table. E 3

100.3 Command Example

This example enables Ethernet OAM on the Switch and ports 1-3 first, then enables ZULD on the Switch
and ports 1-3. It also sets a ZULD mode and displays the configuration details.

sysname# configure
sysname(config)# ethernet oam
sysname(config)# interface port-channel 1-3
sysname(config-interface)# ethernet oam
sysname(config-interface)# exit
sysname(config)# zuld
sysname(config)# interface port-channel 1-3
sysname(config-interface)# zuld
sysname(config-interface)# zuld mode aggressive
sysname(config-interface)# exit
sysname(config)# exit
sysname# show zuld 1-3
Port 1
Active : Yes
Mode : Aggressive
Probe Time : -
Link State : Linkdown
Port 2
Active : Yes
Mode : Aggressive
Probe Time : -
Link State : Linkdown
Port 3
Active : Yes
Mode : Aggressive
Probe Time : -
Link State : Linkdown
sysname#

Ethernet Switch CLI Reference Guide

343
C H A P T E R 101
Additional Commands
Use these commands to configure or perform additional features on the Switch.

101.1 Command Summary

The following section lists the commands for this feature.

Table 225 Command Summary: Changing Modes or Privileges

COMMAND DESCRIPTION M P
enable Changes the session’s privilege level to 14 and puts the session E 0
in enable mode (if necessary). The user has to provide the
enable password. See Section 2.1.3.1 on page 14.
enable <0-14> Raises the session’s privilege level to the specified level and E 0
puts the session in enable mode if the specified level is 13 or 14.
The user has to provide the password for the specified privilege
level. See Section 2.1.3.2 on page 14.
disable Changes the session’s priority level to 0 and changes the mode E 13
to user mode. See Section 2.1.3.3 on page 15.
configure Changes the mode to config mode. E 13

interface port-channel <port- Enters config-interface mode for the specified port(s). C 13
list>
mvr <1-4094> Enters config-mvr mode for the specified MVR (multicast VLAN C 13
registration). Creates the MVR, if necessary.
vlan <1-4094> Enters config-vlan mode for the specified VLAN. Creates the C 13
VLAN, if necessary.
exit Returns to the previous mode. C 13

logout Logs out of the CLI. E 0

Table 226 Command Summary: Additional Enable Mode

COMMAND DESCRIPTION M P
baudrate <1|2|3|4|5> Changes the console port speed. E 13

1: 38400 bps

2: 19200 bps

3: 9600 bps

4: 57600 bps

5: 115200 bps
boot config <index> Restarts the Switch (cold reboot) with the specified E 13
configuration file.

Ethernet Switch CLI Reference Guide

344
Chapter 101 Additional Commands

Table 226 Command Summary: Additional Enable Mode (continued)

COMMAND DESCRIPTION M P
boot image <1|2> The Switch supports dual firmware images, ras-0 and ras-1. Run E 13
this command, where <index> is 1 (ras-0) or 2 (ras-1) to specify
which image is updated when firmware is loaded using the
web configurator and to specify which image is loaded when
the Switch starts up.
cable-diagnostics <port- Performs a physical wire-pair test of the Ethernet connections E 13
list> on the specified port(s).

ping <ip|host-name> [vlan Sends Ping packets to the specified Ethernet device. E 0
<vlan-id>] [size <0-1472>] [-
vlan-id: Specifies the VLAN ID to which the Ethernet device
t] belongs.

size <0-1472>: Specifies the size of the Ping packet.

-t: Sends Ping packets to the Ethernet device indefinitely. Press

[CTRL]+C to terminate the Ping process.
ping help Provides more information about the specified command. E 0

reload config [1|2] Restarts the system (warm reboot) with the specified E 13
configuration file.

1: config-1

2: config-2
reset slot <slot-list> Restarts the card in the selected slot. The card restarts using the E 13
last-saved configuration. Any unsaved changes are lost.
show al1arm-status Displays alarm status. E 0

show cpu-utilization Displays the CPU utilization statistics on the Switch. E 0

show cpu-utilization process Displays the CPU and memory usage of each process. E 0

show except-smac Displays whether the Switch is to drop the packets with an all- E 13
zero source MAC address (00:00:00:00:00:00).
show hardware-monitor <C|F> This command is not available in all models. E 0

Displays current hardware monitor information with the

specified temperature unit (Celsius C or Fahrenheit F).
show interfaces status Displays the summary status of interfaces for all ports on the E 3
Switch.
show interfaces transceiver Displays real-time SFP (Small Form Factor Pluggable) transceiver E 3
<port-list> information and operating parameters on specified SFP port(s).
The parameters include, for example, module temperature,
module voltage, transmitting and receiving power.
show memory Displays the memory utilization statistics on the Switch. E 3

show power-source-status Displays the status of each power module in the system. E 0

show rootguard Displays STP mode and root guard information. E 3

show sfp <port-list> Displays real-time SFP (Small Form Factor Pluggable) transceiver E 3
operating parameters on specified SFP port(s). The parameters
include, for example, module temperature, module voltage,
transmitting and receiving power.
show slot Displays general status information about each slot. E 13

show slot config Displays what type of card is installed in each slot and its E 13
current operational status.
show slot config <slot-list> Displays detailed information about the specified slots. E 13

show system-information Displays general system information. E 0

Ethernet Switch CLI Reference Guide

345
Chapter 101 Additional Commands

Table 226 Command Summary: Additional Enable Mode (continued)

COMMAND DESCRIPTION M P
show version [flash] Display the version of the currently running firmware on the E 0
Switch. Optionally, display the version of the currently installed
firmware on the flash memory.
telnet ipv4_address Connects to a specified host using Telnet. E 13

test interface port-channel Performs an internal loopback test on the specified ports. The E 13
<port-list> test returns Passed! or Failed!.

write memory [<index>] Saves current configuration in volatile memory to the E 13

configuration file the Switch is currently using or the specified
configuration file.

Table 227 Command Summary: Additional Configure Mode

COMMAND DESCRIPTION M P
bcp-transparency Enables Bridge Control Protocol (BCP) transparency on the C 13
Switch.
default-management <in- Sets which traffic flow (in-band or out-of-band) the Switch C 13
band|out-of-band> sends packets originating from itself (such as SNMP traps) or
packets with unknown source.
except-smac zero-smac-drop Sets the Switch to filter and drop the packets with an all-zero C 13
source MAC address (00:00:00:00:00:00).
hostname <name> Sets the Switch’s name for identification purposes. C 13

name: 1-64 printable characters; spaces are allowed if you put

the string in double quotation marks (“).
install help Displays command help information. C 13

install slot <slot-list> Changes what type of card is in the slot without restarting the C 13
type <card-type> system.

locator-led Turns on the LOCATOR LED on the Switch. By default, the LED C 13
blinks and automatically turns off after 30 minutes.

This helps to locate the Switch that you are managing when
multiple switches are installed in a rack or placed in the same
room.
locator-led <1-1440> Changes how long (in minutes) the LOCATOR LED blinks for. C 13

mode zynos Changes the CLI mode to the ZyNOS format. C 13

no except-smac zero-smac- Sets the Switch to allow and forward the packets with an all- C 13
drop zero source MAC address (00:00:00:00:00:00).

no install slot <slot> Uninstalls the card in the slot. C 13

no locator-led Stops the LOCATOR LED from blinking immediately. C 13

no shutdown slot <slot-list> Turns on the power to the slot. C 13

shutdown slot <slot-list> Turns off the power to the slot. C 13

transceiver-ddm timer <1 - Sets the duration of the digital diagnostic monitoring (DDM) C 13
4294967> timer.

This defines how often (in milliseconds) the Switch sends the
digital diagnostic monitoring (DDM) information via the
installed transceiver(s).

Ethernet Switch CLI Reference Guide

346
Chapter 101 Additional Commands

101.2 Command Examples

This example checks the cable pairs on ports 1 and 4.

sysname# cable-diagnostics 1
Port Channel Pair status Cable length (m) Distance to fault (m)
---- ------- ----------- ---------------- ---------------------
1 pairA Open N/A 0.00
pairB Open N/A 0.00
pairC Open N/A 0.00
pairD Open N/A 0.00
sysname# cable-diagnostics 4
Port Channel Pair status Cable length (m) Distance to fault (m)
---- ------- ----------- ---------------- ---------------------
4 pairA Ok 5.55 N/A
pairB Ok 5.55 N/A
pairC Ok 5.55 N/A
pairD Ok 5.55 N/A

The following table describes the labels in this screen.

Table 228 Cable-diagnostics

LABEL DESCRIPTION
Port This is the number of the physical Ethernet port on the Switch.
Channel An Ethernet cable usually has four pairs of wires. A 10BASE-T or 100BASE-TX port only use
and test two pairs, while a 1000BASE-T port requires all four pairs.

This displays the descriptive name of the wire-pair in the cable.

Pair status Ok: The physical connection between the wire-pair is okay.

Open: There is no physical connection (an open circuit detected) between the wire-
pair.

Short: There is an short circuit detected between the wire-pair.

Unknown: The Switch failed to run cable diagnostics on the cable connected this port.

Unsupported: The port is a fiber port or it is not active.

Cable length This displays the total length of the Ethernet cable that is connected to the port when
the Pair status is Ok and the Switch chipset supports this feature.

This shows N/A if the Pair status is Open or Short. Check the Distance to fault.

This shows Unsupported if the Switch chipset does not support to show the cable
length.
Distance to fault This displays the distance between the port and the location where the cable is open
or shorted.

This shows N/A if the Pair status is Ok.

This shows Unsupported if the Switch chipset does not support to show the distance.

Ethernet Switch CLI Reference Guide

347
Chapter 101 Additional Commands

This example sends Ping requests to an Ethernet device with IP address 172.16.37.254.

sysname# ping 172.16.37.254

Resolving 172.16.37.254... 172.16.37.254
sent rcvd rate rtt avg mdev max min reply from
1 1 100 0 0 0 0 0 172.16.37.254
2 2 100 0 0 0 0 0 172.16.37.254
3 3 100 10 1 3 10 0 172.16.37.254

The following table describes the labels in this screen.

Table 229 ping

LABEL DESCRIPTION
sent This field displays the sequence number of the ICMP request the Switch sent.
rcvd This field displays the sequence number of the ICMP response the Switch received.
rate This field displays the percentage of ICMP responses for ICMP requests.
rtt This field displays the round trip time of the ping.
avg This field displays the average round trip time to ping the specified IP address.
mdev This field displays the standard deviation in the round trip time to ping the specified IP
address.
max This field displays the maximum round trip time to ping the specified IP address.
min This field displays the minimum round trip time to ping the specified IP address.
reply from This field displays the IP address from which the Switch received the ICMP response.

This example shows the current status of the various alarms in the Switch.

sysname# show alarm-status

name status suppressAlarm alarmLED
----------------- ------ ------------- --------
VOLTAGE Normal No Off
TEMPERATURE Normal No Off
FAN Normal No Off
POE OVER LOAD Normal No Off
POE SHORT CIRCUIT Normal No Off
POE POWERBOX Normal Yes Off

The following table describes the labels in this screen.

Table 230 show alarm-status

LABEL DESCRIPTION
name This field displays the name or type of the alarm.
status This field displays the status of the alarm.

Normal: The alarm is off.

Error: The alarm is on.

suppressAlarm This field displays whether or not the alarm is inactive.
alarmLED This field displays whether or not the LED for this alarm is on.

Ethernet Switch CLI Reference Guide

348
Chapter 101 Additional Commands

This example shows the current and recent CPU utilization.

sysname# show cpu-utilization

CPU usage status:
baseline 1715384 ticks
sec ticks util sec ticks util sec ticks util sec ticks util
--- ------- ------ --- ------- ------ --- ------- ------ --- -------
0 657543 61.67 1 255118 85.13 2 394329 77.01 3 620008 63.85
4 195580 88.60 5 791000 53.89 6 137625 91.98 7 508456 70.36
--------------------------------- SNIP ---------------------------------

The following table describes the labels in this screen.

Table 231 show cpu-utilization

LABEL DESCRIPTION
baseline This field displays the number of CPU clock cycles per second.
sec This field displays the historical interval.

Interval 0 is the time starting one second ago to the current instant.

Interval 1 is the time starting two seconds ago to one second ago.

Interval 2 is the time starting three seconds ago to two seconds ago.
ticks This field displays the number of CPU clock cycles the CPU was not used during the
interval.
util This field displays the CPU utilization during the interval.

util = [(baseline - ticks) / baseline] * 100

Ethernet Switch CLI Reference Guide

349
Chapter 101 Additional Commands

This example looks at the current sensor readings from various places in the hardware.The display for
your Switch may be different.

sysname# show hardware-monitor C

Customer Part
PSU Serial Number Number & Revision Manufacturing Fan Air Flow
---- ------------- ----------------- ------------ -------------
PSU1 DIYD11M00CN 20110124 front-to-back
PSU2 DIYD11M00DV 20110125 front-to-back

Temperature Unit : (C)

Temperature(%c) Current Max Min Threshold Status
--------------- ------- ----- ----- --------- ------
CPU 45.0 45.0 33.0 80.0 Normal
MAC 47.0 47.0 32.0 90.0 Normal
PHY1 45.0 45.0 31.0 90.0 Normal
PHY2 45.0 45.0 32.0 90.0 Normal

FAN Speed(RPM) Current Max Min Threshold Status

-------------- ------- ----- ---- --------- ------
FAN1 9360 15960 9360 500 Normal
FAN2 9360 16320 9360 500 Normal
FAN3 9360 15720 9360 500 Normal
FAN4 9480 15240 9360 500 Normal

FAN TRAY Air Flow Status

---------- ------------- -------
FAN TRAY 1 front-to-back Present
FAN TRAY 2 front-to-back Present

Voltage(V) Current Max Min Threshold Status

---------- ------- ------ ------ --------- ------
12V_PSU1 11.737 11.918 11.737 +/-10% Normal
12V_PSU2 11.676 11.858 11.676 +/-10% Normal
sysname#

The following table describes the labels in this screen.

Table 232 show hardware-monitor

LABEL DESCRIPTION
Customer Part This displays information on the fan and power module kits installed in the Switch.
PSU The PSU (Power Supply Unit) is the power module number.
Serial Number This is a unique number that identifies the inserted power module.
Number & Revision This is the customer part number and revision.
Manufacturing This is the date (yyyy-mm-dd) the module was assembled.
Fan Air Flow This displays the power module fan air flow. All fan air flows within a Switch must be
consistent, that is either front-to-back or back-to-front.
Temperature Unit This field displays the unit of measure for temperatures in this screen.
Temperature This field displays the location of the temperature sensors.
Current This field displays the current temperature at this sensor.
Max This field displays the maximum temperature measured at this sensor.

Ethernet Switch CLI Reference Guide

350
Chapter 101 Additional Commands

Table 232 show hardware-monitor (continued)

LABEL DESCRIPTION
Min This field displays the minimum temperature measured at this sensor.
Threshold This field displays the upper temperature limit at this sensor.
Status Normal: The current temperature is below the threshold.

Error: The current temperature is above the threshold.

FAN Speed(RPM) This field displays the fans in the Switch. Each fan has a sensor that is capable of
detecting and reporting when the fan speed falls below the threshold.
Current This field displays the current speed of the fan at this sensor.
Max This field displays the maximum speed of the fan measured at this sensor.
Min This field displays the minimum speed of the fan measured at this sensor. It displays "<41"
for speeds too small to measure. (See the User’s Guide to find out what speeds are too
small to measure in your Switch.)
Threshold This field displays the minimum speed at which the fan should work.
Status Normal: This fan is running above the minimum speed.

Error: This fan is running below the minimum speed.

FAN TRAY This is the is the power module number
Air Flow This displays the fan module fan air flow. All fan air flows within a Switch must be
consistent, that is either front-to-back or back-to-front.
Status This displays whether the fan module is inserted (Present) or not (Absent).
Voltage(V) This field displays the various power supplies in the Switch. Each power supply has a
sensor that is capable of detecting and reporting when the voltage is outside
tolerance.
Current This field displays the current voltage at this power supply.
Max This field displays the maximum voltage measured at this power supply.
Min This field displays the minimum voltage measured at this power supply.
Threshold This field displays the percentage tolerance within which the Switch still works.
Status Normal: The current voltage is within tolerance.

Error: The current voltage is outside tolerance.

This example displays multicast VLAN configuration on the Switch.

sysname> show multicast vlan

Multicast Vlan Status

Index VID Type

----- ---- ----------
1 123 MVR

The following table describes the labels in this screen.

Table 233 show multicast vlan

LABEL DESCRIPTION
Index This field displays an entry number for the multicast VLAN.

Ethernet Switch CLI Reference Guide

351
Chapter 101 Additional Commands

Table 233 show multicast vlan (continued)

LABEL DESCRIPTION
VID This field displays the multicast VLAN ID.
Type This field displays what type of multicast VLAN this is.

MVR: This VLAN is a Multicast VLAN Registration (MVR).

Static: This VLAN is configured via IGMP snooping VLAN in fixed mode.

Dynamic: This VLAN is learned dynamically in auto mode.

See Chapter 34 on page 123 for more information about IGMP snooping VLAN and
IGMP modes.

This example shows the current status of Power over Ethernet.

sysname# show poe-status

Total Power (W) : 185.0
Consuming Power (W) : 0.0
Allocated Power (W) : 0.0
Remaining Power (W) : 185.0

The following table describes the labels in this screen.

Table 234 show poe-status

LABEL DESCRIPTION
Total Power This field displays the total power the Switch can provide to PoE-enabled devices.
Consuming Power This field displays the amount of power the Switch is currently supplying to the PoE-
enabled devices.
Allocated Power This field displays the total amount of power the Switch has reserved for PoE after
negotiating with the PoE device(s).

Note: If the management mode is set to Consumption, this field shows NA.
Remaining Power This field displays the amount of power the Switch can still provide for PoE.

Note: The Switch must have at least 16 W of remaining power in order to

supply power to a PoE device, even if the PoE device requested less
than 16 W.

This example looks at general system information about the Switch

The following table describes the labels in this screen.

