ExtremeWare 7.

3e
Command Reference Guide

Software Version 7.3e

Extreme Networks, Inc.

3585 Monroe Street
Santa Clara, California 95051
(888) 257-3000
http://www.extremenetworks.com

Published: September 23, 2004

Part number: 100167-00 Rev 01
Alpine, Altitude, BlackDiamond, EPICenter, Ethernet Everywhere, Extreme Ethernet Everywhere, Extreme Networks,
Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, GlobalPx Content Director, the Go Purple Extreme
Solution Partners Logo, ServiceWatch, Summit, the Summit7i Logo, and the Color Purple, among others, are trademarks
or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other
names and marks may be the property of their respective owners.
© 2004 Extreme Networks, Inc. All Rights Reserved.
Specifications are subject to change without notice.
Adobe and Reader are registered trademarks of Adobe Systems Incorporated. NetWare and Novell are registered
trademarks of Novell, Inc. Merit is a registered trademark of Merit Network, Inc. Solaris is a trademark of Sun
Microsystems, Inc. F5, BIG/ip, and 3DNS are registered trademarks of F5 Networks, Inc. see/IT is a trademark of F5
Networks, Inc.
“Data Fellows”, the triangle symbol, and Data Fellows product names and symbols/logos are
trademarks of Data Fellows.
F-Secure SSH is a registered trademark of Data Fellows.

All other registered trademarks, trademarks and service marks are property of their respective owners.

Authors: Jeanine Healy, Richard Small

Production: Jeanine Healy

2
 Contents

Preface

Chapter 1 Command Reference Overview

Chapter 2 Commands for Accessing the Switch

clear session 42
configure account 43
configure banner 45
configure banner netlogin 46
configure dns-client add 47
configure dns-client add domain-suffix 48
configure dns-client add name-server 49
configure dns-client default-domain 50
configure dns-client delete 51
configure dns-client delete domain-suffix 52
configure dns-client delete name-server 53
configure idletimeouts 54
configure time 55
configure timezone 56
create account 60
delete account 62
disable clipaging 64
disable idletimeouts 65
enable clipaging 66
enable idletimeouts 67

ExtremeWare 7.3e Command Reference Guide 3

Contents

enable license 68
history 69
reboot 70
show banner 71
show dns-client 72
show esrp-aware 73
show switch 74
traceroute 76

Chapter 3 Commands for Managing the Switch

configure snmp access-profile readonly 79
configure snmp access-profile readwrite 81
configure snmp add community 83
configure snmp add trapreceiver 85
configure snmp community 89
configure snmp delete community 91
configure snmp delete trapreceiver 93
configure snmp sysContact 94
configure snmp sysLocation 95
configure snmp sysName 96
configure snmpv3 add access 97
configure snmpv3 add community 99
configure snmpv3 add filter 100
configure snmpv3 add filter-profile 101
configure snmpv3 add group user 102
configure snmpv3 add mib-view 104
configure snmpv3 add notify 106
configure snmpv3 add target-addr 107
configure snmpv3 add target-params 109
configure snmpv3 add user 111
configure snmpv3 add user clone-from 113
configure snmpv3 delete access 114
configure snmpv3 delete community 116
configure snmpv3 delete filter 117

4 ExtremeWare 7.3e Command Reference Guide

 Contents

configure snmpv3 delete filter-profile 118

configure snmpv3 delete group user 119
configure snmpv3 delete mib-view 121
configure snmpv3 delete notify 122
configure snmpv3 delete target-addr 123
configure snmpv3 delete target-params 124
configure snmpv3 delete user 125
configure snmpv3 engine-boots 126
configure snmpv3 engine-id 127
configure snmpv3 target-addr-ext 128
configure sntp-client server 130
configure sntp-client update-interval 131
configure web login-timeout 132
disable eapol-flooding 133
disable dhcp ports vlan 134
disable snmp access 135
disable snmp dot1dTpFdbTable 136
disable snmp traps 137
disable snmp traps port-up-down 138
disable snmp traps mac-security 139
disable sntp-client 140
disable system-watchdog 141
disable telnet 142
disable web 143
enable eapol-flooding 144
enable dhcp ports vlan 145
enable snmp access 146
enable snmp dot1dTpFdbTable 148
enable snmp traps 149
enable snmp traps port-up-down 150
enable snmp traps mac-security 151
enable sntp-client 152
enable system-watchdog 153
enable telnet 154

ExtremeWare 7.3e Command Reference Guide 5

Contents

enable web 156

exit 157
logout 158
quit 159
show eapol-flooding 160
show management 161
show odometer 163
show session 164
show snmpv3 access 166
show snmpv3 context 167
show snmpv3 counters 168
show snmpv3 engine-info 169
show snmpv3 filter 170
show snmpv3 filter-profile 171
show snmpv3 group 172
show snmpv3 mib-view 173
show snmpv3 notify 174
show snmpv3 target-addr 175
show snmpv3 target-addr-ext 176
show snmpv3 target-params 177
show snmpv3 user 178
show sntp-client 179
show vlan dhcp-address-allocation 181
show vlan dhcp-config 182
telnet 183
unconfigure management 184

Chapter 4 Commands for Configuring Ports

configure ip-mtu vlan 187
configure jumbo-frame size 189
configure mirroring add 191
configure mirroring delete 193
configure ports 194
configure ports auto off 197

6 ExtremeWare 7.3e Command Reference Guide

 Contents

configure ports auto on 199

configure ports auto 200
configure ports display-string 201
configure port interpacket-gap 202
configure ports preferred-medium 203
configure ports redundant 205
configure sharing address-based 207
disable edp ports 208
disable jumbo-frame ports 209
disable lbdetect port 210
disable learning ports 211
disable mirroring 212
disable ports 213
disable sharing 214
disable smartredundancy 215
enable edp ports 216
enable jumbo-frame ports 217
enable lbdetect port 218
enable learning ports 219
enable mirroring to port 220
enable ports 222
enable sharing grouping 223
enable smartredundancy 225
restart ports 226
show edp 227
show mirroring 229
show ports collisions 230
show ports configuration 232
show ports info 234
show ports packet 237
show ports redundant 239
show ports sharing 240
show ports utilization 242
show ports vlan info 245

ExtremeWare 7.3e Command Reference Guide 7

Contents

show port vlan stats 247

show sharing address-based 248
unconfigure ports display string 249
unconfigure ports redundant 250

Chapter 5 VLAN Commands

configure mac-vlan add mac-address 252
configure mac-vlan delete 254
configure protocol add 255
configure protocol delete 256
configure vlan add ports 257
configure vlan delete port 258
configure vlan ipaddress 259
configure vlan name 260
configure vlan tag 261
create protocol 262
create vlan 263
delete vlan 265
disable mac-vlan port 266
enable mac-vlan mac-group port 267
show mac-vlan 268
show protocol 269
show vlan 270
unconfigure vlan ipaddress 272

Chapter 6 FDB Commands

clear fdb 274
configure fdb agingtime 275
create fdbentry vlan blackhole 276
create fdbentry vlan dynamic 278
create fdbentry vlan ports 280
delete fdbentry 282
show fdb 283

Chapter 7 QoS Commands

8 ExtremeWare 7.3e Command Reference Guide

 Contents

configure vlan priority 289

disable diffserv examination ports 290
enable diffserv examination ports 291
show ports qosmonitor 292
show qosprofile 294
unconfigure diffserv examination ports 296

Chapter 8 NAT Commands

clear nat 298
configure nat add vlan map 299
configure nat delete 302
configure nat finrst-timeout 304
configure nat icmp-timeout 305
configure nat syn-timeout 306
configure nat tcp-timeout 307
configure nat timeout 308
configure nat udp-timeout 309
configure nat vlan 310
disable nat 311
enable nat 312
show nat 313

Chapter 9 Commands for Status Monitoring and Statistics

clear counters 316
clear log 317
clear log counters 318
configure log display 319
configure log filter events 320
configure log filter events match 323
configure log filter set severity 326
configure log filter set severity match 327
configure log target filter 329
configure log target format 331
configure log target match 335
configure log target severity 337

ExtremeWare 7.3e Command Reference Guide 9

Contents

configure sys-recovery-level 339

configure syslog add 340
configure syslog delete 342
create log filter 343
delete log filter 344
disable cli-config-logging 345
disable log debug-mode 346
disable log display 347
disable log target 348
disable rmon 350
disable syslog 351
enable cli-config-logging 352
enable log debug-mode 353
enable log display 354
enable log target 355
enable rmon 357
enable syslog 359
show log 360
show log components 364
show log configuration 366
show log configuration filter 368
show log configuration target 370
show log counters 371
show log events 373
show memory 375
show ports rxerrors 377
show ports stats 379
show ports txerrors 382
show version 384
unconfigure log filter 385
unconfigure log target format 386
upload log 388

Chapter 10 Security Commands

10 ExtremeWare 7.3e Command Reference Guide

 Contents

clear netlogin state 394

clear netlogin state mac-address 395
configure access-profile add 396
configure access-profile delete 398
configure access-profile mode 399
configure auth mgmt-access radius 400
configure auth mgmt-access tacacs 402
configure auth netlogin radius 404
configure auth netlogin tacacs 406
configure cpu-dos-protect (port-based) 407
configure cpu-dos-protect (system-based) 408
configure cpu-dos-protect trusted-ports (port-based) 410
configure cpu-dos-protect trusted-ports 411
configure enhanced-dos-protect ipfdb agingtime 412
configure enhanced-dos-protect ipfdb cache-size 413
configure enhanced-dos-protect ipfdb learn-limit 414
configure enhanced-dos-protect ipfdb learn-window 415
configure enhanced-dos-protect ports 416
configure enhanced-dos-protect rate-limit 417
configure netlogin base-url 419
configure netlogin redirect-page 420
configure radius server 421
configure radius shared-secret 422
configure radius timeout 423
configure radius-accounting server 424
configure radius-accounting shared-secret 425
configure radius-accounting timeout 426
configure security-profile default-user-vlan 427
configure security-profile dot11-auth network-auth encryption 428
configure security-profile dot1x-wpa-timers group-update-timer 430
configure security-profile dot1x-wpa-timers pairwise-update-timer 431
configure security-profile dot1x-wpa-timers reauth-period 432
configure security-profile ess-name 433
configure security-profile ssid-in-beacon 434

ExtremeWare 7.3e Command Reference Guide 11

Contents

configure security-profile use-dynamic-vlan 435

configure security-profile wep default-key-index 436
configure security-profile wep key add 437
configure security-profile wep key delete 438
configure security-profile wpa-psk 439
configure ssh2 440
configure ssl certificate pregenerated 442
configure ssl certificate privkeylen country organization common-name 443
configure ssl privkey pregenerated 445
configure tacacs server 446
configure tacacs shared-secret 447
configure tacacs timeout 448
configure tacacs-accounting server 449
configure tacacs-accounting shared-secret 450
configure tacacs-accounting timeout 451
configure vlan dhcp-address-range 452
configure vlan dhcp-lease-timer 453
configure vlan dhcp-options 454
configure vlan netlogin-lease-timer 457
create access-list 458
create access-mask 460
create access-profile 461
create rate-limit 462
create security-profile 464
create trusted-mac-address 465
delete access-list 467
delete access-mask 468
delete access-profile 469
delete rate-limit 470
delete security-profile 471
delete trusted-mac address 472
disable arp-learning 473
disable arp-learning ports 474
disable arp-learning vlan 475

12 ExtremeWare 7.3e Command Reference Guide

 Contents

disable arp-learning vlan ports 476

disable cpu-dos-protect 477
disable dhcp ports vlan 478
disable enhanced-dos-protect 479
disable netlogin 480
disable netlogin logout-privilege 481
disable netlogin ports 482
disable netlogin session-refresh 483
disable radius 484
disable radius-accounting 485
disable ssh2 486
disable tacacs 487
disable tacacs-accounting 488
disable tacacs-authorization 489
disable trusted-mac-address 490
disable web 491
disable web http 492
disable web https 493
download ssl certificate 494
download ssl privkey 495
enable arp-learning 496
enable arp-learning ports 497
enable arp-learning vlan ports 498
enable cpu-dos-protect 499
enable cpu-dos-protect simulated 500
enable dhcp ports vlan 501
enable enhanced-dos-protect 502
enable netlogin 503
enable netlogin logout-privilege 504
enable netlogin ports 505
enable netlogin session-refresh 506
enable radius 507
enable radius-accounting 508
enable ssh2 509

ExtremeWare 7.3e Command Reference Guide 13

Contents

enable tacacs 510

enable tacacs-accounting 511
enable tacacs-authorization 512
enable trusted-mac-address 513
enable web 514
enable web http 515
enable web http access-profile 516
enable web https 517
enable web https access-profile 518
scp2 519
scp2 configuration 521
show access-list 522
show access-mask 524
show access-profile 525
show arp-learning vlan 526
show arp-learning vlan ports 527
show auth 528
show cpu-dos-protect 529
show enhanced-dos-protect 531
show netlogin 532
show radius 534
show radius-accounting 536
show rate-limit 538
show security-profile 540
show ssl 543
show tacacs 546
show tacacs-accounting 548
show trusted-mac-address 550
show vlan security 551
ssh2 552
unconfigure auth mgmt-access 554
unconfigure auth netlogin 555
unconfigure cpu-dos-protect 556
unconfigure enhanced-dos-protect ipfdb agingtime 557

14 ExtremeWare 7.3e Command Reference Guide

 Contents

unconfigure enhanced-dos-protect ipfdb cache-size 558

unconfigure enhanced-dos-protect ipfdb learn-limit 559
unconfigure enhanced-dos-protect ipfdb learn-window 560
unconfigure enhanced-dos-protect ports 561
unconfigure enhanced-dos-protect rate-limit 562
unconfigure radius 564
unconfigure radius-accounting 565
unconfigure tacacs 566
unconfigure tacacs-accounting 567
unconfigure vlan dhcp-address-range 568
unconfigure vlan dhcp-options 570

Appendix 11 Configuration and Image Commands

configure download server 574
download bootrom 575
download configuration 576
download configuration cancel 578
download configuration every 579
download image 580
save configuration 581
show configuration 582
unconfigure switch 583
upload configuration 584
upload configuration cancel 586
use configuration 587
use image 588

Appendix 12 Troubleshooting Commands

clear debug-trace 590
configure debug-trace accounting 591
configure debug-trace bootprelay 592
configure debug-trace card-state-change 593
configure debug-trace debug-link 594
configure debug-trace flow-redirect 595
configure debug-trace iparp 597

ExtremeWare 7.3e Command Reference Guide 15

Contents

configure debug-trace rip-message 599

configure debug-trace rip-route-change 600
configure debug-trace rip-triggered-update 601
configure debug-trace udp-forwarding 602
configure debug-trace wireless 603
configure reboot-loop-protection 604
disable log debug-mode 605
enable log debug-mode 606
nslookup 607
ping 608
run diagnostics 610
run diagnostics cable ports 611
show debug-trace 613
show diagnostics 615
show ports cable diagnostics 617
show tech-support 619
top 621

Chapter 13 EAPS Commands

configure eaps add control vlan 628
configure eaps add protect vlan 629
configure eaps delete control vlan 630
configure eaps delete protect vlan 631
configure eaps failtime 632
configure eaps failtime expiry-action 633
configure eaps hellotime 635
configure eaps mode 636
configure eaps name 637
configure eaps port 638
configure eaps shared-port link-id 639
configure eaps shared-port mode 640
create eaps 641
create eaps shared-port 642
delete eaps 643

16 ExtremeWare 7.3e Command Reference Guide

 Contents

delete eaps shared-port 644

disable eaps 645
enable eaps 646
show eaps 647
show eaps shared-port 651
show eaps summary 652
unconfigure eaps shared-port link-id 654
unconfigure eaps shared-port mode 655
unconfigure eaps port 656

Chapter 14 ESRP Commands

clear elrp stats 659
configure esrp port-mode ports 660
configure vlan add domain-member vlan 662
configure vlan add elrp-poll ports 663
configure vlan add ports no-restart 664
configure vlan add ports restart 665
configure vlan add track-diagnostic 666
configure vlan add track-environment 667
configure vlan add track-iproute 668
configure vlan add track-ospf 669
configure vlan add track-ping 670
configure vlan add track-rip 671
configure vlan add track-vlan 672
configure vlan delete domain-member vlan 673
configure vlan delete elrp-poll ports 674
configure vlan delete track-diagnostic 675
configure vlan delete track-environment 676
configure vlan delete track-iproute 677
configure vlan delete track-ospf 678
configure vlan delete track-ping 679
configure vlan delete track-rip 680
configure vlan delete track-vlan 681
configure vlan esrp elrp-master-poll disable 682

ExtremeWare 7.3e Command Reference Guide 17

Contents

configure vlan esrp elrp-master-poll enable 683

configure vlan esrp elrp-premaster-poll disable 684
configure vlan esrp elrp-premaster-poll enable 685
configure vlan esrp esrp-election 686
configure vlan esrp esrp-premaster-timeout 688
configure vlan esrp group 689
configure vlan esrp group add esrp-aware-ports 690
configure vlan esrp group delete esrp-aware-ports 691
configure vlan esrp priority 692
configure vlan esrp timer 693
disable esrp vlan 695
enable esrp vlan 696
show elrp 697
show esrp 699
show esrp-aware-ports 701
show esrp-aware vlan 702
show esrp vlan 703

Chapter 15 STP Commands

configure stpd add vlan 708
configure stpd delete vlan 710
configure stpd forwarddelay 711
configure stpd hellotime 712
configure stpd maxage 713
configure stpd mode 714
configure stpd ports cost 715
configure stpd ports link-type 716
configure stpd ports mode 718
configure stpd ports priority 719
configure stpd priority 720
configure stpd tag 721
configure vlan add ports stpd 722
create stpd 724
delete stpd 726

18 ExtremeWare 7.3e Command Reference Guide

 Contents

disable ignore-stp vlan 727

disable stpd 728
disable stpd ports 729
disable stpd rapid-root-failover 730
enable ignore-stp vlan 731
enable stpd 732
enable stpd ports 733
enable stpd rapid-root-failover 734
show stpd 735
show stpd ports 737
show vlan stpd 739
unconfigure stpd 741

Chapter 16 VRRP Commands

configure vrrp add vlan 745
configure vrrp delete 746
configure vrrp vlan add 747
configure vrrp vlan authentication 748
configure vrrp vlan delete vrid 749
configure vrrp vlan vrid 750
disable vrrp 752
enable vrrp 753
show vrrp 754
show vrrp vlan stats 756

Chapter 17 IP Unicast Commands

clear iparp 760
clear ipfdb 761
configure bootprelay add 762
configure bootprelay delete 763
configure bootprelay dhcp-agent information check 764
configure bootprelay dhcp-agent information option 766
configure bootprelay dhcp-agent information policy 767
configure iparp add 769
configure iparp add proxy 770

ExtremeWare 7.3e Command Reference Guide 19

Contents

configure iparp delete 772

configure iparp delete proxy 773
configure iparp max-entries 774
configure iparp max-pending-entries 775
configure iparp timeout 776
configure ip-down-vlan-action 777
configure ipfdb route-add 778
configure iproute add 779
configure iproute add blackhole 780
configure iproute add blackhole default 781
configure iproute add default 782
configure iproute delete 783
configure iproute delete blackhole 784
configure iproute delete blackhole default 785
configure iproute delete default 786
configure iproute priority 787
configure irdp 789
configure irdp 790
configure udp-profile add 791
configure udp-profile delete 792
configure vlan upd-profile 793
create udp-profile 794
delete udp-profile 795
disable bootp vlan 796
disable bootprelay 797
disable icmp address-mask 798
disable icmp parameter-problem 799
disable icmp port-unreachables 800
disable icmp redirects 801
disable icmp time-exceeded 802
disable icmp timestamp 803
disable icmp unreachables 804
disable icmp useredirects 805
disable iparp checking 806

20 ExtremeWare 7.3e Command Reference Guide

 Contents

disable iparp refresh 807

disable ipforwarding 808
disable ip-option loose-source-route 809
disable ip-option record-route 810
disable ip-option record-timestamp 811
disable ip-option strict-source-route 812
disable ip-option use-router-alert 813
disable iproute sharing 814
disable irdp 815
disable loopback-mode vlan 816
disable udp-echo-server 817
enable bootp vlan 818
enable bootprelay 819
enable icmp address-mask 820
enable icmp parameter-problem 821
enable icmp port-unreachables 822
enable icmp redirects 823
enable icmp time-exceeded 824
enable icmp timestamp 825
enable icmp unreachables 826
enable icmp useredirects 827
enable iparp checking 828
enable iparp refresh 829
enable ipforwarding 830
enable ip-option loose-source-route 831
enable ip-option record-route 832
enable ip-option record-timestamp 833
enable ip-option strict-source-route 834
enable ip-option use-router-alert 835
enable iproute sharing 836
enable irdp 837
enable loopback-mode vlan 838
enable udp-echo-server 839
rtlookup 840

ExtremeWare 7.3e Command Reference Guide 21

Contents

show iparp 841

show iparp proxy 842
show ipconfig 843
show ipfdb 844
show iproute 846
show ipstats 848
show udp-profile 851
unconfigure bootprelay dhcp-agent information check 852
unconfigure bootprelay dhcp-agent information option 853
unconfigure bootprelay dhcp-agent information policy 854
unconfigure icmp 855
unconfigure iparp 856
unconfigure irdp 857
unconfigure udp-profile 858

Chapter 18 IGP Commands

configure ospf area interarea-filter 861
configure ospf area external-filter 862
configure ospf cost 863
configure ospf priority 864
configure ospf virtual-link authentication password 865
configure ospf timer 866
configure ospf add virtual-link 868
configure ospf add vlan area 869
configure ospf add vlan area 870
configure ospf add vlan area link-type 872
configure ospf area external-filter 873
configure ospf area interarea-filter 874
configure ospf area add range 875
configure ospf area delete range 876
configure ospf area normal 877
configure ospf area nssa stub-default-cost 878
configure ospf area stub stub-default-cost 879
configure ospf asbr-filter 880

22 ExtremeWare 7.3e Command Reference Guide

 Contents

configure ospf ase-limit 881

configure ospf ase-summary add 882
configure ospf ase-summary delete 883
configure ospf delete virtual-link 884
configure ospf delete vlan 885
configure ospf direct-filter 886
configure ospf lsa-batch-interval 887
configure ospf metric-table 888
configure ospf routerid 889
configure ospf spf-hold-time 890
configure ospf vlan neighbor add 891
configure ospf vlan neighbor delete 892
configure ospf vlan timer 893
configure rip add vlan 894
configure rip delete vlan 895
configure rip garbagetime 896
configure rip routetimeout 897
configure rip rxmode 898
configure rip txmode 899
configure rip updatetime 900
configure rip vlan cost 901
configure rip vlan export-filter 902
configure rip vlan import-filter 903
configure rip vlan trusted-gateway 904
create ospf area 905
delete ospf area 906
disable ospf 907
disable ospf capability opaque-lsa 908
disable ospf export 909
disable rip 910
disable rip aggregation 911
disable rip export 912
disable rip exportstatic 913
disable rip originate-default 914

ExtremeWare 7.3e Command Reference Guide 23

Contents

disable rip poisonreverse 915

disable rip splithorizon 916
disable rip triggerupdate 917
enable ospf 918
enable ospf capability opaque-lsa 919
enable ospf export 920
enable ospf export direct 921
enable ospf export rip 923
enable ospf export static 924
enable ospf originate-default 925
enable rip 926
enable rip aggregation 927
enable rip export cost 928
enable rip exportstatic 929
enable rip originate-default cost 930
enable rip poisonreverse 931
enable rip splithorizon 932
enable rip triggerupdate 933
show ospf 934
show ospf area 935
show ospf area detail 936
show ospf ase-summary 937
show ospf interfaces detail 938
show ospf interfaces 939
show ospf lsdb area lstype 940
show ospf virtual-link 942
show rip 943
show rip stats 944
show rip stats vlan 945
show rip vlan 946
unconfigure ospf 947
unconfigure rip 948

Chapter 19 IP Multicast Commands

24 ExtremeWare 7.3e Command Reference Guide

 Contents

clear igmp group 951

clear igmp snooping 952
clear ipmc cache 953
clear ipmc fdb 954
configure igmp 955
configure igmp snooping add static group 956
configure igmp snooping delete static group 958
configure igmp snooping add static router 959
configure igmp snooping delete static router 960
configure igmp snooping filter 961
configure igmp snooping flood-list 962
configure igmp snooping leave-timeout 964
configure igmp snooping timer 965
configure pim add vlan 967
configure pim crp static 968
configure pim delete vlan 969
configure pim register-rate-limit-interval 970
configure pim register-suppress-interval register-probe-interval 971
configure pim register-checksum-to 972
configure pim spt-threshold 973
configure pim timer vlan 974
configure pim vlan trusted-gateway 975
disable igmp 976
disable igmp snooping 977
disable igmp snooping with-proxy 978
disable ipmcforwarding 979
disable pim 980
enable igmp 981
enable igmp snooping 982
enable igmp snooping with-proxy 984
enable ipmcforwarding 985
enable pim 986
mrinfo 987
mtrace 988

ExtremeWare 7.3e Command Reference Guide 25

Contents

show igmp group 990

show igmp snooping 991
show igmp snooping filter 992
show igmp snooping static group 993
show ipmc cache 994
show ipmc fdb 995
show l2stats 996
show pim 997
unconfigure igmp 998
unconfigure pim 999

Chapter 20 Wireless Commands

clear wireless ports counters 1003
clear wireless ports interface ap-scan results 1004
clear wireless ports interface client-history 1005
clear wireless ports interface client-scan counters 1006
clear wireless ports interface client-scan results 1007
clear wireless ports log 1008
configure debug-trace wireless ports iapp 1009
configure rf-profile beacon-interval 1010
configure rf-profile dtim-interval 1011
configure rf-profile frag-length 1012
configure rf-profile long-retry 1013
configure rf-profile preamble 1014
configure rf-profile rts-threshold 1015
configure rf-profile short-retry 1016
configure wireless country-code 1017
configure wireless default-gateway 1019
configure wireless management-vlan 1020
configure wireless ports antenna-location 1021
configure wireless ports detected-station-timeout 1022
configure wireless ports force-disassociation 1023
configure wireless ports health-check 1024
configure wireless ports interface ap-scan added-trap 1025

26 ExtremeWare 7.3e Command Reference Guide

 Contents

configure wireless ports interface ap-scan off-channel 1026

configure wireless ports interface ap-scan off-channel continuous 1027
configure wireless ports interface ap-scan off-channel max-wait 1028
configure wireless ports interface ap-scan off-channel min-wait 1029
configure wireless ports interface ap-scan probe-interval 1030
configure wireless ports interface ap-scan removed-trap 1031
configure wireless ports interface ap-scan results size 1032
configure wireless ports interface ap-scan results timeout 1033
configure wireless ports interface ap-scan send-probe 1034
configure wireless ports interface ap-scan updated-trap 1035
configure wireless ports interface channel 1036
configure wireless ports interface client-history size 1038
configure wireless ports interface client-history timeout 1039
configure wireless ports interface client-scan added-trap 1040
configure wireless ports interface client-scan removed-trap 1041
configure wireless ports interface client-scan results size 1042
configure wireless ports interface client-scan results timeout 1043
configure wireless ports interface max-clients 1044
configure wireless ports interface power-level 1045
configure wireless ports interface rf-profile 1046
configure wireless ports interface security-profile 1047
configure wireless ports interface transmit-rate 1048
configure wireless ports interface wireless-bridging 1049
configure wireless ports ipaddress 1050
configure wireless ports location 1051
create rf-profile copy 1052
create rf-profile mode 1053
delete rf-profile 1054
disable wireless ports 1055
disable wireless ports cancel-scheduler 1056
disable wireless ports every 1057
disable wireless ports interface 1058
disable wireless ports interface ap-scan 1059
disable wireless ports interface ap-scan off-channel 1060

ExtremeWare 7.3e Command Reference Guide 27

Contents

disable wireless ports interface client-history 1061

disable wireless ports interface client-scan 1062
disable wireless ports interface iapp 1063
disable wireless ports interface svp 1064
disable wireless ports time 1065
enable wireless ports 1066
enable wireless ports cancel-scheduler 1067
enable wireless ports every 1068
enable wireless ports interface 1069
enable wireless ports interface ap-scan 1070
enable wireless ports interface ap-scan off-channel 1071
enable wireless ports interface client-history 1072
enable wireless ports interface client-scan 1073
enable wireless ports interface iapp 1074
enable wireless ports interface svp 1075
enable wireless ports time 1076
reset wireless ports 1077
reset wireless ports interface 1078
show rf-profile 1079
show wireless ap-scan results 1084
show wireless ap-scan results mac_address 1086
show wireless client-scan results 1087
show wireless client-scan results mac-address 1089
show wireless configuration 1090
show wireless ports 1091
show wireless ports configuration 1093
show wireless ports debug-trace 1095
show wireless ports interface ap-scan configuration 1097
show wireless ports interface ap-scan results 1099
show wireless ports interface ap-scan results mac-address 1102
show wireless ports interface ap-scan status 1103
show wireless ports interface client mac-statistics 1104
show wireless ports interface client-history configuration 1106
show wireless ports interface client-history diagnostics 1107

28 ExtremeWare 7.3e Command Reference Guide

 Contents

show wireless ports interface client-history mac-layer 1109

show wireless ports interface client-history status 1111
show wireless ports interface client-scan configuration 1113
show wireless ports interface client-scan results 1115
show wireless ports interface client-scan results mac-address 1117
show wireless ports interface client-scan status 1118
show wireless ports interface clients 1120
show wireless ports interface configuration 1122
show wireless ports interface pae-diagnostics 1125
show wireless ports interface pae-statistics 1126
show wireless ports interface rf-status 1127
show wireless ports interface security-status 1129
show wireless ports interface stats 1131
show wireless ports interface status 1132
show wireless ports log 1133

Chapter 21 Power Over Ethernet Commands

clear inline-power connection-history slot 1137
clear inline-power fault ports 1138
clear inline-power stats 1139
configure inline-power budget 1140
configure inline-power detection 1141
configure inline-power disconnect-precedence 1142
configure inline-power label ports 1143
configure inline-power operator-limit 1144
configure inline-power power-supply 1146
configure inline-power priority 1147
configure inline-power reserved budget 1148
configure inline-power type 1149
configure inline-power usage-threshold 1150
configure inline-power violation-precedence 1151
disable inline-power 1152
disable inline-power legacy 1153
disable inline-power ports 1155

ExtremeWare 7.3e Command Reference Guide 29

Contents

disable inline-power slot 1156

enable inline-power 1157
enable inline-power legacy 1158
enable inline-power ports 1160
enable inline-power slot 1161
reset inline-power ports 1162
reset inline-power slot 1163
show inline-power 1164
show inline-power configuration port 1166
show inline-power configuration slot 1168
show inline-power info port 1170
show inline-power slot 1173
show inline-power stats ports 1174
show inline-power stats slot 1176
unconfigure inline-power detection ports 1177
unconfigure inline-power disconnect-precedence 1178
unconfigure inline-power operator-limit ports 1179
unconfigure inline-power power-supply 1180
unconfigure inline-power priority ports 1181
unconfigure inline-power reserved-budget ports 1182
unconfigure inline-power usage-threshold 1183
unconfigure inline-power violation-precedence ports 1184

30 ExtremeWare 7.3e Command Reference Guide

 Preface

This preface provides an overview of this guide, describes guide conventions, and lists other
publications that may be useful.

Introduction
This guide provides the complete syntax for all the 7.3e commands available in the ExtremeWare®
software running on the Summit series “e” switches from Extreme Networks®.

This guide is intended for use as a reference by network administrators who are responsible for
installing and setting up network equipment. It assumes knowledge of the switch configuration. For
conceptual information and guidance on configuring Extreme Networks switches, see the ExtremeWare
7.3e User Guide.

Conventions
Table 1 andTable 2 list conventions that are used throughout this guide.

Table 1: Notice Icons

Icon Notice Type Alerts you to...

Note Important features or instructions.

Caution Risk of personal injury, system damage, or loss of data.

Warning Risk of severe personal injury.

ExtremeWare 7.3e Command Reference Guide 31

Preface

Table 2: Text Conventions

Convention Description
Screen displays This typeface indicates command syntax, or represents information as it appears on the
screen.
The words “enter” When you see the word “enter” in this guide, you must type something, and then press
and “type” the Return or Enter key. Do not press the Return or Enter key when an instruction
simply says “type.”
[Key] names Key names are written with brackets, such as [Return] or [Esc].
If you must press two or more keys simultaneously, the key names are linked with a
plus sign (+). Example:
Press [Ctrl]+[Alt]+[Del].
Words in italicized type Italics emphasize a point or denote new terms at the place where they are defined in
the text.

Command Titles
For clarity and brevity, the command titles omit variables, values, and optional arguments. The
complete command syntax is displayed directly below the command titles.

Related Publications
The publications related to this one are:

• ExtremeWare 7.3e release notes

• ExtremeWare 7.3e User Guide
• Consolidated “e” Series Hardware Installation Guide

Documentation for Extreme Networks products is available on the World Wide Web at the following
location:

http://www.extremenetworks.com/

Using ExtremeWare Publications Online

You can access ExtremeWare publications by downloading them from the Extreme Networks World
Wide Web location or from your ExtremeWare product CD. Publications are provided in Adobe®
Portable Document Format (PDF). Displaying or printing PDF files requires that your computer be
equipped with Adobe® Reader® software, which is available free of charge from Adobe Systems
Incorporated.

The following two ExtremeWare publications are available as PDF files that are designed to be used
online together:

• ExtremeWare 7.3e User Guide

• ExtremeWare 7.3e Command Reference Guide

32 ExtremeWare 7.3e Command Reference Guide

 Related Publications

The user guide PDF file provides links that connect you directly to relevant command information in
the command reference guide PDF file. This quick-referencing capability enables you to easily find
detailed information in the command reference guide for any command mentioned in the user guide.

To ensure that the quick-referencing feature functions properly, follow these steps:

1 Download both the user guide PDF file and the command reference guide PDF file to the same
destination directory on your computer.
2 You may open one or both PDF files and to enable cross-referenced linking between the user guide
and command reference guide; however, it is recommended that for ease of use, you keep both files
open concurrently on your computer desktop.

NOTE
If you activate a cross-referencing link from the ExtremeWare 7.3e User Guide PDF file to the command
reference PDF file when the command reference PDF file is closed (that is, not currently open on your
computer desktop), the system will close the user guide PDF file and open the command reference PDF
file. To keep both PDF files open when you activate a cross-reference link, open both PDF files before
using the link.

ExtremeWare 7.3e Command Reference Guide 33

Preface

34 ExtremeWare 7.3e Command Reference Guide

 1 Command Reference Overview

Introduction
This guide provides details of the command syntax for all ExtremeWare commands as of
ExtremeWare version 7.3e.

NOTE
ExtremeWare 7.3e only supports the Summit 200, Summit 300, and Summit 400 series of switches.

This guide does not provide feature descriptions, explanations of the technologies, or configuration
examples. For information about the various features and technologies supported by Extreme Networks
switches, see the ExtremeWare 7.3e User Guide. This guide does not replace the user guide; this guide
supplements the user guide.

Audience
This guide is intended for use by network administrators who are responsible for installing and setting
up network equipment. It assumes a basic working knowledge of the following:
• Local area networks (LANs)
• Ethernet concepts
• Ethernet switching and bridging concepts
• Routing concepts
• Internet Protocol (IP) concepts
• Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) concepts
• IP Multicast concepts
• Distance Vector Multicast Routing Protocol (DVMRP) concepts
• Simple Network Management Protocol (SNMP)

This guide also assumes that you have read the ExtremeWare 7.3e User Guide.

ExtremeWare 7.3e Command Reference Guide 35

Command Reference Overview

Structure of this Guide

This guide documents each ExtremeWare command. Related commands are grouped together and
organized into chapters based on their most common usage. The chapters reflect the organization of the
ExtremeWare 7.3e User Guide. If a specific command is relevant to a wide variety of functions and could
be included in a number of different chapters, we have attempted to place the command in the most
logical chapter. Within each chapter, commands appear in alphabetical order. You can use the Index of
Commands to locate specific commands if they do not appear where you expect to find them.

NOTE
The ExtremeWare command line interface (CLI) supports only the US character set.

For each command, the following information is provided:

• Command Syntax—The actual syntax of the command. The syntax conventions (the use of braces or
curly brackets, for example) are defined in the section “Understanding the Command Syntax” on
page 37.
• Description—A brief (one sentence) summary of what the command does.
• Syntax Description—The definition of any keywords and options used in the command.
• Default—The defaults, if any, for this command. The default can be the default action of the
command if optional arguments are not provided, or it can be the default state of the switch (such as
for an enable/disable command).
• Usage Guidelines—Information to help you use the command. This may include prerequisites,
prohibitions, and related commands, as well as other information.
• Example—Examples of the command usage, including output, if relevant.
• History—The version of ExtremeWare in which the command was introduced, and version(s) where
it was modified, if appropriate.

36 ExtremeWare 7.3e Command Reference Guide

 Understanding the Command Syntax

Understanding the Command Syntax

When entering a command at the prompt, ensure that you have the appropriate privilege level. Most
configuration commands require you to have the administrator privilege level.

You may see a variety of symbols shown as part of the command syntax. These symbols explain how to
enter the command, and you do not type them as part of the command itself. Table 3 summarizes
command syntax symbols.

Table 3: Command Syntax Symbols

Symbol Description
angle brackets < > Enclose a variable or value. You must specify the variable or value. For
example, in the syntax
configure vlan <vlan name> ipaddress <ip_address>
you must supply a VLAN name for <vlan name> and an address for
<ip_address> when entering the command. Do not type the angle
brackets.
square brackets [ ] Enclose a required value or list of required arguments. One or more
values or arguments can be specified. For example, in the syntax
use image [primary | secondary]
you must specify either the primary or secondary image when entering
the command. Do not type the square brackets.
vertical bar | Separates mutually exclusive items in a list, one of which must be
entered. For example, in the syntax
configure snmp community [read-only | read-write]
<string>
you must specify either the read or write community string in the
command. Do not type the vertical bar.
braces { } Enclose an optional value or a list of optional arguments. One or more
values or arguments can be specified. For example, in the syntax
reboot {<date> <time> | cancel}
you can specify either a particular date and time combination, or the
keyword cancel to cancel a previously scheduled reboot. If you do not
specify an argument, the command will prompt asking if you want to
reboot the switch now. Do not type the braces.

Command Completion with Syntax Helper

The CLI has a built-in syntax helper. If you are unsure of the complete syntax for a particular command,
enter as much of the command as possible and press [Tab]. The syntax helper provides a list of options
for the remainder of the command, and places the cursor at the end of the command you have entered
so far, ready for the next option.

If the command is one where the next option is a named component, such as a VLAN, access profile, or
route map, the syntax helper will also list any currently configured names that might be used as the
next option. In situations where this list might be very long, the syntax helper will list only one line of
names, followed by an ellipses to indicate that there are more names than can be displayed.

The syntax helper also provides assistance if you have entered an incorrect command.

ExtremeWare 7.3e Command Reference Guide 37

Command Reference Overview

Abbreviated Syntax
Abbreviated syntax is the shortest unambiguous allowable abbreviation of a command or parameter.
Typically, this is the first three letters of the command. If you do not enter enough letters to allow the
switch to determine which command you mean, the syntax helper will provide a list of the options
based on the portion of the command you have entered.

NOTE
When using abbreviated syntax, you must enter enough characters to make the command unambiguous
and distinguishable to the switch.

Names
All named components of the switch configuration must have a unique name. Names must begin with
an alphabetical character and are delimited by whitespace, unless enclosed in quotation marks.

Command Shortcuts
All named components of the switch configuration must have a unique name. Components are named
using the create command. When you enter a command to configure a named component, you do not
need to use the keyword of the component. For example, to create a VLAN, you must enter a unique
VLAN name:
create vlan engineering

Once you have created the VLAN with a unique name, you can then eliminate the keyword vlan from
all other commands that require the name to be entered. For example, instead of entering the command
configure vlan engineering delete port 1-3,6

you could enter the following shortcut:

configure engineering delete port 1-3,6

Modular Switch Numerical Ranges

Commands that require you to enter one or more port numbers on a modular switch use the parameter
<portlist> in the syntax. A <portlist> can be one port on a particular slot. For example,
port 1:1

A <portlist> can be a range of numbers. For example,

port 1:1-1:3

Many commands that accept the parameter <portlist>, also accept a VLAN identifier. When this
option is available in a command, it is run on all ports in the VLAN including all ports in a trunk.

You can add additional slot and port numbers to the list, separated by a comma:
port 1:1,1:8,1:10

You can specify all ports on a particular slot. For example,

port 1:*

38 ExtremeWare 7.3e Command Reference Guide

 Line-Editing Keys

indicates all ports on slot 1.

Stand-alone Switch Numerical Ranges

Commands that require you to enter one or more port numbers on a stand-alone switch use the
parameter <portlist> in the syntax. A portlist can be a range of numbers, for example:
port 1-3

You can add additional port numbers to the list, separated by a comma:
port 1-3,6,8

Many commands that accept the parameter <portlist>, also accept a VLAN identifier. When this
option is available in a command, it is run on all ports in the VLAN including all ports in a trunk.

Line-Editing Keys
Table 4 describes the line-editing keys available using the CLI.

Table 4: Line-Editing Keys

Key(s) Description
Backspace Deletes character to left of cursor and shifts remainder of line to left.
Delete or [Ctrl] + D Deletes character under cursor and shifts remainder of line to left.
[Ctrl] + K Deletes characters from under cursor to end of line.
Insert Toggles on and off. When toggled on, inserts text and shifts previous
text to right.
Left Arrow Moves cursor to left.
Right Arrow Moves cursor to right.
Home or [Ctrl] + A Moves cursor to first character in line.
End or [Ctrl] + E Moves cursor to last character in line.
[Ctrl] + L Clears screen and movers cursor to beginning of line.
[Ctrl] + P or Displays previous command in command history buffer and places cursor
Up Arrow at end of command.
[Ctrl] + N or Displays next command in command history buffer and places cursor at
Down Arrow end of command.
[Ctrl] + U Clears all characters typed from cursor to beginning of line.
[Ctrl] + W Deletes previous word.

Command History
ExtremeWare “remembers” the last 49 commands you entered. You can display a list of these
commands by using the following command:
history

ExtremeWare 7.3e Command Reference Guide 39

Command Reference Overview

40 ExtremeWare 7.3e Command Reference Guide

 2 Commands for Accessing the Switch

This chapter describes:

• Commands used for accessing and configuring the switch including how to set up user accounts,
passwords, date and time settings, and software licenses
• Commands used for configuring the Domain Name Service (DNS) client
• Commands used for checking basic switch connectivity

ExtremeWare supports the following two levels of management:

• User
• Administrator

A user-level account has viewing access to all manageable parameters, with the exception of:
• User account database
• SNMP community strings

A user-level account can use the ping command to test device reachability and change the password
assigned to the account name.

An administrator-level account can view and change all switch parameters. It can also add and delete
users and change the password associated with any account name. The administrator can disconnect a
management session that has been established by way of a Telnet connection. If this happens, the user
logged on by way of the Telnet connection is notified that the session has been terminated.

The DNS client in ExtremeWare augments certain ExtremeWare commands to accept either IP addresses
or host names. For example, DNS can be used during a Telnet session when you are accessing a device
or when using the ping command to check the connectivity of a device.

The switch offers the following commands for checking basic connectivity:
• ping
• traceroute

The ping command enables you to send Internet Control Message Protocol (ICMP) echo messages to a
remote IP device. The traceroute command enables you to trace the routed path between the switch
and a destination endstation.

ExtremeWare 7.3e Command Reference Guide 41

Commands for Accessing the Switch

clear session
clear session <number>

Description
Terminates a Telnet session from the switch.

Syntax Description

number Specifies a session number from show session output to terminate.

Default
N/A.

Usage Guidelines
An administrator-level account can disconnect a management session that has been established by way
of a Telnet connection. You can determine the session number of the session you want to terminate by
using the show session command. The show session output displays information about current
Telnet sessions including:
• The session number
• The login date and time
• The user name
• The type of Telnet session

Depending on the software version running on your switch, additional session information may be
displayed. The session number is the first number displayed in the show session output.

Example
The following command terminates session 4 from the system:
clear session 4

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

42 ExtremeWare 7.3e Command Reference Guide

 configure account

configure account
configure account <user account> {encrypted} {<password>}

Description
Configures a user account password.

Syntax Description

user account Specifies a user account name.

encrypted This option is for use only by the switch when generating an ASCII
configuration file. Specifies that the password should be encrypted when the
configuration is uploaded to a file. Should not be used through the CLI.
password Specifies a user password. Supported in ExtremeWare 4.x and ExtremeWare
6.0.x only. In ExtremeWare 6.1 and later, the switch will prompt for entry of
the password interactively.

Default
N/A.

Usage Guidelines
You must create a user account before you can configure a user account. Use the create account
command to create a user account.

You must have administrator privileges to change passwords for accounts other than your own. User
names and passwords are case-sensitive.

The encrypted option is used by the switch when generating an ASCII configuration file (using the
upload configuration command), and parsing a switch-generated configuration file (using the
download configuration command). Do not select the encrypted option in the CLI.

• The password cannot be specified on the command line. Instead, the switch will interactively prompt
you to enter the password, and will then prompt you to reenter the password to verify that you have
entered it correctly.
• Passwords must have a minimum of 1 character and can have a maximum of 30 characters.

Example
The following command defines a new password for the account admin:
configure account admin

The switch responds with a password prompt:

password:

Your keystrokes will not be echoed as you enter the new password. After you enter the password, the
switch will then prompt you to reenter it.
Reenter password:

ExtremeWare 7.3e Command Reference Guide 43

Commands for Accessing the Switch

Assuming you enter it successfully a second time, the password is now changed.

In ExtremeWare 4.1.19, the following command defines a new password, Extreme1, for the account
admin:
configure account admin Extreme1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

44 ExtremeWare 7.3e Command Reference Guide

 configure banner

configure banner
configure banner

Description
Configures the banner string that is displayed at the beginning of each login prompt of each session.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Press [Return] at the beginning of a line to terminate the command and apply the banner. To clear the
banner, press [Return] at the beginning of the first line.

You can enter up to 24 rows of 79-column text that is displayed before the login prompt of each session.

Example
The following command adds a banner, Welcome to the switch, before the login prompt:
configure banner [Return]
Welcome to the switch

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 45

Commands for Accessing the Switch

configure banner netlogin

configure banner netlogin

Description
Configures the network login banner that is displayed at the beginning of each login prompt of each
session.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
The network login banner and the switch banner cannot be used at the same time. If you configure a
Network Login banner, users do not see the normal banner. If no banner is configured, the Extreme logo
is displayed. The network login banner displays in HTML. No links or images are supported.

Press [Enter] to enter text on a new line. Press [Enter] twice to finish entering the network login banner.
You can enter up to 1024 characters in the banner.

Example
The following command adds the banner “Welcome to your switch” in 8 point purple Arial before the
login prompt:
configure banner netlogin [Enter]
<font face="Arial" size=8 color=534579></font>Welcome to your switch
[Enter]
[Enter]

History
This command was introduced in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

46 ExtremeWare 7.3e Command Reference Guide

 configure dns-client add

configure dns-client add

configure dns-client add <ipaddress>

Description
Adds a DNS name server to the available server list for the DNS client.

Syntax Description

ipaddress Specifies an IP address.

Default
N/A.

Usage Guidelines
Eight DNS name servers can be configured.

Example
The following command specifies that the switch use the DNS server 10.1.2.1:
configure dns-client add 10.1.2.1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 47

Commands for Accessing the Switch

configure dns-client add domain-suffix

configure dns-client add domain-suffix <domain_name>

Description
Adds a domain name to the domain suffix list.

Syntax Description

domain_name Specifies a domain name.

Default
N/A.

Usage Guidelines
The domain suffix list can include up to six items. If the use of all previous names fails to resolve a
name, the most recently added entry on the domain suffix list will be the last name used during name
resolution. This command will not overwrite any exiting entries. If a null string is used as the last suffix
in the list, and all other lookups fail, the name resolver will attempt to look up the name with no suffix.

Example
The following command configures a domain name and adds it to the domain suffix list:
configure dns-client add domain-suffix xyz_inc.com

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

48 ExtremeWare 7.3e Command Reference Guide

 configure dns-client add name-server

configure dns-client add name-server

configure dns-client add name-server <ipaddress>

Description
Adds a DNS name server to the available server list for the DNS client.

Syntax Description

ipaddress Specifies an IP address.

Default
N/A.

Usage Guidelines
Up to three DNS name servers can be configured in ExtremeWare versions prior to 6.2.1. In
ExtremeWare 6.2.1 and later, eight DNS name servers can be configured.

Example
The following command specifies that the switch use the DNS server 10.1.2.1:
configure dns-client add name-server 10.1.2.1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 49

Commands for Accessing the Switch

configure dns-client default-domain

configure dns-client default-domain <domain_name>

Description
Configures the domain that the DNS client uses if a fully qualified domain name is not entered.

Syntax Description

domain_name Specifies a default domain name.

Default
N/A.

Usage Guidelines
Sets the DNS client default domain name to domain_name. The default domain name will be used to
create a fully qualified host name when a domain name is not specified. For example, if the default
default domain name is set to “food.com” then when a command like “ping dog” is entered, the ping
will actually be executed as “ping dog.food.com”.

Example
The following command configures the default domain name for the server:
configure dns-client default-domain xyz_inc.com

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

50 ExtremeWare 7.3e Command Reference Guide

 configure dns-client delete

configure dns-client delete

configure dns-client delete <ipaddress>

Description
Removes a DNS name server from the available server list for the DNS client.

Syntax Description

ipaddress Specifies an IP address.

Default
N/A.

Usage Guidelines
None

Example
The following command removes a DNS server from the list:
configure dns-client delete 10.1.2.1

History
This command was first available in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 51

Commands for Accessing the Switch

configure dns-client delete domain-suffix

configure dns-client delete domain-suffix <domain_name>

Description
Deletes a domain name from the domain suffix list.

Syntax Description

domain_name Specifies a domain name.

Default
N/A.

Usage Guidelines
This command randomly removes an entry from the domain suffix list. If the deleted item was not the
last entry in the list, all items that had been added later are moved up in the list. If no entries in the list
match the domain name specified, an error message will be displayed.

Example
The following command deletes a domain name from the domain suffix list:
configure dns-client delete domain-suffix xyz_inc.com

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

52 ExtremeWare 7.3e Command Reference Guide

 configure dns-client delete name-server

configure dns-client delete name-server

configure dns-client delete name-server <ipaddress>

Description
Removes a DNS name server from the available server list for the DNS client.

Syntax Description

ipaddress Specifies an IP address.

Default
N/A.

Usage Guidelines
None.

Example
The following command removes a DNS server from the list:
configure dns-client delete name-server 10.1.2.1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 53

Commands for Accessing the Switch

configure idletimeouts
configure idletimeouts <minutes>

Description
Configures the time-out for idle HTTP, console, and Telnet sessions.

Syntax Description

minutes Specifies the time-out interval, in minutes. Range is 1 to 240 (1 minute to 4

hours).

Default
Default time-out is 20 minutes.

Usage Guidelines
This command configures the length of time the switch will wait before disconnecting idle HTTP,
console, or Telnet sessions. The idletimeouts feature must be enabled for this command to have an effect
(the idletimeouts feature is disabled by default).

Example
The following command sets the time-out for idle HTTP, login and console sessions to 10 minutes:
configure idletimeouts 10

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

54 ExtremeWare 7.3e Command Reference Guide

 configure time

configure time
configure time <date> <time>

Description
Configures the system date and time.

Syntax Description

date Specifies the date in mm/dd/yyyy format.

time Specifies the time in hh:mm:ss format.

Default
N/A.

Usage Guidelines
The format for the system date and time is as follows:
mm/dd/yyyy hh:mm:ss

The time uses a 24-hour clock format. The AM hours range from 1 through 11, and the PM hours range
from 12 through 23.

You cannot set the year past 2036.

Example
The following command configures a system date of February 15, 2002 and a system time of 8:42 AM
and 55 seconds:
configure time 02/15/2002 08:42:55

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 55

Commands for Accessing the Switch

configure timezone
configure timezone {name <std_timezone_ID>} <GMT_offset>
{autodst {name <dst_timezone_ID>} {<dst_offset>}
{begins [every <floatingday> | on <absoluteday>] {at <time_of_day>}
{ends [every <floatingday> | on <absoluteday>] {at <time_of_day>}}}
| noautodst}

Description
Configures the Greenwich Mean Time (GMT) offset and Daylight Saving Time (DST) preference.

Syntax Description

GMT_offset Specifies a Greenwich Mean Time (GMT) offset, in + or - minutes.

std-timezone-ID Specifies an optional name for this timezone specification. May be up to six
characters in length. The default is an empty string.
autodst Enables automatic Daylight Saving Time.
dst-timezone-ID Specifies an optional name for this DST specification. May be up to six
characters in length. The default is an empty string.
dst_offset Specifies an offset from standard time, in minutes. Value is in the range of 1
to 60. Default is 60 minutes.
floating_day Specifies the day, week, and month of the year to begin or end DST each
year. Format is:
<week><day><month> where:
• <week> is specified as [first | second | third | fourth | last] or 1-5
• <day> is specified as [sunday | monday | tuesday | wednesday | thursday |
friday | saturday] or 1-7 (where 1 is Sunday)
• <month> is specified as [january | february | march | april | may | june | july
| august | september | october | november | december] or 1-12
Default for beginning is first sunday april; default for ending is last sunday
october.
absolute_day Specifies a specific day of a specific year on which to begin or end DST.
Format is:
<month>/<day>/<year> where:
• <month> is specified as 1-12
• <day> is specified as 1-31
• <year> is specified as 1970 - 2035
The year must be the same for the begin and end dates.
time_of_day Specifies the time of day to begin or end Daylight Saving Time. May be
specified as an hour (0-23) or as hour:minutes. Default is 2:00.
noautodst Disables automatic Daylight Saving Time.

Default
Autodst, beginning every first Sunday in April, and ending every last Sunday in October.

56 ExtremeWare 7.3e Command Reference Guide

 configure timezone

Usage Guidelines
Network Time Protocol (NTP) server updates are distributed using GMT time. To properly display the
local time in logs and other timestamp information, the switch should be configured with the
appropriate offset to GMT based on geographic location.

The gmt_offset is specified in +/- minutes from the GMT time.

Automatic DST changes can be enabled or disabled. The default configuration, where DST begins on the
first Sunday in April at 2:00 AM and ends the last Sunday in October at 2:00 AM, applies to most of
North America, and can be configured with the following syntax:
configure timezone <gmt_offst> autodst.

The starting and ending date and time for DST may be specified, as these vary in time zones around the
world.
• Use the every keyword to specify a year-after-year repeating set of dates (e.g. the last Sunday in
March every year)
• Use the on keyword to specify a non-repeating, specific date for the specified year. If you use this
option, you will need to specify the command again every year.
• The begins specification defaults to every first sunday april.
• The ends specification defaults to every last sunday october.
• The ends date may occur earlier in the year than the begins date. This will be the case for countries
in the Southern Hemisphere.
• If you specify only the starting or ending time (not both) the one you leave unspecified will be reset
to its default.
• The time_of_day specification defaults to 2:00
• The timezone IDs are optional. They are used only in the display of timezone configuration
information in the show switch command.

To disable automatic DST changes, re-specify the GMT offset using the noautodst option:
configure timezone <gmt_offst> noautodst.

NTP updates are distributed using GMT time. To properly display the local time in logs and other
timestamp information, the switch should be configured with the appropriate offset to GMT based on
geographical location. Table 5 describes the GMT offsets.

Table 5: Greenwich Mean Time Offsets

GMT Offset GMT Offset

in Hours in Minutes Common Time Zone References Cities
+0:00 +0 GMT - Greenwich Mean London, England; Dublin, Ireland;
Edinburgh, Scotland; Lisbon, Portugal;
UT or UTC - Universal (Coordinated)
Reykjavik, Iceland; Casablanca, Morocco
WET - Western European
-1:00 -60 WAT - West Africa Azores, Cape Verde Islands
-2:00 -120 AT - Azores
-3:00 -180 Brasilia, Brazil; Buenos Aires, Argentina;
Georgetown, Guyana;
-4:00 -240 AST - Atlantic Standard Caracas; La Paz

ExtremeWare 7.3e Command Reference Guide 57

Commands for Accessing the Switch

Table 5: Greenwich Mean Time Offsets (Continued)

GMT Offset GMT Offset

in Hours in Minutes Common Time Zone References Cities
-5:00 -300 EST - Eastern Standard Bogota, Columbia; Lima, Peru; New York,
NY, Trevor City, MI USA
-6:00 -360 CST - Central Standard Mexico City, Mexico
-7:00 -420 MST - Mountain Standard Saskatchewan, Canada
-8:00 -480 PST - Pacific Standard Los Angeles, CA, Cupertino, CA, Seattle,
WA USA
-9:00 -540 YST - Yukon Standard
-10:00 -600 AHST - Alaska-Hawaii Standard
CAT - Central Alaska
HST - Hawaii Standard
-11:00 -660 NT - Nome
-12:00 -720 IDLW - International Date Line West
+1:00 +60 CET - Central European Paris, France; Berlin, Germany;
Amsterdam, The Netherlands; Brussels,
FWT - French Winter
Belgium; Vienna, Austria; Madrid, Spain;
MET - Middle European Rome, Italy; Bern, Switzerland; Stockholm,
Sweden; Oslo, Norway
MEWT - Middle European Winter
SWT - Swedish Winter
+2:00 +120 EET - Eastern European, Russia Zone 1 Athens, Greece; Helsinki, Finland;
Istanbul, Turkey; Jerusalem, Israel; Harare,
Zimbabwe
+3:00 +180 BT - Baghdad, Russia Zone 2 Kuwait; Nairobi, Kenya; Riyadh, Saudi
Arabia; Moscow, Russia; Tehran, Iran
+4:00 +240 ZP4 - Russia Zone 3 Abu Dhabi, UAE; Muscat; Tblisi;
Volgograd; Kabul
+5:00 +300 ZP5 - Russia Zone 4
+5:30 +330 IST – India Standard Time New Delhi, Pune, Allahabad, India
+6:00 +360 ZP6 - Russia Zone 5
+7:00 +420 WAST - West Australian Standard
+8:00 +480 CCT - China Coast, Russia Zone 7
+9:00 +540 JST - Japan Standard, Russia Zone 8
+10:00 +600 EAST - East Australian Standard
GST - Guam Standard
Russia Zone 9
+11:00 +660
+12:00 +720 IDLE - International Date Line East Wellington, New Zealand; Fiji, Marshall
Islands
NZST - New Zealand Standard
NZT - New Zealand

58 ExtremeWare 7.3e Command Reference Guide

 configure timezone

Example
The following command configures GMT offset for Mexico City, Mexico and disables automatic DST:
configure timezone -360 noautodst

The following four commands are equivalent, and configure the GMT offset and automatic DST
adjustment for the US Eastern timezone, with an optional timezone ID of EST:
configure timezone name EST -300 autodst name EDT 60 begins every first sunday april
at 2:00 ends every last sunday october at 2:00

configure timezone name EST -300 autodst name EDT 60 begins every 1 1 4 at 2:00 ends
every 5 1 10 at 2:00

configure timezone name EST -300 autodst name EDT

configure timezone -300 autodst

The following command configures the GMT offset and automatic DST adjustment for the Middle
European timezone, with the optional timezone ID of MET:
configure timezone name MET 60 autodst name MDT begins every last sunday march at 1
ends every last sunday october at 1

The following command configures the GMT offset and automatic DST adjustment for New Zealand.
The ending date must be configured each year because it occurs on the first Sunday on or after March 5:
configure timezone name NZST 720 autodst name NZDT 60 begins every first sunday
october at 2 ends on 3/16/2002 at 2

History
This command was first available in ExtremeWare 7.1e.

Modified in ExtremeWare 7.2e to allow configuration of a beginning and ending time for the automatic
DST.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 59

Commands for Accessing the Switch

create account
create account [admin | user] <username> {encrypted} {<password>}

Description
Creates a new user account.

Syntax Description

admin Specifies an access level for account type admin.

user Specifies an access level for account type user.
username Specifies a new user account name. See “Usage Guidelines” for more
information.
encrypted Specifies an encrypted option.
password Specifies a user password. See “Usage Guidelines” for more information.

Default
By default, the switch is configured with two accounts with the access levels shown in Table 6:

Table 6: User Account Levels

Account Name Access Level

admin This user can access and change all manageable parameters. The admin account
cannot be deleted.
user This user can view (but not change) all manageable parameters, with the following
exceptions:
• This user cannot view the user account database.
• This user cannot view the SNMP community strings.
This user has access to the ping command.

You can use the default names (admin and user), or you can create new names and passwords for the
accounts. Default accounts do not have passwords assigned to them.

Usage Guidelines
The switch can have a total of 16 user accounts. There must be one administrator account on the system.

You must have administrator privileges to change passwords for accounts other than your own. User
names and passwords are case-sensitive.

• User account names must have a minimum of 1 character and can have a maximum of 30 characters.
• Passwords must have a minimum of 0 characters and can have a maximum of 16 characters.
• Admin-level users and users with RADIUS command authorization can use the create account
command.

60 ExtremeWare 7.3e Command Reference Guide

 create account

Example
The following command creates a new account named John2 with administrator privileges:
create account admin john2

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 61

Commands for Accessing the Switch

delete account
delete account <username>

Description
Deletes a specified user account.

Syntax Description

username Specifies a user account name.

Default
N/A.

Usage Guidelines
Use the show accounts command to determine which account you want to delete from the system. The
show accounts output displays the following information in a tabular format:
• The user name
• Access information associated with each user
• User login information
• Session information

Depending on the software version running on your switch and the type of switch you have, additional
account information may be displayed.

You must have administrator privileges to delete a user account. There must be one administrator
account on the system; the command will fail if an attempt is made to delete the last administrator
account on the system.

Do not delete the default administrator account. If you do, it is automatically restored, with no
password, the next time you download a configuration. To ensure security, change the password on the
default account, but do not delete it. The changed password will remain intact through configuration
uploads and downloads.

If you must delete the default account, first create another administrator-level account. Remember to
manually delete the default account again every time you download a configuration.

Example
The following command deletes account John2:
delete account john2

History
This command was first available in ExtremeWare 7.1e.

62 ExtremeWare 7.3e Command Reference Guide

 delete account

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 63

Commands for Accessing the Switch

disable clipaging
disable clipaging

Description
Disables pausing at the end of each show screen.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
The command line interface (CLI) is designed for use in a VT100 environment. Most show command
output will pause when the display reaches the end of a page. This command disables the pause
mechanism and allows the display to print continuously to the screen.

NOTE
Press [q] and then press [Return] to force a pause when CLI paging is disabled.

To view the status of CLI paging on the switch, use the show management command. The show
management command displays information about the switch including the enable/disable state for CLI
paging.

Example
The follow command disables clipaging and allows you to print continuously to the screen:
disable clipaging

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

64 ExtremeWare 7.3e Command Reference Guide

 disable idletimeouts

disable idletimeouts
disable idletimeouts

Description
Disables the timer that disconnects idle sessions from the switch.

Syntax Description
This command has no arguments or variables.

Default
Enabled. Timeout 20 minutes.

Usage Guidelines
When idle time-outs are disabled, console sessions remain open until the switch is rebooted or you
logoff. Telnet sessions remain open until you close the Telnet client.

To view the status of idle time-outs on the switch, use the show management command. The show
management command displays information about the switch including the enable/disable state for idle
time-outs.

Example
The following command disables the timer that disconnects all sessions to the switch:
disable idletimeouts

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 65

Commands for Accessing the Switch

enable clipaging
enable clipaging

Description
Enables the pause mechanism and does not allow the display to print continuously to the screen.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
The command line interface (CLI) is designed for use in a VT100 environment. Most show command
output will pause when the display reaches the end of a page.

To view the status of CLI paging on the switch, use the show management command. The show
management command displays information about the switch including the enable/disable state for CLI
paging.

If CLI paging is enabled and you use the show tech-support command to diagnose system technical
problems, the CLI paging feature is disabled.

Example
The following command enables clipaging and does not allow the display to print continuously to the
screen:
enable clipaging

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

66 ExtremeWare 7.3e Command Reference Guide

 enable idletimeouts

enable idletimeouts
enable idletimeouts

Description
Enables a timer that disconnects Telnet and console sessions after 20 minutes of inactivity.

Syntax Description
This command has no arguments or variables.

Default
Enabled. Timeout 20 minutes.

Usage Guidelines
You can use this command to ensure that a Telnet, HTTP, or console session is disconnected if it has
been idle for the required length of time. This ensures that there are no hanging connections.

To view the status of idle time-outs on the switch, use the show management command. The show
management command displays information about the switch including the enable/disable state for idle
time-outs.

You can configure the length of the time-out interval.

Example
The following command enables a timer that disconnects any Telnet, HTTP, and console sessions after
20 minutes of inactivity:
enable idletimeouts

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 67

Commands for Accessing the Switch

enable license
enable license [ advanced-edge ] <license_key>

Description
Enables a particular software feature license.

Syntax Description

advanced-edge Specifies an advanced-edge license.

license_key Specifies your software license key.

Default
N/A.

Usage Guidelines
Specify license_key as an integer.

The unconfigure switch all command does not clear licensing information. This feature cannot be
disabled after the license has been enabled on the switch.

Depending on the software version running on your switch, and the type of switch you have, only the
license parameters applicable to your software or switch can be used.

To view the type of license you are currently running on the switch, use the show switch command.
The license key number is not displayed, but the type of license is displayed in the show switch
output. The type of license is displayed after the system name, system location, system contact, and
system MAC address.

Example
The following command enables a full L3 license on the switch:
enable license fullL3

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

68 ExtremeWare 7.3e Command Reference Guide

 history

history
history

Description
Displays a list of the previous 49 commands entered on the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
ExtremeWare “remembers” the last 49 commands you entered on the switch. Use the history
command to display a list of these commands.

Example
The following command displays the previous 49 commands entered on the switch:
history

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 69

Commands for Accessing the Switch

reboot
reboot {time <date> <time> | cancel}

Description
Reboots the switch at a specified date and time.

Syntax Description

date Specifies a reboot date in mm/dd/yyyy format.

time Specifies a reboot time in hh:mm:ss format.
cancel Cancels a previously scheduled reboot.

Default
N/A.

Usage Guidelines
If you do not specify a reboot time, the switch will reboot immediately following the command, and
any previously scheduled reboots are cancelled. To cancel a previously scheduled reboot, use the
cancel option.

Example
The following command reboots the switch at 8:00 AM on April 15, 2002:
reboot 04/15/2002 08:00:00

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

70 ExtremeWare 7.3e Command Reference Guide

 show banner

show banner
show banner

Description
Displays the user-configured banner string.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to view the banner that is displayed before the login prompt.

Example
The following command displays the switch banner:
show banner

Output from this command looks similar to the following:

Extreme Networks Summit400 Layer 3 Switch
#########################################################
Unauthorized Access is strictly prohibited.
Violators will be persecuted
#########################################################

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 71

Commands for Accessing the Switch

show dns-client
show dns-client

Description
Displays the DNS configuration.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays the DNS configuration:
show dns-client

Output from this command looks similar to the following:

Number of domain suffixes: 2
Domain Suffix 1: njudah.local
Domain Suffix 2: dbackman.com
Number of name servers: 2
Name Server 1: 172.17.1.104
Name Server 2: 172.17.1.123

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

72 ExtremeWare 7.3e Command Reference Guide

 show esrp-aware

show esrp-aware
show esrp-aware [vlan <vlan name>]

Description
Displays ESRP awareness information.

Syntax Description

vlan name Specifies a VLAN name.

Default
Without the vlan option, the show command displays all VLAN interfaces receiving ESRP packets.

Usage Guidelines
The VLANs associated with the ports connecting an ESRP-aware switch to an ESRP-enabled switch
must be configured using an 802.1Q tag on the connecting port, or, if only a single VLAN is involved, as
untagged.

Example
The following command displays ESRP awareness information for a VLAN named esrpEn.
* Summit400-48t:8 # sh esrp-aware vlan "esrpEn"

The output of the command is similar to the following:

VLAN Interface: [esrpEn]. DisableLearnTimeout=0 secs, Total-Fdb-Flushes=0

Esrp-Group:0 Esrp-Master-Mac=00:04:96:14:46:90, Age=1 secs

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 73

Commands for Accessing the Switch

show switch
show switch

Description
Displays the current switch information.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Viewing statistics on a regular basis allows you to see how well your network is performing. If you
keep simple daily records, you will see trends emerging and notice problems arising before they cause
major network faults. This way, statistics can help you get the best out of your network.

The show switch command displays:

• sysName, sysLocation, sysContact
• MAC address
• License type
• System mode
• Recovery mode
• Transceiver diagnostics
• Watchdog state
• Reboot loop information
• Current date, time, system boot time, and time zone configuration
• Configuration modified information
• Any scheduled reboot information
• Scheduled upload/download information
• Operating environment (temperature, fans, and power supply status)
• Software image information (primary/secondary image, date/time, version)
• NVRAM configuration information (primary/secondary configuration, date/time, size, version)
• PACE configuration information
• Software licensing information

This information may be useful for your technical support representative if you have a problem.

Depending on the software version running on your switch, additional or different switch information
may be displayed.

74 ExtremeWare 7.3e Command Reference Guide

 show switch

Example
The following command displays current switch information:
show switch

Output from this command looks similar to the following:

* Summit400-48t:2 # sh sw

SysName: Summit400-48t
SysLocation:
SysContact: [email protected], +1 888 257 3000
System MAC: 00:04:96:18:40:AF

License: Advanced Edge

System Mode: 802.1Q EtherType is 8100 (Hex).

Recovery Mode: None

System Watchdog: Enabled
Reboot Loop Prot: Disabled

Current Time: Mon Jun 14 16:26:10 2055

Timezone: [Auto DST Enabled] GMT Offset: 0 minutes, name is GMT.
DST of 60 minutes is currently in effect, name is not set.
DST begins every first Sunday April at 2:00
DST ends every last Sunday October at 2:00
Boot Time: Mon Jun 14 16:19:20 2055
Config Modified: Thu Jan 1 00:00:00 1970
Next Reboot: None scheduled
Timed Upload: None scheduled
Timed Download: None scheduled

Temperature: Normal. All fans are operational.

Power supply: Internal power supply OK, External power supply not present.

Primary EW Ver: 7.2e.0b28 beta.s400-r28 [non-ssh]

Secondary EW Ver: 7.2e.0b27 beta.s400-r27 [non-ssh]
Image Selected: Primary
Image Booted: Primary

Config Selected: Secondary

Config Booted: Secondary
Primary Config: Created by EW Version:
7.2e.0 Build 26 [46]
5990 bytes saved on Wed Jan 12 15:54:31 2056
Secondary Config: Empty

* Summit400-48t:3 #

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 75

Commands for Accessing the Switch

traceroute
traceroute <host name | ip_address> {from <source IP address>} {ttl
<number>} {port <port number>}

Description
Enables you to trace the routed path between the switch and a destination endstation.

Syntax Description

host name Specifies the hostname of the destination endstation.

ip_address Specifies the IP address of the destination endstation.
from <source IP address> Uses the specified source address in the ICMP packet. If not specified, the
address of the transmitting interface is used. (6.1 and higher)
ttl <number> Configures the switch to trace up to the time-to-live number of the switch.
(6.1 and higher)
port <port number> Specifies the UDP port number. (6.1 and higher)

Default
N/A.

Usage Guidelines
To use the host name parameter, you must first configure DNS.

Each router along the path is displayed.

Example
The following command enables the traceroute function to a destination of 123.45.67.8:
traceroute 123.45.67.8

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

76 ExtremeWare 7.3e Command Reference Guide

 3 Commands for Managing the Switch

This chapter describes:

• Commands for configuring Simple Network Management Protocol (SNMP) parameters on the
switch
• Commands for managing the switch using Telnet and web access
• Commands for configuring Simple Network Time Protocol (SNTP) parameters on the switch

SNMP
Any network manager running the Simple Network Management Protocol (SNMP) can manage the
switch, if the Management Information Base (MIB) is installed correctly on the management station.
Each network manager provides its own user interface to the management facilities.

The following SNMP parameters can be configured on the switch:

• Authorized trap receivers—An authorized trap receiver can be one or more network management
stations on your network. The switch sends SNMP traps to all trap receivers. Entries in this list can
be created, modified, and deleted using the RMON2 trapDestTable MIB variable, as described in
RFC 2021.
• Authorized managers—An authorized manager can be either a single network management station,
or a range of addresses (for example, a complete subnet) specified by a prefix and a mask. The
switch can have a maximum of eight authorized managers.
• Community strings—The community strings allow a simple method of authentication between the
switch and the remote Network Manager. The default read-only community string is public. The
default read-write community string is private. The community strings for all authorized trap
receivers must be configured on the switch for the trap receiver to receive switch-generated traps.
• System contact (optional)—The system contact is a text field that enables you to enter the name of
the person(s) responsible for managing the switch.
• System name—The system name is the name that you have assigned to this switch. The default
name is the model name of the switch (for example, Summit1).
• System location (optional)—Using the system location field, you can enter an optional location for
this switch.

The following can also be configured on series “e” switches:

ExtremeWare 7.3e Command Reference Guide 77

Commands for Managing the Switch

• SNMP read access—The ability to read SNMP information can be restricted through the use of an
access profile. An access profile permits or denies a named list of IP addresses and subnet masks.
• SNMP read/write access—The ability to read and write SNMP information can be restricted through
the use of an access profile. An access profile permits or denies a named list of IP addresses and
subnet masks.

Telnet
Telnet allows you to access the switch remotely using TCP/IP through one of the switch ports or a
workstation with a Telnet facility. If you access the switch via Telnet, you will use the command line
interface (CLI) to manage the switch and modify switch configurations.

Simple Network Time Protocol

ExtremeWare supports the client portion of the Simple Network Time Protocol (SNTP) Version 3 based
on RFC1769. SNTP can be used by the switch to update and synchronize its internal clock from a
Network Time Protocol (NTP) server. When enabled, the switch sends out a periodic query to the
indicated NTP server, or the switch listens to broadcast NTP updates. In addition, the switch supports
the configured setting for Greenwich Mean time (GMT) offset and the use of Daylight Saving Time.
These features have been tested for year 2000 compliance.

78 ExtremeWare 7.3e Command Reference Guide

 configure snmp access-profile readonly

configure snmp access-profile readonly

configure snmp access-profile readonly [<access-profile> | none]

Description
Assigns an access profile that limits which stations have read-only access to the switch.

Syntax Description

access-profile Specifies a user defined access profile.

none Cancels a previously configured access profile.

Default
All users have access until an access profile is created and specified.

Usage Guidelines
The ability to read SNMP information can be restricted through the use of an access profile. An access
profile permits or denies a named list of IP addresses and subnet masks.

You must create and configure an access profile before you can use this command. You create an access
profile using the create access-profile command. You configure an access profile using the
configure access-profile add command.

Use the none option to remove a previously configured access profile.

Read community strings provide read-only access to the switch. The default read-only community
string is public. The community string for all authorized trap receivers must be configured on the
switch for the trap receiver to receive switch-generated traps. SNMP community strings can contain up
to 32 characters.

To view the SNMP read-only access communities configured on the switch, use the show management
command. The show management command displays information about the switch including the
encrypted names and the number of read-only communities configured on the switch.

To restore defaults to all SNMP-related entries, including the SNMP parameters modified using the
configure snmp access-profile readonly command, use the unconfigure management
command.

Example
The following command allows the user defined access profile admin read-only access to the switch:
configure snmp access-profile readonly admin

History
This command was first available in ExtremeWare 7.2e.

ExtremeWare 7.3e Command Reference Guide 79

Commands for Managing the Switch

Platform Availability
This command is available on the “e” series platforms.

80 ExtremeWare 7.3e Command Reference Guide

 configure snmp access-profile readwrite

configure snmp access-profile readwrite

configure snmp access-profile readwrite [<access-profile> | none]

Description
Assigns an access profile that limits which stations have read/write access to the switch.

Syntax Description

access-profile Specifies a user defined access profile.

none Cancels a previously configured access profile.

Default
All users have access until an access profile is specified.

Usage Guidelines
The ability to read SNMP information can be restricted through the use of an access profile. An access
profile permits or denies a named list of IP addresses and subnet masks.

You must create and configure an access profile before you can use this command. You create an access
profile using the create access-profile command. You configure an access profile using the
configure access-profile command.

Use the none option to remove a previously configured access profile.

Read/write community strings provide read and write access to the switch. The default read/write
community string is private. The community string for all authorized trap receivers must be configured
on the switch for the trap receiver to receive switch-generated traps. SNMP community strings can
contain up to 32 characters.

To view the SNMP read/write access communities configured on the switch, use the show management
command. The show management command displays information about the switch including the names
and the number of read/write communities configured on the switch.

To restore defaults to all SNMP-related entries, including the SNMP parameters modified using the
configure snmp access-profile readwrite command, use the unconfigure management
command.

Example
The following command allows the user defined access profile management read/write access to the
switch:
configure snmp access-profile readwrite management

History
This command was first available in ExtremeWare 7.2e.

ExtremeWare 7.3e Command Reference Guide 81

Commands for Managing the Switch

Platform Availability
This command is available on the “e” series platforms.

82 ExtremeWare 7.3e Command Reference Guide

 configure snmp add community

configure snmp add community

configure snmp add community [readonly | readwrite] {encrypted}
<alphanumeric string>

Description
Adds an SNMP read or read/write community string.

Syntax Description

readonly Specifies read-only access to the system.

readwrite Specifies read and write access to the system.
encrypted Specifies encryption, for use only by the switch when uploading or
downloading a configuration. Should not be used through the CLI.
alphanumeric string Specifies an SNMP community string name. See “Usage Guidelines” for more
information.

Default
The default read-only community string is public. The default read/write community string is private.

Usage Guidelines
Community strings provide a simple method of authentication between a switch and a remote network
manager. Read community strings provide read-only access to the switch. The default read-only
community string is public. Read-write community strings provide read and write access to the switch.
The default read/write community string is private.

An authorized trap receiver must be configured to use the correct community strings on the switch for
the trap receiver to receive switch-generated traps. In some cases, it may be useful to allow multiple
community strings so that all switches and trap receivers are not forced to use identical community
strings. The configure snmp add community command allows you to add multiple community
strings in addition to the default community string.

An SNMP community string can contain up to 32 characters.

To change the value of the default read/write and read-only community strings, use the configure
snmp add community command.

The encrypted option is intended for use by the switch when generating an ASCII configuration file
(using the upload configuration command), or parsing a switch-generated configuration (using the
download configuration command). Do not select the encrypted option in the CLI.

• A total of eight community strings can be configured on the switch.

Example
The following command adds a read/write community string with the value extreme:
configure snmp add community readwrite extreme

ExtremeWare 7.3e Command Reference Guide 83

Commands for Managing the Switch

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to add support for encryption.

Platform Availability
This command is available on the “e” series platforms.

84 ExtremeWare 7.3e Command Reference Guide

 configure snmp add trapreceiver

configure snmp add trapreceiver

configure snmp add trapreceiver <ip address> {port <number>} community {hex
<hex value>} <community string> {from <source ip address>} {mode [enhanced
| standard]} trap-group {auth-traps{,}} {extreme-traps{,}}
{link-up-down-traps{,}} {ospf-traps{,} {ping-traceroute-traps{,}}
{rmon-traps{,}} {security-traps{,}} {smart-traps{,}} {stp-traps{,}}
{system-traps{,}} {vrrp-traps{,}}

Description
Adds the IP address of a trap receiver to the trap receiver list and specifies which SNMPv1/v2c traps
are to be sent.

Syntax Description

ip address Specifies an SNMP trap receiver IP address.

port <number> Specifies a UDP port to which the trap should be sent. Default is 162.
hex Specifies that the value to follow is to be supplied as a colon separated string of
hex octets.
community string Specifies the community string of the trap receiver.
source ip address Specifies the IP address of a VLAN to be used as the source address for the trap
enhanced Specifies enhanced traps, which contain extra varbinds at the end.
standard Specifies standard traps, which do not constrain the extra varbinds.
auth-traps Specifies that authentication traps will be sent to the trap receiver.
extreme-traps Specifies that Extreme Networks specific traps will be sent to the trap receiver.
link-up-down-traps Specifies that link state traps will be sent to the trap receiver.
ospf-traps Specifies that OSPF traps will be sent to the trap receiver.
ping-traceroute-traps Specifies that ping and traceroute traps will be sent to the trap receiver.
rmon-traps Specifies that RMON traps will be sent to the trap receiver.
security-traps Specifies that security traps will be sent to the trap receiver.
smart-traps Specifies that Extreme Networks smart traps will be sent to the trap receiver.
stp-traps Specifies that STP traps will be sent to the trap receiver.
system-traps Specifies that system traps will be sent to the trap receiver.
vrrp-traps Specifies that VRRP traps will be sent to the trap receiver.

Default
Trap receivers are in enhanced mode by default, and the version is SNMPv2c by default.

Usage Guidelines
The IP address can be unicast, multicast, or broadcast.

An authorized trap receiver can be one or more network management stations on your network.
Authorized trap receivers must be configured on the switch for the trap receiver to receive
switch-generated traps. The switch sends SNMP traps to all trap receivers configured to receive the
specific trap group. If no trap groups are specified, all traps will be sent to the receiver. Entries in this

ExtremeWare 7.3e Command Reference Guide 85

Commands for Managing the Switch

list can be created, modified, and deleted using the RMON2 trapDestTable MIB variable, as described in
RFC 2021.

Table 7 lists the currently defined SNMP trap groups. From time to time, new trap groups may be
added to this command.

Table 7: SNMP Trap Groups

Trap Group Notifications MIB Subtree

stp-traps newRoot dot1dBridge, 1.3.6.1.2.1.17
topologyChange
ospf-traps ospfIfStateChange ospfTraps, 1.3.6.1.2.1.14.16.2
ospfVirtIfStateChange
ospfNbrStateChange
ospfVirtNbrStateChange
ospfIfConfigError
ospfVirtIfConfigError
ospfIfAuthFailure
ospfVirtIfAuthFailure
ospfIfRxBadPacket
ospfVirtIfRxBadPacket
ospfTxRetransmit
ospfVirtIfTxRetransmit
ospfOriginateLsa
ospfMaxAgeLsa
ospfLsdbOverflow
ospfLsdbApproachingOverflow
ping-traceroute-traps pingTestFailed pingNotifications, 1.3.6.1.2.1.80.0
pingTestCompleted
tracerouteTestFailed traceRouteNotifications, 1.3.6.1.2.1.81.0
tracerouteTestCompleted
vrrp-traps vrrpTrapNewMaster vrrpNotifications, 1.3.6.1.2.1.68.0
vrrpTrapAuthFailure
system-traps extremeOverheat 1.3.6.1.4.1.1916.0.6
extremeFanFailed 1.3.6.1.4.1.1916.0.7
extremeFanOK 1.3.6.1.4.1.1916.0.8
extremePowerSupplyFail 1.3.6.1.4.1.1916.0.10
extremePowerSupplyGood 1.3.6.1.4.1.1916.0.11
extremeHealthCheckFailed 1.3.6.1.4.1.1916.4.1.0.1
extremeCpuUtilizationRisingTrap 1.3.6.1.4.1.1916.4.1.0.2
extremeCpuUtilizationFallingTrap 1.3.6.1.4.1.1916.4.1.0.3
coldStart 1.3.6.1.6.3.1.1.5.1
warmStart 1.3.6.1.6.3.1.1.5.2
extreme-traps extremeEsrpStateChange 1.3.6.1.4.1.1916.0.17
extremeEdpNeighborAdded 1.3.6.1.4.1.1916.0.20
extremeEdpNeighborRemoved 1.3.6.1.4.1.1916.0.21
extremeSlbUnitAdded 1.3.6.1.4.1.1916.0.18
extremeSlbUnitRemoved 1.3.6.1.4.1.1916.0.19
smart-traps extremeSmartTrap 1.3.6.1.4.1.1916.0.14
auth-traps AuthenticationFailure 1.3.6.1.6.3.1.1.5.5
extremeInvalidLoginAttempt 1.3.6.1.4.1.1916.0.9
link-up-down-traps linkDown 1.3.6.1.6.3.1.1.5.3
linkUp 1.3.6.1.6.3.1.1.5.4
rmon-traps risingAlarm rmon-traps, 1.3.6.1.2.1.16.0
fallingAlarm

86 ExtremeWare 7.3e Command Reference Guide

 configure snmp add trapreceiver

Table 7: SNMP Trap Groups (Continued)

Trap Group Notifications MIB Subtree

security-traps extremeMacLimitExceeded
extremeUnauthorizedPortForMacDetected
extremeMacDetectedOnLockedPort
extremeNetloginUserLogin
extremeNetloginUserLogout
extremeNetloginAuthFailure
1.3.6.1.4.1.1916.4.3.0.1
1.3.6.1.4.1.1916.4.3.0.2
1.3.6.1.4.1.1916.4.3.0.3
1.3.6.1.4.1.1916.4.3.0.4
1.3.6.1.4.1.1916.4.3.0.5
1.3.6.1.4.1.1916.4.3.0.6

To view the SNMP trap receivers configured on the switch, use the show management command. The
show management command displays information about the switch including the destination and
community of the SNMP trap receivers configured on the switch.

To restore defaults to all SNMP-related entries, including the SNMP parameters modified using the
configure snmp add trapreceiver command, use the unconfigure management command.

• Only the trap groups specified will be sent to the receiver.

ExtremeWare 7.2e introduced support for SNMPv3, and the concept of trap groups was added to
allow SNMPv1/v2c users to access a simplified version of the capabilities of SNMPv3. The trap
groups are pre-defined and cannot be modified. See chapter 3, “Managing the Switch”, in the
ExtremeWare Software User Guide for more detail about trap groups.
• A maximum of sixteen trap receivers can be configured for each switch.

Example
The following command adds the IP address 10.101.0.100 as a trap receiver with community string
purple:
configure snmp add trapreceiver 10.101.0.100 community purple

The following command adds the IP address 10.101.0.105 as a trap receiver with community string
green, using port 3003:
configure snmp add trapreceiver 10.101.0.105 port 3003 community green

The following command adds the IP address 10.101.0.105 as a trap receiver with community string blue,
and IP address 10.101.0.25 as the source:
configure snmp add trapreceiver 10.101.0.105 community blue from 10.101.0.25

The following command adds port 9990 at the IP address 10.203.0.22 as a trap receiver with the
community string public, and the receiver should be sent standard traps for the trap groups for Extreme
Networks:
configure snmp add trapreceiver ipaddress 10.203.0.22 port 9990 community public mode
standard trap-group extreme-traps

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to add support for SNMP Version 2 and the trap
groups.

ExtremeWare 7.3e Command Reference Guide 87

Commands for Managing the Switch

Platform Availability
This command is available on the “e” series platforms.

88 ExtremeWare 7.3e Command Reference Guide

 configure snmp community

configure snmp community

configure snmp community [readonly | readwrite] {encrypted} <alphanumeric
string>

Description
Configures the value of the default SNMP read or read/write community string.

Syntax Description

readonly Specifies read-only access to the system.

readwrite Specifies read and write access to the system.
encrypted Specifies encryption, for use only by the switch when uploading or
downloading a configuration. Should not be used through the CLI.
alphanumeric string Specifies an SNMP community string name. See “Usage Guidelines” for more
information.

Default
The default read-only community string is public. The default read/write community string is private.

Usage Guidelines
This command has been superseded by the configure snmp add community command and can be
used only to modify the first read-only or read-write community string which, are normally the default
public and private community strings.
The community strings allow a simple method of authentication between the switch and the remote
network manager. There are two types of community strings on the switch. Read community strings
provide read-only access to the switch. The default read-only community string is public. Read-write
community strings provide read and write access to the switch. The default read/write community
string is private.

It is recommended that you change the values of the default read/write and read-only community
strings. You use the configure snmp community command to change the value of the default
community strings. An SNMP community string can contain up to 32 characters.

The encrypted option is intended for use by the switch when generating an ASCII configuration file
(using the upload configuration command), or parsing a switch-generated configuration (using the
download configuration command). Do not select the encrypted option in the CLI.

A total of sixteen community strings can be configured on the switch. You can add additional
community strings (in addition to the default community stings) using the configure snmp add
community command.

Example
The following command sets the read/write community string to extreme:
configure snmp community readwrite extreme

ExtremeWare 7.3e Command Reference Guide 89

Commands for Managing the Switch

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to add support for encryption.

Platform Availability
This command is available on the “e” series platforms.

90 ExtremeWare 7.3e Command Reference Guide

 configure snmp delete community

configure snmp delete community

configure snmp delete community [readonly | readwrite] {encrypted} [all |
<alphanumeric string>]

Description
Deletes an SNMP read or read/write community string.

Syntax Description

readonly Specifies read-only access to the system.

readwrite Specifies read and write access to the system.
encrypted Specifies an encrypted option.
all Specifies all of the SNMP community stings.
alphanumeric string Specifies an SNMP community string name. See “Usage Guidelines” for more
information.

Default
The default read-only community string is public. The default read/write community string is private.

Usage Guidelines
The community strings allow a simple method of authentication between the switch and the remote
network manager. There are two types of community strings on the switch. Read community strings
provide read-only access to the switch. The default read-only community string is public. read/write
community strings provide read and write access to the switch. The default read/write community
string is private. Sixteen read-only and sixteen read-write community strings can be configured on the
switch, including the defaults. The community string for all authorized trap receivers must be
configured on the switch for the trap receiver to receive switch-generated traps. SNMP community
strings can contain up to 32 characters.

It is recommended that you change the defaults of the read/write and read-only community strings.

Use the configure snmp add community command to configure an authorized SNMP management
station.

The encrypted option should only be used by the switch to generate an ASCII configuration (using the
upload configuration command), and parsing a switch-generated configuration (using the download
configuration command). Do not select the encrypted option in the CLI.

A total of eight community strings can be configured on the switch.

Example
The following command deletes a read/write community string named extreme:
configure snmp delete community readwrite extreme

ExtremeWare 7.3e Command Reference Guide 91

Commands for Managing the Switch

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

92 ExtremeWare 7.3e Command Reference Guide

 configure snmp delete trapreceiver

configure snmp delete trapreceiver

configure snmp delete trapreceiver [{<ip address> {port <number>}} | {all}]

Description
Deletes a specified trap receiver or all authorized trap receivers.

Syntax Description

ip address Specifies an SNMP trap receiver IP address.

port <number> Specifies the port associated with the receiver.
all Specifies all SNMP trap receiver IP addresses.

Default
The default port number is 162.

Usage Guidelines
Use this command to delete a trap receiver of the specified IP address, or all authorized trap receivers.

This command deletes only the first SNMPv1/v2c trap receiver whose IP address and port number
match the specified value.

If a trap receiver has been added multiple times with different community strings, the community
option specifies that only the trap receiver entry with the specified community string should be
removed.

Example
The following command deletes the trap receiver 10.101.0.100 from the trap receiver list:
configure snmp delete trapreceiver 10.101.0.100

The following command deletes entries in the trap receiver list for 10.101.0.100, port 9990:
configure snmp delete trapreceiver 10.101.0.100 port 9990

Any entries for this IP address with a different community string will not be affected.

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e. for SNMPv3 compatibility.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 93

Commands for Managing the Switch

configure snmp sysContact

configure snmp syscontact <alphanumeric string>

Description
Configures the name of the system contact.

Syntax Description

alphanumeric string Specifies a system contact name.

Default
N/A.

Usage Guidelines
The system contact is a text field that enables you to enter the name of the person(s) responsible for
managing the switch. A maximum of 255 characters is allowed.

To view the name of the system contact listed on the switch, use the show switch command. The show
switch command displays switch statistics including the name of the system contact.

To restore defaults to all SNMP-related entries, including the SNMP parameters modified using the
configure snmp syscontact <alphanumeric string> command, use the unconfigure management
command.

Example
The following command defines FredJ as the system contact:
configure snmp syscontact fredj

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

94 ExtremeWare 7.3e Command Reference Guide

 configure snmp sysLocation

configure snmp sysLocation

configure snmp syslocation <alphanumeric string>

Description
Configures the location of the switch.

Syntax Description

alphanumeric string Specifies the switch location.

Default
N/A.

Usage Guidelines
Use this command to indicate the location of the switch. A maximum of 255 characters is allowed.

To view the location of the switch on the switch, use the show switch command. The show switch
command displays switch statistics including the location of the switch.

To restore defaults to all SNMP-related entries, including the SNMP parameters modified using the
configure snmp syslocation <alphanumeric string> command, use the unconfigure
management command.

Example
The following command configures a switch location name on the system:
configure snmp syslocation englab

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 95

Commands for Managing the Switch

configure snmp sysName

configure snmp sysname <alphanumeric string>

Description
Configures the name of the switch.

Syntax Description

alphanumeric string Specifies a device name.

Default
The default sysname is the model name of the device (for example, Summit1).

Usage Guidelines
You can use this command to change the name of the switch. A maximum of 32 characters is allowed.
The sysname appears in the switch prompt.

To view the name of the system listed on the switch, use the show switch command. The show switch
command displays switch statistics including the name of the system.

To restore defaults to all SNMP-related entries, including the SNMP parameters modified using the
configure snmp sysname <alphanumeric string> command, use the unconfigure management
command.

Example
The following command names the switch:
configure snmp sysname engineeringlab

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

96 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 add access

configure snmpv3 add access

configure snmpv3 add access [hex <hex value> | <group name>] {sec-model
[snmpv1 | snmpv2 | usm]} {sec-level [noauth | authnopriv | authpriv]}
{read-view [hex <hex value> | <view name>] { write-view [hex <hex value> |
<view name>] {notify-view [hex <hex value> | <view name>]} {volatile}

Description
Create (and modify) a group and its access rights.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
group name Specifies the group name to add or modify.
sec-model Specifies the security model to use.
snmpv1 Specifies the SNMPv1 security model.
snmpv2 Specifies the SNMPv2c security model.
usm Specifies the SNMPv3 User-based Security Model (USM).
sec-level Specifies the security level for the group.
noauth Specifies no authentication (and implies no privacy) for the security level.
authnopriv Specifies authentication and no privacy for the security level.
authpriv Specifies authentication and privacy for the security level.
read-view Specifies the read view name.
write-view Specifies the write view name.
notify-view Specifies the notify view name.
volatile Specifies volatile storage.

Default
The default values are:
• sec-model—USM
• sec-level—noauth
• read view name—defaultUserView
• write view name— “”
• notify view name—defaultUserView
• non-volatile storage

Usage Guidelines
Use this command to configure access rights for a group. All access groups are created with a unique
default context, “”, as that is the only supported context.

There are a number of default (permanent) groups already defined. These groups are: admin, initial,
initialmd5, initialsha, initialmd5Priv, initialshaPriv, v1v2c_ro, v1v2c_rw.

ExtremeWare 7.3e Command Reference Guide 97

Commands for Managing the Switch

• The default groups defined (permanent) are v1v2c_ro for security names snmpv1 and snmpv2c,
v1v2c_rw for security names snmpv1 and snmpv2c, admin for security name admin, and initial for
security names initial, initialmd5, initialsha, initialmd5Priv and initialshaPriv.
• The default access defined (permanent) are admin, initial, v1v2c_ro, v1v2c_rw, and v1v2cNotifyGroup.

Example
In the following command, access for the group defaultROGroup is created with all the default values:
security model usm, security level noauth, read view defaultUserView, no write view, notify view
defaultUserView, and storage nonvolatile.
configure snmpv3 add access defaultROGroup

In the following command, access for the group defaultROGroup is created with the values: security
model USM, security level authnopriv, read view defaultAdminView, write view defaultAdminView, notify
view defaultAdminView, and storage nonvolatile.
configure snmpv3 add access defaultROGroup sec-model usm sec-level authnopriv
read-view defaultAdminView write-view defaultAdminView notify-view defaultAdminView

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

98 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 add community

configure snmpv3 add community

configure snmpv3 add community {hex <hex value>} <community index> name
{hex <hex value>} <community name> user {hex <hex value>} <user name> {tag
{hex <hex value>} <transport tag>} {volatile}

Description
Add an SNMPv3 community entry.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
community index Specifies the row index in the snmpCommunityTable
community name Specifies the community name.
user name Specifies the USM user name.
transport tag Specifies the tag used to locate transport endpoints in SnmpTargetAddrTable.
When this community entry is used to authenticate v1/v2c messages, this tag
is used to verify the authenticity of the remote entity.
volatile Specifies volatile storage.

Default
N/A.

Usage Guidelines
Use this command to create or modify an SMMPv3 community in the community MIB.

Example
Use the following command to create an entry with the community index comm_index, community
name comm_public, and user (security) name v1v2c_user:

configure snmpv3 add community comm_index name comm_public user v1v2c_user

Use the following command to create an entry with the community index (hex) of 4:E, community name
(hex) of EA:12:CD:CF:AB:11:3C, user (security) name v1v2c_user, using transport tag 34872 and volatile
storage:

configure snmpv3 add community hex 4:E name hex EA:12:CD:CF:AB:11:3C user v1v2c_user
tag 34872 volatile

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 99

Commands for Managing the Switch

configure snmpv3 add filter

configure snmpv3 add filter {hex <hex value>} <profile name> subtree
<object identifier> {/<subtree mask>} type [included | excluded] {volatile}

Description
Add a filter to a filter profile.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
profile name Specifies the filter profile that the current filter is added to.
object identifier Specifies a MIB subtree.
subtree mask Specifies a hex octet string used to mask the subtree. For example, f7a
indicates 1.1.1.1.0.1.1.1.1.0.1.0.
included Specifies that the MIB subtree defined by <object identifier>/<mask> is to be
included.
excluded Specifies that the MIB subtree defined by <object identifier>/<mask> is to be
excluded.
volatile Specifies volatile storage.

Default
The default mask value is an empty string (all 1s). The other default value is non-volatile.

Usage Guidelines
Use this command to create a filter entry in the snmpNotifyFilterTable. Each filter includes or excludes a
portion of the MIB. Multiple filter entries comprise a filter profile that can eventually be associated with
a target address. Other commands are used to associate a filter profile with a parameter name, and the
parameter name with a target address.

This command can be used multiple times to configure the exact filter profile desired.

Example
Use the following command to add a filter to the filter profile prof1 that includes the MIB subtree
1.3.6.1.4.1/f0:

configure snmpv3 add filter prof1 subtree 1.3.6.1.4.1/f0 type included

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

100 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 add filter-profile

configure snmpv3 add filter-profile

configure snmpv3 add filter-profile {hex <hex value>} <profile name> param
{hex <hex value>} <param name> {volatile}

Description
Associate a filter profile with a parameter name.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
profile name Specifies the filter profile name.
param name Specifies a parameter name to associate with the filter profile.
volatile Specifies volatile storage.

Default
The default storage type is non-volatile.

Usage Guidelines
Use this command to add an entry to the snmpNotifyFilterProfileTable. This table associates a filter
profile with a parameter name. The parameter name is associated with target addresses, and the filter
profile is associated with a series of filters, so, in effect, you are associating a series of filters with a
target address.

Example
Use the following command to associate the filter profile prof1 with the parameter name P1:

configure snmpv3 add filter-profile prof1 param P1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 101

Commands for Managing the Switch

configure snmpv3 add group user

configure snmpv3 add group [hex <hex value> | <group name>] user [ hex <hex
value} | <user name>] {sec-model [snmpv1| snmpv2 | usm]} {volatile}

Description
Add a user name (security name) to a group.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
group name Specifies the group name to add or modify.
user name Specifies the user name to add or modify.
sec-model Specifies the security model to use.
snmpv1 Specifies the SNMPv1 security model.
snmpv2 Specifies the SNMPv2c security model.
usm Specifies the SNMPv3 User-based Security Model (USM).
volatile Specifies volatile storage.

Default
The default values are:
• sec-model—USM
• non-volatile storage

Usage Guidelines
Use this command to associate a user name with a group.

As per the SNMPv3 RFC, a security name is model independent while a username is model dependent.
For simplicity, both are assumed to be same here. User names and security names are handled the same.
In other words, if a user is created with the user name username, the security name value is the same,
username.

Every group is uniquely identified by a security name and security model. So the same security name
can be associated to a group name but with different security models.

Example
Use the following command to associate the user userV1 to the group defaultRoGroup with SNMPv1
security:
configure snmpv3 add group defaultRoGroup user userV1 sec-model snmpv1

Use the following command to associate the user userv3 with security model USM and storage type
volatile to the access group defaultRoGroup:

configure snmpv3 add group defaultRoGroup user userV3 volatile

102 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 add group user

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 103

Commands for Managing the Switch

configure snmpv3 add mib-view

configure snmpv3 add mib-view [{hex <hex value>} | <view name> subtree
<object identifier> {/<subtree mask>} {type [included | excluded]}
{volatile}

Description
Add (and modify) a MIB view.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
view name Specifies the MIB view name to add or modify.
subtree Specifies a MIB subtree.
mask Specifies a hex octet string used to mask the subtree. For example, f7a
indicates 1.1.1.1.0.1.1.1.1.0.1.0.
included Specifies that the MIB subtree defined by <subtree>/<mask> is to be included.
excluded Specifies that the MIB subtree defined by <subtree>/<mask> is to be
excluded.
volatile Specifies volatile storage.

Default
The default mask value is an empty string (all 1s). The other default values are included and
non-volatile.

Usage Guidelines
Use this command to create a MIB view into a subtree of the MIB. If the view already exists, this
command modifies the view to additionally include or exclude the specified subtree.

In addition to the created MIB views, there are three default views. They are of storage type permanent
and cannot be deleted, but they can be modified. The default views are: defaultUserView,
defaultAdminView, and defaultNotifyView.

Example
Use the following command to create the MIB view allMIB with the subtree 1.3 included as non-volatile:

configure snmpv3 add mib-view allMIB subtree 1.3

Use the following command to create the view extremeMib with the subtree 1.3.6.1.4.1.1916 included as
non-volatile:

configure snmpv3 add mib-view extremeMib subtree 1.3.6.1.4.1.1916

Use the following command to create a view vrrpTrapNewMaster which excludes VRRP notification.1
and the entry is volatile.

104 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 add mib-view

configure snmpv3 add mib-view vrrpTrapNewMaster 1.3.6.1.2.1.68.0.1/ff8 type excluded

volatile

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 105

Commands for Managing the Switch

configure snmpv3 add notify

configure snmpv3 add notify {hex <hex value>} <notify name> tag {hex <hex
value>} <tag> {volatile}

Description
Add an entry to the snmpNotifyTable.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
notify name Specifies the notify name to add.
tag Specifies a string identifier for the notifications to be sent to the target.
volatile Specifies volatile storage.

Default
The default storage type is non-volatile.

Usage Guidelines
Use this command to add an entry to the snmpNotifyTable. When a notification is to be sent, this table
is examined. For the target addresses that have been associated with the tags present in the table,
notifications will be sent, based on the filters also associated with the target addresses.

Example
Use the following command to send notification to addresses associated with the tag type1:

configure snmpv3 add notify N1 tag type1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

106 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 add target-addr

configure snmpv3 add target-addr

configure snmpv3 add target-addr [{hex <hex value>} | <addr name>] param
[{hex <hex value>} | <param name>] ipaddress <ip address> {/<target-addr
mask>} {transport-port <port>} {from <source IP address>} {tag-list {hex
<hex value>} <tag>, {hex <hex value>} <tag>, ...} {volatile}

Description
Add and configure an SNMPv3 target address and associate filtering, security, and notifications with
that address.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
addr name Specifies a string identifier for the target address.
param name Specifies the parameter name associated with the target.
ip address Specifies an SNMPv3 target IP address.
target-addr mask Specifies a hex octet string used to mask the target address. For example, f7a
indicates 1.1.1.1.0.1.1.1.1.0.1.0.
port Specifies a UDP port. Default is 162.
source ip address Specifies the IP address of a VLAN to be used as the source address for the
trap
tag Specifies a string identifier for the notifications to be sent to the target.
volatile Specifies volatile storage.

Default
The default values are:
• transport-port—port 162
• tag-list—the single tag defaultNotify, a pre-defined value in the snmpNotifyTable
• non-volatile storage

Usage Guidelines
Use this command to create an entry in the SNMPv3 snmpTargetAddressTable. The param parameter
associates the target address with an entry in the snmpTargetParamsTable, which specifies security and
storage parameters for messages to the target address, and an entry in the snmpNotifyFilterProfileTable,
which specifies filters to use for notifications to the target address.

Example
The following command specifies a target address of 10.203.0.22, port 9990, with the name A1, and
associates it with the security parameters and filter profile P1, and the notification tags type1 and type2:

configure snmpv3 add target-addr A1 param P1 ipaddress 10.203.0.22 transport-port 9990

tag-list type1, type2

ExtremeWare 7.3e Command Reference Guide 107

Commands for Managing the Switch

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

108 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 add target-params

configure snmpv3 add target-params

configure snmpv3 add target-params [hex <hex value> | <param name>] user
[hex <hex value> | <user name>] mp-model [snmpv1 | snmpv2c | snmpv3]
sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth | authnopriv | priv]}
{volatile}

Description
Add and configure SNMPv3 target parameters.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
param name Specifies the parameter name associated with the target.
user name Specifies a user.
mp-model Specifies a message processing model; choose from SNMPv1, SNMPv2, or
SNMPv3.
sec-model Specifies the security model to use.
snmpv1 Specifies the SNMPv1 security model.
snmpv2 Specifies the SNMPv2c security model.
usm Specifies the SNMPv3 User-based Security Model (USM).
sec-level Specifies the security level for the group.
noauth Specifies no authentication (and implies no privacy) for the security level.
authnopriv Specifies authentication and no privacy for the security level.
authpriv Specifies authentication and privacy for the security level.
volatile Specifies volatile storage.

Default
The default values are:
• sec-level—noauth
• non-volatile storage

Usage Guidelines
Use this command to create an entry in the SNMPv3 snmpTargetParamsTable. This table specifies the
message processing model, security level, security model, and the storage parameters for messages to
any target addresses associated with a particular parameter name.

To associate a target address with a parameter name, see the command “configure snmpv3 add
target-addr” on page 107.

Example
The following command specifies a target parameters entry named P1, a user name of guest, message
processing and security model of SNMPv2c, and a security level of no authentication:

ExtremeWare 7.3e Command Reference Guide 109

Commands for Managing the Switch

configure snmpv3 add target-params P1 user guest mp-model snmpv2c sec-model snmpv2c
sec-level noauth

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

110 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 add user

configure snmpv3 add user

configure snmpv3 add user [hex <hex value> | <user name>] {authentication
[md5 | sha] [hex <hex octet> | <password>]} {privacy [hex <hex octet> |
<password>]} {volatile}

Description
Add (and modify) an SNMPv3 user.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
user name Specifies the user name to add or modify.
MD5 Specifies MD5 authentication.
SHA Specifies SHA authentication.
authentication Specifies the authentication password or hex string to use for generating the
authentication key for this user.
privacy Specifies the privacy password or hex string to use for generating the privacy
key for this user.
volatile Specifies volatile storage.

Default
The default values are:
• authentication—no authentication
• privacy—no privacy
• non-volatile storage

Usage Guidelines
Use this command to create or modify an SNMPv3 user configuration.

If hex is specified, supply a 16 octet hex string for MD5, or a 20 octet hex string for SHA.

You must specify authentication if you want to specify privacy. There is no support for privacy without
authentication.

The default user names are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv. The initial
password for admin is password. For the other default users, the initial password is the user name.

Example
Use the following command to configure the user guest on the local SNMP Engine with security level
noauth (no authentication and no privacy):

configure snmpv3 add user guest

ExtremeWare 7.3e Command Reference Guide 111

Commands for Managing the Switch

Use the following command to configure the user authMD5 to use MD5 authentication with the password
palertyu:·

configure snmpv3 add user authMD5 authentication md5 palertyu

Use the following command to configure the user authSHApriv to use SHA authentication with the hex
key shown below, the privacy password palertyu, and volatile storage:

configure snmpv3 add user authShapriv authentication sha hex

01:03:04:05:01:05:02:ff:ef:cd:12:99:34:23:ed:ad:ff:ea:cb:11 privacy palertyu volatile

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

112 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 add user clone-from

configure snmpv3 add user clone-from

configure snmpv3 add user {hex <hex value>} <user name> clone-from {hex
<hex value>} <user name>

Description
Create a new user by cloning from an existing SNMPv3 user.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
user name Specifies the user name to add or to clone from.

Default
N/A.

Usage Guidelines
Use this command to create a new user by cloning an existing one. Once you have successfully cloned
the new user, you can modify its parameters using the following command:
configure snmpv3 add user {hex <hex value>} <user name> {authentication [md5 |
sha] [hex <hex octet> | <password>]} {privacy [hex <hex octet> | <password>]}
{volatile}

Users cloned from the default users will have the storage type of non-volatile. The default names are:
admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv.

Example
Use the following command to create a user cloneMD5 with same properties as the default user
initalmd5. All authorization and privacy keys will initially be the same as with the default user
initialmd5.
configure snmpv3 add user cloneMD5 clone-from initialmd5

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 113

Commands for Managing the Switch

configure snmpv3 delete access

configure snmpv3 delete access [all-non-defaults | {hex <hex value>} |
<group name> {sec-model [snmpv1 | snmpv2c | usm] sec-level [noauth |
authnopriv | priv]}}]

Description
Delete access rights for a group.

Syntax Description

all-non-defaults Specifies that all non-default (non-permanent) security groups are to be

deleted.
hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
group name Specifies the group name to add or modify.
sec-model Specifies the security model to use.
snmpv1 Specifies the SNMPv1 security model.
snmpv2c Specifies the SNMPv2c security model.
usm Specifies the SNMPv3 User-based Security Model (USM).
sec-level Specifies the security level for the group.
noauth Specifies no authentication (and implies no privacy) for the security level.
authnopriv Specifies authentication and no privacy for the security level.
authpriv Specifies authentication and privacy for the security level.

Default
The default values are:
• sec-model—USM
• sec-level—noauth

Usage Guidelines
Use this command to remove access rights for a group. Use the all-non-defaults keyword to delete
all the security groups, except for the default groups. The default groups are: admin, initial, v1v2c_ro,
v1v2c_rw.

Deleting an access will not implicitly remove the related group to user association from the
VACMSecurityToGroupTable. To remove the association, use the following command:

configure snmpv3 delete group {{hex} <group name>} user [all-non-defaults | {{hex}
<user name> sec-model {sec-model [snmpv1|snmpv2c|usm]}}]

Example
The following command deletes all entries with the group name userGroup:

configure snmpv3 delete access userGroup

114 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 delete access

The following command deletes the group userGroup with the security model snmpv1 and security level
of authentication and no privacy (authnopriv):

configure snmpv3 delete access userGroup sec-model snmpv1 sec-level authnopriv

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 115

Commands for Managing the Switch

configure snmpv3 delete community

configure snmpv3 delete community [all-non-defaults | {{hex <hex value>}
<community index>} | {name {hex <hex value>} <community name> }]

Description
Delete an SNMPv3 community entry.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
community index Specifies the row index in the snmpCommunityTable
community name Specifies the community name.
user name Specifies the USM user name.
all-non-defaults Specifies that all non-default community entries are to be removed.

Default
N/A.

Usage Guidelines
Use this command to delete an SMMPv3 community in the community MIB. The default entries are
public and private.

Example
Use the following command to delete an entry with the community index comm_index:

configure snmpv3 delete community comm_index

Use the following command to create an entry with the community name (hex) of
EA:12:CD:CF:AB:11:3C:

configure snmpv3 delete community name hex EA:12:CD:CF:AB:11:3C

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

116 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 delete filter

configure snmpv3 delete filter

configure snmpv3 delete filter [all | [{hex <hex value>} <profile name>
{subtree <object identifier>}]]

Description
Delete a filter from a filter profile.

Syntax Description

all Specifies all filters.

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
profile name Specifies the filter profile of the filter to delete.
object identifier Specifies the MIB subtree of the filter to delete.

Default
N/A.

Usage Guidelines
Use this command to delete a filter entry from the snmpNotifyFilterTable. Specify all to remove all
entries. Specify a profile name to delete all entries for that profile name. Specify a profile name and a
subtree to delete just those entries for that filter profile and subtree.

Example
Use the following command to delete the filters from the filter profile prof1 that reference the MIB
subtree 1.3.6.1.4.1:

configure snmpv3 delete filter prof1 subtree 1.3.6.1.4.1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 117

Commands for Managing the Switch

configure snmpv3 delete filter-profile

configure snmpv3 delete filter-profile [all |[{hex <hex value>}<profile
name> {param {hex <hex value>}<param name>}]]

Description
Remove the association of a filter profile with a parameter name.

Syntax Description

all Specifies all filter profiles.

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
profile name Specifies the filter profile name to delete.
param name Specifies to delete the filter profile with the specified profile name and
parameter name.

Default
The default storage type is non-volatile.

Usage Guidelines
Use this command to delete entries from the snmpNotifyFilterProfileTable. This table associates a filter
profile with a parameter name. Specify all to remove all entries. Specify a profile name to delete all
entries for that profile name. Specify a profile name and a parameter name to delete just those entries
for that filter profile and parameter name.

Example
Use the following command to delete the filter profile prof1 with the parameter name P1:

configure snmpv3 delete filter-profile prof1 param P1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

118 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 delete group user

configure snmpv3 delete group user

configure snmpv3 delete group {{hex <hex value>} | <group name>} user
[all-non-defaults | {{hex <hex value>} |<user name>} {sec-model
[snmpv1|snmpv2c|usm]}]

Description
Delete a user name (security name) from a group.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
group name Specifies the group name to add or modify.
all-non-defaults Specifies that all non-default (non-permanent) users are to be deleted from the
group.
user name Specifies the user name to add or modify.
sec-model Specifies the security model to use.
snmpv1 Specifies the SNMPv1 security model.
snmpv2 Specifies the SNMPv2c security model.
usm Specifies the SNMPv3 User-based Security Model (USM).

Default
The default values are:
• sec-model—USM

Usage Guidelines
Use this command to remove the associate of a user name with a group.

As per the SNMPv3 RFC, a security name is model independent while a username is model dependent.
For simplicity, both are assumed to be same here. User names and security names are handled the same.
In other words, if a user is created with the user name username, the security name value is the same,
username.

Every group is uniquely identified by a security name and security model. So the same security name
can be associated to a group name but with different security models.

The default groups are: admin, initial, v1v2c_ro, v1v2c_rw.

The default users are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv.

Example
Use the following command to delete the user guest from the group UserGroup for the security model
snmpv2c:
configure snmpv3 delete group UserGroup user guest sec-model snmpv2c

ExtremeWare 7.3e Command Reference Guide 119

Commands for Managing the Switch

Use the following command to delete the user guest from the group userGroup with the security model
USM:

configure snmpv3 delete group userGroup user guest

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

120 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 delete mib-view

configure snmpv3 delete mib-view

configure snmpv3 delete mib-view [all-non-defaults | {{hex <hex value>} |
<view name> {subtree <object identifier>}]

Description
Delete a MIB view.

Syntax Description

all-non-defaults Specifies that all non-default (non-permanent) MIB views are to be deleted.
hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
view name Specifies the MIB view name to add or modify.
subtree Specifies a MIB subtree.

Default
N/A.

Usage Guidelines
Use this command to delete a MIB view. Views which are being used by security groups cannot be
deleted. Use the all-non-defaults keyword to delete all the MIB views (not being used by security
groups) except for the default views. The default views are: defaultUserView, defaultAdminView, and
defaultNotifyView.

Use the configure snmpv3 add mib-view command to remove a MIB view from its security group,
by specifying a different view.

Example
The following command deletes all views (only the permanent views will not be deleted):
configure snmpv3 delete mib-view all-non-defaults

The following command deletes all subtrees with the view name AdminView:
configure snmpv3 delete mib-view AdminView

The following command deletes the view AdminView with subtree 1.3.6.1.2.1.2
configure snmpv3 delete mib-view AdminView subtree 1.3.6.1.2.1.2

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 121

Commands for Managing the Switch

configure snmpv3 delete notify

configure snmpv3 delete notify [{{hex <hex value>} <notify name>} |
all-non-defaults]

Description
Delete an entry from the snmpNotifyTable.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
notify name Specifies the notify name to add.
all-non-defaults Specifies that all non-default (non-permanent) notifications are to be deleted.

Default
N/A.

Usage Guidelines
Use this command to delete an entry from the snmpNotifyTable. When a notification is to be sent, this
table is examined. For the target addresses that have been associated with the tags present in the table,
notifications will be sent, based on the filters also associated with the target addresses.

There is one default notification that cannot be deleted, defaultNotify.

Example
Use the following command to remove the N1 entry from the table:

configure snmpv3 delete notify N1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

122 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 delete target-addr

configure snmpv3 delete target-addr

configure snmpv3 delete target-addr [{{hex <hex value>} | <addr name>|
all}]

Description
Delete SNMPv3 target addresses.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
addr name Specifies a string identifier for the target address.
all Specifies all target addresses.

Default
N/A.

Usage Guidelines
Use this command to delete an entry in the SNMPv3 snmpTargetAddressTable.

Example
The following command deletes target address named A1:

configure snmpv3 delete target-addr A1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 123

Commands for Managing the Switch

configure snmpv3 delete target-params

configure snmpv3 delete target-params [{{hex <hex value>} <param name>} |
all]

Description
Delete SNMPv3 target parameters.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
param name Specifies the parameter name associated with the target.

Default
N/A.

Usage Guidelines
Use this command to delete an entry in the SNMPv3 snmpTargetParamsTable. This table specifies the
message processing model, security level, security model, and the storage parameters for messages to
any target addresses associated with a particular parameter name.

Example
The following command deletes a target parameters entry named P1:

configure snmpv3 delete target-params P1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

124 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 delete user

configure snmpv3 delete user

configure snmpv3 delete user [all-non-defaults | {hex <hex value>} <user
name>]

Description
Delete an existing SNMPv3 user.

Syntax Description

all-non-defaults Specifies that all non-default (non-permanent) users are to be deleted.

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
user name Specifies the user name to add or to clone from.

Default
N/A.

Usage Guidelines
Use this command to delete an existing user.

Use the all-non-defaults keyword to delete all users, except for the default (permanent) users. The
default user names are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv.

Deleting a user will not implicitly remove the related group to user association from the
VACMSecurityToGroupTable. To remove the association, use the following command:

configure snmpv3 delete group {{hex} <group name>} user [all-non-defaults | {{hex}
<user name> {sec-model [snmpv1|snmpv2c|usm]}}]

Example
The following command deletes all non-default users:

configure snmpv3 delete user all-non-defaults

The following command deletes the user guest:

configure snmpv3 delete user guest

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 125

Commands for Managing the Switch

configure snmpv3 engine-boots

configure snmpv3 engine-boots <(1-2147483647)>

Description
Configures the SNMPv3 Engine Boots value.

Syntax Description

(1-2147483647) Specifies the value of engine boots.

Default
N/A.

Usage Guidelines
Use this command if the Engine Boots value needs to be explicitly configured. Engine Boots and Engine
Time will be reset to zero if the Engine ID is changed. Engine Boots can be set to any desired value but
will latch on its maximum, 2147483647.

Example
The following command configures Engine Boots to 4096:
configure snmpv3 engine-boots 4096

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

126 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 engine-id

configure snmpv3 engine-id

configure snmpv3 engine-id <hex octet>

Description
Configures the SNMPv3 snmpEngineID.

Syntax Description

hex octet Specifies the colon delimited hex octet that serves as part of the
snmpEngineID (5-32 octets).

Default
The default snmpEngineID is the device MAC address.

Usage Guidelines
Use this command if the snmpEngineID needs to be explicitly configured. The first four octets of the ID
are fixed to 80:00:07:7C,which represents Extreme Networks Vendor ID. Once the snmpEngineID is
changed, default users will be reverted back to their original passwords/keys, while non-default users
will be reset to the security level of no authorization, no privacy.

Example
The following command configures the snmpEngineID to be 80:00:07:7C:00:0a:1c:3e:11:
configure snmpv3 engine-id 00:0a:1c:3e:11

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 127

Commands for Managing the Switch

configure snmpv3 target-addr-ext

configure snmpv3 target-addr-ext {hex <hex value>} <addr name> mode
[standard | enhanced] {ignore-mp-model} {ignore-event-community}

Description
Configure an entry in the extremeTargetAddrExtTable.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
addr name Specifies a string identifier for the target address.
enhanced Specifies enhanced traps, which contain extra varbinds at the end.
standard Specifies standard traps, which do not contrain the extra varbinds.
ignore-mp-model Sets the ignore message passing model flag
ignore-event-community Sets the use Event Community flag to false.

Default
The default values are:
• mode—enhanced
• ignore-mp-model—False, the mp-model is not ignored.
• ignore-event-community—False, the EventCommunity is not ignored.

Usage Guidelines
The command snmp add trapreceiver was retained when SNMPv3 support was added to
ExtremeWare. This command allows you to set trap receivers without using the details of SNMPv3.
However, when the command is executed, it internally sets a per-trap-receiver flag called
ignore-mp-model, and ignore-event-community. This command is never uploaded to the switch, but its
equivalent SNMPv3 command, configure snmpv3 add target-addr, is uploaded instead. The latter
has no tokens for ignore-mp-model or ignore-event-come. Therefore, upon downloading the configuration,
the setting for these objects is lost.

This separate command corresponds to a private SNMP table that was subsequently added. The table
contains three objects, ignoreMPModel, useEventCommunity, and Mode. This private table, the
extremeTargetAddrExtTable, is an extension to the standard snmpv3TargetAddrTable

Example
The following command that standard traps will be used:

configure snmpv3 target-addr-ext A1 mode standard

History
This command was first available in ExtremeWare 7.2e.

128 ExtremeWare 7.3e Command Reference Guide

 configure snmpv3 target-addr-ext

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 129

Commands for Managing the Switch

configure sntp-client server

configure sntp-client [primary | secondary] server <host name | ipaddress>]

Description
Configures an NTP server for the switch to obtain time information.

Syntax Description

primary Specifies a primary server name.

secondary Specifies a secondary server name.
host name/ip Specifies a host name.
ipaddress Specifies an IP address.

Default
N/A.

Usage Guidelines
Queries are first sent to the primary server. If the primary server does not respond within 1 second, or if
it is not synchronized, the switch queries the second server. If the switch cannot obtain the time, it
restarts the query process. Otherwise, the switch waits for the sntp-client update interval before
querying again.

Example
The following command configures a primary NTP server:
configure sntp-client primary server 10.1.2.2

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

130 ExtremeWare 7.3e Command Reference Guide

 configure sntp-client update-interval

configure sntp-client update-interval

configure sntp-client update-interval <seconds>

Description
Configures the interval between polls for time information from SNTP servers.

Syntax Description

seconds Specifies an interval in seconds.

Default
64 seconds.

Usage Guidelines
None.

Example
The following command configures the interval timer:
configure sntp-client update-interval 30

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 131

Commands for Managing the Switch

configure web login-timeout

configure web login-timeout <seconds>

Description
Configures the timeout for user to enter username/password in the pop-up window.

Syntax Description

seconds Specifies an interval in seconds, where <seconds> can range from 30

seconds to 10 minutes (600 seconds).

Default
30 seconds.

Usage Guidelines
The Show for this parameter is displayed by using the following command:
show management

Example
The following command configures the interval timer:
configure sntp-client update-interval 30

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

132 ExtremeWare 7.3e Command Reference Guide

 disable eapol-flooding

disable eapol-flooding
disable eapol-flooding

Description
Disables EAPOL flooding on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Per IEEE 802.1D, Summit “e’ series switches do not forward EAPOL frames. Also, if network login is
enabled, EAPOL flooding cannot be enabled.

Example
The following example disables EAPOL frame flooding on a Summit “e” series switch:

disable eapol-flooding

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 133

Commands for Managing the Switch

disable dhcp ports vlan

disable dhcp ports <portlist> vlan <vlan name>

Description
Disables DHCP on a specified port in a VLAN.

Syntax Description

portlist Specifies the ports for which DHCP should be disabled.

vlan name Specifies the VLAN on whose ports DHCP should be disabled.

Default
N/A.

Usage Guidelines
The DHCP server should be used with Network Login and not as a stand-alone DHCP server.

Example
The following command disables DHCP for port 9 in VLAN corp:
disable dhcp ports 9 vlan corp

History
This command was first available in ExtremeWare 7.1e.

134 ExtremeWare 7.3e Command Reference Guide

 disable snmp access

disable snmp access

disable snmp access {snmp-v1v2c}

Description
Selectively disables SNMP on the switch.

Syntax Description

snmp-v1v2c Disables SNMPv1/v2c access only; does not affect SNMPv3 access.

Default
Enabled.

Usage Guidelines
Disabling SNMP access does not affect the SNMP configuration (for example, community strings).
However, if you disable SNMP access, you will be unable to access the switch using SNMP.

To allow access, use the following command:

enable snmp access

By using the enable and disable commands you can enable all SNMP access, no SNMP access, or only
SNMPv3 access. You cannot enable only SNMPv1/v2c access. To enable SNMPv3 only access on the
switch, use the following commands:

enable snmp access

disable snmp access {snmp-v1v2c}

Example
The following command disables all SNMP access on the switch:
disable snmp access

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to add the snmp-v1v2c keyword.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 135

Commands for Managing the Switch

disable snmp dot1dTpFdbTable

disable snmp dot1dTpFdbTable

Description
Disables SNMP GetNext responses for the dot1dTpFdbTable in the BRIDGE-MIB.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
SNMP Get responses are not affected by this command.

To view the configuration of the dot1dTpFdb table on the switch, use the show management command.
The show management command displays information about the switch including the enable/disable
state the dot1dTpFdb table.

To restore defaults to all SNMP-related entries, including the SNMP parameters modified using the
disable snmp dot1dTpFdbTable command, use the unconfigure management command.

Example
The following command disables the dot1dTPFdb table:
disable snmp dot1dTpFdbTable

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

136 ExtremeWare 7.3e Command Reference Guide

 disable snmp traps

disable snmp traps

disable snmp traps

Description
Prevents SNMP traps from being sent from the switch.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command does not clear the SNMP trap receivers that have been configured. The command
prevents SNMP traps from being sent from the switch even if trap receivers are configured.

Example
The following command prevents SNMP traps from being sent from the switch to the trap receivers:
disable snmp traps

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 137

Commands for Managing the Switch

disable snmp traps port-up-down

disable snmp traps port-up-down ports [all | mgmt | <portlist>]

Description
Prevents SNMP port up/down traps (also known as link up and link down traps) from being sent from
the switch for the indicated ports.

Syntax Description
all Specifies that no link up/down traps should be sent for all ports. This does not
include the management port which must be explicitly specified.
mgmt Specifies that no link up/down traps should be sent for the management port.
This option will only appear on platforms that have a management port, such
as the Summit 400.
<portlist> Specifies the list of ports.

Default
Enabled.

Usage Guidelines
This command is used to disable the sending of link up and link down traps for the specified ports. To
see which ports do not have such traps disabled, use the show management command.

Example
The following command will prevent link up or link down traps from being sent for any port on the
switch (except the management port if it has one).
disable snmp traps port-up-down all

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

138 ExtremeWare 7.3e Command Reference Guide

 disable snmp traps mac-security

disable snmp traps mac-security

disable snmp traps mac-security

Description
Prevents SNMP mac-security traps from being sent from the switch for all ports.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command should be used in conjunction with the configure ports <portlist> limit-learning command.
That command configures a limit on the number of MAC addresses that can be learned on a port(s).
After that limit has been reached on a particular port, a trap will be sent by the switch, if a new MAC
address appears on that port. In addition, a message will be generated in the syslog and the port will be
blackholed.

Example
The following command prevents SNMP mac-security traps from being sent from the switch.
disable snmp traps mac-security

History
This command was first available in ExtremeWare 7.0.0.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 139

Commands for Managing the Switch

disable sntp-client
disable sntp-client

Description
Disables the SNTP client.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
SNTP can be used by the switch to update and synchronize its internal clock from a Network Time
Protocol (NTP) server. After the SNTP client has been enabled, the switch sends out a periodic query to
the indicated NTP server, or the switch listens to broadcast NTP updates. In addition, the switch
supports the configured setting for Greenwich Mean Time (GMT) offset and the use of Daylight Savings
Time (DST).

Example
The following command disables the SNTP client:
disable sntp-client

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

140 ExtremeWare 7.3e Command Reference Guide

 disable system-watchdog

disable system-watchdog
disable system-watchdog

Description
Disables the system watchdog timer.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
The watchdog timer reboots the switch if the CPU becomes trapped in a processing loop. If the
watchdog timer is executed, the switch captures information on the cause of the reboot and posts it to
the system log.

Example
The following command disables the watchdog timer:
disable system-watchdog

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 141

Commands for Managing the Switch

disable telnet
disable telnet

Description
Disables Telnet services on the system.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
You must be logged in as an administrator to enable or disable Telnet.

Example
With administrator privilege, the following command disables Telnet services on the switch:
disable telnet

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

142 ExtremeWare 7.3e Command Reference Guide

 disable web

disable web
disable web

Description
Disables web access to the switch.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
You can use this command to disable web access to the switch. If you are using ExtremeWare Vista for
web access, you must create and configure an access profile before you can use this option. You create
an access profile using the create access-profile command. You configure an access profile using
one of the configure access-profile commands.

Example
The following command disables web access to the switch:
disable web

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 143

Commands for Managing the Switch

enable eapol-flooding
enable eapol-flooding

Description
Enables EAPOL flooding on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Per IEEE 802.1D, Summit “e’ series switches do not forward EAPOL frames. Also, if network login is
enabled, EAPOL flooding cannot be enabled. Also, if network login is enabled, EAPOL flooding cannot
be enabled. However, under certain conditions, you might opt to change this behavior to support an
upstream central authenticator by enabling the switch to flood the EAPOL frame on the VLAN
associated with the ingress port.

Example
The following example enables EAPOL frame flooding on a Summit “e” series switch:

enable eapol-flooding

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

144 ExtremeWare 7.3e Command Reference Guide

 enable dhcp ports vlan

enable dhcp ports vlan

enable dhcp ports <portlist> vlan <vlan name>

Description
Enables DHCP on a specified port in a VLAN.

Syntax Description

portlist Specifies the ports for which DHCP should be enabled.

vlan_name Specifies the VLAN on whose ports DHCP should be enabled.

Default
N/A.

Usage Guidelines
None.

Example
The following command enables DHCP for port 9 in VLAN corp:
enable dhcp ports 9 vlan corp

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 145

Commands for Managing the Switch

enable snmp access

enable snmp access

Description
Turns on SNMP support for SNMPv3 and v1/v2c on the switch.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
To have access to the SNMP agent residing in the switch, at least one VLAN must have an IP address
assigned to it.

Any network manager running SNMP can manage the switch (for v1/v2c), provided the MIB is
installed correctly on the management station. Each network manager provides its own user interface to
the management facilities.

For SNMPv3, additional security keys are used to control access, so an SNMPv3 manager is required for
this type of access.

This command enables both v1/v2c and v3 access, so the switch can be accessed with either method.
Use the following commands to allow only v3 access:

enable snmp access

disable snmp access {snmp-v1v2c}

Use the following command to prevent any SNMP access:

disable dhcp ports vlan

There is no way to disable v3 access and allow v1/v2c access

Example
The following command enables all SNMP access for the switch:
enable snmp access

History
This command was first available in ExtremeWare 7.1e.

Support for SNMPv3 was added in ExtremeWare 7.2e.

146 ExtremeWare 7.3e Command Reference Guide

 enable snmp access

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 147

Commands for Managing the Switch

enable snmp dot1dTpFdbTable

enable snmp dot1dTpFdbTable

Description
Enables SNMP GetNext responses for the dot1dTpFdbTable in the BRIDGE-MIB.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
SNMP Get responses are not affected by this command.

To view the configuration of the dot1dTpFdb table on the switch, use the show management command.
The show management command displays information about the switch including the enable/disable
state the dot1dTpFdb table.

To restore defaults to all SNMP-related entries, including the SNMP parameters modified using the
enable snmp dot1dTpFdbTable command, use the unconfigure management command.

Example
The following command enables the dot1dTPFdb table:
enable snmp dot1dTpFdbTable

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

148 ExtremeWare 7.3e Command Reference Guide

 enable snmp traps

enable snmp traps

enable snmp traps

Description
Turns on SNMP trap support.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
An authorized trap receiver can be one or more network management stations on your network. The
switch sends SNMP traps to all trap receivers.

Example
The following command enables SNMP trap support on the switch:
enable snmp trap

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 149

Commands for Managing the Switch

enable snmp traps port-up-down

enable snmp traps {port-up-down ports [all | mgmt | <portlist>]}

Description
Enables SNMP port up/down traps (also known as link up and link down traps) for the indicated
ports.

Syntax Description
all Specifies that link up/down traps should be sent for all ports. This does not
include the management port which must be explicitly specified.
mgmt Specifies that link up/down traps should be sent for the management port.
This option only appears on platforms that have a management port, such as
the Summit 400.
<portlist> Specifies a list of ports.

Default
Enabled.

Usage Guidelines
This command is used to enable the sending of link up and link down traps for the specified ports. To
see which ports have such traps enabled, use the show management command.

Example
The following command will enable link up or link down traps on all ports of the switch (except the
management port if it has one).
enable snmp traps port-up-down all

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

150 ExtremeWare 7.3e Command Reference Guide

 enable snmp traps mac-security

enable snmp traps mac-security

enable snmp traps mac-security

Description
Enables SNMP mac-security traps for all ports to be sent by the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command should be used in conjunction with the configure ports <portlist> limit-learning command.
That command configures a limit on the number of MAC addresses that can be learned on a port(s).
After that limit has been reached on a particular port, a trap will be sent by the switch, if a new MAC
address appears on that port. In addition, a message will be generated in the syslog and the port will be
blackholed.

Example
The following command allows SNMP mac-security traps to be sent from the switch.
enable snmp traps mac-security

History
This command was first available in ExtremeWare 7.0.0.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 151

Commands for Managing the Switch

enable sntp-client
enable sntp-client

Description
Enables the SNTP client.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
SNTP can be used by the switch to update and synchronize its internal clock from a Network Time
Protocol (NTP) server. After the SNTP client has been enabled, the switch sends out a periodic query to
the indicated NTP server, or the switch listens to broadcast NTP updates. In addition, the switch
supports the configured setting for Greenwich Mean Time (GMT) offset and the use of Daylight Savings
Time (DST).

Example
The following command enables the SNTP client:
enable sntp-client

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

152 ExtremeWare 7.3e Command Reference Guide

 enable system-watchdog

enable system-watchdog
enable system-watchdog

Description
Enables the system watchdog timer.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
The watchdog timer reboots the switch if the CPU becomes trapped in a processing loop. If the
watchdog timer is executed, the switch captures information on the cause of the reboot and posts it to
the system log.

You must reboot to have this command take effect.

Example
The following command enables the watchdog timer:
enable system-watchdog

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 153

Commands for Managing the Switch

enable telnet
enable telnet {access-profile [<access_profile> | none]} {port
<tcp_port_number>}

Description
Enables Telnet access to the switch.

Syntax Description

access profile Specifies an access profile. (6.0, 6.1)

none Cancels a previously configured access profile. (6.0, 6.1)
port Specifies a TCP port number. (6.0, 6.1)

Default
Telnet is enabled with no access profile and uses TCP port number 23.

Usage Guidelines
You must be logged in as an administrator to enable Telnet.

If you are using IP without a BOOTP server, you must enter IP parameters for the switch for the Telnet
software to communicate with the device. To assign IP parameters to the switch, you must:
• Log in to the switch with administrator privileges.
• Assign an IP address and subnet mask to a VLAN.
The switch comes configured with a default VLAN named default. To use Telnet or an SNMP
network manager, you must have at least one VLAN on the switch, and it must be assigned an IP
address and subnet mask. IP addresses are always assigned to a VLAN. The switch can be assigned
multiple IP addresses.
• Use an access profile to restrict Telnet access. An access profile permits or denies a named list of IP
addresses and subnet masks. You must create and configure an access profile before you can use this
option. You create an access profile using the create access-profile command. You configure an
access profile using one of the configure access-profile commands.
• Use the none option to cancel a previously configured access-profile.
• Use the port option to specify a TCP port number.

Example
The following command applies the access profile managers to Telnet:
enable telnet access-profile managers

154 ExtremeWare 7.3e Command Reference Guide

 enable telnet

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 155

Commands for Managing the Switch

enable web
enable web {access-profile [<access_profile> | none]} {port
<tcp_port_number>}

Description
Enables ExtremeWare Vista web access to the switch.

Syntax Description

access profile Specifies an access profile.

none Cancels a previously configured access profile.
port Specifies a TCP port number.

Default
Enabled, using TCP port 80.

Usage Guidelines
By default, web access is enabled on the switch.

• By default, web access has no access profile and uses TCP port number 80.
• Use an access profile to restrict ExtremeWare Vista web access. An access profile permits or denies a
named list of IP addresses and subnet masks. You must create and configure an access profile before
you can use this option. You create an access profile using the create access-profile command.
You configure an access profile using one of the configure access-profile commands. Apply an
access profile only when ExtremeWare Vista is enabled.
• Use the none option to cancel a previously configured access-profile.
• Use the port option to specify a TCP port number.

Example
The following command applies the access profile administrators to the web:
enable web access-profile administrators

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

156 ExtremeWare 7.3e Command Reference Guide

 exit

exit
exit

Description
Logs out the session of a current user for CLI or Telnet.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to log out of a CLI or Telnet session.

Example
The following command logs out the session of a current user for CLI or Telnet:
exit

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 157

Commands for Managing the Switch

logout
logout

Description
Logs out the session of a current user for CLI or Telnet.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to log out of a CLI or Telnet session.

Example
The following command logs out the session of a current user for CLI or Telnet:
logout

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

158 ExtremeWare 7.3e Command Reference Guide

 quit

quit
quit

Description
Logs out the session of a current user for CLI or Telnet.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to log out of a CLI or Telnet session.

Example
The following command logs out the session of a current user for CLI or Telnet:
quit

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 159

Commands for Managing the Switch

show eapol-flooding
show eapol-flooding

Description
Displays the current EAPOL flooding state.

Syntax Description
This command has no arguments or variables.

Default
N/A

Usage Guidelines
Per IEEE 802.1D, Summit “e’ series switches do not forward EAPOL frames. Also, if network login is
enabled, EAPOL flooding cannot be enabled. Also, if network login is enabled, EAPOL flooding cannot
be enabled. However, under certain conditions, you might opt to change this behavior to support an
upstream central authenticator by enabling the switch to flood the EAPOL frame on the VLAN
associated with the ingress port.

Example
The following example displays EAPOL frame flooding on a Summit “e” series switch:

show eapol-flooding

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

160 ExtremeWare 7.3e Command Reference Guide

 show management

show management
show management

Description
Displays the SNMP settings configured on the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines:
The following show management output is displayed:
• Enable/disable state for Telnet, SNMP, and web access
• SNMP community strings
• Authorized SNMP station list
• SNMP trap receiver list
• Login statistics
• Enable/disable state for SSH2 and access profile information
• RMON polling configuration
• The enable/disable state of the port-up-down traps
• The enable/disable state of the mac-limit traps

For ExtremeWare 7.2e and higher, the SNMP access display item will show the additional states of v1,
v2c disabled and v3 enabled. The flags field was enhanced to show the SNMP trap groups.

Example
The following command displays configured SNMP settings on the switch:
show management

Following is the output from this command:

ExtremeWare 7.3e Command Reference Guide 161

Commands for Managing the Switch

CLI idle timeouts: disabled

CLI Paging: enabled
CLI configuration logging: enabled
Telnet access: enabled tcp port: 23
Web access: enabled tcp port: 80
Web access login timeout : 30 secs
SSH Access: key invalid, disabled tcp port: 22
UDP Echo Server: disabled udp port: 7
SNMP Access: v1v2c disabled ; v3 enabled
SNMP Read Only Communities: rykfcb
Total Read Only Communities: 1
SNMP Read Write Communities: r~`|kug
Total Read Write Communities: 1
SNMP dot1dTpFdbTable: disabled
RMON polling: disabled
SNMP Traps: enabled
SNMP v1/v2c TrapReceivers:
Destination Community Source IP Address Flags
10.255.254.22 /162 public 2EA
111.111.111.111/162 ThisIsATestComm 2SA

Flags: Version: 1=v1 2=v2c

Mode: S=Standard E=Enhanced
Trap Groups: s=STP o=OSPF p=Ping/Traceroute v=VRRP y=System
e=Extreme m=Smart Traps a=Auth l=Link Up/Down r=RMON
c=Security
A=All
SNMP MAC Security traps: disabled
Link Up/Link Down traps enabled on ports: All, including MgmtPort
SNMP stats: inPkts 301 outPkts 302 errors 0 authErrors 0
Gets 93 GetNexts 208 Sets 0
SNMP traps: sent 10 authTraps enabled
Login stats:
validLogins 3 badPasswords 0 unknownUSers 2(last bad user: admin1)
Telnet: total 3 valid 1 invalid 2
HTTP: total 0 valid 0 invalid 0
Management access stats:
Protocol UDP/TCP Port Total packets Rejected packets
-- -- -- -- --
Protocol Soures IP Address UDP/TCP Port Time
-- -- -- -- --

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

162 ExtremeWare 7.3e Command Reference Guide

 show odometer

show odometer
show odometer

Description
Displays a counter for each component of a switch that shows how long it has been functioning since it
was manufactured.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
The output from this command displays how long each individual component in the whole switch has
been functioning since it is manufactured. This odometer counter will be kept in the EEPROM of each
monitored component. This means that even when the component is plugged into different chassis, the
odometer counter will be available in the new switch chassis.

Example
The following command displays how long each component of a switch has been functioning since it’s
manufacture date:
show odometer

Following is the output from this command:

* Summit300-24:13 # show odometer

Service First Recorded

Unit Days Start Date
------------------------------ ---------- --------------
Mainboard: 22 Jan-17-2065

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 163

Commands for Managing the Switch

show session
show session

Description
Displays the currently active Telnet, console, and web sessions communicating with the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
The show session command displays the username and IP address of the incoming Telnet session,
whether a console session is currently active, and the login time.

The following table displays the show session command field definitions.

Table 8: Show Command Field Definitions

Field Definition
# Indicates session number.
Login Time Indicates login time of session.
User Indicates the user logged in for each session.
Type Indicates the type of session.
Auth Indicates how the user is logged in.
CLI Auth Indicates the type of authentication (RADIUS and TACAS) if enabled.
Location Indicates the location (IP address) from which the user logged in.

Example
The following command displays the active sessions on the switch:
show session

Following is the output from this command:

# Login Time User Type Auth CLI Auth Location

==============================================================================
0 Tue Feb 19 18:08:42 2002 admin console local disabled serial
5 Thu Feb 21 19:09:48 2002 admin http local disabled 10.0.4.76
* 1028 Thu Feb 21 18:56:40 2002 admin telnet local disabled 10.0.4.19

History
This command was first available in ExtremeWare 7.1e.

164 ExtremeWare 7.3e Command Reference Guide

 show session

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 165

Commands for Managing the Switch

show snmpv3 access

show snmpv3 access {hex <hex value>} | <group name>}

Description
Displays SNMPv3 access rights.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
group name Specifies the name of the group to display.

Default
N/A.

Usage Guidelines
The show snmpv3 access command displays the access rights of a group. If you do not specify a
group name, the command will display details for all the groups.

This command displays the SNMPv3 VACMAccessTable entries.

Example
The following command displays all the access details.·

show snmpv3 access

The following command displays the access rights for the group group1:

show snmpv3 access group1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

166 ExtremeWare 7.3e Command Reference Guide

 show snmpv3 context

show snmpv3 context

show snmpv3 context

Description
Displays information about the SNMPv3 contexts on the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines:
This command displays the entries in the View-based Access Control Model (VACM) context table
(VACMContextTable).

Example
The following command displays information about the SNMPv3 contexts on the switch:
show snmpv3 context

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 167

Commands for Managing the Switch

show snmpv3 counters

show snmpv3 counters

Description
Displays SNMPv3 counters.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
The show snmpv3 counters command displays the following SNMPv3 counters:
• snmpUnknownSecurityModels
• snmpInvalidMessages
• snmpUnknownPDUHandlers
• usmStatsUnsupportedSecLevels
• usmStatsNotInTimeWindows
• usmStatsUnknownUserNames
• usmStatsUnknownEngineIDs
• usmStatsWrongDigests
• usmStatsDecryptionErrors

Issuing the command clear counters will resets all counters to zero.

Example
The following command displays all the SNMPv3 counters.·

show snmpv3 counters

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

168 ExtremeWare 7.3e Command Reference Guide

 show snmpv3 engine-info

show snmpv3 engine-info

show snmpv3 engine-info

Description
Displays information about the SNMPv3 engine on the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines:
The following show engine-info output is displayed:
• EngineID—Either the ID auto generated from MAC address of switch, or the ID manually
configured.
• EngineBoots—Number of times the agent has been rebooted.
• EngineTime—Time since agent last rebooted, in centiseconds.
• Max. Message Size—Maximum SNMP Message size supported by the Engine (8192).

Example
The following command displays information about the SNMPv3 engine on the switch:
show snmpv3 engine-info

The following is output from this command:

SNMP Engine-ID : 80:00:07:7c:03:00:01:30:23:c1:00 'H'

SNMP Engine Boots : 4
SNMP Engine Time : 1852673
SNMP Max. Message Size : 8192

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 169

Commands for Managing the Switch

show snmpv3 filter

show snmpv3 filter {{hex <hex value>} <profile name> {{subtree} <object
identifier>}

Description
Display the filters that belong a filter profile.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
profile name Specifies the filter profile to display.
object identifier Specifies a MIB subtree.

Default
N/A.

Usage Guidelines
Use this command to display entries from the snmpNotifyFilterTable. If you specify a profile name and
subtree, you will display only the entries with that profile name and subtree. If you specify only the
profile name, you will display all entries for that profile name. If you do not specify a profile name,
then all the entries are displayed.

Example
Use the following command to display the part of filter profile prof1 that includes the MIB subtree
1.3.6.1.4.1:

show snmpv3 filter prof1 subtree 1.3.6.1.4.1

need sample output

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

170 ExtremeWare 7.3e Command Reference Guide

 show snmpv3 filter-profile

show snmpv3 filter-profile

show snmpv3 filter-profile {{hex <hex value>} <profile name>} {param {hex
<hex value>} <param name>}

Description
Display the association between parameter names and filter profiles.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
profile name Specifies the filter profile name.
param name Specifies the parameter name.

Default
N/A.

Usage Guidelines
Use this command to display the snmpNotifyFilterProfileTable. This table associates a filter profile with
a parameter name. The parameter name is associated with target addresses, and the filter profile is
associated with a series of filters, so, in effect, you are associating a series of filters with a target address.

Example
Use the following command to display the entry with filter profile prof1 with the parameter name P1:

show snmpv3 filter-profile prof1 param P1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 171

Commands for Managing the Switch

show snmpv3 group

show snmpv3 group {hex <hex value> | <group name>} {user {hex <hex value>}
| <user name>}

Description
Displays the user name (security name) and security model association with a group name.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
group name Specifies the group name to display.
user name Specifies the user name to display.

Default
N/A.

Usage Guidelines
The show snmpv3 group command displays the details of a group with the given group name. If you
do not specify a group name, the command will display details for all the groups.

Example
The following command displays information about all groups for every security model and user name:

show snmpv3 group

The following command shows information about the group testgroup and user name testuser:

show snmpv3 group testgroup user testuser

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

172 ExtremeWare 7.3e Command Reference Guide

 show snmpv3 mib-view

show snmpv3 mib-view

show snmpv3 mib-view {{hex <hex value>} | <view name>} {subtree <object
identifier>}

Description
Displays a MIB view.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
view name Specifies the name of the MIB view to display.
subtree Specifies the object identifier of the view to display.

Default
N/A.

Usage Guidelines
The show snmpv3 mib-view command displays a MIB view. If you do not specify a view name, the
command will display details for all the MIB views. If a subtree is not specified, then all subtrees
belonging to the view name will be displayed.

This command displays the SNMPv3 VACMViewsTreeFamilyTable.