Table 235 show system-information

LABEL DESCRIPTION
Product Model This field displays the model name.
System Name This field displays the system name (or hostname) of the Switch.
System Mode This field displays standalone or stacking mode
System Contact This field displays the name of the person in charge of this Switch. Use the snmp-server
command to configure this. See Chapter 77 on page 282.
System Location This field displays the geographic location of this Switch. Use the snmp-server
command to configure this. See Chapter 77 on page 282.
System up Time This field displays how long the switch has been running since it last started up.

Ethernet Switch CLI Reference Guide

352
Chapter 101 Additional Commands

Table 235 show system-information (continued)

LABEL DESCRIPTION
Ethernet Address This field displays the MAC address of the Switch.
Bootbase Version This field displays the bootbase version the Switch is running.
ZyNOS F/W Version This field displays the firmware version the Switch is running.
Config Boot Image This field displays whether the Switch is configured to run firmware 1 or 2 when it next
starts.
Current Boot Image This field displays whether the Switch is running firmware 1 or 2.
RomRasSize This field displays how much ROM is used.

This example displays run-time SFP (Small Form Factor Pluggable) parameters on ports 9 (the first SFP port
0, with an SFP transceiver installed) and 10 (the second SFP port 1, no SFP transceiver installed) on the
Switch. You can also see the alarm and warning thresholds for temperature, voltage, transmission bias,
transmission and receiving power as shown.

sysname# show sfp 9-10

SFP : 0
Part Number : SFP-SX-DDM
Series Number : S081113001132
Revision : V1.0
Transceiver : 1000BASE-SX
Temperature(C) Alarm(80.00 ~ 0.00), Warning(75.00 ~ 5.00), Current(38.00)
Voltage(V) Alarm(3.50 ~ 3.10), Warning(3.45 ~ 3.15), Current(3.37)
Tx Bias(mA) Alarm(100.05 ~ 1.00), Warning(90.04 ~ 2.00), Current(5.25)
Tx Power(dBm) Alarm(-2.99 ~ -8.98), Warning(-3.49 ~ -8.48), Current(-6.05)
Rx Power(dBm) Alarm(-2.99 ~ -18.01), Warning(-3.49 ~ -17.39), Current(-4.24)

SFP : 1
Not Available

Ethernet Switch CLI Reference Guide

353
Chapter 101 Additional Commands

This example displays run-time SFP (Small Form Factor Pluggable) parameters on port 21 on the Switch.
You can also see the alarm and warning thresholds for temperature, voltage, transmission bias,
transmission and receiving power as shown.

sysname# show interface transceiver 21

Transceiver Information

Port : 21 (SFP)
Vendor : ZyXEL
Part Number : SFP-LX-10-D
Series Number : S081133000074
Revision : V1.0
Date Code : 2008-08-11
Transceiver : 1000BASE-LX

++ : high alarm, + : high warn, - : low warn, -- : low alarm.

Current High Alarm High Warn Low Warn Low Alarm

Threshold Threshold Threshold Threshold
-------------- ----------- ------------ ----------- ----------- -----------
Temperature(C) ++ 38.00 -1.00 75.00 5.00 0.00
Voltage(V) 3.36 3.50 3.45 3.15 3.10
Tx Bias(mA) 14.53 100.05 90.04 7.00 6.00
Tx Power(dBm) -5.80 -2.99 -3.49 -8.96 -9.50
Rx Power(dBm) + -3.36 -2.99 -3.49 -20.50 -21.02
sysname#

This example displays the firmware version the Switch is currently using..

sysname# show version

Current ZyNOS version: V3.80(BBA.3)b1 | 04/17/2008

This example runs an internal loopback test on ports 3-6.

sysname# test interface port-channel 3-6

Testing internal loopback on port 3 :Passed!
Ethernet Port 3 Test ok.
Testing internal loopback on port 4 :Passed!
Ethernet Port 4 Test ok.
Testing internal loopback on port 5 :Passed!
Ethernet Port 5 Test ok.
Testing internal loopback on port 6 :Passed!
Ethernet Port 6 Test ok.

This example displays route information to an Ethernet device with IP address 192.168.1.100.

sysname> traceroute 192.168.1.100

traceroute to 192.168.1.100, 30 hops max, 40 byte packet
1:192.168.1.100 (10 ms) (10 ms) (0 ms)
traceroute done:
sysname>

Ethernet Switch CLI Reference Guide

354
P ART VI
Appendices and
Index of
Commands
Default Values (356)

Index of Commands (357)

355
APPENDIX A
Default Values
Some commands, particularly no commands, reset settings to their default values. The following table
identifies the default values for these settings.

Table 236 Default Values for Reset Commands

COMMAND DEFAULT VALUE
no aaa authentication enable Method 1: enable

Method 2: none

Method 3: none
no aaa authentication login Method 1: local

Method 2: none

Method 3: none
no aaa accounting update 0 minutes

no arp inspection filter-aging-time 300 seconds

no arp inspection log-buffer entries 32 messages

no arp inspection log-buffer logs 5 syslog messages

1 second
no radius-server <index> IP address: 0.0.0.0

Port number: 1812

Key: blank
no radius-accounting <index> IP address: 0.0.0.0

Port number: 1813

Key: blank

Ethernet Switch CLI Reference Guide

356
Index of Commands

Index of Commands

Use of undocumented commands or misconfiguration can damage the unit and

possibly render it unusable.

[ circuit-id [slot-port] [vlan] [hostname] [string <string>] ] [ remote-id [mac] [string <string>] ] ...............................83
8021p-priority <0-7> .................................................................................................................................................................219
aaa accounting commands <privilege> stop-only tacacs+ [broadcast] ....................................................................27
aaa accounting dot1x <start-stop|stop-only> <radius|tacacs+> [broadcast] ...............................................................28
aaa accounting exec <start-stop|stop-only> <radius|tacacs+> [broadcast] ................................................................28
aaa accounting system <radius|tacacs+> [broadcast] .....................................................................................................28
aaa accounting update periodic <1-2147483647> ..............................................................................................................27
aaa authentication enable <method1> [<method2> ...] .....................................................................................................27
aaa authentication login <method1> [<method2> ...] .........................................................................................................27
aaa authorization console .......................................................................................................................................................28
aaa authorization dot1x radius ................................................................................................................................................28
aaa authorization exec <radius|tacacs+> ...........................................................................................................................28
admin-password [cipher] <pw-string> ..............................................................................................................................230
admin-password <pw-string> <confirm-string> .........................................................................................................230
alarm-index ..............................................................................................................................................................................267
anti arpscan ...............................................................................................................................................................................30
anti arpscan host threshold <2-100> .......................................................................................................................................30
anti arpscan port threshold <2-255> .......................................................................................................................................30
anti arpscan trust .......................................................................................................................................................................31
anti arpscan trust host <ip-address> <mask> [ name <name> ] .......................................................................................30
area <area-id> ......................................................................................................................................................................224
area <area-id> authentication ...........................................................................................................................................224
area <area-id> authentication message-digest ..............................................................................................................224
area <area-id> default-cost <0-16777215> .......................................................................................................................224
area <area-id> name <name> ............................................................................................................................................224
area <area-id> nssa .............................................................................................................................................................224
area <area-id> nssa no-summary .......................................................................................................................................225
area <area-id> stub ..............................................................................................................................................................224
area <area-id> stub no-summary .......................................................................................................................................224
area <area-id> virtual-link <router-id> authentication-key <key> ............................................................................225
area <area-id> virtual-link <router-id> ...........................................................................................................................225
area <area-id> virtual-link <router-Id> authentication-same-as-area .........................................................................225
area <area-id> virtual-link <router-id> dead-interval <1-65535> ................................................................................225
area <area-id> virtual-link <router-id> hello-interval <1-65535> .................................................................................225
area <area-id> virtual-link <router-id> message-digest-key <keyid> md5 <key> ..................................................225
area <area-id> virtual-link <router-id> name <name> ..................................................................................................225
area <area-id> virtual-link <router-id> retransmit-interval <1-65535> ........................................................................225
area <area-id> virtual-link <router-id> transmit-delay <1-65535> ...............................................................................225
arp aging-time <60-1000000> ..................................................................................................................................................32
arp inspection ............................................................................................................................................................................34
arp inspection filter-aging-time <1-2147483647> ...................................................................................................................34
arp inspection filter-aging-time none .....................................................................................................................................34
arp inspection log-buffer entries <0-1024> .............................................................................................................................35
arp inspection log-buffer logs <0-1024> interval <0-86400> .................................................................................................35
arp inspection trust ....................................................................................................................................................................35
arp inspection vlan <vlan-list> ...........................................................................................................................................35
arp inspection vlan <vlan-list> logging [all|none|permit|deny] ................................................................................35
arp name <name> ip <ip-address> mac <mac-addr> vlan <vlan-id> interface port-channel <port-list> ........32
arp name <name> ip <ip-address> mac <mac-addr> vlan <vlan-id> interface port-channel <port-list> inactive
32

Ethernet Switch CLI Reference Guide

357
Index of Commands

arp-learning <arp-reply|gratuitous-arp|arp-request> .........................................................................................................39

auto-config ................................................................................................................................................................................40
auto-config dhcp ......................................................................................................................................................................40
bandwidth-control ....................................................................................................................................................................42
bandwidth-limit cir ....................................................................................................................................................................43
bandwidth-limit cir <rate> ......................................................................................................................................................43
bandwidth-limit egress ..............................................................................................................................................................43
bandwidth-limit egress <rate> ................................................................................................................................................43
bandwidth-limit ingress .............................................................................................................................................................43
bandwidth-limit ingress <rate> ...............................................................................................................................................43
bandwidth-limit pir ....................................................................................................................................................................43
bandwidth-limit pir <rate> ......................................................................................................................................................43
baudrate <1|2|3|4|5> .........................................................................................................................................................344
bcp-transparency ...................................................................................................................................................................346
bmstorm-limit ..............................................................................................................................................................................46
bmstorm-limit <rate> ...............................................................................................................................................................46
boot config <index> ..............................................................................................................................................................344
boot image <1|2> .................................................................................................................................................................345
bpdu-control <peer|tunnel|discard|network> .................................................................................................................132
bpduguard .................................................................................................................................................................................45
bpduguard .................................................................................................................................................................................45
broadcast-limit ...........................................................................................................................................................................47
broadcast-limit <pkt/s> ..........................................................................................................................................................47
cable-diagnostics <port-list> ...........................................................................................................................................345
cc-interval <100ms|1s|10s|1min|10min> .............................................................................................................................53
classifier <name> < [weight <0-65535> ][packet- format <802.3untag|802.3tag| EtherIIuntag|EtherIItag>] [priority <0-
7>] [ inner-priority <0-7> ] [vlan <vlan-id>] [ inner-vlan <vlan-id-list> ][ethernet-type <ether-
num|ip|ipx|arp|rarp|appletalk|decnet|IPv6>] [source-mac <src-mac-addr> [mask <mask>]] [source-
port <port-list>] [ source-trunk <trunk-list> ] [ destination-port <port-list> ] [destination-mac <dest-
mac-addr> [mask <mask>]] [ip-packet-length <0-65535> to <0-65525>] [dscp <0-63>] [precedence <0-7>]
[tos <0-255>] [ipv6-dscp <0-63>] [ip-protocol <protocol-num|tcp|udp|icmp|egp| ospf|rsvp|ig-
mp|igp|pim|ipsec> [establish-only]][ipv6-next-header <protocol-num|tcp|udp|icmpv6> [establish-on-
ly]][source-ip <src-ip-addr> [mask-bits <mask-bits>]] [ipv6-source-ip <src-ipv6-addr> [prefix-length
<prefix-length>] ] [source-socket <socket-num> [to <socket-num>] ]] [destination-ip <dest-ip-addr>
[mask-bits <mask-bits>]] [ipv6-destination-ip <dest-ipv6-addr> [prefix-length <prefix-length>] ] [desti-
nation-socket <socket-num> [to <socket-num>] ]] [time-range <name>] [log] [count] [inactive]> ..............59
classifier logging ........................................................................................................................................................................60
classifier logging interval <0-65535> ......................................................................................................................................60
classifier match-order <auto|manual> ..................................................................................................................................60
clear anti arpscan host .............................................................................................................................................................31
clear anti arpscan host interface port-channel <port-list> ...........................................................................................31
clear arp inspection filter ..........................................................................................................................................................34
clear arp inspection log ...........................................................................................................................................................35
clear arp inspection statistics ...................................................................................................................................................34
clear arp inspection statistics vlan <vlan-list> .................................................................................................................34
clear classifier match-count [<name>] ....................................................................................................................................58
clear cpu-protection interface port-channel <port-list> cause <ARP|BPDU|IGMP> ...............................................96
clear dhcp snooping database statistics ...............................................................................................................................89
clear ethernet cfm linktrace ....................................................................................................................................................51
clear ethernet cfm mep-ccmdb .............................................................................................................................................51
clear ethernet cfm mep-defects ............................................................................................................................................51
clear ethernet cfm mip-ccmdb ..............................................................................................................................................51
clear igmp-snooping statistics all ..........................................................................................................................................123
clear igmp-snooping statistics port .......................................................................................................................................123
clear igmp-snooping statistics system ...................................................................................................................................123
clear igmp-snooping statistics vlan .......................................................................................................................................123
clear interface <port-num> ..................................................................................................................................................132
clear ip arp .................................................................................................................................................................................32
clear ip arp interface port-channel <port-list> ...............................................................................................................32

Ethernet Switch CLI Reference Guide

358
Index of Commands

clear ip arp ip <ip-address> .................................................................................................................................................32

clear ipv6 mld snooping-proxy statistics all ..........................................................................................................................157
clear ipv6 mld snooping-proxy statistics port .......................................................................................................................157
clear ipv6 mld snooping-proxy statistics system ..................................................................................................................157
clear ipv6 mld snooping-proxy statistics vlan .......................................................................................................................158
clear ipv6 neighbor .................................................................................................................................................................163
clear ipv6 neighbor <interface-type> <interface-number> .....................................................................................163
clear ipv6 source binding [address <ipv6-address> | prefix <ipv6-address/prefix-length>] ...........................164
clear l2protocol-tunnel ...........................................................................................................................................................173
clear lldp remote_info ............................................................................................................................................................180
clear lldp remote_info interface port-channel <port-list> ..................................................................................................180
clear lldp statistic .....................................................................................................................................................................180
clear logging ............................................................................................................................................................................190
clear loopguard ......................................................................................................................................................................193
clear pppoe intermediate-agent statistics ..........................................................................................................................245
clear pppoe intermediate-agent statistics vlan <vlan-list> .........................................................................................245
clear priority-flow-control statistics interface port-channel <port-list> ........................................................................77
cluster <vlan-id> .....................................................................................................................................................................62
cluster member <mac> password <password> .....................................................................................................................62
cluster name <cluster name> ...............................................................................................................................................62
cluster rcommand <mac> .........................................................................................................................................................62
clv ................................................................................................................................................................................................66
configure ..................................................................................................................................................................................344
connected-port <port-list> ..............................................................................................................................................208
copy running-config custom-default ....................................................................................................................................275
copy running-config help .......................................................................................................................................................275
copy running-config interface port-channel <port> <port-list> [<attribute> [<...>]] .........................................275
copy running-config slot <slot> <slot-list> ..................................................................................................................275
copy running-config slot <slot> <slot-list> [bandwidth-limit ...] ...............................................................................275
copy running-config tftp <ip> <remote-file> .................................................................................................................311
copy tftp config <index> <ip> <remote-file> ...............................................................................................................311
copy tftp config merge <index> <ip> <remote-file> ...................................................................................................311
copy tftp flash <ip> <remote-file> ...................................................................................................................................311
cpu-protection cause <ARP|BPDU|IGMP> rate-limit <0-256> ............................................................................................96
custom-default ..........................................................................................................................................................................71
cx4-length <0.5|1|3|5|10|15> ............................................................................................................................................132
default-management <in-band|out-of-band> ..................................................................................................................346
destination monitor-port <port-num> <untagged|tagged> ..........................................................................................208
dhcp dhcp-vlan <vlan-id> ....................................................................................................................................................90
dhcp option profile <name> .....................................................................................................................................................83
dhcp relay <vlan-id> helper-address <remote-dhcp-server1> [<remote-dhcp-server2>] [<remote-dhcp-serv-
er3>] [option profile <name>] ....................................................................................................................................84
dhcp relay <vlan-id> helper-address <remote-dhcp-server1> [<remote-dhcp-server2>] [<remote-dhcp-serv-
er3>] [option] [information] ......................................................................................................................................83
dhcp relay <vlan-id> interface port-channel <port-list> option profile <name> .....................................................84
dhcp relay <vlan-id> source-address <ip-addr> .............................................................................................................84
dhcp relay-broadcast ..............................................................................................................................................................84
dhcp server <vlan-id> starting-address <ip-addr> <subnet-mask> size-of-client-ip-pool <1-253> ............................85
dhcp server <vlan-id> starting-address <ip-addr> <subnet-mask> size-of-client-ip-pool <1-253> [default-gateway
<ip-addr>] [primary-dns <ip-addr>] [secondary-dns <ip-addr>] ...................................................................85
dhcp smart-relay .......................................................................................................................................................................84
dhcp smart-relay helper-address <remote-dhcp-server1> [<remote-dhcp-server2>] [<remote-dhcp-server3>]
85
dhcp smart-relay information ..................................................................................................................................................85
dhcp smart-relay interface port-channel <port-list> option profile <name> ...............................................................85
dhcp smart-relay option ...........................................................................................................................................................85
dhcp smart-relay option profile <name> .................................................................................................................................85
dhcp snooping ..........................................................................................................................................................................88
dhcp snooping database <tftp://host/filename> .......................................................................................................88