Example
The following command displays all the view details.·

show snmpv3 mib-view

The following command displays a view with the view name Roview and subtree 1.3.6.1.2.1.1:

show snmpv3 mib-view Roview subtree 1.3.6.1.2.1.1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 173

Commands for Managing the Switch

show snmpv3 notify

show snmpv3 notify {{hex <hex value>} <notify name>}

Description
Display the notifications that are set. This command displays the snmpNotifyTable.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
param name Specifies the parameter name associated with the target.

Default
N/A.

Usage Guidelines
Use this command to display entries from the SNMPv3 snmpNotifyTable. This table lists the notify tags
that the agent will use to send notifications (traps).

If no notify name is specified, all the entries are displayed.

Example
The following command displays the notify table entry for N1:

show snmpv3 notify N1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

174 ExtremeWare 7.3e Command Reference Guide

 show snmpv3 target-addr

show snmpv3 target-addr

show snmpv3 target-addr {{hex <hex value>} | <addr name>}

Description
Display information about SNMPv3 target addresses.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
addr name Specifies a string identifier for the target address.

Default
N/A.

Usage Guidelines
Use this command to display entries in the SNMPv3 snmpTargetAddressTable. If no target address is
specified, the entries for all the target addresses will be displayed.

Example
The following command displays the entry for the target address named A1:

show snmpv3 target-addr A1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 175

Commands for Managing the Switch

show snmpv3 target-addr-ext

show snmpv3 target-addr-ext {hex <hex value>} <addr name>

Description
Display information about SNMPv3 target addresses enhanced or standard mode.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
addr name Specifies a string identifier for the target address.

Default
N/A.

Usage Guidelines
Use this command to display entries in the SNMPv3 extremeTargetAddressExtTable.

Example
The following command displays the entry for the target address named A1:

show snmpv3 target-addr-ext A1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

176 ExtremeWare 7.3e Command Reference Guide

 show snmpv3 target-params

show snmpv3 target-params

show snmpv3 target-params [{{hex <hex value>} | <param name>}]

Description
Display the information about the options associated with the parameter name.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
param name Specifies the parameter name to display.

Default
N/A.

Usage Guidelines
Use this command to display entries from the SNMPv3 snmpTargetParamsTable. This table specifies the
message processing model, security level, security model, and the storage parameters for messages to
any target addresses associated with a particular parameter name.

If no parameter name is specified, all the entries are displayed.

Example
The following command displays the target parameter entry named P1:

show snmpv3 target-params P1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 177

Commands for Managing the Switch

show snmpv3 user

show snmpv3 user {{hex <hex value>} <user name>}

Description
Displays detailed information about the user.

Syntax Description

hex Specifies that the value to follow is to be supplied as a colon separated string
of hex octets.
user name Specifies the user name to display.

Default
N/A.

Usage Guidelines
The show snmpv3 user command displays the details of a user. If you do not specify a user name, the
command will display details for all the users. The authentication and privacy passwords and keys will
not be displayed.

The user entries in SNMPv3 are stored in the USMUserTable, so the entries are indexed by EngineID
and user name.

Example
The following command lists all user entries:

show snmpv3 user

The following command lists details for the specified user, testuser:

show snmpv3 user testuser

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

178 ExtremeWare 7.3e Command Reference Guide

 show sntp-client

show sntp-client
show sntp-client

Description
Displays the DNS configuration.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Displays configuration and statistics information of SNTP client.

Example
The following command displays the DNS configuration:
show sntp-client

Following is the output from this command:

SNTP client is enabled

SNTP time is valid
Primary server: 172.17.1.104
Secondary server: 172.17.1.104
Query interval: 64
Last valid SNTP update: From server 172.17.1.104, on Wed Oct 30 22:46:03 2002
SNTPC Statistics:
Packets transmitted:
to primary server: 1
to secondary server: 0
Packets received with valid time:
from Primary server: 1
from Secondary server: 0
from Broadcast server: 0
Packets received without valid time:
from Primary server: 0
from Secondary server: 0
from Broadcast server: 0
Replies not received to requests:
from Primary server: 0
from Secondary server: 0

History
This command was first available in ExtremeWare 7.1e.

ExtremeWare 7.3e Command Reference Guide 179

Commands for Managing the Switch

Platform Availability
This command is available on the “e” series platforms.

180 ExtremeWare 7.3e Command Reference Guide

 show vlan dhcp-address-allocation

show vlan dhcp-address-allocation

show vlan <vlan name> dhcp-address-allocation

Description
Displays DHCP address allocation information about VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Summary information for all VLANs on the device.

Usage Guidelines
Display the IP address, MAC address, and time assigned to each end device.

Example
The following command displays DHCP address allocation information about VLAN vlan1:
show vlan vlan1 dhcp-address-allocation

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 181

Commands for Managing the Switch

show vlan dhcp-config

show vlan <vlan name> dhcp-config

Description
Displays DHCP configuration information about VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Summary information for all VLANs on the device.

Usage Guidelines
Displays the DHCP configuration, including the DHCP range, DHCP lease timer, network login lease
timer, and DHCP-enabled ports.

Example
The following command displays DHCP configuration information about VLAN vlan1:
show vlan vlan1 dhcp-config

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

182 ExtremeWare 7.3e Command Reference Guide

 telnet

telnet
telnet [<ipaddress> | <hostname>] {<port_number>}

Description
Allows you to Telnet from the current command-line interface session to another host.

Syntax Description

ipaddress Specifies the IP address of the host.

hostname Specifies the name of the host. (4.x and higher)
port_number Specifies a TCP port number. (4.x and higher)

Default
Enabled. If the TCP port number is not specified, the Telnet session defaults to port 23.

Usage Guidelines
Only VT100 emulation is supported.

Any workstation with a Telnet facility should be able to communicate with the switch over a TCP/IP
network.

You need to configure the switch IP parameters.

Up to eight active Telnet sessions can access the switch concurrently. If idletimeouts are enabled, the
Telnet connection will time out after 20 minutes of inactivity. If a connection to a Telnet session is lost
inadvertently, the switch terminates the session within two hours.

Before you can start a Telnet session, you need to configure the switch IP parameters. To open a Telnet
connection, you must specify the host IP address or the host name of the device you wish to manage.
Check the user manual supplied with the Telnet facility if you are unsure of how to do this.

To view the status of Telnet on the switch, use the show management command. The show management
command displays information about the switch including the enable/disable state for Telnet.

You must configure DNS in order to use the hostname option.

Example
The following command configures Telnet communication with a host at IP address 123.45.67.8:
telnet 123.45.67.8

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 183

Commands for Managing the Switch

unconfigure management
unconfigure management

Description
Restores default values to all SNMP-related entries.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command restores default values to all SNMP-related entries on the switch:
unconfigure management

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

184 ExtremeWare 7.3e Command Reference Guide

 4 Commands for Configuring Ports

This chapter describes:

• Commands related to enabling, disabling, and configuring individual ports
• Commands related to configuring port speed (Fast Ethernet ports only) and half- or full-duplex
mode
• Commands related to creating load-sharing groups on multiple ports
• Commands related to displaying port statistics
• Commands related to enabling and disabling loopback detection

By default, all ports on the switch are enabled. After you configure the ports to your specific needs, you
can select which ports are enabled or disabled.

Fast Ethernet ports can connect to either 10Base-T or 100Base-T networks. By default, the ports
autonegotiate (automatically determine) the port speed. You can also configure each port for a particular
speed (either 10 Mbps or 100 Mbps).

Gigabit Ethernet ports are statically set to 1 Gbps, and their speed cannot be modified.

The switch comes configured to use autonegotiation to determine the port speed and duplex setting for
each port. You can select to manually configure the duplex setting and the speed of 10/100/1000 Mbps
ports, and you can manually configure the duplex setting on Gigabit Ethernet ports.

All ports on the switch can be configured for half-duplex or full-duplex operation. The ports are
configured to autonegotiate the duplex setting, but you can manually configure the duplex setting for
your specific needs.

Load sharing with Extreme Network switches allows you to increase bandwidth and resilience between
switches by using a group of ports to carry traffic in parallel between switches. The sharing algorithm
allows the switch to use multiple ports as a single logical port. For example, VLANs see the
load-sharing group as a single logical port. The algorithm also guarantees packet sequencing between
clients.

If a port in a load-sharing group fails, traffic is redistributed to the remaining ports in the load-sharing
group. If the failed port becomes active again, traffic is redistributed to include that port.

Load sharing is most useful in cases where the traffic transmitted from the switch to the load-sharing
group is sourced from an equal or greater number of ports on the switch. For example, traffic
transmitted to a two-port load-sharing group should originate from a minimum of two other ports on
the same switch.

ExtremeWare 7.3e Command Reference Guide 185

Commands for Configuring Ports

You can view port status on the switch using the show ports commands. These commands, when used
with specific keywords and parameters, allow you to view various issues such as real-time collision
statistics, link speed, and packet size.

Commands that require you to enter one or more port numbers use the parameter <portlist> in the
syntax. A <portlist> can be one or more port numbers. For a detailed explanation of port specification
“Switch Numerical Ranges” in Chapter 1.

Link Aggregation Control Protocol (LACP) is an extension to the existing sharing implementation. It
provides several features:

• LACP protocol control of sets of links

• Loopback detection
• Configuration verification for systems connected using LACP

186 ExtremeWare 7.3e Command Reference Guide

 configure ip-mtu vlan

configure ip-mtu vlan

configure ip-mtu <number> vlan <vlan name>

Description
Sets the maximum transmission unit (MTU) for the VLAN.

Syntax Description
number Specifies the IP MTU value. Range is from 1500 to 9194.
vlan name Specifies a VLAN name.

Default
The default IP MTU size is 1500.

Usage Guidelines
Use this command to enable jumbo frame support or for IP fragmentation with jumbo frames. Jumbo
frames are Ethernet frames that are larger than 1522 bytes, including 4 bytes used for CRC. Both
endstations involved in the transfer must be capable of supporting jumbo frames. The switch does not
perform IP fragmentation or participate in MTU negotiation on behalf of devices that do not support
jumbo frames.

When enabling jumbo frames and setting the MTU size for the VLAN, keep in mind that some network
interface cards (NICs) have a configured maximum MTU size that does not include the additional
4 bytes of CRC included in a jumbo frame configuration. Ensure that the NIC maximum MTU is at or
below the maximum MTU size configured on the switch. Frames that are larger than the MTU size
configured on the switch are dropped at the ingress port.

If you use IP fragmentation with jumbo frames and you want to set the MTU size greater than 1500, all
ports in the VLAN must have jumbo frames enabled.

For MPLS modules:

Fragmentation is based on either the minimum value of the configured MPLS IP MTU size or the
configured IP MTU size for the egress VLAN.

Example
The following command sets the MTU size to 1500 for VLAN sales:
configure ip-mtu 1500 vlan sales

The following command increases the MTU size on the MPLS VLANs to accommodate the MPLS shim
header:
configure ip-mtu 1550 vlan vlan1

History
This command was first available in ExtremeWare 7.2e.

ExtremeWare 7.3e Command Reference Guide 187

Commands for Configuring Ports

Platform Availability
This command is available on the “e” series platforms.

188 ExtremeWare 7.3e Command Reference Guide

 configure jumbo-frame size

configure jumbo-frame size

configure jumbo-frame size <number>

Description
Sets the maximum jumbo frame size for the switch chassis.

Syntax Description
number Specifies a maximum transmission unit (MTU) size for a jumbo frame.

Default
The default setting is 9216.

Usage Guidelines
Jumbo frames are used between endstations that support larger frame sizes for more efficient transfers
of bulk data. Both endstations involved in the transfer must be capable of supporting jumbo frames.

The number keyword describes the maximum jumbo frame size “on the wire,” and includes 4 bytes of
cyclic redundancy check (CRC) plus another 4 bytes if 802.1Q tagging is being used.

To enable jumbo frame support, you must configure the maximum transmission unit (MTU) size of a
jumbo frame that will be allowed by the switch.

Some network interface cards (NICs) have a configured maximum MTU size that does not include the
additional 4 bytes of CRC. Ensure that the NIC maximum MTU size is at or below the maximum MTU
size configured on the switch. Frames that are larger than the MTU size configured on the switch are
dropped at the ingress port.

You should enable jumbo frame support on the ports that are members of an MPLS VLAN. The jumbo
frame size should be set to accommodate the addition of a maximally-sized label stack. For example, a
jumbo frame size of at least 1530 bytes is needed to support a two-level label stack on a tagged Ethernet
port and a jumbo frame size of at least 1548 bytes is needed to support a TLS encapsulated MPLS
frame.

The MPLS module supports the MTU size configured using the configure jumbo-frame size
command.

The jumbo_frame_mtu range is between 1523 through 9216.

Example
The following command configures the maximum MTU size of a jumbo frame size to 5500:
configure jumbo-frame size 5500

History
This command was first available in ExtremeWare 7.2e

ExtremeWare 7.3e Command Reference Guide 189

Commands for Configuring Ports

Platform Availability
This command is only available on the Summit 400-48t switch.

190 ExtremeWare 7.3e Command Reference Guide

 configure mirroring add

configure mirroring add

configure mirroring add ports <portnumber>

Description
Adds a particular mirroring filter definition on the switch.

Syntax Description
portnumber Specifies a port.

Default
N/A.

Usage Guidelines
For a detailed explanation of port specification, see “Switch Numerical Ranges” in Chapter 1.

You must enable port-mirroring using the enable mirroring command before you can configure the
mirroring filter definitions.

Up to eight mirroring definitions can be added. You can mirror traffic from a VLAN, a physical port, or
a specific VLAN/port combination.

Port-mirroring configures the switch to copy all traffic associated with one or more ports to a monitor
port on the switch. The monitor port can be connected to a network analyzer or RMON probe for
packet analysis. The switch uses a traffic filter that copies a group of traffic to the monitor port. The
traffic filter can be defined based on one of the following criteria:

• Physical port—All data that traverses the port, regardless of VLAN configuration, is copied to the
monitor port.
• VLAN—All data to and from a particular VLAN, regardless of the physical port configuration, is
copied to the monitor port.
• Virtual port—All data specific to a VLAN on a specific port is copied to the monitor port.

Up to eight mirroring filters and one monitor port can be configured on the switch. Once a port is
specified as a monitor port, it cannot be used for any other function. Frames that contain errors are not
mirrored.

In addition to the physical port, VLAN, and virtual port, the traffic filter can be defined based on the
following criteria:
• MAC source address/destination address—All data sent to or received from a particular source or
destination MAC address is copied to the monitor port.

For MAC mirroring to work correctly, the MAC address must already be present in the forwarding
database (FDB). You need to enable and configure FDB for MAC mirroring to work correctly. See “FDB
Commands” for more details.

ExtremeWare 7.3e Command Reference Guide 191

Commands for Configuring Ports

Example
The following example sends all traffic coming into or out of a switch on port 1 and the VLAN default to
the mirror port:
configure mirroring add ports 1 vlan default

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to add filtering for VLANs, MAC addresses, and
virtual ports.

Platform Availability
This command is available on the “e” series platforms.

192 ExtremeWare 7.3e Command Reference Guide

 configure mirroring delete

configure mirroring delete

configure mirroring delete ports <portnumber>

Description
Deletes a particular mirroring filter definition on the switch.

Syntax Description
portnumber Specifies a port.

Default
N/A.

Usage Guidelines
For a detailed explanation of port specification, see“Switch Numerical Ranges” in Chapter 1.

Example
The following example deletes the mirroring filter on a switch defined for port 1 on VLAN default:
configure mirroring delete ports 1 vlan default

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to add support for VLANs and MAC addresses.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 193

Commands for Configuring Ports

configure ports
configure ports [<portlist> vlan <vlan name> | all] [limit-learning
<number> | lock-learning | unlimited-learning | unlock-learning]

Description
Configures virtual ports for limited or locked MAC address learning.

Syntax Description
portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots and ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies that all virtual ports should be configured as indicated.
vlan name Specifies the name of the VLAN.
limit-learning <number> Specifies a limit on the number of MAC addresses that can be dynamically
learned on the specified ports.
lock-learning Specifies that the current FDB entries for the specified ports should be made
permanent static, and no additional learning should be allowed.
unlimited-learning Specifies that there should not be a limit on MAC addresses that can be
learned.
unlock-learning Specifies that the port should be unlocked (allow unlimited, dynamic learning).

Default
Unlimited, unlocked learning.

Usage Guidelines
On a modular switch, <portlist> can be a list of slots and ports. On a stand-alone switch, <portlist>
can be one or more port numbers.

Limited learning. The limited learning feature allows you to limit the number of dynamically-learned
MAC addresses per VLAN. When the learned limit is reached, all new source MAC addresses are
blackholed at both the ingress and egress points. This prevent these MAC addresses from learning and
responding to Internet control message protocol (ICMP) and address resolution protocol (ARP) packets.

If the limit you configure is greater than the current number of learned entries, all the current learned
entries are purged.

Dynamically learned entries still get aged, and can be cleared. If entries are cleared or aged out after the
learning limit has been reached, new entries will then be able to be learned until the limit is reached
again.

Permanent static and permanent dynamic entries can still be added and deleted using the create
fdbentry and delete fdbentry commands. These override any dynamically learned entries.

For ports that have a learning limit in place, the following traffic will still flow to the port:
• Packets destined for permanent MACs and other non-blackholed MACs
• Broadcast traffic

194 ExtremeWare 7.3e Command Reference Guide

 configure ports

• EDP traffic

Traffic from the permanent MAC and any other non-blackholed MACs will still flow from the virtual
port.

If you configure a MAC address limit on VLANS that have ESRP enabled, you should add an
additional back-to-back link (that has no MAC address limit on these ports) between the ESRP-enabled
switches. Doing so prevents ESRP PDU from being dropped due to MAC address limit settings.

Port lockdown. The port lockdown feature allows you to prevent any additional learning on the
virtual port, keeping existing learned entries intact. This is equivalent to making the
dynamically-learned entries permanent static, and setting the learning limit to zero. All new source
MAC addresses are blackholed.

Locked entries do not get aged, but can be deleted like any other permanent FDB entries. The maximum
number of permanent lockdown entries is 1024. Any FDB entries above will be flushed and blackholed
during lockdown.

For ports that have lockdown in effect, the following traffic will still flow to the port:
• Packets destined for the permanent MAC and other non-blackholed MACs
• Broadcast traffic
• EDP traffic

Traffic from the permanent MAC will still flow from the virtual port.

Once the port is locked down, all the entries become permanent and will be saved across reboot. When
you remove the lockdown using the unlock-learning option, the learning-limit is reset to unlimited, and
all associated entries in the FDB are flushed.

To verify the MAC security configuration for the specified VLAN or ports, use the following
commands:
show vlan <vlan name> security
show ports <portlist> info detail

Example
The following command limits the number of MAC addresses that can be learned on ports 1, 2, 3, and 6
in a VLAN named accounting, to 128 addresses:
configure ports 1, 2, 3, 6 vlan accounting learning-limit 128

The following command locks ports 4 and 5 of VLAN accounting, converting any FDB entries to static
entries, and prevents any additional address learning on these ports:
configure ports 4,5 vlan accounting lock-learning

The following command removes the learning limit from the specified ports:
configure ports 1, 2, vlan accounting unlimited-learning

The following command unlocks the FDB entries for the specified ports:
configure ports 4,5 vlan accounting unlock-learning

ExtremeWare 7.3e Command Reference Guide 195

Commands for Configuring Ports

History
This command was first available in ExtremeWare 6.2 and added to the “e” series in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

196 ExtremeWare 7.3e Command Reference Guide

 configure ports auto off

configure ports auto off

configure ports [<portlist> | all | mgmt] auto off {speed [10 | 100 |
1000]} duplex [half | full]

Description
Manually configures port speed and duplex setting configuration on one or more ports on a switch.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5,.
all Specifies all configured ports on the switch...
mgmt Specifies the management port. Supported only for switches that provide a
management port, such as the Summit 400.
speed [10] Specifies 10 Mbps ports.
speed [100] Specifies 100 Mbps ports.
speed [1000] Specifies 1000 Mbps ports.
duplex [half] Specifies half duplex; transmitting and receiving data one direction at a time.
duplex [full] Specifies full duplex; transmitting and receiving data at the same time.

Default
Auto on.

Usage Guidelines
On a Summit “e” series switch, <portlist> can be one or more port numbers. For a detailed
explanation of port specification, see“Switch Numerical Ranges” in Chapter 1.

You can manually configure the duplex setting and the speed of 10/100/1000 Mbps ports, and you can
manually configure the duplex setting on Gigabit Ethernet ports.

Fast Ethernet ports can connect to either 10BASE-T or 100BASE-T networks. By default, the ports
autonegotiate port speed. You can also configure each port for a particular speed (either 10 Mbps or 100
Mbps).

Gigabit Ethernet ports are statically set to 1 Gbps, and their speed cannot be modified.

All ports can be configured for half-duplex or full-duplex operation. By default, the ports autonegotiate
the duplex setting.

In certain interoperability situations, it is necessary to turn autonegotiation off on a Gigabit Ethernet

port. Even though a Gigabit Ethernet port runs only at full duplex and gigabit speeds, the command
that turns off autonegotiation must still include the duplex setting.

• The all parameter specifies all ports on the switch.

• The 1000 parameter specifies 1000 Mbps ports.

ExtremeWare 7.3e Command Reference Guide 197

Commands for Configuring Ports

Example
The following example turns autonegotiation off for port 4 (a Gigabit Ethernet port):
configure ports 4 auto off duplex full

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support the all and mgmt keywords.

Platform Availability
This command is available on the “e” series platforms.

198 ExtremeWare 7.3e Command Reference Guide

 configure ports auto on

configure ports auto on

configure ports [<portlist> | mgmt | all] auto on

Description
Enables autonegotiation for the particular port type.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.
mgmt Specifies the management port. Supported only for switches that provide a
management port, such as the Summit 400.
all Specifies all configured ports on the switch. (6.1 and later) See “Usage
Guidelines” for more information.

Default
Auto on.

Usage Guidelines
On a Summit “e” series switches, <portlist> can be one or more port numbers. For a detailed
explanation of port specification, see “Switch Numerical Ranges” in Chapter 1.

The type of ports enabled for autonegotiation are 802.3u for 10/100/1000 Mbps ports or 802.3z for
Gigabit Ethernet ports.

The all parameter specifies all ports on the switch.

Example
The following command configures the switch to autonegotiate for ports 4 and 6:
configure ports 4,6 auto on

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support the all and mgmt keywords.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 199

Commands for Configuring Ports

configure ports auto

configure ports [<portlist> | all] auto-polarity [off | on]

Description
Configures the autopolarity detection feature on the specified Ethernet ports.

Syntax Description
portlist Specifies one or more ports on the switch. May be in the form 1, 2, 3-5.
all Specifies all of the ports on the switch.
off Disables the autopolarity detection feature on the specified ports.
on Enables the autopolarity detection feature on the specified ports.

Default
The autopolarity detection feature is on.

Usage Guidelines
Use the all keyword to enable or disable the autopolarity detection feature on all of the Ethernet ports
on the Summit 200 and Summit 300 switches.

When autopolarity is disabled on one or more Ethernet ports, you can verify that status by using the
command:

show configuration

This command will list the ports for which the feature has been disabled.

To verify the current autopolarity status, use the show ports {mgmt | <portlist>| vlan <vlan
name>} info {detail} command.

Example
The following command disables the autopolarity detection feature on ports 3-5 on the Summit 200
switch:
configure ports 3-5 auto off

The following command enables the autopolarity detection feature on ports 3-5 on the Summit 200
switch:

configure ports 3-5 auto on

History
This command was first available in ExtremeWare 6.2.2b108.

Platform Availability
This command is available on the Summit 200 series and Summit 300 switches only.

200 ExtremeWare 7.3e Command Reference Guide

 configure ports display-string

configure ports display-string

configure ports [<portlist> | mgmt] display-string <alphanumeric string>

Description
Configures a user-defined string for a port or group of ports.

Syntax Description
portlist Specifies one or more ports numbers. May be in the form 1, 2, 3-5,.
mgmt Specifies the management port. Supported only for switches that provide a
management port, such as the Summit 400.
alphanumeric string Specifies a user-defined display string.

Default
N/A.

Usage Guidelines
On a Summit “e” series switch, <portlist> can be one or more port numbers. For a detailed
explanation of port specification, see“Switch Numerical Ranges” in Chapter 1.

The display string can be up to 16 characters. Display strings do not need to be unique for each
port—you can assign the same string to multiple ports. For example, you could give all the ports that
connected to a particular department a common display string.

The string is displayed in certain commands such as the show ports info command.

Example
The following command configures the user-defined string corporate for port 1:
configure ports 1 display-string corporate

History
This command was first available in ExtremeWare 7.1e

This command was modified in ExtremeWare 7.2e to support the mgmt keyword.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 201

Commands for Configuring Ports

configure port interpacket-gap

configure port <port> interpacket-gap <byte_time>

Description
Configures the Interpacket Gap for a 10 Gigabit port.

Syntax Description
byte_time Specifies the Interpacket Gap byte time.

Default
The default value of the byte time is 12.

Usage Guidelines
The standard compliant Interpacket Gap for 10 Gigabit Ethernet interfaces is 12. Some vendors'
10 Gigabit Ethernet interfaces drop packets when packets are transmitted using a value of 12. Thus, by
increasing the Interpacket Gap, packet transmission is slowed and packet loss can be minimized or
prevented. The Interpacket Gap value need not be modified when interconnecting Extreme Networks
switches over 10 Gigabit Ethernet links.

The allowable range for the byte time is 12-1023.

Example
The following command configures Interpacket Gap to 48:
configure port 75 interpacket-gap 48

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the Summit 400 switch.

202 ExtremeWare 7.3e Command Reference Guide

 configure ports preferred-medium

configure ports preferred-medium

configure ports <nnn> preferred-medium {copper} | {fiber} |[force]

Description
Configures the primary uplink port to use a preferred medium.

Syntax Description
nnn Specifies the port number. Valid port numbers are 1X to 4X for fiber and ports 1 to 4 for
copper.
copper Specifies that the switch should always use the 10/100/1000 connection whenever a link
is established, regardless whether a fiber link is also present.
fiber Specifies that the switch should always use the 1 Gigabit fiber connection whenever a link
is established, regardless whether a copper link is also present.
force Forces the switch to switchover to the selected media type immediately (if it has link).
This option is not available on the Summit 300-24.

Default
The default is determined at cable installation time.

Usage Guidelines
By specifying either copper or fiber, the switch starts the assignment with that medium and uses this
preferred medium the next time the switch is rebooted. However, when a failure occurs and the uplinks
are swapped, the switch continues to keep that uplink assignment until another failure occurs or until
the assignment is changed using the CLI. To require that the switch revert to the preferred-medium, use
the force option.

Examples
The following Summit 400-48t example, we establishes port 4 as the primary uplink and port 4X as the
redundant uplink port:

configure ports 4 preferred-medium copper

Port 4 becomes the primary uplink until a failure occurs on that link. At that time, port 4X becomes the
primary uplink and port 4 becomes the redundant port. This assignment stays in place until the next
failure.

In the following example, we force the switch to use the fiber port whenever it has a link:

configure ports 3 preferred-medium fiber force

In this example, port 3X becomes the primary uplink port until a failure occurs on the link. At that time,
port 3 becomes the primary uplink and port 3X becomes the redundant port. When port 3X
re-establishes the link, port 3X becomes the primary uplink port again.

History
This command was first available in ExtremeWare 7.2.e.

ExtremeWare 7.3e Command Reference Guide 203

Commands for Configuring Ports

Platform Availability
This command is available on Summit 300-24 and Summit 400-48t switches only.

204 ExtremeWare 7.3e Command Reference Guide

 configure ports redundant

configure ports redundant

configure ports [<portlist> | <portid>] redundant [<portlist> | <portid>]

Description
Configures a software-controlled redundant port.

Syntax Description
portlist Specifies one or more primary ports numbers. May be in the form 1, 2, 3-5, 1:3.
portid Specifies a primary port using the display string configured for the port. If this option is
used to identify the port, the redundant port must also be specified using a port id (display
string).

Default
N/A.

Usage Guidelines
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

The first port list specifies the primary ports. The second port list specifies the redundant ports.

A software-controlled redundant port is configured to backup a specified primary port. The redundant
port tracks the link state of the associated primary port, and if the link on the primary port fails, the
redundant port establishes a link and becomes active. You can back up a specified Ethernet port with a
redundant, dedicated Ethernet port. You can also back up a load-shared group of Ethernet ports with a
set of load-shared redundant Ethernet ports. If a link in the active load-shared group fails, the entire
group fails over to the redundant group.

The following criteria must be considered when configuring a software-controlled redundant port:
• You can configure only one redundant port for each primary port.
• You must manually configure the primary and redundant ports identically in terms of VLANs, QoS
settings, access lists, and so on.
• Auto-negotiation must be enabled on both the primary and redundant port.
• Only one side of the link should be configured as redundant. For example, if ports 1 and 2 are
connected between switches A and B, only switch A should be configured with redundant ports.
• Software redundant ports are not supported on 1000BASE-T ports.

Software redundant port only cover failures where both the TX and RX paths fail. If a single strand of
fiber is pulled, the software redundant port cannot correctly recover from the failure.

Example
The following command configures a software-controlled redundant port:
configure ports 3 redundant 4

ExtremeWare 7.3e Command Reference Guide 205

Commands for Configuring Ports

The following command configures a software-controlled redundant port using the port display strings
corp1 and corp5 to identify the ports:
configure ports corp1 redundant corp5

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

206 ExtremeWare 7.3e Command Reference Guide

 configure sharing address-based

configure sharing address-based

configure sharing address-based [ip-dest| ip-source| ip-source-dest
|mac-dest | mac-source | mac-source-dest]

Description
Configures the part of the packet examined by the switch when selecting the egress port for
transmitting load-sharing data.

Syntax Description
ip-dest Indicates that the switch should examine the IP destination address.
ip-source Indicates that the switch should examine the IP source address.
ip-source-dest Indicates that the switch should examine the IP source and destination
addresses.
mac-dest Indicates that the switch should examine the MAC destination address.
mac-source Indicates that the switch should examine the MAC source address.
mac-source-dest Indicates that the switch should examine the MAC source and destination
addresses.

Default
N/A.

Usage Guidelines
This feature is available using the address-based load-sharing algorithm only. The address-based
load-sharing algorithm uses addressing information to determine which physical port in the
load-sharing group to use for forwarding traffic out of the switch. Addressing information is based on
the packet protocol, as follows:
• IP packets—Uses the source and destination MAC and IP address.
• All other packets—Uses the source and destination MAC address.

To verify your configuration, use the show sharing address-based command. The show sharing
address-based output displays the addressed-based configurations on the switch.

Example
The following example configures the switch to examine the MAC source and destination address:
configure sharing address-based mac-source-dest

History
This command was first available in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 207

Commands for Configuring Ports

disable edp ports

disable edp ports [<portlist> | all]

Description
Disables the Extreme Discovery Protocol (EDP) on one or more ports.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.
all Specifies all ports on the switch. See “Usage Guidelines” for more information.

Default
Enabled.

Usage Guidelines
On series “e” switches, a <portlist> can be one or more port numbers. For a detailed explanation of
port specification, see“Switch Numerical Ranges” in Chapter 1.

You can use the disable edp ports command to disable EDP on one or more ports when you no
longer need to locate neighbor Extreme Networks switches.

The all parameter specifies all ports on the switch.

SummitLink is not supported.

Example
The following command disables EDP on port 4 and port 6:
disable edp ports 4,6

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support the all keyword.

Platform Availability
This command is available on the “e” series platforms.

208 ExtremeWare 7.3e Command Reference Guide

 disable jumbo-frame ports

disable jumbo-frame ports

disable jumbo-frame ports [<portlist> | all]

Description
Disables jumbo frame support on a port.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5,.
all Specifies all ports on the switch.

Default
Disabled.

Usage Guidelines
The <portlist> can be one or more port numbers. For a detailed explanation of port specification,
see“Switch Numerical Ranges” in Chapter 1.

Use the disable jumbo-frame ports command when you no longer need jumbo frame support.

Example
The following command disables jumbo frame support on port 4:
disable jumbo-frame ports 4

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 209

Commands for Configuring Ports

disable lbdetect port

disable lbdetect port <portlist>

Description
Disables the detection of loops between ports.

Syntax Description

portlist Specifies one or more ports or slots and ports to be grouped to the master
port. On a modular switch, can be a list of slots and ports. On a stand-alone
switch, can be one or more port numbers. May be in the form 1, 2, 3-5, 1:*,
15,.

Default
Disabled.

Usage Guidelines
Each port may enable loop detection. This optional feature detects that a port has been looped back to
the local system. If a loopback is detected, the port is disabled. Note that loopbacks may exist between
different ports. The feature will disable any port that both has the feature enabled, and receives an
LACP message that was sent from the local system.

Example
The following example disables loopback detection on ports 9 through 12:
disable lbdetect port 9-12

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

210 ExtremeWare 7.3e Command Reference Guide

 disable learning ports

disable learning ports

disable learning ports <portlist>

Description
Disables MAC address learning on one or more ports for security purposes.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
Enabled.

Usage Guidelines
The <portlist> can be one or more port numbers.For a detailed explanation of port specification,
see“Switch Numerical Ranges” in Chapter 1.

If MAC address learning is disabled, only broadcast traffic, EDP traffic, and packets destined to a
permanent MAC address matching that port number, are forwarded.

Use this command in a secure environment where access is granted via permanent forwarding
databases (FDBs) per port.

Learning must be disabled to allow port flooding. See the enable flooding command for information
on enabling port flooding.

Example
The following command disables MAC address learning on port 4:
disable learning ports 4

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 211

Commands for Configuring Ports

disable mirroring
disable mirroring

Description
Disables port-mirroring.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Use the disable mirroring command to stop configured copied traffic associated with one or more
ports.

Example
The following command disables port-mirroring:
disable mirroring

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

212 ExtremeWare 7.3e Command Reference Guide

 disable ports

disable ports
disable ports [<portlist> | all |{vlan} <vlan name>]

Description
Disables one or more ports on the switch.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.
all Specifies all ports on the switch.
vlan name Specifies the name of a VLAN.

Default
Enabled.

Usage Guidelines
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

Use this command for security, administration, and troubleshooting purposes.

Even though a port is disabled, the link remains enabled for diagnostic purposes. To enable or re-enable
a port, use the enable ports [<portlist> | all | {vlan} <vlan name>] command.

Example
The following command disables ports 3, 5, and 12 through 15:
disable ports 3,5,12-15

History
This command was first available in ExtremeWare 7.1e.

The all option was first available for the Summit 300-48 in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 213

Commands for Configuring Ports

disable sharing
disable sharing [<port>]

Description
Disables a load-sharing group of ports.

Syntax Description
port Specifies the master port of a load-sharing group.

Default
Disabled.

Usage Guidelines
This command increases bandwidth tracking and resiliency.
The <port> is the port configured as the load-sharing master port. For a detailed explanation of port
specification, see“Switch Numerical Ranges” in Chapter 1.

When sharing is disabled, the master port retains all configuration including VLAN membership.
Configuration for all other member ports is reset to default values. Member ports are removed from all
VLANs to prevent loops.

Example
The following command disables sharing on master logical port 9, which contains ports 9-12:
disable sharing 9

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

214 ExtremeWare 7.3e Command Reference Guide

 disable smartredundancy

disable smartredundancy
disable smartredundancy [<portlist>]

Description
Disables the smart redundancy feature.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
Disabled.

Usage Guidelines
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

Use with Extreme Networks switches that support privacy and backup uplinks.

When smartredundancy is disabled, the switch changes the active link only when the current active link
becomes inoperable.

Example
The following command disables the smart redundancy feature on ports 1-4:
disable smartredundancy 1-4

History

Platform Availability
This command is available on all platforms switches.

ExtremeWare 7.3e Command Reference Guide 215

Commands for Configuring Ports

enable edp ports

enable edp ports [<portlist> | all]

Description
Enables the Extreme Discovery Protocol (EDP) on one or more ports.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.
all Specifies all ports on the switch.

Default
Enabled.

Usage Guidelines
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

EDP is useful when Extreme Networks switches are attached to a port.

The EDP is used to locate neighbor Extreme Networks switches and exchange information about switch
configuration. When running on a normal switch port, EDP is used to by the switches to exchange
topology information with each other. Information communicated using EDP includes the following:
• Switch MAC address (switch ID)
• Switch software version information
• Switch IP address
• Switch VLAN-IP information
• Switch port number

Example
The following command enables EDP on port 7:
enable edp ports 7

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

216 ExtremeWare 7.3e Command Reference Guide

 enable jumbo-frame ports

enable jumbo-frame ports

enable jumbo-frame ports [<portlist> | all]

Description
Enables support on the physical ports that will carry jumbo frames.

For PoS modules, enables jumbo-frame support to specific PoS ports when jumbo-frame support
changes the negotiated maximum receive unit (MRU) size.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.
all Specifies all ports on the switch.

Default
Disabled.

Usage Guidelines
Increases performance to back-end servers or allows for VMAN 802.1q encapsulations.

You must configure the maximum MTU size of a jumbo frame before you can use the enable
jumbo-frame ports command. Use the configure jumbo-frame size command to configure the
MTU size.

The <portlist> can be a list of slots and ports. The <portlist> can be one or more port numbers. For
a detailed explanation of port specification, see “Switch Numerical Ranges” in Chapter 1.

Example
The following command enables jumbo frame support on port 5:
enable jumbo-frame ports 5

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 217

Commands for Configuring Ports

enable lbdetect port

enable lbdetect port <portlist> [retry-timeout<seconds>]

Description
Enables the system to detect loops between ports. If a port is looped, it disables the port. Every N
seconds, it re-enables the port and tries again, unless “none” is specified

Syntax Description

portlist Specifies one or more ports or slots and ports to be grouped to the master
port. On a modular switch, can be a list of slots and ports. On a stand-alone
switch, can be one or more port numbers. May be in the form 1, 2, 3-5, 1:*,
1:5.
retry-timeout Specifies a time in seconds to check for loops on the ports.

Default
Disabled.

Usage Guidelines
Each port may enable loop detection. This optional feature detects that a port has been looped back to
the local system. If a loopback is detected, the port is disabled. Note that loopbacks may exist between
different ports. The feature will disable any port that both has the feature enabled, and receives an
LACP message that was sent from the local system.

If no timeout is specified, the port is disabled permanently if there is a loop detected. Otherwise, the
port is periodically re-enabled, and tested for loops every N seconds.

Example
The following example enables loopback detection on ports 9 through 12:
enable lbdetect port 9-12

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

218 ExtremeWare 7.3e Command Reference Guide

 enable learning ports

enable learning ports

enable learning ports <portlist>

Description
Enables MAC address learning on one or more ports.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
Enabled.

Usage Guidelines
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

Example
The following command enables MAC address learning on ports 7 and 8:
enable learning ports 7,8

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 219

Commands for Configuring Ports

enable mirroring to port

enable mirroring to port [<port>] tagged

Description
Dedicates a port on the switch to be the mirror output port.

Syntax Description
port Specifies the port to be the mirror output port.
tagged Configures the port as tagged.

Default
N/A.

Usage Guidelines
Port-mirroring configures the switch to copy all traffic associated with one port to a monitor port on the
switch. The monitor port can be connected to a network analyzer or RMON probe for packet analysis.
The switch uses a traffic filter that copies a group of traffic to the monitor port. The traffic filter can be
defined based on one of the following criteria:
• Physical port—All data that traverses the port, regardless of VLAN configuration, is copied to the
monitor port.
• VLAN—All data to and from a particular VLAN, regardless of the physical port configuration, is
copied to the monitor port.
• Virtual port—All data specific to a VLAN on a specific port is copied to the monitor port.

Up to eight mirroring filters and one monitor port can be configured on the switch. After a port has
been specified as a monitor port, it cannot be used for any other function. Frames that contain errors are
not mirrored.

• In addition to the physical port, VLAN, and virtual port, the traffic filter can be defined based on the
following criteria:
— MAC source address/destination address—All data sent to or received from a particular source
or destination MAC address is copied to the monitor port.
For MAC mirroring to work correctly, the MAC address must already be present in the forwarding
database (FDB).

Example
The following example selects port 3 as a tagged mirror port:
enable mirroring to port 3 tagged

History
This command was first available in ExtremeWare 7.2e.

220 ExtremeWare 7.3e Command Reference Guide

 enable mirroring to port

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 221

Commands for Configuring Ports

enable ports
enable ports [<portlist> | all | {vlan} <vlan name>]

Description
Enables a port.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.
all Specifies all ports on the switch.
vlan name Specifies the name of a VLAN.

Default
All ports are enabled.

Usage Guidelines
Use this command to enable the port(s) if you disabled the port(s) for security, administration, or
troubleshooting purposes.
The <portlist> can be one or more port numbers. For a detailed explanation of port specification,
see“Switch Numerical Ranges” in Chapter 1.

Example
The following command enables ports 3, 5, and 12 through 15:
enable ports 3,5,12-15

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

222 ExtremeWare 7.3e Command Reference Guide

 enable sharing grouping

enable sharing grouping

enable sharing <port> grouping <portlist> {dynamic | algorithm
address-based }

Description
This command enables the switch to configure static port load sharing or dynamic port load sharing.
When configuring dynamic port load sharing, LACP will be used to detect and set up for the remote
side’s load sharing capabilities.

Syntax Description

port Specifies the master port for a loadsharing group.

portlist Specifies one or more ports to be grouped to the master port. May be in the
form 1, 2, 3-5,1:5.
dynamic Specifies dynamic sharing by using LACP.
algorithm Specifies sharing by address-based algorithm.

Default
Disabled

Usage Guidelines

For a detailed explanation of port specification, see “Switch Numerical Ranges” in Chapter 1.

Load sharing allows you to increase bandwidth and availability between switches by using a group of
ports to carry traffic in parallel between switches. The sharing algorithm allows the switch to use
multiple ports as a single logical port or a “master” port. For example, VLANs see the load-sharing
group as a single logical port. The algorithm also guarantees packet sequencing between clients.

If a port in a load-sharing group fails, traffic is redistributed to the remaining ports in the load-sharing
group. If the failed port becomes active again, traffic is redistributed to include that port.

Load sharing must be enabled on both ends of the link, or a network loop will result.

While LACP is based on industry standard, this feature is supported between Extreme Networks
switches only. However, it may be compatible with third-party “trunking” or sharing algorithms. Check
with an Extreme Networks technical representative for more information.

• When using load sharing, you should always reference the master logical port of the load-sharing
group when configuring or viewing VLANs. VLANs configured to use other ports in the
load-sharing group will have those ports deleted from the VLAN when load sharing becomes
enabled.
• A load-sharing group can include a maximum of eight ports.
• Dynamic load sharing (LACP) cannot be used for groups that span multiple modules.
• When using load sharing with the ESRP HA feature, configure all ports in the same load-sharing
group as host attach ports. When using load sharing with the ESRP don’t count feature, configure all
ports in the same load-sharing group as don’t count ports.

ExtremeWare 7.3e Command Reference Guide 223

Commands for Configuring Ports

• Dynamic load sharing—A grouping of ports that will use IEEE 802.3ad load sharing to dynamically
determine if load sharing is possible, and will automatically configure load sharing when possible.
Uses Link Aggregation Control Protocol (LACP), part of the IEEE 802.3ad standard, to allow the
switch to dynamically reconfigure the sharing groups. The group is only enabled when LACP
detects that the other side is also using LACP, and wants these ports to be in a group

Load-sharing algorithms allow you to select the distribution technique used by the load-sharing group
to determine the output port selection. Algorithm selection is not intended for use in predictive traffic
engineering. You can only choose the algorithm used in static load sharing. There is no option to choose
an algorithm when you use dynamic load sharing.
• Address-based—Uses addressing information to determine which physical port in the load-sharing
group to use for forwarding traffic out of the switch. Addressing information is based on the packet
protocol, as follows:
— IP packets—Uses the source and destination MAC and IP addresses, and the TCP port number.
— All other packets—Uses the source and destination MAC address.

Using the round-robin algorithm, packet sequencing between clients is not guaranteed.

If you do not explicitly select an algorithm, the port-based scheme is used. However, the address-based
algorithm has a more even distribution and is the recommended choice.

Example
The following example defines a load-sharing group that contains ports 9 through 12, and uses the first
port in the group as the master logical port:
enable sharing 9 grouping 9-12

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

224 ExtremeWare 7.3e Command Reference Guide

 enable smartredundancy

enable smartredundancy
enable smartredundancy <portlist>

Description
Enables the Smart Redundancy feature on the redundant Gigabit Ethernet port.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
Enabled.

Usage Guidelines
When the Smart Redundancy feature is enabled, the switch always uses the primary link when the
primary link is available.
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

Example
The following command enables the Smart Redundancy feature on port 4 on a switch:
enable smartredundancy 4

The following command enables the Smart Redundancy feature on slot 1, port 4 on a Summit 300-48
switch:

enable smartredundancy 1:4

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 225

Commands for Configuring Ports

restart ports
restart ports [<portlist>]

Description
Resets autonegotiation for one or more ports by resetting the physical link.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

Example
The following command resets autonegotiation on port 4:
restart ports 4

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

226 ExtremeWare 7.3e Command Reference Guide

 show edp

show edp
show edp {vlan <portlist><vlan name>}

Description
Displays connectivity and configuration information for neighboring Extreme Networks switches.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
The <portlist> can be one or more port numbers. For a detailed explanation of port specification,
see“Switch Numerical Ranges” in Chapter 1.

Use the show edp command to display neighboring switches and configurations. This is most effective
with Extreme Networks switches.

Example
The following command displays the connectivity and configuration of neighboring Extreme Networks
switches:
show edp

Following is the output from this command:

Port 1: EDP is enabled

Remote-system: Summit5i (Version 6.2.2)
Remote-ID=00:00:00:01:30:e9:ef:00
Remote-Port=1:1 Age=37
Remote-Vlans:
Mgmt(4094, 10.45.208.223) test1(0) Default(1)
MacVlanDiscover(0)

Port 3: EDP is enabled

Remote-system: Summit7i (Version 6.2.2)
Remote-ID=00:00:00:e0:2b:99:fe:00
Remote-Port=1:3 Age=35
Remote-Vlans:
Mgmt(4094) Default(1) MacVlanDiscover(0)
Port 5: EDP is enabled
Remote-system: Alpine3808 (Version 6.2.2)
Remote-ID=00:00:00:01:30:31:55:00
Remote-Port=1:1 Age=47
Remote-Vlans:
Mgmt(4094, 10.45.208.226) Default(1) MacVlanDiscover(0)

ExtremeWare 7.3e Command Reference Guide 227

Commands for Configuring Ports

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

228 ExtremeWare 7.3e Command Reference Guide

 show mirroring

show mirroring
show mirroring

Description
Displays the port-mirroring configuration on the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
You must configure mirroring on the switch to display mirroring statistics. Use the show mirroring
command to configure mirroring.

You can use this command to display mirroring statistics and determine if mirroring is enabled or
disabled on the switch.

To view the status of port-mirroring on the switch, use the show mirroring command. The show
mirroring command displays information about the enable/disable state for port-mirroring.

Example
The following command displays switch mirroring statistics:
show mirroring

Following is the output from this command:

Mirror port: 5 is up
port number 1 in all vlans

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 229

Commands for Configuring Ports

show ports collisions

show ports {mgmt | <portlist>| vlan <vlan name>} collisions

Description
Displays real-time collision statistics.

Syntax Description
mgmt Specifies the management port. This option is only available on switches with
a management port.Supported only for switches that provide a management
port, such as the Summit 400.
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
If you do not specify a port number or range of ports, collision statistics are displayed for all ports.
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

This status information may be useful for your technical support representative if you have a network
problem.

Example
The following command displays real-time collision statistics on port 7:
show ports 7 collisions

Following is the output from this command:

Port Collision Monitor Wed Oct 30 19:33:10 2002

Port Link Collision Histogram
Status 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
==============================================================================
1 A 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
2 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
3 A 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
4 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
5 A 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
6 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
7 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
8 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
9 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
10 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
11 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
12 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
13 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
14 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

230 ExtremeWare 7.3e Command Reference Guide

 show ports collisions

15 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
16 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
==============================================================================
Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback
0->Clear Counters U->page up D->page down ESC->exit

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 231

Commands for Configuring Ports

show ports configuration

show ports {mgmt | <portlist>| vlan <vlan name>} configuration

Description
Displays port configuration statistics.

Syntax Description
mgmt Specifies the management port. This option is only available on switches with
a management port. Supported only for switches that provide a management
port, such as the Summit 400.
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

If you do not specify a port number or range of ports, configuration statistics are displayed for all ports.

This status information may be useful for your technical support representative if you have a network
problem.

This command displays port configuration, which includes:

• Port state
• Link state
• Link speed
• Duplex mode
• Load sharing information
• Link media information
• Auto on/off

Example
The following command displays the port configuration statistics for all ports on a switch:
show ports config

Following is the output from this command:

Port Configuration Monitor Tue Aug 3 15:25:25 2004

Port Port Link Auto Speed Duplex Flow Ld Share Media
State Status Neg Cfg Actual Cfg Actual Ctrl Master Pri Red
================================================================================
1:1 ENABLED R ON AUTO AUTO UTP

232 ExtremeWare 7.3e Command Reference Guide

 show ports configuration

1:2 ENABLED R ON AUTO AUTO UTP

1:3 ENABLED R ON AUTO AUTO UTP
1:4 ENABLED R ON AUTO AUTO UTP
1:5 ENABLED R ON AUTO AUTO UTP
1:6 ENABLED R ON AUTO AUTO UTP
1:7 ENABLED R ON AUTO AUTO UTP
1:8 ENABLED R ON AUTO AUTO UTP
1:9 ENABLED R ON AUTO AUTO UTP
1:10 ENABLED R ON AUTO AUTO UTP
1:11 ENABLED R ON AUTO AUTO UTP
1:12 ENABLED R ON AUTO AUTO UTP
1:13 ENABLED R ON AUTO AUTO UTP
1:14 ENABLED R ON AUTO AUTO UTP
1:15 ENABLED R ON AUTO AUTO UTP
1:16 ENABLED R ON AUTO AUTO UTP
1:17 ENABLED R ON AUTO AUTO UTP
================================================================================
Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback
U->page up D->page down ESC->exit

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 233

Commands for Configuring Ports

show ports info

show ports {mgmt | <portlist>| vlan <vlan name>} info {detail}

Description
Displays detailed system-related information.

Syntax Description
mgmt Specifies the management port. Supported only for switches that provide a
management port, such as the Summit 400.
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.
detail Specifies detailed port information.

Default
N/A.

Usage Guidelines
This command displays the following:
• Port number
• Diagnostics
• Port configuration
— Admin state
— Link state
— Link counter
— VLAN configuration
— STP configuration
— Trunking
— EDP
— Load balancing
— Learning
— Flooding
— QoS profiles
If you do not specify a port number or range of ports, detailed system-related information is displayed
for all ports. The data is displayed in a table format.
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

This status information may be useful for your technical support representative if you have a network
problem.

• The detail parameter is used to provided more specific port information. The data is called out
with written explanations versus displayed in a table format.

234 ExtremeWare 7.3e Command Reference Guide

 show ports info

• The detailed output displays a link filter counter. The link filter counter is calculated at the middle
layer on receiving an event. The link filter up indicates the number of link transitions from down to
up at the middle layer filter. The link filter down indicates the number of link transitions from up to
down at the middle layer filter.

Example
The following command displays port system-related information:
show ports info

Following is sample output from this command:

Extremeware
Copyright (C) 1996-2004 Extreme Networks. All rights reserved.
===============================================================

Press the <tab> key at any time for completions.

Remember to save your configuration changes.
* Summit300-24:1 # show ports info
Port Diag Flags Link Link Num Num Num Jumbo QOS Load
State UPs STP VLAN Proto Size Profile Master

1 P e--m-------E ready 0 0 0 0 N/A

2 P e--m-------E ready 0 0 0 0 N/A
3 P e--m-------E ready 0 0 0 0 N/A
4 P e--m-------E ready 0 0 0 0 N/A
5 P e--m-------E ready 0 0 0 0 N/A
6 P e--m-------E ready 0 0 0 0 N/A
7 P e--m-------E ready 0 0 0 0 N/A
8 P e--m-------E ready 0 0 0 0 N/A
9 P e--m-------E ready 0 0 0 0 N/A
10 P e--m-------E ready 0 0 0 0 N/A
11 P e--m-------E ready 0 0 0 0 N/A
12 P e--m-------E ready 0 0 0 0 N/A
13 P e--m-------E ready 0 0 0 0 N/A
14 P e--m-------E ready 0 0 0 0 N/A
15 P e--m-------E ready 0 0 0 0 N/A
16 P e--m-------E ready 0 0 0 0 N/A
17 P e--m-------E ready 0 0 0 0 N/A
18 P e--m-------E ready 0 0 0 0 N/A
19 P e--m-------E ready 0 0 0 0 N/A
20 P e--m-------E ready 0 0 0 0 N/A
21 P e--m-------E ready 0 0 0 0 N/A
22 P e--m-------E ready 0 0 0 0 N/A
23 P e--m-------E ready 0 0 0 0 N/A
24 P e--m-------E active 1 0 1 0 N/A
25 P e--m-------E ready 42 0 0 0 N/A
26 P e--m-------E ready 0 0 0 0 N/A

Flags: (a) Load Sharing Algorithm address-based, (d) DLCS Enabled

(D) Port Disabled, (e) Extreme Discovery Protocol Enabled
(E) Port Enabled, (f) Flooding Enabled, (g) Egress TOS Enabled
(h) Hardware Redundant Phy, (j) Jumbo Frame Enabled
(l) Load Sharing Enabled, (m) MAC Learning Enabled

ExtremeWare 7.3e Command Reference Guide 235

Commands for Configuring Ports

(n) Ingress TOS Enabled, (o) Dot1p Vlan Priority Replacement Enabled
(P) Software Primary Port, (q) Background QOS Monitoring Enabled
(R) Software Redundant Port

Diag: (P) Passed, (F) Failed

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

236 ExtremeWare 7.3e Command Reference Guide

 show ports packet

show ports packet

show ports {mgmt | <portlist>| vlan <vlan name>} packet

Description
Displays a histogram of packet statistics.

Syntax Description
mgmt Specifies the management port Supported only for switches that provide a
management port, such as the Summit 400.
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
If you do not specify a port number or range of ports, a histogram is displayed for all ports.
The <portlist> can be one or more port numbers. For a detailed explanation of port specification,
see“Switch Numerical Ranges” in Chapter 1.

This status information may be useful for your technical support representative if you have a network
problem.

The following packet statistics are displayed:

• port number
• link status
• packet size

Example
The following command displays packet statistics for ports 1 through 6:
show ports 1-6 packet
Receive Packet Statistics Sun Sep 12 14:48:59 2004
Port Link Packet Sizes
Status 0-64 65-127 128-255 256-511 512-1023 1024-1518 Jumbo
================================================================================
1 A 410465 3548292 97395 51257 7390 1547785 0
2 A 397578 1724578 94290 49422 10469 2491883 0
3 R 0 0 0 0 0 0 0
4 A 394646 2485133 102640 52893 5945 1537346 0
5 A 394141 2439441 89201 49095 4141 1532115 0
6 A 394741 2099487 67017 40001 4143 2540292 0
Sun Sep 12 14:48:40 2004=======================================================
=====Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback
0->Clear Counters U->page up D->page down ESC->exit

ExtremeWare 7.3e Command Reference Guide 237

Commands for Configuring Ports

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

238 ExtremeWare 7.3e Command Reference Guide

 show ports redundant

show ports redundant

show ports redundant

Description
Displays detailed information about redundant ports.

Syntax Description
This command does not have any parameters or variables.

Default
N/A

Usage Guidelines
An asterisk appears when an individual link is active and an exclamation point when the link is
disabled.

Example
The following examples gives information about redundant ports:

show ports redundant

The output of the command is similar to:

Primary *5 Redundant 7
Primary *6 Redundant 25

Flags: (*) Active, (!) Disabled

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 239

Commands for Configuring Ports

show ports sharing

show ports <portlist> sharing

Description
Displays port loadsharing groups.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
None.

Example
The following example shows all of the load sharing groups on the Summit 400:
* Summit400-48t:46 # show ports sharing
Load Sharing Monitor
Config Current Ld Share Ld Share Link Link
Master Master Type Group Status Ups
==========================================================
37 37 a 37 A 1
a 38 R 0
a 39 A 1
a 40 A 1
a 41 A 1
a 42 A 1

Link Status: (A) Active, (D) Disabled, (LB) Loopback, (ND) Not Distributing
(NP) Not Present, (R) Ready

Ld Share Type: (a) address based

The next example shows dynamic load sharing configured on a Summit 300-24:

* Summit300-24:29 # show ports sharing

Load Sharing Monitor
Config Current Ld Share Ld Share Link Link
Master Master Type Group Status Ups
==========================================================
1 1 dy 1 ND 1
dy 2 D 0
Link Status: (A) Active, (D) Disabled, (LB) Loopback, (ND) Not Distributing
(NP) Not Present, (R) Ready
Ld Share Type: (a) address based, (dy) dynamic

240 ExtremeWare 7.3e Command Reference Guide

 show ports sharing

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 241

Commands for Configuring Ports

show ports utilization

show ports {mgmt | <portlist>| vlan <vlan name>} utilization

Description
Displays real-time port utilization information.

Syntax Description
mgmt Specifies the management port. Supported only for switches that provide a
management port, such as the Summit 400.
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
Use the [Spacebar] to toggle between packet, byte, and bandwidth utilization information.
The <portlist> can be one or more port numbers. For a detailed explanation of port specification,
see“Switch Numerical Ranges” in Chapter 1.

If you do not specify a port number or range of ports, port utilization information is displayed for all
ports.

This status information may be useful for your technical support representative if you have a network
problem.

Example
The following command displays utilization statistics for port 1:
show ports 1 utilization

242 ExtremeWare 7.3e Command Reference Guide

 show ports utilization

The following examples show the output from the show ports utilization command for all ports on the
switch. The three displays show the information presented when you use the spacebar to toggle
through the display types. The first display shows utilization in terms of packets:
Link Utilization Averages Wed Jan 23 21:29:45 2004
Port Link Receive Peak Rx Transmit Peak Transmit
Status packet/sec pkt/sec pkt/sec pkt/sec
=====================================================================================
1 A 43 255 4 14
2 R 0 0 0 0
3 R 0 0 0 0
4 R 0 0 0 0
5 R 0 0 0 0
6 R 0 0 0 0
7 R 0 0 0 0
8 R 0 0 0 0

================================================================================
Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback
spacebar->toggle screen U->page up D->page down ESC->exit

The second display shows utilization in terms of bytes:

Link Utilization Averages Wed Jan 23 21:30:03 2002
Port Link Receive Peak Rx Transmit Peak Transmit
Status bytes/sec bytes/sec bytes/sec bytes/sec
==========================================================================
1 A 1102 69555 536 2671
2 R 0 0 0 0
3 R 0 0 0 0
4 R 0 0 0 0
5 R 0 0 0 0
6 R 0 0 0 0
7 R 0 0 0 0
8 R 0 0 0 0

===========================================================================
Link Status: A-Active R-Ready D-Disabled NP-Not Present

The third display shows bandwidth utilization:

Link Utilization Averages Wed Jan 23 21:30:19 2002
Port Link Link Receive Peak Rx Transmit Peak Transmit
Status Speed % bandwidth % bandwidth % bandwidth % bandwidth
================================================================================
1 A 100 0.00 0.60 0.00 0.02
2 R 0.00 0.00 0.00 0.00
3 R 0.00 0.00 0.00 0.00
4 R 0.00 0.00 0.00 0.00
5 R 0.00 0.00 0.00 0.00
6 R 0.00 0.00 0.00 0.00
7 R 0.00 0.00 0.00 0.00
8 R 0.00 0.00 0.00 0.00

================================================================================
Link Status: A-Active R-Ready D-Disabled NP-Not Present
spacebar->toggle screen U->page up D->page down ESC->exit

ExtremeWare 7.3e Command Reference Guide 243

Commands for Configuring Ports

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

244 ExtremeWare 7.3e Command Reference Guide

 show ports vlan info

show ports vlan info

show ports <portlist> | vlan <vlan_name> vlan info

Description
Displays port VLAN information.

Syntax Description
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.
vlan_name Specifies to display VLAN information from the VLAN with this name.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays VLAN information for port 2:
show ports 2 vlan info

The following is the output from this command:

Port 2
Name VID Protocol Addr Flags Proto Ports
v1 4093 ------------------ -------- ANY 2/2

#
#

Flags: (C) Domain-masterVlan, (c) Domain-memberVlan, (d) DVMRP Enabled

(E) ESRP Slave, (f) IP Forwarding Enabled, (G) GVRP Enabled
(i) ISIS Enabled, (I) IP Forwarding lpm-routing Enabled
(L) Loopback Enabled, (M) ESRP Master, (m) IPmc Forwarding Enabled
(N) GNS Reply Enabled, (o) OSPF Enabled (P) IPX SAP Enabled
(p) PIM Enabled, (R) SubVLAN IP Range Configured, (r) RIP Enabled
(S) SuperVlan, (s) SubVlan, (T) Member of STP Domain
(v) VRRP Enabled, (V) VPLS/TLS Enabled, (X) IPX RIP Enabled
(Z) Translation-Vlan, (z) Member-Vlan
(2) IPX Type 20 Forwarding Enabled

History
This command was first available in ExtremeWare 7.3e.

ExtremeWare 7.3e Command Reference Guide 245

Commands for Configuring Ports

Platform Availability
This command is available on the “e” series platforms.

246 ExtremeWare 7.3e Command Reference Guide

 show port vlan stats

show port vlan stats

show ports <portlist> | vlan <vlan_name> vlan stats

Description
Displays port VLAN statistics.

Syntax Description
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.
vlan_name Specifies to display VLAN statistics from the VLAN with this name.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays VLAN information for the corp VLAN:
show ports vlan corp vlan stats

The output of the command is similar to:

Port-Based Vlan Statistics Sun Sep 12 19:19:50 2004

PORT Rx Rx Rx Rx Byte Tx Tx Tx Tx Byte
VLAN Ucast Mcast Bcast Count Ucast Mcast Bcast Count
================================================================================
7
8
9
10
================================================================================
======
0->Clear Counters U->page up D->page down ESC->exit

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 247

Commands for Configuring Ports

show sharing address-based

show sharing address-based

Description
Displays the address-based load sharing configuration.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This feature is available using the address-based load-sharing algorithm only. The address-based
load-sharing algorithm uses addressing information to determine which physical port in the
load-sharing group to use for forwarding traffic out of the switch. Addressing information is based on
the packet protocol, as follows:
• IP packets—Uses the source and destination MAC and IP address, and the TCP port number.
• All other packets—Uses the source and destination MAC address.

To verify your configuration, use the show sharing address-based command. The show sharing
address-based output displays the addressed-based configurations on the switch.

Example
The following example displays the address-based load sharing configuration on the switch:
show sharing address-based

Following is the output from this command:

Sharing address-based = L2_L3_L4

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

248 ExtremeWare 7.3e Command Reference Guide

 unconfigure ports display string

unconfigure ports display string

unconfigure ports <portlist> display-string

Description
Clears the user-defined display string from one or more ports.

Syntax Description
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
This command removes the display string that you configured using the configure ports
display-string command.
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

Example
The following command clears the user-defined display from port 4:
unconfigure ports 4 display-string

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 249

Commands for Configuring Ports

unconfigure ports redundant

unconfigure ports [<portlist> | <port id>] redundant

Description
Clears a previously configured software-controlled redundant port.

Syntax Description
portlist Specifies one or more ports or ports. Can be one or more port numbers. May
be in the form 1, 2, 3-5, 1:3.
portid Specifies a port using the display string configured for the port. Only one port
can be specified using this method.

Default
N/A.

Usage Guidelines
<portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

The <port id> is the display string configured for the port. Use the configure ports <portnumber>
display-string <string> command to configure a display string for the port.

The list of port numbers or the port display string specifies the redundant port(s).

Example
The following command unconfigures a software-controlled redundant port:
unconfigure ports 5 redundant

The output of the command is similar to:

Unconfig Redundant on Port 5

* Summit400-48t:33 # 07/24/2004 04:50:36.42 <Info:SYST> serial admin: unconfigure
ports 5 redundant

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on all platforms.

250 ExtremeWare 7.3e Command Reference Guide

 5 VLAN Commands

This chapter describes the following commands:

• Commands for creating and deleting VLANs and performing basic VLAN configuration
• Commands for defining protocol filters for use with VLANs
• Commands for enabling or disabling the use of Generic VLAN Registration Protocol (GVRP)
information on a switch and its ports

VLANs can be created according to the following criteria:

• Physical port—A port-based VLAN consists of a group of one or more ports on the switch. A port
can be a member of only one port-based VLAN, and is by default a member of the VLAN named
“Default.”
• 802.1Q tag—Tagging is most commonly used to create VLANs that span switches.
• Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol type—Protocol-based VLANs are most often
used in situations where network segments contain hosts running multiple protocols.
• MAC address—MAC-based VLANs allow physical ports to be mapped to a VLAN based on the
source MAC address learned in the FDB.
• A combination of these criteria.

ExtremeWare 7.3e Command Reference Guide 251

VLAN Commands

configure mac-vlan add mac-address

configure mac-vlan add mac-address [any | <mac_address>] mac-group [any |
<group_number>] vlan <vlan name>

Description
Adds a MAC address as a potential member of a MAC-based VLAN.

Syntax Description

mac_address The MAC address to be added to the specified VLAN. Specified in the form
nn:nn:nn:nn:nn:nn.
any indicates that any MAC-address associated with the specified MAC group
may be a member.
group_number The group number that should be associated with the specified MAC address.
Specified as an integer
any indicates that this MAC address can be associated with any MAC group.
vlan name The name of the VLAN with which this MAC address should associated.

Default
N/A.

Usage Guidelines
The specified MAC address must be associated with an end station/host only, not a layer 2 repeater
device.

Adding a MAC address means that when the specified address is detected on a member port, as
specified by its group membership, it can participate in the VLAN.

At least one port must be enabled to use the MAC-based VLAN algorithm before any MAC addresses
can be added.

Example
Given ports enabled for MAC-based VLANs as follows:
enable mac-vlan mac-group any ports 16,17
enable mac-vlan mac-group 10 ports 11,12

The following command sets up the end-station with MAC address 00:00:00:00:00:01 to participate in
VLAN engineering via the MAC-enabled ports 16 or 17:
configure mac-vlan add mac-address 00:00:00:00:00:01 mac-group any vlan engineering

MAC address 00:00:00:00:00:01 cannot get access via ports 11 or 12 because it is not configured for
mac-group 10.

The following command sets up the endstation 00:00:00:00:00:02 to participate in VLAN engineering
through the ports in group 10 (ports 11 or 12) or through ports 16 or 17 (enabled for any mac-group):
configure mac-vlan add mac-address 00:00:00:00:00:02 mac-group 10 vlan engineering

252 ExtremeWare 7.3e Command Reference Guide

 configure mac-vlan add mac-address

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 253

VLAN Commands

configure mac-vlan delete

configure mac-vlan delete [all | mac-address [<mac_address> | any]]

Description
Removes a MAC address from any MAC-based VLANs with which it was associated.

Syntax Description

all Indicates that all MAC addresses should be removed from all VLANs.
mac_address The MAC address to be removed. Specified in the form
nn:nn:nn:nn:nn:nn.
any indicates that all MAC-addresses should be removed from all VLANs.

Default
NA.

Usage Guidelines
None.

Example
The following command removes the endstation with MAC address 00:00:00:00:00:02 from participating
in any MAC-based VLANs.
configure mac-vlan delete mac-address 00:00:00:00:00:02

The following commands remove the all MAC addresses from participating in any VLANs:
configure mac-vlan delete all
configure mac-vlan delete mac-address any

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

254 ExtremeWare 7.3e Command Reference Guide

 configure protocol add

configure protocol add

configure protocol <protocol_name> add <protocol_type> <hex_value>
{<protocol_type> <hex_value>} ...

Description
Configures a user-defined protocol filter.

Syntax Description

protocol_name Specifies a protocol filter name.

protocol_type Specifies a protocol type. Supported protocol types include:
• etype – IEEE Ethertype.
• llc – LLC Service Advertising Protocol.
• snap – Ethertype inside an IEEE SNAP packet encapsulation.
hex_value Specifies a four-digit hexadecimal number between 0 and FFFF that
represents:
• The Ethernet protocol type taken from a list maintained by the IEEE.
• The DSAP/SSAP combination created by concatenating a two-digit LLC
Destination SAP (DSAP) and a two-digit LLC Source SAP (SSAP).
• The SNAP-encoded Ethernet protocol type.

Default
N/A.

Usage Guidelines
A maximum of 15 protocol filters, each containing a maximum of six protocols, can be defined.

The protocol filter must already exist before you can use this command: use the create protocol
command to create the protocol filter.

On the “i” series platform, all fifteen protocol filters can be active and configured for use. On all other
platforms, no more than seven protocols can be active and configured for use.

Example
The following command configures a protocol named Fred by adding protocol type LLC SAP with a
value of FFEF:
configure protocol fred add llc feff

History
This command was first available in ExtremeWare 1.0.

Platform Availability
This command is available on the Summit 400-48t.

ExtremeWare 7.3e Command Reference Guide 255

VLAN Commands

configure protocol delete

configure protocol <protocol_name> delete <protocol_type> <hex_value>
{<protocol_type> <hex_value>} ...

Description
Deletes the specified protocol type from a protocol filter.

Syntax Description

protocol_name Specifies a protocol filter name.

protocol_type Specifies a protocol type. Supported protocol types include:
• etype – IEEE Ethertype.
• llc – LLC Service Advertising Protocol.
• snap – Ethertype inside an IEEE SNAP packet encapsulation.
hex_value Specifies a four-digit hexadecimal number between 0 and FFFF that
represents:
• The Ethernet protocol type taken from a list maintained by the IEEE.
• The DSAP/SSAP combination created by concatenating a two-digit LLC
Destination SAP (DSAP) and a two-digit LLC Source SAP (SSAP).
• The SNAP-encoded Ethernet protocol type.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes protocol type LLC SAP with a value of FFEF from protocol Fred:
configure protocol fred delete llc feff

History
This command was first available in ExtremeWare 1.0.

Platform Availability
This command is available on all platforms.

256 ExtremeWare 7.3e Command Reference Guide

 configure vlan add ports

configure vlan add ports

configure vlan <vlan name> add ports <portlist> {tagged | untagged}
{nobroadcast} {soft-rate-limit}

Description
Adds one or more ports in a VLAN.

Syntax Description

Default
Untagged.

Usage Guidelines
The VLAN must already exists before you can add (or delete) ports: use the create vlan command to
create the VLAN.

If the VLAN uses 802.1Q tagging, you can specify tagged or untagged port(s). If the VLAN is untagged,
the ports cannot be tagged.

Untagged ports can only be a member of a single VLAN. By default, they are members of the default
VLAN (named Default). In order to add untagged ports to a different VLAN, you must first remove
them from the default VLAN. You do not need to do this to add them to another VLAN as tagged
ports.

You must configure a loopback port with a unique loopback VLAN tag ID before adding rate-shaped
ports.

Example
The following command assigns tagged ports 1, 2, 3, and 6 to a VLAN named accounting:
configure vlan accounting add ports 1, 2, 3, 6 tagged

History
This command was first available in ExtremeWare 7.1e

This command was modified in ExtremeWare 7.2e to support rate limiting with the soft-rate-limit
keyword.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 257

VLAN Commands

configure vlan delete port

configure vlan <vlan name> delete port <portlist>

Description
Deletes one or more ports in a VLAN.

Syntax Description

vlan name Specifies a VLAN name.

portlist A list of ports. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
None.

Example
The following command removes ports 1, 2, 3, and 6 from a VLAN named accounting:
configure accounting delete port 1, 2, 3, 6

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

258 ExtremeWare 7.3e Command Reference Guide

 configure vlan ipaddress

configure vlan ipaddress

configure vlan <vlan name> ipaddress <ipaddress> {<netmask> | <mask
length>}

Description
Assigns an IP address and an optional subnet mask to the VLAN.

Syntax Description

vlan name Specifies a VLAN name.

ipaddress Specifies an IP address.
netmask Specifies a subnet mask in dotted-quad notation (e.g. 255.255.255.0).
mask length Specifies a subnet mask as the number of bits (e.g. /24).

Default
N/A.

Usage Guidelines
The VLAN must already exists before you can assign an IP address: use the create vlan command to
create the VLAN.

NOTE
If you plan to use the VLAN as a control VLAN for an EAPS domain, do NOT configure the VLAN with
an IP address.

Example
The following commands are equivalent; both assign an IP address of 10.12.123.1 to a VLAN named
accounting:
configure vlan accounting ipaddress 10.12.123.1/24
configure vlan accounting ipaddress 10.12.123.1 255.255.255.0

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 259

VLAN Commands

configure vlan name

configure vlan <old_name> name <new_name>

Description
Renames a previously configured VLAN.

Syntax Description

old_name Specifies the current (old) VLAN name.

new_name Specifies a new name for the VLAN.

Default
N/A.

Usage Guidelines
You cannot change the name of the default VLAN “Default”

Example
The following command renames VLAN vlan1 to engineering:
configure vlan vlan1 name engineering

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

260 ExtremeWare 7.3e Command Reference Guide

 configure vlan tag

configure vlan tag

configure vlan <vlan name> tag <vlan tag>

Description
Assigns a unique 802.1Q tag to the VLAN.

Syntax Description

vlan name Specifies a VLAN name.

vlan tag Specifies a value to use as an 802.1Q tag. The valid range is from 2 to 4,095.

Default
The default VLAN uses an 802.1Q tag (and an internal VLANid) of 1.

Usage Guidelines
If any of the ports in the VLAN will use an 802.1Q tag, a tag must be assigned to the VLAN. The valid
range is from 2 to 4,095 (tag 1 is assigned to the default VLAN).

The 802.1Q tag will also be used as the internal VLANid by the switch.

You can specify a value that is currently used as an internal VLANid on another VLAN; it will become
the VLANid for the VLAN you specify, and a new VLANid will be automatically assigned to the other
untagged VLAN.

Example
The following command assigns a tag (and internal VLANid) of 120 to a VLAN named accounting:
configure accounting tag 120

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 261

VLAN Commands

create protocol
create protocol <protocol_name>

Description
Creates a user-defined protocol filter.

Syntax Description

protocol_name Specifies a protocol filter name. The protocol filter name can have a maximum
of 31 characters.

Usage Guidelines
Protocol-based VLANs enable you to define packet filters that the switch can use as the matching
criteria to determine if a particular packet belongs to a particular VLAN.

After you create the protocol, you must configure it using the configure protocol command. To
assign it to a VLAN, use the configure vlan <vlan name> protocol command.

Example
The following command creates a protocol named fred:
create protocol fred

History
This command was first available in ExtremeWare 1.0.

Platform Availability
This command is available on the Summit 400-48t.

262 ExtremeWare 7.3e Command Reference Guide

 create vlan

create vlan
create vlan <vlan name>

Description
Creates a named VLAN.

Syntax Description

vlan name Specifies a VLAN name (up to 32 characters).

Default
A VLAN named Default exists on all new or initialized Extreme switches:
• It initially contains all ports on a new or initialized switch, except for the management port(s), if
there are any.
• It has an 802.1Q tag of 1.
• The default VLAN is untagged on all ports.
• It uses protocol filter any.

An untagged VLAN named MacVlanDiscover exists on all new or initialized “e” series switches:
• It initially contains no ports.
• It does not initially use an 802.1Q tag, and is assigned the next available internal VLANid starting
with 4095.

A VLAN named Mgmt exists on switches that have management modules or management ports.
• It initially contains the management port(s) the switch.
• It is assigned the next available internal VLANid as an 802.1Q tag.

Usage Guidelines
A newly-created VLAN has no member ports, is untagged, and uses protocol filter “any” until you
configure it otherwise. Use the various configure vlan commands to configure the VLAN to your
needs.

Internal VLANids are assigned automatically using the next available VLANid starting from the high
end (4095) of the range.

By default the switch supports 1024 VLANs. The switch can support a maximum of 3000 VLANs if the
CPU-transmit-priority is set to normal, rather than high (the default). Use the configure
cpu-transmit-priority command to change the CPU transmit priority.

Each VLAN name can be up to 32 standard alphanumeric characters, but must begin with an
alphabetical letter. Quotation marks can be used to enclose a VLAN name that does not begin with an
alphabetical character, or that contains a space, comma, or other special character.

VLAN names are locally significant. That is, VLAN names used on one switch are only meaningful to
that switch. If another switch is connected to it, the VLAN names have no significance to the other
switch.

ExtremeWare 7.3e Command Reference Guide 263

VLAN Commands

Example
The following command creates a VLAN named accounting:
create vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

264 ExtremeWare 7.3e Command Reference Guide

 delete vlan

delete vlan
delete vlan <vlan name>

Description
Deletes a VLAN.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
If you delete a VLAN that has untagged port members, and you want those ports to be returned to the
default VLAN, you must add them back explicitly using the configure vlan add ports command.

NOTE
The default VLAN cannot be deleted.

Example
The following command deletes the VLAN accounting:
delete accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 265

VLAN Commands

disable mac-vlan port

disable mac-vlan port <portlist>

Description
Disables a port from using the MAC-based VLAN algorithm.

Syntax Description

portlist A list of ports. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
Disabling a port removes it from the MacVlanDiscover VLAN. But does not automatically return it to
the default VLAN. If you need this port to be a member of the default VLAN, you must explicitly add it
back.

Example
The following command disables ports 16 and 17 from using the MAC-based VLAN algorithm:
disable mac-vlan port 16,17

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

266 ExtremeWare 7.3e Command Reference Guide

 enable mac-vlan mac-group port

enable mac-vlan mac-group port

enable mac-vlan mac-group [any | <group_number>] port <portlist>

Description
Enables a port to use the MAC-based VLAN algorithm.

Syntax Description

group_number A group number that should be associated with a specific set of ports.
Specified as an integer.
any indicates that these ports can be considered members of any MAC group.
portlist A list of ports. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
Enabling ports for MAC-based VLAN usage automatically adds them to the VLAN MacVlanDiscover as
untagged ports.

In order to enable ports as part of a MAC group, they cannot be untagged members of any other
VLAN. Before you can enable them, you must ensure that they have been removed from the default
VLAN (named Default).

Example
The following set of commands removes ports 16 and 17 from the default VLAN, and then enables
them for use with the MAC-based VLAN, associated with any MAC group:
configure default delete port 16, 17
enable mac-vlan mac-group any port 16,17

The following commands enable ports 11 and 12 for use with a MAC-based VLAN, associated with
MAC group 10:
configure default delete port 11, 12
enable mac-vlan mac-group 10 port 11,12

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 267

VLAN Commands

show mac-vlan
show mac-vlan {configuration | database}

Description
Displays the MAC-based VLAN configuration and MAC address database content.

Syntax Description

configuration Specifies display of the MAC-based VLAN configuration only.

database Specifies display of the MAC address database content only.

Default
Shows both configuration and database information.

Usage Guidelines
Use the keyword configuration to display only the top section of this information. Use the database
keyword to display only the lower section.

Example
The following is an example of the show mac-vlan command:
Port Vlan Group State
11 MacVlanDiscover 10 Discover
12 MacVlanDiscover 10 Discover
16 MacVlanDiscover any Discover
17 MacVlanDiscover any Discover

Total Entries in Database:2

Mac Vlan Group
00:00:00:00:00:AA anntest1 any
any anntest1 10
2 matching entries

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

268 ExtremeWare 7.3e Command Reference Guide

 show protocol

show protocol
show protocol {<protocol>}

Description
Displays protocol filter definitions.

Syntax Description

protocol Specifies a protocol filter name.

Default
Displays all protocol filters.

Usage Guidelines
Displays the defined protocol filter(s) with the types and values of its component protocols.

Example
The following is an example of the show protocol command:
Protocol Name Type Value
---------------- ----- ------
IP etype 0x0800
etype 0x0806
netbios llc 0xf0f0
llc 0xf0f1
decnet etype 0x6003
etype 0x6004
appletalk snap 0x809b
snap 0x80f3

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 269

VLAN Commands

show vlan
show vlan {<vlan name>} <vlan name>}

Description
Displays information about VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Summary information for all VLANs on the device.

Usage Guidelines
Unlike many other vlan-related commands, the keyword “vlan” is required in all forms of this
command except when requesting information for a specific vlan.

Use the command show vlan to display summary information for all VLANs. It shows various
configuration options as a series of “flags” (see the example below). VLAN and protocol names may be
abbreviated in this display.

270 ExtremeWare 7.3e Command Reference Guide

 show vlan

Example
The following is an example of the show vlan command:
* Summit400-48t:68 # sh vlan
Name VID Protocol Addr Flags Proto Ports
Default 1 0.0.0.0 /BP -------------- ANY 0/0
MacVlanDiscover 4094 ------------------ -------- ANY 0/0
Mgmt 4093 ------------------ -------- ANY 0/1

Flags: (C) Domain-masterVlan, (c) Domain-memberVlan, (d) DVMRP Enabled

(E) ESRP Slave, (f) IP Forwarding Enabled, (G) GVRP Enabled
(L) Loopback Enabled, (M) ESRP Master, (m) IPmc Forwarding Enabled
(N) GNS Reply Enabled, (o) OSPF Enabled, (p) PIM Enabled
(r) RIP Enabled, (T) Member of STP Domain, (V) VPLS/TLS Enabled
(Z) Translation-Vlan, (z) Member-Vlan
/BP: Waiting for bootp reply.

Total number of Vlan(s) : 3

The following is an example of the show vlan Default command:

* Summit400-48t:69 # sh vlan Default

VLAN Interface[0-200] with name "Default" created by user
Tagging: 802.1Q Tag 1
Priority: 802.1P Priority 7
IP: Waiting for bootp reply.
STPD: s0(Disabled,Auto-bind)
Protocol: Match all unfiltered protocols.
Loopback: Disable
RateShape: Disable
QosProfile:QP1
Ports: 0. (Number of active ports=0)

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 271

VLAN Commands

unconfigure vlan ipaddress

unconfigure vlan <vlan name> ipaddress

Description
Removes the IP address of the VLAN.

Syntax Description

vlan name Specifies a VLAN name.

ipaddress Specifies that the ipaddress association with this VLAN should be cleared.

Default
N/A.

Usage Guidelines
None.

Example
The following command removes the IP address from the VLAN accounting:
unconfigure vlan accounting ipaddress

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

272 ExtremeWare 7.3e Command Reference Guide

 6 FDB Commands

This chapter describes commands for:

• Configuring FDB entries
• Displaying FDB entries
• Configuring and enabling FDB scanning
The switch maintains a database of all media access control (MAC) addresses received on all of its ports.
It uses the information in this database to decide whether a frame should be forwarded or filtered.
Each FDB entry consists of the MAC address of the device, an identifier for the port on which it was
received, and an identifier for the VLAN to which the device belongs. Frames destined for devices that
are not in the FDB are flooded to all members of the VLAN.

The FDB has four types of entries:

• Dynamic entries—Initially, all entries in the database are dynamic. Entries in the database are
removed (aged-out) if, after a period of time (aging time), the device has not transmitted. This
prevents the database from becoming full of obsolete entries by ensuring that when a device is
removed from the network, its entry is deleted from the database. Dynamic entries are deleted from
the database if the switch is reset or a power off/on cycle occurs.
• Nonaging entries—If the aging time is set to zero, all aging entries in the database are defined as
static, nonaging entries. This means that they do not age, but they are still deleted if the switch is
reset.
• Permanent entries—Permanent entries are retained in the database if the switch is reset or a power
off/on cycle occurs. The system administrator must create permanent entries. A permanent entry can
either be a unicast or multicast MAC address. All entries entered through the command line
interface (CLI) are stored as permanent.
• Blackhole entries—A blackhole entry configures the switch to discard packets with a specified MAC
destination address. Blackhole entries are treated like permanent entries in the event of a switch reset
or power off/on cycle. Blackhole entries are never aged out of the database.

Entries are added into the FDB in the following two ways:
• The switch can learn entries. The system updates its FDB with the source MAC address from a
packet, the VLAN, and the port identifier on which the source packet is received.
• You can enter and update entries using a MIB browser, an SNMP network manager, or the CLI.
A QoS profile can be associated with a MAC address (and VLAN) of a device that will be dynamically
learned. The FDB treats the entry like a dynamic entry (it is learned, it can be aged out of the database,
and so on). The switch applies the QoS profile as soon as the FDB entry is learned.

ExtremeWare 7.3e Command Reference Guide 273

FDB Commands

clear fdb
clear fdb {<mac_address> | blackhole | ports <portlist> | vlan <vlan name>}

Description
Clears dynamic FDB entries that match the filter.

Syntax Description

mac_address Specifies a MAC address, using colon-separated bytes.

blackhole Specifies the blackhole entries.
portlist Specifies one or more ports. May be in the form 1, 2, 3-5.
vlan name Specifies a VLAN name.

Default
Clears all dynamic FDB entries.

Usage Guidelines
This command clears FDB entries based on the specified criteria. When no options are specified, the
command clears all dynamic FDB entries.

Example
The following command clears any FDB entries associated with ports 3-5:
clear fdb ports 3-5

The following command clears any FDB entries associated with VLAN corporate:
clear fdb vlan corporate

History
This command was available in ExtremeWare 7.1e.

The command was modified in ExtremeWare 7.2e to support the blackhole keyword.

Platform Availability
This command is available on the “e” series platforms.

274 ExtremeWare 7.3e Command Reference Guide

 configure fdb agingtime

configure fdb agingtime

configure fdb agingtime <seconds>

Description
Configures the FDB aging time for dynamic entries.

Syntax Description

seconds Specifies the aging time in seconds. Range is 15 through 1,000,000. A value
of 0 indicates that the entry should never be aged out.

Default
300 seconds.

Usage Guidelines
The range is 15 through 1,000,000 seconds.

If the aging time is set to zero, all aging entries in the database are defined as static, nonaging entries.
This means that they do not age out, but non-permanent static entries can be deleted if the switch is
reset.

Example
The following command sets the FDB aging time to 3,000 seconds:
configure fdb agingtime 3000

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 275

FDB Commands

create fdbentry vlan blackhole

create fdbentry <mac_address> vlan <vlan name> blackhole {source-mac |
dest-mac | both}

Description
Creates a blackhole FDB entry.

Syntax Description

mac_address Specifies a device MAC address, using colon-separated bytes.

vlan name Specifies a VLAN name associated with a MAC address.
blackhole Configures the MAC address as a blackhole entry.
source-mac Specifies that the blackhole MAC address matches the ingress source MAC
address.
dest-mac Specifies that the blackhole MAC address matches the egress destination
MAC address.
both Specifies that the blackhole MAC address matches the ingress source MAC
address or the egress destination MAC address. Support for this parameter
was added in ExtremeWare 6.2.

Default
N/A.

Usage Guidelines
Blackhole entries are useful as a security measure or in special circumstances where packets with a
specific source or destination address must be discarded.

A blackhole entry configures the switch to discard packets with the specified MAC address. You can
specify whether the MAC address should match the source (ingress) MAC address, or the destination
(egress) MAC address, or both.

Blackhole entries are treated like permanent entries in the event of a switch reset or power off/on cycle.
Blackhole entries are never aged-out of the database. In the output from a show fdb command, entries
will have “p” flag (permanent) set, as well as the “b” (for ingress blackhole) and/or “B” (for egress
blackhole) flags set.

Example
The following example adds a blackhole entry to the FDB for MAC address is 00 E0 2B 12 34 56, in
VLAN marketing on port 4:
create fdbentry 00:E0:2B:12:34:56 vlan marketing both

History
This command was available in ExtremeWare 7.1e.

276 ExtremeWare 7.3e Command Reference Guide

 create fdbentry vlan blackhole

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 277

FDB Commands

create fdbentry vlan dynamic

create fdbentry [<mac_address> | any-mac] vlan <vlan name> dynamic
[ingress-qosprofile <qosprofile>{ingress-qosprofile <inqosprofile>}]

Description
Creates a permanent dynamic FDB entry, and associates it with an ingress and/or egress QoS profile.

Syntax Description

mac_address Specifies a device MAC address, using colon separated bytes.

any-mac Specifies the wildcard, permanent FDB entry used to give higher priority to an
802.1p packet.
vlan name Specifies a VLAN name associated with a MAC address.
dynamic Specifies that the entry will be learned dynamically.
qosprofile QoS profile associated with the destination MAC address of the egress port.
inqosprofile QoS profile associated with the source MAC address of the ingress port.
Support for this parameter was added in ExtremeWare 6.2.

Default
N/A.

Usage Guidelines
This command is used to associate QoS profiles with packets received from or destined for the specified
MAC address, while still allowing the FDB entry to be dynamically learned. The FDB entry is not
actually created until the MAC address is encountered as the source MAC address in a packet. Thus,
initially the entry may not appear in the show fdb output. Once the entry has been learned, it is created
as a permanent dynamic entry, designated by “dpm” in the flags field of the show fdb output.

A dynamic entry is flushed and relearned (updated) when any of the following take place:
• A VLAN is deleted.
• A VLAN identifier (VLANid) is changed.
• A port mode is changed (tagged/untagged).
• A port is deleted from a VLAN.
• A port is disabled.
• A port enters blocking state.
• A port QoS setting is changed.
• A port goes down (link down).

Using the any-mac keyword, you can enable traffic from a QoS VLAN to have higher priority than
802.1p traffic. Normally, an 802.1p packet has a higher priority over the VLAN classification. To use this
feature, you must create a wildcard permanent FDB entry named any-mac and apply the QoS profile to
the individual MAC entry.

278 ExtremeWare 7.3e Command Reference Guide

 create fdbentry vlan dynamic

You can use the show fdb permanent command to display permanent FDB entries, including their QoS
profile associations.

Example
The following example associates the QoS profile qp2 with a dynamic entry for MAC address
00:A0:23:12:34:56 on VLAN net34 that will be learned by the FDB:
create fdbentry 00:A0:23:12:34:56 vlan net34 dynamic ingress-qosprofile qp2

QoS profile qp2 will be applied when the entry is learned.

The following example associates the QoS profile qp5 with the wildcard permanent FDB entry any-mac
on VLAN v110:

create fdbentry any-mac vlan v110 dynamic ingress-qosprofile qp5

History
This command was available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support the any-mac option.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 279

FDB Commands

create fdbentry vlan ports

create fdbentry <mac_address> vlan <vlan name> ports [<portlist> | all]
{qosprofile <qosprofile>}{ingress-qosprofile <inqosprofile>}

Description
Creates a permanent static FDB entry, and optionally associates it with an ingress and/or egress QoS
profile.

Syntax Description

mac_address Specifies a device MAC address, using colon-separated bytes.

vlan name Specifies a VLAN name associated with a MAC address.
portlist Specifies one or more ports associated with the MAC address. May be in the
form 1, 2, 3-5, 2:5, 2:6-2:8.
qosprofile QoS profile associated with the destination MAC address of the egress port
inqosprofile QoS profile associated with the source MAC address of the ingress port.
Support for this parameter was added in ExtremeWare 6.2.

Default
N/A.

Usage Guidelines
If more than one port number is associated with a permanent MAC entry, packets are multicast to the
multiple destinations.

Permanent entries are retained in the database if the switch is reset or a power off/on cycle occurs. A
permanent static entry can either be a unicast or multicast MAC address. The Summit 400 can support a
maximum of 64 permanent entries.

After they have been created, permanent static entries stay the same as when they were created. If the
same MAC address is encountered on another virtual port that is not included in the permanent MAC
entry, it is handled as a blackhole entry. The static entry is not updated when any of the following take
place:
• A VLAN is deleted.
• A VLAN identifier (VLANid) is changed.
• A port mode is changed (tagged/untagged).
• A port is deleted from a VLAN.
• A port is disabled.
• A port enters blocking state.
• A port QoS setting is changed.
• A port goes down (link down).
Permanent static entries are designated by “spm” in the flags field of the show fdb output. You can use
the show fdb permanent command to display permanent FDB entries, including their QoS profile
associations.

280 ExtremeWare 7.3e Command Reference Guide

 create fdbentry vlan ports

Example
The following example adds a permanent, static entry to the FDB for MAC address is 00 E0 2B 12 34 56,
in VLAN marketing on port 4:
create fdbentry 00:E0:2B:12:34:56 vlan marketing port 4

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 281

FDB Commands

delete fdbentry
delete fdbentry [[<mac_address> | broadcast-mac] vlan <vlan name> | all]

Description
Deletes one or all permanent FDB entries.

Syntax Description

mac_address Specifies a device MAC address, using colon-separated bytes.

broadcast-mac Specifies the broadcast MAC address. May be used as an alternate to the
colon-separated byte form of the address ff:ff:ff:ff:ff:ff.
vlan name Specifies a VLAN name.
all Specifies that all FDB entries should be deleted.

Default
N/A.

Usage Guidelines
None.

Example
The following example deletes a permanent entry from the FDB:
delete fdbentry 00:E0:2B:12:34:56 vlan marketing

The following example deletes all permanent entry from the FDB:
delete fdbentry all

History
This command was available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2.e to support the broadcast-mac option.

Platform Availability
This command is available on the “e” series platforms.

282 ExtremeWare 7.3e Command Reference Guide

 show fdb

show fdb
show fdb {<mac_address> | permanent | ports <portlist> | vlan <vlan name>}

Description
Displays FDB entries.

Syntax Description

mac_address Specifies a MAC address, using colon-separated bytes, for which FDB entries
should be displayed.
permanent Displays all permanent entries, including the ingress and egress QoS profiles.
portlist Displays the entries for one or more ports. May be in the form 1, 2, 3-5, 2:5,
2:6-2:8.
vlan name Displays the entries for a specific VLAN.

Default
All.

Usage Guidelines
Displays FDB entries as specified, or displays all FDB entries.

The show output displays the following information:

EQP The Ingress QoS profile assigned to the entry (appears only if the keyword
permanent is specified).
IQP The Egress QoS profile assigned to the entry (appears only if the keyword
permanent is specified).
Index The FDB hash index, in the format <bucket>-<entry>.
Mac The MAC address that defines the entry.
Vlan The VLAN for the entry.
Age The age of the entry, in seconds (does not appear if the keyword permanent
is specified).
Use The number of IP FDB entries that use this MAC address as a next hop or
last hop (does not appear if the keyword permanent is specified).

ExtremeWare 7.3e Command Reference Guide 283

FDB Commands

Flags Flags that define the type of entry:

• B - Egress Blackhole
• b - Ingress Blackhole
• d - Dynamic
• s - Static
• p - Permanent
• m - MAC
• S - secure MAC
• l - lockdown MAC
• M - Mirror
• i - an entry also exists in the IP FDB
• z - translation MAC
• Q - Questionable
• R - Remapped
Port List The ports on which the MAC address has been learned

Example
The following command displays information about all the entries in the FDB:
show fdb

It produces output similar to the following:

Index Mac Vlan Age Use Flags Port List
------------------------------------------------------------------------
0a0e0-100 00:01:30:EC:D3:00 lab(4000) 0000 0001 d i 1
2b560-ffb 01:00:0C:CC:CC:CD (0000) 0000 0000 s m CPU
30040-ffb 00:E0:2B:00:00:00 zzz(0652) 0000 0000 s m CPU
332890-ffb 00:E0:2B:00:00:00 Default(0001) 0000 0000 s m CPU
3d760-ffb 00:E0:2B:00:00:00 Mgmt(4094) 0000 0000 s m CPU
3d770-ffb 00:E0:2B:00:00:00 MacVlanDis(4095) 0000 0000 s m CPU
42560-ff0 00:01:30:6C:0D:00 lab(4000) 0000 0000 s m CPU
46460-100 00:10:E3:1D:00:1E lab(4000) 0000 0001 d i 1
4d060-100 00:10:E3:1D:00:05 lab(4000) 0000 0001 d i 1
4df70-ff0 00:01:30:6C:0D:00 Default(0001) 0000 0000 s m CPU
4f7a0-ff0 00:01:30:6C:0D:00 zzz(0652) 0000 0000 s m CPU
51f50-100 00:01:30:CA:F6:00 lab(4000) 0000 0001 d i 1
...
67b20-100 00:30:D3:01:5A:E0 lab(4000) 0000 0001 d i 1
80a10-204 FF:FF:FF:FF:FF:FF lab(4000) 0000 0000 s m CPU, 2, 1
80fe0-208 FF:FF:FF:FF:FF:FF MacVlanDis(4095) 0000 0000 s m CPU
80ff0-202 FF:FF:FF:FF:FF:FF Mgmt(4094) 0000 0000 s m CPU
8d8d0-20a FF:FF:FF:FF:FF:FF zzz(0652) 0000 0000 s m CPU, 2
8f000-200 FF:FF:FF:FF:FF:FF Default(0001) 0000 0000 s m CPU
98670-100 00:01:30:E7:F2:00 lab(4000) 0000 0001 d i 1
fcf70-202 00:E0:2B:00:00:02 Mgmt(4094) 0000 0000 s m CPU

Flags: (B) Egress Blackhole, (b) Ingress Blackhole, (d) Dynamic, (s) Static
(p) Permanent, (m) MAC, (S) secure MAC, (l) lockdown MAC, (M) Mirror
(i) IP, (z) translation MAC, (Q) Questionable, (R) Remapped
Total: 33 Static: 16 Perm: 0 Locked: 0 Secure: 0 Dynamic: 17 Dropped: 0

284 ExtremeWare 7.3e Command Reference Guide

 show fdb

Questionable: 0 Remapped: 0
FDB Aging time: 300 seconds

The following command displays information about the permanent entries in the FDB:

show fdb permanent

It produces output similar to the following:

EQP IQP Index Mac Vlan Flags Port List
--------------------------------------------------------------------------------
QP3 QP2 ----- --- 00:10:E3:1D:00:05 anntest1(4094) pm ---
QP3 QP2 4e610-206 00:01:03:2F:38:EE anntest1(4094) spm ---
QP3 QP2 ----- --- 00:60:B0:F9:58:9D Default(0001) pm ---

Flags: (B) Egress Blackhole, (b) Ingress Blackhole, (d) Dynamic, (s) Static
(p) Permanent, (m) MAC, (S) secure MAC, (l) lockdown MAC, (M) Mirror
(i) IP, (z) translation MAC, (Q) Questionable, (R) Remapped
[ ] : authorize port list
Total: 3 Secure: 0

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 285

FDB Commands

286 ExtremeWare 7.3e Command Reference Guide

 7 QoS Commands

This chapter describes the following commands:

• Commands for configuring Quality of Service (QoS) profiles
• Commands creating traffic groupings and assigning the groups to QoS profiles
• Commands for configuring, enabling and disabling explicit class-of-service traffic groupings (802.1p
and DiffServ)
• Commands for configuring traffic grouping priorities
• Commands for verifying configuration and performance

Qualify of Service (QoS) is a feature of ExtremeWare that allows you to specify different service levels
for outbound and inbound traffic. QoS is an effective control mechanism for networks that have
heterogeneous traffic patterns. Using QoS, you can specify the service that a traffic type receives.

Policy-based QoS allows you to protect bandwidth for important categories of applications or
specifically limit the bandwidth associated with less critical traffic. The switch contains separate
hardware queues on every physical port. Each hardware queue is programmed by ExtremeWare with
bandwidth management and prioritization parameters, defined as a QoS profile. The bandwidth
management and prioritization parameters that modify the forwarding behavior of the switch affect
how the switch transmits traffic for a given hardware queue on a physical port. Up to eight physical
queues per port are available.

To configure QoS, you define how your switch responds to different categories of traffic by creating and
configuring QoS profiles. The service that a particular type of traffic receives is determined by assigning
a QoS profile to a traffic grouping or classification. The building blocks are defined as follows:
• QoS profile—Defines bandwidth and prioritization parameters.
• Traffic grouping—A method of classifying or grouping traffic that has one or more attributes in
common.
• QoS policy—The combination that results from assigning a QoS profile to a traffic grouping.

QoS profiles are assigned to traffic groupings to modify switch-forwarding behavior. When assigned to
a traffic grouping, the combination of the traffic grouping and the QoS profile comprise an example of a
single policy that is part of Policy-Based QoS.

Extreme switch products support explicit Class of Service traffic groupings. This category of traffic
groupings describes what is sometimes referred to as explicit packet marking, and includes:
• IP DiffServ code points, formerly known as IP TOS bits

ExtremeWare 7.3e Command Reference Guide 287

QoS Commands

• Prioritization bits used in IEEE 802.1p packets

All Extreme switches support the standard 802.1p priority bits that are part of a tagged Ethernet packet.

288 ExtremeWare 7.3e Command Reference Guide

 configure vlan priority

configure vlan priority

configure vlan <vlan name> priority <priority>

Description
Configures the 802.1p priority value for traffic generated on the switch.

Syntax Description

vlan name Specifies a VLAN name.

priority Specifies the 802.1p priority value. The value is an integer between 0 and 7.

Default
N/A.

Usage Guidelines
The 802.1p priority field is placed in the 802.1Q tag when a packet is generated by the switch. The
switch CPU generates traffic, for example, when ping packets are sent out by a user on the switch
console.

To configure which queue to use for traffic traveling across a VLAN, use the following command:

configure vlan <vlan name> qosprofile <qosprofile>

Example
The following command configures VLAN accounting to use priority 6 in its generated traffic:
configure vlan accounting priority 6

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 289

QoS Commands

disable diffserv examination ports

disable diffserv examination ports [<portlist> | all]

Description
Disables the examination of the DiffServ field in an IP packet.

Syntax Description

portlist Specifies a list of ports to which the parameters apply. May be in the form 1,
2, 3-5.
all Specifies that DiffServ examination should be disabled for all ports.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables DiffServ examination on selected ports:
disable diffserv examination ports 3,5,6

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

290 ExtremeWare 7.3e Command Reference Guide

 enable diffserv examination ports

enable diffserv examination ports

enable diffserv examination ports [<portlist> | all]

Description
Enables the DiffServ field of an ingress IP packet to be examined in order to select a QoS profile.

Syntax Description

portlist Specifies a list of ports to which the parameters apply. May be in the form 1,
2, 3-5, 2:5, 2:6-2:8.
all Specifies that DiffServ examination should be enabled for all ports.

Default
Disabled.

Usage Guidelines
None.

Example
The following command enables DiffServ examination on selected ports:
enable diffserv examination ports 3,5,6

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 291

QoS Commands

show ports qosmonitor

show ports {mgmt | <portlist>} qosmonitor

Description
Displays real-time QoS statistics for egress packets on one or more ports.

Syntax Description

mgmt Specifies the management port. Supported only for switches that provide a
management port, such as the Summit 400.
portlist Specifies one or more ports. On the Summit 400, can be one or more port
numbers. May be in the form 1, 2, 3-5.

Default
Shows QoS statistics for all ports in egress.

Usage Guidelines
The Summit 400 has a hardware limitation that prevents changes to QoS by an ACL, or another means,
from being shown on the show ports qosmonitor command. This command only shows the original
QoS of the frame.
The real-time display scrolls through the given portlist to provide statistics. You can choose screens for
packet count and packets per second. The specific port being monitored is indicated by an asterisk (*)
appearing after the port number in the display.

QoS monitor sampling is configured as follows:

• The port is monitored for 20 seconds before the switch moves on to the next port in the list.
• A port is sampled for five seconds before the packets per second (pps) value is displayed on the
screen.

Example
The following command shows the real-time QoS statistics related to the specified ports:
show ports 1-2, 49 qosmonitor

Following is sample output from this command:

Qos Monitor Egress Queue Summary Mon Oct 21 20:35:21 2002

Port Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7
Xmts Xmts Xmts Xmts Xmts Xmts Xmts Xmts
================================================================================
1 7 0 0 0 0 0 0 4
2* 0 0 0 0 0 0 0 6
49 5 0 134 133 0 0 0 7

================================================================================

292 ExtremeWare 7.3e Command Reference Guide

 show ports qosmonitor

0->Clear Counters U->page up D->page down R->rate screen ESC->exit

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 293

QoS Commands

show qosprofile
show qosprofile {<qosprofile>} {port <portlist>}

Description
Displays QoS information on the switch.

Syntax Description

<qosprofile> Specifies a QoS profile name.

portlist Specifies a list of ports or slots and ports. May be in the form 1, 2, 3-5, 1:5,
1:6-1:8.

Default
Displays QoS information for all profiles.

Usage Guidelines
Information displayed includes:
• QoS profile name
• Minimum bandwidth
• Maximum bandwidth
• Priority
• A list of all traffic groups to which the QoS profile is applied

Example
The following command shows the QoS information for the specified port:
show qosprofile 1:1

Following is sample output from this command:

1:1:
Queue: Q0 using QP1 MinBw=0% MaxBw=100% Pri=2.
Q1 using QP2 MinBw=0% MaxBw=100% Pri=1.
Q2 using QP3 MinBw=0% MaxBw=100% Pri=4.
Q3 using QP4 MinBw=0% MaxBw=100% Pri=3.
Q4 using QP5 MinBw=0% MaxBw=100% Pri=4.
Q5 using QP6 MinBw=0% MaxBw=100% Pri=5.
Q6 using QP7 MinBw=0% MaxBw=100% Pri=6.
Q7 using QP8 MinBw=0% MaxBw=100% Pri=7.

History
This command was available in ExtremeWare 7.1e

This command was modified in ExtremeWare 7.2e to support a port list.

294 ExtremeWare 7.3e Command Reference Guide

 show qosprofile

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 295

QoS Commands

unconfigure diffserv examination ports

unconfigure diffserv examination ports [<portlist> | all]

Description
Removes the DiffServ examination code point from a port.

Syntax Description

portlist Specifies a list of ports. May be in the form 1, 2, 3-5.

all Specifies that DiffServ examination code points should be removed from all
ports.

Default
N/A.

Usage Guidelines
None.

Example
The following command removes DiffServ code-point examination from ports 5-8:
unconfigure diffserv examination ports 5-8

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

296 ExtremeWare 7.3e Command Reference Guide

 8 NAT Commands

This chapter covers the following topics:

• Configuring VLANs for Network Address Translation (NAT)
• Configuring NAT translation rules
• Displaying NAT settings

NAT is a feature that allows one set of IP addresses, typically private IP addresses, to be converted to
another set of IP addresses, typically public Internet IP addresses. This conversion is done transparently
by having a NAT device (any Extreme Networks switch using the “i” chipset) rewrite the source IP
address and layer 4 port of the packets.

You can configure NAT to conserve IP address space by mapping a large number of inside (private)
addresses to a much smaller number of outside (public) addresses.

In implementing NAT, you must configure at least two separate VLANs involved. One VLAN is
configured as inside, and corresponds to the private IP addresses you would like to translate into other
IP addresses. The other type of VLAN is configured as outside, which corresponds to the public
(probably Internet) IP addresses you want the inside addresses translated to. The mappings between
inside and outside IP addresses are done using rules that specify the IP subnets involved and the
algorithms used to translate the addresses.

NOTE
The NAT modes in ExtremeWare only support translating traffic that initiates from inside addresses.

NAT rules are associated with a single outside VLAN. Multiple rules per outside VLAN are allowed.
The rules take effect in the order they are displayed using the show command. Any number of inside
VLANs can use a single outside VLAN, assuming that you have created proper rules. Similarly, a single
inside VLAN can use any number of different outside VLANs, assuming that the rules and routing are
set up properly.

TCP and UDP layer 4 ports, in combination with the IP addresses, form a unique identifier which
allows hosts (as well as the NAT switch) to distinguish between separate conversations. NAT operates
by replacing the inside IP packet’s source IP and layer 4 port with an outside IP and layer 4 port. The
NAT switch maintains a connection table to map the return packets on the outside VLAN back into
their corresponding inside sessions.

ExtremeWare 7.3e Command Reference Guide 297

NAT Commands

clear nat
clear nat [connections | stats}

Description
Clears NAT connections or statistics.

Syntax Description

connections Specifies the current NAT connections table.

stats Specifies the statistics counter.

Default
N/A.

Usage Guidelines
None.

Example
The following command clears NAT connections:
clear nat connections

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

298 ExtremeWare 7.3e Command Reference Guide

 configure nat add vlan map

configure nat add vlan map

configure nat add vlan <vlan name> map source [any |
<source_ipaddress>/<mask>]
{l4-port [any | <port> {- <port>}]}
{destination <dest_ipaddress>/<mask> {l4-port [any | <port> {- <port>}]}}
to <ip address> [/<mask> | - <ip address>]
[tcp | udp | both] [portmap {<min> - <max>} | auto-constrain]

Description
Adds a NAT translation rule that translates private IP addresses to public IP addresses on the outside
VLAN.

Syntax Description

vlan name Specifies the name of the outside VLAN to which this rule applies.
source_ipaddress/mask Specifies a subnet IP address (in the format x.x.x.x/mask where mask is the
number of bits in the subnet mask) that defines the source of the traffic to be
mapped.
l4-port Specifies a layer 4 port or port range. When used with a source IP address,
indicates that the rule applies only to traffic from the specified layer 4 port(s).
When used with a destination IP address, indicates that the rule applies only
to packets with the specified layer 4 port(s) as their destination.
port Specifies a port number in the range 1 to 65535.
any indicates that the rule should be applied to traffic to/from any layer 4 port.
dest_ipaddress/mask Specifies a subnet IP address (in the format x.x.x.x/mask where mask is the
number of bits in the subnet mask) used to determine the packets to which
this rule applies.
nat_ipaddress Specifies an IP address for the outside VLAN to which the source IP
addresses will be mapped. This can be specified as a subnet (IP address and
mask) or as an address range.
tcp Specifies only TCP traffic should be translated.
udp Specifies only UDP traffic should be translated.
both Specifies that both TCP and UDP traffic should be translated.
portmap Specifies that port-mapping mode should be used.
min Specifies a port number in the range 1 to 65535.The default setting is 1024.
max Specifies a port number in the range 1 to 65535. The default setting is 65535.
auto-constrain Specifies that each inside IP address should be restricted in the number of
simultaneous connections.

Default
N/A.

ExtremeWare 7.3e Command Reference Guide 299

NAT Commands

Usage Guidelines
Four different modes are used to determine how the outside IP addresses and layer 4 ports are
assigned:
• Static mapping
• Dynamic mapping
• Port-mapping
• Auto-constraining

When static mapping is used, each inside IP address uses a single outside IP address. The layer 4 ports
are not changed, and only the IP address is rewritten.

With dynamic mapping, the number of inside hosts can be greater than the number of outside hosts.
The outside IP addresses are allocated on a first-come, first-serve basis to the inside IP addresses. The
layer 4 ports are not changed. When the last session for a specific inside IP address closes, that outside
IP address can be used by other hosts.

The source IP address specifies private side IP addresses and the to IP address (the NAT address)
specifies the public side IP address. The addition of the destination optional keyword after the source
IP address and mask species that the NAT rule to be applied to only packets with a specific destination
IP address.

If the netmask for both the source and NAT addresses is /32, the switch will use static NAT translation.
If the netmask for both the source and NAT addresses are not both /32, the switch will use dynamic
NAT translation.

With static or dynamic translation rules, which do not rely on layer 4 ports, ICMP traffic is translated
and allowed to pass.

The addition of a layer 4 protocol name and the portmap keyword tells the switch to use portmap
mode. As each new connection is initiated from the inside, the NAT device picks the next available
source layer 4 port on the first available outside IP address. When all ports on a given IP address are in
use, the NAT device uses ports off of the next outside IP address.

Optionally, you may specify the range of layer 4 ports the switch chooses on the translated IP addresses.
The default setting for min is 1024. The default setting for max is 65535. There is a performance penalty
associated with specifying a specific port range other than the default.

ICMP traffic is not translated in portmap mode. You must add a dynamic NAT rule for the same IP
address range to allow for ICMP traffic.

The auto-constraining algorithm for port-mapping limits the number of outside layer 4 ports a single
inside host can use simultaneously. The limitation is based on the ratio of inside to outside IP addresses.
The outside IP address and layer 4 port space is evenly distributed to all possible inside hosts. This
guarantees that no single inside host can prevent other traffic from flowing through the NAT device.

Because of the large number of simultaneous requests that can be made from a web browser, it is not
recommended that this mode be used when a large number of inside hosts are being translated to a
small number of outside IP addresses.

ICMP traffic is not translated in auto-constrain mode. You must add a dynamic NAT rule for the same
IP address range to allow for ICMP traffic.

The addition of the l4-port optional keyword allows the NAT rule to be applied to only packets with a
specific layer 4 source or destination port. If you use the layer 4-port command after the source

300 ExtremeWare 7.3e Command Reference Guide

 configure nat add vlan map

IP/mask, the rule will only match if the port(s) specified are the source layer 4-ports. If you use the
l4-port command after the destination IP/mask, the rule will only match if the port(s) specified are the
destination layer 4 ports. Both options may be used together to further limit the rule. If you specify
layer 4 ports, ICMP traffic will not translated and allowed to pass.

Rules are processed in order, usually in the order in which they were added. When a single rule is
matched, no other rules are processed. You can view the rule order using the show nat rules
command.

Example
The following command defines a static translation rule that specifies that traffic coming from
192.168.1.12 be mapped to 216.52.8.32 on outside VLAN out_vlan_1:
configure nat add out_vlan_1 map source 192.168.1.12/32 to 216.52.8.32/32

The following command defines a dynamic translation rule that specifies that traffic coming from
subnet 192.168.1.0 should be mapped to IP addresses in the range of 216.52.8.1 to 216.52.8.31 on outside
VLAN out_vlan_1:
configure nat add out_vlan_1 map source 192.168.1.0/24 to 216.52.8.1 - 216.52.8.31

The following command defines a translation rule that specifies that TCP/UDP packets coming from
192.168.1.12 and destined for 192.168.5.20 be mapped to 216.52.8.32 on outside VLAN out_vlan_1:
configure nat add out_vlan_1 map source 192.168.1.12/32 destination 192.168.5.20 to
216.52.8.32/32

The following command defines a portmap translation rule that specifies that both TCP and UDP traffic
from subnet 102.168.2.0/25 be mapped to available layer 4 ports on the IP addresses in the subnet
216.52.8.32/28:
configure nat add out_vlan_2 map source 192.168.2.0/25 to 216.52.8.32 /28 both portmap

The following command defines a portmap translation rule that specifies that only TCP traffic from
subnet 102.168.2.0/25 be mapped to layer 4 ports in the range of 1024-8192 on the IP addresses in the
subnet 216.52.8.32/28:
configure nat add out_vlan_2 map source 192.168.2.128/25 to 216.52.8.64/28 tcp portmap
1024 - 8192

The following command specifies an auto constrain NAT translation rule that applies to both TCP and
UDP traffic:
configure nat add out_vlan_3 map source 192.168.3.0/24 to 216.52.8.64/32 both
auto-constrain

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 301

NAT Commands

configure nat delete

configure nat delete [all |
vlan <vlan name> map source [any | <ip address>/<mask>]
{l4-port [any | <port> {- <port>}]}
{destination <ip address>/<mask> {l4-port [any | <port> {- <port>}]}}
to <ip address> [/<mask> | - <ip address>]
[tcp | udp | both] [portmap {<min> - <max>} | auto-constrain]

Description
Deletes a NAT translation rule.

Syntax Description

all Specifies that all NAT rules should be deleted.

vlan name Specifies the name of the outside VLAN to which this rule applies.
source_ipaddress/mask Specifies a subnet IP address (in the format x.x.x.x/mask where mask is the
number of bits in the subnet mask) that defines the source of the traffic to be
mapped.
l4-port Specifies a layer 4 port or port range. When used with a source IP address,
indicates that the rule applies only to traffic from the specified layer 4 port(s).
When used with a destination IP address, indicates that the rule applies only
to packets with the specified layer 4 port(s) as their destination.
port Specifies a port number in the range 1 to 65535.
any indicates that the rule should be applied to traffic to/from any layer 4 port.
dest_ipaddress/mask Specifies a subnet IP address (in the format x.x.x.x/mask where mask is the
number of bits in the subnet mask) used to determine the packets to which
this rule applies.
nat_ipaddress Specifies an IP address for the outside VLAN to which the source IP
addresses will be mapped. This can be specified as a subnet (IP address and
mask) or as an address range.
tcp Specifies only TCP traffic should be translated.
udp Specifies only UDP traffic should be translated.
both Specifies that both TCP and UDP traffic should be translated.
min Specifies a port number in the range 1 to 65535. The default setting is 1024.
max Specifies a port number in the range 1 to 65535. The default setting is 65535.
autoconstrain Specifies that each inside IP address should be restricted in the number of
simultaneous connections.

Default
N/A.

Usage Guidelines
To delete all NAT rules, use the all keyword. To delete a specific NAT rule, you must use exactly the
same parameters that you used to create the rule.

302 ExtremeWare 7.3e Command Reference Guide

 configure nat delete

Example
The following command deletes a portmap translation rule:
configure nat delete out_vlan_2 map source 192.168.2.128/25 to 216.52.8.64/28 tcp
portmap 1024 - 8192

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 303

NAT Commands

configure nat finrst-timeout

configure nat finrst-timeout <seconds>

Description
Configures the timeout for a TCP session that has been torn down or reset.

Syntax Description

seconds Specifies the number of seconds to wait before the session table entry times
out.

Default
Default timeout is 60 seconds.

Usage Guidelines
Setting the timeout to zero specifies that session table entries should not be timed-out. This is not
normally recommended as NAT resources will get used up.

Example
The following command configures the timeout for a reset or torn-down TCP session to 120 seconds:
configure nat finrst-timeout 120

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

304 ExtremeWare 7.3e Command Reference Guide

 configure nat icmp-timeout

configure nat icmp-timeout

configure nat icmp-timeout <seconds>

Description
Configures the timeout for an ICMP packet.

Syntax Description

seconds Specifies the number of seconds to wait before the session table entry times
out.

Default
Default timeout is 3 seconds.

Usage Guidelines
Setting the timeout to zero specifies that session table entries should not be timed-out. This is not
normally recommended as NAT resources will get used up.

Example
The following command configures the timeout for an ICMP packet to 5 seconds:
configure nat icmp-timeout 5

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 305

NAT Commands

configure nat syn-timeout

configure nat syn-timeout <seconds>

Description
Configures the timeout for an entry with an unacknowledged TCP SYN state.

Syntax Description

seconds Specifies the number of seconds to wait before the session table entry times
out.

Default
Default timeout is 60 seconds.

Usage Guidelines
Setting the timeout to zero specifies that session table entries should not be timed-out. This is not
normally recommended as NAT resources will get used up.

Example
The following command configures the timeout for a session with an unacknowledged SYN packet to
120 seconds:
configure nat syn-timeout 120

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

306 ExtremeWare 7.3e Command Reference Guide

 configure nat tcp-timeout

configure nat tcp-timeout

configure nat tcp-timeout <seconds>

Description
Configures the timeout for a fully setup TCP SYN session.

Syntax Description

seconds Specifies the number of seconds to wait before the session table entry times
out.

Default
Default timeout is 120 seconds.

Usage Guidelines
Setting the timeout to zero specifies that session table entries should not be timed-out. This is not
normally recommended as NAT resources will get used up.

Example
The following command configures the timeout for a TCP session to 90 seconds:
configure nat tcp-timeout 90

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 307

NAT Commands

configure nat timeout

configure nat timeout <seconds>

Description
Configures the timeout for any IP packet that is not TCP, UDP, or ICMP.

Syntax Description

seconds Specifies the number of seconds to wait before the session table entry times
out.

Default
Default timeout is 600 seconds.

Usage Guidelines
Setting the timeout to zero specifies that session table entries should not be timed-out. This is not
normally recommended as NAT resources will get used up.

Example
The following command configures the timeout for packets other than TCP, UDP, or ICMP to 240
seconds:
configure nat timeout 240

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

308 ExtremeWare 7.3e Command Reference Guide

 configure nat udp-timeout

configure nat udp-timeout

configure nat udp-timeout <seconds>

Description
Configures the timeout for a UDP session.

Syntax Description

seconds Specifies the number of seconds to wait before the session table entry times
out.

Default
Default timeout is 120 seconds.

Usage Guidelines
Setting the timeout to zero specifies that session table entries should not be timed-out. This is not
normally recommended as NAT resources will get used up.

Example
The following command configures the timeout for a UDP session to 90 seconds:
configure nat udp-timeout 90

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 309

NAT Commands

configure nat vlan

configure nat vlan <vlan name> [inside | outside | none]

Description
Configures a VLAN to participate in NAT.

Syntax Description

vlan name Specifies a VLAN name.

inside Specifies that the VLAN is an inside VLAN.
outside Specifies that the VLAN is an outside VLAN.
none Disables NAT functions on this VLAN.

Default
N/A.

Usage Guidelines
When a VLAN is configured to be inside, traffic from that VLAN is translated only if it has a matching
NAT rule. Any unmatched traffic will be routed normally and not be translated. When a VLAN is
configured to be outside, it routes all traffic.

Because all traffic runs through the central processing unit (CPU), it cannot run at line-rate.

Normally, outside traffic will be able to initiate connections to the internal private IP addresses. If you
want to prevent this, you can create IP and ICMP access-lists on the outside VLAN ports to deny traffic
destined for the inside IP addresses. There is a NAT performance penalty when you do this.

When a VLAN is configured to be none, all NAT functions are disabled and the VLAN operates
normally.

Example
The following command configures the VLAN out_vlan_1 as an outside VLAN for use with NAT:
configure nat vlan out_vlan_1 outside

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

310 ExtremeWare 7.3e Command Reference Guide

 disable nat

disable nat
disable nat

Description
Disables network address translation on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command disables NAT functionality on the switch:
disable nat

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 311

NAT Commands

enable nat
enable nat

Description
Enables network address translation on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command enables NAT functionality on the switch:
enable nat

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

312 ExtremeWare 7.3e Command Reference Guide

 show nat

show nat
show nat {timeout | stats | connections | rules {vlan <outside_vlan>}}

Description
Displays NAT settings.

Syntax Description

timeout Specifies the display of NAT timeout settings.

stats Specifies the display of statistics for NAT traffic.
connections Specifies the display of the current NAT connection table.
rules Specifies the display of NAT rules, optionally for a specific VLAN.
outside_vlan Specifies the outside VLAN for which NAT rules should be displayed.

Default
Displays all NAT settings.

Usage Guidelines
Use the keyword stats to display statistics for the NAT traffic, including:
• The number of rules
• The number of current connections
• The number of translated packets on the inside and outside VLANs
• Information on missed translations

Use the keyword connections to display the current NAT connection table, including source IP/layer 4
port mappings from inside to outside.

Use the keyword rules to display the NAT translation rules for the outside VLANs configured on the
switch. Rules are displayed in the order they are processed, starting with the first one. To display the
NAT rules for a specific VLAN, add the VLAN name.

Use the keyword timeout to display the NAT timeout settings configured on the switch.

Example
The following command shows the NAT translation rules configured for VLAN out_vlan_1:
show nat rules vlan out_vlan_1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 313

NAT Commands

314 ExtremeWare 7.3e Command Reference Guide

 9 Commands for Status Monitoring and
Statistics

This chapter describes commands for configuring and managing the Event Management
System/Logging.

When an event occurs on a switch, the Event Management System (EMS) allows you to send messages
generated by these events to a specified log target. You can send messages to the memory buffer,
NVRAM, the console display, the current session, or to a syslog host. The log messages contain
configuration and fault information pertaining to the device. The log messages can be formatted to
contain various items of information, but typically a message will consist of:
• Timestamp: The timestamp records when the event occurred.
• Severity level:
— Critical: A desired switch function is inoperable. The switch may need to be reset.
— Error: A problem is interfering with normal operation.
— Warning: An abnormal condition exists that may lead to a function failure.
— Notice: A normal but significant condition has been detected; the system is functioning as
expected.
— Info: Actions and events that are consistent with expected behavior.
— Debug-Summary, Debug-Verbose, and Debug -Data: Information that is useful when performing
detailed trouble shooting procedures.
By default, log entries that are assigned a critical, error, or warning level are considered static entries
and remain in the NVRAM log target after a switch reboot.
• Component: The component refers to the specific functional area to which the error refers.
• Message: The message contains the log information with text that is specific to the problem.

The switch maintains a configurable number of messages in its internal (memory-buffer) log (1000 by
default). You can display a snapshot of the log at any time. In addition to viewing a snapshot of the log,
you can configure the system to maintain a running real-time display of log messages on the console
display or telnet session. In addition to maintaining an internal log, the switch supports remote logging
by way of the UNIX syslog host facility.

ExtremeWare 7.3e Command Reference Guide 315

Commands for Status Monitoring and Statistics

clear counters
clear counters

Description
Clears all switch statistics and port counters, including port packet statistics, bridging statistics, IP
statistics, log event counters, and MPLS statistics.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
You should view the switch statistics and port counters before you clear them. Use the show port
command to view port statistics. Use the show log counters command to show event statistics.

Viewing and maintaining statistics on a regular basis allows you to see how well your network is
performing. If you keep simple daily records, you will see trends emerging and notice problems arising
before they cause major network faults. By clearing the counters, you can see fresh statistics for the time
period you are monitoring.

Example
The following command clears all switch statistics and port counters:
clear counters

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

316 ExtremeWare 7.3e Command Reference Guide

 clear log

clear log
clear log {diag-status | static | messages [memory-buffer | nvram]}

Description
Clears the log database.

Syntax Description

diag-status Clears the hardware error code.

static Specifies that the messages in the NVRAM target are cleared.
memory-buffer Clears entries from the memory buffer.
nvram Clears entries from NVRAM

Default
N/A.

Usage Guidelines
The switch log tracks configuration and fault information pertaining to the device.

By default, log entries that are sent to the NVRAM remain in the log after a switch reboot. The clear
log and clear log messages memory-buffer commands remove entries in the memory buffer target;
the clear log static and clear log messages nvram commands remove messages from the
NVRAM target as well as the memory buffer target.

When there is a hardware failure, a hardware error code might be saved to the FLASH or NVRAM
(depending on the switch configuration). Upon reboot, the switch will not try to bring up a card with
an error code, so it will be shown in a failed state. Use the clear log diag-status command to clear
the hardware error code, so the module can be brought up after the next reboot. This command clears
the state for all the modules.

Example
The following command clears all log messages, from the NVRAM:
clear log static

History
This command was first available in ExtremeWare 7.1e.

The diag-status and messages options were added in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 317

Commands for Status Monitoring and Statistics

clear log counters

clear log counters {<event condition> | [all | <event component>] {severity
<severity> {only}}}

Description
Clears the incident counters for events.

Syntax Description

event condition Specifies the event condition counter to clear.

all Specifies that all events counters are to be cleared.
event component Specifies that all the event counters associated with a particular component
should be cleared.
severity Specifies the minimum severity level of event counters to clear (if the keyword
only is omitted).
only Specifies that only event counters of the specified severity level are to be
cleared.

Default
If severity is not specified, then the event counters of any severity are cleared in the specified
component.

Usage Guidelines
This command sets the incident counters to zero for each event specified. To display event counters, use
the following command:
show log counters

See the command show log on page 360 for more information about severity levels.

To get a listing of the event conditions in the system, use the following command:

show log events {detail}

To get a listing of the components present in the system, use the following command:

show log components

History
This command was first available in ExtremeWare 7.2e

Platform Availability
This command is available on the “e” series platforms.

318 ExtremeWare 7.3e Command Reference Guide

 configure log display

configure log display

configure log display {<severity>}

Description
Configures the real-time log display.

Syntax Description

severity Specifies a message severity. Severities include critical, error, warning, notice,
info, debug-summary, debug-verbose, and debug-data.

Default
If not specified, messages of all severities are displayed on the console display.

Usage Guidelines
You must enable the log display before messages are displayed on the log display. Use the enable log
display command to enable the log display. This allows you to configure the system to maintain a
running real-time display of log messages on the console.

Options for displaying the real-time log display include:

• severity—Filters the log to display messages with the selected severity or higher (more critical).
Severities include critical, error, warning, info, notice, debug-summary, debug-verbose, and
debug-data.

This command is being replace by a command that has the ability to control logging to different targets
was introduced. The new command equivalent to configure log display is the following:

configure log target console-display severity <severity>

To display the current configuration of the log display, use the following command:
show log configuration target console-display

Example
The following command configures the system log to maintain a running real-time display of log
messages of critical severity:
configure log display critical

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 319

Commands for Status Monitoring and Statistics

configure log filter events

configure log filter <filter name> [add | delete] {exclude} events [<event
condition> | [all | <event component>] {severity <severity> {only}}]

Description
Configures a log filter by adding or deleting a specified set of events.

Syntax Description

filter name Specifies the filter to configure.

add Add the specified events to the filter
delete Remove the specified events from the filter
exclude Events matching the specified events will be excluded
event condition Specifies an individual event.
all Specifies all components and subcomponents.
event component Specifies all the events associated with a particular component.
severity Specifies the minimum severity level of events (if the keyword only is omitted).
only Specifies only events of the specified severity level.

Default
If the exclude keyword is not used, the events will be included by the filter. If severity is not
specified, then the filter will use the component default severity threshold (see the note on on page 321
when delete or exclude is specified).

Usage Guidelines
This command controls the incidents that pass a filter by adding, or deleting, a specified set of events. If
you want to configure a filter to include or exclude incidents based on event parameter values (for
example, MAC address) see the command configure log filter events match on page 323.

When the add keyword is used, the specified event name, or set of events described by component and
severity value, is added to the beginning of the filter item list maintained for this filter. The new filter
item either includes the events specified, or if the exclude keyword is present, excludes the events
specified.

The delete keyword is used to remove events from the filter item list that were previously added using
the add command. All filter items currently in the filter item list that are identical to, or a subset of, the
set of events specified in the delete command will be removed.

Event Filtering Process. From a logical standpoint, the filter associated with each enabled log target
is examined to determine whether a message should be logged to that particular target. The
determination is made for a given filter by comparing the incident with the most recently configured
filter item first. If the incident matches this filter item, the incident is either included or excluded,
depending on whether the exclude keyword was used. Subsequent filter items on the list are compared
if necessary. If the list of filter items has been exhausted with no match, the incident is excluded.

320 ExtremeWare 7.3e Command Reference Guide

 configure log filter events

Events, Components, and Subcomponents. As mentioned, a single event can be included or

excluded by specifying the event’s name. Multiple events can be added or removed by specifying an
ExtremeWare component name plus an optional severity. Some components contain subcomponents,
such as Keepalive. Either components or subcomponents can be specified. The keyword all in place of a
component name can be used to indicate all ExtremeWare components.

Severity Levels. When an individual event name is specified following the events keyword, no
severity value is needed since each event has pre-assigned severity. When a component, subcomponent,
or the all keyword is specified following the events keyword, a severity value is optional. If no
severity is specified, the severity used for each applicable subcomponent is obtained from the
pre-assigned severity threshold levels for those subcomponents. For example, if STP were specified as
the component, and no severity is specified for the add of an include item, then only messages with
severity of error and greater would be passed, since the threshold severity for the STP component is
error. If STP.InBPDU were specified as the component, and no severity is specified, then only messages
with severity of warning and greater would be passed, since the threshold severity for the STP.InPBDU
subcomponent is warning. Use the show log components command to see this information.

The severity keyword all can be used as a convenience when delete or exclude is specified. The use
of delete (or exclude) with severity all deletes (or excludes) previously added events of the same
component of all severity values.

NOTE
If no severity is specified when delete or exclude is specified, severity all is used

If the only keyword is present following the severity value, then only the events in the specified
component at that exact severity are included. Without the only keyword, events in the specified
component at that severity or more urgent are included. For example, using the option severity
warning implies critical, error, or warning events, whereas the option severity warning only implies
warning events only. Severity all only is not a valid choice.

Any EMS events with severity debug-summary, debug-verbose, or debug-data will not be logged
unless debug mode is enabled

Filter Optimization. Each time a configure log filter command is issued for a given filter name,
the events specified are compared against the current configuration of the filter to try to logically
simplify the configuration.

More Information. See the command show log on page 360 for more information about severity
levels.

To get a listing of the components present in the system, use the following command:

show log components

To get a listing of event condition definitions, use the following command:

show log events

To see the current configuration of a filter, use the following command:

show log configuration filter {<filter name>}

ExtremeWare 7.3e Command Reference Guide 321

Commands for Status Monitoring and Statistics

Example
The following command adds all events in the STP.InBPDU component at severity info to the filter
mySTPFilter:
configure log filter myStpFilter add events stp.inbpdu severity info

The following command adds events in the STP.OutBPDU component, at the pre-defined severity level
for that component, to the filter myStpFilter:
configure log filter myStpFilter add events stp.outbpdu

The following command excludes one particular event, STP.InBPDU.Drop, from the filter:
configure log filter myStpFilter add exclude events stp.inbpdu.drop

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

322 ExtremeWare 7.3e Command Reference Guide

 configure log filter events match

configure log filter events match

configure log filter <filter name> [add | delete] {exclude} events [<event
condition> | [all | <event component>] {severity <severity> {only}}] [match
| strict-match] <type> <value> {and <type> <value> ...}

Description
Configures a log filter by adding or deleting a specified set of events and specific set of match
parameter values.

Syntax Description

filter name Specifies the filter to configure.

add Add the specified events to the filter
delete Remove the specified events from the filter
exclude Events matching the filter will be excluded
event condition Specifies the event condition.
all Specifies all events.
event component Specifies all the events associated with a particular component.
severity Specifies the minimum severity level of events (if the keyword only is omitted).
only Specifies only events of the specified severity level.
match Specifies events whose parameter values match the <type> <value> pair.
strict-match Specifies events whose parameter values match the <type> <value> pair, and
possess all the parameters specified.
type Specifies the type of parameter to match
value Specifies the value of the parameter to match
and Specifies additional <type> <value> pairs that must be matched

Default
If the exclude keyword is not used, the events will be included by the filter. If severity is not
specified, then the filter will use the component default severity threshold (see the note on on page 321
when delete or exclude is specified).

Usage Guidelines
This command controls the incidents that pass a filter by adding, or deleting, a specified set of events
that match a list of <type> <value> pairs. This command is an extension of the command configure
log filter events, and adds the ability to filter incidents based on matching specified event
parameter values to the event.

See the configure log filter events command on page 320 for more information on specifying and
using filters, on event conditions and components, on the details of the filtering process. The discussion
here is about the concepts of matching <type> <value> pairs to more narrowly define filters.

Types and Values. Each event in ExtremeWare is defined with a message format and zero or more
parameter types. The show log events detail command on page 373 can be used to display event

ExtremeWare 7.3e Command Reference Guide 323

Commands for Status Monitoring and Statistics

definitions (the event text and parameter types). The <value> depends on the parameter type specified.
As an example, an event may contain a physical port number, a source MAC address, and a destination
MAC address. To allow only those incidents with a specific source MAC address, use the following in
the command:

configure log filter myFilter add events bridge severity notice match source
mac-address 00:01:30:23:C1:00

The string type is used to match a specific string value of an event parameter, such as a user name. A
string can be specified as a simple regular expression.

Match Versus Strict-Match. The match and strict-match keywords control the filter behavior for
incidents whose event definition does not contain all the parameters specified in a configure log
filter events match command. This is best explained with an example. Suppose an event in the
XYZ component, named XYZ.event5, contains a physical port number, a source MAC address, but no
destination MAC address. If you configure a filter to match a source MAC address and a destination
MAC address, XYZ.event5 will match the filter when the source MAC address matches regardless of the
destination MAC address, since the event contains no destination MAC address. If you specify the
strict-match keyword, then the filter will never match, since XYZ.event5 does not contain the
destination MAC address.

In other words, if the match keyword is specified, an incident will pass a filter so long as all parameter
values in the incident match those in the match criteria, but all parameter types in the match criteria
need not be present in the event definition.

And Keyword. Use the and keyword to specify multiple parameter type/value pairs that must match
those in the incident. For example, to allow only those events with specific source and destination MAC
addresses, use the following command:

configure log filter myFilter add events bridge severity notice match source
mac-address 00:01:30:23:C1:00 and destination mac-address 01:80:C2:00:00:02

Multiple Match Commands. Multiple configure log add events match commands are logically ORed
together. For example, the following commands define a filter that allows layer 2 bridging incidents
with a source MAC address of one of three possible values:
create log filter bridgeFilter

configure log bridgeFilter add events bridge severity notice match source mac-address
00:11:12:13:14:15

configure log bridgeFilter add events bridge severity notice match source mac-address
00:21:22:23:24:25

configure log bridgeFilter add events bridge severity notice match source mac-address
00:31:32:33:34:35

In order to exclude only incidents whose parameter values match the specified criteria, follow this two
step process. First, include the applicable event(s) using either the configure log filter events
command, or using the configure log filter events match command described here, with a
superset of the match criteria. Second, use the exclude keyword in the configure log filter
events match command to exclude incidents with the specified parameter values.

Filter Optimization. As explained in the configure log filter events command, each time a
configure log filter match command is issued, an attempt is made to logically simplify the

324 ExtremeWare 7.3e Command Reference Guide

 configure log filter events match

configuration. This simplification extends to cases where one set of match criteria is a superset of
another.

More Information. See the command show log on page 360 for more information about severity
levels.

To get a listing of the components present in the system, use the following command:

show log components

To get a listing of event condition definitions, use the following command:

show log events

To see the current configuration of a filter, use the following command:

show log configuration filter {<filter name>}

Example
By default, all log targets are associated with the built-in filter, DefaultFilter. Therefore, the most
straightforward way to send additional messages to a log target is to modify DefaultFilter. In the
following example, the command modifies the built-in filter to allow incidents in the STP component,
and all subcomponents of STP, of severity critical, error, warning, notice and info. For any of these
events containing a physical port number as a match parameter, limit the incidents to only those
occurring on physical ports 3, 4 and 5:

configure log DefaultFilter add events stp severity info match ports 3-5

If desired, issue the unconfigure log DefaultFilter command to restore the DefaultFilter back to its
original configuration.

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 325

Commands for Status Monitoring and Statistics

configure log filter set severity

configure log filter <filter name> set severity <severity> events
[<event component> | all ]

Description
Sets the severity level of an existing filter item.

Syntax Description

filter name Specifies the filter to configure.

severity Specifies the severity level to send.
event component Specifies all the events associated with a particular component.

Default
N/A.

Usage Guidelines
This command modifies the severity level of an existing filter item describing a particular set of events.
Using this command is equivalent to deleting the filter item from the filter and then adding back a filter
item describing the same set of events with a different severity level. The command can only be used to
modify a filter item referring to a set of events with a severity level, as opposed to one that makes use
of only a single severity. It can be used to modify either “exclude” or “include” filter items.

Using the single command eliminates the possibility of missing an event of interest between the
separate delete and add commands.

Note that the severity of a filter item configured to include or exclude incidents based on event
parameter values can also be modified using the configure log filter set severity match
command on page 327.

See the command show log on page 360 for a detailed description of severity levels.

To see the current configuration of a target, use the following command:

show log configuration target {console-display | memory-buffer | nvram | session |
syslog <host name/ip> {: <udp-port>}[local0 ... local7]}

To see the current configuration of a filter, use the following command:

show log configuration filter {<filter name>}

History
This command was first available in ExtremeWare 7.2e

Platform Availability
This command is available on the “e” series platforms.

326 ExtremeWare 7.3e Command Reference Guide

 configure log filter set severity match

configure log filter set severity match

configure log filter <filter name> set severity <severity> events
[<event condition> | [all | <event component>]] [match | strict-match]
<type> <value> {and <type> <value> ...}

Description
Sets the severity level of an existing filter item.

Syntax Description

filter name Specifies the filter to configure.

severity Specifies the severity level to send.
event component Specifies all the events associated with a particular component.
only Specifies only events of the specified severity level.
match Specifies events whose parameter values match the <type> <value> pair.
strict-match Specifies events whose parameter values match the <type> <value> pair, and
possess all the parameters specified.
type Specifies the type of parameter to match
value Specifies the value of the parameter to match
and Specifies additional <type> <value> pairs that must be matched

Default
N/A.

Usage Guidelines
This command modifies the severity level of an existing filter item describing a particular set of events
and the parameter values of the desired events. Using this command is equivalent to deleting the filter
item from the filter and then adding back a filter item describing the same set of events with a different
severity level. The command can only be used to modify a filter item referring to a set of events with a
severity level, as opposed to one that makes use of only a single severity. It can be used to modify either
“exclude” or “include” filter items.

For example, to change the severity level of the filter item added with this command:

configure log slbFilter2 add exclude events slb.conn severity notice match
source ipaddress 10.1.2.0/24

use the following command:

configure log slbFilter2 set severity info events events slb.conn match
source ipaddress 10.1.2.0/24

Using this single command is preferred to using a delete command followed by an add command:

configure log slbFilter2 delete exclude events slb.conn severity notice match
source ipaddress 10.1.2.0/24
configure log slbFilter2 add exclude events slb.conn severity info match

ExtremeWare 7.3e Command Reference Guide 327

Commands for Status Monitoring and Statistics

source ipaddress 10.1.2.0/24

Using the single command eliminates the possibility of missing an event of interest between the
separate delete and add commands.

See the command show log on page 360 for a detailed description of severity levels.

To see the current configuration of a target, use the following command:

show log configuration target {console-display | memory-buffer | nvram | session |
syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]}

To see the current configuration of a filter, use the following command:

show log configuration filter <filter name>

History
This command was first available in ExtremeWare 7.2e

Platform Availability
This command is available on the “e” series platforms.

328 ExtremeWare 7.3e Command Reference Guide

 configure log target filter

configure log target filter

configure log target [console-display | memory-buffer | nvram | session |
syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]]
filter <filter name> {severity <severity> {only}}

Description
Associates a filter to a target.

Syntax Description

target Specifies the device to send the log entries.

console-display Specifies the console display.
memory-buffer Specifies the switch memory buffer.
nvram Specifies the switch NVRAM.
session Specifies the current session (including console display).
syslog Specifies a syslog remote server.
host name/ip Specifies the syslog host name or IP address.
udp-port Specifies the UDP port number for the syslog target.
local0 ... local7 Specifies the local syslog facility.
filter name Specifies the filter to associate with the target.
severity Specifies the minimum severity level to send (if the keyword only is omitted).
only Specifies that only the specified severity level is to be sent.

Default
If severity is not specified, the severity level for the target is left unchanged.

Usage Guidelines
This command associates the specified filter and severity with the specified target. A filter limits
messages sent to a target.

Although each target can be configured with its own filter, by default, all targets are associated with the
built-in filter, DefaultFilter. Each target can also be configured with its own severity level. This provides
the ability to associate multiple targets with the same filter, while having a configurable severity level
for each target.

A message is sent to a target if the target has been enabled, the message passes the associated filter, the
message is at least as severe as the configured severity level, and the message output matches the
regular expression specified. By default, the memory buffer and the NVRAM targets are enabled. For
other targets, use the command enable log target on page 355. Table 9 describes the default
characteristics of each type of target.

ExtremeWare 7.3e Command Reference Guide 329

Commands for Status Monitoring and Statistics

Table 9: Default Target Log Characteristics

Target Enabled Severity Level Pre-7.1.0 Command to Set Log Severity

console display no info configure log display {<severity>}
memory buffer yes debug-data N/A
NVRAM yes warning N/A
session no info N/A
syslog no debug-data configure syslog add <host name/ip> {: <udp-port>}
[local0 ... local7] <severity>

The built-in filter, DefaultFilter, and a severity level of info are used for each new telnet session. These
values may be overridden on a per-session basis using the configure log target filter command
and specify the target as session. Use the following form of the command for per-session configuration
changes:

configure log target session filter <filter name> {severity <severity> {only}}

Configuration changes to the current session target are in effect only for the duration of the session, and
are not saved in FLASH memory. The session option can also be used on the console display, if the
changes are desired to be temporary. If changes to the console-display are to be permanent (saved to
FLASH memory), use the following form of the command:

configure log target console-display filter <filter name> {severity <severity> {only}}

In other versions of ExtremeWare, so-called static messages with a severity level of warning and
above were stored in NVRAM so they would be available across a reboot. This remains the default
behavior for ExtremeWare releases, but message filtering for the NVRAM target is now configurable.

Example
The following command sends log messages to the previously syslog host at 10.31.8.25, port 8993, and
facility local3, that pass the filter myFilter and are of severity warning and above:
configure log target syslog 10.31.8.25:8993 local3 filter myFilter severity warning
The following command sends log messages to the current session, that pass the filter myFilter and are
of severity warning and above:
configure log target session filter myFilter severity warning

History
This command was first available in ExtremeWare 7.2e

Platform Availability
This command is available on the “e” series platforms.

330 ExtremeWare 7.3e Command Reference Guide

 configure log target format

configure log target format

configure log target [console-display | memory-buffer | nvram | session |
syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]]
format [timestamp [seconds | hundredths | none]
| date [dd-mm-yyyy | dd-Mmm-yyyy | mm-dd-yyyy | Mmm-dd | yyyy-mm-dd | none]
| severity [on | off]
| event-name [component | condition | none | subcomponent]
| host-name [on | off]
| priority [on | off]
| tag-id [on | off]
| tag-name [on | off]
| sequence-number [on | off]
| process-name [on | off]
| process-id [on | off]
| source-function [on | off]
| source-line [on | off]]

Description
Configures the formats of the items that comprise a message, on a per-target basis.

Syntax Description

console-display Specifies the console display.

memory-buffer Specifies the switch memory buffer.
nvram Specifies the switch NVRAM.
session Specifies the current session (including console display).
syslog Specifies a syslog target.
host name/ip Specifies the syslog host name or IP address.
udp-port Specifies the UDP port number for the syslog target.
local0 ... local7 Specifies the local syslog facility.
timestamp Specifies a timestamp formatted to display seconds, hundredths, or none.
date Specifies a date formatted as specified, or none.
severity Specifies whether to include the severity.
event-name Specifies how detailed the event description will be. Choose from none,
component, subcomponent, or condition.
host-name Specifies whether to include the host name.
priority Specifies whether to include the priority
tag-id Specifies whether to include the internal task identifier.
tag-name Specifies whether to include the task name.
sequence-number Specifies whether to include the event sequence number.
process-name Specifies whether to include the internal process name.
process-id Specifies whether to include the internal process identifier.
source-function Specifies whether to include the source function name.
source-line Specifies whether to include the source file name and line number.

ExtremeWare 7.3e Command Reference Guide 331

Commands for Status Monitoring and Statistics

Default
The following defaults apply to console display, memory buffer, NVRAM, and session targets:

• timestamp—hundredths
• date—mm-dd-yyyy
• severity—on
• event-name—condition
• host-name—off
• priority—off
• tag-id—off
• tag-name—off
• sequence-number—off
• process-name—off
• process-id—off
• source-function—off
• source-line—off

The following defaults apply to syslog targets (per RFC 3164):

• timestamp—seconds
• date—mmm-dd
• severity—on
• event-name—none
• host-name—off
• priority—on
• tag-id—off
• tag-name—on
• sequence-number—off
• process-name—off
• process-id—off
• source-function—off
• source-line—off

Usage Guidelines
This command configures the format of the items that make up log messages. You can choose to include
or exclude items and set the format for those items, but you cannot vary the order in which the items
are assembled.

When applied to the targets console-display or session, the format specified is used for the messages
sent to the console display or telnet session. Configuration changes to the session target, be it either a
telnet or console display target session, are in effect only for the duration of the session, and are not
saved in FLASH.

332 ExtremeWare 7.3e Command Reference Guide

 configure log target format

When this command is applied to the target memory-buffer, the format specified is used in subsequent
show log and upload log commands. The format configured for the internal memory buffer can be
overridden by specifying a format on the show log and upload log commands.

When this command is applied to the target syslog, the format specified is used for the messages sent
to the specified syslog host.

Timestamps. Timestamps refer to the time an event occurred, and can be output in either seconds as
described in RFC 3164 (for example, “13:42:56”), hundredths of a second (for example, “13:42:56.98”), or
suppressed altogether. To display timestamps as hh:mm:ss, use the seconds keyword, to display as
hh:mm:ss.HH, use the hundredths keyword, or to suppress timestamps altogether, use the none
keyword. Timestamps are displayed in hundredths by default.

Date. The date an event occurred can be output are described in RFC 3164. Dates are output in
different formats, depending on the keyword chosen. The following lists the date keyword options, and
how the date “March 26, 2003” would be output:
• Mmm-dd—Mar 26
• mm-dd-yyyy—03/26/2003
• dd-mm-yyyy—26-03-2003
• yyyy-mm-dd—2003-03-26
• dd-Mmm-yyyy—26-Mar-2003

Dates are suppressed altogether by specifying none. Dates are displayed as mm-dd-yyyy by default.

Severity. A four-letter abbreviation of the severity of the event can be output by specifying severity
on or suppressed by specifying severity off. The default setting is severity on. The abbreviations
are: Crit, Erro, Warn, Noti, Info, Summ, Verb, and Data. These correspond to: Critical, Error, Warning,
Notice, Informational, Debug-Summary, Debug-Verbose, and Debug-Data.