Ethernet Switch CLI Reference Guide

359
Index of Commands

dhcp snooping database timeout <seconds> .....................................................................................................................88

dhcp snooping database write-delay <seconds> ...............................................................................................................88
dhcp snooping limit rate <pps> ..............................................................................................................................................89
dhcp snooping trust ..................................................................................................................................................................89
dhcp snooping vlan <vlan-list> .........................................................................................................................................89
dhcp snooping vlan <vlan-list> information ....................................................................................................................89
dhcp snooping vlan <vlan-list> interface port-channel <port-list> option profile <name> .................................89
dhcp snooping vlan <vlan-list> option .............................................................................................................................89
dhcp snooping vlan <vlan-list> option profile <name> ...................................................................................................89
diffserv .........................................................................................................................................................................................91
diffserv .........................................................................................................................................................................................91
diffserv dscp <0-63> priority <0-7> ...........................................................................................................................................91
disable ......................................................................................................................................................................................344
display aaa <[authentication][authorization][server]> ........................................................................................................92
display user <[system][snmp]> .................................................................................................................................................92
distance <10-255> ...................................................................................................................................................................226
distance <10-255> ...................................................................................................................................................................265
dlf-limit .........................................................................................................................................................................................47
dlf-limit <pkt/s> ........................................................................................................................................................................47
egress set <port-list> .........................................................................................................................................................243
enable ......................................................................................................................................................................................344
enable <0-14> ..........................................................................................................................................................................344
eo-conferencing|streaming-video|video-signaling> .......................................................................................................179
erase running-config ...............................................................................................................................................................275
erase running-config help ......................................................................................................................................................275
erase running-config interface port-channel <port-list> [<attribute> [<...>]] .......................................................275
errdisable detect cause <ARP|BPDU|IGMP> .......................................................................................................................96
errdisable detect cause <ARP|BPDU|IGMP> mode <inactive-port|inactive-reason|rate-limitation> ........................96
errdisable recovery ...................................................................................................................................................................96
errdisable recovery cause <loopguard|ARP|BPDU|IGMP> ...............................................................................................96
errdisable recovery cause <loopguard|ARP|BPDU|IGMP> interval <30-2592000> ........................................................96
ethernet cfm ..............................................................................................................................................................................51
ethernet cfm linktrace mac <mac-address> mep <mep-id> ma <ma-index> md <md-index> [mip-ccmdb][[ttl
<ttl>] ..........................................................................................................................................................................52
ethernet cfm linktrace remote-mep <mep-id> mep <mep-id> ma <ma-index> md <md-index> [mip-ccmdb][[ttl
<ttl>] ..........................................................................................................................................................................52
ethernet cfm loopback mac <mac-address> mep <mep-id> ma <ma-index> md <md-index> [size <0-1500>][count
<1-1024>] ......................................................................................................................................................................52
ethernet cfm loopback remote-mep <mep-id> mep <mep-id> ma <ma-index> md <md-index> [size <0-
1500>][count <1-1024>] .............................................................................................................................................52
ethernet cfm ma <ma-index> format <vid|string|integer> name <ma-name> md <md-index> primary-vlan <1-4094>
53
ethernet cfm management-address-domain ip [<ip-addr>] ............................................................................................54
ethernet cfm md <md-index> format <dns|mac|string> name <md-name> level <0-7> ...............................................54
ethernet cfm virtual-mac <mac-addr> ..................................................................................................................................54
ethernet oam ...........................................................................................................................................................................100
ethernet oam .............................................................................................................................................................................99
ethernet oam mode <active|passive> ...............................................................................................................................100
ethernet oam remote-loopback ignore-rx ...........................................................................................................................100
ethernet oam remote-loopback start <port> ......................................................................................................................99
ethernet oam remote-loopback stop <port> ....................................................................................................................100
ethernet oam remote-loopback supported ........................................................................................................................100
ethernet oam remote-loopback test <port> [<number-of-packets> [<packet-size>]] .........................................100
etherstats-index .......................................................................................................................................................................267
ets ................................................................................................................................................................................................79
ets traffic-class binding <tc-id0> <tc-id1> <tc-id2> <tc-id3> <tc-id4> <tc-id5> <tc-id6> <tc-
id7> .............................................................................................................................................................................79
event-index ..........................................................................................................................................................................267
except-smac zero-smac-drop ...............................................................................................................................................346

Ethernet Switch CLI Reference Guide

360
Index of Commands

exit .............................................................................................................................................................................................121
exit .............................................................................................................................................................................................139
exit .............................................................................................................................................................................................226
exit .............................................................................................................................................................................................265
exit .............................................................................................................................................................................................340
exit .............................................................................................................................................................................................344
exit ...............................................................................................................................................................................................53
exit ...............................................................................................................................................................................................93
external-alarm <index> name <name_string> .................................................................................................................104
fe-spq <q0|q1| ... |q7> .........................................................................................................................................................259
fixed <port-list> ..................................................................................................................................................................322
flow-control ..............................................................................................................................................................................132
forbidden <port-list> .........................................................................................................................................................322
frame-type <all|tagged|untagged> ..................................................................................................................................132
garp join <100-65535> leave <200-65535> leaveall <200-65535> ......................................................................................106
ge-spq <q0|q1| ... |q7> .......................................................................................................................................................258
green-ethernet auto-power-down .......................................................................................................................................108
green-ethernet auto-power-down .......................................................................................................................................109
green-ethernet eee ................................................................................................................................................................108
green-ethernet eee ................................................................................................................................................................109
green-ethernet short-reach ...................................................................................................................................................109
green-ethernet short-reach ...................................................................................................................................................109
group <name> start-address <ip> end-address <ip> .........................................................................................................219
gvrp ...........................................................................................................................................................................................112
help .............................................................................................................................................................................................11
history ..........................................................................................................................................................................................11
historycontrol-index ......................................................................................................................................................267
hostname <name> ...................................................................................................................................................................346
https cert-regeneration <rsa|dsa> .......................................................................................................................................115
hybrid-spq <q0|q1|...|q7> ...................................................................................................................................................258
hybrid-spq lowest-queue <q0|q1| ... |q7> .........................................................................................................................258
id-permission < none | chassis | management | chassis-management> ........................................................................53
igmp-filtering ............................................................................................................................................................................130
igmp-filtering profile <name> ..................................................................................................................................................130
igmp-filtering profile <name> start-address <ip> end-address <ip> .................................................................................130
igmp-flush .................................................................................................................................................................................123
igmp-group-limited .................................................................................................................................................................127
igmp-group-limited number <number> ................................................................................................................................128
igmp-immediate-leave ..........................................................................................................................................................128
igmp-querier-mode <auto|fixed|edge> ............................................................................................................................128
igmp-snooping ........................................................................................................................................................................123
igmp-snooping 8021p-priority <0-7> ......................................................................................................................................123
igmp-snooping authentication ..............................................................................................................................................126
igmp-snooping authentication-timeout <0-3000> ..............................................................................................................123
igmp-snooping fast-leave-timeout <200-6348800> .............................................................................................................126
igmp-snooping filtering ...........................................................................................................................................................123
igmp-snooping filtering profile <name> .................................................................................................................................126
igmp-snooping filtering profile <name> start-address <ip> end-address <ip> ...............................................................123
igmp-snooping group-limited ................................................................................................................................................127
igmp-snooping group-limited action <deny|replace> .....................................................................................................127
igmp-snooping group-limited number <number> ...............................................................................................................127
igmp-snooping host-timeout <1-16711450> .........................................................................................................................124
igmp-snooping leave-mode <normal|immediate|fast> ..................................................................................................127
igmp-snooping leave-proxy ...................................................................................................................................................124
igmp-snooping leave-timeout <1-16711450> ......................................................................................................................124
igmp-snooping leave-timeout <200-6348800> ....................................................................................................................127
igmp-snooping querier ...........................................................................................................................................................124
igmp-snooping querier-mode <auto|fixed|edge> ...........................................................................................................127
igmp-snooping report-proxy ..................................................................................................................................................124

Ethernet Switch CLI Reference Guide

361
Index of Commands

igmp-snooping reserved-multicast-frame <drop|flooding> .............................................................................................124

igmp-snooping unknown-multicast-frame <drop|flooding> ............................................................................................124
igmp-snooping vlan <vlan-id> [name <name>] ................................................................................................................126
igmp-snooping vlan mode <auto|fixed> ............................................................................................................................125
inactive .....................................................................................................................................................................................132
inactive .....................................................................................................................................................................................137
inactive .....................................................................................................................................................................................208
inactive .....................................................................................................................................................................................219
inactive .....................................................................................................................................................................................322
inactive .....................................................................................................................................................................................339
inactive .........................................................................................................................................................................................5
ingress-check ...........................................................................................................................................................................323
install help .................................................................................................................................................................................346
install slot <slot-list> type <card-type> ........................................................................................................................346
interface loopback <0-7> ......................................................................................................................................................137
interface port-channel <port-list> ..................................................................................................................................100
interface port-channel <port-list> ..................................................................................................................................109
interface port-channel <port-list> ..................................................................................................................................112
interface port-channel <port-list> ..................................................................................................................................122
interface port-channel <port-list> ..................................................................................................................................126
interface port-channel <port-list> ..................................................................................................................................130
interface port-channel <port-list> ..................................................................................................................................132
interface port-channel <port-list> ..................................................................................................................................156
interface port-channel <port-list> ..................................................................................................................................158
interface port-channel <port-list> ..................................................................................................................................173
interface port-channel <port-list> .........................................................................................................................................177
interface port-channel <port-list> ..................................................................................................................................193
interface port-channel <port-list> ..................................................................................................................................198
interface port-channel <port-list> ..................................................................................................................................204
interface port-channel <port-list> ..................................................................................................................................207
interface port-channel <port-list> ..................................................................................................................................243
interface port-channel <port-list> ..................................................................................................................................245
interface port-channel <port-list> ..................................................................................................................................253
interface port-channel <port-list> ..................................................................................................................................255
interface port-channel <port-list> ..................................................................................................................................258
interface port-channel <port-list> ..................................................................................................................................277
interface port-channel <port-list> ..................................................................................................................................283
interface port-channel <port-list> ....................................................................................................................................31
interface port-channel <port-list> ..................................................................................................................................318
interface port-channel <port-list> ..................................................................................................................................323
interface port-channel <port-list> ..................................................................................................................................329
interface port-channel <port-list> ..................................................................................................................................331
interface port-channel <port-list> ..................................................................................................................................332
interface port-channel <port-list> ..................................................................................................................................335
interface port-channel <port-list> ..................................................................................................................................342
interface port-channel <port-list> ..................................................................................................................................344
interface port-channel <port-list> ....................................................................................................................................35
interface port-channel <port-list> ....................................................................................................................................39
interface port-channel <port-list> ....................................................................................................................................43
interface port-channel <port-list> ....................................................................................................................................45
interface port-channel <port-list> ....................................................................................................................................46
interface port-channel <port-list> ...........................................................................................................................................54
interface port-channel <port-list> ....................................................................................................................................66
interface port-channel <port-list> ....................................................................................................................................67
interface port-channel <port-list> ....................................................................................................................................67
interface port-channel <port-list> ....................................................................................................................................67
interface port-channel <port-list> ....................................................................................................................................68
interface port-channel <port-list> ....................................................................................................................................76
interface port-channel <port-list> ....................................................................................................................................79

Ethernet Switch CLI Reference Guide

362
Index of Commands

interface port-channel <port-list> ....................................................................................................................................82

interface port-channel <port-list> ....................................................................................................................................89
interface port-channel <port-list> ....................................................................................................................................91
interface port-channel <port-list> ....................................................................................................................................96
interface route-domain <ip-address>/<mask-bits> .....................................................................................................121
interface route-domain <ip-address>/<mask-bits> .....................................................................................................139
interface route-domain <ip-address>/<mask-bits> .....................................................................................................223
interface route-domain <ip-address>/<mask-bits> .....................................................................................................266
interface route-domain <ip-address>/<mask-bits> .......................................................................................................93
interface route-domain <ip-address>/<mask-bits> ip vrrp authentication-key <key> ............................................340
interface route-domain <ip-address>/<mask-bits> no ip vrrp authentication-key ..................................................340
interface vlan <1-4094> ..........................................................................................................................................................154
interface vlan <1-4094> ..........................................................................................................................................................161
interface vlan <1-4094> ..........................................................................................................................................................164
interface-id ........................................................................................................................................................................267
interval <1~255> ......................................................................................................................................................................339
intrusion-lock ............................................................................................................................................................................132
ip address <ip> <mask> .........................................................................................................................................................140
ip address <ip-address> <mask> ........................................................................................................................................137
ip address <ip-address> <mask> ........................................................................................................................................328
ip address <ip-address> <mask> manageable ................................................................................................................328
ip address default-gateway <ip> .........................................................................................................................................140
ip address default-gateway <ip-address> .......................................................................................................................328
ip address default-management <ip-address> <mask> .................................................................................................327
ip address default-management dhcp-bootp ...................................................................................................................327
ip address default-management dhcp-bootp release ......................................................................................................327
ip address default-management dhcp-bootp renew .......................................................................................................328
ip dvmrp .....................................................................................................................................................................................94
ip igmp <v1|v2|v3> ...............................................................................................................................................................121
ip igmp last-member-query-interval <1-25> .........................................................................................................................122
ip igmp query-interval <1-65535> ..........................................................................................................................................122
ip igmp query-max-response-time <1-25> ............................................................................................................................122
ip igmp robustness-variable <2-255> ....................................................................................................................................122
ip load-sharing .........................................................................................................................................................................188
ip load-sharing <sip|sip-dip> .................................................................................................................................................188
ip load-sharing aging-time <0-86400> ..................................................................................................................................188
ip load-sharing discover-time <0-86400> ..............................................................................................................................188
ip load-sharing maximum-path .............................................................................................................................................189
ip name-server <ip|ipv6> ....................................................................................................................................................140
ip ospf authentication-key <key> .........................................................................................................................................223
ip ospf authentication-same-aa ...........................................................................................................................................223
ip ospf authentication-same-as-area ...................................................................................................................................223
ip ospf cost <1-65535> ............................................................................................................................................................224
ip ospf dead-interval <1-65535> ............................................................................................................................................224
ip ospf hello-interval <1-65535> .............................................................................................................................................224
ip ospf message-digest-key <key> ........................................................................................................................................224
ip ospf priority <0-255> ............................................................................................................................................................224
ip ospf retransmit-interval <1-65535> .....................................................................................................................................224
ip ospf transmit-delay <1-65535> ...........................................................................................................................................224
ip policy-route <name> ............................................................................................................................................................239
ip policy-route <name> inactive .............................................................................................................................................239
ip policy-route <name> sequence <number> <permit|deny> classifier <classifier> next-hop <ip-addr> ...........239
ip rip direction <Outgoing|Incoming|Both|None> version <v1|v2b|v2m> .................................................................266
ip route <ip> <mask> <next-hop-ip> [metric <metric>] [name <name>] [inactive] ..................................................300
ip source binding <mac-addr> vlan <vlan-id> <ip> [interface port-channel <interface-id>] .............................145
ip source binding arp-freeze ..................................................................................................................................................145
ip source binding arp-freeze interface port-channel <port-list> ................................................................................145
ip source binding arp-freeze vlan <vlan-list> ................................................................................................................145
ipmc egress-untag-vlan <vlan-id> .....................................................................................................................................122

Ethernet Switch CLI Reference Guide

363
Index of Commands

ipv6 ............................................................................................................................................................................................154
ipv6 address <ipv6-address>/<prefix> ...........................................................................................................................154
ipv6 address <ipv6-address>/<prefix> eui-64 ...............................................................................................................154
ipv6 address <ipv6-address>/<prefix> link-local ..........................................................................................................154
ipv6 address autoconfig .........................................................................................................................................................155
ipv6 address default-gateway <gateway-ipv6-address> ..............................................................................................155
ipv6 address dhcp client <ia-na> ..........................................................................................................................................155
ipv6 address dhcp client <ia-na> [rapid-commit] ..............................................................................................................155
ipv6 address dhcp client information refresh minimum <600-4294967295> .....................................................................155
ipv6 address dhcp client option <[dns][domain-list]> ........................................................................................................155
ipv6 dhcp relay vlan <1-4094> helper-address <remote-dhcp-server> .......................................................................156
ipv6 dhcp relay vlan <1-4094> option interface-id .............................................................................................................156
ipv6 dhcp relay vlan <1-4094> option remote-id <remote-id> ......................................................................................156
ipv6 dhcp trust .........................................................................................................................................................................156
ipv6 dhcp trust .........................................................................................................................................................................156
ipv6 hop-limit <1-255> .............................................................................................................................................................163
ipv6 icmp error-interval <0-2147483647> [bucket-size <1-200>] .........................................................................................157
ipv6 mld snooping-proxy ........................................................................................................................................................158
ipv6 mld snooping-proxy 8021p-priority <0-7> .....................................................................................................................158
ipv6 mld snooping-proxy filtering ...........................................................................................................................................158
ipv6 mld snooping-proxy filtering group-limited ..................................................................................................................158
ipv6 mld snooping-proxy filtering group-limited number <number> .................................................................................158
ipv6 mld snooping-proxy filtering profile <name> .................................................................................................................158
ipv6 mld snooping-proxy filtering profile <name> start-address <ip> end-address <ip> ...............................................158
ipv6 mld snooping-proxy vlan <vlan-id> ...........................................................................................................................158
ipv6 mld snooping-proxy vlan <vlan-id> downstream interface port-channel <port-list> ...................................158
ipv6 mld snooping-proxy vlan <vlan-id> downstream interface port-channel <port-list> fast-leave-timeout <2-
16775168> ..................................................................................................................................................................158
ipv6 mld snooping-proxy vlan <vlan-id> downstream interface port-channel <port-list> leave-timeout <2-
16775168> ..................................................................................................................................................................158
ipv6 mld snooping-proxy vlan <vlan-id> downstream interface port-channel <port-list> mode <immediate | nor-
mal | fast> .................................................................................................................................................................159
ipv6 mld snooping-proxy vlan <vlan-id> downstream query-interval <1000-31744000> .............................................159
ipv6 mld snooping-proxy vlan <vlan-id> downstream query-max-response-time <1000-25000> ..............................159
ipv6 mld snooping-proxy vlan <vlan-id> upstream interface port-channel <port-list> ........................................159
ipv6 mld snooping-proxy vlan <vlan-id> upstream last-listener-query-interval <1-8387584> ......................................159
ipv6 mld snooping-proxy vlan <vlan-id> upstream query-interval <1000-31744000> ..................................................159
ipv6 mld snooping-proxy vlan <vlan-id> upstream query-max-response-time <1000-25000> ....................................160
ipv6 mld snooping-proxy vlan <vlan-id> upstream robustness-variable <1-25> ..........................................................160
ipv6 nd dad-attempts <0-600> ..............................................................................................................................................161
ipv6 nd managed-config-flag ...............................................................................................................................................161
ipv6 nd ns-interval <1000-3600000> .......................................................................................................................................161
ipv6 nd other-config-flag .......................................................................................................................................................161
ipv6 nd prefix <ipv6-prefix>/<prefix-length> ............................................................................................................162
ipv6 nd prefix <ipv6-prefix>/<prefix-length> <[valid-lifetime <0-4294967295>] [preferred-lifetime <0-
4294967295>] [no-autoconfig] [no-onlink] [no-advertise]> .................................................................................162
ipv6 nd ra interval minimum <3-1350> maximum <4-1800> ...............................................................................................162
ipv6 nd ra lifetime <0-9000> ...................................................................................................................................................162
ipv6 nd ra suppress ..................................................................................................................................................................162
ipv6 nd reachable-time <1000-3600000> .............................................................................................................................162
ipv6 neighbor <interface-type> <interface-number> <ipv6-address> <mac-address> ...................................163
ipv6 route <ipv6-prefix>/<prefix-length> <next-hop> ...........................................................................................163
ipv6 route <ipv6-prefix>/<prefix-length> <next-hop> <interface-type> <interface-number> ................163
ipv6 snooping attach-policy <name> ....................................................................................................................................164
ipv6 snooping policy <name> .................................................................................................................................................164
ipv6 source binding <ipv6-address |ipv6-address/prefix-length> [mac <mac-addr>] [vlan <vlan-id>] [inter-
face port-channel <port-list>] ..........................................................................................................................164
ipv6 source-guard policy <name> .........................................................................................................................................165
kick tcp <session id> ..........................................................................................................................................................140