Event Names. Event names can be output as the component name only by specifying event-name
component, as component and subcomponent name by specifying event-name subcomponent, as
component and subcomponent name with condition mnemonic by specifying event-name condition,
or suppressed by specifying event-name none. The default setting is event-name condition to specify
the complete name of the events.

Host Name. The configured SNMP name of the switch can be output as HOSTNAME described in
RFC 3164 by specifying host-name on or suppressed by specifying host-name off. The default
setting is host-name off.

Tag ID. The (internal) ExtremeWare task identifiers of the applications detecting the events can be
output as the pid described in RFC 3164 by specifying tag-id on or suppressed by specifying tag-id
off. The default setting is tag-id off.

Tag Name. The component name used by the application when detecting the events can be output as
the TAG described in RFC 3164 by specifying tag-name on or suppressed by specifying tag-name off.
The default setting is tag-name off.

Sequence Number. Sequence numbers refer to the specific ordering of events as they occur, and can
be output as an ASCII decimal integer by specifying sequence-number on or suppressed by specifying
sequence-number off. The default setting is sequence-number off.

ExtremeWare 7.3e Command Reference Guide 333

Commands for Status Monitoring and Statistics

Process Name. For providing detailed information to technical support, the (internal) ExtremeWare
task names of the applications detecting the events can be displayed by specifying process-name on or
suppressed by specifying process-name off. The default setting is process-name off.

Process ID. For providing detailed information to technical support, the (internal) ExtremeWare task
identifiers of the applications detecting the events can be displayed by specifying process-id on or
suppressed by specifying process-id off. The default setting is process-id off.

Source Function. For providing detailed information to technical support, the names of the
application source functions detecting the events can be displayed by specifying source-function on
or suppressed by specifying source-function off. The default setting is source-function off.

Source Line. For providing detailed information to technical support, the application source file
names and line numbers detecting the events can be displayed by specifying source-line on or
suppressed by specifying source-line off. The default setting is source-line off.

Example
In the following example, the switch generates the identical event from the component SNTP, using
three different formats.

Using the default format for the session target, an example log message might appear as:
05/29/2003 12:15:25.00 <Warn:SNTP.RslvSrvrFail> The SNTP server parameter value
(TheWrongServer.example.com) can not be resolved.

If you set the current session format using the following command:
configure log target session format date mm-dd-yyy timestamp seconds event-name
component

The same example would appear as:

05/29/2003 12:16:36 <Warn:SNTP> The SNTP server parameter value
(TheWrongServer.example.com) can not be resolved.

In order to provide some detailed information to technical support, you set the current session format
using the following command:
configure log target session format date mmm-dd timestamp hundredths event-name
condition source-line on process-name on

The same example would appear as:

May 29 12:17:20.11 SNTP: <Warn:SNTP.RslvSrvrFail> tSntpc: (sntpcLib.c:606) The SNTP
server parameter value (TheWrongServer.example.com) can not be resolved.

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

334 ExtremeWare 7.3e Command Reference Guide

 configure log target match

configure log target match

configure log target [console-display | memory-buffer | nvram | session |
syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]] match [any
|<match-expression>]

Description
Associates a match expression to a target.

Syntax Description

console-display Specifies the console display.

memory-buffer Specifies the switch memory buffer.
nvram Specifies the switch NVRAM.
session Specifies the current session (including console display).
syslog Specifies a syslog target.
host name/ip Specifies the syslog host name or IP address.
udp-port Specifies the UDP port number for the syslog target.
local0 ... local7 Specifies the local syslog facility.
any Specifies that any messages will match. This effectively removes a previously
configured match expression.
match-expression Specifies a regular expression. Only messages that match the regular
expression will be sent.

Default
By default, targets do not have a match expression.

Usage Guidelines
This command configures the specified target with a match expression. The filter associated with the
target is not affected. A message is sent to a target if the target has been enabled, the message passes the
associated filter, the message is at least as severe as the configured severity level, and the message
output matches the regular expression specified.

See the command show log on page 360 for a detailed description of simple regular expressions. By
default, targets do not have a match expression.

Specifying any instead of match-expression effectively removes a match expression that had been
previously configured, causing any message to be sent that has satisfied all of the other requirements.

To seethe configuration of a target, use the following command:

show log configuration target {console-display | memory-buffer | nvram | session |
syslog <host name/ip> {: <udp-port>}[local0 ... local7]}

To see the current configuration of a filter, use the following command:

show log configuration filter <filter name>

ExtremeWare 7.3e Command Reference Guide 335

Commands for Status Monitoring and Statistics

Example
The following command sends log messages to the current session, that pass the current filter and
severity level, and contain the string user5:
configure log target session match user5

History
This command was first available in ExtremeWare 7.2e

Platform Availability
This command is available on the “e” series platforms.

336 ExtremeWare 7.3e Command Reference Guide

 configure log target severity

configure log target severity

configure log target [console-display | memory-buffer | nvram | session |
syslog [<host name/ip> {: <udp-port>} [local0 ... local7]]] {severity
<severity> {only}}

Description
Sets the severity level of messages sent to the target.

Syntax Description

console-display Specifies the console display.

memory-buffer Specifies the switch memory buffer.
nvram Specifies the switch NVRAM.
session Specifies the current session (including console display).
syslog Specifies a syslog target.
host name/ip Specifies the syslog host name or IP address.
udp-port Specifies the UDP port number for the syslog target.
local0 ... local7 Specifies the local syslog facility.
severity Specifies the least severe level to send (if the keyword only is omitted).
only Specifies that only the specified severity level is to be sent.

Default
By default, targets are sent messages of the following severity level and above:

• console display—info
• memory buffer—debug-data
• NVRAM—warning
• session—info
• syslog—debug-data

Usage Guidelines
This command configures the specified target with a severity level. The filter associated with the target
is not affected. A message is sent to a target if the target has been enabled, the message passes the
associated filter, the message is at least as severe as the configured severity level, and the message
output matches the regular expression specified.

See the command show log on page 360 for a detailed description of severity levels.

To see the current configuration of a target, use the following command:

show log configuration target {console-display | memory-buffer | nvram | session |
syslog <host name/ip> {: <udp-port>}[local0 ... local7]}

To see the current configuration of a filter, use the following command:

ExtremeWare 7.3e Command Reference Guide 337

Commands for Status Monitoring and Statistics

show log configuration filter {<filter name>}

Example
The following command sends log messages to the current session, that pass the current filter at a
severity level of info or greater, and contain the string user5:
configure log target session severity info

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

338 ExtremeWare 7.3e Command Reference Guide

 configure sys-recovery-level

configure sys-recovery-level
configure sys-recovery-level [none | [all | critical] [ reboot ]]

Description
Configures a recovery option for instances where an exception occurs in ExtremeWare.

Syntax Description

none Configures the level to no recovery. No action is taken when a task exception
occurs; there is no system shutdown or reboot.
all Configures ExtremeWare to log an error into the syslog and either shutdown
or reboot the system after any task exception occurs.
critical Configures ExtremeWare to log an error into the syslog and either shutdown
or reboot the system after a critical task exception.
reboot Reboots the switch.

Default
None.

Usage Guidelines
This command is used for system troubleshooting. If the system fails before the switch is booted up, the
switch will automatically start the console and allow access to the system to view the logs or debug the
failure. You can also configure the system to respond to software failures automatically. You must
specify one of the following parameters for the system to respond to software failures:
• none—No action is taken when a task exception occurs.
• all—The system will reboot or shut down if any task exception occurs.
• critical—The system will reboot or shutdown if a critical task exception occurs. Critical tasks
include the tBGTask, tNetTask, tEdpTask, and tESRPTask.

You must specify whether the system should shut down or reboot upon a task exception if the recovery
level is all or critical.

Example
The following command configures a switch to reboot after a critical task exception occurs:
configure sys-recovery-level critical reboot

History
This command was first available in ExtremeWare 7.1e.

Modified in ExtremeWare 7.2e to support the shutdown and reboot options.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 339

Commands for Status Monitoring and Statistics

configure syslog add

configure syslog {add} <host name/ip> {: <udp-port>} [local0 ... local7]
{<severity>}

Description
Configures the remote syslog server host address, and filters messages to be sent to the remote syslog
target.

Syntax Description

host name/ip Specifies the remote syslog server host name or IP address.
udp-port Specifies the UDP port number for the syslog target.
local0 ... local7 Specifies the local syslog facility.
severity Specifies a message severity. Severities include critical, error, warning, notice,
info, debug-summary, debug-verbose, and debug-data.

Default
If a severity level is not specified, all messages are sent to the remote syslog server target. If UDP port is
not specified, 514 is used.

Usage Guidelines
Options for configuring the remote syslog server include:
• host name/ip—The name or IP address of the remote syslog server host.
• udp-port—The UDP port
• facility—The syslog facility level for local use (local0– local7).
• severity—Filters the messages sent to the remote syslog server target to have the selected severity or
higher (more critical). Severities include critical, error, warning, notice, info, debug-summary,
debug-verbose, and debug-data.

The switch log overwrites existing log messages in a wrap-around memory buffer, which may cause
you to lose valuable information once the buffer becomes full. The remote syslog server does not
overwrite log information, and can store messages in non-volatile files (disks, for example).

The enable syslog command must be issued in order for messages to be sent to the remote syslog
server(s). Syslog is disabled by default. A total of four syslog servers can be configured at one time.

When a syslog server is added, it is associated with the filter DefaultFilter. Use the configure log
target filter command to associate a different filter.

The syslog facility level is defined as local0 – local7. The facility level is used to group syslog data.

Example
The following command configures the remote syslog server target with an critical severity:
configure syslog 123.45.67.78 local1 critical

340 ExtremeWare 7.3e Command Reference Guide

 configure syslog add

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 341

Commands for Status Monitoring and Statistics

configure syslog delete

configure syslog delete <host name/ip> {: <udp-port>} [local0 ... local7]

Description
Deletes a remote syslog server address.

Syntax Description

host name/ip Specifies the remote syslog server host name or IP address.
udp-port Specifies the UDP port number for the syslog target.
local0 ... local7 Specifies the local syslog facility.

Default
If a UDP port number is not specified, 514 is used.

Usage Guidelines
This command is used to delete a remote syslog server target.

Example
The following command deletes the remote syslog server with an IP address of 10.0.0.1:
configure syslog delete 10.0.0.1 local1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

342 ExtremeWare 7.3e Command Reference Guide

 create log filter

create log filter

create log filter <name> {copy <filter name>}

Description
Create a log filter with the specified name.

Syntax Description

name Specifies the name of the filter to create.

copy Specifies that the new filter is to be copied from an existing one.
filter name Specifies the existing filter to copy.

Default
N/A.

Usage Guidelines
This command creates a filter with the name specified. A filter is a customizable list of events to include
or exclude, and optional parameter values. The list of events can be configured by component or
subcomponent with optional severity, or individual condition, each with optional parameter values. See
the commands configure log filter events and configure log filter events match for
details on how to add items to the filter.
The filter can be associated with one or more targets using the configure log target filter
command to control the messages sent to those targets. The system has one built-in filter named
DefaultFilter, which itself may be customized. Therefore, the create log filter command can be used
if a filter other than DefaultFilter is desired. As its name implies, DefaultFilter initially contains the
default level of logging in which every ExtremeWare component and subcomponent has a pre-assigned
severity level.
If another filter needs to be created that will be similar to an existing filter, use the copy option to
populate the new filter with the configuration of the existing filter. If the copy option is not specified,
the new filter will have no events configured and therefore no incidents will pass through it.
The total number of supported filters, including DefaultFilter, is 20.

Example
The following command creates the filter named fdb2, copying its configuration from the filter
DefaultFilter:
create log filter fdb2 copy DefaultFilter

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 343

Commands for Status Monitoring and Statistics

delete log filter

delete log filter [<filter name> | all]

Description
Delete a log filter with the specified name.

Syntax Description

filter name Specifies the filter to delete.

all Specifies that all filters, except DefaultFilter, are to be deleted

Default
N/A.

Usage Guidelines
This command deletes the specified filter, or all filters except for the filter DefaultFilter. The specified
filter must not be associated with a target. To remove that association, associate the target with
DefaultFilter instead of the filter to be deleted, using the following command:
configure log target <target> filter DefaultFilter

Example
The following command deletes the filter named fdb2:
delete log filter fdb2

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

344 ExtremeWare 7.3e Command Reference Guide

 disable cli-config-logging

disable cli-config-logging
disable cli-config-logging

Description
Disables the logging of CLI configuration commands to the switch Syslog.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
The disable cli-config-logging command discontinues the recording of all switch configuration
changes and their sources that are made using the CLI via Telnet or the local console. After you disable
configuration logging, no further changes are logged to the system log.

To view the status of configuration logging on the switch, use the show management command. The
show management command displays information about the switch including the enable/disable state
for configuration logging.

Example
The following command disables the logging of CLI configuration command to the Syslog:
disable cli-config-logging

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 345

Commands for Status Monitoring and Statistics

disable log debug-mode

disable log debug-mode

Description
Disables debug mode. The switch stops logging events of severity debug-summary, debug-verbose, and
debug-data.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables debug mode. Debug mode must be enabled prior to logging debug messages,
which can severely degrade performance. For typical network device monitoring, debug mode should
remain disabled, the default setting. Debug mode should only be enabled when advised by technical
support, or when advanced diagnosis is required. The debug mode setting is saved to FLASH.

Example
The following command disables debug mode:
disable log debug-mode

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

346 ExtremeWare 7.3e Command Reference Guide

 disable log display

disable log display

disable log display

Description
Disables the sending of messages to the console display.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command was available in other versions of ExtremeWare and has now been replaced. The new
command equivalent to disable log display is the following:

disable log target console-display

Example
The following command disables the log display:
disable log display

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 347

Commands for Status Monitoring and Statistics

disable log target

disable log target [console-display | memory-buffer | nvram | session |
syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]]

Description
Stop sending log messages to the specified target.

Syntax Description

console-display Specifies the console display.

memory-buffer Specifies the switch memory buffer.
nvram Specifies the switch NVRAM.
session Specifies the current session (including console display).
syslog Specifies a syslog target.
host name/ip Specifies the syslog host name or IP address.
udp-port Specifies the UDP port number for the syslog target.
local0 ... local7 Specifies the local syslog facility.

Default
Enabled, for memory buffer and NVRAM; all other targets are disabled by default.

Usage Guidelines
This command stops sending messages to the specified target. By default, the memory buffer and the
NVRAM targets are enabled. Other targets must be enabled before messages are sent to those targets.

Configuration changes to the session target are in effect only for the duration of the console display or
telnet session, and are not saved in FLASH. Changes to the other targets are saved to FLASH.

In other versions of ExtremeWare, a similar command was used to disable displaying the log on the
console. That command:
disable log display

is equivalent to:
disable log target console-display

Example
The following command disables log messages to the current session:
disable log target session

History
This command was first available in ExtremeWare 7.1e.

348 ExtremeWare 7.3e Command Reference Guide

 disable log target

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 349

Commands for Status Monitoring and Statistics

disable rmon
disable rmon

Description
Disables the collection of RMON statistics on the switch.

Syntax Description
This command has no arguments or variables.

Default
By default, RMON is disabled. However, even in the disabled state, the switch responds to RMON
queries and sets for alarms and events.

Usage Guidelines
The switch supports four out of nine groups of Ethernet RMON statistics. In a disabled state, the switch
continues to respond to the following two groups:
• Alarms—The Alarms group provides a versatile, general mechanism for setting threshold and
sampling intervals to generate events on any RMON variable. Both rising and falling thresholds are
supported, and thresholds can be on the absolute value of a variable or its delta value. In addition,
alarm thresholds may be auto calibrated or set manually.
• Events—The Events group creates entries in an event log and/or sends SNMP traps to the
management workstation. An event is triggered by an RMON alarm. The action taken can be
configured to ignore it, to log the event, to send an SNMP trap to the receivers listed in the trap
receiver table, or to both log and send a trap. The RMON traps are defined in RFC 1757 for rising
and falling thresholds.

To view the status of RMON polling on the switch, use the show management command. The show
management command displays information about the switch including the enable/disable state for
RMON polling.

Example
The following command disables the collection of RMON statistics on the switch:
disable rmon

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

350 ExtremeWare 7.3e Command Reference Guide

 disable syslog

disable syslog
disable syslog

Description
Disables logging to all remote syslog server targets.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Disables logging to all remote syslog server targets, not to the switch targets. This setting is saved in
FLASH, and will be in effect upon boot up.

Example
The following command disables logging to all remote syslog server targets:
disable syslog

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 351

Commands for Status Monitoring and Statistics

enable cli-config-logging
enable cli-config-logging

Description
Enables the logging of CLI configuration commands to the Syslog for auditing purposes.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
ExtremeWare allows you to record all configuration changes and their sources that are made using the
CLI by way of Telnet or the local console. The changes are logged to the system log. Each log entry
includes the user account name that performed the changes and the source IP address of the client (if
Telnet was used). Configuration logging applies only to commands that result in a configuration
change.

To view the status of configuration logging on the switch, use the show management command. The
show management command displays information about the switch including the enable/disable state
for configuration logging.

Example
The following command enables the logging of CLI configuration commands to the Syslog:
enable cli-config-logging

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

352 ExtremeWare 7.3e Command Reference Guide

 enable log debug-mode

enable log debug-mode

enable log debug-mode

Description
Enables debug mode. The switch allows debug events included in log filters to be logged.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables debug mode. Debug mode must be enabled prior to logging debug messages,
which can severely degrade performance. For typical network device monitoring, debug mode should
remain disabled, the default setting. Debug mode should only be enabled when advised by technical
support, or when advanced diagnosis is required. The debug mode setting is saved to FLASH.

Example
The following command enables debug mode:
enable log debug-mode

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 353

Commands for Status Monitoring and Statistics

enable log display

enable log display

Description
Enables a running real-time display of log messages on the console display.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
If you enable the log display on a terminal connected to the console port, your settings will remain in
effect even after your console session is ended (unless you explicitly disable the log display).

You configure the messages displayed in the log using the configure log display, or configure log
target console-display commands.

This command was available in other versions of ExtremeWare and has now been replaced. The new
command equivalent to enable log display is the following:

enable log target console-display

To change the log filter association, severity threshold, or match expression for messages sent to the
console display, use the configure log target console-display command

Example
The following command enables a real-time display of log messages:
enable log display

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

354 ExtremeWare 7.3e Command Reference Guide

 enable log target

enable log target

enable log target [console-display | memory-buffer | nvram | session |
syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]]

Description
Start sending log messages to the specified target.

Syntax Description

console-display Specifies the console display.

memory-buffer Specifies the switch memory buffer.
nvram Specifies the switch NVRAM.
session Specifies the current session (including console display).
syslog Specifies a syslog target.
host name/ip Specifies the syslog host name or IP address.
udp-port Specifies the UDP port number for the syslog target.
local0 ... local7 Specifies the local syslog facility.

Default
Enabled, for memory buffer and NVRAM; all other targets are disabled by default.

Usage Guidelines
This command starts sending messages to the specified target. By default, the memory-buffer and the
NVRAM targets are enabled. Other targets must be enabled before messages are sent to those targets.

Configuration changes to the session target are in effect only for the duration of the console display or
telnet session, and are not saved in FLASH. Others are saved in FLASH.

In earlier versions of ExtremeWare, a similar command was used to enable displaying the log on the
console. That command:
enable log display

is equivalent to:
enable log target console-display

Example
The following command enables log messages on the current session:
enable log target session

History
This command was first available in ExtremeWare 7.2e.

ExtremeWare 7.3e Command Reference Guide 355

Commands for Status Monitoring and Statistics

Platform Availability
This command is available on the “e” series platforms.

356 ExtremeWare 7.3e Command Reference Guide

 enable rmon

enable rmon
enable rmon

Description
Enables the collection of RMON statistics on the switch.

Syntax Description
This command has no arguments or variables.

Default
By default, RMON is disabled. However, even in the disabled state, the switch responds to RMON
queries and sets for alarms and events. By enabling RMON, the switch begins the processes necessary
for collecting switch statistics.

Usage Guidelines
The switch supports four out of nine groups of Ethernet RMON statistics. In an enabled state, the
switch responds to the following four groups:
• Statistics—The RMON Ethernet Statistics group provides traffic and error statistics showing packets,
bytes, broadcasts, multicasts, and errors on a LAN segment or VLAN.
• History—The History group provides historical views of network performance by taking periodic
samples of the counters supplied by the Statistics group. The group features user-defined sample
intervals and bucket counters for complete customization of trend analysis.
• Alarms—The Alarms group provides a versatile, general mechanism for setting threshold and
sampling intervals to generate events on any RMON variable. Both rising and falling thresholds are
supported, and thresholds can be on the absolute value of a variable or its delta value. In addition,
alarm thresholds may be auto calibrated or set manually.
• Events—The Events group creates entries in an event log and/or sends SNMP traps to the
management workstation. An event is triggered by an RMON alarm. The action taken can be
configured to ignore it, to log the event, to send an SNMP trap to the receivers listed in the trap
receiver table, or to both log and send a trap. The RMON traps are defined in RFC 1757 for rising
and falling thresholds.

NOTE
You can only use the RMON features of the system if you have an RMON management application and
have enabled RMON on the switch.

RMON requires one probe per LAN segment, and standalone RMON probes have traditionally been
expensive. Therefore, Extreme’s approach has been to build an inexpensive RMON probe into the agent
of each system. This allows RMON to be widely deployed around the network without costing more
than traditional network management. The switch accurately maintains RMON statistics at the
maximum line rate of all of its ports.

For example, statistics can be related to individual ports. Also, because a probe must be able to see all
traffic, a stand-alone probe must be attached to a nonsecure port. Implementing RMON in the switch
means that all ports can have security features enabled.

ExtremeWare 7.3e Command Reference Guide 357

Commands for Status Monitoring and Statistics

To view the status of RMON polling on the switch, use the show management command. The show
management command displays information about the switch including the enable/disable state for
RMON polling.

Example
The following command enables the collection of RMON statistics on the switch:
enable rmon

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

358 ExtremeWare 7.3e Command Reference Guide

 enable syslog

enable syslog
enable syslog

Description
Enables logging to all remote syslog host targets.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
In order to enable remote logging, you must do the following:
• Configure the syslog host to accept and log messages.
• Enable remote logging by using the enable syslog command.
• Configure remote logging by using the configure syslog add command.

When you use the enable syslog command, the exporting process of the syslog begins. This command
also determines the initial state of an added remote syslog target.

Example
The following command enables logging to all remote syslog hosts:
enable syslog

History
This command was first available in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 359

Commands for Status Monitoring and Statistics

show log
show log {messages [memory-buffer | nvram]} {severity <severity> {only}}
{starting [date <date> time <time> | date <date> | time <time>]} {ending
[date <date> time <time> | date <date> | time <time>]} {match
<match-expression>} {format <format>} {chronological}

Description
Displays the current log messages.

Syntax Description

messages Specifies the target location from which to display the log messages.
memory-buffer Show messages stored in volatile memory (default).
nvram Show messages stored in NVRAM.
severity Specifies the minimum severity level to display (if the keyword only is omitted).
only Specifies that only the specified severity level is to be displayed
starting Show messages with timestamps equal to or greater than that specified
date Specifies the date, where date is <month (1-12)> / <day> {/ <year (yyyy)>}.
time Specifies the time, where time is <hour (0-23)> {: <minute (0-59)> {:
<seconds> {. <hundredths>}}}
ending Show messages with timestamps equal to or less than that specified.
match-expression Specifies a regular expression. Only messages that match the regular
expression will be displayed.
format Specifies a format to use to override the format configured for the memory
buffer.
chronological Specifies displaying log messages in ascending chronological order (oldest to
newest).

Default
The following defaults apply:

• messages—memory buffer
• severity—none (displays everything stored in the target)
• starting, ending—if not specified, no timestamp restriction
• match—no restriction
• format—the format configured with the configure log target format command
• chronological—if not specified, show messages in order from newest to oldest

Usage Guidelines
Switch configuration and fault information is filtered and saved to target logs, in a memory buffer, and
in NVRAM. Each entry in the log contains the following information:
• Timestamp—records the month and day of the event, along with the time (hours, minutes, seconds,
and hundredths).

360 ExtremeWare 7.3e Command Reference Guide

 show log

• Severity Level—indicates the urgency of a condition reported in the log. Table 10 describes the
severity levels assigned to events.
• Component, Subcomponent, and Condition Name—describes the subsystem in the software that
generates the event. This provides a good indication of where a fault might lie.
• Message—a description of the event occurrence. If the event was caused by a user, the user name is
also provided.
This command displays the messages stored in either the internal memory buffer or in NVRAM. The
messages shown can be limited by specifying a severity level, a time range, or a match expression.
Messages stored in the target have already been filtered as events occurred, and specifying a severity or
match expression on the show log command can only further limit the messages shown.
If the messages keyword is not present, the messages stored in the memory-buffer target are displayed.
Otherwise, the messages stored in the specified target are displayed.
If the only keyword is present following the severity value, then only the events at that exact severity
are included. Without the only keyword, events at that severity or more urgent are displayed. For
example, severity warning implies critical, error, or warning, whereas severity warning only implies
only warning.
Messages whose timestamps are equal or later than the starting time and are equal or earlier than the
specified ending time will be shown if they also pass the severity requirements and match expression, if
specified.
If the format phrase is specified, this format overrides the format already configured for the specified
log. See the command configure log target format on page 331 for more information on specifying
a format.
If a match phrase is specified, the formatted message must match the simple regular expression
specified by match-expression for it to be shown.

A simple regular expression is a string of single characters including the dot character (.), which are
optionally combined with quantifiers and constraints. A dot matches any single character while other
characters match only themselves (case is significant). Quantifiers include the star character (*) that
matches zero or more occurrences of the immediately preceding character or dot. Constraints include
the caret character (^) that matches at the beginning of a message, and the currency character ($) that
matches at the end of a message. Bracket expressions are not supported. There are a number of sources
available on the Internet and in various language references describing the operation of regular
expressions.

If the chronological keyword is specified, messages are shown from oldest to newest; otherwise,
messages are displayed newest to oldest.

Severity Level. The severity levels are critical, error, warning, notice, and info, plus three
severity levels for extended debugging, debug-summary, debug-verbose, and debug-data. In log
messages, the severity levels are shown by four letter abbreviations. The abbreviated forms are:

• Critical—Crit
• Error—Erro
• Warning—Warn
• Notice—Noti
• Info—Info
• Debug-Summary—Summ
• Debug-Verbose—Verb

ExtremeWare 7.3e Command Reference Guide 361

Commands for Status Monitoring and Statistics

• Debug-Data—Data

The three severity levels for extended debugging, debug-summary, debug-verbose, and debug-data,
require that debug mode be enabled (which may cause a performance degradation). See the command
enable log debug-mode on page 353.

Table 10: Severity Levels Assigned by the Switch

Level Description
Critical A serious problem has been detected which is compromising the operation of the
system and that the system can not function as expected unless the situation is
remedied. The switch may need to be reset.
Error A problem has been detected which is interfering with the normal operation of the
system and that the system is not functioning as expected.
Warning An abnormal condition, not interfering with the normal operation of the system, has
been detected which may indicate that the system or the network in general may not
be functioning as expected.
Notice A normal but significant condition has been detected, which signals that the system is
functioning as expected.
Info (Informational) A normal but potentially interesting condition has been detected, which signals that the
system is functioning as expected and simply provides information or confirmation
about the condition.
Debug-Summary A condition has been detected that may interest a developer determining the reason
underlying some system behavior.
Debug-Verbose A condition has been detected that may interest a developer analyzing some system
behavior at a more verbose level than provided by the debug summary information.
Debug-Data A condition has been detected that may interest a developer inspecting the data
underlying some system behavior.

Log entries remain in the NVRAM log after a switch reboot. Issuing a clear log command does not
remove these static entries. To remove log entries from NVRAM, use the following command:
clear log messages nvram

Example
The following command displays messages with a critical severity:
show log critical

The following command displays messages with warning, error, or critical severity:
show log warning

The following command displays messages containing the string “port 2”:
show log match "port 2"

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to include the messages, severity, only, starting,
ending, chronological, match, and format options.

In ExtremeWare 7.3e, the Summit 300-48 replaced the priority keyword with the severity keyword.

362 ExtremeWare 7.3e Command Reference Guide

 show log

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 363

Commands for Status Monitoring and Statistics

show log components

show log components {<event component> | all}

Description
Display the name, description and default severity for all components.

Syntax Description

event component Specifies component to display.

all Displays all components.

Default
N/A.

Usage Guidelines
This command displays the name, description, and default severity defined for the specified
components and subcomponents.

Example
The following command displays the log components:
show log components

The output produced by the show log components command is similar to the following:
show log components
Severity
Component Title Threshold
------------------- ---------------------------------------------- -------------
Bridge Layer 2 Bridging Error
Learning Layer 2 Bridge Learning Error
EAPS Ethernet Automatic Protection Switching (EAPS) Error
MSMFailover EAPS MSM Failover Error
SharedPort EAPS SharedPort Domain Error
EDP Extreme Discovery Protocol (EDP) Error
ELRP Extreme Loop Recovery Protocol (ELRP) Error
ESRP Extreme Standby Router Protocol (ESRP) Notice
Aware ESRP Aware Processing Notice
Message ESRP PDU Tx/Rx Error
MSMFailover ESRP MSM Failover Error
State ESRP State Transitions Notice
Tracking ESRP Tracking Error
FDB Forwarding Data Base Error
IP IP FDB Error
IPMC IP Multicast FDB Error
Replacement FDB Replacement Error
IGMP Internet Group Management Protocol Error
Snooping IGMP Snooping Error
IP N/A

364 ExtremeWare 7.3e Command Reference Guide

 show log components

AccessList IP Access List Error

Forwarding IP Forwarding Error
Log Event Management System (EMS) Error
OSPF Open Shortest Path First Error
Event OSPF Events Error
Hello OSPF Hello Error
LSA OSPF Link-State Advertisement Error
Neighbor OSPF Neighbor Error
SPF OSPF Shortest Path First Error
SNTP Simple Network Time Protocol Warning
STP Spanning-Tree Protocol (STP) Error
InBPDU STP In BPDU subcomponent Warning
OutBPDU STP Out BPDU subcomponent Warning
System STP System subcomponent Error

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 365

Commands for Status Monitoring and Statistics

show log configuration

show log configuration

Description
Displays the log configuration, including the syslog host IP address, the priority level of messages being
logged locally, and the priority level of messages being sent to the syslog host.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This command displays the log configuration for all targets. The state of the target, enabled or disabled
is displayed. For the enabled targets, the associated filter, severity, match expression, and format is
displayed. The debug mode state of the switch is also displayed.

Example
The following command displays the configuration of all the log targets:
show log configuration

The output produced by the command is similar to the following:

Severities: Critical, Error, Warning, Notice, Info, Debug-Summary, Debug-Verbose,
Debug-Data

Log Target : session 1028 (10.38.0.42)

Enabled : no
Filter Name : DefaultFilter
Severity : info (through critical)
Match : (none)
Format : MM/DD/YYYY HH:MM:SS.hh <Severity:Component.SubComponent.Conditi
on>

Log Target : console-display

Enabled : no
Filter Name : DefaultFilter
Severity : info (through critical)
Match : (none)
Format : MM/DD/YYYY HH:MM:SS.hh <Severity:Component.SubComponent.Conditi
on>

Remote syslog targets are disabled by default.

Debug-Mode is disabled.

366 ExtremeWare 7.3e Command Reference Guide

 show log configuration

History
This command was first available in ExtremeWare 7.2e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 367

Commands for Status Monitoring and Statistics

show log configuration filter

show log configuration filter {<filter name>}

Description
Displays the log configuration for the specified filter.

Syntax Description

filter name Specifies the filter to display.

Default
If no options are specified, the command displays the configuration for all filters.

Usage Guidelines
This command displays the configuration for filters.

Example
The following command displays the configuration for the filter, myFilter:
show log configuration filter myFilter

The output of this command is similar to the following:

Log Filter Name : myFilter
I/ Severity Parameter(s) Even If
E Comp. Sub-comp. Condition CEWNISVD Type Value Missing
- ------- ----------- --------------- -------- ------ --------------------- -
E STP OutBPDU * CEWNISVD N
I STP * * -------- N

Include/Exclude: I - Include, E - Exclude

Component Unreg: * - Component/Subcomponent is not currently registered
Severity Values: C - Critical, E - Error, W - Warning, N - Notice, I - Info
Debug Severity : S - Debug-Summary, V - Debug-Verbose, D - Debug-Data
(Caution: Debug Severities require "enable log debug-mode")
Parameter Flags: S - Source, D - Destination (as applicable)
I - Ingress, E - Egress,
Parameter Types: Port - Physical Port list
MAC - MAC address, IP - IP Address/netmask, Mask - Netmask
VID - Virtual LAN ID (tag), VLAN - Virtual LAN name
L4 - Layer-4 Port #, Num - Number, Str - String
Nbr - Neighbor, Rtr - Routerid, EAPS - EAPS Domain
Even If Parameters Missing: Y - Yes, N - No, or no parameters specified

The above output shows two filter items. The first item excludes all events from the STP.OutBPDU
component. The second item includes the remaining events from the STP component. The severity
value is show as “-”, indicating that the component’s default severity threshold controls which
messages are passed.

368 ExtremeWare 7.3e Command Reference Guide

 show log configuration filter

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 369

Commands for Status Monitoring and Statistics

show log configuration target

show log configuration target {console-display | memory-buffer | nvram |
session | syslog <host name/ip> {: <udp-port>}[local0 ... local7]}

Description
Displays the log configuration for the specified target.

Syntax Description

console-display Show the log configuration for the console display.

memory-buffer Show the log configuration for volatile memory.
nvram Show the log configuration for NVRAM.
session Show the log configuration for the current session (including console display).
syslog Show the configuration for the specified syslog target.
host name/ip Specifies the syslog host name or IP address.
udp-port Specifies the UDP port number for the syslog target.
local0 ... local7 Specifies the local syslog facility.

Default
If no options are specified, the command displays the configuration for the current session and console
display.

Usage Guidelines
This command displays the log configuration for the specified target. The associated filter, severity,
match expression, and format is displayed.

Example
The following command displays the log configuration:
show log configuration target

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

370 ExtremeWare 7.3e Command Reference Guide

 show log counters

show log counters

show log counters {<event condition> | [all | <event component>] {severity
<severity> {only}}}

Description
Displays the incident counters for events.

Syntax Description

event condition Specifies the event condition to display.

all Specifies that all events are to be displayed.
event component Specifies that all the events associated with a particular component or
subcomponent should be displayed.
severity Specifies the minimum severity level of events to display (if the keyword only
is omitted).
only Specifies that only events of the specified severity level are to be displayed

Default
If severity is not specified, then events of all severity are displayed. If detail is not specified, then
summary only information is displayed.

Usage Guidelines
This command displays the incident counters for each event specified. Two incident counters are
displayed. One counter displays the number of times an event has occurred, and the other displays the
number of times that notification for the event was made to the system (an incident record was injected
into the system for further processing). Both incident counters reflect totals accumulated since reboot or
since the counters were cleared using the clear log counters or clear counters command,
regardless of whether it was filtered or not.

This command also displays a reference count (the column titled Rf in the output). The reference count
is the number of enabled targets receiving notifications of this event.

See the command show log on page 360 for more information about severity levels.

To get a listing of the event conditions in the system, use the following command:
show log events

To get a listing of the components present in the system, use the following command:
show log components

Example
The following command displays the event counters for event conditions of severity debug-summary or
greater in the component STP.InBPDU:
show log counters stp.inbpdu severity debug-summary

ExtremeWare 7.3e Command Reference Guide 371

Commands for Status Monitoring and Statistics

The output produced by the above command is similar to the following:

Comp SubComp Condition Severity Rf Notified Occurred
------- ----------- ----------------------- ------------- -- -------- --------
STP InBPDU
PDUDrop Error 1 0 0
PDUIgn Debug-Summary 0 0 0
PDUTrace Info 0 0 0

The following command displays the event counters for the event condition PDUDrop in the component
STP.InBPDU:
show log counters "STP.InBPDU.PDUDrop"

The output produced by the above command is similar to the following:

Comp SubComp Condition Severity Rf Notified Occurred
------- ----------- ----------------------- ------------- -- -------- --------
STP InBPDU
PDUDrop Error 1 0 0

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

372 ExtremeWare 7.3e Command Reference Guide

 show log events

show log events

show log events {<event condition> | [all | <event component>] {severity
<severity> {only}}} {detail}

Description
Displays information about the individual events (conditions) that can be logged.

Syntax Description

event condition Specifies the event condition to display.

all Specifies that all events are to be displayed.
event component Specifies that all the events associated with a particular component should be
displayed.
severity Specifies the minimum severity level of events to display (if the keyword only
is omitted).
only Specifies that only events of the specified severity level are to be displayed
detail Specifies that detailed information, including the message format and
parameter types, be displayed.

Default
If severity is not specified, then events of all severity are displayed. If detail is not specified, then
summary only information is displayed.

Usage Guidelines
This command displays the mnemonic, message format, severity, and parameter types defined for each
condition in the event set specified.

See the command show log on page 360 for more information about severity levels.

When the detail option is specified, the message format is displayed for the event conditions specified.
The message format parameters are replaced by the value of the parameters when the message is
generated.

To get a listing of the components present in the system, use the following command:

show log components

Example
The following command displays the event conditions of severity debug-summary or greater in the
component STP.InBPDU:
show log events stp.inbpdu severity debug-summary

The output produced by the above command is similar to the following:

ExtremeWare 7.3e Command Reference Guide 373

Commands for Status Monitoring and Statistics

Comp SubComp Condition Severity Parameters

------- ----------- ----------------------- ------------- ----------
STP InBPDU
PDUDrop Error 3
PDUIgn Debug-Summary 2
PDUTrace Info 2

The following command displays the details of the event condition PDUTrace in the component
STP.InBPDU:
show log events stp.inbpdu.pdutrace detail

The output produced by the above command is similar to the following:

Comp SubComp Condition Severity Parameters
------- ----------- ----------------------- ------------- ----------
STP InBPDU PDUTrace Info 2 Total
0 - string
1 - ports
"Port=%1%: %0%"

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

374 ExtremeWare 7.3e Command Reference Guide

 show memory

show memory
show memory {detail}

Description
Displays the current system memory information.

Syntax Description

detail Specifies task-specific memory usage.

Default
N/A.

Usage Guidelines
Your Summit switch must have 32MB of DRAM to support the features in ExtremeWare version 4.0 and
above.

Viewing statistics on a regular basis allows you to see how well your network is performing. If you
keep simple daily records, you will see trends emerging and notice problems arising before they cause
major network faults. This way, statistics can help you get the best out of your network.

The show memory command displays the following information in a tabular format:
• System memory information including the total DRAM size of your system.
• Current memory (both free and allocated memory) used by the system and the users.
• Cumulative memory (both free and allocated memory) used by the users.
• Software packet memory statistics including the type of packet, the number of allocated and free
packets, the number of packet failures, and data and other blocks.
• Memory utilization statistics including the total blocks of memory available and the memory being
used on your system. You can review how your memory is being utilized For example you can view
memory utilization for the system, management, ESRP, IP, and other system functions.

This information may be useful for your technical support representative if you experience a problem.

Depending on the software version running on your switch, additional or different memory information
may be displayed.

Example
The following command displays current system memory information:
show memory

History
This command was first available in ExtremeWare 7.1e.

ExtremeWare 7.3e Command Reference Guide 375

Commands for Status Monitoring and Statistics

Platform Availability
This command is available on the “e” series platforms.

376 ExtremeWare 7.3e Command Reference Guide

 show ports rxerrors

show ports rxerrors

show ports {mgmt | <portlist>| vlan <vlan name>} rxerrors

Description
Displays real-time receive error statistics.

Syntax Description

mgmt Specifies the management port. Supported only for switches that provide a
management port, such as the Summit 400.
portlist Specifies one or more ports numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
If you do not specify a port number or range of ports, receive error statistics are displayed for all ports.

This status information may be useful for your technical support representative if you have a network
problem.

The following port receive error information is collected by the switch:

• Port Number
• Link Status—The current status of the link. Options are:
— Ready (R): The port is ready to accept a link.
— Active (A): The link is present at this port.
— Disabled (D): The link is disabled at this port.
— Not Present (NP): The link is not present at this port.
— Loopback (LB): The link is configured with loopback detection.
• Receive Bad CRC Frames (RX CRC)—The total number of frames received by the port that were of
the correct length, but contained a bad FCS value.
• Receive Oversize Frames (RX Over)—The total number of good frames received by the port greater
than the supported maximum length of 1,522 bytes..
• Receive Undersize Frames (RX Under)—The total number of frames received by the port that were
less than 64 bytes long.
• Receive Fragmented Frames (RX Frag)—The total number of frames received by the port were of
incorrect length and contained a bad FCS value.
• Receive Jabber Frames (RX Jabber)—The total number of frames received by the port that was of
greater than the support maximum length and had a Cyclic Redundancy Check (CRC) error.
• Receive Alignment Errors (RX Align)—The total number of frames received by the port that occurs if
a frame has a CRC error and does not contain an integral number of octets.

ExtremeWare 7.3e Command Reference Guide 377

Commands for Status Monitoring and Statistics

• Receive Frames Lost (RX Lost)—The total number of frames received by the port that were lost
because of buffer overflow in the switch.

Example
The following command displays receive error statistics for ports 1 through 3:
show ports 1-3 rxerrors

The output of the command is similar to:

Port Rx Error Monitor Sun Sep 12 14:53:17 2004

Port Link Rx Rx Rx Rx Rx Rx Rx
Status CRC Over Under Frag Jabber Align Lost
================================================================================
1 A 0 0 0 0 0 0 0
2 A 0 0 0 0 0 0 0
3 R 0 0 0 0 0 0 0

===============================================================================
=====Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback
0->Clear Counters U->page up D->page down ESC->exit

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to add support for management ports.

Platform Availability
This command is available on the “e” series platforms.

378 ExtremeWare 7.3e Command Reference Guide

 show ports stats

show ports stats

show ports {mgmt | <portlist> | vlan <vlan name>} stats {cable-diagnostics}

Description
Displays real-time port statistics.

Syntax Description

mgmt Specifies the management port. Supported only for switches that provide a
management port, such as the Summit 400.
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5, 1:5,
1:6-1:8.
vlan name Specifies a VLAN name.
cable-diagnostics Specifies that cable diagnostics information should be shown for the specified
port(s).

Default
N/A.

Usage Guidelines
If you do not specify a port number or range of ports, statistics are displayed for all ports.

Jumbo frame statistics are displayed for switches that are configured for jumbo frame support.

This status information may be useful for your technical support representative if you have a network
problem.

The following port statistic information is collected by the switch:

• Port Number
• Link Status—The current status of the link. Options are:
— Ready (R): The port is ready to accept a link.
— Active (A): The link is present at this port.
— Disabled (D): The link is disabled at this port.
— Not Present (NP): The link is not present at this port.
— Loopback (LB): The link is configured with loopback detection.
• Transmitted Packet Count (Tx Pkt Count)—The number of packets that have been successfully
transmitted by the port.
• Transmitted Byte Count (Tx Byte Count)—The total number of data bytes successfully transmitted
by the port.
• Received Packet Count (Rx Pkt Count)—The total number of good packets that have been received
by the port.
• Received Byte Count (RX Byte Count)—The total number of bytes that were received by the port,
including bad or lost frames. This number includes bytes contained in the Frame Check Sequence
(FCS), but excludes bytes in the preamble.

ExtremeWare 7.3e Command Reference Guide 379

Commands for Status Monitoring and Statistics

• Received Broadcast (RX Bcast)—The total number of frames received by the port that are addressed
to a broadcast address.
• Received Multicast (RX Mcast)—The total number of frames received by the port that are addressed
to a multicast address.

Example
The following command displays port statistics for a Summit 300-24:
show ports stats
Port Statistics Sun Sep 12 14:56:09 2004
Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx
Status Count Count Count Count Bcast
================================================================================
1 A 3587087 2077645883 2085802 188073946 79614
2 A 3169114 2510839136 1605196 613374716 40305
3 R 0 0 0 0 0
4 A 3102109 2036444975 1483625 124105390 15517
5 A 3057351 2023953061 1458344 119777971 17790
6 A 2883291 2007803014 2271624 1186338727 12448
7 R 0 0 0 0 0
8 R 0 0 0 0 0
9 R 0 0 0 0 0
10 R 0 0 0 0 0
11 R 0 0 0 0 0
12 R 0 0 0 0 0
13 R 0 0 0 0 0
15 R 0 0 0 0 0
16 R 0 0 0 0 0
17 R 0 0 0 0 0
18 R 0 0 0 0 0
19 R 0 0 0 0 0
20 R 0 0 0 0 0
21 R 0 0 0 0 0
22 R 0 0 0 0 0
23 R 0 0 0 0 0
24 R 0 0 0 0 0
25 A 7546549 2148548762 8041387 2932084477 677836
26 R 0 0 0 0 0
0
================================================================================
======Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback
0->Clear Counters U->page up D->page down ESC->exit

The following command displays cable diagnostics information for all ports:
show ports stats cable-diagnostics

The output produced by the show ports stats cable-diagnostics command is similar to the
following:

Port Statistics Thu Jul 8 09:52:19 2004

Port Link Num Diags Diags Diags
Status Diags Success Fail Change
================================================================================
1:1 A 0 0 0 0
1:2 A 1 1 0 0
1:3 A 0 0 0 0

380 ExtremeWare 7.3e Command Reference Guide

 show ports stats

1:4 R 0 0 0 0
1:5 R 10 8 2 0
1:6 A 0 0 0 0
1:7 R 0 0 0 0

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 381

Commands for Status Monitoring and Statistics

show ports txerrors

show ports {mgmt | <portlist>| vlan <vlan name>} txerrors

Description
Displays real-time transmit error statistics.

Syntax Description

mgmt Specifies the management port. Supported only for switches that provide a
management port, such as the Summit 400.
portlist Specifies one or more ports numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
If you do not specify a port number or range of ports, error statistics are displayed for all ports.

This status information may be useful for your technical support representative if you have a network
problem.

The following port transmit error information is collected by the switch:

• Port Number
• Link Status—The current status of the link. Options are:
— Ready (R): The port is ready to accept a link.
— Active (A): The link is present at this port.
— Disabled (D): The link is disabled at this port.
— Not Present (NP): The link is not present at this port.
— Loopback (LB): The link is configured with loopback detection.
• Transmit Collisions (TX Coll)—The total number of collisions seen by the port, regardless of whether
a device connected to the port participated in any of the collisions.
• Transmit Late Collisions (TX Late Coll)—The total number of collisions that have occurred after the
port’s transmit window has expired.
• Transmit Deferred Frames (TX Deferred)—The total number of frames that were transmitted by the
port after the first transmission attempt was deferred by other network traffic.
• Transmit Errored Frames (TX Error)—The total number of frames that were not completely
transmitted by the port because of network errors (such as late collisions or excessive collisions).
• Transmit Lost Frames (TX Lost)—The total number of frames transmitted by the port that were lost.
• Transmit Parity Frames (TX Parity)—The bit summation has a parity mismatch.

Example
The following command displays transmit error statistics for ports 1 through 3:

382 ExtremeWare 7.3e Command Reference Guide

 show ports txerrors

show ports 1-3 txerrors

The output produced by the show ports txerrors command is similar to the following:

Port Tx Error Monitor Thu Dec 27 19:19:07 2001

Port Link Tx Tx Tx Tx Tx Tx
Status Coll Late Coll Deferred Error Lost Parity
================================================================================
1 A 0 0 0 0 0 0
2 R 0 0 0 0 0 0
3 R 0 0 0 0 0 0
4 R 0 0 0 0 0 0
5 R 0 0 0 0 0 0
6 R 0 0 0 0 0 0
7 R 0 0 0 0 0 0
8 R 0 0 0 0 0 0

================================================================================
Link Status: A-Active R-Ready D-Disabled NP-Not Present LB-Loopback
0->Clear Counters U->page up D->page down ESC->exit

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2eto support management ports.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 383

Commands for Status Monitoring and Statistics

show version
show version {detail}

Description
Displays the hardware serial numbers and versions, and software versions currently running on the
switch.

Syntax Description

detail Specifies display of platform name.

Default
N/A.

Usage Guidelines
The following is an example of the type of information displayed when you execute the show version
command:
• System Serial Number—A collection of numbers and letters that make up the serial number of the
switch.
• CPU Serial Number—A collection of numbers and letters that make up the serial number of the CPU
running in the switch. A rev number may also be listed.
• Image—The ExtremeWare software version currently running on the switch. If you have two
software images downloaded on the switch, only the currently running ExtremeWare version
information is displayed. The information displayed includes the version number, build number, and
the software build date.
• BootROM—The BootROM version currently running on the switch.

If you use the detail option you might also see the following:

• Platform Name—The name of the system, inserted before the Serial Number in the display.

Example
The following command displays the hardware and software versions currently running on the switch:
show version

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support the detail option.

Platform Availability
This command is available on the “e” series platforms.

384 ExtremeWare 7.3e Command Reference Guide

 unconfigure log filter

unconfigure log filter

unconfigure log filter <filter name>

Description
Resets the log filter to its default values; removes all filter items.

Syntax Description

filter name Specifies the log filter to unconfigure.

Default
N/A.

Usage Guidelines
If the filter name specified is DefaultFilter, this command restores the configuration of DefaultFilter back
to its original settings.
If the filter name specified is not DefaultFilter, this command sets the filter to have no events configured
and therefore, no incidents will pass. This is the configuration of a newly created filter that was not
copied from an existing one.

See the delete log filter command for information about deleting a filter.

Example
The following command sets the log filter myFilter to stop passing any events:
unconfigure log filter myFilter

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 385

Commands for Status Monitoring and Statistics

unconfigure log target format

unconfigure log target [console-display | memory-buffer | nvram | session |
syslog [<host name/ip> {:<udp-port>} [local0 ... local7]]] format

Description
Resets the log target format to its default values.

Syntax Description

console-display Specifies the console display format.

memory-buffer Specifies the switch memory buffer format.
nvram Specifies the switch NVRAM format.
session Specifies the current session (including console display) format.
syslog Specifies a syslog target format.
host name/ip Specifies the syslog host name or IP address.
udp-port Specifies the UDP port number for the syslog target.
local0 ... local7 Specifies the local syslog facility.
format Specifies that the format for the target will be reset to the default value.

Default
When a target format is unconfigured, it is reset to the default values.

The following defaults apply to console display, memory buffer, NVRAM, and session targets:

• timestamp—hundredths
• date—mm-dd-yyyy
• severity—on
• event-name—condition
• host-name—off
• priority—off
• tag-id—off
• tag-name—off
• sequence-number—off
• process-name—off
• process-id—off
• source-function—off
• source-line—off

The following defaults apply to syslog targets per RFC 3164):

• timestamp—seconds
• date—mmm-dd

386 ExtremeWare 7.3e Command Reference Guide

 unconfigure log target format

• severity—on
• event-name—none
• host-name—off
• priority—on
• tag-id—off
• tag-name—on
• sequence-number—off
• process-name—off
• process-id—off
• source-function—off
• source-line—off

Usage Guidelines
Use this command to reset the target format to the default format.

Example
The following command sets the log format for the target session (the current session) to the default:
unconfigure log target session format

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 387

Commands for Status Monitoring and Statistics

upload log
upload log <host name/ip> <filename> {messages [memory-buffer | nvram]}
{severity <severity> {only}} {starting [date <date> time <time> | date
<date> | time <time>]} {ending [date <date> time <time> | date <date> |
time <time>]} {match <match-expression>} {format <format>} {chronological}

Description
Uploads the current log messages to a TFTP server.

Syntax Description

host name/ip Specifies the TFTP server.

filename Specifies the file name for the log stored on the TFTP server.
messages Specifies the location from which to display the log messages.
memory-buffer Show messages stored in volatile memory.
nvram Show messages stored in NVRAM
severity Specifies the minimum severity level to display (if the keyword only is omitted).
only Specifies that only the specified severity level is to be displayed
starting Show messages with timestamps equal to or greater than that specified
date Specifies the date, where date is <month (1-12)> / <day> {/ <year (yyyy)>}.
time Specifies the time, where time is <hour (0-23)> {: <minute (0-59)> {:
<seconds> {. <hundredths>}}}
ending Show messages with timestamps equal to or less than that specified.
match-expression Specifies a regular expression. Only messages that match the regular
expression will be displayed.
format Specifies a format to use to override the format configured for the memory
buffer.
chronological Specifies uploading log messages in ascending chronological order (oldest to
newest).

Default
The following defaults apply:

• messages—memory buffer
• severity—none (displays everything stored in the target)
• starting, ending—if not specified, no timestamp restriction
• match—no restriction
• format—the format configured with the configure log target format command
• chronological—if not specified, show messages in order from newest to oldest

Usage Guidelines
This command is similar to the show log command, but instead of displaying the log contents on the
command line, this command saves the log to a file on the TFTP server you specify. For more details on

388 ExtremeWare 7.3e Command Reference Guide

 upload log

most of the options of this command, see the command show log on page 360, and for the format
option see the command configure log target format on page 331.

Example
The following command uploads messages with a critical severity to the filename switch4critical.log on
TFTP server at 10.31.8.25:
upload log 10.31.8.25 switch4critical.log critical

The following command uploads messages with warning, error, or critical severity to the filename
switch4warn.log on TFTP server at 10.31.8.25:
upload log 10.31.8.25 switch4warn.log warning

The following command uploads messages starting August 1, ending August 31, containing the string
“port 2” in order of oldest to newest to the filename switch4aug03.log on TFTP server at 10.31.8.25:
upload log 10.31.8.25 switch4aug03.log starting date 8/1 ending date 8/31 match "port
2"

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 389

Commands for Status Monitoring and Statistics

390 ExtremeWare 7.3e Command Reference Guide

10 Security Commands

This chapter describes:

• Commands for creating and configuring routing access policies
• Commands for creating and configuring IP access lists
• Commands for managing the switch using SSH2
• Commands related to switch user authentication through a RADIUS client
• Commands related to switch user authentication through TACACS+
• Commands for protecting the switch from Denial of Service attacks
• Commands for Network Login configuration

Access policies are a generalized category of features that impact forwarding and route forwarding
decisions. Access policies are used primarily for security and quality of service (QoS) purposes.

IP access lists (also referred to as Access Lists or ACLs) consist of IP access rules and are used to perform
packet filtering and forwarding decisions on incoming traffic. Each packet arriving on an ingress port is
compared to the access list in sequential order and is either forwarded to a specified QoS profile or
dropped. Using access lists has no impact on switch performance.

Access lists are typically applied to traffic that crosses layer 3 router boundaries, but it is possible to use
access lists within a layer 2 VLAN. Extreme products are capable of performing this function with no
additional configuration.

Routing access policies are used to control the advertisement or recognition of routing protocols, such as
RIP, or OSPF. Routing access policies can be used to ‘hide’ entire networks or to trust only specific
sources for routes or ranges of routes. The capabilities of routing access policies are specific to the type
of routing protocol involved, but are sometimes more efficient and easier to implement than access lists.

To use routing access policies, follow these steps:

1 Create an access profile.
2 Configure the access profile mode to be of type permit, deny, or none (which allows per-entry
configuration of the permit/deny attribute).
3 Add entries to the access profile.
4 Apply the access profile.

ExtremeWare 7.3e Command Reference Guide 391

Security Commands

SSH
Secure Shell 2 (SSH2) is a feature of ExtremeWare that allows you to encrypt session data between a
network administrator using SSH2 client software and the switch, or to send encrypted data from the
switch to an SSH2 client on a remote system. Image and configuration files may also be transferred to
the switch using the Secure Copy Program 2 (SCP2)

User Authentication
Remote Authentication Dial In User Service (RADIUS, RFC 2138) is a mechanism for authenticating and
centrally administrating access to network nodes. The ExtremeWare RADIUS client implementation
allows authentication for Telnet, Vista, or console access to the switch.

Extreme switches are also capable of sending RADIUS accounting information. You can configure
RADIUS accounting servers to be the same as the authentication servers, but this is not required.

Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing
authentication, authorization, and accounting on a centralized server, similar in function to the RADIUS
client. The ExtremeWare version of TACACS+ is used to authenticate prospective users who are
attempting to administer the switch. TACACS+ is used to communicate between the switch and an
authentication database.

NOTE
You cannot use RADIUS and TACACS+ at the same time.

Network Login
Network Login is a feature designed to control the admission of user packets into a network by giving
network access only to users that have been properly authenticated. Network Login is controlled by an
administrator on a per port, per VLAN basis and uses an integration of DHCP, user authentication over
the web interface or 802.1x client software, and, a RADIUS server to provide a user database or specific
configuration details.

Network Login has two modes of operation:

• Campus mode, used when a port in a VLAN will move to another VLAN when authentication has
been completed successfully. This mode is for the roaming user who will not always be using the
same port for authentication. Campus mode requires a DHCP server and a RADIUS server
configured for Extreme Network Login.
• ISP mode, used when the port and VLAN used will remain constant. All network settings are
configured for that VLAN.

A DHCP server is included to support Network Login functionality.

392 ExtremeWare 7.3e Command Reference Guide

 Denial of Service

Denial of Service
You can configure ExtremeWare to protect your Extreme switches in the event of a denial of service
attack. During a typical denial of service attack, the CPU on the switch gets flooded with packets from
multiple attackers, potentially causing the switch to fail. To protect against this type of attack, you can
configure the software so that when the number of packets received is more than the configured
threshold limit of packets per second, then a specific type of traffic on the port is blocked.

Unified Access Security

The Extreme Unified Access™ Security architecture provides secure access for all wired and wireless
stations within the unified network. You can maintain the network with a single, unified security policy,
provide service to all stations without requiring upgrades, and take advantage of integrated policy and
management capabilities not available in overlay networks or those with “thick” access points. Unified
Access Security provides the following capabilities:
• Consolidated management — greater network support with reduced management overhead
• Scalable encryption — ASIC based AES encryption, WPA with TKIP support, and RC4 based WEP
support on the Altitude 300 wireless port
• 802.1x Authentication — 802.1x authentication (PEAP, EAP-TTLS, EAP-TLS)
• Web-based network login—http and https based user authentication

The unified structure simplifies security policies without compromising protection and provides the
following benefits:
• Single user experience — Same authentication procedures for wired and wireless users
• Unified management — Single management platform for wired and wireless networks
• Unified configuration — Consistent CLI for wired and wireless functions
• Single authentication infrastructure — Single set of policies, RADIUS, and certificate servers

ExtremeWare 7.3e Command Reference Guide 393

Security Commands

clear netlogin state

clear netlogin state port <portlist> vlan <vlan name>

Description
Clears and initializes the Network Login sessions on a VLAN port.

Syntax Description

portlist Specifies the ports to clear.

vlan name Specifies a VLAN to clear.

Default
None.

Usage Guidelines
Clear the states of every MAC learned on this VLAN port and put the port back to unauthenticated
state. The port will be moved to its original VLAN if configured in Campus mode.

Example
The following example clears the Network Login state of port 9 in VLAN corp:
clear netlogin state port 9 vlan corp

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

394 ExtremeWare 7.3e Command Reference Guide

 clear netlogin state mac-address

clear netlogin state mac-address

clear netlogin state mac-address <hex-octet>

Description
Initialize/Reset the Network Login sessions for a specified supplicant.

Syntax Description

hex-octet Specifies the MAC address of the supplicant.

Default
N/A.

Usage Guidelines
This command is essentially equivalent to a particular supplicant logging out. The MAC address will be
cleared from the FDB, the port is put back to its original VLAN (for Campus mode), and the port state
is set to unauthenticated, if this was the last authenticated MAC on this port.

Example
The following example resets the Network Login session for the supplicant with the MAC address of
00:e0:18:01:32:1f:
clear netlogin state mac-address 00:e0:18:01:32:1f

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 395

Security Commands

configure access-profile add

configure access-profile <access profile> add {<seq_number>} {permit |
deny} [ipaddress <ip address> <mask> {exact} | as-path <path-expression> |
| ipxnet <netid> <netid mask> | ipxsap <sap_type> <service_name> | vlan]

Description
Adds an entry to the access profile.

Syntax Description

access profile Specifies an access profile name.

seq-number Specifies the order of the entry within the access profile. If no sequence
number is specified, the new entry is added to the end of the access-profile
and is automatically assigned a value of 5 more than the sequence number of
the last entry.
permit Per-entry permit specification. The per-entry attribute only takes effect if the
access-profile mode is none. Otherwise, the overall access profile type takes
precedence.
deny Per-entry deny specification. The per-entry attribute only takes effect if the
access-profile mode is none. Otherwise, the overall access profile type takes
precedence.
ip address/mask Specifies an IP address and mask as an entry in the profile list.
exact Specifies that an exact match with address and mask will be performed.
Subnets within the address range will not match entry against entry.
path-expression Specifies a regular expression string to match against the autonomous system
path.
netid/netid mask Specifies an IPX netID and mask as an entry in the profile list.
sap_type/service_name Specifies an IPX SAP service type and service name as an entry in the profile
list.

Default
N/A.

Usage Guidelines
You can specify the sequence number for each access profile entry. If you do not specify a sequence
number, entries are sequenced in the order they are added. Each entry is assigned a value of 5 more
than the sequence number of the last entry.

The explicit sequence number and the permit or deny attribute should be specified if the access profile
mode is none.

The subnet mask specified in the access profile command is interpreted as a reverse mask. A reverse
mask indicates the bits that are significant in the IP address. In other words, a reverse mask specifies the
part of the address that must match the IP address to which the profile is applied.

The as-path keyword uses a regular expression string to match against the AS path. Regular expression
notation can include any of the characters listed in Table 16.

396 ExtremeWare 7.3e Command Reference Guide

 configure access-profile add

Table 11: Regular Expression Notation

Character Definition
N AS number
N1 - N2 Range of AS numbers, where N1 and N2 are AS numbers and N1 < N2
[Nx ... Ny] Group of AS numbers, where Nx and Ny are AS numbers or a range of AS
numbers
[^Nx ... Ny] Any AS numbers other than the ones in the group
. Matches any number
^ Matches the beginning of the AS path
$ Matches the end of the AS path
– Matches the beginning or end, or a space
- Separates the beginning and end of a range of numbers
* Matches 0 or more instances
+ Matches 1 or more instances
? Matches 0 or 1 instance
{ Start of AS SET segment in the AS path
} End of AS SET segment in the AS path
( Start of a confederation segment in the AS path
) End of a confederation segment in the AS path

Example
The following command adds an IP subnet address to access profile nosales, as the next available entry:
configure access-profile nosales add ipaddress 10.1.33.0/24

The following command configures the access profile AS1 to permit AS paths beginning with AS
number 1, followed by any AS number from 2 - 8, and ending with either AS number 11, 13, or 15:
configure access-profile AS1 add 15 permit as-path “^1 2-8 [11 13 15]$”

History
This command was introduced in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support for the AS-path, ipxnet andipxsap.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 397

Security Commands

configure access-profile delete

configure access-profile <access profile> delete <seq_number>

Description
Deletes an access profile entry using the sequence number.

Syntax Description

access profile Specifies an access profile name.

seq-number Specifies the order of the entry within the access profile. If no sequence
number is specified, the new entry is added to the end of the access-profile
and is automatically assigned a value of 5 more than the sequence number of
the last entry.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the entry with sequence number 15 from the access profile AS1:
configure access-profile AS1 delete 15

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

398 ExtremeWare 7.3e Command Reference Guide

 configure access-profile mode

configure access-profile mode

configure access-profile <access profile> mode [permit | deny | none]

Description
Configures the access profile mode to permit or deny access, or to require per-entry access control.

Syntax Description

access profile Specifies an access profile name.

permit Allows the addresses that match the access profile description.
deny Denies the addresses that match the access profile description.
none Permits and denies access on a per-entry basis. Each entry must be added to
the profile as either type permit or deny.

Default
Permit.

Usage Guidelines
The access list mode determines whether the items in the list are to be permitted access or denied
access.

Example
The following command configures the access profile no_subnet_33 to deny access:
configure access-profile no_subnet_33 mode deny

The following command specifies that the access profile no_subnet_33 uses per-entry access control:
configure access-profile no_subnet_33 mode none

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 399

Security Commands

configure auth mgmt-access radius

configure auth mgmt-access [radius | radius-accounting] primary
[<ipaddress> | <hostname>} {secondary [<ipaddress> | <hostname>]}

Description
Configures to authenticate all management sessions through RADIUS servers.

Syntax Description

primary Configures the primary RADIUS authentication or accounting server that is

used for management sessions.
secondary Configures the secondary RADIUS authentication or accounting server that is
used for management sessions.
ipaddress The IP address of the authentication or accounting server.
hostname The host name of the authentication or accounting server.

Default
Uses RADIUS for authentication for management sessions. If RADIUS is not enabled, TACACS+ servers
are used. If neither RADIUS or TACACS+ servers are configured, local authentication is used.

Usage Guidelines

Use this command to authenticate all the management sessions through RADIUS servers. The RADIUS
server should be configured before using this command. This command fails is the primary and
secondary RADIUS servers are not configured.
The following types of management sessions can be configured:
• Telnet
• SSH
• Console
• HTTP

If you are using RADIUS authentication servers, you should only use RADIUS accounting servers for
accounting management sessions. RADIUS authentication servers should be configured before
configuring RADIUS accounting servers for management sessions.

Example
In the following example, management sessions are configured for RADIUS:
configure auth mgmt-access radius primary 192.168.14.12 secondary 192.168.14.55

In the following example, managements sessions are configured for RADIUS accounting:

configure auth mgmt-access radius-accounting primary 192.168.14.12 secondary

192.168.14.55

400 ExtremeWare 7.3e Command Reference Guide

 configure auth mgmt-access radius

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 401

Security Commands

configure auth mgmt-access tacacs

configure auth mgmt-access [tacacs | tacacs-accounting] primary
[<ipaddress> | <hostname>] {secondary [<ipaddress> | <hostname>]}

Description
Configures to authenticate all management sessions through TACACS+ servers.

Syntax Description

primary Configures the primary TACACS+ authentication or accounting server that is

used for management sessions.
secondary Configures the secondary TACACS+ authentication or accounting server that
is used for management sessions.
ipaddress The IP address of the authentication or accounting server.
hostname The host name of the authentication or accounting server.

Default
Uses RADIUS for authentication for management sessions. If RADIUS is not enabled, TACACS+ servers
are used. If neither RADIUS or TACACS+ servers are configured, local authentication is used.

Usage Guidelines

Use this command to authenticate all the management sessions through TACACS+ servers. The
TACACS+ server should be configured before using this command. This command fails is the primary
and secondary TACACS+ servers are not configured.
The following types of management sessions can be configured:
• Telnet
• SSH
• Console
• HTTP

If you are using TACACS+ authentication servers, you should only use TACACS+ accounting servers
for accounting management sessions. TACACS+ authentication servers should be configured before
configuring TACACS+ accounting servers for management sessions.

Example
In the following example, management sessions for both the primary and secondary servers are
configured for TACACS+:
configure auth mgmt-access tacacs primary 192.168.14.12 secondary 192.168.14.55
In the following example, management sessions for both the primary and secondary servers are
configured for TACACS+ accounting:
configure auth mgmt-access tacacs-accounting primary 192.168.14.12 secondary
192.168.14.55

402 ExtremeWare 7.3e Command Reference Guide

 configure auth mgmt-access tacacs

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 403

Security Commands

configure auth netlogin radius

configure auth netlogin [radius | radius-accounting] primary {<ipaddress> |
<hostname>} {secondary [<ipaddress> | <hostname>]}

Description
Configures to authenticate all netlogin sessions through RADIUS servers.

Syntax Description

primary Configures the primary RADIUS authentication or accounting server that is

used for netlogin sessions.
secondary Configures the secondary RADIUS authentication or accounting server that is
used for netlogin sessions.
ipaddress The IP address of the authentication or accounting server.
hostname The host name of the authentication or accounting server.

Default
Unconfigured. Uses RADIUS for authentication for login sessions. If RADIUS is not enabled, TACACS+
servers are used. If neither RADIUS or TACACS+ servers are configured, local authentication is used.

Usage Guidelines
The RADIUS server must be configured before this command is used. The command will fail if the
given primary and secondary RADIUS servers are not configured.
The following types of netlogin sessions can be configured:
• Dot1x-based netlogin
• Web-based netlogin

If you are using RADIUS authentication servers, you should only use RADIUS accounting servers for
accounting management sessions. RADIUS authentication servers should be configured before
configuring RADIUS accounting servers for management sessions.

Example
In the following example, both primary and secondary RADIUS servers are configured for netlogin:
configure auth netlogin radius primary 192.168.14.12 secondary 192.168.14.55

In this example the primary and secondary RADIUS accounting servers are configured for netlogin:

configure auth netlogin radius-accounting primary 192.168.14.12 secondary

192.168.14.55

History
This command was first available in ExtremeWare 7.3e.

404 ExtremeWare 7.3e Command Reference Guide

 configure auth netlogin radius

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 405

Security Commands

configure auth netlogin tacacs

configure auth netlogin [tacacs | tacacs-accounting] primary [<ipaddress> |
<hostname>} {secondary [<ipaddress> | <hostname>]}

Description
Configures to authenticate all netlogin sessions through TACACS+ servers.

Syntax Description

primary Configures the primary TACACS+ authentication or accounting server that is

used for netlogin sessions.
secondary Configures the secondary TACACS+ authentication or accounting server that
is used for netlogin sessions.
ipaddress The IP address of the authentication or accounting server.
hostname The host name of the authentication or accounting server.

Default
Unconfigured. Uses RADIUS for authentication for login sessions. If RADIUS is not enabled, TACACS+
servers are used. If neither RADIUS or TACACS+ servers are configured, local authentication is used.

Usage Guidelines
The TACACS+ server should be configured before this command. This command returns an error if the
given primary and secondary TACACS+ servers are not configured or if TACACS+ authentication is not
configured for netlogin sessions.

If you are using TACACS+ authentication servers, you should only use TACACS+ accounting servers
for accounting netlogin sessions. TACACS+ authentication servers should be configured before
configuring TACACS+ accounting servers for netlogin sessions.

Example
In the following example, both primary and secondary TACACS+ servers are configured for netlogin:
configure auth netlogin tacacs primary 192.168.14.12 secondary 192.168.14.55

In this example the primary and secondary TACACS+ accounting servers are configured for netlogin:

configure auth netlogin tacacs-accounting primary 192.168.14.12 secondary

192.168.14.55

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

406 ExtremeWare 7.3e Command Reference Guide

 configure cpu-dos-protect (port-based)

configure cpu-dos-protect (port-based)

configure cpu-dos-protect [ports <portnumber> |all] alert-threshold <pkts>
interval-time <seconds>

Description
Sets the maximum allowed limit before invoking denial of service (DoS) protection and discarding
packets.

Syntax Description

portnumber Specifies one or more port numbers. May be in the form 1, 2, 3-5.
pkts Configures the maximum number of packets, or threshold level, where packets
are discarded. Range is 50 to 20000 packets per second. Default is 150.
seconds Configures a duration in seconds. Range is 1 to 20 seconds. Default is 1
second.

Default
All ports are disabled for DoS protection.

Usage Guidelines
Use this command to isolate or block a particular type of broadcast. You can also use it to identify
layer 3 misses to the CPU or when too many IP multicasts are coming on a port.

Examples
The following example configures an alert threshold of 500 packets on port 8 every 3 seconds:

config cpu-dos-protect port 8 disable alert-threshold 500 interval-time 3

History
This command was first introduced in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 407

Security Commands

configure cpu-dos-protect (system-based)

configure cpu-dos-protect [alert-threshold <packets per second>]
[notice-threshold <packets per second>] [timeout <seconds>] [messages [on |
off]] [filter-precedence <number>] [filter-type-allowed {destination |
source | destination source} {protocol}]

Description
Configures denial of service protection.

Syntax Description

alert-threshold Configures the number of packets per second that the switch needs to receive
on a port for an ACL to be enabled. Range is 150 to 100,000 packets per
second. Default is 4000.
notice-threshold Configures the number of packets per second that the switch needs to receive
on a port for messages to be logged. Range is 150 to 100,000 packets per
second. Default is 4000.
timeout Configures a duration in seconds. Range is 2 to 300 seconds. Default is 15.
messages Configures messaging to be on or off. Default is on.
filter-precedence Configures the access list precedence. Default is 10.
filter-type-allowed Configures the type of access list allowed. Default is destination
destination Specifies that destination ACLs can be created
source Specifies that source ACLs can be created
protocol Specifies that an ACL will be created to block packets from a single protocol,
either TCP, UDP, or other.

Default
The option defaults are:
• alert-threshold—4000
• notice-threshold—4000.
• timeout—15
• messages—on
• filter-precedence—10
• filter-type-allowed—destination

Usage Guidelines
This command configures denial of service protection for Extreme Networks switches. When heavy
traffic reaches the alert threshold, a hardware ACL is created that blocks the traffic for the timeout
number of seconds.

NOTE
If you set the filter-precedence to 0, the ACLs created by DoS protection will be overwritten by the
default VLAN QoS profile.

408 ExtremeWare 7.3e Command Reference Guide

 configure cpu-dos-protect (system-based)

Example
The following command configures denial of service protection to be invoked when 3000 or more
packets per second are received by a port on the switch. This command configures logging to occur
when the number of packets per second that the switch receives is 2000, the timeout is 15 seconds, and
messages are on:
configure cpu-dos-protect alert-threshold 3000 notice-threshold 2000 timeout 15
messages on filter-precedence 10

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 409

Security Commands

configure cpu-dos-protect trusted-ports (port-based)

configure cpu-dos-protect trusted-ports <port number>

Description
Configures ports as trusted, so that denial of service protection is not applied to port.

Syntax Description

port number Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
By default, no ports are trusted.

Usage Guidelines
Trusted ports can prevent innocent hosts from being blocked, or ensure that when an innocent host
responds to an attack that the flood of response packets is not mistaken as the attack.

Example
The following command configures a port as trusted, so that denial of service protection is not applied
port 3:
configure cpu-dos-protect trusted-port 3

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

410 ExtremeWare 7.3e Command Reference Guide

 configure cpu-dos-protect trusted-ports

configure cpu-dos-protect trusted-ports

configure cpu-dos-protect trusted-ports [add <port number> | delete <port
number> | all | none]

Description
Configures ports as trusted, so that denial of service protection is not applied to port.

Syntax Description

port number Specifies a port.

all Specifies all ports as trusted.
none Specifies that no ports are trusted.

Default
By default, no ports are trusted.

Usage Guidelines
Typically, you would use the all parameter when you want to set the denial of service protection to
only a few of the ports on a switch. Use the all parameter, then use the command configure
cpu-dos-protect trusted-ports delete <port number> to set ports that should not be trusted
(that denial of service protection should be applied to).

Example
The following command configures a port as trusted, so that denial of service protection is not applied
to port 3:
configure cpu-dos-protect trusted-port add 3

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 411

Security Commands

configure enhanced-dos-protect ipfdb agingtime

configure enhanced-dos-protect ipfdb agingtime <aging> ports <portlist>

Description
Configures the aging time on untrusted ports for enhanced denial of service protection.

Syntax Description

aging Specifies the number of seconds for the aging time per port. The aging value
is the software cache timeout: the duration of time to be considered to reach
the threshold. The valid range is 1-300 seconds. The default value is 30
seconds.
portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots and ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
The default aging time is 30 seconds.

Usage Guidelines
Use this command to change the aging time values for selected untrusted ports. To verify configuration,
use the show enhanced-dos-protect ipfdb ports <portlist> command and view data in the
Aging column.

Example
The following command configures the aging time on port 2 to 100 seconds:
configure enhanced-dos-protect ipfdb agingtime 100 ports 2

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

412 ExtremeWare 7.3e Command Reference Guide

 configure enhanced-dos-protect ipfdb cache-size

configure enhanced-dos-protect ipfdb cache-size

configure enhanced-dos-protect ipfdb cache-size <cache-size>

Description
Configures the cache size on untrusted ports for enhanced denial of service protection.

Syntax Description

cache-size Specifies the cache size limit in kilobytes. The default value is 256. The
maximum value is 256000.

Default
The default cache size value is 256.

Usage Guidelines
Enhanced DoS Protection maintains the number of IPFDB entries according to the cache-size limit. Use
this command to set the cache size to some value other than the default value of 256K.

Use the following command to reset the cache-size to the 256K default value:

unconfigure enhanced-dos-protect ipfdb cache-size

Example
The following command configures the cache size at 512K:
configure enhanced-dos-protect ipfdb cache-size 512

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 413

Security Commands

configure enhanced-dos-protect ipfdb learn-limit

configure enhanced-dos-protect ipfdb learn-limit <learn-limit> ports
<portlist>

Description
Configures the learning limit on untrusted ports for enhanced denial of service protection.

Syntax Description

learn-limit Specifies the number of packets allowed on the selected ports within the
learning window before the rate limit is applied; or before the software can
create an IPFDB entry in the hardware. The valid value range is 100-1953125.
The default on Fast Ethernet ports is 100 pkts/learn window. The default on
Gigabyte ports is 100 pkts/learn window.
portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots and ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
The default learn-limit on Fast Ethernet ports is 100 pkts/learn window.
The default learn-limit on Gigabyte ports is 100 pkts/learn window.

Usage Guidelines
Use this command to configure a learning limit value to define the number of packets to be counted
before ExtremeWare can create an IPFDB entry in the hardware.

To reset the learning limit for enhanced denial of service protection to default values for selected ports,
use the following command:

unconfigure enhanced-dos-protect ipfdb learn limit

Example
The following command configures the learn limit on port 3 at 75 packets within the learning window
before the IPFDB entry is created:
configure enhanced-dos-protect ipfdb learn-limit 75 ports 3

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

414 ExtremeWare 7.3e Command Reference Guide

 configure enhanced-dos-protect ipfdb learn-window

configure enhanced-dos-protect ipfdb learn-window

configure enhanced-dos-protect ipfdb learn-window <learn-window> ports
<portlist>

Description
Configures the learning window on untrusted ports for the enhanced denial of service protection IPFDB
learning qualifier.

Syntax Description

learn-window Specifies the number of seconds for the learning window per port. This value
is the duration of time to be considered to reach the threshold. The valid
range is 5-300 seconds. The default value is 10 seconds.
portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots and ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
The default learning window is 10 seconds.

Usage Guidelines
Use this command to change the learning window values for selected untrusted ports. To verify
configuration, use the show enhanced-dos-protect ipfdb ports <portlist> command.

Example
The following command configures the learn window on port 2 at 80 seconds:
configure enhanced-dos-protect ipfdb learn-window 80 ports 2

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 415

Security Commands

configure enhanced-dos-protect ports

configure enhanced-dos-protect ports [trusted | untrusted] <portlist>

Description
Configures ports as trusted, so that enhanced denial of service protection is not applied to the ports; or
configures ports as untrusted, so that enhanced denial of service protection is applied to the ports.

Syntax Description

trusted Specifies the selected ports as trusted, so that enhanced denial of service is
not applied to the ports.
untrusted Specifies the selected ports as untrusted, so that enhanced denial of service
is applied to the ports.
portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots and ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 2:*, 2:5, 2:6-2:8.

Default
By default, ports are trusted.

Usage Guidelines
You can configure each port as trusted or untrusted. A trusted port behaves as a normal port. An
untrusted port behaves according to the configuration parameter used in IPFDB thrashing.

Verify the status of each port by using the show enhanced-dos-protect [rate-limit | ipfdb]
ports <portlist> command.

Example
The following command configures a range of ports as trusted, so that enhanced denial of service
protection is not applied to ports 2 through 4:
configure enhanced-dos-protect ports trusted 2-4

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

416 ExtremeWare 7.3e Command Reference Guide

 configure enhanced-dos-protect rate-limit

configure enhanced-dos-protect rate-limit

configure enhanced-dos-protect rate-limit [threshold <threshold> |
drop-probability <drop-probability> | learn-window <learn-window> |
protocol [all | icmp]] ports <portlist>

Description
Configures rate limiting for enhanced denial of service protection.

Syntax Description

threshold Specifies the number of packets allowed on a given port within the learning window
before the rate limit is applied. The valid value range is 100-1953125. The default on
Fast Ethernet ports is 100 pkts/learn window. The default on Gigabyte ports is 100
pkts/learn window.
drop-probability Specifies the percentage of slow-path traffic to be dropped per port. The valid range
is 0-100 percent. The default value is 50 percent.
learn-window Specifies the number of seconds for the learning window per port. This value is the
duration of time to be considered to reach the rate limit threshold. The valid range is
5-300 seconds. The default value is 10 seconds.
protocol [all | icmp] Specifies the protocol packets to which rate limiting is applied. By default, rate limiting
is applied to Internet Control Message Protocol (ICMP) packets.
portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of
slots and ports. On a stand-alone switch, can be one or more port numbers. May be
in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
The default threshold on Fast Ethernet ports is 100 pkts/learn window.
The default threshold on Gigabyte ports is 100 pkts/learn window.
The default drop-probability is 50 percent.
The default learn-window value is 10 seconds.
Rate limiting is applied by default to ICMP packets.

Usage Guidelines
Use this command to configure the rate-limit threshold, drop probability, learning window, or packet
protocol. To verify settings, use the show enhanced-dos-protect rate-limit ports <portlist>
command. To remove ports from rate limiting, use the unconfigure enhanced-dos-protect
rate-limit command.

Example
The following command sets the rate limiting threshold on port 3 to 200 packets:
configure enhanced-dos-protect rate-limit threshold 200 ports 3
The following command sets the rate limiting drop probability on port 4 to 60 percent:
configure enhanced-dos-protect rate-limit drop-probability 50 ports 4
The following command sets the rate limiting learn window on ports 2 and 3 to 90 seconds:
configure enhanced-dos-protect rate-limit learn-window 90 ports 2,3

ExtremeWare 7.3e Command Reference Guide 417

Security Commands

The following command sets the rate limiting protocol to all packet types on ports 1 through 3:
configure enhanced-dos-protect rate-limit protocol all ports 1-3

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

418 ExtremeWare 7.3e Command Reference Guide

 configure netlogin base-url

configure netlogin base-url

configure netlogin base-url <url>

Description
Configures the base URL for Network Login.

Syntax Description

url Specifies the base URL for Network Login.

Default
The base URL default value is “network-access.net”.

Usage Guidelines
When you login using a web browser, you are redirected to the specified base URL, which is the DNS
name for the switch.
You must configure a DNS name of the type “www.xx…xx.xxx” or “xx…xx.xxx”.

This command applies only to the web-based authentication mode of Network Login.

Example
The following example configures the base URL as access.net:
configure netlogin base-url access.net

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 419

Security Commands

configure netlogin redirect-page

configure netlogin redirect-page <url>

Description
Configures the redirect URL for Network Login.

Syntax Description

url Specifies the redirect URL for Network Login.

Default
The redirect URL default value is “http://www.extremenetworks.com”.

Usage Guidelines
In ISP mode, you can configure netlogin to be redirected to a base page after successful login using this
command. If a RADIUS server is used for authentication, then base page redirection configured on the
RADIUS server takes priority over this configuration.

You must configure a complete URL starting from either http:// or https://

This command applies only to the web-based authentication mode of Network Login.

Example
The following example configures the redirect URL as http://www.extremenetworks.com:
configure netlogin redirect-page http://www.extremenetworks.com

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

420 ExtremeWare 7.3e Command Reference Guide

 configure radius server

configure radius server

configure radius [primary | secondary] server [<ipaddress> | <hostname>]
{<udp_port>} client-ip [<ipaddress>]

Description
Configures the primary and secondary RADIUS authentication server.

Syntax Description

primary Configures the primary RADIUS authentication server.

secondary Configures the secondary RADIUS authentication server.
ipaddress The IP address of the server being configured.
hostname The host name of the server being configured.
udp_port The UDP port to use to contact the RADIUS authentication server. The default
UDP port is 1645.
ipaddress The IP address used by the switch to identify itself when communicating with
the RADIUS authentication server.

Default
Unconfigured.

Usage Guidelines
Use this command to specify RADIUS server information. You can configure up to two primary and
two secondary RADIUS authentication servers.

Use of the <hostname> parameter requires that DNS be enabled.

The RADIUS server defined by this command is used for user name authentication and CLI command
authentication.

Example
The following command configures the primary RADIUS server on host radius1 using the default UDP
port (1645) for use by the RADIUS client on switch 10.10.20.30:
configure radius primary server radius1 client-ip 10.10.20.30

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 421

Security Commands

configure radius shared-secret

configure radius [primary | secondary] {server <ipaddress>|<hostname>}
shared-secret {encrypted} [<string>]

Description
Configures the authentication string used to communicate with the RADIUS authentication server.

Syntax Description

primary Configures the authentication string for the primary RADIUS server.
secondary Configures the authentication string for the secondary RADIUS server.
Ipaddress The IP address of the server being configured.
Hostname The host name of the server being configured.
encrypted Indicates that the secret should be encrypted.
string The string to be used for authentication.

Default
Unconfigured.

Usage Guidelines
The secret must be the same between the client switch and the RADIUS server.

The RADIUS server must first be configured for use with the switch as a RADIUS client.

If the server address is not specified, it configures shared-secret for all configured primary and
secondary RADIUS authentication servers.

You must configure the RADIUS server first before configuring the shared secret for a specific server.

Example
The following command configures the shared secret as “purplegreen” on the primary RADIUS server:
configure radius primary shared-secret purplegreen

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

422 ExtremeWare 7.3e Command Reference Guide

 configure radius timeout

configure radius timeout

configure radius {[primary | secondary] {server [<ipaddress>]|<hostname>}}
timeout <seconds>

Description
Configures the timeout interval for RADIUS authentication requests.

Syntax Description

primary Configures the timeout for the primary RADIUS server.

secondary Configures the timeout for the secondary RADIUS server.
ipaddress Specifies the IP address of the server being configured.
hostname Specifies the host name of the server being configured.
seconds Specifies the number of seconds for authentication requests. Range is 3 to
120 seconds

Default
The default is 3 seconds.

Usage Guidelines
This command configures the timeout interval for RADIUS authentication requests. When the timeout
has expired, another authentication attempt is made. After three failed attempts to authenticate, the
alternate server is used. After five failed attempts, local user authentication is used.

Example
This example configures the timeout interval for the primary RADIUS authentication to 10 seconds.
After 30 seconds (three attempts), the alternate RADIUS server will be used. After 50 seconds (five
attempts) local user authentication is used:
configure radius primary timeout 10
This example configures the timeout interval for RADIUS secondary server 192.168.4.4 authentication to
10 seconds. After 30 seconds (three attempts), the alternate RADIUS server will be used. After 50
seconds (five attempts) local user authentication is used:
configure radius secondary server 192.168.4.4 timeout 10

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 423

Security Commands

configure radius-accounting server

configure radius-accounting [primary | secondary] server [<ipaddress> |
<hostname>] {<udp_port>} client-ip [<ipaddress>]

Description
Configures the primary and secondary RADIUS accounting servers.

Syntax Description

primary Configure the primary RADIUS accounting server.

secondary Configure the secondary RADIUS accounting server.
ipaddress Specifies the IP address of the accounting server being configured.
hostname Specifies the host name of the accounting server being configured.
udp_port The UDP port to use to contact the RADIUS accounting server.
ipaddress The IP address used by the switch to identify itself when communicating with
the RADIUS accounting server.

Default
The default UDP port setting is 1646.

Usage Guidelines
Use this command to specify the RADIUS accounting server information for up to two primary and two
secondary RADIUS accounting servers.

Use of the <hostname> parameter requires that DNS be enabled.

Example
The following command configures RADIUS accounting on host radius1 using the default UDP port
(1646) for use by the RADIUS client on switch 10.10.20.30:
configure radius-accounting primary server radius1 client-ip 10.10.20.30

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

424 ExtremeWare 7.3e Command Reference Guide

 configure radius-accounting shared-secret

configure radius-accounting shared-secret

configure radius-accounting [primary | secondary] {server
<ipaddress>|<hostname>} shared-secret {encrypted} [<string>]

Description
Configures the authentication string used to communicate with the RADIUS accounting server.

Syntax Description

primary Configures the authentication string for the primary RADIUS accounting
server.
secondary Configures the authentication string for the secondary RADIUS accounting
server.
ipaddress Specifies the IP address of the server being configured.
hostname Specifies the host name of the server being configured.
encrypted Indicates that the secret should be encrypted
string The string to be used for authentication.

Default
Unconfigured.

Usage Guidelines
The secret must be the same between the client switch and the RADIUS accounting server.

If the server address is not specified, shared-secret is configured on all primary and secondary RADIUS
accounting servers.

You must configure the RADIUS accounting server first before configuring the shared secret for a
specific server.

Example
The following command configures the shared secret as “purpleaccount” on the primary RADIUS
accounting server:
configure radius primary shared-secret purpleaccount

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 425

Security Commands

configure radius-accounting timeout

configure radius-accounting {[primary | secondary] {server <ipaddress> |
<hostname>}} timeout <seconds>

Description
Configures the timeout interval for RADIUS accounting authentication requests.

Syntax Description

primary Configures the timeout for the primary RADIUS accounting server.
secondary Configures the timeout for the secondary RADIUS accounting server.
ipaddress Specifies the IP address of the server being configured.
hostname Specifies the host name of the server being configured.
seconds Specifies the number of seconds to wait before retrying accounting requests.
Range is 3 to 120 seconds

Default
The default is 3 seconds.

Usage Guidelines
This command configures the timeout interval for RADIUS accounting authentication requests. When
the timeout expires, another authentication attempt is made. After three failed attempts to authenticate,
the alternate server is used. After five failed attempts, local user authentication is used.

Example
This example configures the timeout interval for RADIUS accounting authentication to 10 seconds on
the primary server. After 30 seconds (three attempts), the alternate RADIUS server will be used:
configure radius-accounting primary timeout 10
This example configures the timeout interval for RADIUS accounting authentication to 10 seconds for
the secondary server. After 30 seconds (three attempts), the alternate RADIUS server will be used:
configure radius-accounting secondary server 192.168.4.12 timeout 10

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

426 ExtremeWare 7.3e Command Reference Guide

 configure security-profile default-user-vlan

configure security-profile default-user-vlan

configure security-profile <name> default-user-vlan <vlan>

Description
Configures the default data VLAN for wireless users.

Syntax Description

name Specifies the names of the security profile.

vlan Specifies the name of the default VLAN for wireless users.

Default
Wireless management default VLAN.

Usage Guidelines
Wireless users are placed in default-user-vlan after authentication. Users who do not have a
VSA-VLAN assignment on the RADIUS server are placed in this VLAN.

Example
The following example sets the security profile, open-auth, to use the VLAN open-vlan:

config security-profile open-auth default-user-vlan open-vlan

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 427

Security Commands

configure security-profile dot11-auth network-auth

encryption
configure security-profile <name> dot11-auth <open | shared> network-auth
<none | dot1x |mac-radius |web-based | wpa | wpa-psk> encryption <none |
aes |tkip | wep64 | wep128>

Description
Enables dot11 authentication, network authentication, and encryption.

Syntax Description

name Specifies the names of the security profile.

Default
N/A.

Usage Guidelines
The following table lists the valid combinations of authentication and encryption:

Dot11 Authentication Network Authentication Encryption

open none Choices:
• none
• wep64
• wep128
open web-based Choices:
• none
• wep64
• wep128
open mac-radius Choices:
• none
• wep64
• wep128
open dot1x Choices:
• wep64
• wep128
open wpa Choices:
• wep64
• wep128
• tkip
• aes
open wpa-psk Choices:
• wep64
• wep128
• tkip
• aes

428 ExtremeWare 7.3e Command Reference Guide

 configure security-profile dot11-auth network-auth encryption

Dot11 Authentication Network Authentication Encryption

shared none Choices:
• wep64
• wep128
shared web-based Choices:
• wep64
• wep128
shared mac-radius Choices:
• wep64
• wep128

Examples
The following command sets the authentication and encryption:

configure security-profile secure1 dot11-auth open network-auth wpa encryption aes

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 429

Security Commands

configure security-profile dot1x-wpa-timers

group-update-timer
configure security-profile <name> dot1x-wpa-timers group-update-timer
<minutes>

Description
When the network-authentication is set to dot1x, WPA, or WPA-PSK, this command configures the
interval when group keys for dot1x and WPA clients are updated.

Syntax Description

name Specifies the names of the security profile.

minutes Specifies the interval in minutes. Valid values are between 10 and 1440 The
default value is 10 minutes.

Default
10 minutes.

Usage Guidelines
Use this command to change WPA and dot1x key update time values. Change timers only when you do
not want the keys to be updated frequently.

Example
The following example sets the interval for updating keys to 29 minutes:

configure security-profile open-profile dot1x-wpa group-update-timer 29

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

430 ExtremeWare 7.3e Command Reference Guide

 configure security-profile dot1x-wpa-timers pairwise-update-timer

configure security-profile dot1x-wpa-timers

pairwise-update-timer
configure security-profile <name> dot1x-wpa-timers pairwise-update-timer
<minutes>

Description
When the network-authentication is set to dot1x, WPA, or WPA-PSK, this command configures the
interval when pairwise keys for dot1x and WPA clients are updated.

Syntax Description

name Specifies the names of the security profile.

minutes Specifies the interval in minutes. Valid values are between 10 and 1440. The
default value is 10 minutes.

Default
15 minutes.

Usage Guidelines
Use this command to change WPA and dot1x key update time values. Change timers only when you do
not want the keys to be updated frequently.

Example
The following example sets the interval for updating keys to 60 minutes:

configure security-profile open-profile dot1x-wpa-timers pairwise-update-timer 60

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 431

Security Commands

configure security-profile dot1x-wpa-timers reauth-period

configure security-profile <name> dot1x-wpa-timers reauth-period <seconds>

Description
When the network-authentication is set to dot1x or WPA, this command configures the interval when
clients are re-authenticated.

Syntax Description

name Specifies the names of the security profile.

seconds Specifies the interval in seconds. Valid values are between 600 and 60000.
The default value is 600 seconds.

Default
600 seconds.

Usage Guidelines
Use this command to change the re-authenticate interval time values for a security profile. Change
timers only when you do not want the client to be re-authenticated frequently.

Example
The following example sets the re-authentication interval for clients to 2 minutes:
configure security-profile open-profile dot1x-wpa-timers reauth-period 120

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

432 ExtremeWare 7.3e Command Reference Guide

 configure security-profile ess-name

configure security-profile ess-name

configure security-profile <name> ess-name <ess_name>

Description
Sets the name of the wireless network for the 802.11 interface associated with the security profile.

Syntax Description

name Specifies the names of the security profile.

ess_name Specifies the ESS name.

Default
N/A.

Usage Guidelines
ESS names can be shared across wireless ports and interfaces.

Example
The following example assigns the name shared_ess to the security profile shared-auth:

config security-profile shared-auth ess-name shared_ess

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 433

Security Commands

configure security-profile ssid-in-beacon

configure security-profile <name> ssid-in-beacon {on | off}

Description
Establishes whether the service set identifier (SSID) is published in the beacon or not.

Syntax Description

name Specifies the names of the security profile.

on Specifies that the beacon contains the SSID.
off Specifies that the beacon does not contain the SSID.

Default
On

Usage Guidelines
The beacon turns on whether the SSID is published in the beacon or not. If you set this command to off,
the client must know the SSID before it can associate. Sniffing on the beacon shows an empty SSID.

Configuration changes take effect immediately and are propagated to all ports sharing the named
profile. If the command fails, none of the changes is propagated to any of the ports.

Examples
The following command configures the security profile secure1 not to publish the SSID in the beacon:

configure security-profile secure1 ssid-in-beacon off

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

434 ExtremeWare 7.3e Command Reference Guide

 configure security-profile use-dynamic-vlan

configure security-profile use-dynamic-vlan

configure security-profile <name> use-dynamic-vlan {y | n}

Description
Determines whether the security profile uses the dynamic VLAN (VLAN pushed by the RADIUS server
through a VSA (Vendor Specific Attribute)).

Syntax Description

name Specifies the names of the security profile.

y Specifies y for yes to use the dynamic VLAN. The default is y (yes).
n Specifies n for no to not use the dynamic VLAN.

Default
Y (yes).

Usage Guidelines
If the variable is set to Y (yes), and if the RADIUS server is configured to push back VSA 203 or 209,
then the pushed-back VSAs will override the default-user-vlan setting. (If both VSAs are
configured, then they have to point to the same VLAN.) The user will be placed in the VLAN indicated
by the VSA after authentication.

If the variable is set to N (no), then the user will be placed in the VLAN indicated by
default-user-vlan regardless of any VSAs from the RADIUS server.

Use the following command to configure the default-user-vlan:

configure security-profile <name> default-user-vlan <vlan>

Example
The following example sets the security profile, open-profile, to use the dynamic VLAN:

configure security-profile open-profile use-dynamic-vlan y

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 435

Security Commands

configure security-profile wep default-key-index

configure security-profile <name> wep default-key-index <index>

Description
Sets the default key index for the security profile in case of static WEP encryption.

Syntax Description

name Specifies the names of the security profile.

index Specifies the index of the WEP key. Valid ranges are 0-3

Default
Zero (0)

Usage Guidelines
Sets the index of the WEP key. The key at the specified index must be configured before you can set the
default index for WEP auth/encryption.

Configuration changes take effect immediately and are propagated to all ports sharing the named
profile. If the command fails, none of the changes is propagated to any of the ports.

The index value is used when a user sets the WEP key in the following command:

configure security-profile <name> wep key add <index> hex <hexoctets> | plaintext
<string>

Examples
The following example sets the index of the WEP key to 3:

configure security-profile wep-secure wep default-key-index 3

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

436 ExtremeWare 7.3e Command Reference Guide

 configure security-profile wep key add

configure security-profile wep key add

configure security-profile <name> wep key add <index> hex <hexoctets> |
plaintext <string>

Description
Adds the given WEP key at the specified index.

Syntax Description

name Specifies the names of the security profile.

index Specifies the index. Valid values are 0-3.
hexoctets Specifies to use the hexadecimal value as the WEP key.
string Specifies a plain text value as the WEP key.

Default
Hex

Usage Guidelines
This key is used for WEP encryption. If you use hex mode, then the key should be made up of hex
digits (i.e., if encryption-length is 64 the key should be 10 hex digits (64-24 (ICV) = 40bits = 5 bytes = 10
hex digits). When you specify plaintext mode, the key is simply the ASCII value of the letters in the
specified key (for example, A = 35 and so on...). Plaintext does not mean passphrase.

Configuration changes take effect immediately and are propagated to all ports sharing the named
profile. If the command fails, none of the changes is propagated to any of the ports.

Examples
The following example adds the first WEP key (0) with the hex encryption code 1234567891:

configure security-profile wep-secure wep key add 0 hex 1234567891

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 437

Security Commands

configure security-profile wep key delete

configure security-profile <name> wep key delete <integer>

Description
Deletes the specified WEP key.

Syntax Description

name Specifies the names of the security profile.

integer Specifies the numeric value identifying the WEP key.

Default
Zero (0)

Usage Guidelines
When you delete a WEP key whose index is the default WEP key index, then the default index is
changed automatically to the lowest specified WEP key (or N/A if no WEP keys have been specified).

Configuration changes take effect immediately and are propagated to all ports sharing the named
profile. If the command fails, none of the changes is propagated to any of the ports.

Examples
The following example deletes the first WEP key (0).

configure security-profile wep-secure wep key delete 0

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

438 ExtremeWare 7.3e Command Reference Guide

 configure security-profile wpa-psk

configure security-profile wpa-psk

configure security-profile <name> wpa-psk [hex <hexadecimal_digit> |
passphrase <alphanumeric_string>]

Description
Configures the WPA pre-shared key.

Syntax Description

name Specifies the names of the security profile.

hex Specifies the WPA pre-shared key type as hex.
hexadecimal digit Specifies a 64-byte hexadecimal key.
passphrase Specifies the WPA pre-shared key type as passphrase.
alphanumeric_string Specifies a passphrase name in ASCII alphanumeric notation (8-63 characters
in length)

Default
N/A.

Usage Guidelines
Use this command to configure the WPA pre-shared key using a hexadecimal (64 bytes) digit or ASCII
alphanumeric string (8-63 characters in length).

Examples
The following example configures the WPA pre-shared key “abcdefgh” for the security profile sec_prof1
as passphrase:

configure security-profile sec_prof1 wpa-psk passphrase abcdefgh

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 439

Security Commands

configure ssh2
configure ssh2 key {pregenerated}

Description
Generates the Secure Shell 2 (SSH2) host key.

Syntax Description

pregenerated Indicates that the SSH2 authentication key has already been generated. The
user will be prompted to enter the existing key.

Default
The switch generates a key for each SSH2 session.

Usage Guidelines
Secure Shell 2 (SSH2) is a feature of ExtremeWare that allows you to encrypt session data between a
network administrator using SSH2 client software and the switch, or to send encrypted data from the
switch to an SSH2 client on a remote system. Image and configuration files may also be transferred to
the switch using the Secure Copy Program (SCP) or the Secure File Transfer Protocol (SFTP).

Before you can enable SSH2, you must first obtain a security license from Extreme Networks. After you
receive the license, you must enable SSH2 and generate a host key. To enable SSH2, use the enable
ssh2 command. To generate an SSH2 host key, use the configure ssh2 key command.

An authentication key must be generated before the switch can accept incoming SSH2 sessions. This can
be done automatically by the switch, or you can enter a previously generated key.

If you elect to have the key generated, you are prompted to enter a set of random characters to be used
in generating the key. The key generation process takes approximately ten minutes, and cannot be
canceled after it has started. Once the key has been generated, you should save your configuration to
preserve the key.

To use a key that has been previously created, use the pregenerated keyword. You are prompted to
enter the pregenerated key. You can use the show configure command to list the previously generated
key, and then copy and paste it after the prompt from the configure ssh2 key pregenerated
command.

The key generation process generates the SSH2 private host key. The SSH2 public host key is derived
from the private host key, and is automatically transmitted to the SSH2 client at the beginning of an
SSH2 session.

440 ExtremeWare 7.3e Command Reference Guide

 configure ssh2

Example
The following command generates an authentication key for the SSH2 session:
configure ssh2 key

The command responds with the following messages:

WARNING: Generating new server host key
This will take approximately 10 minutes and cannot be canceled.
Continue? (y/n)

If you respond yes, the command prompts as follows:

Enter some random characters. End with a newline

Type in a series of random characters, and then press the Enter or Return key. The key generation
process will then proceed.

To configure an SSH2 session using a previously generated key, use the following command:
configure ssh2 key pregenerated

The command responds with the following message:

Please enter the server key

Enter the previously-generated key (you can copy and paste it from the saved configuration file).

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 441

Security Commands

configure ssl certificate pregenerated

configure ssl certificate pregenerated

Description
Obtains the pre-generated certificate from the user.

Syntax Description
This command has no parameters or variables.

Default
N/A

Usage Guidelines
This command is also used when downloading/ uploading the configuration. The certificate
information stored in the uploaded configuration file should not be modified, because it is signed using
the issuer’s private key.

The certificate and private key file should be in PEM format and generated using RSA as the
cryptography algorithm.

Example
The following command obtains the pre-generated certificate from the user:

configure ssl certificate pregenerated

Next, the user will open the certificate and then file, copy, and paste the certificate into the
console/telnet session, followed by a “.” (period) to end the command.

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

442 ExtremeWare 7.3e Command Reference Guide

 configure ssl certificate privkeylen country organization common-name

configure ssl certificate privkeylen country organization

common-name
configure ssl certificate prikeylen <length> country <code> organization
<org_name> common-name <name>

Description
Creates a self-signed certificate and private key that can be saved in NVRAM.

Syntax Description

length Specifies the private key length in bytes. Valid values are between 1024 and
4096.
code Specifies the country code in 2 character format. For a list of supported
country codes, see “configure wireless country-code” on page 1017.
org_name Specifies the organization name.The org_name can be up to 64 characters
long.
name Specifies the common name. The common name can be up to 64 characters
long.

Default
N/A

Usage Guidelines
Creates a self signed certificate and private key that can be saved in NVRAM. The certificate generated
is in X509v3 format. The certificate generated is in PEM format.

Any existing certificate and private key is overwritten.

Most web browsers check whether the common-name field in the received server certificate is the same
as the URL used to reach the site, otherwise they give a warning.

The size of the certificate generated depends on the RSA Key length (privkeylen) and the length of the
other parameters (country, organization name etc.) supplied by the user. If the RSA key length is 1024,
then the certificate size is ~ 1kb and the private key length is ~1kb. For RSA Key length of 4096, the
certificate length is ~2kb and the private key length is ~3kb.

Examples
The following command creates an SSL certificate in the USA for a website called bigcats:

configure ssl certificate privkeylen 2048 country US organization IEEE common-name

bigcats

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

ExtremeWare 7.3e Command Reference Guide 443

Security Commands

Platform Availability
This command is available on Summit 300 series only.

444 ExtremeWare 7.3e Command Reference Guide

 configure ssl privkey pregenerated

configure ssl privkey pregenerated

configure ssl privkey pregenerated

Description
Obtains the pre-generated private key from the user.

Syntax Description
This command has no parameters or variables.

Default
N/A

Usage Guidelines
This command will also be used when downloading/uploading the configuration. The private key will
be stored in the uploaded configuration file in an encrypted format using a hard coded passphrase.
Hence the private key information in the configuration file should not be modified.

The certificate and private key file should be in PEM format and generated using RSA as the
cryptography algorithm.

Example
The following command obtains the pre-generated private key from the user:

configure ssl privkey pregenerated

Next, the user will open the certificate and then file, copy, and paste the certificate into the
console/telnet session, followed by a “.” (period) to end the command.

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 445

Security Commands

configure tacacs server

configure tacacs [primary | secondary] server [<ipaddress> | <hostname>]
{<tcp_port>} client-ip [<ipaddress>]

Description
Configures the primary and secondary server information for a TACACS+ authentication server.

Syntax Description

primary Configures the primary TACACS+ authentication server.

secondary Configures the secondary TACACS+ authentication server.
ipaddress Specifies the IP address of the TACACS+ server being configured.
hostname Specifies the host name of the TACACS+ server being configured. Must be
able to be resolved to an IP address.
tcp_port Specifies the TCP port to use to contact the TACACS+ server.
ipaddress The IP address used by the switch to identify itself when communicating with
the TACACS+ server.

Default
TACACS+ uses TCP port 49.

Usage Guidelines
Configure the server information for a TACACS+ server.

To remove a server, use the following command:

unconfigure tacacs {[primary | secondary] {server [<ipaddress> | <hostname>}}

Use of the <hostname> parameter requires that DNS be enabled.

Example
The following command configures server tacacs1 as the primary TACACS+ server for client switch
10.10.20.35:
configure tacacs primary server tacacs1 client-ip 10.10.20.35

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on Summit 300 series only.

446 ExtremeWare 7.3e Command Reference Guide

 configure tacacs shared-secret

configure tacacs shared-secret

configure tacacs [primary | secondary] {server <ipaddress> | <hostname>}
shared-secret {encrypted} [<string>]

Description
Configures the shared secret string used to communicate with the TACACS+ authentication server.

Syntax Description

primary Configures the authentication string for the primary TACACS+ server.
secondary Configures the authentication string for the secondary TACACS+ server.
ipaddress Specifies the IP address of the TACACS+ server being configured.
hostname Specifies the host name of the TACACS+ server being configured.
encrypted Indicates that the secret should be encrypted.
string Specifies the string to be used for authentication.

Default
Unconfigured.

Usage Guidelines
The secret must be the same between the client switch and the TACACS+ server.

The TACACS+ server must first be configured for use with the switch as a RADIUS client.

If the server address is not specified, shared secret is configured for all primary and secondary
TACACS+ authentication servers.

You must first configure the TACACS+ server information before configuring the shared secret for a
specific server.

Example
The following command configures the shared secret as “purplegreen” on the primary TACACS+
server:
configure tacacs-accounting primary shared-secret purplegreen

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 447

Security Commands

configure tacacs timeout

configure tacacs [primary | secondary] {server <ipaddress> | <hostname>}}
timeout <seconds>

Description
Configures the timeout interval for TACAS+ authentication requests.

Syntax Description

primary Configures the timeout for the primary TACACS+ server.

secondary Configures the timeout for the secondary TACACS+ server.
ipaddress Specifies the IP address of the TACACS+ server being configured.
hostname Specifies the host name of the TACACS+ server being configured.
seconds Specifies the number of seconds for authentication requests. Range is 3 to
120 seconds

Default
The default is 3 seconds.

Usage Guidelines
This command configures the timeout interval for TACACS+ authentication requests. When the timeout
has expired, another authentication attempt to the next alternative server is made.

Example
The following command configures the timeout interval for the secondary TACACS+ authentication to
10 seconds:
configure tacacs secondary timeout 10
The following command configures the timeout interval for TACACS+ authentication to 10 seconds:
configure tacacs primary server 192.168.14.8 timeout 10

History
This command was first available in ExtremeWare 7.2.e.

Platform Availability
This command is available on the “e” series platforms.

448 ExtremeWare 7.3e Command Reference Guide

 configure tacacs-accounting server

configure tacacs-accounting server

configure tacacs-accounting [primary | secondary] server [<ipaddress> |
<hostname>] {<tcp_port>} client-ip <ipaddress>

Description
Configures the primary and secondary TACACS+ accounting servers.

Syntax Description

primary Configures the primary TACACS+ accounting server.

secondary Configures the secondary TACACS+ accounting server.
ipaddress Specifies the IP address of the TACACS+ server being configured.
hostname Specifies the host name of the TACACS+ server being configured. Must be
able to be resolved to an IP address.
tcp_port Specifies the TCP port to use to contact the TACACS+ server.
ipaddress The IP address used by the switch to identify itself when communicating with
the TACACS+ accounting server.

Default
Unconfigured.

Usage Guidelines
Use this command to specify the TACACS+ accounting server information for up to two primary and
two secondary TACACS+ accounting servers.

Use of the <hostname> parameter requires that DNS be enabled.

To remove a server, use the following command:

unconfigure tacacs-accounting {[primary | secondary] server {<ipaddress> |

<hostname>}}

Example
The following command configures server tacacs1 as the primary TACACS+ accounting server for client
switch 10.10.20.35:
configure tacacs-accounting primary server tacacs1 client-ip 10.10.20.35

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 449

Security Commands

configure tacacs-accounting shared-secret

configure tacacs-accounting [primary | secondary] {server <ipaddress> |
<hostname>}} shared-secret {encrypted} [<string>}

Description
Configures the shared secret string used to communicate with the TACACS+ accounting server.

Syntax Description

primary Configures the authentication string for the primary TACACS+ accounting
server.
secondary Configures the authentication string for the secondary TACACS+ accounting
server.
ipaddress Specifies the IP address of the TACACS+ server being configured.
hostname Specifies the host name of the TACACS+ server being configured. Must be
able to be resolved to an IP address.
encrypted Indicates that the secret should be encrypted.
string The string to be used for authentication.

Default
Unconfigured

Usage Guidelines
The secret must be the same between the client switch and the TACACS+ accounting server.

If the server address is not specified, shared secret is configured for all primary and secondary
TACACS+ accounting servers.

You must first configure the TACACS+ accounting server information before configuring the shared
secret for a specific server.

Example
The following command configures the shared secret as “tacacsaccount” on the primary TACACS+
accounting server:
configure tacacs-accounting primary shared-secret tacacsaccount

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platform.

450 ExtremeWare 7.3e Command Reference Guide

 configure tacacs-accounting timeout

configure tacacs-accounting timeout

configure tacacs-accounting {[primary | secondary] {server [<ipaddress>] |
<hostname>}} timeout <seconds>

Description
Configures the timeout interval for TACACS+ accounting authentication requests.

Syntax Description

primary Configures the timeout for the primary TACACS+ accounting server.
secondary Configures the timeout for the secondary TACACS+ accounting server.
ipaddress Specifies the IP address of the TACACS+ server being configured.
hostname Specifies the host name of the TACACS+ server being configured..
seconds Specifies the number of seconds to wait before retrying accounting requests.
Range is 3 to 120 seconds

Default
The default is 3 seconds.

Usage Guidelines
This command configures the timeout interval for TACACS+ accounting authentication requests. When
the timeout has expired, another authentication attempt is made to the alternative server.

Example
The following command configures the timeout interval for TACACS+ accounting authentication to 10
seconds:
configure tacacs-accounting primary server 192.168.12.12 timeout 10

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 451

Security Commands

configure vlan dhcp-address-range

configure vlan <name> dhcp-address-range <start-addr> - <end-addr> {<mask>}

Description
Configures a set of DHCP addresses for a VLAN.

Syntax Description

vlan-name Specifies the name of the VLAN to be configured.

start-addr Specifies the starting IP address in the configured range.
end-addr Specifies the ending IP address in the configured range.
mask Specifies the network mask of the range if the range specifies a remote
subnet.

Default
N/A.

Usage Guidelines
This command configures in the switch a set of DHCP addresses for a particular VLAN. The configured
address range can be for a local subnet (the range falls in one of the local subnets of the switch) or a
remote subnet (the configured IP address does not fall in any of the local subnets of the switch).
To configure address ranges for a remote subnet the optional parameter mask must be provided.
To configure address ranges for a local subnet the parameter mask should not be provided.
You can configure a maximum of 64 local and remote address ranges.

Example
You can allocate IP addresses for a remote subnet (non-local subnet) using the DHCP server. The
following command gives an example of configuring DHCP address ranges for a remote subnet using
the subnet 60.0.0.x/24 in the VLAN named test:
configure vlan test dhcp-address-range 60.0.0.5 - 60.0.0.40 mask 255.255.255.0

NOTE
The mask option is required when configuring the DHCP address range for the remote subnet.

History
This command was first available in ExtremeWare 7.2e.

This command was modified in ExtremeWare 7.3e to allow remote subnets to be configured in
ExtremeWare.

Platform Availability
This command is available on the “e” series platforms.

452 ExtremeWare 7.3e Command Reference Guide

 configure vlan dhcp-lease-timer

configure vlan dhcp-lease-timer

configure vlan <name> dhcp-lease-timer <lease-timer>

Description
Configures the timer value in seconds returned as part of the DHCP response.

Syntax Description

name Specifies the VLAN on whose ports netlogin should be disabled.

lease-timer Specifies the timer value, in seconds.

Default
N/A.

Usage Guidelines
The timer value is specified in seconds.
The DHCP server should be used with Network Login and not as a stand-alone DHCP server.

Example
The following command configures the DHCP lease timer value for VLAN corp:
configure vlan corp dhcp-lease-timer <lease-timer>

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 453

Security Commands

configure vlan dhcp-options

configure vlan <vlan-name> dhcp-options [dhcp-gateway <gateway-addr> |
dns-server <dns-server-ip> | wins-server <wins-server-ip>] {<start-addr>}

Description
Configures the DHCP options returned as part of the DHCP response by a switch configured as a
DHCP server.

Syntax Description

vlan-name Specifies the name of the VLAN to be configured.

dhcp-options Specifies that DHCP options are to be configured.
dhcp-gateway Specifies that the DHCP gateway option is to be configured.
gateway-addr Specifies the DHCP gateway address.
dns-server Specifies that the DNS server option is to be configured.
dns-server-ip Specifies the DNS server IP.
wins-server Specifies that the WINS server option is to be configured.
wins-server-ip Specifies the WINS server IP.
start-addr (Optional) Specifies the starting address of the range for which DHCP options
are to be configured.

Default
N/A.

Usage Guidelines
Use the dhcp-gateway keyword to configure the DHCP gateway option for a specified DHCP address
range.

Use the dns-server keyword to configure the DNS server option for a specified DHCP address range.

Use the wins-server keyword to configure the WINS server option for a given DHCP address range.

A VLAN can have multiple DHCP address ranges; therefore, the parameter start-addr identifies the
DHCP address range for which this configuration is applicable.

The DHCP address range is identified as the one whose starting IP address is the same as start-addr.
If start-addr is not provided, then the DHCP option will be applied for the primary DHCP address
range.

To clear DHCP options for a VLAN, use the following command:

unconfigure vlan dhcp-options

Example 1
Consider a VLAN named test with a primary subnet 40.0.0.x/24 and a secondary subnet 50.0.0.x/24.
Assume that for the primary subnet a DHCP address range is configured ranging from 40.0.0.5 -

454 ExtremeWare 7.3e Command Reference Guide

 configure vlan dhcp-options

40.0.0.40. Similarly, for the secondary subnet the DHCP address range is configured ranging from
50.0.0.5 - 50.0.0.40.

To configure the DHCP gateway as 40.0.0.90 for the primary subnet, issue the following command:

configure vlan test dhcp-options dhcp-gateway 40.0.0.90

To configure the DHCP gateway as 50.0.0.90 for the secondary subnet issue the following command:

configure vlan test dhcp-options dhcp-gateway 50.0.0.90 50.0.0.5

NOTE
You can configure multiple DHCP address ranges for a VLAN. The start-addr option in the command
(50.0.0.5 in this example) specifies the exact DHCP address range for which the command applies. If
the last option is not specified, the command is applied for the primary subnet.

Example 2
Consider a VLAN named test with a primary subnet 40.0.0.x/24 and a secondary subnet 50.0.0.x/24.
Assume that for the primary subnet a DHCP address range is configured ranging from 40.0.0.5 -
40.0.0.40. Similarly, for the secondary subnet the DHCP address range is configured ranging from
50.0.0.5 - 50.0.0.40.

To configure the DNS server as 40.0.0.90 for the primary subnet, issue the following command:

configure vlan test dhcp-options dns-server 40.0.0.90

To configure the DNS Server as 50.0.0.90 for the secondary subnet, issue the following command:

configure vlan test dhcp-options dns-server 50.0.0.90 50.0.0.5

NOTE
You can configure multiple DHCP address ranges for a VLAN. The start-addr option in the command
(50.0.0.5 in this example) specifies the exact DHCP address range for which the command applies. If
the last option is not specified, the command is applied for the primary subnet.

Example 3
Consider a VLAN named test with a primary subnet 40.0.0.x/24 and a secondary subnet 50.0.0.x/24.
Assume that for the primary subnet a DHCP address range is configured ranging from 40.0.0.5 -
40.0.0.40. Similarly, for the secondary subnet the DHCP address range is configured ranging from
50.0.0.5 - 50.0.0.40.

To configure the WINS Server as 40.0.0.90 for the primary subnet, issue the following command:

configure vlan test dhcp-options wins-server 40.0.0.90

To configure the WINS Server as 50.0.0.90 for the secondary subnet, issue the following command:

configure vlan test dhcp-options wins-server 50.0.0.90 50.0.0.5

ExtremeWare 7.3e Command Reference Guide 455

Security Commands

NOTE
You can configure multiple DHCP address ranges for a VLAN. The start-addr option in the command
(50.0.0.5 in this example) specifies the exact DHCP address range for which the command applies. If
the last option is not specified, the command is applied for the primary subnet.

History
This command was first available in ExtremeWare 7.1e.
This command was modified in ExtremeWare 7.3e to allow remote or secondary subnets to be
configured for DHCP options in ExtremeWare (through the addition of the parameter start-addr).

Platform Availability
This command is available on the “e” series platforms.

456 ExtremeWare 7.3e Command Reference Guide

 configure vlan netlogin-lease-timer

configure vlan netlogin-lease-timer

configure vlan <vlan name> netlogin-lease-timer <seconds>

Description
Configures the timer value returned as part of the DHCP response for clients attached to
Network Login-enabled ports.

Syntax Description

vlan name Specifies the VLAN to which this timer value applies.
seconds Specifies the timer value, in seconds.

Default
10 seconds.

Usage Guidelines
The timer value is specified in seconds.

This command applies only to the web-based authentication mode of Network Login.

Example
The following command sets the timer value to 15 seconds for VLAN corp:
configure vlan corp netlogin-lease-timer 15

History
This command was first available in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 457

Security Commands

create access-list
create access-list <name> access-mask <access-mask name> {dest-mac
<dest_mac} {source-mac <src_mac>} {vlan <name>} {ethertype [IP | ARP |
<hex_value>]} {tos <ip_precedence> | code-point <code_point>} {ipprotocol
[tcp | udp | icmp | igmp | <prococol_num>]} {dest-ip <dest_IP>/<mask
length>} {dest-L4port <dest_port>} {source-ip <src_IP>/<mask length>}
{source-L4port <src_port> [permit {qosprofile <qosprofile>} {set code-point
<code_point>} {set dot1p <dot1p_value} | permit-established |
deny]{vlan-pri}{vlan-pri-2bits}

Description
Creates an access list.

Syntax Description

name Specifies the name of the access list.

access-mask Specifies the name of the associated access mask.
dest-mac Specifies the destination MAC address.
source-mac Specifies the source MAC address.
vlan Specifies the VLANid.
ethertype Specifies the Ethernet type field.
tos Specifies a 3-bit precedence field within the IP ToS field. Valid entries are
from 0 to 7.
code-point Specifies a 6-bit DiffServ code point. Valid entries are from 0 to 63.
iprotocol Specifies the IP protocol.
dest-ip Specifies the destination IP address.
source-ip Specifies the source IP address.
dest-L4port Specifies the destination TCP/UDP port.
source-L4port Specifies the source TCP/UDP port.
icmp-type Specifies the ICMP type.
icmp-code Specifies the ICMP code.
egressport Specifies the egress port.
ports Specifies one or more ingress ports.
permit Specifies to forward the packet.
qosprofile Specifies the priorities for using QoS profiles.
code-point Specifies a 6-bit DiffServ code point. Valid entries are from 0 to 63.
dot1p Specifies the priorities for 802.1p.
permit-established Specifies to deny any new TCP session initiation.
deny Specifies to drop the packet.
vlan-pri Specifies the 802.1p priority of the VLAN tag, which is a three-bit field. Valid
values are 0 to 7.
vlan-pri-2bits Specifies the two most significant bits of the vlan-pri field.

458 ExtremeWare 7.3e Command Reference Guide

 create access-list

History
This form of the command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 459

Security Commands

create access-mask
create access-mask <access-mask name> {dest-mac} {source-mac} {vlan} {tos
|code-point} {ethertype} {ipprotocol} {dest-ip/<mask length>}
{source-L4port | {icmp-type} {icmp-code}} {permit-established} {egresport}
{ports} {precedence <number>}{vlan-pri}{vlan-pri-2bits}

Description
Creates an access mask.

Syntax Description

access mask name Specifies the name of the access-mask.

dest-mac Specifies the destination MAC address.
source-mac Specifies the source MAC address.
vlan Specifies the VLANid.
tos Specifies a 3-bit precedence field within the IP ToS field. Valid entries are
from 0 to 7.
code-point Specifies a 6-bit DiffServ code point. Valid entries are from 0 to 63.
ethertype Specifies the Ethernet type field.
ipprotocol Specifies the IP protocol.
dest-ip Specifies the destination IP address.
source-ip Specifies the source IP address.
mask length Specifies the IP mask length
dest-L4port Specifies the destination TCP/UDP port.
source-L4port Specifies the source TCP/UDP port.
icmp-type Specifies the ICMP type.
icmp-code Specifies the ICMP code.
permit-established Specifies the TCP SYN and ACK bits. It is specified when IP protocol is
implicit and need not be specified separately.
egressport Specifies the egress port.
ports Specifies one or more ingress ports.
precedence Specifies the access-mask precedence, which determines the precedence of
the associated access list.
vlan-pri Specifies the 802.1p priority of the VLAN tag, which is a three-bit field. Valid
values are 0 to 7.
vlan-pri-2bits Specifies the two most significant bits of the vlan-pri field.

History
This form of the command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

460 ExtremeWare 7.3e Command Reference Guide

 create access-profile

create access-profile
create access-profile <access profile> type [ipaddress | ipx-node | ipx-net
| ipx-sap | as-path]

Description
Creates an access profile.

Syntax Description

access profile Specifies an access profile name.

ipaddress Specifies that the profile entries will be a list of IP address/mask pairs.
ipx-node Specifies that the profile entries will be a list of IPX node addresses.
ipx-net Specifies that the profile entries will be a list of IPX NetIDs.
ipx-sap Specifies that the profile entries will be a list of IPX SAP advertisements.
as-path Specifies that the profile entries will be a list of AS path expressions.

Default
N/A.

Usage Guidelines
You must give the access profile a unique name (in the same manner as naming a VLAN, protocol filter,
or Spanning Tree Domain).

After the access profile is created, you must configure the access profile mode. The access profile mode
determines whether the items in the list are to be permitted access or denied access.

Example
The following command creates an access profile named nosales that will contain IP address/mask pairs:
create access-profile nosales type ipaddress

The following command creates an access profile that will contain AS path expressions:
create access-profile AS1 type as-path

History
This command was introduced in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 461

Security Commands

create rate-limit
create rate-limit <rule_name> access-mask <access-mask name> {dest-mac
<dest_mac>} {source-mac <scr_mac>} {vlan <name>} {ethertype [IP | ARP |
<hex_value>]} {tos <ip_precedence> | code-point <code_point>} {ipprotocol
[tcp | udp | icmp | igmp | <prococol_num>]} {dest-ip <dest_IP>/<mask
length>} {dest-L4port <dest_port>} {source-ip <src_IP>/<mask length>}
{source-L4port <src_port> [permit {qosprofile <qosprofile>} {set code-point
<code_point>} {set dot1p <dot1p_value} limit <rate_in_Mbps> {exceed-action
[drop | set code-point <code_point>]} {vlan-pri}{vlan-pri-2bits}

Description
Creates a rate limit rule.

Syntax Description

rule_name Specifies the name of the rate limit rule.

access-mask Specifies the name of the associated access mask.
dest-mac Specifies the destination MAC address.
source-mac Specifies the source MAC address.
vlan Specifies the VLANid.
ethertype Specifies the Ethernet type field.
tos Specifies a 3-bit precedence field within the IP ToS field. Valid entries are
from 0 to 7.
code-point Specifies a 6-bit DiffServ code point. Valid entries are from 0 to 63.
iprotocol Specifies the IP protocol.
dest-ip Specifies the destination IP address.
source-ip Specifies the source IP address.
dest-L4port Specifies the destination TCP/UDP port.
source-L4port Specifies the source TCP/UDP port.
icmp-type Specifies the ICMP type.
icmp-code Specifies the ICMP code.
egressport Specifies the egress port.
ports Specifies one or more ingress ports.
permit Specifies to forward the packet.
qosprofile Specifies the priorities for using QoS profiles.
code-point Specifies a 6-bit DiffServ code point. Valid entries are from 0 to 63.
dot1p Specifies the priorities for 802.1p.
limit Specifies to limit the data rate to the specified amount in Mbps.
exceed-action Specifies the action to be taken on the data traffic when it exceeds the
specified amount.
vlan-pri Specifies the 802.1p priority of the VLAN tag, which is a three-bit field. Valid
values are 0 to 7.
vlan-pri-2bits Specifies the two most significant bits of the vlan-pri field.

462 ExtremeWare 7.3e Command Reference Guide

 create rate-limit

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 463

Security Commands

create security-profile
create security-profile <name> {copy <existing_profile>}

Description
Creates a new security profile.

Syntax Description

name Specifies the name of the security profile being created.

existing_profile Specifies the name of an existing profile from which the system copies the
initial values.

Default
N/A

Usage Guidelines
Use this command to create a new profile from scratch or to copy an existing profile using a new name.

Example
The following example creates a new security-profile called wep-secure using an existing profile called
unsecure:

create security-profile wep-secure copy unsecure

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

464 ExtremeWare 7.3e Command Reference Guide

 create trusted-mac-address

create trusted-mac-address
create trusted-mac-address mac-address <mac_address> [mask <mask>] vlan
<vlan_name>| all [ports <portlist>] [protocol {DHCP|ARP}]

Description
Configures a trusted media access control (MAC) address with mask for each VLAN or all VLANs for
the ARP or DHCP protocols.

Syntax Description

mac_address Specifies the MAC address for enabling the trusted-MAC feature. Specified in
the form nn:nn:nn:nn:nn:nn.
mask Specifies the MAC address mask value. If a mask is not specified, the default
mask of ff:ff:ff:ff:ff:ff is used.
vlan_name Specifies the name of a VLAN. If the all keyword is specified,.
all Specifies all VLANs are configured for trusted-MAC.
portlist Specifies one or more ports or slots and ports of the VLAN. Can be one or
more port numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.
DHCP Specifies to use the DHCP protocol.
ARP Specifies to use the ARP protocol.

Default
N/A

Usage Guidelines
Use this command to configures a trusted MAC address. A mask for the MAC address is optional. If
you do not specify a mask, the default mask of ff:ff:ff:ff:ff:ff is used. This command is equivalent to
configuring an individual MAC address.

ExtremeWare performs an AND operation between the source MAC address of the incoming packet and
its mask. It then compares that result with the result of the AND operation between the configured
address and the mask. If the results are the same, the address is trusted and the packet is forwarded
independent to the port authentication state.

Example
The following example creates a trusted MAC on all ports in the VLAN bldg5 allowing the use of the
DHCP protocol.

create trusted-mac-address mac-address 00:07:40:79:58:EB bldg5 protocol dhcp

History
This command was first available in 7.3e.

ExtremeWare 7.3e Command Reference Guide 465

Security Commands

Platform Availability
This command is available on the “e” series platforms.

466 ExtremeWare 7.3e Command Reference Guide

 delete access-list

delete access-list
delete access-list <name>

Description
Deletes an access list.

Syntax Description

name Specifies the name of the access list to be deleted.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes access list allow102:
delete access-list allow102

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 467

Security Commands

delete access-mask
delete access-mask <name>

Description
Deletes the named access-mask.

Syntax Description

name Specifies the name of the access list.

Usage Guidelines
None.

Example
The following command disables statistics collection for access list allow102:
delele access-list allow102

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

468 ExtremeWare 7.3e Command Reference Guide

 delete access-profile

delete access-profile
delete access-profile <access profile>

Description
Deletes an access profile.

Syntax Description

access profile Specifies an access profile name.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes an access profile named nosales:
delete access-profile nosales

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 469

Security Commands

delete rate-limit
delete rate-limit <name>

Description
Deletes a rate limit rule.

Syntax Description

name Specifies the name of the rate limit rule.

Usage Guidelines
None.

Example
The following command deletes a rate limit rule named throttle2:
delete access-profile throttle2

History

This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

470 ExtremeWare 7.3e Command Reference Guide

 delete security-profile

delete security-profile
delete security-profile <name>

Description
Deletes the named security profile.

Syntax Description

name Specifies the name of an existing RF profile to be deleted.

Default
N/A

Usage Guidelines
Use this command to delete the named security profile. The named profile cannot be attached to any
active ports.

To verify your configuration, use the show security-profile command. The show
security-profile output displays the configured parameters of the security profile.

Example
The following example deletes the RF profile named wep-secure:

delete security-profile wep_secure

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 471

Security Commands

delete trusted-mac address

delete trusted-mac-address [mac-address <mac_address> [mask <mask>]] vlan
<vlan_name> | all [ports <portlist>] [protocol [DHCP|ARP]]

Description
Deletes a trusted media access control (MAC) address.

Syntax Description

mac_address Specifies the MAC address of the enabled trusted-MAC. Specified in the form
nn:nn:nn:nn:nn:nn.
mask Specifies a mask for the MAC address. If a mask is not specified, the default
mask of ff:ff:ff:ff:ff:ff is used.
all Specifies all VLANs.
vlan_name Specifies the name of a VLAN.
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.
DHCP Specifies the DHCP protocol.
ARP Specifies the ARP protocol.

Default
N/A

Usage Guidelines
Use this command to delete a trusted MAC address. If you do not specify a MAC address, all the MAC
addresses in the VLAN are deleted.

Example
The following example deletes a MAC address from a VLAN named corp:

delete trusted-mac-address mac-address 00:04:0D:23:45:C2 vlan corp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all “e” series switches.

472 ExtremeWare 7.3e Command Reference Guide

 disable arp-learning

disable arp-learning
disable arp-learning

Description
Disables the ARP-learning feature on the switch.

Syntax Description
This command has no arguments or variables.

Default
By default, arp-learning is enabled.

Usage Guidelines
None.

Example
N/A.

History
This command was first available in ExtremeWare 7.3.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 473

Security Commands

disable arp-learning ports

disable arp-learning ports <portlist>

Description
Disables the ARP-learning feature on a port or ports.

Syntax Description
portlist Specifies the ingress port(s) on which this rule is applied.
any specifies that the rule will be applied to all ports.

Default
By default, arp-learning is enabled.

Usage Guidelines
None.

Example
N/A.

History
This command was first available in ExtremeWare 7.3.

Platform Availability
This command is available on all platforms.

474 ExtremeWare 7.3e Command Reference Guide

 disable arp-learning vlan

disable arp-learning vlan

disable arp-learning vlan <vlan name>

Description
Disables the ARP-learning feature on a vlan.

Syntax Description
vlan name Specifies the vlan to which the rule applies.

Default
By default, arp-learning is enabled.

Usage Guidelines
None.

Example
N/A.

History
This command was first available in ExtremeWare 7.3.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 475

Security Commands

disable arp-learning vlan ports

disable arp-learning vlan <vlan name> port <portlist>

Description
Disables the ARP-learning feature on a port in the given vlan.

Syntax Description
vlan name Specifies the vlan to which the rule applies.
portlist Specifies the ports to which the rule applies.

Default
By default, arp-learning is enabled.

Usage Guidelines
None.

Example
N/A.

History
This command was first available in ExtremeWare 7.3.

Platform Availability
This command is available on all platforms.

476 ExtremeWare 7.3e Command Reference Guide

 disable cpu-dos-protect

disable cpu-dos-protect
disable cpu-dos-protect

Description
Disables denial of service protection.

Syntax Description
There are no arguments or variables for this command.

Default
Default is disabled.

Usage Guidelines
None.

Example
The following command disables denial of service protection.
disable cpu-dos-protect

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 477

Security Commands

disable dhcp ports vlan

disable dhcp ports <portlist> vlan <vlan name>

Description
Disables DHCP on a specified port in a VLAN.

Syntax Description

portlist Specifies the ports for which DHCP should be disabled.

vlan name Specifies the VLAN on whose ports DHCP should be disabled.

Default
N/A.

Usage Guidelines
The DHCP server should be used with Network Login and not as a stand-alone DHCP server.

Example
The following command disables DHCP for port 9 in VLAN corp:
disable dhcp ports 9 vlan corp

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

478 ExtremeWare 7.3e Command Reference Guide

 disable enhanced-dos-protect

disable enhanced-dos-protect
disable enhanced-dos-protect {rate-limit | ipfdb} {ports [<portlist> |
all]}

Description
Disables enhanced denial of service protection globally or for selected ports.

Syntax Description

rate-limit Disables software rate limiting.

ipfdb Disables the IPFDB learning qualifier.
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.
all Specifies all ports.

Default
Default is disabled.

Usage Guidelines
Use the rate-limit keyword in this command to disable the lowering of the percentage of slow path
traffic being sent to the CPU. Verify the disabled status by using the show enhanced-dos-protect
rate-limit command. To globally disable rate limiting, omit the ports keyword and qualifier.
Use the ipfdb keyword in this command to disable the IPFDB learning qualifier. Verify the disabled
status by using the show enhanced-dos-protect ipfdb command. To globally disable the IPFDB
learning qualifier, omit the ports keyword and qualifier.

Example
The following command disables enhanced denial of service protection rate limiting for all ports.
disable enhanced-dos-protect rate-limit ports all
The following command globally disables the enhanced denial of service protection IPFDB learning
qualifier.
disable enhanced-dos-protect ipfdb

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 479

Security Commands

disable netlogin
disable netlogin [web-based |dot1x]

Description
Disables Network Login modes.

Syntax Description

web-based Specifies web-based authentication.

dot1x Specifies 802.1x authenticating.

Default
Both types of authentication are enabled.

Usage Guidelines
Both types, either type, or no type of authentication can be enabled on the same switch. To enable an
authentication mode, use the following command:
enable netlogin [web-based | dot1x]

This command was first introduced as disable netlogin, which disabled the initial version of
Network Login, the web-based mode. The original command was subsequently deprecated when the
802.1x mode of Network Login was introduced in ExtremeWare 7.1.0. The deprecated version of the
command is temporarily supported in configurations. During an upgrade, the deprecated command:

disable netlogin

will be interpreted as:

disable netlogin web-based

disable netlogin dot1x

Example
The following command disables Network Login:
disable netlogin

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

480 ExtremeWare 7.3e Command Reference Guide

 disable netlogin logout-privilege

disable netlogin logout-privilege

disable netlogin logout-privilege

Description
Disables Network Login logout window pop-up.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command controls the logout window pop-up on the web-based network client. This command
applies only to the web-based authentication mode of Network Login. When disabled, the logout
window pop-up will no longer appear.

Example
The following command disables Network Login logout-privilege:
disable netlogin logout-privilege

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 481

Security Commands

disable netlogin ports

disable netlogin ports <portlist> vlan <vlan name>

Description
Disables Network Login on a specified port in a VLAN.

Syntax Description

portlist Specifies the ports for which netlogin should be disabled.

vlan name Specifies the VLAN on whose ports netlogin should be disabled.

Default
N/A.

Usage Guidelines
Network Login must be disabled on a port before you can delete a VLAN that contains that port.

This command applies to both the web-based and 802.1x mode of Network Login. To control which
authentication mode is used by Network Login, use the following commands:

enable netlogin [web-based | dot1x]

disable netlogin [web-based | dot1x]

Example
The following command disables Network Login on port 9 in VLAN corp:
disable netlogin ports 9 vlan corp

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

482 ExtremeWare 7.3e Command Reference Guide

 disable netlogin session-refresh

disable netlogin session-refresh

disable netlogin session-refresh

Description
Disables Network Login session refresh.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Network Login sessions can refresh themselves after a configured timeout. After the user has been
logged in successfully, a logout window opens which can be used to close the connection by clicking on
the LogOut link. Any abnormal closing of this window is detected on the switch and the user is logged
out after a time interval as configured for session refresh. The session refresh is enabled and set to five
minutes by default.

This command applies only to the web-based authentication mode of Network Login.

Example
The following command disables Network Login session refresh:
disable netlogin session-refresh

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 483

Security Commands

disable radius
disable radius

Description
Disables the RADIUS client.

Syntax Description
This command has no arguments or variables.

Default
RADIUS authentication is disabled by default.

Usage Guidelines
None.

Example
The following command disables RADIUS authentication for the switch:
disable radius

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

484 ExtremeWare 7.3e Command Reference Guide

 disable radius-accounting

disable radius-accounting
disable radius-accounting

Description
Disables RADIUS accounting.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables RADIUS accounting for the switch:
disable radius-accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 485

Security Commands

disable ssh2
disable ssh2

Description
Disables the SSH2 server for incoming SSH2 sessions to switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
SSH2 session options (access profile and non-default port setting) are not saved when SSH2 is disabled.

To view the status of SSH2 Telnet sessions on the switch, use the show management command. The
show management command displays information about the switch including the enable/disable state
for SSH2 Telnet sessions.

SSH2 client connections can still be initiated from the switch when the SSH2 server is disabled.

Example
The following command disables the SSH2 server:
disable ssh2

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

486 ExtremeWare 7.3e Command Reference Guide

 disable tacacs

disable tacacs
disable tacacs

Description
Disables TACACS+ authentication.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables TACACS+ authentication for the switch:
disable tacacs

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 487

Security Commands

disable tacacs-accounting
disable tacacs-accounting

Description
Disables TACACS+ accounting.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables TACACS+ accounting:
disable tacacs-accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

488 ExtremeWare 7.3e Command Reference Guide

 disable tacacs-authorization

disable tacacs-authorization
disable tacacs-authorization

Description
Disables TACACS+ authorization.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This disable CLI command authorization but leaves user authentication enabled.

Example
The following command disables TACACS+ CLI command authorization:
disable tacacs-authorization

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 489

Security Commands

disable trusted-mac-address
disable trusted-mac-address {vlan <vlan-name>}

Description
Disables trusted Organizational Unique Identifier (OUI) or MAC addresses for port-specific
configurations.

Syntax Description

vlan name Specifies the VLAN on whose ports trusted-MAC feature should be disabled.

Default
Disabled.

Usage Guidelines
Use this command to disable OUI or MAC addresses for port-specific configurations. Disabling this
feature does not remove the previous port-specific configurations.

To disable the feature globally, use disable trusted-mac-address.

To disable the feature on a VLAN, use disable trusted-mac-address vlan <vlan-name>

Example
The following command disables trusted MAC addresses on the corp VLAN:
disable trusted-mac-address vlan corp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

490 ExtremeWare 7.3e Command Reference Guide

 disable web

disable web
disable web

Description
Disables both HTTP access and secure HTTP access (HTTPS) to the switch.

Syntax Description
This command has no parameters or variables.

Default
Enabled

Usage Guidelines
Use this command to prevent web access..

Example
The following command disables HTTP and HTTPS:

disable web

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 491

Security Commands

disable web http

disable web http

Description
Disables HTTP access to the switch on the default HTTP port (80).

Syntax Description
This command has no parameters or variables.

Default
Enabled

Usage Guidelines
Use this command to disallow users from connecting with HTTP. Disabling HTTP access forces users to
use a secured HTTPS connection if web HTTPS is enabled. Use the following command to enable web
HTTPS:
enable web https

Example
The following command disables HTTP on the default port:

disable web http

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

492 ExtremeWare 7.3e Command Reference Guide

 disable web https

disable web https

disable web https

Description
Disables secure HTTP access (HTTPS) to the switch on the default HTTPS port (443).

Syntax Description
This command has no parameters or variables.

Default
Enabled

Usage Guidelines
Use this command to disable HTTPS before changing the certificate or private key.

Example
The following command disables HTTPS on the default port:

disable web https

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 493

Security Commands

download ssl certificate

download ssl <ip address> certificate <cert file>

Description
Permits downloading of a certificate key from files stored in a TFTP server.

Syntax Description

ip address Specifies the IP address of the TFTP server.

cert file Specifies the name of certificate key.

Default
N/A

Usage Guidelines
If the operation is successful, any existing certificate will be overwritten. Following successful
download, a check is performed to find out whether the public key in the certificate matches with the
private key stored. If the private and public keys do not match, warning message will be displayed
(“Warning: The Private Key does not match with the Public Key in the certificate.”). This warning will
act as a reminder to the user to download the private key also.

The certificate and private key file should be in PEM format and generated using RSA as the
cryptography algorithm.

Example
The following example downloads a certificate from IP address 166.81.0.14:

download ssl 166.81.0.14 certificate g0ethner1

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

494 ExtremeWare 7.3e Command Reference Guide

 download ssl privkey

download ssl privkey

download ssl <ip address> privkey <key file>

Description
Permits downloading of a private key from files in a TFTP server.

Syntax Description

ip address Specifies the IP address of the TFTP server.

key file Specifies the name of private key file.

Default
N/A

Usage Guidelines
When this command is executed, if the private key is encrypted, the user is prompted to enter the
passphrase that was used to encrypt the private key when the private key was generated. Only DES
and 3DES encryption mechanisms are supported for private key encryption. If the operation is
successful the existing private key will be overwritten.

After the download is successful, a check is performed to find out whether the private key downloaded
matches with the public key stored in the certificate. If they do not match, a warning message is
displayed (“Warning: The Private Key does not match with the Public Key in the certificate.”). This
warning acts as a reminder to the user to download the corresponding certificate.

The certificate and private key file should be in PEM format and generated using RSA as the
cryptography algorithm.

Example
The following command enables downloading of a private key from a TFTP server:

download ssl 166.81.0.14 privkey t00Ts1e

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 495

Security Commands

enable arp-learning
enable arp-learning

Description
Enables the ARP-learning feature on the switch.

Syntax Description
This command has no arguments or variables.

Default
By default, arp-learning is enabled.

Usage Guidelines
None.

Example
N/A.

History
This command was first available in ExtremeWare 7.3.

Platform Availability
This command is available on all platforms.

496 ExtremeWare 7.3e Command Reference Guide

 enable arp-learning ports

enable arp-learning ports

enable arp-learning ports <portlist>

Description
Enables the ARP-learning feature on a port or ports.

Syntax Description
portlist Specifies the ingress port(s) on which this rule is applied.
any specifies that the rule will be applied to all ports.

Default
By default, arp-learning is enabled.

Usage Guidelines
None.

Example
N/A.

History
This command was first available in ExtremeWare 7.3.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 497

Security Commands

enable arp-learning vlan ports

enable arp-learning vlan <vlan name> port <portlist>

Description
Enables the ARP-learning feature on a port in the given vlan.

Syntax Description
vlan name Specifies the vlan to which the rule applies.
portlist Specifies the ports to which the rule applies.

Default
By default, arp-learning is enabled.

Usage Guidelines
None.

Example
N/A.

History
This command was first available in ExtremeWare 7.3.

Platform Availability
This command is available on all platforms.

498 ExtremeWare 7.3e Command Reference Guide

 enable cpu-dos-protect

enable cpu-dos-protect
enable cpu-dos-protect

Description
Enables denial of service protection.

Syntax Description
There are no arguments or variables for this command.

Default
Default is disabled.

Usage Guidelines
None.

Example
The following command enables denial of service protection.
enable cpu-dos-protect

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 499

Security Commands

enable cpu-dos-protect simulated

enable cpu-dos-protect simulated

Description
Enables simulated denial of service protection.

Syntax Description
There are no arguments or variables for this command.

Default
Default is disabled.

Usage Guidelines
When simulated denial of service protection is enabled, no ACLs are created. This mode is useful to
gather information about normal traffic levels on a switch. This will assist in configuring denial of
service protection so that legitimate traffic is not blocked.

Example
The following command enables simulated denial of service protection.
enable cpu-dos-protect simulated

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

500 ExtremeWare 7.3e Command Reference Guide

 enable dhcp ports vlan

enable dhcp ports vlan

enable dhcp ports <portlist> vlan <vlan name>

Description
Enables DHCP on a specified port in a VLAN.

Syntax Description

portlist Specifies the ports for which DHCP should be disabled.

vlan name Specifies the VLAN on whose ports DHCP should be disabled.

Default
N/A.

Usage Guidelines
The DHCP server should be used with Network Login and not as a stand-alone DHCP server.

Example
The following command enables DHCP for port 9 in VLAN corp:
enable dhcp ports 9 vlan corp

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 501

Security Commands

enable enhanced-dos-protect
enable enhanced-dos-protect {rate-limit | ipfdb} {ports [<portlist> | all]}

Description
Enables enhanced denial of service protection globally or for selected ports.

Syntax Description

rate-limit Enables software rate limiting.

ipfdb Enables the IPFDB learning qualifier, resulting in reduction of IPFDB
thrashing.
portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots a nd ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.
all Specifies all ports.

Default
Default is disabled.

Usage Guidelines
Use the rate-limit keyword in this command to lower the percentage of slow path traffic being sent to
the CPU. Verify the enabled/disabled status by using the show enhanced-dos-protect rate-limit
command.
Use the ipfdb keyword in this command to prevent IPFDB thrashing. Verify the enabled/disabled
status by using the show enhanced-dos-protect ipfdb command.

Example
The following command enables enhanced denial of service protection rate limiting for all ports.
enable enhanced-dos-protect rate-limit ports all
The following command globally enables the enhanced denial of service protection IPFDB learning
qualifier.
enable enhanced-dos-protect ipfdb

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

502 ExtremeWare 7.3e Command Reference Guide

 enable netlogin

enable netlogin
enable netlogin [web-based | dot1x]

Description
Enables Network Login authentication modes.

Syntax Description

web-based Specifies web-based authentication.

dot1x Specifies 802.1x authenticating.

Default
Both types of authentication are enabled.

Usage Guidelines
Both types, either type, or no type of authentication can be enabled on the same switch. To disable an
authentication mode, use the following command:
disable netlogin [web-based | dot1x]

This command was first introduced as enable netlogin, which enabled the initial version of Network
Login, the web-based mode. The original command was subsequently deprecated when the 802.1x
mode of Network Login was introduced in ExtremeWare 7.1.0. The deprecated version of the command
is temporarily supported in configurations. During an upgrade, the deprecated command:

enable netlogin

will be interpreted as:

enable netlogin web-based

enable netlogin dot1x

Example
The following command enables web-based Network Login:
enable netlogin web-based

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 503

Security Commands

enable netlogin logout-privilege

enable netlogin logout-privilege

Description
Enables Network Login logout pop-up window.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command controls the logout window pop-up on the web-based network client. This command
applies only to the web-based authentication mode of Network Login.

Example
The following command enables Network Login logout-privilege:
enable netlogin logout-privilege

History
This command was first available in ExtremeWare 7.2e

Platform Availability
This command is available on the “e” series platforms.