Ethernet Switch CLI Reference Guide

364
Index of Commands

l2protocol-tunnel .....................................................................................................................................................................173
l2protocol-tunnel .....................................................................................................................................................................174
l2protocol-tunnel cdp .............................................................................................................................................................173
l2protocol-tunnel mac <mac-addr> .....................................................................................................................................174
l2protocol-tunnel mode <access|tunnel> ...........................................................................................................................173
l2protocol-tunnel point-to-point ............................................................................................................................................173
l2protocol-tunnel point-to-point lacp ...................................................................................................................................173
l2protocol-tunnel point-to-point pagp .................................................................................................................................174
l2protocol-tunnel point-to-point udld ...................................................................................................................................174
l2protocol-tunnel stp ...............................................................................................................................................................174
l2protocol-tunnel vtp ..............................................................................................................................................................174
lacp ...........................................................................................................................................................................................315
lacp system-priority <1-65535> ...............................................................................................................................................316
limit address-count <number> ...............................................................................................................................................164
lldp ............................................................................................................................................................................................179
lldp admin-status <disabled|tx-only|rx-only|tx-rx> ............................................................................................................177
lldp basic-tlv management-address .....................................................................................................................................177
lldp basic-tlv port-description ................................................................................................................................................177
lldp basic-tlv system-capabilities ...........................................................................................................................................177
lldp basic-tlv system-description ............................................................................................................................................177
lldp basic-tlv system-name .....................................................................................................................................................177
lldp dcbx application <ether-type><fcoe> priority <0-7> .................................................................................................80
lldp med location civic [county <county>] [city <city>] [division <division>] [neighbor <neighbor>]
[street <street>] [leading-street-direction <value>] [trailing-street-suffix <value>] [street-suffix <value>]
[house-number <num>] [house-number-suffix <value>] [landmark <landmark>] [additional-
location <value>] [name <value>] [zip-code <value>] [building <value>] [unit <value>] [floor
<value>] [room-number <value>] [place-type <value>] [postal-community-name <value>]
[post-office-box <value>] [additional-code <value>] ...............................................................................177
lldp med location coordinate [latitude <north|south> <value>][longitude <west|east > <value>][altitude <me-
ters|floor> <value>][datum <WGS84|NAD83-NAVD88|NAD83-MLLW>] ........................................................178
lldp med location elin <number> ......................................................................................................................................178
lldp med network-policy <voice|voice-signaling|guest-voice|guest-voice-signaling|softphone-voice|video-con-
ferencing|streaming-video|video-signaling> [tagged|untagged][vlan <vlan-id>][priority <priori-
ty>][dscp <dscp>] ...................................................................................................................................................178
lldp med topology-change-notification ..............................................................................................................................178
lldp notification ........................................................................................................................................................................178
lldp org-specific-tlv dot1 dcbx-application-priority ...............................................................................................................82
lldp org-specific-tlv dot1 dcbx-ets-configuration ..................................................................................................................82
lldp org-specific-tlv dot1 dcbx-pfc-configuration .................................................................................................................82
lldp org-specific-tlv dot1 port-protocol-vlan-id ...................................................................................................................178
lldp org-specific-tlv dot1 port-vlan-id ....................................................................................................................................178
lldp org-specific-tlv dot3 link-aggregation ...........................................................................................................................178
lldp org-specific-tlv dot3 mac-phy ........................................................................................................................................178
lldp org-specific-tlv dot3 max-frame-size .............................................................................................................................178
lldp org-specific-tlv dot3 power-via-mdi ..............................................................................................................................178
lldp org-specific-tlv med location .........................................................................................................................................178
lldp org-specific-tlv med network-policy ..............................................................................................................................178
lldp reinitialize-delay <1-10> ...................................................................................................................................................179
lldp transmit-delay <1-8192> ..................................................................................................................................................179
lldp transmit-hold <2-10> ........................................................................................................................................................180
lldp transmit-interval <5-32768> .............................................................................................................................................180
locator-led ................................................................................................................................................................................346
locator-led <1-1440> ...............................................................................................................................................................346
logins username <name> password [cipher] <password> privilege <0-14> ..................................................................191
logout ........................................................................................................................................................................................344
loopguard ................................................................................................................................................................................193
loopguard ................................................................................................................................................................................193
mac-address ............................................................................................................................................................................51
mac-aging-time <10-1000000> ..............................................................................................................................................195

Ethernet Switch CLI Reference Guide

365
Index of Commands

mac-authentication ................................................................................................................................................................197
mac-authentication ................................................................................................................................................................198
mac-authentication nameprefix <name-string> .............................................................................................................197
mac-authentication password <name-string> .................................................................................................................197
mac-authentication timeout <1-3000> ................................................................................................................................197
mac-authentication trusted-vlan <vlan-list> .................................................................................................................198
mac-based-vlan name <name> source-mac <mac-addr> vlan <vlan-id> priority <0-7> ..........................................199
mac-filter name <name> mac <mac-addr> vlan <vlan-id> ............................................................................................201
mac-filter name <name> mac <mac-addr> vlan <vlan-id> drop <src|dst|both> ......................................................201
mac-filter name <name> mac <mac-addr> vlan <vlan-id> inactive .............................................................................201
mac-flush [<port-num>] .........................................................................................................................................................195
mac-forward name <name> mac <mac-addr> vlan <vlan-id> interface <interface-id> .....................................203
mac-forward name <name> mac <mac-addr> vlan <vlan-id> interface <interface-id> inactive ......................203
mac-pinning ............................................................................................................................................................................204
mac-pinning ............................................................................................................................................................................204
mac-transfer dynamic-to-filter interface port-channel <port-list> .............................................................................195
mac-transfer dynamic-to-filter mac <mac-addr> ...............................................................................................................195
mac-transfer dynamic-to-filter vlan <vlan-list> .............................................................................................................195
mac-transfer dynamic-to-forward interface port-channel <port-list> .......................................................................196
mac-transfer dynamic-to-forward mac <mac-addr> ........................................................................................................196
mac-transfer dynamic-to-forward vlan <vlan-list> .......................................................................................................196
ma-index ....................................................................................................................................................................................51
md-index ..................................................................................................................................................................................51
media-type 10g <SFP+|DAC10G> ........................................................................................................................................133
mep <mep-id> interface port-channel <port> direction <up|down> priority <0-7> .....................................................53
mep <mep-id> interface port-channel <port> direction <up|down> priority <0-7> cc-enable ..................................53
mep <mep-id> interface port-channel <port> direction <up|down> priority <0-7> inactive ......................................53
mep-id .......................................................................................................................................................................................51
mhf-creation < none | default | explicit> .............................................................................................................................53
mirror .........................................................................................................................................................................................207
mirror dir <ingress|egress|both> ...........................................................................................................................................207
mirror-filter egress mac <mac-addr> .....................................................................................................................................207
mirror-filter egress type <all|dest|src> .................................................................................................................................207
mirror-filter ingress mac <mac-addr> ....................................................................................................................................207
mirror-filter ingress type <all|dest|src> .................................................................................................................................207
mirror-port .................................................................................................................................................................................206
mirror-port <port-num> ..........................................................................................................................................................206
mode <dynamic|compatible> ............................................................................................................................................219
mode zynos ..............................................................................................................................................................................346
mrstp <tree-index> ..............................................................................................................................................................210
mrstp <tree-index> hello-time <1-10> maximum-age <6-40> forward-delay <4-30> ..................................................210
mrstp <tree-index> priority <0-61440> ...............................................................................................................................210
mrstp interface <port-list> ................................................................................................................................................210
mrstp interface <port-list> edge-port .............................................................................................................................211
mrstp interface <port-list> path-cost <1-65535> ...........................................................................................................211
mrstp interface <port-list> priority <0-255> ....................................................................................................................211
mrstp interface <port-list> rootguard .............................................................................................................................211
mrstp interface <port-list> tree-index <tree-index> ..................................................................................................211
mstp ..........................................................................................................................................................................................213
mstp configuration-name <name> ........................................................................................................................................213
mstp hello-time <1-10> maximum-age <6-40> forward-delay <4-30> ..............................................................................213
mstp instance <number> interface port-channel <port-list> .......................................................................................214
mstp instance <number> interface port-channel <port-list> path-cost <1-65535> ..................................................214
mstp instance <number> interface port-channel <port-list> priority <0-255> ...........................................................214
mstp instance <number> priority <0-61440> .........................................................................................................................214
mstp instance <number> vlan <vlan-list> .......................................................................................................................214
mstp interface port-channel <port-list> edge-port ......................................................................................................213
mstp interface port-channel <port-list> rootguard ......................................................................................................214
mstp max-hop <1-255> ...........................................................................................................................................................213

Ethernet Switch CLI Reference Guide

366
Index of Commands

mstp revision <0-65535> ..........................................................................................................................................................213

multicast-forward name <name> mac <mac-addr> vlan <vlan-id> inactive ...............................................................298
multicast-forward name <name> mac <mac-addr> vlan <vlan-id> interface port-channel <port-list> .............298
multicast-limit .............................................................................................................................................................................47
multicast-limit <pkt/s> .............................................................................................................................................................47
multi-login .................................................................................................................................................................................218
mvr <1-4094> ............................................................................................................................................................................344
mvr <vlan-id> ........................................................................................................................................................................219
name <name> ..........................................................................................................................................................................137
name <name> ..........................................................................................................................................................................219
name <name> ..........................................................................................................................................................................322
name <name> ..........................................................................................................................................................................339
name <port-name-string> ................................................................................................................................................133
network <ip-addr/bits> area <area-id> ........................................................................................................................226
no aaa accounting commands .............................................................................................................................................28
no aaa accounting dot1x ........................................................................................................................................................28
no aaa accounting exec .........................................................................................................................................................28
no aaa accounting system ......................................................................................................................................................28
no aaa accounting update ....................................................................................................................................................27
no aaa accounting update ..................................................................................................................................................356
no aaa authentication enable ...............................................................................................................................................27
no aaa authentication enable .............................................................................................................................................356
no aaa authentication login ....................................................................................................................................................27
no aaa authentication login ..................................................................................................................................................356
no aaa authorization console .................................................................................................................................................28
no aaa authorization dot1x .....................................................................................................................................................29
no aaa authorization exec ......................................................................................................................................................29
no anti arpscan .........................................................................................................................................................................31
no anti arpscan host threshold ................................................................................................................................................31
no anti arpscan port threshold ................................................................................................................................................31
no anti arpscan trust host <ip-address> <mask> ................................................................................................................31
no area <area-id> ................................................................................................................................................................224
no area <area-id> authentication .....................................................................................................................................224
no area <area-id> default-cost ..........................................................................................................................................224
no area <area-id> nssa ........................................................................................................................................................224
no area <area-id> nssa no-summary .................................................................................................................................225
no area <area-id> stub ........................................................................................................................................................224
no area <area-id> stub no-summary .................................................................................................................................224
no area <area-id> virtual-link <router-id> .....................................................................................................................225
no area <area-id> virtual-link <router-id> authentication-key ...................................................................................225
no area <area-id> virtual-link <router-id> authentication-same-as-area .................................................................225
no area <area-id> virtual-link <router-id> message-digest-key ..................................................................................225
no arp inspection ......................................................................................................................................................................34
no arp inspection filter-aging-time ..........................................................................................................................................34
no arp inspection filter-aging-time ........................................................................................................................................356
no arp inspection log-buffer entries ........................................................................................................................................35
no arp inspection log-buffer entries ......................................................................................................................................356
no arp inspection log-buffer logs ............................................................................................................................................35
no arp inspection log-buffer logs ..........................................................................................................................................356
no arp inspection trust ..............................................................................................................................................................35
no arp inspection vlan <vlan-list> .....................................................................................................................................35
no arp inspection vlan <vlan-list> logging .......................................................................................................................35
no arp ip <ip-address> mac <mac-addr> vlan <vlan-id> inactive .............................................................................32
no arp ip <ip-address> mac <mac-addr> vlan <vlan-id> .............................................................................................32
no arp-learning ..........................................................................................................................................................................39
no auto-config ...........................................................................................................................................................................40
no bandwidth-control ...............................................................................................................................................................43
no bandwidth-limit cir ...............................................................................................................................................................43
no bandwidth-limit egress ........................................................................................................................................................43

Ethernet Switch CLI Reference Guide

367
Index of Commands

no bandwidth-limit ingress .......................................................................................................................................................43

no bandwidth-limit pir ...............................................................................................................................................................43
no bmstorm-limit ........................................................................................................................................................................46
no bpduguard ...........................................................................................................................................................................45
no bpduguard ...........................................................................................................................................................................45
no broadcast-limit .....................................................................................................................................................................47
no classifier <name> ...................................................................................................................................................................59
no classifier <name> inactive ....................................................................................................................................................59
no classifier logging ...................................................................................................................................................................60
no cluster ....................................................................................................................................................................................62
no cluster member <mac> ........................................................................................................................................................62
no clv ..........................................................................................................................................................................................66
no connected-port <port-list> ........................................................................................................................................208
no custom-default .....................................................................................................................................................................71
no destination monitor-port ...................................................................................................................................................208
no dhcp dhcp-vlan ...................................................................................................................................................................90
no dhcp option profile <name> ................................................................................................................................................83
no dhcp relay <vlan-id> ........................................................................................................................................................84
no dhcp relay <vlan-id> information ...................................................................................................................................84
no dhcp relay <vlan-id> interface port-channel <port-list> option ..........................................................................84
no dhcp relay <vlan-id> option ...........................................................................................................................................84
no dhcp relay <vlan-id> source-address ............................................................................................................................84
no dhcp relay-broadcast .........................................................................................................................................................84
no dhcp server <vlan-id> ......................................................................................................................................................85
no dhcp server <vlan-id> default-gateway .......................................................................................................................85
no dhcp server <vlan-id> primary-dns .................................................................................................................................85
no dhcp server <vlan-id> secondary-dns ...........................................................................................................................85
no dhcp smart-relay .................................................................................................................................................................84
no dhcp smart-relay information .............................................................................................................................................85
no dhcp smart-relay interface port-channel <port-list> ................................................................................................85
no dhcp smart-relay option .....................................................................................................................................................85
no dhcp snooping .....................................................................................................................................................................88
no dhcp snooping database ..................................................................................................................................................88
no dhcp snooping database timeout ....................................................................................................................................88
no dhcp snooping database write-delay ..............................................................................................................................89
no dhcp snooping limit rate .....................................................................................................................................................89
no dhcp snooping trust ............................................................................................................................................................89
no dhcp snooping vlan <vlan-list> ...................................................................................................................................89
no dhcp snooping vlan <vlan-list> information ..............................................................................................................89
no dhcp snooping vlan <vlan-list> interface port-channel <port-list> option .....................................................89
no dhcp snooping vlan <vlan-list> option .......................................................................................................................89
no dhcp snooping vlan <vlan-list> option .......................................................................................................................89
no diffserv ...................................................................................................................................................................................91
no diffserv ...................................................................................................................................................................................91
no display aaa <[authentication][authorization][server]> ...................................................................................................92
no display user <[system][snmp]> ...........................................................................................................................................92
no dlf-limit ...................................................................................................................................................................................47
no egress set <port-list> ...................................................................................................................................................243
no errdisable detect cause <ARP|BPDU|IGMP> ..................................................................................................................96
no errdisable recovery ..............................................................................................................................................................96
no errdisable recovery cause <loopguard|ARP|BPDU|IGMP> .........................................................................................96
no ethernet cfm ........................................................................................................................................................................54
no ethernet cfm ma <ma-index> md <md-index> ..............................................................................................................54
no ethernet cfm management-address-domain .................................................................................................................54
no ethernet cfm md <md-index> ...........................................................................................................................................54
no ethernet cfm virtual-mac ....................................................................................................................................................54
no ethernet oam .....................................................................................................................................................................100
no ethernet oam .......................................................................................................................................................................99
no ethernet oam mode .........................................................................................................................................................100

Ethernet Switch CLI Reference Guide

368
Index of Commands

no ethernet oam remote-loopback ignore-rx .....................................................................................................................100

no ethernet oam remote-loopback supported ..................................................................................................................100
no ets traffic-class binding .......................................................................................................................................................79
no except-smac zero-smac-drop .........................................................................................................................................346
no external-alarm <index> ....................................................................................................................................................104
no external-alarm all ...............................................................................................................................................................104
no fixed <port-list> ............................................................................................................................................................322
no flow-control .........................................................................................................................................................................133
no forbidden <port-list> ...................................................................................................................................................322
no green-ethernet auto-power-down ..................................................................................................................................108
no green-ethernet auto-power-down ..................................................................................................................................109
no green-ethernet eee ...........................................................................................................................................................108
no green-ethernet eee ...........................................................................................................................................................109
no green-ethernet short-reach ..............................................................................................................................................109
no green-ethernet short-reach ..............................................................................................................................................109
no group ...................................................................................................................................................................................219
no group <name-str> ............................................................................................................................................................219
no gvrp .....................................................................................................................................................................................112
no hybrid-spq ...........................................................................................................................................................................258
no igmp-filtering ......................................................................................................................................................................130
no igmp-filtering profile ...........................................................................................................................................................130
no igmp-filtering profile <name> .............................................................................................................................................130
no igmp-filtering profile <name> start-address <ip> end-address <ip> ...........................................................................130
no igmp-group-limited ............................................................................................................................................................128
no igmp-immediate-leave .....................................................................................................................................................128
no igmp-snooping ...................................................................................................................................................................123
no igmp-snooping 8021p-priority ...........................................................................................................................................123
no igmp-snooping authentication ........................................................................................................................................127
no igmp-snooping authentication-timeout .........................................................................................................................123
no igmp-snooping filtering .....................................................................................................................................................123
no igmp-snooping filtering profile .........................................................................................................................................127
no igmp-snooping filtering profile <name> ...........................................................................................................................123
no igmp-snooping filtering profile <name> start-address <ip> end-address <ip> ..........................................................124
no igmp-snooping group-limited ...........................................................................................................................................127
no igmp-snooping leave-proxy .............................................................................................................................................124
no igmp-snooping querier ......................................................................................................................................................124
no igmp-snooping report-proxy .............................................................................................................................................124
no igmp-snooping vlan <vlan-id> ......................................................................................................................................126
no inactive ...............................................................................................................................................................................133
no inactive ...............................................................................................................................................................................137
no inactive ...............................................................................................................................................................................208
no inactive ...............................................................................................................................................................................219
no inactive ...............................................................................................................................................................................322
no inactive ...............................................................................................................................................................................339
no inactive ...................................................................................................................................................................................5
no ingress-check .....................................................................................................................................................................323
no install slot <slot> ...............................................................................................................................................................346
no interface <port-num> .......................................................................................................................................................133
no interface loopback <0-7> .................................................................................................................................................137
no intrusion-lock .......................................................................................................................................................................133
no ip address <ip-address> <mask> ..................................................................................................................................137
no ip address <ip-address> <mask> ..................................................................................................................................328
no ip address default-gateway .............................................................................................................................................328
no ip address default-management dhcp-bootp ..............................................................................................................327
no ip dvmrp ................................................................................................................................................................................94
no ip igmp ................................................................................................................................................................................122
no ip load-sharing ...................................................................................................................................................................189
no ip name-server <all|ip|ipv6> ........................................................................................................................................140
no ip ospf authentication-key <key> ....................................................................................................................................223

Ethernet Switch CLI Reference Guide

369
Index of Commands

no ip ospf authentication-same-aa ......................................................................................................................................224

no ip ospf authentication-same-as-area .............................................................................................................................224
no ip ospf cost <1-65535> .......................................................................................................................................................224
no ip ospf message-digest-key <key> ..................................................................................................................................224
no ip ospf priority <0-255> .......................................................................................................................................................224
no ip policy-route <name> ......................................................................................................................................................239
no ip policy-route <name> inactive .......................................................................................................................................239
no ip policy-route <name> sequence <number> .................................................................................................................239
no ip route <ip> <mask> ........................................................................................................................................................300
no ip route <ip> <mask> <next-hop-ip> ...........................................................................................................................300
no ip route <ip> <mask> <next-hop-ip> inactive ............................................................................................................300
no ip route <ip> <mask> inactive .........................................................................................................................................300
no ip source binding <mac-addr> vlan <vlan-id> ...........................................................................................................145
no ipmc egress-untag-vlan ....................................................................................................................................................122
no ipv6 ......................................................................................................................................................................................155
no ipv6 address <ipv6-address>/<prefix> .....................................................................................................................155
no ipv6 address <ipv6-address>/<prefix> eui-64 ..........................................................................................................155
no ipv6 address <ipv6-address>/<prefix> link-local .....................................................................................................155
no ipv6 address autoconfig ...................................................................................................................................................155
no ipv6 address default-gateway .........................................................................................................................................155
no ipv6 address dhcp client ..................................................................................................................................................155
no ipv6 address dhcp client [rapid-commit] .......................................................................................................................155
no ipv6 address dhcp client option ......................................................................................................................................155
no ipv6 address dhcp client option <[dns][domain-list]> ...................................................................................................155
no ipv6 dhcp relay vlan <1-4094> .........................................................................................................................................156
no ipv6 dhcp relay vlan <1-4094> option interface-id .......................................................................................................156
no ipv6 dhcp relay vlan <1-4094> option remote-id ...........................................................................................................156
no ipv6 dhcp trust ...................................................................................................................................................................156
no ipv6 dhcp trust ...................................................................................................................................................................156
no ipv6 hop-limit ......................................................................................................................................................................163
no ipv6 mld snooping-proxy ...................................................................................................................................................160
no ipv6 mld snooping-proxy filtering .....................................................................................................................................160
no ipv6 mld snooping-proxy filtering group-limited .............................................................................................................158
no ipv6 mld snooping-proxy filtering profile .........................................................................................................................158
no ipv6 mld snooping-proxy filtering profile <name> ...........................................................................................................160
no ipv6 mld snooping-proxy filtering profile <name> start-address <ip> end-address <ip> ..........................................160
no ipv6 mld snooping-proxy vlan <vlan-id> ......................................................................................................................160
no ipv6 mld snooping-proxy vlan <vlan-id> downstream interface port-channel <port-list> .............................160
no ipv6 mld snooping-proxy vlan <vlan-id> upstream interface port-channel <port-list> ...................................160
no ipv6 nd dad-attempts .......................................................................................................................................................162
no ipv6 nd managed-config-flag .........................................................................................................................................162
no ipv6 nd ns-interval ..............................................................................................................................................................162
no ipv6 nd other-config-flag ..................................................................................................................................................162
no ipv6 nd prefix <ipv6-prefix>/<prefix-length> .......................................................................................................162
no ipv6 nd ra interval ..............................................................................................................................................................162
no ipv6 nd ra lifetime ..............................................................................................................................................................162
no ipv6 nd ra suppress ............................................................................................................................................................162
no ipv6 nd reachable-time ....................................................................................................................................................163
no ipv6 neighbor <interface-type> <interface-number> <ipv6-address> ..........................................................163
no ipv6 route <ipv6-prefix>/<prefix-length> .............................................................................................................163
no ipv6 snooping attach-policy ............................................................................................................................................164
no ipv6 snooping policy <name> ...........................................................................................................................................164
no ipv6 source binding <ipv6-address|ipv6-address/prefix-length> ..................................................................164
no l2protocol-tunnel ................................................................................................................................................................174
no l2protocol-tunnel ................................................................................................................................................................174
no l2protocol-tunnel cdp .......................................................................................................................................................174
no l2protocol-tunnel point-to-point .......................................................................................................................................174
no l2protocol-tunnel point-to-point lacp ..............................................................................................................................174
no l2protocol-tunnel point-to-point pagp ............................................................................................................................174

Ethernet Switch CLI Reference Guide

370
Index of Commands

no l2protocol-tunnel point-to-point udld ..............................................................................................................................174

no l2protocol-tunnel stp .........................................................................................................................................................174
no l2protocol-tunnel vtp .........................................................................................................................................................174
no lacp .....................................................................................................................................................................................316
no limit address-count ............................................................................................................................................................164
no lldp .......................................................................................................................................................................................180
no lldp admin-status ................................................................................................................................................................178
no lldp basic-tlv management-address ...............................................................................................................................178
no lldp basic-tlv port-description ...........................................................................................................................................179
no lldp basic-tlv system-capabilities .....................................................................................................................................179
no lldp basic-tlv system-description ......................................................................................................................................179
no lldp basic-tlv system-name ...............................................................................................................................................179
no lldp dcbx application <ether-type > <fcoe> ...................................................................................................................80
no lldp med location <civic|coordinate|elin> ..............................................................................................................179
no lldp med location ..............................................................................................................................................................179
no lldp med network-policy ...................................................................................................................................................179
no lldp med network-policy <voice|voice-signaling|guest-voice|guest-voice-signaling|softphone-voice|vid ....179
no lldp med topology-change-notification .........................................................................................................................179
no lldp notification ..................................................................................................................................................................179
no lldp org-specific-tlv dot1 port-protocol-vlan-id ..............................................................................................................179
no lldp org-specific-tlv dot1 port-vlan-id ..............................................................................................................................179
no lldp org-specific-tlv dot3 link-aggregation .....................................................................................................................179
no lldp org-specific-tlv dot3 mac-phy ..................................................................................................................................179
no lldp org-specific-tlv dot3 max-frame-size ........................................................................................................................179
no lldp org-specific-tlv dot3 power-via-mdi .........................................................................................................................179
no locator-led ..........................................................................................................................................................................346
no logins username <name> ...................................................................................................................................................191
no loopguard ...........................................................................................................................................................................193
no loopguard ...........................................................................................................................................................................193
no mac-authentication ..........................................................................................................................................................198
no mac-authentication ..........................................................................................................................................................198
no mac-authentication timeout ...........................................................................................................................................198
no mac-authentication trusted-vlan <vlan-list> ............................................................................................................198
no mac-based-vlan source-mac <mac-addr> ...................................................................................................................199
no mac-filter mac <mac-addr> vlan <vlan-id> ................................................................................................................201
no mac-filter mac <mac-addr> vlan <vlan-id> inactive .................................................................................................201
no mac-forward mac <mac-addr> vlan <vlan-id> interface <interface-id> .........................................................203
no mac-forward mac <mac-addr> vlan <vlan-id> interface <interface-id> inactive ..........................................203
no mac-pinning .......................................................................................................................................................................204
no mac-pinning .......................................................................................................................................................................204
no mep <mep-id> .....................................................................................................................................................................54
no mep <mep-id> cc-enable .................................................................................................................................................54
no mep <mep-id> inactive ......................................................................................................................................................54
no mirror ....................................................................................................................................................................................207
no mirror-port ...........................................................................................................................................................................206
no mirror-port <port-num> ....................................................................................................................................................207
no mrstp <tree-index> .........................................................................................................................................................211
no mrstp interface <port-list> ..........................................................................................................................................211
no mrstp interface <port-list> edge-port .......................................................................................................................211
no mrstp interface <port-list> rootguard .......................................................................................................................211
no mstp .....................................................................................................................................................................................213
no mstp instance <number> ..................................................................................................................................................214
no mstp instance <number> interface port-channel <port-list> .................................................................................214
no mstp instance <number> vlan <1-4094> ..........................................................................................................................214
no mstp interface port-channel <port-list> edge-port ................................................................................................213
no mstp interface port-channel <port-list> rootguard .................................................................................................214
no multicast-forward mac <mac-addr> vlan <vlan-id> ..................................................................................................298
no multicast-forward mac <mac-addr> vlan <vlan-id> inactive ...................................................................................298
no multicast-limit ........................................................................................................................................................................47

Ethernet Switch CLI Reference Guide

371
Index of Commands

no multi-login ...........................................................................................................................................................................218
no mvr <vlan-id> ..................................................................................................................................................................219
no network <ip-addr/bits> ................................................................................................................................................226
no non-querier .........................................................................................................................................................................121
no passive-iface <ip-addr/bits> .......................................................................................................................................226
no password encryption .........................................................................................................................................................230
no password privilege <0-14> ..............................................................................................................................................230
no permit link-local ..................................................................................................................................................................165
no policy <name> .....................................................................................................................................................................237
no policy <name> inactive ......................................................................................................................................................237
no port-access-authenticator ...............................................................................................................................................118
no port-access-authenticator <port-list> ......................................................................................................................118
no port-access-authenticator <port-list> guest-vlan ...................................................................................................118
no port-access-authenticator <port-list> guest-vlan Host-mode ...............................................................................118
no port-access-authenticator <port-list> reauthenticate ...........................................................................................118
no port-access-authenticator eapol-flood ..........................................................................................................................118
no port-security ........................................................................................................................................................................241
no port-security <port-list> ...............................................................................................................................................241
no port-security <port-list> learn inactive ......................................................................................................................241
no port-security <port-list> vlan <vlan-id> address-limit ...........................................................................................241
no port-security <port-list> vlan <vlan-id> address-limit inactive ............................................................................242
no pppoe intermediate-agent ..............................................................................................................................................245
no pppoe intermediate-agent format-type access-node-identifier ................................................................................246
no pppoe intermediate-agent format-type circuit-id ........................................................................................................245
no pppoe intermediate-agent format-type identifier-string ..............................................................................................246
no pppoe intermediate-agent format-type identifier-string hostname ...........................................................................246
no pppoe intermediate-agent format-type remote-id ......................................................................................................245
no pppoe intermediate-agent trust ......................................................................................................................................245
no pppoe intermediate-agent vlan <vlan-id> format-type circuit-id ...........................................................................245
no pppoe intermediate-agent vlan <vlan-id> format-type remote-id .........................................................................245
no pppoe intermediate-agent vlan <vlan-list> ............................................................................................................246
no pppoe intermediate-agent vlan <vlan-list> circuit-id ............................................................................................246
no pppoe intermediate-agent vlan <vlan-list> remote-id ..........................................................................................245
no preempt ..............................................................................................................................................................................339
no prefix-glean ........................................................................................................................................................................164
no primary-virtual-ip ................................................................................................................................................................339
no primary-virtual-ip <ip-address> .....................................................................................................................................339
no priority-flow-control ..............................................................................................................................................................76
no priority-flow-control priority .................................................................................................................................................76
no private-vlan <primary | isolated | community> ...........................................................................................................252
no private-vlan <vlan-id> ....................................................................................................................................................250
no private-vlan <vlan-id> inactive .....................................................................................................................................250
no private-vlan association ....................................................................................................................................................252
no private-vlan association <secondary-vlan-list> .....................................................................................................253
no private-vlan mode .............................................................................................................................................................253
no protocol dhcp ....................................................................................................................................................................164
no protocol-based-vlan ethernet-type <ether-num|ip|ipx|arp|rarp|appletalk|decnet> ......................................256
no pwr interface <port-list> .............................................................................................................................................232
no pwr interface <port-list> max-power ........................................................................................................................232
no pwr mibtrap ........................................................................................................................................................................232
no radius-accounting <index> .............................................................................................................................................262
no radius-accounting <index> .............................................................................................................................................356
no radius-server <index> .......................................................................................................................................................261
no radius-server <index> .......................................................................................................................................................356
no receiver-port <port-list> ..............................................................................................................................................219
no redistribute rip .....................................................................................................................................................................226
no redistribute static ................................................................................................................................................................226
no remote-management <index> .......................................................................................................................................263
no remote-management <index> service <[telnet] [ftp] [http] [icmp] [snmp] [ssh] [https]> ......................................263

Ethernet Switch CLI Reference Guide

372
Index of Commands

no remote-mep <mep-id> .......................................................................................................................................................53

no rmirror vlan <vlan-id> .....................................................................................................................................................208
no rmon alarm alarmtable <alarm-index> ........................................................................................................................268
no rmon event eventtable <event-index> ........................................................................................................................268
no rmon history historycontrol <historycontrol-index> ...............................................................................................268
no rmon statistics etherstats <etherstats-index> .................................................................................................................268
no router dvmrp .........................................................................................................................................................................93
no router igmp .........................................................................................................................................................................121
no router ospf ...........................................................................................................................................................................227
no router rip ..............................................................................................................................................................................265
no router vrrp network <ip-address>/<mask-bits> vr-id <1~7> ....................................................................................340
no secondary-virtual-ip ...........................................................................................................................................................339
no service-control ftp ..............................................................................................................................................................264
no service-control http ...........................................................................................................................................................264
no service-control https ..........................................................................................................................................................264
no service-control icmp ..........................................................................................................................................................264
no service-control snmp .........................................................................................................................................................264
no service-control ssh ..............................................................................................................................................................264
no service-control telnet ........................................................................................................................................................264
no sflow .....................................................................................................................................................................................277
no sflow .....................................................................................................................................................................................277
no sflow collector <ip-address> .........................................................................................................................................277
no sflow collector <ip-address> .........................................................................................................................................277
no shutdown slot <slot-list> .............................................................................................................................................346
no smart-isolation ....................................................................................................................................................................280
no snmp trap [options] .........................................................................................................................................................283
no snmp-server trap-destination <ip> ..................................................................................................................................283
no snmp-server trap-destination <ip> enable traps ...........................................................................................................284
no snmp-server trap-destination <ip> enable traps aaa ..................................................................................................284
no snmp-server trap-destination <ip> enable traps aaa <options> ..............................................................................285
no snmp-server trap-destination <ip> enable traps interface ..........................................................................................285
no snmp-server trap-destination <ip> enable traps interface <options> .....................................................................285
no snmp-server trap-destination <ip> enable traps ip ......................................................................................................285
no snmp-server trap-destination <ip> enable traps ip <options> ..................................................................................285
no snmp-server trap-destination <ip> enable traps switch ...............................................................................................285
no snmp-server trap-destination <ip> enable traps switch <options> ..........................................................................285
no snmp-server trap-destination <ip> enable traps system ..............................................................................................285
no snmp-server trap-destination <ip> enable traps system <options> .........................................................................285
no snmp-server username <name> ........................................................................................................................................284
no source mirror-port <port-list> ......................................................................................................................................208
no source mirror-port <port-list> dir egress ....................................................................................................................208
no source mirror-port <port-list> dir ingress ....................................................................................................................208
no source reflector-port ..........................................................................................................................................................208
no source-port <port-list> ................................................................................................................................................219
no spanning-tree .....................................................................................................................................................................292
no spanning-tree <port-list> ............................................................................................................................................292
no spanning-tree <port-list> edge-port .........................................................................................................................293
no spanning-tree <port-list> rootguard .........................................................................................................................293
no ssh key <rsa1|rsa|dsa> .....................................................................................................................................................296
no ssh known-hosts <host-ip> .............................................................................................................................................296
no ssh known-hosts <host-ip> <1024|ssh-rsa|ssh-dsa> ...................................................................................................296
no Stacking ..............................................................................................................................................................................288
no Stacking force-master .......................................................................................................................................................288
no storm-control ........................................................................................................................................................................46
no subnet-based-vlan ............................................................................................................................................................303
no subnet-based-vlan dhcp-vlan-override ..........................................................................................................................304
no subnet-based-vlan source-ip <ip> mask-bits <mask-bits> ........................................................................................304
no summary-address <ip-address> <mask> .....................................................................................................................227
no switchport access vlan ........................................................................................................................................................67