504 ExtremeWare 7.3e Command Reference Guide

 enable netlogin ports

enable netlogin ports

enable netlogin ports <portlist> vlan <vlan name>

Description
Enables Network Login on a specified port in a VLAN.

Syntax Description

portlist Specifies the ports for which netlogin should be enabled.

vlan name Specifies the VLAN on whose ports netlogin should be enabled.

Default
N/A.

Usage Guidelines
The VLAN you specify must exist and include the specified ports prior to enabling Network Login.
Only untagged ports are allowed to be configured for Network Login.

For campus mode login with web-based clients, the following conditions must be met:
• A DHCP server must be available, and a DHCP range must be configured for the port or ports in the
VLAN on which you want to enable Network Login.
• The switch must be configured as a RADIUS client, and the RADIUS server must be configured to
enable the Extreme Network Login capability.

For ISP mode login, no special conditions are required. A RADIUS server must be used for
authentication.

Network Login is used on a per port, per VLAN basis.In this case, Network Login can be enabled on
one port for each VLAN.

Windows authentication is not supported via Network Login.

Example
The following command configures Network Login on port 9 in VLAN corp:
enable netlogin ports 9 vlan corp

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 505

Security Commands

enable netlogin session-refresh

enable netlogin session-refresh {<minutes>}

Description
Enables Network Login session refresh.

Syntax Description

minutes Specifies the session refresh time for Network Login in minutes.

Default
Disabled, with a value of three minutes for session refresh.

Usage Guidelines
Network Login sessions can refresh themselves after a configured timeout. After the user has been
logged in successfully, a logout window opens which can be used to close the connection by clicking on
the LogOut link. Any abnormal closing of this window is detected on the switch and the user is logged
out after a time interval as configured for session refresh. The session refresh is enabled and set to three
minutes by default. The value can range from 1 to 255 minutes. When you configure the Network Login
session refresh for the logout window, ensure that the FDB aging timer is greater than the Network
Login session refresh timer.

This command applies only to the web-based authentication mode of Network Login.

Use this command without the minutes parameter to reset the session refresh value to the default.

Example
The following command enables Network Login session refresh and sets the refresh time to ten
minutes:
enable netlogin session-refresh 10

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

506 ExtremeWare 7.3e Command Reference Guide

 enable radius

enable radius
enable radius

Description
Enables the RADIUS client on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
When enabled, all web and CLI logins are sent to the RADIUS servers for authentication. When used
with a RADIUS server that supports ExtremeWare CLI authorization, each CLI command is sent to the
RADIUS server for authorization before it is executed.

Example
The following command enables RADIUS authentication for the switch:
enable radius

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 507

Security Commands

enable radius-accounting
enable radius-accounting

Description
Enables RADIUS accounting.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
The RADIUS client must also be enabled.

Example
The following command enables RADIUS accounting for the switch:
enable radius-accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

508 ExtremeWare 7.3e Command Reference Guide

 enable ssh2

enable ssh2
enable ssh2 {access-profile [<access profile> | none]} {port
<tcp_port_number>}

Description
Enables SSH2 server to accept incoming sessions from SSH2 clients.

Syntax Description

access profile Specifies an access profile.

none Cancels a previously configured access profile.
port Specifies a TCP port number. The default is port 22.

Default
The SSH2 feature is disabled by default.

Usage Guidelines
SSH2 enables the encryption of session data. You must be logged in as an administrator to enable SSH2,
and you must obtain and enter a Security License Key to enable the SSH2 feature. To obtain a Security
License Key, access the Extreme Networks website.

You can specify a list of predefined clients that are allowed SSH2 access to the switch. To do this, you
must create an access profile that contains a list of allowed IP addresses. To create an access profile, use
the create access-profile command. To configure an access profile, use the configure
access-profile add command.

Use the none option to cancel a previously configured access profile.

Use the port option to specify a TCP port number other than the default.

To view the status of SSH2 sessions on the switch, use the show management command. The show
management command displays information about the switch including the enable/disable state for
SSH2 sessions.

Example
The following command enables the SSH2 feature, with access allowed based on the access profile
management:
enable ssh2 access-profile management

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 509

Security Commands

enable tacacs
enable tacacs

Description
Enables TACACS+ authentication.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
After they have been enabled, all web and CLI logins are sent to one of the two TACACS+ servers for
login name authentication and accounting.

Example
The following command enables TACACS+ user authentication:
enable tacacs

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

510 ExtremeWare 7.3e Command Reference Guide

 enable tacacs-accounting

enable tacacs-accounting
enable tacacs-accounting

Description
Enables TACACS+ accounting.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
If accounting is used, the TACACS+ client must also be enabled.

Example
The following command enables TACACS+ accounting for the switch:
enable tacacs-accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 511

Security Commands

enable tacacs-authorization
enable tacacs-authorization

Description
Enables CLI command authorization.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
When enabled, each command is transmitted to the remote TACACS+ server for authorization before
the command is executed.

Example
The following command enables TACACS+ command authorization for the switch:
enable tacacs-authorization

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

512 ExtremeWare 7.3e Command Reference Guide

 enable trusted-mac-address

enable trusted-mac-address
enable trusted-mac-address {vlan <vlan_name>}

Description
Enables the trusted-MAC feature at either the global level or at a VLAN level.

Syntax Description

vlan_name Specifies the name of a VLAN on which to enable the trusted-MAC feature.

Default
Disabled

Usage Guidelines
Use this command to enable the trusted-MAC feature at either the global level or at a VLAN-specific
level. If you specify the command without the VLAN option, the trusted-MAC feature is enabled for
VLAN-specific configurations. By disabling this feature with the disable trusted-mac-address
command does not remove the previous port-specific information.

To enable the feature globally, enter:

enable trusted-mac-address

To enable and activate trusted-MAC on an individual VLAN, enter:

enable trusted-mac-address vlan <vlan name

Example
The following command enables the trusted-MAC feature globally on the corp VLAN:

enable trusted-mac-address vlan corp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 513

Security Commands

enable web
enable web

Description
Enables both HTTP access to the switch and HTTPS on the default ports.

Syntax Description
This command has no parameters or variables.

Default
Enabled

Usage Guidelines
Use this command to enable HTTP and HTTPS access to the switch web pages on the default ports. The
default port for HTTP is port (80) and HTTPS is port (443).

Example
The following command enables HTTP and HTTPS on the default port:

enable web

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

514 ExtremeWare 7.3e Command Reference Guide

 enable web http

enable web http

enable web http

Description
Enables HTTP access to the switch on the default HTTP port (80).

Syntax Description
This command has no parameters or variables.

Default
Enabled

Usage Guidelines
Use this command to enable HTTP access to the switch web pages.

Example
The following command enables HTTP on the default port:

enable web http

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 515

Security Commands

enable web http access-profile

enable web http access-profile <[none | <access-profile>] port <port
number>

Description
Allows HTTP access on the specified (non-default) port.

Syntax Description

none Specifies to not to use an access-profile when accessing HTTP.

access-profile Specifies the name of an access-profile to use when accessing HTTP.
port number Specifies the port number to use to access HTTP.

Default
N/A

Usage Guidelines
Use this command to set up an access profile for a particular port number to restrict HTTP usage.

Example
The following example enables HTTP access using the access-profile named open_web on port 120:

enable web http access-profile open_web port 120

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

516 ExtremeWare 7.3e Command Reference Guide

 enable web https

enable web https

enable web https

Description
Enables secure HTTP access (HTTPS) to the switch on the default HTTPS port (443).

Syntax Description
This command has no parameters or variables.

Default
Enabled

Usage Guidelines
Use this command to allow users to connect using a more secure HTTPS connection.

Example
The following command enables HTTPS on the default port:

enable web https

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 517

Security Commands

enable web https access-profile

enable web https access-profile <[none | <access-profile>] port <port
number>

Description
Allows HTTPS access on the specified (non-default) port.

Syntax Description

none Specifies to not to use an access-profile when accessing HTTPS.

access-profile Specifies the name of an access-profile to use when accessing HTTPS.
port number Specifies the port number to use to access HTTPS.

Default
N/A

Usage Guidelines
Use this command to set up an access profile for a particular port number to restrict HTTPS usage.

Example
The following example enables HTTPS access using the access-profile named secure_web on port 120:

enable web https access-profile secure_web port 120

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

518 ExtremeWare 7.3e Command Reference Guide

 scp2

scp2
scp2 {cipher [3des | blowfish]} {port <portnum>} {debug <debug_level>}
<user>@ [<hostname> | <ipaddress>] :<remote_file> [configuration
{incremental} | image [primary | secondary] | bootrom]

Description
Initiates an SCP2 client session to a remote SCP2 server and copies a file from the remote system to the
switch.

Syntax Description

3des Specifies that the 3des cipher should be used for encryption. This is the
default.
blowfish Specifies that the blowfish cipher should be used for encryption.
portnum Specifies the TCP port number to be used for communicating with the SSH2
client. Default is port 22.
debug_level Specifies a debug level. Default is 0.
user Specifies a login name for the remote host.
host Specifies the name of the remote host.
ipaddress Specifies the IP address of the remote host.
remote file Specifies the name of the remote file to be copied to the switch.
configuration Specifies that the copied file is a switch configuration file. It the incremental
option is not specified, it replaces the current switch configuration.
incremental Specifies that the copied file should be handled like an incremental
configuration download (only the commands in the file are executed).
image Specifies that the copied file is an ExtremeWare image.
primary Specifies that the image should be placed in the primary image area.
secondary Specifies that the image should be placed in the secondary image area.
bootrom Specifies that the copied file is a bootrom image.

Default
N/A.

Usage Guidelines
You must be running a security-enabled version of ExtremeWare 7.2e or later (which is under Export
Control) in order to use the SCP2 command.
SSH2 does not need to be enabled on the switch in order to use this command.

This command logs into the remote host as <user> and accesses the file <remote_file>. You will be
prompted for a password from the remote host, if required.

ExtremeWare 7.3e Command Reference Guide 519

Security Commands

CAUTION

You can download a configuration to an Extreme Networks switch using SCP. If you do this, you cannot
save this configuration. If you save this configuration and reboot the switch, the configuration will be
corrupted.

Example
The following command copies a configuration file from the file configpart1.save on host system1 to the
switch as an incremental configuration:
scp2 admin@system1:configpart1.save configuration incremental

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

520 ExtremeWare 7.3e Command Reference Guide

 scp2 configuration

scp2 configuration
scp2 {cipher [3des | blowfish]} {port <portnum>} {debug <debug_level>}
configuration <user>@ [<hostname> | <ipaddress>]:<remote_file>

Description
Copies the configuration file from the switch to a remote system using SCP2.

Syntax Description

3des Specifies that the 3des cipher should be used for encryption. This is the
default.
blowfish Specifies that the blowfish cipher should be used for encryption.
portnum Specifies the TCP port number to be used for communicating with the SSH2
client. Default is port 22.
debug_level Specifies a debug level. Default is 0.
user Specifies a login name for the remote host.
host Specifies the name of the remote host.
ipaddress Specifies the IP address of the remote host.
remote file Specifies the name of the file to be created on the remote host.

Default
N/A.

Usage Guidelines
You must be running a security-enabled version of ExtremeWare 7.2e or later (which is under Export
Control) in order to use the SCP2 command.
SSH2 does not need to be enabled on the switch in order to use this command. (SSH2 is enabled by
default if you are running a security-enabled version of ExtremeWare).

This command logs into the remote host as <user> and creates the file <remote_file>.

Example
The following command copies the switch configuration and saves it as file config1.save on host system1:
scp2 configuration admin@system1:config1.save

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 521

Security Commands

show access-list
show access-list {<name> | port <portlist>}

Description
Displays access list information and real-time statistics.

Syntax Description

name Specifies the name of an access list to be displayed.

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
Shows information for all access lists.

Usage Guidelines
To verify access list settings, you can view the access list configuration and see real-time statistics on
which access list entries are being accessed when processing traffic.

Example
The following command shows information on all current the access lists:
show access-list

It produces output similar to the following:

#show access-list
Access-List Access-mask Vlan QoS Flags
a2 f2 DM-D
a1 f1 QP5 DI-IP-P
Flags: DM=Dest MAC, SM=Source MAC, ET=Ether Type,
T=TOS, C=Code Point, I=IP Protocol
DI=Dest IP, SI=Src IP, D4=Dest L4 Port, S4=Src L4 Port
MT=ICMP Type, MC=ICMP Code, EP=Egress Port, IP=Ingress Port
E=Permit Established, P=Permit, D=Deny, Q=Qosprofile
SC=Set Code-Point, SD=Set Dot.1p
#show access-list a1
Access-list with name "a1" created by user
Access-mask: "f1"
MAC:
IP/mask:L4port: dest-ip=11.11.11.0/24:---- source-ip=none/--:----
Layer 2:
Layer 3/4:

522 ExtremeWare 7.3e Command Reference Guide

 show access-list

Egress Port:
Ingress Ports: 2 3 4 5
In Profile: permit QOS=QP5
#show access-list port 2
Access-list "a1"
Access-mask: "f1"
MAC:
IP/mask:L4port: dest-ip=11.11.11.0/24:---- source-ip=none/--:----
Layer 2:
Layer 3/4:
Egress Port:
Ingress Ports: 2 3 4 5
In Profile: permit QOS=QP5

The following command shows real-time access list statistics for ingress ports 5-7:
show access-list port 5-7

The following command shows information for access list test1:

show access-list test1

The command generates output similar to the following:

test1
Protocol: ip Action: permit qp1
Destination: 0.0.0.0/0 any
Source: any any
Precedence: 0
Rule Number: 0
Hit Count: 4566 Flags: ac
Ports:
any

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 523

Security Commands

show access-mask
show access-mask {<name>}

Description
Displays information about a specific access mask or all access masks.

Syntax Description

name Specifies an access mask name.

Default
N/A

Usage Guidelines
None.

Example
The following example creates an access mask called MyIpMask. The show access-mask command
generates output similar to the following:
* Summit400-48t:38 # create access-mask MyIpMask
* Summit400-48t:39 # show MyIpMask
Access-mask with name "MyIpMask" created by user
MAC:
IP/mask:L4port:
Layer 2:
Layer 3/4:
Ports:
Precedence:
ACL/Rate-limit:

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

524 ExtremeWare 7.3e Command Reference Guide

 show access-profile

show access-profile
show access-profile {<access profile>}

Description
Displays access-profile related information for the switch.

Syntax Description

access profile Specifies an access profile.

Default
Shows all access profile information for the switch.

Usage Guidelines
None.

Example
The following command displays access-profile related information for access profile nosales:
show access-profile nosales

History

This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 525

Security Commands

show arp-learning vlan

show arp-learning vlan <vlan name>

Description
Displays the ARP-learning feature on a port in the given vlan.

Syntax Description
vlan name Specifies the vlan to which the rule applies.

Default
By default, arp-learning is enabled.

Usage Guidelines
None.

Example
N/A.

History
This command was first available in ExtremeWare 7.3.

Platform Availability
This command is available on all platforms.

526 ExtremeWare 7.3e Command Reference Guide

 show arp-learning vlan ports

show arp-learning vlan ports

show arp-learning vlan <vlan name> port <portlist>

Description
Displays the ARP-learning configuration for a port in the given vlan.

Syntax Description
vlan name Specifies the vlan to which the rule applies.
portlist Specifies the ports to which the rule applies.

Default
By default, arp-learning is enabled.

Usage Guidelines
The first column of the show output displays the configuration of the VLAN and port. The second
column of the output display the ARP learning configuration on that port.

Example
The following example displays the arp-learning configuration on vlan1:

* Summit400-48t:55 #show arp-learning vlan1 ports all

(Vlan,Port)-Arp Learning (Port)-Arp learning
-------------------------- ------------------------
[vlan1 ,3 ]-Enabled [3 ]-Enabled

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 527

Security Commands

show auth
show auth

Description
Displays the current authentication and accounting servers configured for management and netlogin
sessions.

Syntax Description
There are no arguments or variables for this command.

Default
N/A

Usage Guidelines
The output from this command displays the information about the type of authentication and
accounting used by the primary and secondary servers that are configured for that particular type of
session.

Example
The following example displays the authentication information:
show auth

The output of the command is similar to:

Session Type : mgmt-access

Authentication Server Type : Radius
Primary Authentication Server : 12.16.1.2
Secondary Authentication Server : None
Primary Accounting Server : None
Secondary Accounting Server : None

Default configuration :
Using Radius servers for Authentication/Accounting
Primary Authentication Server : 172.16.1.2

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on all platforms.

528 ExtremeWare 7.3e Command Reference Guide

 show cpu-dos-protect

show cpu-dos-protect
show cpu-dos-protect [ports <portnumber>]

Description
Displays the status of denial of service protection for a particular port or for the entire switch.

Syntax Description

portnumber Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
The output of this command only has valid values when the CPU DoS protection is enabled.

Example
The following command displays the status of denial of service protection on port 1.
show cpu-dos-protect

Following is the output from this command:

The output from this command follows:

* ex160:22 # sh cpu-dos-protect ports 1

Cpu dos protect: enabled

Port L3Miss L3Err Bcast IpUnkMcast Learn Curr Int Cfg Thr Cfg Int Pass
______________________________________________________________________
1 150 150 150 150 150 1 150 1 3

Trusted ports: none

The output of this show command displays the following information, which can help you analyze the
type of activity coming across the port to the CPU:

• The status of DoS Protection on the port

• Layer 3 miss to the CPU
These are packets that do not have corresponding IPFDB entries on VLANs, which are enabled for IP
forwarding. Packets that are unicasted to the CPU IP are also considered in this category.
• Layer 3 error
These are IP packets with options, IPMC packets (but not class D address) with checksum errors,
and non-IP packets.
• Broadcast traffic

ExtremeWare 7.3e Command Reference Guide 529

Security Commands

• IP multicast unknown
These are IPMC packets that do not have corresponding IPMC FDB entries.
• Learning packets
These are packets that do not have a corresponding FDB entries.
• Current interval
The current time interval, less than or equal to the configured interval.
• Configured alert threshold
The maximum number of packets that can be sent to the CPU. This variable is equal to the configured
interval parameter in seconds for each traffic category.
• Configured interval
• Free pass indicator (Zero in this field indicates a free pass for three intervals after the port comes
up.)
• Trusted port status

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

530 ExtremeWare 7.3e Command Reference Guide

 show enhanced-dos-protect

show enhanced-dos-protect
show enhanced-dos-protect [rate-limit | ipfdb] ports [<portlist> | all]

Description
Displays the status of the enhanced denial of service protection feature.

Syntax Description

rate-limit Displays rate limiting configuration.

ipfdb Displays IPFDB learning qualifier configuration.
portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots a nd ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.
all Specifies all ports.

Default
N/A.

Usage Guidelines
The output from this command displays status of the following enhanced denial of service protection
conditions:
• Enabled/Disabled
• Max. entries
• Current entries
• List of trusted/untrusted ports
• Rate limiting configuration
• Packet filtering statistics

Example
The following command shows global enhanced denial of service protection rate limit information:
show enhanced-dos-protect rate-limit

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 531

Security Commands

show netlogin
show netlogin {port <portlist> vlan <vlan name>}

Description
Shows status information for Network Login.

Syntax Description

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5, 1:5,
1:6-1:8.
vlan name Specifies the name of a VLAN.

Default
N/A.

Usage Guidelines
The information reported by this command is the following:
• Whether Network Login is enabled or disabled.
• The base-URL.
• The default redirect page.
• The logout privileges setting.
• The netlogin session-refresh setting and time.
• The MAC and IP address of supplicants
• The type of authentication, 802.1x or HTTP (web-based).

Example
The following command shows the summary Network Login information:
show netlogin

Following is the output from this command:

Netlogin Authentication Mode : web-based ENABLED ; 802.1x ENABLED

------------------------------------------------
Web-based Mode Global Configuration
------------------------------------------------
Base-URL : "network-access.net"
Default-Redirect-Page : "http://www.extremenetworks.com"
Logout-privilege : YES
Netlogin Session-Refresh : DISABLED ; 3 minutes
------------------------------------------------
------------------------------------------------
802.1x Mode Global Configuration
------------------------------------------------
Quiet Period : 60 secs

532 ExtremeWare 7.3e Command Reference Guide

 show netlogin

Client Response Timeout : 30 secs

Default Reauthentication Timeout : 3600 secs
Max. Number Authentication Failure : 3
Periodic Reauthentication : ENABLED
---------------------------------

Port: 13, Vlan: Default, State: Unauthenticated

MAC IP address Auth Type ReAuth-Timer User
00:B0:D0:90:2F:72 0.0.0.0 No 802.1x 12 Unknown
-------------------------------

Total Number of Authenticated MACs : 0

The following command shows the detailed Network Login information for the port 13 in the VLAN
Default:
show netlogin ports 13 "Default"

Following is the output from this command before authentication:

Port: 13 Vlan: Default
Port State: Unauthenticated
DHCP: Not Enabled

MAC IP address Auth Type ReAuth-Timer User

------------------------------------------------------------------
00:B0:D0:90:2F:72 0.0.0.0 No 802.1x 30 Unknown
Quiet Period Timer : 0 Num. Authentication Failed : 1
------------------------------------------------------------------

Following is the output from this same command after authentication:

Port: 13 Vlan: Default
Port State: Unauthenticated
DHCP: Not Enabled

MAC IP address Auth Type ReAuth-Timer User

------------------------------------------------------------------
00:B0:D0:90:2F:72 0.0.0.0 Yes 802.1x 3600 [email protected]
Quiet Period Timer : 0 Num. Authentication Failed : 0
------------------------------------------------------------------
IP address Auth Type User ReAuth-Timer

History
This command was modified to show the authentication type in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 533

Security Commands

show radius
show radius {<ipaddress> | <hostname>}

Description
Displays the current RADIUS client configuration and statistics.

Syntax Description
ipaddress Specifies to display RADIUS server information from the server with this IP
address.
hostname Specifies to display RADIUS server information from this host.

Default
N/A.

Usage Guidelines
The output from this command displays:
• The status of the RADIUS authentication and accounting (enabled or disabled)
• The statistics for the configured primary and secondary servers

If you specify the ipaddress option, configuration and statistics for that server is displayed.

Example
The following command displays the current RADIUS client configuration and statistics:
show radius

Following is the output from this command:

Radius: enabled
Radius Accounting: enabled
Radius Server Connect Timeout sec: 3

Primary radius server:

Server name: 172.17.1.123
IP address: 172.17.1.123
Server IP Port: 1645
Client address: 172.17.1.221
Shared secret:
Access Requests:0 Access Accepts:0 Access Rejects:0
Access Challenges:0 Access Retransmits:0 Client timeouts:0
Bad authenticators:0 Unknown types:0 Round Trip Time:0 sec(s)
Secondary radius server:
Server name: 172.17.1.123
IP address: 172.17.1.123
Server IP Port: 1645
Client address: 172.17.1.221
Shared secret:

534 ExtremeWare 7.3e Command Reference Guide

 show radius

Access Requests:3 Access Accepts:0 Access Rejects:0

Access Challenges:0 Access Retransmits:2 Client timeouts:0
Bad authenticators:0 Unknown types:0 Round Trip Time:0

Radius Acct Server Connect Timeout sec: 3

Primary radius accounting server:
Server name: 172.17.1.104
Client address: 172.17.1.221
Shared secret: lf|nki
Secondary radius accounting server:
Server name: 172.17.1.123
Client address: 172.17.1.221
Shared secret: lf|nki

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 535

Security Commands

show radius-accounting
show radius-accounting {[<ipaddress> | <hostname>]}

Description
Displays the RADIUS accounting client configuration and statistics.

Syntax Description
ipaddress Specifies to display RADIUS server information from the server with this IP
address.
hostname Specifies to display RADIUS server information from this host.

Default
N/A.

Usage Guidelines
The output from this command displays:
• The status of the RADIUS accounting (enabled or disabled)
• The statistics for the configured primary and secondary servers

If you specify the ipaddress option, configuration and statistics for that server is displayed.

Example
The following command displays RADIUS accounting client configuration and statistics:
show radius-accounting

Following is the output from this command:

Radius Accounting: enabled

Radius Acct Server Connect Timeout sec: 3
Primary radius accounting server:
Server name: 172.17.1.104
IP address: 172.17.1.104
Server IP Port: 1646
Client address: 172.17.1.221
Shared secret: lf|nki
Acct Requests:0 Acct Responses:0 Acct Retransmits:0 Timeouts:0
Secondary radius accounting server:
Server name: 172.17.1.123
IP address: 172.17.1.123
Server IP Port: 1646
Client address: 172.17.1.221
Shared secret: lf|nki
Acct Requests:0 Acct Responses:0 Acct Retransmits:0 Timeouts:0

536 ExtremeWare 7.3e Command Reference Guide

 show radius-accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 537

Security Commands

show rate-limit
show rate-limit {<name> | ports <portlist>}

Description
Displays information for a specific rate limit rule or for all rate limit rules.

Syntax Description

name Specifies the name of a rate limit rule.

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5, 1:5,
1:6-1:8.

Default
N/A.

Usage Guidelines
If you do not specify a rate limit name, information for all the rate limit rules are displayed.

Example
The following example displays all rate limit information configured for the switch:
#show rate-limit
Rate-limit Access-mask Vlan QoS Limit Port Flags
r1 f1 10 5 DI-IP-P-EC
r2 f3 3 3 IP-P-ED
Flags: DM=Dest MAC, SM=Source MAC, ET=Ether Type,
T=TOS, C=Code Point, I=IP Protocol
DI=Dest IP, SI=Src IP, D4=Dest L4 Port, S4=Src L4 Port
MT=ICMP Type, MC=ICMP Code, EP=Egress Port
P=Permit, Q=Qosprofile, SC=Set Code-Point, SD=Set Dot.1p
ED=Exceed Drop, EC=Exceed Set Code-Point

The next example shows information for the r1 rate limit:

#show rate-limit r1
Rate-Limit with name "r1" created by user
Access-mask: "f1"
MAC:
IP/mask:L4port: dest-ip=13.13.13.0/24:---- source-ip=none/--:----
Layer 2:
Layer 3/4:
Egress Port:
Ingress Ports: 5
In Profile: permit
Rate Limit: 10 Mbps
Out Profile: set code-point=0x2c

538 ExtremeWare 7.3e Command Reference Guide

 show rate-limit

The following example shows information for the rate limit configured on port 5:

#show rate-limit port 5

Rate-Limit "r1"
Access-mask: "f1"
MAC:
IP/mask:L4port: dest-ip=13.13.13.0/24:---- source-ip=none/--:----
Layer 2:
Layer 3/4:
Egress Port:
Ingress Ports: 5
In Profile: permit
Rate Limit: 10 Mbps
Out Profile: set code-point=0x2c

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 539

Security Commands

show security-profile
show security-profile {<name>}

Description
Displays the configured parameters of the security profile

Syntax Description

name Specifies the name of an existing RF profile to be deleted.

Usage Guidelines
Use this command to show security profiles currently configured on the platform and all values
associated with each security profile. If no security profile name is entered, configuration parameters for
all security profiles will be displayed.

Examples
The following command displays the configuration for the all profiles:

show security-profile

The output of the command is similar to:

Profile Name: Unsecure

ESS Name: fz-unsecure
Dot11 Authentication: open
Network Authentication: none
Encryption: none
User VLAN: Default
Use Dynamic VLAN: yes
SSID in Beacon: on
Interfaces: 180
1:1:2, 1:2:2, 1:3:2, 1:4:1, 1:4:2,
1:4:2, 1:5:1, 1:5:2, 1:5:2, 1:6:1,
1:6:2, 1:6:2, 1:7:1, 1:7:2, 1:7:2,
1:8:1, 1:8:2, 1:8:2, 1:9:1, 1:9:2,
1:9:2, 1:10:1, 1:10:2, 1:10:2, 1:11:1,
1:11:2, 1:11:2, 1:12:1, 1:12:2, 1:12:2,
1:13:1, 1:13:2, 1:13:2, 1:14:1, 1:14:2,
1:14:2, 1:15:1, 1:15:2, 1:15:2, 1:16:1,
1:16:2, 1:16:2, 1:17:1, 1:17:2, 1:17:2,
1:18:1, 1:18:2, 1:18:2, 1:19:1, 1:19:2,
1:19:2, 1:20:1, 1:20:2, 1:20:2, 1:21:1,
1:21:2, 1:21:2, 1:22:1, 1:22:2, 1:22:2,
1:23:1, 1:23:2, 1:23:2, 1:24:1, 1:24:2,
1:24:2, 1:25:1, 1:25:2, 1:25:2, 1:26:1,
1:26:2, 1:26:2, 1:27:1, 1:27:2, 1:27:2,
1:28:1, 1:28:2, 1:28:2, 1:29:1, 1:29:2,
1:29:2, 1:30:1, 1:30:2, 1:30:2, 1:31:1,
1:31:2, 1:31:2, 1:32:1, 1:32:2, 1:32:2,
2:1:1, 2:1:2, 2:2:2, 2:3:2, 2:4:1,

540 ExtremeWare 7.3e Command Reference Guide

 show security-profile

2:4:2, 2:4:2, 2:5:2, 2:5:2, 2:6:1,

2:6:2, 2:6:2, 2:7:1, 2:7:2, 2:7:2,
2:8:1, 2:8:2, 2:8:2, 2:9:1, 2:9:2,
2:9:2, 2:10:1, 2:10:2, 2:10:2, 2:11:1,
2:11:2, 2:11:2, 2:12:1, 2:12:2, 2:12:2,
2:13:1, 2:13:2, 2:13:2, 2:14:1, 2:14:2,
2:14:2, 2:15:1, 2:15:2, 2:15:2, 2:16:1,
2:16:2, 2:16:2, 2:17:1, 2:17:2, 2:17:2,
2:18:1, 2:18:2, 2:18:2, 2:19:1, 2:19:2,
2:19:2, 2:20:1, 2:20:2, 2:20:2, 2:21:1,
2:21:2, 2:21:2, 2:22:1, 2:22:2, 2:22:2,
2:23:1, 2:23:2, 2:23:2, 2:24:1, 2:24:2,
2:24:2, 2:25:1, 2:25:2, 2:25:2, 2:26:1,
2:26:2, 2:26:2, 2:27:1, 2:27:2, 2:27:2,
2:28:1, 2:28:2, 2:28:2, 2:29:1, 2:29:2,
2:29:2, 2:30:1, 2:30:2, 2:30:2, 2:31:1,
2:31:2, 2:31:2, 2:32:1, 2:32:2, 2:32:2,

Profile Name: open64wep

ESS Name: fz-open-wep-64
Dot11 Authentication: open
Network Authentication: none
Encryption: wep64
User VLAN: SKSPVlan
Use Dynamic VLAN: no
WEP Key 0: 3>:>?75<;5
Default WEP Key: 0
SSID in Beacon: on
Interfaces: 2
1:3:2, 2:5:1,

Profile Name: open128wep

ESS Name: fz-open-wep-128
Dot11 Authentication: open
Network Authentication: none
Encryption: wep128
User VLAN: SKSPVlan
Use Dynamic VLAN: no
WEP Key 0: 3>:>?75<;50>?=6343:2=;9>44
Default WEP Key: 0
SSID in Beacon: on
No interfaces bound to this security profile

Profile Name: shared64wep

ESS Name: fz-shared-wep-64
Dot11 Authentication: shared
Network Authentication: none
Encryption: wep64
User VLAN: VSA-DKSP
Use Dynamic VLAN: yes
WEP Key 0: 3>:>?75<;5
Default WEP Key: 0
SSID in Beacon: on

ExtremeWare 7.3e Command Reference Guide 541

Security Commands

Interfaces: 1
1:2:1,

Profile Name: shared128wep

ESS Name: fz-shared-wep-128
Dot11 Authentication: shared
Network Authentication: none
Encryption: wep128
User VLAN: VSA-DKSP
Use Dynamic VLAN: yes
WEP Key 0: 3>:>?75<;50>?=6343:2=;9>44
Default WEP Key: 0
SSID in Beacon: on
No interfaces bound to this security profile
History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

542 ExtremeWare 7.3e Command Reference Guide

 show ssl

show ssl
show ssl {detail}

Description
Displays the Secure Sockets Layer (SSL) configuration.

Syntax Description

detail Specifies to display the information in detailed format.

Usage Guidelines
Displays the following information:
• HTTPS port configured. This is the port on which the clients will connect.
• Result of a check to see whether the private key matches with the public key stored in the certificate.
• Length of RSA key (number of bits used to generate the private key)

Basic information about the stored certificate

The optional keyword detail, provides the same output as the show ssl command, plus the complete
certificate. Private key (in PEM format) will be displayed for users with administration privileges.

Examples
The following command displays the SSL configuration:

show ssl

The output of the command is similar to:

S300-24-FZ:2 # show ssl

HTTPS Port Number: 443
Private Key matches the Certificate's public key.
RSA Key Length: 1026
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=us, O=93673, CN=extr
Validity
Not Before: Jul 23 14:00:07 2004 GMT
Not After : Jul 23 14:00:07 2005 GMT
Subject: C=us, O=93673, CN=extr
S300-24-FZ:3 #

The following command displays the SSL configuration with the complete certificate.

show ssl detail

The output of the command is similar to:

ExtremeWare 7.3e Command Reference Guide 543

Security Commands

S300-24-FZ:3 # show ssl detail

HTTPS Port Number: 443
Private Key matches the Certificate's public key.
RSA Key Length: 1026
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=us, O=93673, CN=extr
Validity
Not Before: Jul 23 14:00:07 2004 GMT
Not After : Jul 23 14:00:07 2005 GMT
Subject: C=us, O=93673, CN=extr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1026 bit)
Modulus (1026 bit):
03:9e:69:d5:0f:2f:32:55:b8:c2:b4:bd:14:8d:42:
51:43:67:85:51:bb:03:ca:95:eb:1d:fc:7a:92:a0:
73:64:ab:f2:25:2c:9c:b9:a6:fb:30:6b:55:95:e4:
f6:fe:6f:44:fa:8c:79:51:87:53:eb:21:58:c2:4b:
9c:74:b8:be:59:70:19:f7:a9:9e:b4:89:fa:b3:77:
7f:0d:d8:e5:7c:59:27:ea:49:82:69:c3:13:7f:bc:
fe:d8:f9:2c:6d:e0:b6:a7:85:44:1e:34:6b:40:64:
a3:fc:61:85:3c:11:bd:2e:c5:53:25:f8:21:2e:4a:
42:d6:f7:47:17:cc:ec:d6:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
00:8b:4a:53:5b:13:59:3b:fc:f4:7a:17:58:92:3f:df:9c:4b:
f3:f0:f7:9f:b2:fe:48:d4:92:9e:d7:31:89:71:82:2e:d6:88:
ac:a7:72:dc:a5:48:35:26:75:aa:1d:0d:9c:40:94:7a:9f:56:
05:99:6b:1e:1f:e8:42:01:ec:6a:ea:29:f3:87:e2:af:07:b1:
8a:57:25:2a:10:84:ef:eb:69:17:cc:a1:81:e7:f8:b7:78:d2:
c2:50:f2:01:ea:84:0e:69:c2:72:e0:f4:6a:3d:29:6d:78:14:
10:85:5d:f7:53:ef:f7:ea:25:23:c5:a3:43:4b:4e:57:83:e7:
af:d4:c2
RSA Private key:
-----BEGIN RSA PRIVATE KEY-----
MIICXwIBAAKBgQOeadUPLzJVuMK0vRSNQlFDZ4VRuwPKlesd/HqSoHNkq/IlLJy5
pvswa1WV5Pb+b0T6jHlRh1PrIVjCS5x0uL5ZcBn3qZ60ifqzd38N2OV8WSfqSYJp
wxN/vP7Y+Sxt4LanhUQeNGtAZKP8YYU8Eb0uxVMl+CEuSkLW90cXzOzWSwIDAQAB
AoGBAUd0RyAX4aXVKdVy5BnOMCUwKTqrbPqlpTazMKw1VLRn5q5nJ3qj4DPMLLNP
/FIRCIO7NYKw3+PDpLkAuuuzBWwFWCkH0fwX/7XOgEaifwEE0eZcYQOeJ0+8d0sw
sfuzrdMMLCYJRZvAATv+auoOSAFz4HCthaH1wyk27sJY+bsJAkEB7osCIDLxCs+9
jhG4/aSUA5hEYtDXKGnmhHYVoveLeTJOssxK5xQf9IWGmXEwajZr8K6G3yaHmT5d
Re4AV9PnBwJBAd+Ou+TpzZNZcaNiSjSme+yhnX/KzXBLC8pl6Vd/Zd9k4ykYjRQT
wjWDz2vbgKlwBU38ZQkEjwbOZv5A16D94Z0CQQHQl8bnePP5tC/fx8aCgpqKxgF4
07lNvi9RQZ4R+3yL3zcPwdycOcvLa6WHgU56eaXt9ge+m/PHg08c4vpviCMBAkEA
zFvvBiX8TQaYvp9sL/Oia7yTeZna4jeY1q+HOJo5t3EuvJyRwjSJVnTNN5FaytnJ
6OndxHIE4Umj6kWHnjuSoQJBAJO53Wz8PztTHl5wkTiQ7Y/L7V41jCpDz0W4Kt0k
Ywn1pvjSPV9dIbqVhHgDMi5KdAF5ny2f8vgNZp8ZdwCrTCw=
-----END RSA PRIVATE KEY-----

544 ExtremeWare 7.3e Command Reference Guide

 show ssl

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 545

Security Commands

show tacacs
show tacacs {[<ipaddress> | <hostname>]}

Description
Displays the current TACACS+ configuration and statistics.

Syntax Description
ipaddress Specifies to display TACACS+ server information from the server with this IP
address.
hostname Specifies to display TACACS+ server information from this host.

Default
N/A.

Usage Guidelines
The output from this command displays:
• The status of the TACACS+ authentication and accounting servers
• The statistics for the configured primary and secondary servers

If you specify the ipaddress option, configuration and statistics for that server is displayed.

Example
The following command displays TACACS+ client configuration and statistics:
show tacacs

Following is the output from this command:

TACACS+: enabled
TACACS+ Authorization: enabled
TACACS+ Accounting: enabled
TACACS+ Server Connect Timeout sec: 3

Primary TACACS+ Server:

Server name: 172.17.1.104
IP address: 172.17.1.104
Server IP Port: 49
Client address: 172.17.1.220
Shared secret: lf|nki
Secondary TACACS+ Server:
Server name: 172.17.1.123
IP address: 172.17.1.123
Server IP Port: 49
Client address: 172.17.1.220
Shared secret: lf|nki

TACACS+ Acct Server Connect Timeout sec: 3

546 ExtremeWare 7.3e Command Reference Guide

 show tacacs

Primary TACACS+ Accounting Server:

Server name: 172.17.1.104
Client address: 172.17.1.220
Shared secret: lf|nki
Secondary TACACS+ Accounting Server:
Server name: 172.17.1.123
Client address: 172.17.1.220
Shared secret: lf|nki

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 547

Security Commands

show tacacs-accounting
show tacacs-accounting {[<ipaddress> | <hostname>]}

Description
Displays the current TACACS+ accounting client configuration and statistics.

Syntax Description
ipaddress Specifies to display TACACS+ accounting information from the server with this
IP address.
hostname Specifies to display TACACS+ accounting information from this host.

Default
N/A.

Usage Guidelines
The output from this command displays:
• The status of the TACACS+ accounting servers
• The statistics for the configured primary and secondary servers

If you specify the ipaddress option, configuration and statistics for that server is displayed.

Example
The following command displays TACACS+ accounting client configuration and statistics:
show tacacs-accounting

Following is the output from this command:

TACACS+ Accounting: enabled

TACACS+ Acct Server Connect Timeout sec: 3

Primary TACACS+ Accounting Server:

Server name: 172.17.1.104
IP address: 172.17.1.104
Server IP Port: 49
Client address: 172.17.1.220
Shared secret: lf|nki
Secondary TACACS+ Accounting Server:
Server name: 172.17.1.123
IP address: 172.17.1.123
Server IP Port: 49
Client address: 172.17.1.220
Shared secret: lf|nki

History
This command was first available in ExtremeWare 7.3e.

548 ExtremeWare 7.3e Command Reference Guide

 show tacacs-accounting

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 549

Security Commands

show trusted-mac-address
show trusted-mac-address [vlan <vlan_name>] [port <portlist>]

Description
Displays the status of the enabled and disabled keywords before displaying all of the configured
trusted-MAC addresses.

Syntax Description
vlan_name Specifies the name of the VLAN.
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
N/A.

Usage Guidelines
Use this command to display the status of the enabled and disabled keywords before displaying all of
the configured trusted-MAC addresses.

Example
The following command displays trusted-MAC address information for the corp VLAN:

show trusted-mac-address vlan corp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

550 ExtremeWare 7.3e Command Reference Guide

 show vlan security

show vlan security

show vlan <vlan_name> security

Description
Displays information about dynamic MAC addresses on a VLAN.

Syntax Description
vlan_name Specifies the name of the VLAN.

Default
N/A.

Usage Guidelines
None.

Example
The following example shows the security settings for a VLAN named vsa-dksp.
* S24-FZ:6 # show vlan vsa-dksp security
Port Limit State Appeared Learnt Blackholed Locked
1 Unlimited Unlocked 7 7 0 0
2 Unlimited Unlocked 4 4 0 0
3 Unlimited Unlocked 0 0 0 0
4 Unlimited Unlocked 2 2 0 0
5 Unlimited Unlocked 0 0 0 0
6 Unlimited Unlocked 4 4 0 0
25 Unlimited Unlocked 13 13 0 0
26 Unlimited Unlocked 0 0 0 0
* S24-FZ:7 #

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 551

Security Commands

ssh2
ssh2 {cipher [3des | blowfish]} {port <portnum>} {compression [on | off]}
{user <username>} {debug <debug_level>} {<username>@} [<host> |
<ipaddress>] {<remote command>}

Description
Initiates an SSH2 client session to a remote SSH2 server.

Syntax Description

3des Specifies that the 3des cipher should be used for encryption. This is the
default.
blowfish Specifies that the blowfish cipher should be used for encryption.
portnum Specifies the TCP port number to be used for communicating with the SSH2
client. Default is port 22.
compression on specifies that data is to be compressed.
off specifies that compression is not to be used. Default is off.
username Specifies a login name for the remote host, as an alternate to the user@host
parameter.
debug_level Specifies a debug level. Default is 0
username Specifies a login name for the remote host. May be omitted if it is the same as
the username on the switch.
host Specifies the name of the remote host
ipaddress Specifies the IP address of the remote host
remote command Specifies a command to be passed to the remote system for execution.
Remote commands are not supported on switches. This option is only valid if
the remote system is a system, such as a UNIX workstation, that can accept
remote commands.

Default
N/A.

Usage Guidelines
You must be running a security-enabled version of ExtremeWare 7.2e or later (which is under Export
Control) in order to use the SSH2 client command.
SSH2 does not need to be enabled on the switch in order to use this command.

Typically this command is used to establish a secure session to a remote switch. You will be prompted
for your password. Once you have logged in successfully, all ExtremeWare commands you enter will be
executed on the remote switch. When you terminate the remote session, commands will then resume
being executed on the original switch.

The remote command option cannot be used with Extreme Networks switches. If you include a remote
command, you will receive an error message.

552 ExtremeWare 7.3e Command Reference Guide

 ssh2

Example
The following command establishes an SSH2 session on switch engineering1:
ssh2 admin@engineering1

The following command establishes an SSH2 session with the switch Summit 400 over TCP port 2050
with compression enabled:

ssh2 port 2050 compression on admin@summit400

History
This command was first available in ExtremeWare 7.2e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 553

Security Commands

unconfigure auth mgmt-access

unconfigure auth mgmt-access

Description
Disables the remote authentication for management sessions.

Syntax Description
This command has no arguments or variables.

Default
Unconfigured

Usage Guidelines
None.

Example
unconfigure auth mgmt-access

History
This command was first available in ExtremeWare 7.3.

Platform Availability
This command is available on the “e” series platforms.

554 ExtremeWare 7.3e Command Reference Guide

 unconfigure auth netlogin

unconfigure auth netlogin

unconfigure auth netlogin

Description
Disables the remote authentication for netlogin sessions.

Syntax Description
This command has no arguments or variables.

Default
Unconfigured.

Usage Guidelines
None.

Example
unconfigure auth netlogin

History
This command was first available in ExtremeWare 7.3.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 555

Security Commands

unconfigure cpu-dos-protect
unconfigure cpu-dos-protect

Description
Resets denial of service protection configuration to default parameter values.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This command will not change whether denial of service protection is enabled or disabled. To enable or
disable denial of service protection, use the following commands:
enable cpu-dos-protect
disable cpu-dos-protect

The default values for the denial of service protection parameters are as follows:

• alert-threshold—4000 packets per second

• notice-threshold—4000 packets per second
• timeout—15 seconds
• messages—on (messages are sent to syslog)
• filter-precedence—10

Example
The following command resets the denial of service protection configuration to the default values:
unconfigure cpu-dos-protect

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

556 ExtremeWare 7.3e Command Reference Guide

 unconfigure enhanced-dos-protect ipfdb agingtime

unconfigure enhanced-dos-protect ipfdb agingtime

unconfigure enhanced-dos-protect ipfdb agingtime ports <portlist>

Description
Resets aging time configuration for enhanced denial of service protection to default values for the
selected ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots and ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
The default aging time is 30 seconds.

Usage Guidelines
Use this command to reset aging time to default values for selected untrusted ports. To verify
configuration, use the show enhanced-dos-protect ipfdb ports <portlist> command and view
data in the Aging column.

Example
The following command resets the aging time on port 2 to the default value, 30 seconds:
unconfigure enhanced-dos-protect ipfdb agingtime ports 2

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 557

Security Commands

unconfigure enhanced-dos-protect ipfdb cache-size

unconfigure enhanced-dos-protect ipfdb cache-size

Description
Resets the cache size for enhanced denial of service protection to default parameter values.

Syntax Description
This command has no arguments or variables.

Default
The default cache size value is 256 (in kilobytes).

Usage Guidelines
Enhanced DoS Protection maintains the number of IPFDB entries according to the cache-size limit. Use
this command to reset the cache size to the default of 256K.

Use the following command to set the cache-size to something other than the 256K default value:

configure enhanced-dos-protect ipfdb cache-size

Example
The following command resets the cache size to the 256K default value:
unconfigure enhanced-dos-protect ipfdb cache-size

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

558 ExtremeWare 7.3e Command Reference Guide

 unconfigure enhanced-dos-protect ipfdb learn-limit

unconfigure enhanced-dos-protect ipfdb learn-limit

unconfigure enhanced-dos-protect ipfdb learn-limit ports <portlist>

Description
Resets the learning limit for enhanced denial of service protection to default parameter values for the
selected ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots and ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
The default learn-limit on Fast Ethernet ports is 100 pkts/learn window.
The default learn-limit on Gigabyte ports is 100 pkts/learn window.

Usage Guidelines
Use this command to reset to default the learning limit value that defines the number of packets to be
counted before ExtremeWare can create an IPFDB entry in the hardware.

To configure the learning limit on untrusted ports for enhanced denial of service protection, use the
following command:

configure enhanced-dos-protect ipfdb learn limit

Usage Guidelines
Use this command to reset the learning limit value to the default number of packets being counted
before the software can create an entry in hardware.

Example
The following command resets the learn limit on Fast Ethernet port 3 to 100 packets within the learning
window before an IPFDB entry can be created:
unconfigure enhanced-dos-protect ipfdb learn-limit ports 3

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 559

Security Commands

unconfigure enhanced-dos-protect ipfdb learn-window

unconfigure enhanced-dos-protect ipfdb learn-window ports <portlist>

Description
Resets the learning window on untrusted ports for the enhanced denial of service protection IPFDB
learning qualifier to default values for the selected ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots and ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
The default learning window is 10 seconds.

Usage Guidelines
Use this command to reset the IPFDB learning window values for selected untrusted ports to the
default value of 10 seconds. To verify configuration, use the show enhanced-dos-protect ipfdb
ports <portlist> command.

Example
The following command resets the learning window on port 2 to the default value, 10 seconds:
unconfigure enhanced-dos-protect ipfdb learn-window ports 2

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the “e” series platforms.

560 ExtremeWare 7.3e Command Reference Guide

 unconfigure enhanced-dos-protect ports

unconfigure enhanced-dos-protect ports

unconfigure enhanced-dos-protect ports <portlist>

Description
Resets the enhanced denial of service protection to the default trusted value for selected ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. On a modular switch, can be a
list of slots and ports. On a stand-alone switch, can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
By default, ports are trusted.

Usage Guidelines
Use this command to reset the enhanced denial of service protection to the default value for selected
ports. The default value is trusted.

You can configure each port as trusted or untrusted by using the configure enhanced-dos-protect
ports command. A trusted port behaves as a normal port. An untrusted port behaves according to the
configuration parameter used in IPFDB thrashing.

Verify the status of each port by using the show enhanced-dos-protect ports <portlist>
command.

Example
The following command resets a range of ports to trusted, so that enhanced denial of service protection
is not applied to ports 2 through 4:
unconfigure enhanced-dos-protect ports 2-4

History
This command was first available in ExtremeWare 7.3s

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 561

Security Commands

unconfigure enhanced-dos-protect rate-limit

unconfigure enhanced-dos-protect rate-limit [threshold | drop-probability |
learn-window | protocol] ports <portlist>

Description
Removes ports from rate limiting or resets the rate limiting configuration for enhanced denial of service
protection to default parameter values for the selected ports.

Syntax Description

threshold Resets to the default value the number of packets allowed on a given port within the
learning window before the rate limit is applied. The default on Fast Ethernet ports is
100 pkts/learn window. The default on Gigabyte ports is 100 pkts/learn window.
drop-probability Resets to the default value the percentage of slow-path traffic to be dropped per port.
The default value is 50 percent.
learn-window Resets to the default value the number of seconds for the learning window per port.
This value is the duration of time to be considered to reach the rate limit threshold.
The default value is 10 seconds.
protocol [all | icmp] Resets to the default value the protocol packets to which rate limiting is applied. By
default, rate limiting is applied to Internet Control Message Protocol (ICMP) packets.
portlist Specifies one or more ports or slots and ports. On a modular switch, can be a list of
slots and ports. On a stand-alone switch, can be one or more port numbers. May be
in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
The default threshold on Fast Ethernet ports is 100 pkts/learn window.
The default threshold on Gigabyte ports is 100 pkts/learn window.
The default drop-probability is 50 percent.
The default learn-window value is 10 seconds.
Rate limiting is applied by default to ICMP packets.

Usage Guidelines
Use this command to remove ports from rate limiting, or reset the rate-limit threshold, drop probability,
learning window, or packet protocol. To verify settings, use the show enhanced-dos-protect
rate-limit command.

Example
The following command resets the rate limiting threshold on Fast Ethernet port 3 to the default value,
100 packets:
unconfigure enhanced-dos-protect rate-limit threshold ports 3
The following command resets the rate limiting drop probability on port 4 to the default value, 50
percent:
unconfigure enhanced-dos-protect rate-limit drop-probability ports 4

562 ExtremeWare 7.3e Command Reference Guide

 unconfigure enhanced-dos-protect rate-limit

The following command resets the rate limiting learn window on ports 2 and 3 to the default value, 10
seconds:
unconfigure enhanced-dos-protect rate-limit learn-window ports 2,3
The following command resets the rate limiting protocol to the default value, ICMP packet types, on
ports 1 through 3:
unconfigure enhanced-dos-protect rate-limit protocol ports 1-3
The following command removes ports 1 through 4 from rate limiting:
unconfigure enhanced-dos-protect rate-limit ports 1-4

History
This command was first available in ExtremeWare 7.3s

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 563

Security Commands

unconfigure radius
unconfigure radius {[primary | secondary] {server <ipaddress> |
<hostname>}}

Description
Unconfigures the RADIUS client configuration.

Syntax Description

primary Unconfigures the primary RADIUS server.

secondary Unconfigures the secondary RADIUS server.
ipaddress Specifies the IP address of the server being unconfigured.
hostname Specifies the host name of the server being unconfigured.

Default
Unconfigures both the primary and secondary authentication servers.

Usage Guidelines
None.

Example
The following command unconfigures the secondary RADIUS server for the client:
unconfigure radius server secondary

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

564 ExtremeWare 7.3e Command Reference Guide

 unconfigure radius-accounting

unconfigure radius-accounting
unconfigure radius-accounting {[primary | secondary] {server <ipaddress> |
<hostname>}}

Description
Unconfigures the RADIUS accounting client configuration.

Syntax Description

primary Unconfigures the primary RADIUS accounting server.

secondary Unconfigures the secondary RADIUS accounting server.
ipaddress Specifies the IP address of the server being unconfigured.
hostname Specifies the host name of the server being unconfigured.

Default
Unconfigures both the primary and secondary RADIUS accounting servers.

Usage Guidelines
None.

Example
The following command unconfigures the secondary RADIUS accounting server for the client:
unconfigure radius-accounting server secondary

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 565

Security Commands

unconfigure tacacs
unconfigure tacacs {[primary | secondary] {server [<ipaddress> |
<hostname>}}

Description
Unconfigures the TACACS+ client configuration.

Syntax Description

primary Unconfigures the primary TACACS+ server.

secondary Unconfigures the secondary TACACS+ server.
ipaddress Specifies the IP address of the server being unconfigured.
hostname Specifies the host name of the server being unconfigured.

Default
Unconfigures both the primary and secondary TACACS+ servers.

Usage Guidelines
None.

Example
The following command unconfigures all TACACS+ servers for the client:
unconfigure tacacs

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

566 ExtremeWare 7.3e Command Reference Guide

 unconfigure tacacs-accounting

unconfigure tacacs-accounting
unconfigure tacacs-accounting {[primary | secondary] server {<ipaddress> |
<hostname>}}

Description
Unconfigures the TACACS+ accounting client configuration.

Syntax Description

primary Unconfigures the primary TACACS+ accounting server.

secondary Unconfigures the secondary TACACS+ accounting server.
ipaddress Specifies the IP address of the server being unconfigured.
hostname Specifies the host name of the server being unconfigured.

Default
Unconfigures both the primary and secondary TACACS+ accounting servers.

Usage Guidelines
None.

Example
The following command unconfigures all TACACS+ accounting servers for the client:
unconfigure tacacs-accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 567

Security Commands

unconfigure vlan dhcp-address-range

unconfigure vlan <vlan-name> dhcp-address-range {<start-addr>}

Description
Clears the specified DHCP address range in the a VLAN.

Syntax Description

vlan-name Specifies the name of the VLAN to be unconfigured.

dhcp-address-range Specifies that DHCP address range to be unconfigured.
start-addr (Optional) Specifies the starting address of the DHCP address range to be
unconfigured.

Default
N/A.

Usage Guidelines
Use this command to unconfigure, or clear, the specified DHCP address in a VLAN.
A VLAN can have multiple DHCP address ranges; therefore, the start-addr parameter identifies the
DHCP address range for which the clearing needs to be done.
The DHCP address range is identified as the one whose starting IP address is the same as start-addr.
If start-addr is not provided, then the primary DHCP address range will be unconfigured.

Examples
Consider a VLAN named test with a primary subnet 40.0.0.x/24 and a secondary subnet 50.0.0.x/24.
Assume that for the primary subnet a DHCP address range is configured ranging from 40.0.0.5 -
40.0.0.40. Similarly, for the secondary subnet the DHCP address range is configured ranging from
50.0.0.5 - 50.0.0.40.

To unconfigure the DHCP Address range of the primary subnet, issue the following command:

unconfigure vlan test dhcp-address-range

To unconfigure the DHCP Address range with the start-addr as 50.0.0.5, issue the following command

unconfigure vlan test dhcp-address-range 50.0.0.5

NOTE
You can configure multiple DHCP address ranges for a VLAN. The start-addr option in the command
(50.0.0.5 in this example) specifies the exact DHCP address range for which the command applies. If
the last option is not specified, the command is applied for the primary subnet.

568 ExtremeWare 7.3e Command Reference Guide

 unconfigure vlan dhcp-address-range

History
This command has been modified so that clearing of the secondary or remote address ranges is possible
(through the addition of the parameter start-addr). This enhanced command was made available in
ExtremeWare 7.3.0.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 569

Security Commands

unconfigure vlan dhcp-options

unconfigure vlan <vlan-name> dhcp-options {<start-addr>}

Description
Clears the DHCP options for the specified address range in a VLAN.

Syntax Description

vlan-name Specifies the name of the VLAN to be unconfigured.

dhcp-options Specifies that DHCP options are to be unconfigured.
start-addr (Optional) Specifies the starting address of the range for which DHCP options
are to be unconfigured.

Default
N/A.

Usage Guidelines
Use this command to unconfigure, or clear, the DHCP options for the specified address range in a
VLAN.
A VLAN can have multiple DHCP address ranges; therefore, the start-addr parameter identifies the
DHCP address range that requires clearing of DHCP options.
The DHCP address range is identified as the range whose starting IP address is the same as
start-addr. If start-addr is not provided, then the DHCP options for the primary address range will
be cleared.

To configure DHCP options for the specified address range in a VLAN, use the following command:

configure vlan dhcp-options

Examples
Consider a VLAN named test with a primary subnet 40.0.0.x/24 and a secondary subnet 50.0.0.x/24.
Assume that for the primary subnet a DHCP address range is configured ranging from 40.0.0.5 -
40.0.0.40.

Similarly, for the secondary subnet the DHCP address range is configured ranging from 50.0.0.5 -
50.0.0.40. Assume that for the DHCP Address range 40.0.0.5 - 40.0.0.40 the DHCP gateway is configured
as 40.0.0.90. Similarly, assume that for the DHCP address range 50.0.0.5 - 50.0.0.40 the DHCP gateway
is configured as 50.0.0.90.

To unconfigure the DHCP options for the primary subnet, issue the following command:

unconfigure vlan test dhcp-options

To unconfigure the DHCP options for the DHCP address range starting from 50.0.0.5, issue the
following command:

unconfigure vlan test dhcp-options 50.0.0.5

570 ExtremeWare 7.3e Command Reference Guide

 unconfigure vlan dhcp-options

NOTE
You can configure multiple DHCP address ranges for a VLAN. The start-addr option in the command
(50.0.0.5 in this example) specifies the exact DHCP address range for which the command applies. If
the last option is not specified, the command is applied for the primary subnet.

History
This command has been modified so that clearing the DHCP options for secondary or remote subnets is
possible (through the addition of the parameter start-addr). This enhanced command was made
available in ExtremeWare 7.3.0.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 571

Security Commands

572 ExtremeWare 7.3e Command Reference Guide

11 Configuration and Image Commands

This appendix describes the following commands:

• Commands related to downloading and using a new switch software image
• Commands related to saving, uploading, and downloading switch configuration information
• Commands related to the BootROM and switch rebooting

The switch software image contains the executable code that runs on the switch. An image comes
preinstalled from the factory. The image can be upgraded by downloading a new version from a Trivial
File Transfer Protocol (TFTP) server on the network.

A switch can store up to two images; a primary and a secondary image. You can download a new
image into either one of these, and you can select which image will load on the next switch reboot.

The configuration is the customized set of parameters that you have selected to run on the switch. As
you make configuration changes, the new settings are stored in run-time memory. To retain the settings,
and have them load when you reboot the switch, you must save the configuration to nonvolatile
storage.

A switch can store two different configurations: a primary and a secondary configuration. You can select
to which configuration you want the changes saved, and which configuration will be used on the next
switch reboot.

The BootROM initializes certain important switch variables during the switch boot process. In specific
situations, the BootROM can be upgraded by download from a TFTP server on the network.

ExtremeWare 7.3e Command Reference Guide 573

Configuration and Image Commands

configure download server

configure download server [primary | secondary] [<ip address> | <hostname>]
<filename>

Description
Configures the TFTP server(s) used by a scheduled incremental configuration download.

Syntax Description

primary Specifies that the following parameters refer to the primary TFTP server.
secondary Specifies that the following parameters refer to the secondary TFTP server.
ip address Specifies the IP address of the TFTP server from which the configuration
should be obtained.
hostname Specifies the hostname of the TFTP server from which the configuration
should be obtained.
filename Specifies the filename on the server that contains the configuration to be
downloaded.

Default
N/A.

Usage Guidelines
This command must be executed before scheduled configuration downloads can be performed.

Use of the <hostname> parameter requires that DNS be enabled.

Example
The following command specifies that scheduled incremental downloads into the primary configuration
space be done from the server named tftphost, from the ASCII file primeconfig.txt (residing in directory
\configs\archive on the server).
configure download server primary tftphost \configs\archive\prime_config.txt

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

574 ExtremeWare 7.3e Command Reference Guide

 download bootrom

download bootrom
download bootrom [<ip address> | <hostname>] <filename>

Description
Downloads a BootROM image from a TFTP server after the switch has booted. The downloaded image
replaces the BootROM in the onboard FLASH memory.

Syntax Description

ip address Specifies the IP address of the TFTP server.

hostname Specifies the hostname of the TFTP server.
filename Specifies name of the file on the server that contains the bootROM image.

Default
N/A.

Usage Guidelines
Upgrade the BootROM only when asked to do so by an Extreme Networks technical representative.

If this command does not complete successfully it could prevent the switch from booting. In the event
the switch does not boot properly, some boot option functions can be accessed through a special
BootROM menu (see Upgrading and Accessing BootROM).

Use of the <hostname> parameter requires that DNS be enabled.

Example
The following command downloads a bootROM image from the tftp server tftphost from the file
bootimages (residing in directory \images on the server):
download bootrom tftphost \images\bootimage

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 575

Configuration and Image Commands

download configuration
download configuration [<ip address> | <hostname>] <filename> {incremental}

Description
Downloads a previously saved ASCII configuration file from a specific TFTP server host.

Syntax Description

ip address Specifies the IP address of the TFTP server from which the configuration
should be obtained.
hostname Specifies the hostname of the TFTP server from which the configuration
should be obtained.
filename Specifies the path and filename of a saved ASCII configuration.
incremental Specifies an incremental configuration download (v 6.0 or later).

Default
N/A.

Usage Guidelines
Unless you specify the incremental keyword, this command does a complete download, resetting the
current switch configuration and replacing it with the new downloaded configuration. You will be
prompted to reboot the switch after the download is complete. If you do not reboot when prompted, the
switch views the configuration file as corrupted and the next time you reboot the switch prompts you to
reset to the factory defaults.

Use the incremental keyword to specify an incremental or partial configuration download. In this case,
the commands specified in the incremental download file are executed, but configuration settings not
specified in the file are left intact. No reboot is required.

The new configuration information is stored in switch runtime memory, and is not retained if the switch
has a power failure. After the switch has rebooted, you should save the configuration to the primary or
secondary configuration area to retain it through a power cycle. You can include a save command at the
end of the configuration file to have the save done at the end of the download.

The file on the server is assumed to be located relative to the TFTP server base directory. You can
specify a path as part of the file name.

Use of the <hostname> parameter requires that DNS be enabled.

Example
The following command clears the current switch configuration, and downloads a new full
configuration from the tftp server tftphost. It uses the configuration from the file stdconfigs.txt residing in
the subdirectory configs\archive of the TFTP server base directory on the server:
download configuration tftphost configs\archive\stdconfig.txt

The following command downloads a partial configuration from the tftp server tftphost from the file
modifyconfig.txt (residing in the subdirectory configs\archive on the server):

576 ExtremeWare 7.3e Command Reference Guide

 download configuration

download configuration tftphost configs\archive\modifyconfig.txt incremental

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 577

Configuration and Image Commands

download configuration cancel

download configuration cancel

Description
Cancels a scheduled incremental configuration download.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This command cancels the scheduled download command completely, not just the next scheduled daily
download. The download configuration every <hour> command must be issued again to
resume automatic downloads.

If there are no downloads scheduled, this command has no effect.

Example
The following command cancels a previously scheduled download:
download configuration cancel

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

578 ExtremeWare 7.3e Command Reference Guide

 download configuration every

download configuration every

download configuration every <time>

Description
Automatically does an incremental configuration download every day at the specified time, or
immediately after switch bootup, based on the parameters specified in the configure download
server command.

Syntax Description

time The time of day in the format <hour (0-23)>:<minutes (0-59)>.

Default
N/A.

Usage Guidelines
You must run the configure download server command prior to using this command, to specify:
• The TFTP server and the configuration file from which the downloaded configuration will be
obtained.
• Whether this TFTP server is the primary server or the secondary (backup) TFTP server.

Example
The following commands set up a scheduled incremental download of the file config_info.txt, to be done
from the TFTP server named tftphost into the primary configuration area, every day at 10:00 pm:
configure download server primary tftphost config_info.txt
download configuration every 22:00

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 579

Configuration and Image Commands

download image
download image [<hostname> | <ipaddress>] <filename> {primary | secondary}

Description
Downloads a new version of the ExtremeWare software image.

Syntax Description

hostname Specifies the hostname of the TFTP server from which the image should be
obtained.
ipaddress Specifies the IP address of TFTP server from which the image should be
obtained.
filename Specifies the filename of the new image.
primary Specifies that the new image should be stored as the primary image.
secondary Specifies that the new image should be stored as the secondary image.

Default
Stores the downloaded image in the current location (the location used for the last reboot).

Usage Guidelines
Prior to downloading an image, you must place the new image in a file on a TFTP server on your
network. Unless you include a path with the filename, this command assumes that the file resides in the
same directory as the TFTP server itself.

The switch can store up to two images: a primary image and a secondary image. When you download a
new image, you must select into which image space (primary or secondary) you want the new image to
be placed. If no parameters are defined, the software image is saved to the selected image, that is, the
next boot-up image.

Use of the <hostname> parameter requires that DNS be enabled.

Example
The following command downloads the switch software image from the TFTP server named tftphost,
from the file named s4119b2.xtr, to the secondary image store:
download image tftphost s4119b2.xtr secondary

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

580 ExtremeWare 7.3e Command Reference Guide

 save configuration

save configuration
save configuration {primary | secondary}

Description
Saves the current configuration from the switch’s runtime memory to non-volatile memory.

Syntax Description

primary Specifies the primary saved configuration.

secondary Specifies the secondary saved configuration.

Default
Saves the current configuration to the location used on the last reboot.

Usage Guidelines
The configuration takes effect on the next reboot.

Example
The following command save the current switch configuration in the secondary configuration area:
save configuration secondary

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 581

Configuration and Image Commands

show configuration
show configuration [detail]

Description
Displays the currently active configuration to the terminal.

Syntax Description

detail Specifies to show all configuration statements including default commands.

Usage Guidelines
If the output scrolls off the top of the screen, you can use the enable clipaging command to pause the
display when the output fills the screen. The default for clipaging is enabled.

Example
This command shows the current configuration active in the switch:
show configuration detail

History
This command was available in ExtremeWare 7.1e.

The command was modified in ExtremeWare 7.2e to support the detail keyword.

Platform Availability
This command is available on the “e” series platforms.

582 ExtremeWare 7.3e Command Reference Guide

 unconfigure switch

unconfigure switch
unconfigure switch {all}

Description
Returns the switch configuration to its factory default settings.

Syntax Description

all Specifies that the entire current configuration should be erased, and the switch
rebooted.

Default
Resets configuration to factory defaults without reboot.

Usage Guidelines
Use unconfigure switch to reset the configuration to factory defaults, but without erasing the
configuration and rebooting. This preserves users account information, date and time settings, and so
on.

Include the parameter all to clear the entire current configuration, including all switch parameters, and
reboot using the last used image and configuration.

Example
The following command erases the entire current configuration, resets to factory defaults, and reboots
the switch using the last specified saved image and saved configuration:
unconfigure switch all

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 583

Configuration and Image Commands

upload configuration
upload configuration [<ip address> | <hostname>] <filename> {every <time>}

Description
Uploads the current configuration to a TFTP server on your network.

Syntax Description

ip address Specifies the IP address of the TFTP server.

hostname Specifies the hostname of the TFTP server.
filename Specifies a name for the file where the configuration is to be saved.
time The time of day in the format <hour (0-23)>:<minutes (0-59)>.

Default
Uploads the current configuration immediately.

Usage Guidelines
The filename can be up to 255 characters long, and cannot include any spaces, commas, quotation
marks, or special characters. Unless you include a path with the filename, this command places the file
in the same directory as the TFTP server itself.

The uploaded ASCII file retains the command-line interface (CLI) format. This allows you to do the
following:
• Modify the configuration using a text editor, and later download a copy of the file to the same
switch, or to one or more different switches.
• Send a copy of the configuration file to Extreme Networks Technical Support for problem-solving
purposes.

If every <time> is specified, the switch automatically saves the configuration to the server once per
day, at the specified time. Because the filename is not changed, the configured file stored in the TFTP
server is overwritten every day. The keyword every is required if a time is specified.

To cancel automatic upload, use the cancel option. If no options are specified, the current configuration
is uploaded immediately.

Use of the <hostname> parameter requires that DNS be enabled.

Example
The following command uploads the current configuration to the file configbackup.txt on the TFTP server
named tftphost, every night at 10:15 p.m.:
upload configuration tftphost configbackup.txt every 22:15

History
This command was available in ExtremeWare 7.1e.

584 ExtremeWare 7.3e Command Reference Guide

 upload configuration

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 585

Configuration and Image Commands

upload configuration cancel

upload configuration cancel

Description
Cancels a previously scheduled configuration upload.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This command cancels the scheduled upload command completely, not just the next scheduled daily
upload. You must re-issue the upload configuration every <hour> command to resume
automatic uploads.

If there are no uploads scheduled, this command has no effect.

Example
The following command cancels the current automatic upload schedule:
upload configuration cancel

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

586 ExtremeWare 7.3e Command Reference Guide

 use configuration

use configuration
use configuration [primary | secondary]

Description
Configures the switch to use a previously saved configuration on the next reboot.

Syntax Description

primary Specifies the primary saved configuration.

secondary Specifies the secondary saved configuration.

Default
N/A.

Usage Guidelines
The keyword “configuration” can be abbreviated to “config.”

Example
The following command specifies that the next reboot should use the primary saved configuration:
use configuration primary

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 587

Configuration and Image Commands

use image
use image [primary | secondary]

Description
Configures the switch to use a saved image on the next reboot.

Syntax Description

primary Specifies the primary saved software image.

secondary Specifies the secondary saved software image.

Default
Primary.

Usage Guidelines
None.

Example
The following command configures the switch to use the primary image on the next reboot:
use image primary

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

588 ExtremeWare 7.3e Command Reference Guide

12 Troubleshooting Commands

If you encounter problems when using your switch, ExtremeWare provides troubleshooting commands.
Use these commands only under the guidance of Extreme Networks technical personnel.

You can contact Extreme Networks technical support at (800) 998-2408 or (408) 579-2826.

The Event Management System (EMS), introduced in ExtremeWare 7.1.0, provides enhanced features to
filter and capture information generated on a switch. The various systems in ExtremeWare are being
converted to EMS components. As a system is converted, the corresponding debug trace command is no
longer available. Details of using EMS are discussed in the ExtremeWare User Guide, in the chapter,
“Status Monitoring and Statistics”, and the commands used for EMS are detailed in this document in
Chapter 8,“Commands for Status Monitoring and Statistics”.

Until all the systems in ExtremeWare are converted, you may need to use a mix of EMS and debug trace
commands under the guidance of Extreme Networks technical personnel.

Included in this chapter, as well as in Chapter 8, are the EMS commands to enable and disable debug
mode for EMS components.

If CPU utilization is high, use the debug trace commands sparingly, as they require the CPU. Disable
any external syslog before you configure a debug trace, because the debug trace utility can send large
amounts of information to the syslog, and if your syslog is external, that information travels over your
network. Alternatively, you can configure a filter to select only the most necessary information.

Configure a debug trace at lower levels first, and look for obvious problems. Higher levels typically
record so much information that they record enough information within a few seconds.

ExtremeWare 7.3e Command Reference Guide 589

Troubleshooting Commands

clear debug-trace
clear debug-trace

Description
Resets the debug-trace levels to the factory settings of level 0.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command resets the debug-trace levels to level 0:
clear debug-trace

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

590 ExtremeWare 7.3e Command Reference Guide

 configure debug-trace accounting

configure debug-trace accounting

configure debug-trace accounting <debug level>

Description
This command provides system-level debug tracing for the accounting subsystem.

Syntax Description

debug level Specifies a debug level:

0 — Records critical error messages, such as memory allocation errors. Indicates a severe
event that can terminate or corrupt accounting.
1 — Records warning messages for various non-critical error conditions.
2 — Records various informational messages.
3 — Records debug information, such as message and event processing. Provides additional
information to support engineers for the purpose of diagnosing network problems.
4 — No additional information recorded.
5 — No additional information recorded.

Default
The default level is 0.

Usage Guidelines
The debug level range is 0 to 5. Higher levels record more verbose messages. Higher levels also record
the messages recorded at lower levels.

Example
The following command sets the reporting level for accounting to 3:
configure debug-trace accounting 3

History
This command was first available in an ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 591

Troubleshooting Commands

configure debug-trace bootprelay

configure debug-trace bootprelay <debug level> vlan <vlan name>

Description
This command records debug information to the syslog.

Syntax Description

debug level Specifies a debug level:

0— None.
1— Records error messages and tracks BOOTP messages relayed.
2— No additional information recorded.
3— No additional information recorded.
4— Displays a dump of each packet.
5— No additional information recorded.
vlan name Specifies a VLAN name.

Default
The default level is 0.

Usage Guidelines
The debug level range is 0 to 5. Higher levels record more verbose messages. Higher levels also record
the messages recorded at lower levels.

Example
The following command sets the reporting level for BOOTP relay errors to 3:
configure debug-trace bootprelay 3

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

592 ExtremeWare 7.3e Command Reference Guide

 configure debug-trace card-state-change

configure debug-trace card-state-change

configure debug-trace card-state-change <debug level>

Description
This command is not currently supported.

Syntax Description

debug level Specifies a debug level:

0— Not currently supported.
1— Not currently supported.
2— Not currently supported.
3— Not currently supported.
4— Not currently supported.
5— Not currently supported.

Default
The default level is 0.

Usage Guidelines
This command is not currently supported.

Example
This command is not currently supported.

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 593

Troubleshooting Commands

configure debug-trace debug-link

configure debug-trace debug-link <debug level>

Description
This command records debug information to the syslog.