Ethernet Switch CLI Reference Guide

373
Index of Commands

no switchport hybrid allowed vlan <vlan-list> .................................................................................................................67

no switchport hybrid pvid <vlan-id> ....................................................................................................................................67
no switchport mode ..................................................................................................................................................................66
no switchport trunk allowed vlan <vlan-list> ...................................................................................................................67
no switchport trunk allowed vlan all .......................................................................................................................................67
no switchport trunk native vlan ...............................................................................................................................................67
no syslog ...................................................................................................................................................................................305
no syslog server <ip-address> .............................................................................................................................................305
no syslog server <ip-address> inactive ..............................................................................................................................305
no syslog type <type> ............................................................................................................................................................305
no tacacs-accounting <index> ...........................................................................................................................................307
no tacacs-server <index> .....................................................................................................................................................307
no tagged <port-list> .......................................................................................................................................................219
no time daylight-saving-time ...................................................................................................................................................73
no time-range <name> ............................................................................................................................................................312
no timesync ................................................................................................................................................................................73
no traffic-class <id> .................................................................................................................................................................79
no trtcm ....................................................................................................................................................................................318
no trtcm ....................................................................................................................................................................................318
no trtcm dscp profile ..............................................................................................................................................................319
no trtcm dscp profile <name> ................................................................................................................................................318
no trunk <T1|T2|T3|T4|T5|T6> ..............................................................................................................................................315
no trunk <T1|T2|T3|T4|T5|T6> criteria .................................................................................................................................315
no trunk <T1|T2|T3|T4|T5|T6> interface <port-list> ....................................................................................................315
no trunk <T1|T2|T3|T4|T5|T6> lacp .....................................................................................................................................315
no untagged <port-list> ...................................................................................................................................................322
no validate address ................................................................................................................................................................165
no validate prefix ....................................................................................................................................................................165
no vlan <vlan-id> .................................................................................................................................................................322
no vlan1q gvrp ........................................................................................................................................................................112
no vlan1q ingress-check .........................................................................................................................................................323
no vlan1q port-isolation ..........................................................................................................................................................331
no vlan1q port-isolation ..........................................................................................................................................................331
no vlan-mapping .....................................................................................................................................................................329
no vlan-mapping .....................................................................................................................................................................329
no vlan-mapping interface port-channel <port> vlan <1-4094> .....................................................................................329
no vlan-mapping interface port-channel <port> vlan <1-4094> inactive ......................................................................329
no vlan-stacking ......................................................................................................................................................................332
no vlan-stacking selective-qinq interface port-channel <port> cvid <vlan-id> .........................................................332
no vlan-stacking selective-qinq interface port-channel <port> cvid <vlan-id> inactive ..........................................332
no vlan-trunking .......................................................................................................................................................................335
no voice-vlan ...........................................................................................................................................................................336
no voice-vlan oui <mac-addr> mask <mask-addr> ...........................................................................................................336
no zuld ......................................................................................................................................................................................342
no zuld ......................................................................................................................................................................................342
non-querier ...............................................................................................................................................................................121
normal <port-list> ..............................................................................................................................................................322
owner .......................................................................................................................................................................................267
passive-iface <ip-addr/bits> ............................................................................................................................................226
password [cipher] <pw-string> [privilege <0-14>] ..........................................................................................................230
password encryption ..............................................................................................................................................................230
permit link-local .......................................................................................................................................................................165
ping <ip|host-name> [vlan <vlan-id>] [size <0-1472>] [-t] ............................................................................................345
ping help ..................................................................................................................................................................................345
ping6 <ipv6-address> <[-i <interface-type> <interface-number>] [-t] [-l <1-1452>] [-n <1-65535>] [-s <ipv6-ad-
dress>] ......................................................................................................................................................................157
policy <name> classifier <classifier-list> <[vlan <vlan-id>] [egress-port <port-num>] [priority <0-7>] [bandwidth
<bandwidth>] [forward-action <drop>] [queue-action <prio-set>] [outgoing-eport] [outgoing-set-vlan] [rate-
limit ] [inactive]> ........................................................................................................................................................237

Ethernet Switch CLI Reference Guide

374
Index of Commands

policy <name> classifier <classifier-list> <[vlan <vlan-id>][egress-port <port-num>][priority <0-7>][dscp <0-

63>][tos <0-7>][bandwidth <bandwidth>][egress-port <port-list>][outgoing-packet-format <tagged|un-
tagged>][out-of-profile-dscp <0-63>][forward-action <drop|forward|egressmask>] [ priority-action <[prio-
set|set-prio-as-inner-prio |prio-replace-tos] [queue-action <prio-set|prio-queue|prio-replace-tos>][diffserv-
action <diff-set-tos|diff-replace-priority|diff-set-dscp>][outgoing-mirror][outgoing-eport][outgoing-non-uni-
cast-eport][outgoing-set-vlan][metering][out-of-profile-action <[change-dscp][drop][ forward] [set-drop-
precedence]>][inactive]> .......................................................................................................................................236
port-access-authenticator .....................................................................................................................................................118
port-access-authenticator <port-list> ............................................................................................................................119
port-access-authenticator <port-list> guest-vlan .........................................................................................................119
port-access-authenticator <port-list> guest-vlan <vlan-id> ....................................................................................119
port-access-authenticator <port-list> guest-vlan Host-mode Multi-host ...................................................................119
port-access-authenticator <port-list> guest-vlan Host-mode Multi-secure [<1-24>] ...............................................119
port-access-authenticator <port-list> max-req <1-10> ................................................................................................119
port-access-authenticator <port-list> quiet-period <0-65535> ...................................................................................119
port-access-authenticator <port-list> reauthenticate .................................................................................................119
port-access-authenticator <port-list> reauth-period <1-65535> ................................................................................119
port-access-authenticator <port-list> supp-timeout <30-65535> ...............................................................................119
port-access-authenticator <port-list> tx-period <1-65535> .........................................................................................119
port-access-authenticator eapol-flood ...............................................................................................................................119
port-security .............................................................................................................................................................................241
port-security <port-list> ....................................................................................................................................................241
port-security <port-list> address-limit <number> ...........................................................................................................241
port-security <port-list> learn inactive ............................................................................................................................241
port-security <port-list> MAC-freeze ..............................................................................................................................241
port-security <port-list> vlan <vlan-id> address-limit <number> ..............................................................................241
port-security <port-list> vlan <vlan-id> address-limit <number> inactive ...............................................................242
pppoe intermediate-agent ...................................................................................................................................................246
pppoe intermediate-agent format-type access-node-identifier string <string> .........................................................246
pppoe intermediate-agent format-type circuit-id string <string> .................................................................................245
pppoe intermediate-agent format-type identifier-string hostname .................................................................................246
pppoe intermediate-agent format-type identifier-string string <string> option <s|p|v|sp|sv|pv|spv> delimiter
<#|.|,|;|/| |> .........................................................................................................................................................246
pppoe intermediate-agent format-type remote-id string <string> ...............................................................................245
pppoe intermediate-agent trust ...........................................................................................................................................245
pppoe intermediate-agent vlan <vlan-id> format-type circuit-id string <string> ....................................................245
pppoe intermediate-agent vlan <vlan-id> format-type remote-id string <string> ..................................................245
pppoe intermediate-agent vlan <vlan-list> ..................................................................................................................246
pppoe intermediate-agent vlan <vlan-list> circuit-id ..................................................................................................246
pppoe intermediate-agent vlan <vlan-list> remote-id ................................................................................................246
preempt ...................................................................................................................................................................................340
prefix-glean ..............................................................................................................................................................................164
primary-virtual-ip <ip-address> ...........................................................................................................................................339
priority <1~254> ........................................................................................................................................................................339
priority-flow-control ...................................................................................................................................................................76
priority-flow-control auto ..........................................................................................................................................................76
priority-flow-control priority <priority-list> ....................................................................................................................76
private-vlan <primary | isolated | community> .................................................................................................................252
private-vlan association <secondary-vlan-list> ...........................................................................................................252
private-vlan mode .. <promiscuous | isolated | community> association <vlan-id> dot1q <tagged | untagged> 253
private-vlan name <name> vlan <vlan-id> ........................................................................................................................251
private-vlan name <name> vlan <vlan-id> inactive .........................................................................................................251
private-vlan name <name> vlan <vlan-id> promiscuous-port <port-list> ...............................................................251
private-vlan name <name> vlan <vlan-id> promiscuous-port <port-list> inactive ................................................251
protocol dhcp .........................................................................................................................................................................164
protocol-based-vlan name <name> ethernet-type <ether-num|ip|ipx|arp|rarp|appletalk|decnet> vlan <vlan-
id> priority <0-7> .......................................................................................................................................................256
pvid <1-4094> ...........................................................................................................................................................................133
pwr interface <port-list> ...................................................................................................................................................232

Ethernet Switch CLI Reference Guide

375
Index of Commands

pwr interface <port-list> max-power <1000-33000> .................................................................................................232

pwr interface <port-list> priority <critical|high|low> ..................................................................................................232
pwr mibtrap .............................................................................................................................................................................232
pwr mode <classification|consumption> ............................................................................................................................232
pwr usagethreshold <1-99> ....................................................................................................................................................232
qos priority <0-7> .....................................................................................................................................................................133
queue priority <0-7> level <0-7> ............................................................................................................................................258
queue priority <0-7> level <0-7> ............................................................................................................................................259
radius-accounting host <index> <ip> [acct-port <socket-number>] [key [cipher] <key-string>] ........................262
radius-accounting timeout <1-1000> ....................................................................................................................................261
radius-server host <index> <ip> [auth-port <socket-number>] [key [cipher] <key-string>] ..................................261
radius-server mode <index-priority|round-robin> ...............................................................................................................261
radius-server timeout <1-1000> ..............................................................................................................................................261
receiver-port <port-list> ...................................................................................................................................................219
redistribute rip ..........................................................................................................................................................................226
redistribute rip metric-type <1|2> metric <0-16777215> .....................................................................................................226
redistribute static .....................................................................................................................................................................226
redistribute static metric-type <1|2> metric <0-16777215> ...............................................................................................226
reload config [1|2] .................................................................................................................................................................345
reload custom-default ............................................................................................................................................................275
reload factory-default ............................................................................................................................................................276
reload stacking-default ..........................................................................................................................................................288
remote-management <index> ............................................................................................................................................263
remote-management <index> start-addr <ip> end-addr <ip> service <[telnet] [ftp] [http] [icmp] [snmp] [ssh]
[https]> .......................................................................................................................................................................263
remote-mep <mep-id> ............................................................................................................................................................53
renew dhcp snooping database ............................................................................................................................................89
renew dhcp snooping database <tftp://host/filename> ...........................................................................................89
reset cpu-protection interface port-channel <port-list> cause <ARP|BPDU|IGMP> ................................................96
reset slot <slot-list> ...........................................................................................................................................................345
restart ipv6 dhcp client vlan <1-4094> ..................................................................................................................................155
rmirror vlan <vlan-id> ...........................................................................................................................................................208
rmon alarm alarmtable <alarm-index> variable <variable> interval <interval-integer> sample-type <abso-
lute|delta> startup-alarm <startup-alarm> rising-threshold <rising-integer> <event-index> falling-
threshold <falling-integer> <event-index> [owner <owner>] ...................................................................268
rmon alarm alarmtable <alarm-index> variable <variable> interval <interval-integer> sample-type <abso-
lute|delta> startup-alarm <startup-alarm> rising-threshold <rising-integer> <event-index> falling-
threshold <falling-integer> <event-index> [owner <owner>] ...................................................................269
rmon event eventtable <event-index> [log] [trap <community>] [owner <owner>] [description <description>] ....
268
rmon history historycontrol <historycontrol-index> buckets <1-65535> interval <1-3600> port-channel <inter-
face-id> [owner <owner>] ....................................................................................................................................268
rmon statistics etherstats <etherstats-index> port-channel <interface-id> [owner <owner>] ................................268
router dvmrp ..............................................................................................................................................................................93
router igmp ...............................................................................................................................................................................121
router ospf <router-id> .......................................................................................................................................................224
router rip ...................................................................................................................................................................................265
router vrrp network <ip-address>/<mask-bits> vr-id <1~7> uplink-gateway <ip-address> ..................................339
secondary-virtual-ip <ip-address> .....................................................................................................................................339
service-control console <timeout> ......................................................................................................................................263
service-control ftp ...................................................................................................................................................................263
service-control ftp <socket-number> <timeout> .............................................................................................................263
service-control http .................................................................................................................................................................264
service-control http <socket-number> <timeout> ...........................................................................................................264
service-control https ................................................................................................................................................................264
service-control https <socket-number> ..............................................................................................................................264
service-control icmp ...............................................................................................................................................................264
service-control snmp ...............................................................................................................................................................264
service-control ssh ...................................................................................................................................................................264

Ethernet Switch CLI Reference Guide

376
Index of Commands

service-control ssh <socket-number> ..................................................................................................................................264

service-control telnet ..............................................................................................................................................................264
service-control telnet <socket-number> <timeout> ........................................................................................................264
sflow ..........................................................................................................................................................................................277
sflow ..........................................................................................................................................................................................277
sflow collector <ip-address> [poll-interval <20-120>] [sample-rate <256-65535>] .......................................................277
sflow collector <ip-address> [udp-port <udp-port>] .....................................................................................................278
show aaa accounting ..............................................................................................................................................................27
show aaa accounting commands .........................................................................................................................................27
show aaa accounting dot1x ...................................................................................................................................................28
show aaa accounting exec ....................................................................................................................................................28
show aaa accounting system .................................................................................................................................................28
show aaa accounting update ................................................................................................................................................27
show aaa authentication .........................................................................................................................................................27
show aaa authentication enable ...........................................................................................................................................27
show aaa authentication login ...............................................................................................................................................27
show aaa authorization ............................................................................................................................................................28
show aaa authorization dot1x .................................................................................................................................................28
show aaa authorization exec ..................................................................................................................................................28
show al1arm-status ..................................................................................................................................................................345
show anti arpscan .....................................................................................................................................................................31
show anti arpscan host .............................................................................................................................................................31
show arp inspection ..................................................................................................................................................................34
show arp inspection filter [<mac-addr>] [vlan <vlan-id>] .................................................................................................34
show arp inspection interface port-channel <port-list> ................................................................................................35
show arp inspection log ...........................................................................................................................................................35
show arp inspection statistics ...................................................................................................................................................34
show arp inspection statistics vlan <vlan-list> ........................................................................................................................34
show arp inspection vlan <vlan-list> .................................................................................................................................35
show auto-config ......................................................................................................................................................................40
show bpdupguard ....................................................................................................................................................................45
show classifier [<name>] ............................................................................................................................................................58
show cluster ................................................................................................................................................................................62
show cluster candidates ..........................................................................................................................................................62
show cluster member ................................................................................................................................................................62
show cluster member config ...................................................................................................................................................62
show cluster member mac <mac> ..........................................................................................................................................62
show cpu-protection interface port-channel <port-list> ...............................................................................................96
show cpu-utilization .................................................................................................................................................................345
show cpu-utilization process ..................................................................................................................................................345
show dhcp option profile .........................................................................................................................................................83
show dhcp relay <vlan-id> ...................................................................................................................................................83
show dhcp server ......................................................................................................................................................................85
show dhcp server <vlan-id> ..................................................................................................................................................85
show dhcp smart-relay .............................................................................................................................................................84
show dhcp snooping ................................................................................................................................................................88
show dhcp snooping binding ..................................................................................................................................................88
show dhcp snooping database ..............................................................................................................................................88
show dhcp snooping database detail ...................................................................................................................................88
show dhcp snooping option [vlan <vlan-list>] [interface <port-list>] ....................................................................88
show diffserv ...............................................................................................................................................................................91
show errdisable ..........................................................................................................................................................................97
show errdisable detect .............................................................................................................................................................97
show errdisable recovery .........................................................................................................................................................97
show ethernet cfm linktrace ....................................................................................................................................................54
show ethernet cfm local ..........................................................................................................................................................54
show ethernet cfm local stack ................................................................................................................................................54
show ethernet cfm local stack mep .......................................................................................................................................54
show ethernet cfm local stack mep <mep-id> ma <ma-index> md <md-index> .........................................................54

Ethernet Switch CLI Reference Guide

377
Index of Commands

show ethernet cfm local stack mep <mep-id> ma <ma-index> md <md-index> mep-ccmdb [remote-mep <mep-
id>] ...............................................................................................................................................................................54
show ethernet cfm local stack mip .........................................................................................................................................54
show ethernet cfm local stack mip mip-ccmdb ...................................................................................................................54
show ethernet cfm remote ......................................................................................................................................................55
show ethernet cfm virtual-mac ...............................................................................................................................................55
show ethernet cfm virtual-mac port <port-list> .....................................................................................................................55
show ethernet oam discovery <port-list> ........................................................................................................................99
show ethernet oam statistics <port-list> ...........................................................................................................................99
show ethernet oam summary ..................................................................................................................................................99
show except-smac ..................................................................................................................................................................345
show external-alarm ...............................................................................................................................................................104
show garp ................................................................................................................................................................................106
show green-ethernet auto-power-down .............................................................................................................................109
show green-ethernet eee ......................................................................................................................................................109
show green-ethernet short-reach .........................................................................................................................................109
show hardware-monitor <C|F> .............................................................................................................................................345
show https ................................................................................................................................................................................115
show https certificate .............................................................................................................................................................115
show https key <rsa|dsa> ......................................................................................................................................................115
show https session ...................................................................................................................................................................115
show igmp-filtering profile ......................................................................................................................................................130
show igmp-snooping ..............................................................................................................................................................124
show igmp-snooping filtering profile .....................................................................................................................................124
show igmp-snooping group all ..............................................................................................................................................124
show igmp-snooping group client < [vlan <vlan-list>] [interface port-channel <port-list>] [multicast-group
<group-address>] > ...............................................................................................................................................125
show igmp-snooping group client all ...................................................................................................................................125
show igmp-snooping group count ........................................................................................................................................125
show igmp-snooping group interface port-channel <port-list> .................................................................................125
show igmp-snooping group interface port-channel <port-list> count ......................................................................125
show igmp-snooping group vlan <vlan-list> ..................................................................................................................125
show igmp-snooping group vlan <vlan-list> count ......................................................................................................125
show igmp-snooping querier .................................................................................................................................................125
show igmp-snooping statistics interface port-channel <port-list> ..............................................................................125
show igmp-snooping statistics system ...................................................................................................................................125
show igmp-snooping statistics vlan <vlan-list> ..............................................................................................................125
show igmp-snooping vlan ......................................................................................................................................................125
show interface loopback .......................................................................................................................................................137
show interface loopback <0-7> ............................................................................................................................................137
show interfaces <port-list> ...............................................................................................................................................133
show interfaces config <port-list> ...................................................................................................................................133
show interfaces config <port-list> bandwidth-control ...................................................................................................42
show interfaces config <port-list> bstorm-control ..........................................................................................................46
show interfaces config <port-list> egress .......................................................................................................................243
show interfaces config <port-list> igmp-filtering ...........................................................................................................130
show interfaces config <port-list> igmp-group-limited ................................................................................................126
show interfaces config <port-list> igmp-immediate-leave .........................................................................................126
show interfaces config <port-list> igmp-query-mode ..................................................................................................126
show interfaces config <port-list> igmp-snooping filtering ..........................................................................................126
show interfaces config <port-list> igmp-snooping group-limited ...............................................................................126
show interfaces config <port-list> igmp-snooping leave-mode .................................................................................126
show interfaces config <port-list> igmp-snooping query-mode ................................................................................126
show interfaces config <port-list> protocol-based-vlan ..............................................................................................255
show interfaces config <port-list> trtcm dscp profile ...................................................................................................318
show interfaces status .............................................................................................................................................................345
show interfaces transceiver <port-list> ..........................................................................................................................345
show interfaces utilization ......................................................................................................................................................133
show ip ......................................................................................................................................................................................140

Ethernet Switch CLI Reference Guide

378
Index of Commands

show ip arp .................................................................................................................................................................................32

show ip arp count .....................................................................................................................................................................32
show ip dvmrp group ................................................................................................................................................................93
show ip dvmrp interface ..........................................................................................................................................................93
show ip dvmrp neighbor ..........................................................................................................................................................93
show ip dvmrp prune ................................................................................................................................................................93
show ip dvmrp route .................................................................................................................................................................93
show ip igmp group ................................................................................................................................................................122
show ip igmp interface ...........................................................................................................................................................122
show ip igmp multicast ...........................................................................................................................................................122
show ip igmp timer ..................................................................................................................................................................122
show ip iptable all [IP|VID|PORT] .........................................................................................................................................140
show ip iptable count .............................................................................................................................................................140
show ip iptable static ..............................................................................................................................................................140
show ip name-server ...............................................................................................................................................................140
show ip ospf database ...........................................................................................................................................................223
show ip ospf interface ............................................................................................................................................................223
show ip ospf neighbor ............................................................................................................................................................223
show ip policy-route ................................................................................................................................................................239
show ip policy-route <name> ..................................................................................................................................................239
show ip policy-route <name> sequence <number> .............................................................................................................239
show ip protocols ....................................................................................................................................................................223
show ip protocols ....................................................................................................................................................................265
show ip rip database ..............................................................................................................................................................266
show ip route ...........................................................................................................................................................................300
show ip route static .................................................................................................................................................................300
show ip source binding [<mac-addr>] [...] ...........................................................................................................................145
show ip source binding help ..................................................................................................................................................145
show ip tcp ...............................................................................................................................................................................140
show ip udp ..............................................................................................................................................................................140
show ipv6 ..................................................................................................................................................................................140
show ipv6 ..................................................................................................................................................................................155
show ipv6 <interface-type> <interface-number> ......................................................................................................156
show ipv6 dhcp .......................................................................................................................................................................155
show ipv6 dhcp vlan <1-4094> ..............................................................................................................................................156
show ipv6 mld snooping-proxy ..............................................................................................................................................160
show ipv6 mld snooping-proxy filtering profile .....................................................................................................................161
show ipv6 mld snooping-proxy group ...................................................................................................................................161
show ipv6 mld snooping-proxy statistics interface port-channel <port-list> .............................................................161
show ipv6 mld snooping-proxy statistics system ..................................................................................................................161
show ipv6 mld snooping-proxy statistics vlan <vlan-list> ..............................................................................................161
show ipv6 mld snooping-proxy vlan <vlan-id> .................................................................................................................161
show ipv6 mtu ..........................................................................................................................................................................157
show ipv6 multicast .................................................................................................................................................................161
show ipv6 neighbor .................................................................................................................................................................163
show ipv6 neighbor <interface-type> <interface-number> .....................................................................................163
show ipv6 neighbor address ..................................................................................................................................................163
show ipv6 neighbor count ......................................................................................................................................................163
show ipv6 neighbor interface ................................................................................................................................................164
show ipv6 neighbor mac ........................................................................................................................................................164
show ipv6 prefix .......................................................................................................................................................................163
show ipv6 prefix <interface-type> <interface-number> ...........................................................................................163
show ipv6 route .......................................................................................................................................................................163
show ipv6 route static .............................................................................................................................................................163
show ipv6 router ......................................................................................................................................................................163
show ipv6 router <interface-type> <interface-number> ...........................................................................................163
show ipv6 snooping policy [<name>] ....................................................................................................................................164
show ipv6 source binding .......................................................................................................................................................165
show ipv6 source binding [ipv6-address|ipv6-address/prefix-length] [mac <mac-address>] [vlan <vlan-id>]

Ethernet Switch CLI Reference Guide

379
Index of Commands

[interface port-channel <port-list>] [dhcpv6-snooping |static]> ................................................................165

show ipv6 source binding count ...........................................................................................................................................165
show ipv6 source-guard policy [<name>] .............................................................................................................................165
show l2protocol-tunnel ...........................................................................................................................................................174
show l2protocol-tunnel interface port-channel <port-list> ..........................................................................................174
show lacp .................................................................................................................................................................................315
show lldp config ......................................................................................................................................................................180
show lldp config interface port-channel <port-list> .....................................................................................................180
show lldp info local .................................................................................................................................................................180
show lldp info local interface port-channel <port-list> ................................................................................................180
show lldp info remote .............................................................................................................................................................180
show lldp info remote interface port-channel <port-list> ............................................................................................180
show lldp statistic .....................................................................................................................................................................180
show lldp statistic interface port-channel <port-list> ...................................................................................................180
show logging ............................................................................................................................................................................190
show logins ...............................................................................................................................................................................191
show loopguard ......................................................................................................................................................................193
show mac address-table all [<sort>] ..................................................................................................................................195
show mac address-table count ............................................................................................................................................195
show mac address-table mac <mac-addr> .......................................................................................................................195
show mac address-table multicast .......................................................................................................................................195
show mac address-table multicast .......................................................................................................................................298
show mac address-table port <port-list> [<sort>] ......................................................................................................195
show mac address-table static .............................................................................................................................................195
show mac address-table vlan <vlan-list> [<sort>] ......................................................................................................195
show mac-aging-time ............................................................................................................................................................195
show mac-authentication ......................................................................................................................................................197
show mac-authentication config .........................................................................................................................................197
show mac-based-vlan ............................................................................................................................................................199
show mac-pinning ...................................................................................................................................................................204
show memory ..........................................................................................................................................................................345
show mirror ...............................................................................................................................................................................207
show mrstp <tree-index> ....................................................................................................................................................210
show mstp ................................................................................................................................................................................213
show mstp instance <number> ..............................................................................................................................................214
show multicast [vlan] ..............................................................................................................................................................125
show multi-login .......................................................................................................................................................................218
show mvr ..................................................................................................................................................................................219
show mvr <vlan-id> ..............................................................................................................................................................219
show poe-status .......................................................................................................................................................................232
show policy ..............................................................................................................................................................................235
show policy <name> ................................................................................................................................................................235
show port-access-authenticator ...........................................................................................................................................119
show port-access-authenticator <port-list> ..................................................................................................................119
show port-security ...................................................................................................................................................................241
show port-security <port-list> ..........................................................................................................................................241
show power-source-status ......................................................................................................................................................345
show pppoe intermediate-agent .........................................................................................................................................246
show pppoe intermediate-agent statistic ............................................................................................................................246
show pppoe intermediate-agent statistic vlan <vlan-list> ..........................................................................................246
show priority-flow-control .........................................................................................................................................................76
show priority-flow-control statistics interface port-channel <port-list> ........................................................................77
show private-vlan ....................................................................................................................................................................251
show private-vlan <vlan-id> ...............................................................................................................................................251
show pwr ..................................................................................................................................................................................232
show radius-accounting .........................................................................................................................................................261
show radius-server ...................................................................................................................................................................261
show remote-management [index] ....................................................................................................................................263
show rmirror vlan ......................................................................................................................................................................208

Ethernet Switch CLI Reference Guide

380
Index of Commands

show rmirror vlan <vlan-id> .................................................................................................................................................208

show rmon alarm alarmtable [alarm-index] .....................................................................................................................268
show rmon event eventtable [event-index] .....................................................................................................................268
show rmon history historycontrol [index <historycontrol-index>] ..............................................................................268
show rmon history historycontrol port-channel <interface-id> ....................................................................................268
show rmon statistics etherstats [index <etherstats-index>] ...............................................................................................269
show rmon statistics etherstats port-channel <interface-id> ........................................................................................269
show rootguard .......................................................................................................................................................................345
show router dvmrp ....................................................................................................................................................................93
show router igmp .....................................................................................................................................................................122
show router ospf ......................................................................................................................................................................223
show router ospf area .............................................................................................................................................................223
show router ospf network .......................................................................................................................................................223
show router ospf redistribute ..................................................................................................................................................223
show router ospf summary-address ......................................................................................................................................227
show router ospf virtual-link ....................................................................................................................................................223
show router rip .........................................................................................................................................................................265
show router vrrp .......................................................................................................................................................................340
show running-config ...............................................................................................................................................................288
show running-config [interface port-channel <port-list> [<attribute> [<...>]]] .....................................................275
show running-config help .......................................................................................................................................................275
show running-config page .....................................................................................................................................................275
show service-control ...............................................................................................................................................................263
show sflow ................................................................................................................................................................................278
show sfp <port-list> ...........................................................................................................................................................345
show slot ...................................................................................................................................................................................345
show slot config .......................................................................................................................................................................345
show slot config <slot-list> ..............................................................................................................................................345
show smart-isolation ................................................................................................................................................................280
show snmp-server ....................................................................................................................................................................282
show snmp-server [user] .........................................................................................................................................................284
show spanning-tree config ....................................................................................................................................................292
show ssh ....................................................................................................................................................................................296
show ssh key <rsa1|rsa|dsa> ................................................................................................................................................296
show ssh known-hosts .............................................................................................................................................................296
show ssh session .......................................................................................................................................................................296
show stacking ..........................................................................................................................................................................288
show stacking slot <number> ................................................................................................................................................288
show stacking slot status .........................................................................................................................................................288
show subnet-vlan ....................................................................................................................................................................303
show system-information ........................................................................................................................................................288
show system-information ........................................................................................................................................................345
show tacacs-accounting .......................................................................................................................................................307
show tacacs-server .................................................................................................................................................................307
show tech-support ..................................................................................................................................................................308
show tech-support cpu ..........................................................................................................................................................308
show tech-support crash ........................................................................................................................................................308
show tech-support mbuf ........................................................................................................................................................308
show tech-support memory ...................................................................................................................................................308
show time ...................................................................................................................................................................................72
show time-range <name> ......................................................................................................................................................312
show timesync ...........................................................................................................................................................................73
show traffic-class .......................................................................................................................................................................79
show trtcm dscp profile ..........................................................................................................................................................318
show trunk ................................................................................................................................................................................315
show version [flash] ......................................................................................................................................................346
show vlan .................................................................................................................................................................................322
show vlan .....................................................................................................................................................................................4
show vlan ...................................................................................................................................................................................66

Ethernet Switch CLI Reference Guide

381
Index of Commands

show vlan <vlan-id> .............................................................................................................................................................322

show vlan <vlan-id> .............................................................................................................................................................327
show vlan <vlan-id> ...............................................................................................................................................................66
show vlan <vlan-id> counters .............................................................................................................................................322
show vlan <vlan-id> interface port-channel <port-num> counters .............................................................................322
show vlan private-vlan ............................................................................................................................................................253
show vlan private-vlan <vlan-id> .......................................................................................................................................253
show vlan1q gvrp ....................................................................................................................................................................112
show vlan1q ingress-check ....................................................................................................................................................323
show vlan1q port-isolation .....................................................................................................................................................331
show vlan-stacking ..................................................................................................................................................................332
show voice-vlan ......................................................................................................................................................................336
show zuld [<port-list>] .......................................................................................................................................................343
show zuld summary .................................................................................................................................................................343
shutdown slot <slot-list> ..................................................................................................................................................346
smart-isolation ..........................................................................................................................................................................280
snmp trap [options] ..............................................................................................................................................................283
snmp-server <[contact <system-contact>] [location <system-location>]> ............................................................282
snmp-server get-community [cipher] <property> .............................................................................................................282
snmp-server set-community [cipher] <property> ..............................................................................................................282
snmp-server trap-community [cipher] <property> ...........................................................................................................283
snmp-server trap-destination <ip> [udp-port <socket-number>] [version <v1|v2c|v3>] [username <name>] ........283
snmp-server trap-destination <ip> enable traps ................................................................................................................284
snmp-server trap-destination <ip> enable traps <aaa|interface|ip|switch|system> [options] .............................283
snmp-server trap-destination <ip> enable traps aaa ........................................................................................................284
snmp-server trap-destination <ip> enable traps aaa <options> ...................................................................................284
snmp-server trap-destination <ip> enable traps interface ...............................................................................................285
snmp-server trap-destination <ip> enable traps interface <options> ...........................................................................285
snmp-server trap-destination <ip> enable traps ip ............................................................................................................285
snmp-server trap-destination <ip> enable traps ip <options> .......................................................................................285
snmp-server trap-destination <ip> enable traps switch ....................................................................................................285
snmp-server trap-destination <ip> enable traps switch <options> ................................................................................285
snmp-server trap-destination <ip> enable traps system ....................................................................................................285
snmp-server trap-destination <ip> enable traps system <options> ...............................................................................285
snmp-server username <name> sec-level <noauth|auth|priv> [auth <md5|sha> auth-password [cipher] <password>]
| [priv <des|aes> priv-password [cipher] <password>] group <group-name> ..............................................284
snmp-server version <v2c|v3|v3v2c> ..................................................................................................................................282
source 8021p-priority <0 - 7> ..................................................................................................................................................208
source mirror-port <port-list> dir <ingress|egress|both> .............................................................................................208
source reflector-port ...............................................................................................................................................................208
source reflector-port <port-num> ........................................................................................................................................208
source-port <port-list> ......................................................................................................................................................219
spanning-tree ...........................................................................................................................................................................292
spanning-tree <port-list> ..................................................................................................................................................292
spanning-tree <port-list> edge-port ...............................................................................................................................293
spanning-tree <port-list> path-cost <1-65535> .............................................................................................................293
spanning-tree <port-list> priority <0-255> ......................................................................................................................293
spanning-tree <port-list> rootguard ...............................................................................................................................293
spanning-tree hello-time <1-10> maximum-age <6-40> forward-delay <4-30> ..............................................................292
spanning-tree help ..................................................................................................................................................................293
spanning-tree mode <RSTP|MRSTP|MSTP> .........................................................................................................................210
spanning-tree mode <RSTP|MRSTP|MSTP> .........................................................................................................................213
spanning-tree mode <RSTP|MRSTP|MSTP> .........................................................................................................................292
spanning-tree priority <0-61440> ...........................................................................................................................................292
speed-duplex <auto|10-half|10-full|100-half|100-full|1000-full|1000-auto|10000-full|40000-full> ...........................133
spq ............................................................................................................................................................................................258
spq ............................................................................................................................................................................................259
ssh <1|2> <[user@]dest-ip> [command </>] .....................................................................................................................296
ssh known-hosts <host-ip> <1024|ssh-rsa|ssh-dsa> <key> .............................................................................................296

Ethernet Switch CLI Reference Guide

382
Index of Commands

Stacking ....................................................................................................................................................................................288
Stacking force-master ............................................................................................................................................................288
Stacking priority <1-63> ...........................................................................................................................................................288
Stacking slot-id <current slot-id> renumber <new slot-id> ..................................................................................................288
Stacking slot-id <current slot-id> renumber auto ................................................................................................................288
storm-control ..............................................................................................................................................................................46
subnet-based-vlan ..................................................................................................................................................................303
subnet-based-vlan dhcp-vlan-override ...............................................................................................................................303
subnet-based-vlan name <name> source-ip <ip> mask-bits <mask-bits> source-port <port> vlan <vlan-id> priority
<0-7> ...........................................................................................................................................................................303
subnet-based-vlan name <name> source-ip <ip> mask-bits <mask-bits> vlan <vlan-id> priority <0-7> ................303
subnet-based-vlan name <name> source-ip <ip> mask-bits <mask-bits> vlan <vlan-id> priority <0-7> inactive .303
summary-address <ip-address> <mask> ...........................................................................................................................227
switchport access <vlan-id> .................................................................................................................................................67
switchport forbidden vlan add <vlan-list> .......................................................................................................................68
switchport forbidden vlan add all ...........................................................................................................................................68
switchport forbidden vlan remove <vlan-list> .................................................................................................................68
switchport forbidden vlan remove all .....................................................................................................................................68
switchport hybrid allowed vlan <vlan-list> tagged ........................................................................................................67
switchport hybrid allowed vlan <vlan-list> untagged ....................................................................................................67
switchport hybrid pvid <vlan-id> ..........................................................................................................................................67
switchport mode <access|trunk|hybrid> .............................................................................................................................66
switchport mode access ..........................................................................................................................................................67
switchport mode hybrid ...........................................................................................................................................................67
switchport mode trunk ..............................................................................................................................................................67
switchport trunk allowed vlan <vlan-list> .........................................................................................................................67
switchport trunk allowed vlan all .............................................................................................................................................67
switchport trunk native vlan <vlan-id> ................................................................................................................................67
sync running-config .................................................................................................................................................................276
syslog .........................................................................................................................................................................................305
syslog server <ip-address> inactive ...................................................................................................................................305
syslog server <ip-address> level <level> [udp <socket-number>] ...............................................................................305
syslog type <type> ..................................................................................................................................................................305
syslog type <type> facility <0-7> ...........................................................................................................................................305
syslog type commands privilege <0-14> ..............................................................................................................................305
tacacs-accounting host <index> <ip> [acct-port <socket-number>] [key [cipher] <key-string>] ......................307
tacacs-accounting timeout <1-1000> ..................................................................................................................................307
tacacs-server host <index> <ip> [auth-port <socket-number>] [key [cipher] <key-string>] ................................307
tacacs-server mode <index-priority|round-robin> .............................................................................................................307
tacacs-server timeout <1-1000> ............................................................................................................................................307
tagged <port-list> .............................................................................................................................................................219
tech-support cpu <threshold> keep <time> ........................................................................................................................308
tech-support mbuf <threshold> .............................................................................................................................................308
telnet ipv4_address .............................................................................................................................................................346
test interface port-channel <port-list> ...........................................................................................................................346
threshold <ttl-value> ............................................................................................................................................................93
time <hour:min:sec> ................................................................................................................................................................72
time date <month/day/year> .................................................................................................................................................72
time daylight-saving-time .........................................................................................................................................................72
time daylight-saving-time end-date <week> <day> <month> <o’clock> ........................................................................73
time daylight-saving-time help ................................................................................................................................................73
time daylight-saving-time start-date <week> <day> <month> <o’clock> ........................................................................73
time timezone <-1200|...|1200> ..............................................................................................................................................72
time-range <name> [ absolute start <hh:mm> <1-31> <jan-dec> <1970-2037> end <hh:mm> <1-31> <jan-dec> <1970-
2037> ..........................................................................................................................................................................312
time-range <name> [ periodic <[ <monday|tuesday|wednesday|thursday|friday|saturday|sunday><hh:mm> to
monday|tuesday|wednesday|thursday|friday|saturday|sunday> <hh:mm>][<[monday][tues-
day][wednesday][thursday][friday][saturday][sunday]|daily|weekdays|weekend> <hh:mm> to <hh:mm>]
312

Ethernet Switch CLI Reference Guide

383
Index of Commands

timesync <daytime|time|ntp> ...............................................................................................................................................73

timesync server <ip|domain name> ......................................................................................................................................73
traceroute <ip|host-name> [vlan <vlan-id>] [ttl <1-255>] [wait <1-60>] [queries <1-10>] ........................................314
traceroute help .......................................................................................................................................................................314
traceroute6 <ipv6-addr|host-name> <[ttl <1-255>] [wait <1-60>] [queries <1-10> ]> ....................................................314
traceroute6 help .....................................................................................................................................................................314
traffic-class <id> scheduler <sp | ets <weight>> [name <name>] .....................................................................................79
transceiver-ddm timer <1 - 4294967> ....................................................................................................................................346
trtcm ..........................................................................................................................................................................................318
trtcm ..........................................................................................................................................................................................318
trtcm cir <rate> ......................................................................................................................................................................319
trtcm dscp green <0-63> ........................................................................................................................................................319
trtcm dscp profile <name> ......................................................................................................................................................319
trtcm dscp profile <name> dscp green <0-63> yellow <0-63> red <0-63> ........................................................................318
trtcm dscp red <0-63> ............................................................................................................................................................319
trtcm dscp yellow <0-63> .......................................................................................................................................................319
trtcm mode <color-aware|color-blind> ..............................................................................................................................318
trtcm pir <rate> ......................................................................................................................................................................319
trunk <T1|T2|T3|T4|T5|T6> ....................................................................................................................................................315
trunk <T1|T2|T3|T4|T5|T6> criteria <src-mac|dst-mac|src-dst-mac|src-ip|dst-ip|src-dst-ip> ..................................315
trunk <T1|T2|T3|T4|T5|T6> interface <port-list> ..........................................................................................................315
trunk <T1|T2|T3|T4|T5|T6> lacp ...........................................................................................................................................315
trunk interface <port-list> timeout <lacp-timeout> ...................................................................................................315
unicast-nonunicast-weight <weight> <weight> ....................................................................................................................79
unknown-multicast-frame <drop|flooding> ........................................................................................................................121
untagged <port-list> ........................................................................................................................................................322
validate address ......................................................................................................................................................................165
validate prefix ..........................................................................................................................................................................165
vlan <1-4094> ...........................................................................................................................................................................327
vlan <1-4094> ...........................................................................................................................................................................344
vlan <1-4094> ...............................................................................................................................................................................4
vlan <vlan-id> .......................................................................................................................................................................252
vlan <vlan-id> .......................................................................................................................................................................322
vlan1q gvrp ..............................................................................................................................................................................112
vlan1q ingress-check ..............................................................................................................................................................323
vlan1q port-isolation ...............................................................................................................................................................331
vlan1q port-isolation ...............................................................................................................................................................331
vlan-mapping ..........................................................................................................................................................................329
vlan-mapping ..........................................................................................................................................................................329
vlan-mapping name <name> interface port-channel <port> vlan <1-4094> translated-vlan <1-4094> priority <0-7> ..
329
vlan-mapping name <name> interface port-channel <port> vlan <1-4094> translated-vlan <1-4094> priority <0-7> in-
active .........................................................................................................................................................................329
vlan-stacking ............................................................................................................................................................................332
vlan-stacking <sptpid> .........................................................................................................................................................333
vlan-stacking priority <0-7> ....................................................................................................................................................332
vlan-stacking role <normal|access|tunnel> ......................................................................................................................332
vlan-stacking selective-qinq name <name> interface port-channel <port> cvid <cvid> spvid <spvid> priority <0-7>
333
vlan-stacking selective-qinq name <name> interface port-channel <port> cvid <cvid> spvid <spvid> priority <0-7>
inactive ......................................................................................................................................................................333
vlan-stacking SPVID <1-4094> ................................................................................................................................................332
vlan-stacking tunnel-tpid <tpid> ..........................................................................................................................................332
vlan-trunking ............................................................................................................................................................................335
vlan-type <802.1q|port-based> ............................................................................................................................................243
vlan-type <802.1q|port-based> ............................................................................................................................................322
voice-vlan <vlan-id> ............................................................................................................................................................336
voice-vlan oui <mac-addr> mask <mask-addr> description <description> ...............................................................336
voice-vlan priority <0-7> ........................................................................................................................................................336

Ethernet Switch CLI Reference Guide

384
Index of Commands

weight <wt1> <wt2> ... <wt8> ...............................................................................................................................................258

wfq ............................................................................................................................................................................................258
wfq ............................................................................................................................................................................................259
write memory [<index>] ........................................................................................................................................................346
wrr ..............................................................................................................................................................................................258
wrr ..............................................................................................................................................................................................259
wrr <wt1> <wt2> ... <wt8> ......................................................................................................................................................258
zuld ............................................................................................................................................................................................342
zuld ............................................................................................................................................................................................342
zuld mode <normal|aggressive> ..........................................................................................................................................342
zuld probe-time <5-65535> .....................................................................................................................................................343

Ethernet Switch CLI Reference Guide

385

ZYXEL - GS2220 Switch CLI Reference Guide
No ratings yet
ZYXEL - GS2220 Switch CLI Reference Guide
435 pages
UNIX Internals The New Frontiers Vahalia
67% (3)
UNIX Internals The New Frontiers Vahalia
638 pages
Ruijie RG s6500 Series Switch Rgos Configuration Guide Release 11.05b9p66 Compressed
No ratings yet
Ruijie RG s6500 Series Switch Rgos Configuration Guide Release 11.05b9p66 Compressed
2,985 pages
All ENCOR (350-401) Portable Resource
100% (4)
All ENCOR (350-401) Portable Resource
417 pages
Data Centre Operations and Maintenance Best Practices
No ratings yet
Data Centre Operations and Maintenance Best Practices
110 pages
Zyxel Cli Commands
No ratings yet
Zyxel Cli Commands
388 pages
Mes3500-10 - 1 2
No ratings yet
Mes3500-10 - 1 2
356 pages
Ecs4810 12M Cli R05 - 20160929
No ratings yet
Ecs4810 12M Cli R05 - 20160929
893 pages
Rfs Series
No ratings yet
Rfs Series
948 pages
Configuracion Switch Zyxel PDF
100% (1)
Configuracion Switch Zyxel PDF
384 pages
Ecs4130-28t Cli-R01 20210706
No ratings yet
Ecs4130-28t Cli-R01 20210706
894 pages
Aiohttp 3 0a
No ratings yet
Aiohttp 3 0a
219 pages
Preview - Python For OSINT Tooling
100% (1)
Preview - Python For OSINT Tooling
40 pages
Cisco Commands For Router & Switch
No ratings yet
Cisco Commands For Router & Switch
12 pages
99-Book 723611 1285 0
No ratings yet
99-Book 723611 1285 0
745 pages
Comando Switch 3com 4200 PDF
No ratings yet
Comando Switch 3com 4200 PDF
901 pages
H3C S5120-SI Series Ethernet Switches Command Reference-Release 1101-6W105-Book
No ratings yet
H3C S5120-SI Series Ethernet Switches Command Reference-Release 1101-6W105-Book
910 pages
Aw Iht 1271climanual - en
No ratings yet
Aw Iht 1271climanual - en
303 pages
ECS4510-Series CLI-R03 0904
No ratings yet
ECS4510-Series CLI-R03 0904
954 pages
c02586087 PDF
No ratings yet
c02586087 PDF
1,103 pages
01 Basic Configuration
No ratings yet
01 Basic Configuration
219 pages
Ecs4120-Ec Cli R01 20160627 PDF
No ratings yet
Ecs4120-Ec Cli R01 20160627 PDF
917 pages
MGS-3600-24F/XGS-3600-26F Command Line Interface CLI GUIDE: Publication Date: Feb., 2012 Revision A1
No ratings yet
MGS-3600-24F/XGS-3600-26F Command Line Interface CLI GUIDE: Publication Date: Feb., 2012 Revision A1
281 pages
Switch 4800g 24port PDF
No ratings yet
Switch 4800g 24port PDF
1,246 pages
3com Switch 4200G Family: Configuration Guide
No ratings yet
3com Switch 4200G Family: Configuration Guide
902 pages
ECS4210 - Series - CLI Manual
No ratings yet
ECS4210 - Series - CLI Manual
712 pages
AP 7181 Access Point Command Line Interface Guide. Version A October 21, 2010 PDF
No ratings yet
AP 7181 Access Point Command Line Interface Guide. Version A October 21, 2010 PDF
160 pages
Cisco Commands
100% (3)
Cisco Commands
12 pages
3com 4210 CLI Guide
No ratings yet
3com 4210 CLI Guide
921 pages
3com Switch 4210
No ratings yet
3com Switch 4210
720 pages
gl5600 08p User Manual
No ratings yet
gl5600 08p User Manual
9 pages
4500 Configuration Guide
No ratings yet
4500 Configuration Guide
739 pages
Motorola RFS Series Wireless LAN Switches WiNG CLI Reference Guide (Part No. 72E-117719-01 Rev. A) - 11771901a
No ratings yet
Motorola RFS Series Wireless LAN Switches WiNG CLI Reference Guide (Part No. 72E-117719-01 Rev. A) - 11771901a
864 pages
100-002840 SF6xUNIX AdminFund
No ratings yet
100-002840 SF6xUNIX AdminFund
435 pages
Zyxel Ethernet Switch CLI 4.00 Ed3
No ratings yet
Zyxel Ethernet Switch CLI 4.00 Ed3
360 pages
3com Switch 4500 Command Reference Guide
No ratings yet
3com Switch 4500 Command Reference Guide
955 pages
4200g 12port
No ratings yet
4200g 12port
422 pages
ZIXEL
No ratings yet
ZIXEL
351 pages
RGS Series: CLI Reference Guide
No ratings yet
RGS Series: CLI Reference Guide
74 pages
CLI Commands PDF
No ratings yet
CLI Commands PDF
226 pages
Switch 4200G
No ratings yet
Switch 4200G
730 pages
Atrie 288 LCD Modem User S Manual
No ratings yet
Atrie 288 LCD Modem User S Manual
106 pages
01RG-S29 Series Switch RGOS Configuration Guide, Release 11.4 (1) B12 - System Configuration
No ratings yet
01RG-S29 Series Switch RGOS Configuration Guide, Release 11.4 (1) B12 - System Configuration
207 pages
E560 IEC60870-5-101 Host
No ratings yet
E560 IEC60870-5-101 Host
78 pages
Comandos de Referencia Zyxel
No ratings yet
Comandos de Referencia Zyxel
384 pages
Lgb5124a-R2 Cli Rev2
No ratings yet
Lgb5124a-R2 Cli Rev2
238 pages
IOT Logical and Physical Design
No ratings yet
IOT Logical and Physical Design
22 pages
ZyWALL 2WG - 1
No ratings yet
ZyWALL 2WG - 1
198 pages
Manual Switch LightBolt
No ratings yet
Manual Switch LightBolt
116 pages
4 TH
No ratings yet
4 TH
12 pages
JAIIB Principles of Banking Module C New
67% (3)
JAIIB Principles of Banking Module C New
16 pages
Basic Switch Configuration Guide With Examples
No ratings yet
Basic Switch Configuration Guide With Examples
11 pages
Lesson 102.4 - Comparing Local Networking Hardware
No ratings yet
Lesson 102.4 - Comparing Local Networking Hardware
44 pages
3.1 Accessing The EOS CLI
No ratings yet
3.1 Accessing The EOS CLI
82 pages
Dwl-3200ap Cli Manual
No ratings yet
Dwl-3200ap Cli Manual
23 pages
Computer Networks
No ratings yet
Computer Networks
99 pages
Chapter 2-Basic Switch and End Device Configuration 4
No ratings yet
Chapter 2-Basic Switch and End Device Configuration 4
34 pages
The Face Behind The Facebook: Mark Zuckerberg's Interview With Current Magazine
100% (1)
The Face Behind The Facebook: Mark Zuckerberg's Interview With Current Magazine
3 pages
Epsode Four PDF
No ratings yet
Epsode Four PDF
36 pages
QLogic CLI Reference Guide
No ratings yet
QLogic CLI Reference Guide
130 pages
User Guide: ePMP Command Line Interface
No ratings yet
User Guide: ePMP Command Line Interface
29 pages
Packet Tracer For Beginners
No ratings yet
Packet Tracer For Beginners
9 pages
Packet Tracer 4.0 Skill Building Activity: Lab 1.1.4a Configuring NAT Solution
No ratings yet
Packet Tracer 4.0 Skill Building Activity: Lab 1.1.4a Configuring NAT Solution
3 pages
2008 Rostan Edited
No ratings yet
2008 Rostan Edited
7 pages
Weak Inversion
No ratings yet
Weak Inversion
33 pages
Introduction To Active Directory
No ratings yet
Introduction To Active Directory
17 pages
Basic Switch Configuration Guide With Examples-GRNG
No ratings yet
Basic Switch Configuration Guide With Examples-GRNG
12 pages
All IBM PC and Compatible Computers Are Typically Equipped With Two Serial Ports and One Parallel Port
No ratings yet
All IBM PC and Compatible Computers Are Typically Equipped With Two Serial Ports and One Parallel Port
16 pages
Bmis300 Sample Questions
100% (1)
Bmis300 Sample Questions
3 pages
3com 4200 Series
No ratings yet
3com 4200 Series
12 pages
JN0-103 Junos
No ratings yet
JN0-103 Junos
11 pages
Capacity in Mbps Channel Bandwidth Huawei 51 109 245 333 504 NEC 53.2 121.4 247.1 341.9 495.8
No ratings yet
Capacity in Mbps Channel Bandwidth Huawei 51 109 245 333 504 NEC 53.2 121.4 247.1 341.9 495.8
8 pages
Resumen Cisco Vs Juniper Commands
No ratings yet
Resumen Cisco Vs Juniper Commands
5 pages
Catalyst 2960 - Cap1
No ratings yet
Catalyst 2960 - Cap1
10 pages
03ds One5g Ekinops
No ratings yet
03ds One5g Ekinops
4 pages
3com SuperStack Switch 3C17300 3C17302 3C17304 Quick Reference Guide
No ratings yet
3com SuperStack Switch 3C17300 3C17302 3C17304 Quick Reference Guide
12 pages
RN212 RN214
No ratings yet
RN212 RN214
4 pages
CLI Command Hierarchy
No ratings yet
CLI Command Hierarchy
6 pages
Using The Command-Line Interface
No ratings yet
Using The Command-Line Interface
6 pages
History of The Web Browser
No ratings yet
History of The Web Browser
6 pages
Ip7361 Datasheet V 0 1
No ratings yet
Ip7361 Datasheet V 0 1
2 pages
Hilary's One Page DevOps Engineer Resume
100% (1)
Hilary's One Page DevOps Engineer Resume
1 page
IIEE - Council of Student Chapters - Home
No ratings yet
IIEE - Council of Student Chapters - Home
1 page
SuperLoader 3 Datasheet (DS00379A)
No ratings yet
SuperLoader 3 Datasheet (DS00379A)
2 pages