Syntax Description

debug level Specifies a debug level:

0 — Disables debug tracing for debug link and stops recording information to the syslog.
1 — Enables debug tracing for debug link and records information to the syslog.
2 — No additional information recorded.
3 — No additional information recorded.
4 — No additional information recorded.
5 — No additional information recorded.

Default
The default level is 0.

Usage Guidelines
The debug level range is 0 to 5. Level 0 disables the debug-trace for link detection, and level 1 enables
debug-trace for link detection.

For levels 2 through 5, no additional information recorded.

Example
The following command enables debug-trace for link detection:
configure debug-trace debug-link 1

The following command disables debug-trace for link detection:

configure debug-trace debug-link 0

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

594 ExtremeWare 7.3e Command Reference Guide

 configure debug-trace flow-redirect

configure debug-trace flow-redirect

configure debug-trace flow-redirect <debug level>

Description
This command records debug information to the syslog.

Syntax Description

debug level Specifies a debug level:

0— None.
1— Records configuration changes and unexpected code states.
2— Records next-hop resources becoming active or inactive.
3— No additional information recorded.
4— No additional information recorded.
5— No additional information recorded.

Default
The default level is 0.

Usage Guidelines
The debug level range is 0 to 5. Higher levels record more verbose messages. Higher levels also record
the messages recorded at lower levels.

Example
The following command sets the reporting level for flow redirect errors to 2:
configure debug-trace flow-redirect 2

Following is the log output at this level:

<INFO:IPRT> redirect next hop http1 30.0.0.9 changed to up

<DBUG:SYST> i=1 Changing Nexthop fg=fffc Source=24.3.89.150 Nexthop=30.0.0.6 Nfg=fffb
<DBUG:SYST> i=0 Changing Nexthop fg=fffc Source=24.3.89.149 Nexthop=30.0.0.5 Nfg=fffa
<DBUG:SYST> i=4 Changing Nexthop fg=fffc Source=24.3.89.148 Nexthop=30.0.0.9 Nfg=ffff
<DBUG:SYST> i=3 Changing Nexthop fg=fffc Source=24.3.89.147 Nexthop=30.0.0.8 Nfg=fffe
<DBUG:SYST> i=2 Changing Nexthop fg=fffc Source=24.3.89.146 Nexthop=30.0.0.7 Nfg=fffd
<DBUG:SYST> i=1 Changing Nexthop fg=fffc Source=24.3.89.145 Nexthop=30.0.0.6 Nfg=fffb
<DBUG:SYST> i=0 Changing Nexthop fg=fffc Source=24.3.89.144 Nexthop=30.0.0.5 Nfg=fffa
<DBUG:SYST> Sag=fffc
<DBUG:SYST> Grps0 = fffa fffb fffd fffe ffff 0 0 0
<DBUG:SYST> rLBS inst=0 inUse=1 SA=24.3.89.144 sMask=fffffff 8 dPort=50
<DBUG:SYST> Looking for entries to balance in redirect 3
<DBUG:SYST> Looking for entries to balance in redirect 2
<DBUG:SYST> Looking for entries to balance in redirect 1
<DBUG:SYST> Looking for entries to balance in redirect 0
<INFO:IPRT> redirect next hop http1 30.0.0.8 changed to up <DBUG:SYST> Balancing group
ffff

ExtremeWare 7.3e Command Reference Guide 595

Troubleshooting Commands

<DBUG:SYST> Adding new flow for next hop ip 30.0.0.5 group fffe
<DBUG:SYST> Balancing group fffe
<DBUG:SYST> Adding new flow for next hop ip 30.0.0.5 group fffd
<DBUG:SYST> Balancing group fffd
<DBUG:SYST> Adding new flow for next hop ip 30.0.0.5 group fffb
<DBUG:SYST> Balancing group fffb
<DBUG:SYST> Looking for entries to balance in redirect 0
<DBUG:SYST> Entry Up: Adding new flow for next hop ip 30.0.0.5 group fffa
<DBUG:SYST> redirectServerListAdd 0 4
<DBUG:SYST> redirectServerListAdd 0 3
<DBUG:SYST> redirectServerListAdd 0 2
<DBUG:SYST> redirectServerListAdd 0 1
<DB UG:SYST> redirectServerListAdd 0 0
<INFO:SYST> msm-a-console admin: enable http1
<DBUG:SYST> redirectServerListDelEntry: Checking server entry 0x866c2efc 1 4
<DBUG:SYST> redirectServerListDelEntry 0x8 66c2f5c 0 4
<DBUG:SYST> redirectServerListDelEntry: Checking server entry 0x866c198c 2 4
<DBUG:SYST> redirectServerListDelEntry 0x866c19ec 0 4
<DBUG:SYST> redirectServerListDelEntry: Checking server entry 0x866c201c 3 4
<DBUG:SYST> redirectServerListDelEntry 0x866c207c 0 4
<DBUG:SYST> redirectServerListDelEntry: Freeing server entry 0x866c3efc 0 4
<DBUG:SYST> redirectServerListDelEntry 0x866c3f8c 0 4
<DBUG:SYST> Grps0 = 0 0 0 0 0 0 0 0
<DBUG:SYST> rLBS inst=0 inUse=1 SA=24.3.89.144 sMask=fffffff 8 dPort=50
<DBUG:SYST> Entry Down: Deleting sub flow for next hop ip 30.0.0.9 group fffe
<DBUG:SYST> Entry Down: Deleting sub flow for next hop ip 30.0.0.9 group fffd
<DBUG:SYST> Entry Down: Deleting sub flow for next hop ip 30.0.0.9 group fffb

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on all platforms.

596 ExtremeWare 7.3e Command Reference Guide

 configure debug-trace iparp

configure debug-trace iparp

configure debug-trace iparp <debug level> vlan <vlan name>

Description
This command records debug information to the syslog.

Syntax Description

debug Specifies a debug level:

0— Records IP and ARP conflicts, and duplicate IP addresses.
1— Records the following errors:
• ARP interface down
• No bridge for router interface
• No free new entry
• Filter out multicast and broadcast source address
• Header too short
• ARP Ethernet/IP
• Invalid hw/prot length
• Wrong length
2— Records the following errors:
• Router interface down
• Bad IP destination
• No mbuf available
• Failed to ARP
• No bridge available
• No ARP available
• No router interface in ARPT
• Loopback entry created
• Suppressed re-ARP
• New ARP entry for IP/MAC address
• Filtering own ARP
• Target matched primary, secondary, or backup
3— No additional information recorded.
4— No additional information recorded.
5— No additional information recorded.
vlan name Specifies a VLAN name.

Default
The default level is 0.

ExtremeWare 7.3e Command Reference Guide 597

Troubleshooting Commands

Usage Guidelines
The debug level range is 0 to 5. Higher levels record more verbose messages. Higher levels also record
the messages recorded at lower levels.

Example
The following command sets the reporting level for IP ARP errors to 3:
configure debug-trace iparp 3

Following is the log output at this level:

<DBUG:SYS > arpresolve: Filled entry for (192.168.192.12,00:00:86:54:7f:2a)

<DBUG:SYS > arpresolve: START ac=0x82f3d6e0 m=0x849a6800 IP=192.168.192.12
<DBUG:SYS > arpresolve: Filled entry for (192.168.192.12,00:00:86:54:7f:2a)
<DBUG:SYS > arpresolve: START ac=0x82f3d6e0 m=0x849a6c00 IP=192.168.192.12
<DBUG:SYS > arpresolve: Filled entry for (192.168.192.12,00:00:86:54:7f:2a)
<DBUG:SYS > arpresolve: START ac=0x82f3d6e0 m=0x849a6c00 IP=192.168.192.12
<DBUG:SYS > arpresolve: Filled entry for (192.168.192.12,00:00:86:54:7f:2a)
<DBUG:SYS > arpresolve: START ac=0x82f3d6e0 m=0x849a6800 IP=192.168.192.12
<DBUG:SYS > arpresolve: Filled entry for (192.168.192.12,00:00:86:54:7f:2a)
<INFO:SYST> serial admin: configure debug-trace iparp 3 t2
<INFO:SYST> Port 2:1 link active 100Mbs FULL duplex
<INFO:SYST> serial admin: configure t2 add ports 2 : 1
<INFO:SYST> serial admin: configure t2 delete ports 1 : 1
<INFO:SYST> serial admin: enable ipforwarding t2
<INFO:SYST> serial admin: configure t2 ipaddress 192.168.192.1 / 24
<INFO:SYST> serial admin: configure t2 add ports 1 : 1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

598 ExtremeWare 7.3e Command Reference Guide

 configure debug-trace rip-message

configure debug-trace rip-message

configure debug-trace rip-message <debug level> vlan <vlan name>

Description
This command records debug information to the syslog.

Syntax Description

debug level Specifies a debug level:

0— None.
1— None.
2— None.
3— Records that the switch received a response from w.x.y.z (pier) len 24 at
time.time.
Records that the switch sent a response to 224.0.0.9 at time.time.
4— Displays a dump of the RIP response.
Displays a dump of the RIP response received.
5— No additional information recorded.
vlan name Specifies a VLAN name.

Default
The default level is 0.

Usage Guidelines
The debug level range is 0 to 5. Higher levels record more verbose messages. Higher levels also record
the messages recorded at lower levels.

Example
The following command sets the reporting level for RIP message errors to 3:
configure debug-trace rip-message 3

Following is the log output at this level:

<DBUG:RIP > Sending Rsp to 224.0.0.9 at 1012569160.950000

<INFO:SYST> msm-a-console admin: configure debug-trace rip-message 3 vlan all

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 599

Troubleshooting Commands

configure debug-trace rip-route-change

configure debug-trace rip-route-change <debug level> vlan <vlan name | all>

Description
This command is not currently supported.

Syntax Description

debug level Specifies a debug level:

0— Not currently supported.
1— Not currently supported.
2— Not currently supported.
3— Not currently supported.
4— Not currently supported.
5— Not currently supported.
vlan name Specifies a VLAN name.
all Specifies all VLANs.

Default
The default level is 0.

Usage Guidelines
This command is not currently supported.

Example
This command is not currently supported.

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

600 ExtremeWare 7.3e Command Reference Guide

 configure debug-trace rip-triggered-update

configure debug-trace rip-triggered-update

configure debug-trace rip-triggered-update <debug level> vlan <vlan name |
all>

Description
This command records debug information to the syslog.

Syntax Description

debug level Specifies a debug level:

0— None.
1— None.
2— None.
3— Records that the switch is suppressing triggered updates for x seconds.
4— No additional information recorded.
5— No additional information recorded.
vlan name Specifies a VLAN name.
all Specifies all VLANs.

Default
The default level is 0.

Usage Guidelines
The debug level range is 0 to 5. Higher levels record more verbose messages. Higher levels also record
the messages recorded at lower levels.

Example
The following command sets the reporting level for RIP triggered update errors to 3:
configure debug-trace rip-triggered-update 3

Following is the log output at this level:

<DBUG:RIP > Suppressing triggered updates for 1 secs.

<INFO:SYST> msm-a-console admin: enable rip
<INFO:SYST> msm-a-console admin: disable rip

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 601

Troubleshooting Commands

configure debug-trace udp-forwarding

configure debug-trace udp-forwarding <debug level> vlan <vlan name>

Description
This command is not currently supported.

Syntax Description

debug level Specifies a debug level:

0 — Not currently supported.
1 — Not currently supported.
2 — Not currently supported.
3 — Not currently supported.
4 — Not currently supported.
5 — Not currently supported.
vlan name Specifies a VLAN name.

Default
The default level is 0.

Usage Guidelines
This command is not currently supported.

Example
This command is not currently supported.

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

602 ExtremeWare 7.3e Command Reference Guide

 configure debug-trace wireless

configure debug-trace wireless

configure debug-trace wireless {dot1x} {radius} {mac} {snmp} {wlan-driver}
{eth-driver} {ap-scan} {client-diag} {mac-radius} {wpa} {iapp}

Description
This command records wireless information to the syslog.

Syntax Description

dot1x Specifies to record dot1x information.

radius Specifies to record radius information.
mac Specifies to record MAC address information.
snmp Specifies to record SNMP information.
wlan-driver Specifies to record WLAN driver information.
eth-driver Specifies to record Ethernet driver information.
ap-scan Specifies to record AP scan information.
client-diag Specifies to record client diagnostic information.
mac-radius Specifies to record MAC RADIUS information.
wpa Specifies to record WPA information.
iapp Specifies to record IAPP information.

Default
N/A

Usage Guidelines
None.

Example
In the following example, port 1:8 is configured to record SNMP information:

configure debug-trace wireless ports 1:8 snmp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 603

Troubleshooting Commands

configure reboot-loop-protection
configure reboot-loop-protection threshold <time-interval> <count>

Description
Configures reboot loop protection.

Syntax Description

time-interval The length of time during which the switch can reboot the specified count before
entering minimal mode. The range is 0 - 255 minutes.
count The number of reboots within the specified time-interval. The range is 1 - 7.

Default
If you enter a time-interval but not a count, the default count is 3.

Usage Guidelines
Specifying a time interval of 0 disables reboot loop protection. Specifying any other value enables it. To
view the current settings, use the show switch or show configuration commands.

If you reboot the switch manually or use the run msm-failover or run diagnostics commands, the
time interval and count are both reset to 0.

Example
The following command configures the time interval to 5 minutes and the count to 4:
configure reboot-loop-protection threshold 5 4

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

604 ExtremeWare 7.3e Command Reference Guide

 disable log debug-mode

disable log debug-mode

disable log debug-mode

Description
Disables debug mode. The switch stops generating debug events.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables debug mode. Debug mode must be enabled prior to configuring advanced
debugging capabilities. These include allowing debug messages, which can severely degrade
performance. For typical network device monitoring, debug mode should remain disabled, the default
setting. Debug mode should only be enabled when advised by technical support, or when advanced
diagnosis is required. The debug mode setting is saved to FLASH.

The following configuration options require that debug mode be enabled:

• including a severity of debug-summary, debug-verbose, or debug-data when configuring filters

• target format options process-name, process-id, source-function, and source-line)

Example
The following command disables debug mode:
disable log debug-mode

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 605

Troubleshooting Commands

enable log debug-mode

enable log debug-mode

Description
Enables debug mode. The switch generates debug events.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables debug mode. Debug mode must be enabled prior to configuring advanced
debugging capabilities. These include allowing debug messages, which can severely degrade
performance. For typical network device monitoring, debug mode should remain disabled, the default
setting. Debug mode should only be enabled when advised by technical support, or when advanced
diagnosis is required. The debug mode setting is saved to FLASH.

The following configuration options require that debug mode be enabled:

• including a severity of debug-summary, debug-verbose, or debug-data when configuring filters

• target format options process-name, process-id, source-function, and source-line.

Example
The following command enables debug mode:
enable log debug-mode

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

606 ExtremeWare 7.3e Command Reference Guide

 nslookup

nslookup
nslookup <hostname>

Description
Displays the IP address of the requested host.

Syntax Description

hostname Specifies a hostname.

Default
N/A.

Usage Guidelines
None.

Example
The following command looks up the IP address of a computer with the name of bigserver.xyz_inc.com:
nslookup bigserver.xyz_inc.com

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 607

Troubleshooting Commands

ping
ping {udp} {continuous} {start-size <size number> {-<end_size}}
[<ip_address> | <hostname>] {from <src_ipaddress> | with record-route |
from <src_ipaddress> with record-route}

Description
Enables you to send User Datagram Protocol (UDP) or Internet Control Message Protocol (ICMP) echo
messages or to a remote IP device.

Syntax Description

udp Specifies that the ping request should use UDP instead of ICMP.
continuous Specifies that UDP or ICMP echo messages to be sent continuously. This
option can be interrupted by pressing any key.
size-number Specifies the size, in bytes, of the packet to be sent, or the starting size if
incremental packets are to be sent.
end_size Specifies the maximum size, in bytes, of the packet to be sent in the UDP or
ICMP request. When both the start_size and end_size are specified, ICMP
requests are transmitted using 1 byte increments, per packet.
ipaddress Specifies the IP address of the host.
hostname Specifies the name of the host.
src_ipaddress Uses the specified source address in the ICMP packet. If not specified, the
address of the transmitting interface is used.
record-route Decodes the list of recorded routes and displays them when the ICMP echo
reply is received.

Default
N/A.

Usage Guidelines
The ping command is used to test for connectivity to a specific host.

The ping command is available for both the user and administrator privilege level.

If a ping request fails, the switch continues to send ping messages until interrupted. Press any key to
interrupt a ping request.

Example
The following command enables continuous ICMP echo messages to be sent to a remote host:
ping continuous 123.45.67.8

History
This command was first available in ExtremeWare 7.1e.

608 ExtremeWare 7.3e Command Reference Guide

 ping

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 609

Troubleshooting Commands

run diagnostics
run diagnostics [extended | normal]

Description
Runs normal or extended diagnostics on the switch.

Syntax Description

extended Runs an extended diagnostic routine. Takes the switch fabric and ports offline,
and performs extensive ASIC, ASIC-memory, packet memory, and packet
loopback tests.
normal Runs a normal diagnostic routine. Takes the switch fabric and ports offline,
and performs a simple ASIC and packet loopback test on all the ports.

Default
N/A.

Usage Guidelines

NOTE
Run diagnostics when the switch can be brought off-line. The tests conducted are extensive and affect
traffic that must be processed by the system CPU.

The normal diagnostics are short series of tests that do not test all the internal ASIC functions. On a
management module, the extended diagnostic routine tests all components including the internal ASIC
functions. The management module is taken off-line while the diagnostic test is performed. It is reset
and operational once the test is completed.

To view results of normal or extended diagnostics tests, use the following commands:
show diagnostics

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

610 ExtremeWare 7.3e Command Reference Guide

 run diagnostics cable ports

run diagnostics cable ports

run diagnostics cable ports <portlist>

Description
Runs diagnostics on Ethernet cables.

Syntax Description

portlist Runs cable diagnostics for one or more port numbers.

Default
N/A

Usage Guidelines
This command tests each of the four Unshielded Twisted-Pair (UTP). When the test completes, the
command prompts you to enter the show port portlist cable diagnostics command to see the results
of the test.

By reviewing the output of the show command you can determine:

• The length of the cable

• Whether there is a successful termination, or whether there is an open or short

Examples
The following example tests the Ethernet cable inserted into port 1. The four copper pairs do not all
have the same length, which might indicate a kink in the cable, or a open connection:

Summit400-48t:27 # run diagnostics cable ports 1

Cable Diagnostics has completed, to view results enter

show port <port list> cable diagnostics

Summit400-48t:28 # show port 1 cable diagnostics

Port Pair Length Status

1 Pair A 3 meters Terminated

Pair B 2 meters Terminated
Pair C 1 meters Open or Short
Pair D 1 meters Open or Short

The following example shows none of the twisted pairs terminate successfully at port 1, which could
indicate that the cable is not inserted into the port:

Summit400-48t:29 # run diagnostics cable ports 1

Cable Diagnostics has completed, to view results enter

show port <port list> cable diagnostics

ExtremeWare 7.3e Command Reference Guide 611

Troubleshooting Commands

Summit400-48t:30 # show port 1 cable diagnostics

Port Pair Length Status

1 Pair A 0 meters Open or Short

Pair B 0 meters Open or Short
Pair C 0 meters Open or Short
Pair D 0 meters Open or Short

History
This command was introduced in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

612 ExtremeWare 7.3e Command Reference Guide

 show debug-trace

show debug-trace
show debug-trace [accounting | bootprelay | debug-link| | eaps-system | |
iparp | iproute | netlogin | npcard | npdiag | pppauth | ppphexdump
|radius | rip-message | rip-route-change | rip-triggered-update |snmp-trace
| stp-in-pdu | stp-out-pdu | stp-system |vrrp | vrrp-hello] vlan <vlan
name>

Description
Displays the configured debug-trace levels.

Syntax Description

accounting Specifies accounting level.

bootprelay Specifies BOOTP relay level.
debug-link Specifies link detection level.
eaps-system Specifies EAPS system level.
iparp Specifies IP ARP level.
iproute Specifies IP routing level.
netlogin Specifies Network Login level.
radius Specifies Radius level.
rip-message Specifies RIP message level.
rip-route-change Specifies RIP route level.
rip-triggered-update Specifies RIP triggered update level.
snmp-trace Specifies SNMP trace level.
stp-in-pdu Specifies incoming STP PDU level.
stp-out-pdu Specifies outgoing STP PDU level.
stp-system Specifies STP system level.
vrrp Specifies VRRP level.
vrrp-hello Specifies VRRP hello level.
vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines

Use this command to display the debug trace level configured for a particular system, and VLAN. Some
of the debug trace systems commands can be applied to a particular VLAN, some apply to the switch as
a whole, so the vlan option is not available with all systems.

Example
The following command displays the debug trace levels configured:
show debug-trace

ExtremeWare 7.3e Command Reference Guide 613

Troubleshooting Commands

Following is the output from this command:

OSPF SPF 3
Flowstats 3

Vlan Debug Level

---------------------------------------------------------------------------
v49 DVMRP route 3

Port Number Debug Level

---------------------------------------------------------------------------
No port-based debug-tracing configured

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

614 ExtremeWare 7.3e Command Reference Guide

 show diagnostics

show diagnostics
show diagnostics

Description
Displays the status from the last diagnostic test run on the switch.

Syntax Description

Default
N/A.

Usage Guidelines
Use this command to display the last diagnostic test run on the switch. The switch diagnostics are
displayed in a tabular format with the day, month, date, year, and time of the diagnostic test at the top
of the table.

Table 12: Show Diagnostics Command Field Definitions

Field Definitions
System Platform Specifies system type.
System Part No. Specifies system part number, revision level, and serial number.
Main Board No. Specifies main board part number, revision level, and serial number.
MAC Address Specifies system MAC address.
CPU System Indicates diagnostic results.
Registers Test Indicates diagnostic results.
Memory Test Indicates diagnostic results.
System Test Indicates diagnostic results.

To run diagnostics, use the following command:

run diagnostics [extended | normal]

Depending on the software version running on your switch, additional or different diagnostics
information might be displayed.

Example

The following command shows the results of diagnostics:

show diagnostics

The results are similar to the following:

------------------------------------------------------------------------
Diagnostic Test Result run on Thu Sep 14 16:01:15 2000

ExtremeWare 7.3e Command Reference Guide 615

Troubleshooting Commands

------------------------------------------------------------------------
CPU System | Passed
------------------------------------------------------------------------
Registers Test | Passed
------------------------------------------------------------------------
Memory Test | Passed
------------------------------------------------------------------------
System Test | Passed
------------------------------------------------------------------------

History
This command was available in ExtremeWare 4.1.19, and in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

616 ExtremeWare 7.3e Command Reference Guide

 show ports cable diagnostics

show ports cable diagnostics

show ports <portlist> cable diagnostics

Description
Displays the results of the last run cable diagnostics ports command.

Default
N/A

Syntax Description

portlist Runs cable diagnostics for one or more port numbers.

Usage Guidelines
The results of the command display in tabular format:

Port—The port number tested

Pair—Each Ethernet cable is comprised of four copper pairs of Unshielded Twisted-Pair (UTP). To have
a successful link, two of the four cables must have a status of Terminated and even lengths. The pairs are
labeled A through D. The output shows the test results of each pair.

Length—The length of the cable. All pairs should have the same length. An uneven length can indicate
a kink in the cable, or a broken connection.

Status—The result of the test. The status of Terminated indicates a successful completion. The status of
Open or Short indicates a failure in the cable.

Examples
The following example tests the Ethernet cable inserted into port 1:

Summit400-48t:27 # run diagnostics cable ports 1

Cable Diagnostics has completed, to view results enter

show port <port list> cable diagnostics

Summit400-48t:28 # show port 1 cable diagnostics

Port Pair Length Status

1 Pair A 3 meters Terminated

Pair B 2 meters Terminated
Pair C 1 meters Open or Short
Pair D 1 meters Open or Short

The following example shows none of the twisted pairs terminate successfully at port 1:

Summit400-48t:29 # run diagnostics cable ports 1

ExtremeWare 7.3e Command Reference Guide 617

Troubleshooting Commands

Cable Diagnostics has completed, to view results enter

show port <port list> cable diagnostics

Summit400-48t:30 # show port 1 cable diagnostics

Port Pair Length Status

1 Pair A 0 meters Open or Short

Pair B 0 meters Open or Short
Pair C 0 meters Open or Short
Pair D 0 meters Open or Short

History
This command was introduced in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

618 ExtremeWare 7.3e Command Reference Guide

 show tech-support

show tech-support
show tech-support

Description
Displays the output of various show commands to assist in monitoring and troubleshooting the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
The show tech-support command displays the output for the following show commands:
• show version
• show switch
• show configuration
• show diag
• show fdb
• show iparp
• show ipfdb
• show ipstats
• show iproute
• show ipmc cache detail
• show ipmc fdb
• show igmp snooping detail
• show memory detail
• show log

It also displays the output from internal debug commands. This command disables the CLI paging
feature.

This information can be useful for your technical support representative if you experience a problem.

Depending on the software version running on your switch, additional or different show command
output is displayed.

Example
The following command displays the show command output on the switch:
show tech-support

ExtremeWare 7.3e Command Reference Guide 619

Troubleshooting Commands

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

620 ExtremeWare 7.3e Command Reference Guide

 top

top
top

Description
Displays real-time CPU utilization information by process.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to show the percentage of CPU processing devoted to each task, sampled every 30
seconds. In a healthy ExtremeWare system, only the BGTask takes up significant CPU processing power.
Investigate tasks showing consistent or periodic high CPU utilization.
You can change the display by typing a character while the display is active. These single character
commands are as follows:

Table 13: TOP command display options

u Go up one screen
d Go down one screen
c Clear max utilization
% Sort tasks by CPU utilization
t Sort tasks by task id
p Sort tasks by program counter
n Sort tasks by name
s Sort tasks by task state
m Sort tasks by max CPU utilization
h Show the help screen
<space> go to next sort type
q Exit top
<esc>
<return>

ExtremeWare 7.3e Command Reference Guide 621

Troubleshooting Commands

The following table defines the tasks.

Table 14: ExtremeWare Task Descriptions

Task Description
httpd The HTTP daemon task manages the HTTP web management interface on the
system.
Logpoll In an active dual CPU system, the master CPU will initiate the log polling task
(Logpoll) to periodically poll the secondary or slave CPU(s). This process clears the
individual syslogs and consolidates them onto the master CPU switch log.
mportTask The management port task.
pifstate The port interface state task (pifstate) processes port link state changes. It is
watchdog timer poll driven as opposed to interrupt driven by hardware events.
tAsyncSave The tAsyncSave tasks the NVRAM asynchronous save/write processing task. This
process manages the save or writes to the NVRAM.
tBgQosMon The background Quality of Service monitor task (tBgQosMon) is a background
version of the QoS monitoring task that monitors transmit count and kill count of
ports and cycles as long as the monitor is enabled.
tBGTask The background task (tBGTask) is the core task switching process. It receives
packets from the hardware ASICs and switches them to the appropriate functional
task to process that packet type or group. The tBGTask typically runs with a high
CPU utilization (90% or greater). It is constantly checking for packets to be sent up
by the hardware ASICs. It only releases control of the CPU if packets are sent to the
switch or if timer functions signal another task to become active.
tCardTask The I/O card event task (tCardTask) manages the event signaling hardware and
state machine for the I/O cards in a chassis-based system.
tChecksumPoll The checksum polling task (tChecksumPoll) periodically polls the boards for fabric
checksum errors.
tConsole The console task.
tdiagTask The diagnostic task (tdiagTask) executes the diagnostic routines for the particular
hardware platform.
tEapsTask The Ethernet automatic protection switching task implements and processes EAPS
on the switch.
tEdpTask The Extreme Discovery Protocol task (tEdpTask) implements and processes the EDP
neighbor discovery process.
tEsrpTask The Extreme Standby Router Protocol (tEsrpTask) implements and processes ESRP
on the switch.
tExcTask If the operating system recognizes an exception condition, it will invoke the exception
handling task (tExcTask).
tFastTimer The fast timer task (tFastTimer) is used to maintain a queue of timer events
triggering periodic or single event functions. These events have a small delay in time
between re-occurrences. The tFastTimer has a higher priority than the slow timer
task (tSlowTimer). Therefore, tFastTimer events are processed prior to iSlowTimer
events occurring at the same time.
tfdbAgeTask The forwarding database aging task (tfdbAgeTask) performs the aging of MAC FDB
entries in the hardware and software tables.
tIquery The iQuery support task for 3DNS (tIquery) processes iQuery requests.
TIRDP The ICMP router discovery protocol task (tIRDP) implements and processes IRDP on
the switch.
tISRtask The interrupt service routine task (tISRtask) manages the interrupt driven port link
state changes.

622 ExtremeWare 7.3e Command Reference Guide

 top

Table 14: ExtremeWare Task Descriptions (Continued)

Task Description
tLinkEvent The link event task (tLinkEvent) is the interrupt driven link event processing task. It
handles hardware interrupts for link events.
tMACPoll The media access controller poll task (tMACPoll) polls the various MAC PHY chips
on the switch to pull up MAC layer control messages for the CPU to process.
tmt32LinkPoll F32F module link poll task.
tmuTelnetd The telnet daemon task.
tNetTask The network stack task (tNetTask) handles all the software-based processing of
packets including:
• Packets that cannot be handled by the switch's ASIC because the forwarding
tables do not have entries built in.
• Packets destined to the CPU for one of the router interfaces.
• Packets that must be examined or snooped by the CPUPackets detected for
copying to the CPU.
tospfMsgTask The OSPF message processing task (tospfMsgTask) implements and manages the
processing of OSPF messages.
tospfSpfTask The OSPF shortest path forward task (tospfSpfTask) executes the SPF algorithm run
processing for OSPF.
tospfTimer The OSPF timer task (tospfTimer) manages the internal timer trigger functions and
delays for OSPF.
tPCSPoll The tPCSPoll task services the Gigabit Ethernet PCS poll messages.
tPhyPoll The PHY layer poll task (tPhyPoll) polls the Road Runner PHY layer every 2
seconds to verify the proper operation.
tPortUtilization The port utilization data collection task (tPortUtilization) is a 30 second task that pulls
physical port data statistics from the hardware and updates the software database
tables.
tRip The Routing Information Protocol task (tRip) implements and processes RIP on the
switch.
tRipTimer The RIP timer task (tRipTimer) manages the internal timer trigger functions and
delays for RIP.
TRmonTask The remote monitoring task
tRRPoll The Road Runner poll task (tRRPoll) pulls the MAC and PHY layer statistics from the
store in the software based tables.
tRxMsgTask The receive message task (tRxMsgTask) is located on the secondary system.
ExtremeWare 6.2 commences use of the secondary CPU in BlackDiamond switches.
This is the secondary slave CPU inter-CPU receive task.
tShell The core operating system internal shell process (tShell) is spawned whenever the
internal shell is accessed.
tSlbFailover The server load balancing failover task.
tSlowTimer The slow timer task (tSlowTimer) maintains a queue of timer events triggering
periodic or single event functions. Typically these events have a large period gap in
terms of time between recurrences.
tsmartTrap Extreme smart trap task.
tSnmpd The SNMP daemon task manages all SNMP processing on the system.
tSntpc The simple network time protocol client task (tSntpc) implements the SNTP client
function and processing.
tsshshell The secure shell (SSH) task.
tStatsPoll The port interface statistics poll task (tStatsPoll) polls the port interfaces for statistic
counters.

ExtremeWare 7.3e Command Reference Guide 623

Troubleshooting Commands

Table 14: ExtremeWare Task Descriptions (Continued)

Task Description
tstpTask The Spanning Tree protocol task (tstpTask) implements the STP algorithm and
processing.
tSwFault The software fault handler task (tSwFault) will perform a stack dump for any task that
has crashed.
tsyslogTask The system log task (tsyslogTask) receives messages/text from other tasks and
asynchronously logs these to the switch NVRAM log area.
tTimeout The Timeout task (tTimeout) is used to manage and execute various functions on
timeouts.
tTRRecv The trace route receiver task (tTrRecv) is spawned dynamically when the trace route
utility is used.
tvrrpTask The virtual router redundancy protocol task (tvrrpTask) implements and processes
VRRP on the switch.

Investigate tasks that, for no apparent reason, show CPU utilization consistently above 25% (except for
the BGTask). Configure the appropriate debug-trace command and look for messages indicating a
problem. Common problems are source or destination addresses.

Example
The following command displays the show command output on the switch:
top

The output of this command looks similar to the following:

Total number of tasks: 46
Task Name Task Id Task PC Status % CPU Max % util
==========================================================================
tBGTask 836f18e0 80748f98 READY 99 99
tExcTask 8137ce90 8075ab2c PEND 0 0
tLogTask 8135e2a0 8075ab2c PEND 0 0
tSlowTimer 813ccf50 8075ab2c PEND 0 0
tFastTimer 813ff1f0 8075ab2c PEND 0 0
tTimeout 81384f50 8075ab2c PEND 0 0
tsyslogTas 81389660 8075ab2c PEND+T 0 0
tledPollTa 81390ef0 8075ab2c PEND 0 0
tAsyncSave 814feb10 8075ab2c PEND 0 0
tpifstate 81a85590 8075ab2c PEND 0 0
tBgQosMon 81eb6be0 8075ab2c PEND 0 0
tEapsTask 82bd2a00 8075ab2c PEND 0 0
tSwFault 82c75530 8075ab2c PEND 0 0
tFdbAgeTas 82c85530 8075ab2c PEND 0 0
tFdbSyncTa 82c89530 807489a0 SUSPEND 0 0
tdiagTask 82c8d620 8075ab2c PEND 0 0
Press ‘h’ for help

History
This command was available in ExtremeWare 7.1e.

624 ExtremeWare 7.3e Command Reference Guide

 top

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 625

Troubleshooting Commands

626 ExtremeWare 7.3e Command Reference Guide

13 EAPS Commands

This chapter describes commands for configuring and monitoring Ethernet Automatic Protection
Switching (EAPS).

To use EAPS, you must enable EDP on the switch and the EAPS ring ports.

The EAPS protocol provides fast protection switching to layer 2 switches interconnected in an Ethernet
ring topology, such as a metropolitan area network (MAN) or large campuses. EAPS protection
switching is similar to what can be achieved with the Spanning Tree Protocol (STP), but offers the
advantage of converging in less than a second when a link in the ring breaks.

To take advantage of the Spatial Reuse technology and broaden the use of the ring’s bandwidth, EAPS
supports multiple EAPS domains running on the ring at the same time.

EAPS operates by declaring an EAPS domain on a single ring. Any VLAN that warrants fault protection
is configured on all ring ports in the ring, and is then assigned to an EAPS domain. On that ring
domain, one switch, or node, is designated the master node, while all other nodes are designated as
transit nodes.

One port of the master node is designated the master node’s primary port (P) to the ring; another port is
designated as the master node’s secondary port (S) to the ring. In normal operation, the master node
blocks the secondary port for all non-control traffic belonging to this EAPS domain. If the master node
detects a break in the ring, it unblocks its secondary port and allows data traffic to be transmitted and
received through it.

EAPS fault detection on a ring is based on a single control VLAN per EAPS domain. This EAPS domain
provides protection to one or more data-carrying VLANs called protected VLANs. The control VLAN is
used only to send and receive EAPS messages; the protected VLANs carry the actual data traffic. As
long as the ring is complete, the EAPS master node blocks the protected VLANs from accessing its
secondary port.

A master node detects a ring fault in any of three ways:

• “Link down” message sent by a transit node on the control VLAN
• Ring port down event from lower hardware layers
• Failed response to a periodic health-check packet on the control VLAN

When the master node detects a failure, it declares a “failed” state and opens its logically blocked
secondary port on all the protected VLANs. The master node also flushes its forwarding database (FDB)
and sends a message on the control VLAN to all of its associated transit nodes to flush their forwarding
databases.

ExtremeWare 7.3e Command Reference Guide 627

EAPS Commands

configure eaps add control vlan

configure eaps <name> add control vlan <vlan_name>

Description
Adds the specified control VLAN to the specified EAPS domain.

Syntax Description

name Specifies the name of an EAPS domain.

vlan_name Specifies the name of the control VLAN.

Default
N/A.

Usage Guidelines
You must configure one control VLAN for each EAPS domain. The control VLAN is used only to send
and receive EAPS messages.

The VLAN that will act as the control VLAN must be configured as follows:

• The VLAN must NOT be assigned an IP address, to avoid loops in the network.
• Only ring ports may be added as members of the control VLAN.
• The ring ports of the control VLAN must be tagged. This ensures that EAPS control VLAN traffic is
serviced before any other traffic and that control VLAN messages reach their intended destinations.
• The control VLAN must be assigned a QoS profile of QP8 with the QoS profile priority setting
HighHi.

A control VLAN cannot belong to more than one EAPS domain.

Example
The following command adds the control VLAN “keys” to the EAPS domain “eaps_1.”
configure eaps eaps_1 add control vlan keys

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

628 ExtremeWare 7.3e Command Reference Guide

 configure eaps add protect vlan

configure eaps add protect vlan

configure eaps <name> add protect vlan <vlan_name>

Description
Adds the specified protected VLAN to the specified EAPS domain.

Syntax Description

name Specifies the name of an EAPS domain.

vlan_name Specifies the name of the protected VLAN.

Default
N/A.

Usage Guidelines
You must configure one or more protected VLANs for each EAPS domain. The protected VLANs are the
data-carrying VLANs.

When you configure the VLAN that will act as a protected VLAN, the ring ports of the protected VLAN
must be tagged (except in the case of the default VLAN). As long as the ring is complete, the master
node blocks the protected VLANs on its secondary port.

Example
The following command adds the protected VLAN “orchid” to the EAPS domain “eaps_1”:
configure eaps eaps_1 add protect vlan orchid

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 629

EAPS Commands

configure eaps delete control vlan

configure eaps <name> delete control vlan <vlan_name>

Description
Deletes the specified control VLAN from the specified EAPS domain.

Syntax Description

name Specifies the name of an EAPS domain.

vlan_name Specifies the name of the control VLAN.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the control VLAN “keys” from the EAPS domain “eaps_1”:
configure eaps eaps_1 delete control vlan keys

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

630 ExtremeWare 7.3e Command Reference Guide

 configure eaps delete protect vlan

configure eaps delete protect vlan

configure eaps <name> delete protect vlan <vlan_name>

Description
Deletes the specified protected VLAN from the specified EAPS domain.

Syntax Description

name Specifies the name of an EAPS domain.

vlan_name Specifies the name of the protected VLAN.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the protected VLAN “orchid” from the EAPS domain “eaps_1”:
configure eaps eaps_1 delete protect vlan orchid

History
This command was first available in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 631

EAPS Commands

configure eaps failtime

configure eaps <name> failtime [<seconds>]

Description
Configures the value of the failtimer the master node uses for EAPS health-check packets.

Syntax Description

name Specifies the name of an EAPS domain.

seconds Specifies the number of seconds the master node waits to receive a
health-check packet before the failtimer expires. Default is 3 seconds.

Default
The default is three seconds.

Usage Guidelines
Use the failtime keyword and its associated seconds parameter to specify the amount of time the
master node waits before the failtimer expires. The seconds parameter must be set greater than the
configured value for hellotime. The default value is three seconds.

Increasing the failtime value provides more protection by waiting longer to receive a health-check
packet when the network is congested.

NOTE
In previous versions of ExtremeWare, the secondary port on the Master node would open when the
failtimer expired. In ExtremeWare 7.1 the default behavior has been modified to not open the secondary
port. You can configure the action taken when the failtimer expires by using the configure eaps
failtime expiry-action command.

Example
The following command configures the failtimer value for the EAPS domain “eaps_1” to 15 seconds:
configure eaps eaps_1 failtime 15

History
This command was first available in ExtremeWare 7.2.e

Platform Availability
This command is available on the “e” series platforms.

632 ExtremeWare 7.3e Command Reference Guide

 configure eaps failtime expiry-action

configure eaps failtime expiry-action

configure eaps <name> failtime expiry-action [ open-secondary-port |
send-alert]

Description
Configures the action taken when the failtimer expires.

Syntax Description

eaps name Specifies the name of an EAPS domain.

open-secondary-port Specifies to open the secondary port when the failtimer expires.
send-alert Specifies that a critical message is sent to the syslog when the failtimer
expires.

Default
Default is send-alert.

Usage Guidelines
In earlier releases of ExtremeWare, when the failtimer of a master node expired, the default action was
to open the secondary port. If the master node loses three Hello-PDUs in a row, the failtimer will expire,
but there might not necessarily be a break in the ring. Opening the secondary port in this situation
would create a loop.

The configure eaps failtime expiry-action command allows you to configure the action taken
when the failtimer expires.

By default the action is to send an alert if the failtimer expires. Instead of going into a “Failed” state, the
master node remains in a “Complete” or “Init” state, maintains the secondary port blocking, and writes
a critical error message to syslog warning the user that there is a fault in the ring. An SNMP trap is also
sent.

To use the failtimer expiry action of earlier releases, use the open-secondary-port parameter.

NOTE
You must explicitly configure the failtimer expiry action to open-secondary-port if the EAPS ring
includes a section composed of non-EAPS devices.

NOTE
If you have a previous release of ExtremeWare and are upgrading to ExtremeWare 7.3e the failtimer
expiry action will default to send-alert.

ExtremeWare 7.3e Command Reference Guide 633

EAPS Commands

Example
The following command configures the failtimer expiry-action for EAPS domain “eaps_1”:
configure eaps eaps_1 failtime expiry-action open-secondary-port

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

634 ExtremeWare 7.3e Command Reference Guide

 configure eaps hellotime

configure eaps hellotime

configure eaps <name> hellotime <seconds>

Description
Configures the value of the hello timer the master node used for the EAPS health-check packet.

Syntax Description

name Specifies the name of an EAPS domain.

seconds Specifies the number of seconds to wait between transmission of the
health-check packets on the control VLAN. Must be greater than 0.

Default
Default is 1 second.

Usage Guidelines
Use the hellotime keyword and its associated seconds parameter to specify the amount of time the
master node waits between transmissions of health-check packets on the control VLAN. Increasing the
hellotime value keeps the processor from sending and processing too many health-check packets.
Increasing the hellotime value should not affect the network convergence time, because transit nodes
are already sending “link down” notifications.

This command applies only to the master node. If you configure the polling timers for a transit node,
they will be ignored. If you later reconfigure that transit node as the master node, the polling timer
values will be used as the current values.

Example
The following command configures the hellotime value for the EAPS domain “eaps_1” to 2 seconds:
configure eaps eaps_1 hellotime 2

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 635

EAPS Commands

configure eaps mode

configure eaps <name> mode [master | transit]

Description
Configures the switch as either the EAPS master node or as an EAPS transit node for the specified
domain.

Syntax Description

name Specifies the name of an EAPS domain.

master Specifies that this switch should be the master node for the named EAPS
domain.
transit Specifies that this switch should be the transit node for the named EAPS
domain.

Default
N/A.

Usage Guidelines
None.

Example
The following command identifies this switch as the master node for the domain named eaps_1:
configure eaps eaps_1 mode master

The following command identifies this switch as a transit node for the domain named eaps_1:
configure eaps eaps_1 mode transit

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.
This command is available on all platforms.

636 ExtremeWare 7.3e Command Reference Guide

 configure eaps name

configure eaps name

configure eaps <old_name> name <new_name>

Description
Renames an existing EAPS domain.

Syntax Description

old_name Specifies the current name of an EAPS domain.

new_name Specifies a new name for the EAPS domain.

Default
N/A.

Usage Guidelines
None.

Example
The following command renames EAPS domain “eaps-1” to “eaps-5”:
configure eaps eaps-1 name eaps-5

History

This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 637

EAPS Commands

configure eaps port

configure eaps <name> [primary | secondary] port <port number>

Description
Configures a node port as the primary or secondary port for the specified EAPS domain.

Syntax Description

name Specifies the name of an EAPS domain.

primary Specifies that the port is to be configured as the primary port.
secondary Specifies that the port is to be configured as the secondary port.
port number Specifies the port number.

Default
N/A.

Usage Guidelines
Each node on the ring connects through two ring ports. One port must be configured as the primary
port; the other must be configured as the secondary port.

Example
The following command adds port 1 to the EAPS domain “eaps_1” as the primary port:
configure eaps eaps_1 primary port 1

History
This command was first available in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

638 ExtremeWare 7.3e Command Reference Guide

 configure eaps shared-port link-id

configure eaps shared-port link-id

configure eaps shared-port <port> link-id <id>

Description
Configures the link ID of the shared port.

Syntax Description

port Specifies the port number of the common link port.

id Specifies the link ID of the port.

Default
N/A.

Usage Guidelines
Each common link in the EAPS network must have a unique link ID. The controller and partner shared
ports belonging to the same common link must have matching link IDs. No other instance in the
network should have that link ID.

Example
The following command configures the EAPS shared port 1:1 to have a link ID of 1.
configure eaps shared-port 1:1 link-id 1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 639

EAPS Commands

configure eaps shared-port mode

configure eaps shared-port <port> mode <controller | partner>

Description
Configures the mode of the shared port.

Syntax Description

port Specifies the port number of the shared port.

controller Specifies the controller mode. The controller is the end of the common link
responsible for blocking ports when the common link fails thereby preventing
the superloop.
partner Specifies partner mode.

Default
N/A.

Usage Guidelines
The shared port on one end of the common link must be configured to be the controller. This is the end
responsible for blocking ports when the common link fails thereby preventing the superloop.

The shared port on the other end of the common link must be configured to be the partner. This end
does not participate in any form of blocking. It is responsible for only sending and receiving
health-check messages.

Example
The following command configures the shared port 1:1 to be the controller.
configure eaps shared-port 1:1 mode controller

History
This command was first available in ExtremeWare 7.1.

Platform Availability
This command is available on the “e” series platforms.

640 ExtremeWare 7.3e Command Reference Guide

 create eaps

create eaps
create eaps <name>

Description
Creates an EAPS domain with the specified name.

Syntax Description

name Specifies the name of an EAPS domain to be created. May be up to 32

characters in length.

Default
N/A.

Usage Guidelines
Only a single EAPS domain per switch is supported by Summit "e" series switches.

The name parameter is a character string of up to 32 characters that identifies the EAPS domain to be
created. EAPS domain names and VLAN names must be unique: Do not use the same name string to
identify both an EAPS domain and a VLAN.

Example
The following command creates EAPS domain eaps_1 on an “e” series switch:
create eaps eaps-1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 641

EAPS Commands

create eaps shared-port

create eaps shared-port <port>

Description
Creates an EAPS shared port on the switch.

Syntax Description

port Specifies the port number of the common link port.

Default
N/A.

Usage Guidelines
To configure a common link, you must create a shared port on each switch of the common link.

Example
The following command creates a shared port on the EAPS domain.
create eaps shared-port 2

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

642 ExtremeWare 7.3e Command Reference Guide

 delete eaps

delete eaps
delete eaps <name>

Description
Deletes the EAPS domain with the specified name.

Syntax Description

name Specifies the name of an EAPS domain to be deleted.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes EAPS domain eaps_1:
delete eaps eaps-1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 643

EAPS Commands

delete eaps shared-port

delete eaps shared-port <port>

Description
Deletes an EAPS shared port on a switch.

Syntax Description

port Specifies the port number of the Common Link port.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes shared port 1.
delete eaps shared-port 1

History

This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

644 ExtremeWare 7.3e Command Reference Guide

 disable eaps

disable eaps
disable eaps {<name>}

Description
Disables the EAPS function for a named domain or for an entire switch.

Syntax Description

name Specifies the name of an EAPS domain.

Default
Disabled for the entire switch.

Usage Guidelines
None.

Example
The following command disables the EAPS function for entire switch:
disable eaps

The following command disables the EAPS function for the domain “eaps-1”:
disable eaps eaps-1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 645

EAPS Commands

enable eaps
enable eaps {<name>}

Description
Enables the EAPS function for a named domain or for an entire switch.

Syntax Description

name Specifies the name of an EAPS domain.

Default
Disabled.

Default command enables for the entire switch.

Usage Guidelines
EDP must be enabled on the switch and EAPS ring ports.

Example
The following command disables the EAPS function for entire switch:
enable eaps

The following command disables the EAPS function for the domain “eaps-1”:
enable eaps eaps-1

History
This command was first available in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

646 ExtremeWare 7.3e Command Reference Guide

 show eaps

show eaps
show eaps {<name>} {detail}

Description
Displays EAPS status information.

Syntax Description

name Specifies the name of an EAPS domain.

detail Specifies all available detail for each domain.

Default
N/A.

Usage Guidelines
If you enter the show eaps command without a keyword, the command displays less than with the
detail keyword.

Use the optional domain name parameter to display status information for a specific EAPS domain.

The output displayed by this command depends on whether the node is a transit node or a master
node. The display for a transit node contains information fields that are not shown for a master node.
Also, some state values are different on a transit node than on a master node.

The fields displayed are as follows:

EAPS Enabled: Current state of EAPS on this switch:

EAPS Fast Convergence:
Number of EAPS instances:
EAPSD-Bridge links:
Name:
(instance= )
• Yes—EAPS is enabled on the switch.
• No—EAPS is not enabled.
Displays only when Fast Convergence is on.
Number of EAPS domains created. The maximum number of EAPS domains
per switch is 64.
The total number of EAPS bridge links in the system. The maximum count is
4096. Each time a VLAN is added to EAPS, this count increments by 1.
The configured name for this EAPS domain.
The instance number is created internally by the system.

ExtremeWare 7.3e Command Reference Guide 647

EAPS Commands

State: On a transit node, the command displays one of the following states:
• Idle—The EAPS domain has been enabled, but the configuration is not
complete.
• Links-Up—This EAPS domain is running, and both its ports are up and in
the FORWARDING state.
• Links-Down—This EAPS domain is running, but one or both of its ports are
down.
• Preforwarding—This EAPS domain is running, and both of its ports are up,
but one of them is in a temporary BLOCKED state.
On a master node, the command displays one of the following states:
• Idle—The EAPS domain has been enabled, but the configuration is not
complete.
• Init—The EAPS domain has started but has not yet determined the status
of the ring. The secondary port is in a BLOCKED state.
• Complete—The ring is in the COMPLETE state for this EAPS domain.
• Failed—There is a break in the ring for this EAPS domain.
• [Failtimer Expired]—When the failtimer expires and it’s action is set to
send-alert, this flag is set. This flag indicates there is a misconfiguration or
hardware problem in the EAPS ring. The EAPS master node will continue
to remain in COMPLETE or INIT state with it’s secondary port blocking.
[Running: …] • Yes—This EAPS domain is running.
• No—This EAPS domain is not running.
Enabled: Indicates whether EAPS is enabled on this domain.
• Y—EAPS is enabled on this domain.
• N—EAPS is not enabled.
Mode: The configured EAPS mode for this switch: transit (T) or master (M).
Primary/Secondary port: The port numbers assigned as the EAPS primary and secondary ports. On the
master node, the port distinction indicates which port is blocked to avoid a
loop.
Port status: • Unknown—This EAPS domain is not running, so the port status has not yet
been determined.
• Up—The port is up and is forwarding data.
• Down—The port is down.
• Blocked—The port is up, but data is blocked from being forwarded.
Tag status: Tagged status of the control VLAN:
• Tagged—The control VLAN has this port assigned to it, and the port is
tagged in the VLAN.
• Untagged—The control VLAN has this port assigned to it, but the port is
untagged in the control VLAN.
• Undetermined—Either a VLAN has not been added as the control VLAN to
this EAPS domain or this port has not been added to the control VLAN.
Hello Timer interval: The configured value of the timer in seconds, specifying the time that the
master node waits between transmissions of health check packets.
Fail Timer interval: The configured value of the timer in seconds, specifying the time that the
master node waits before the failtimer expires.

648 ExtremeWare 7.3e Command Reference Guide

 show eaps

Failtimer expiry action: Displays the action taken when the failtimer expires:
• Send-alert—Sends a critical message to the syslog when the failtimer
expires.
• Open-secondary-port—Opens the secondary port when the failtimer
expires.
Displays only for master nodes.
Preforwarding Timer interval:1 The configured value of the timer. This value is set internally by the EAPS
software.
Last update:1 Displayed only for transit nodes; indicates the last time the transit node
received a hello packet from the master node (identified by its MAC address).
EAPS Domain has … Controller Lists the assigned name and ID of the control VLAN.
Vlans:
EAPS Domain has … Protected Lists the assigned names and VLAN IDs of all the protected VLANs
Vlans:2 configured on this EAPS domain.
Number of Protected Vlans: The count of protected VLANs configured on this EAPS domain.
1. These fields apply only to transit nodes; they are not displayed for a master node.
2. This list is displayed when you use the detail keyword in the show eaps command.

Example
The following command displays detailed EAPS information for domain “eaps1”:
show eaps eaps1 detail

The results for domain “eaps1” on a master node are shown as follows:
Name: "eaps1" (instance=0)
State: Complete [Running: Yes]
Enabled: Yes Mode: Master
Primary port: 10 Port status: Up Tag status: Tagged
Secondary port: 20 Port status: Blocked Tag status: Tagged
Hello Timer interval: 1 sec Fail Timer interval: 3 sec
Fail timer expiry action: Send alert
Last update: From Master Id 00:04:96:18:40:92, at Wed Jan 28 15:58:20 2004
EAPS Domain has following Controller Vlan:
Vlan Name VID QosProfile
"cvlan" 0100 QP8
EAPS Domain has following Protected Vlan(s):
Vlan Name VID QosProfile
"pvlan" 0200 QP1
Number of Protected Vlans: 1

The following command displays detailed EAPS information:

show eaps detail

The results for a transit node are shown as follows:

EAPS Enabled: Yes
Number of EAPS instances: 1
EAPSD-Bridge links: 2

Name: "eaps1" (instance=0)

State: Links-Up [Running: Yes]
Enabled: Yes Mode: Transit
Primary port: 10 Port status: Up Tag status:Tagged
Secondary port: 20 Port status: Up Tag status:Tagged

ExtremeWare 7.3e Command Reference Guide 649

EAPS Commands

Hello Timer interval: 1 sec Fail Timer interval: 3 sec

Preforwarding Timer interval: 6 sec
Last update: From Master Id 00:04:96:14:46:B0, at Wed Jan 28 15:38:16
2004
EAPS Domain has following Controller Vlan:
Vlan Name VID QosProfile
"cvlan" 0100 QP8
EAPS Domain has following Protected Vlan(s):
Vlan Name VID QosProfile
"pvlan" 0200 QP1
Number of Protected Vlans: 1

The following command displays EAPS information:

show eaps eaps1

The results for a transit node are shown as follows:

Name: "eaps1" (instance=0)
State: Links-Up [Running: Yes]
Enabled: Yes Mode: Transit
Primary port: 10 Port status: Up Tag status:Tagged
Secondary port: 20 Port status: Up Tag status:Tagged
Hello Timer interval: 1 sec Fail Timer interval: 3 sec
Preforwarding Timer interval: 6 sec
Last update: From Master Id 00:04:96:14:46:B0, at Wed Jan 28 15:38:23
2004
EAPS Domain has following Controller Vlan:
Vlan Name VID QosProfile
"cvlan" 0100 QP8
Number of Protected Vlans: 1

* Summit400-48t:67 #

The following command displays summary EAPS information:

show eaps summary

The results for this command are as follows:

EAPS Enabled: Yes
Number of EAPS instances: 1
EAPSD-Bridge links: 2

Pri Sec Vlan

Domain State Mo En Port Port Control-Vlan (VID) count
------------ ------------ -- -- ------- ------- ------------------ -----

eaps1 Complete M Y 10 20 cvlan (0100) 1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

650 ExtremeWare 7.3e Command Reference Guide

 show eaps shared-port

show eaps shared-port

show eaps shared-port [detail]

Description
Displays shared-port information for one or more EAPS domains.

Syntax Description

detail Specifies to display the status of all segments and VLANs.

Default
N/A.

Usage Guidelines
If you enter the show eaps shared-port command without an argument or keyword, the command
displays a summary of status information for all configured EAPS shared ports. You can use the detail
keyword to display more detailed status information about the segments and VLANs associated with
each shared port.

The fields displayed are as follows:

Example
The following command displays shared-port statistics on “eaps2”, “eaps3”, and “eaps4”: The EAPS
domain is in a “ready” state in this example:
show eaps shared-port

The results for this command are as follows:

BD_3_42:7 # show eaps shared-port

EAPS shared-port count: 1

Link Domain Vlan RB RB

Shared-port Mode Id Up State count count Nbr State Id
----------- ---------- ---- -- --------- ------ ----- --- ------- -----
1:1 Controller 2 Y Ready 3 1 Yes None None

EAPS Domain list: "eaps2" "eaps3" "eaps4"

History
This command was first available in ExtremeWare.7.3e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 651

EAPS Commands

show eaps summary

show eaps summary

Description
Displays summary information on one or more EAPS domains.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Displays EAPS domains and associated info such as Domain Name, Domain State, EAPS Mode,
Enabled State, Control VLAN and VLAN ID and the Number of Protect VLANs in the domain. This is
helpful when viewing the status info for large numbers of EAPS domains quickly.

Example
The following command displays summary EAPS information on a transit node:
show eaps summary

The results for this command are as follows:

EAPS Enabled: Yes
Number of EAPS instances: 3
EAPSD-Bridge links: 6

Pri Sec Vlan

Domain State Mo En Port Port Control-Vlan (VID) count
------------ ------------ -- -- ------- ------- -----------------------
eaps4 Links-Up T Y 1:1 1:4 cv4 (1004) 1
eaps3 Links-Up T Y 1:1 1:3 cv3 (1003) 1
eaps2 Links-Up T Y 1:1 1:2 cv2 (1002) 1

EAPS shared-port count: 1

Link Domain Vlan RB RB

Shared-port Mode Id Up State count count Nbr State Id
----------- ---------- ---- -- --------- ------ ----- --- ------- -----
1:1 Controller 2 Y Ready 3 1 Yes None None
EAPS Domain list: "eaps2" "eaps3" "eaps4"

652 ExtremeWare 7.3e Command Reference Guide

 show eaps summary

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 653

EAPS Commands

unconfigure eaps shared-port link-id

unconfigure eaps shared-port <port> link-id

Description
Unconfigures an EAPS link ID on a shared port on the switch.

Syntax Description

port Specifies the port number of the Common Link port.

Default
N/A.

Usage Guidelines
None.

Example
The following command unconfigures the link ID on shared port 1.
unconfigure eaps shared-port 1 link-id

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

654 ExtremeWare 7.3e Command Reference Guide

 unconfigure eaps shared-port mode

unconfigure eaps shared-port mode

unconfigure eaps shared-port <port> mode

Description
Unconfigures the EAPS shared port mode.

Syntax Description

port Specifies the port number of the Common Link port.

Default
N/A.

Usage Guidelines
None.

Example
The following command unconfigures the shared port mode on port 1.
unconfigure eaps shared-port 1 mode

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 655

EAPS Commands

unconfigure eaps port

unconfigure eaps <name> [primary | secondary] port

Description
Sets the specified port’s internal configuration state to INVALID.

Syntax Description

name Specifies the name of an EAPS domain.

primary Specifies that the primary port should be unconfigured.
secondary Specifies that the secondary port should be unconfigured.

Default
N/A.

Usage Guidelines
Unconfiguring an EAPS port sets its internal configuration state to INVALID, which causes the port to
appear in the Idle state with a port status of Unknown when you use the show eaps detail command
to display the status information about the port.

Example
The following command unconfigures this node’s EAPS primary ring port on the domain eaps_1:
unconfig eaps eaps_1 primary port

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

656 ExtremeWare 7.3e Command Reference Guide

14 ESRP Commands

This chapter describes the following commands:

• Commands for enabling and disabling ESRP
• Commands for performing basic ESRP configuration
• Commands for enabling and disabling port restart and failure tracking for ESRP
• Commands for displaying ESRP configuration information
• Commands for enabling and disabling ELRP in an ESRP environment
• Commands for enabling, disabling, configuring, and monitoring the Extreme Link Status Monitoring
(ELSM) protocol

ESRP is a feature of ExtremeWare that allows multiple switches to provide redundant layer 3 routing
services to users. In addition to providing layer 3 routing redundancy, ESRP also provides for layer 2
redundancy. These “layered” redundancy features can be used in combination or independently. The
layer 2 redundancy features of ESRP offer fast failure recovery and provide for dual-homed system
design. In some instances, depending on network system design, ESRP can provide better resiliency
than using the Spanning Tree Protocol (STP) or Virtual Router Redundancy Protocol (VRRP).

Extreme switches that are not running ESRP, but are connected on a network that has other Extreme
switches running ESRP are ESRP-aware. This means that when Extreme switches are attached to the
ESRP-enabled switches, the non-ESRP switches reliably perform fail-over and fail-back scenarios in the
prescribed recovery times. No configuration of this feature is necessary.

NOTE
If you disable EDP on the switch, the switch is no longer ESRP-aware.

ESRP is configured on a per-VLAN basis on each switch. A maximum of four switches can participate
in providing redundant layer 3 or layer 2 services to a single VLAN. The switches exchange keep-alive
packets for each VLAN independently. Only one switch can actively provide layer 3 routing and/or
layer 2 switching for each VLAN. The switch performing the forwarding for a particular VLAN is
considered the “master” for that VLAN. Other participating switches for the VLAN are in slave mode.

To have two or more switches participate in ESRP, the following must be true:
• For each VLAN to be made redundant, the switches must have the ability to exchange packets on
the same layer 2 broadcast domain for that VLAN. Multiple paths of exchange can be used.

ExtremeWare 7.3e Command Reference Guide 657

ESRP Commands

• For a VLAN to be recognized as participating in ESRP, the assigned IP address or the IPX NETid for
the separate switches must be identical. Other aspects of the VLAN, including its name, are ignored.
• ESRP must be enabled on the desired VLANs for each switch. ESRP cannot be enabled on the VLAN
“default.”
• Extreme Discovery Protocol (EDP) must be enabled on the ports that are members of the ESRP
VLANs. (The default setting is enabled.)

ESRP can also be enabled on super-VLANs. The super-VLAN must be configured with all the ports as
the sub-VLANs.

It is highly recommended that all switches participating in ESRP run the same version of ExtremeWare.
Not all ESRP features are available in all ExtremeWare software releases.

Extreme Loop Recovery Protocol (ELRP) is a feature of ExtremeWare that allows you to prevent, detect,
and recover from layer 2 loops in the network. You can use ELRP with other protocols such as ESRP.

With ELRP, each switch, except for the sender, treats the ELRP PDU as a layer 2 multicast packet. The
sender uses the source and destination MAC addresses to identify the packet it sends and receives.
When the sender receives its original packet back, that triggers loop detection and prevention. Once a
loop is detected, the loop recovery agent is notified of the event and takes the necessary actions to
recover from the loop. ELRP operates only on the sending switch; therefore, ELRP operates
transparently across the network.

NOTE
Because ELRP introduces the pre-master state to ESRP, you must upgrade all ESRP-enabled switches
within an ESRP domain to ExtremeWare 6.2.2b134 (or later) for ESRP to operate correctly. Earlier
ExtremeWare releases do not recognize the pre-master state.

658 ExtremeWare 7.3e Command Reference Guide

 clear elrp stats

clear elrp stats

clear elrp stats {vlan <vlan name>}

Description
Clears the transmitted and received ELRP packet counters.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

Default
N/A.

Usage Guidelines
If you do not specify the optional vlan name parameter, you clear the system level ELRP counters, the
VLAN counters, and the global counters.

If you specify the optional vlan name parameter, you clear the counters for a specific VLAN.

Example
The following command clears the ELRP system counters:
clear elrp stats

The following command clears the VLAN counters on VLAN elrp1:

clear elrp stats elrp1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platform.

ExtremeWare 7.3e Command Reference Guide 659

ESRP Commands

configure esrp port-mode ports

configure esrp port-mode [host | normal] ports <portlist> {don’t-count}

Description
Configures the ESRP port mode for ESRP host attach.

Syntax Description

host Specifies that the ports should be configured as host ports.

normal Specifies that the ports should be configured as normal ports.
portlist Specifies the list of ports that should be configured. May be in the form 1, 2,
3-5.
don’t-count Specifies that ports should not be counted as active ports.

Default
Normal.

Usage Guidelines
This feature is useful in dual-homed server environments in conjunction with high availability server
load-balancing (SLB) configurations.

Ports configured as normal ports do not accept or transmit Layer 2 or Layer 3 traffic when the local
ESRP device is a slave.

Ports configured as host ports allow configured ports that do not represent loops to the network to
continue operation independent of ESRP status. The command sets the port to forward, allowing those
ports directly attached to the slave’s hosts to communicate with other hosts that are connected to the
master. If you use load sharing with the host attach feature, configure all ports in the same load sharing
groups as host attach ports.

don’t-count has the effect of not counting the host ports and normal ports as active ports. This has the
convenience of minimal ESRP state changes due to frequent client activities like reboots and unplugging
laptops. If you use load sharing with the don’t count feature, configure all ports in the same load
sharing group as don’t count ports.

An L2 connection for VLANs between ESRP switches is required.

Example
The following command configures ports 1 through 5 as host ports, and prevents them from being
counted as active ports:
configure esrp port-mode host ports 1-5 don’t-count

History
This command was first available in ExtremeWare 7.3e.

660 ExtremeWare 7.3e Command Reference Guide

 configure esrp port-mode ports

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 661

ESRP Commands

configure vlan add domain-member vlan

configure vlan <super_esrp_vlan> add domain-member vlan <sub_esrp_vlan>

Description
Adds a VLAN to an ESRP domain.

Syntax Description

super_esrp_vlan Specifies the name of an ESRP-enabled domain master-VLAN.

sub_esrp_vlan Specifies the name of a domain member-VLAN.

Default
N/A.

Usage Guidelines
ESRP is performed in the domain master VLAN only, and not the other domain members. The domain
master VLAN controls member VLANs whether they are in forward or blocked states.

The domain master does not need to have all the ports as the domain members. Domain master VLANs
can have their own set of ports and the members can have different ports.

Example
The following command adds the domain member-VLAN sub_esrp1 to ESRP-enabled domain
master-VLAN esrp-super:
configure vlan esrp-super add domain-member vlan sub_esrp1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

662 ExtremeWare 7.3e Command Reference Guide

 configure vlan add elrp-poll ports

configure vlan add elrp-poll ports

configure vlan <vlan name> add elrp-poll ports [<portlist> | all]

Description
Configures the ports of a VLAN where ELRP packet transmission is requested by ESRP.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

portlist Specifies list of ports or slots and ports. May be in the form 1, 2, 3-5.
all Specifies all ports in the VLAN.

Default
All ports of an ESRP-enabled VLAN have ELRP transmission enabled.

Usage Guidelines
This command allows you to configure the ports in your network that might experience loops, such as
ports that connect to master, slave, or ESRP-aware switches, to receive ELRP packets. You do not need
to send ELRP packets to host ports.

Example
The following command enables ELRP packet transmission for ports 3-5 on VLAN esrp1:
configure vlan esrp1 add elrp-poll ports 3-5

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 663

ESRP Commands

configure vlan add ports no-restart

configure vlan <vlan name> add ports [<portlist> | all] no-restart

Description
Disables port restart for a port.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

portlist Specifies list of ports or slots and ports. May be in the form 1, 2, 3-5.
all Specifies all ports.

Default
N/A.

Usage Guidelines
To disable port restart, you either delete the ports and then add them again with the no-restart
option, or directly add the ports with the no-restart option.

Example
The following command disables port restart for ports 7-9 on VLAN esrp1:
configure vlan esrp1 add ports 7-9 no-restart

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

664 ExtremeWare 7.3e Command Reference Guide

 configure vlan add ports restart

configure vlan add ports restart

configure vlan <vlan name> add ports [<portlist> | all] restart

Description
Configures ESRP to restart ports if there is a state change and the downstream switch is from another
vendor.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

portlist Specifies list of ports or slots and ports. May be in the form 1, 2, 3-5.
all Specifies all ports.

Default
N/A.

Usage Guidelines
If a VLAN becomes a slave, ESRP disconnects member ports that have port restart enabled. The
disconnection of these ports causes downstream devices to remove the ports from their FDB tables.
After 3 seconds the ports re-establish connection with the ESRP-enabled device. This feature allows you
to use ESRP in networks that include equipment from other vendors.

Example
The following command enables port restart for ports 7-9 on VLAN esrp1:
configure vlan esrp1 add ports 7-9 restart

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 665

ESRP Commands

configure vlan add track-diagnostic

configure vlan <vlan name> add track-diagnostic failover <priority>

Description
Configures backplane diagnostics failure tracking for an ESRP-enabled VLAN.

Syntax Description

vlan name Specifies a VLAN name.

priority Specifies a number between 0 and 255.

Default
No diagnostic tracking.

Usage Guidelines
If a diagnostic failure is detected, the ESRP VLAN priority steps to the failover-priority value specified.
By setting the failover priority to be lower than the normal priority of the VLAN, it will cause the
affected VLAN to go into standby.

The range of the priority value is 0 to 254. Setting the priority to 255 configures the switch to slave
mode, and makes it ineligible to become the master. The switch will remain in slave mode even when
the VLAN fails over from the current master.

To make effective use of this feature, the normal priority of the ESRP-enabled VLANs must be higher
than the failover priority of this command.

Example
The following command enables diagnostic failure tracking, and specifies that the ESRP priority for
VLAN esrp-1 be set to 10 upon a diagnostic failure.
configure vlan esrp-1 add track-diagnostic failover 10

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

666 ExtremeWare 7.3e Command Reference Guide

 configure vlan add track-environment

configure vlan add track-environment

configure vlan <vlan name> add track-environment failover <priority>

Description
Configures an ESRP-enabled VLAN to track environmental failures.

Syntax Description

vlan name Specifies a VLAN name.

priority Specifies a number between 0 and 255.

Default
No environmental tracking.

Usage Guidelines
Environmental tracking tracks fan, power supply, and chassis temperature status.

If a failure is detected, the ESRP VLAN priority steps to the failover-priority value specified. By setting
the failover priority to be lower than the normal priority of the VLAN, it will cause the affected VLAN
to go into standby.

The range of the priority value is 0 to 254. Setting the priority to 255 configures the switch to slave
mode, and to be ineligible to become the master. The switch will remain in slave mode even when the
VLAN fails over from the current master.

To make effective use of this feature, the normal priority of the ESRP-enabled VLANs must be higher
than the failover priority of this command.

Example
The following command enables diagnostic failure tracking, and specifies that the ESRP priority for
VLAN esrp-1 be set to 10 upon a diagnostic failure.
configure vlan esrp-1 add track-environment failover 10

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 667

ESRP Commands

configure vlan add track-iproute

configure vlan <vlan name> add track-iproute <ip address>/<masklength>

Description
Configures an ESRP-enabled VLAN or a VRRP VLAN to track a route entry in the kernel route table.

Syntax Description

vlan name Specifies an ESRP-enabled or VRRP VLAN name.

ip address Specifies the IP address of the route entry to be tracked.

Default
No route tracking.

Usage Guidelines
If the specified routes are not reachable, the device automatically relinquishes master status and remains
in slave mode (for ESRP) or backup mode (for VRRP).

This command can be used with both ESRP-enabled VLANs and VRRP VLANs.

Example
The following command enables IP route failure tracking for routes to the specified subnet:
configure vlan esrp-1 add track-iproute 192.168.46.0/24

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

668 ExtremeWare 7.3e Command Reference Guide

 configure vlan add track-ospf

configure vlan add track-ospf

configure vlan <vlan name> add track-ospf failover <priority>

Description
Configures an ESRP-enabled VLAN to track any available OSPF route.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

priority Specifies a number between 0 and 255.

Default
No OSPF route tracking.

Usage Guidelines
The switch cannot be the ESRP master if none of the specified routes are reachable.

If no OSPF routes are detected, the ESRP VLAN priority steps to the failover-priority value specified. By
setting the failover priority to be lower than the normal priority of the VLAN, it will cause the affected
VLAN to go into standby.

The range of the priority value is 0 to 254. Setting the priority to 255 configures the switch to slave
mode, and to be ineligible to become the master. The switch will remain in slave mode even when the
VLAN fails over from the current master.

To make effective use of this feature, the normal priority of the ESRP-enabled VLANs must be higher
than the failover priority of this command.

Example
The following command enables OSPF route failure tracking, and specifies that the ESRP priority for
VLAN esrp-1 be set to 10 when all OSPF routes become unreachable:
configure vlan esrp-1 add track-ospf failover 10

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 669

ESRP Commands

configure vlan add track-ping

configure vlan <vlan name> add track-ping <ip address> frequency <seconds>
miss <number>

Description
Configures an ESRP-enabled VLAN or VRRP VLAN to track an external gateway using ping.

Syntax Description

vlan name Specifies an ESRP-enabled or VRRP VLAN name.

ip address Specifies the IP address of the external gateway.
seconds Specifies the interval in seconds between ping requests.
number Specifies the number of consecutive ping failures that will initiate failover to an
ESRP slave or VRRP backup router.

Default
No ping tracking. Default miss number for VRRP is 3 consecutive missed ping responses.

Usage Guidelines
If the external gateway is not reachable as indicated by consecutive ping failures, the device
automatically relinquishes master status and remains in slave mode (for ESRP) or backup mode (for
VRRP).

This command can be used with both ESRP-enabled VLANs and VRRP VLANs.

Example
The following command enables ping tracking for the external gateway at 10.207.29.17, pinging every 10
seconds, and considering the gateway to be unreachable if no response is received to 5 consecutive
pings:
configure vlan esrp-1 add track-ping 10.207.29.17 frequency 10 miss 5

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

670 ExtremeWare 7.3e Command Reference Guide

 configure vlan add track-rip

configure vlan add track-rip

configure vlan <vlan name> add track-rip failover <priority>

Description
Configures an ESRP-enabled VLAN to track any available RIP route.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

priority Specifies a number between 0 and 255.

Default
No RIP route tracking.

Usage Guidelines
If no RIP routes are detected, the ESRP VLAN priority steps to the failover-priority value specified. By
setting the failover priority to be lower than the normal priority of the VLAN, it will cause the affected
VLAN to go into standby.

The range of the priority value is 0 to 254. Setting the priority to 255 configures the switch to slave
mode, and to be ineligible to become the master. The switch will remain in slave mode even when the
VLAN fails over from the current master.

To make effective use of this feature, the following should be true:

• The priority field should be given precedence over the other election factors by assigning the
priority-ports-track-mac election algorithm to the VLAN.
• The normal priority of the ESRP-enabled VLANs must be higher than the failover priority of this
command.

Example
The following command enables RIP route tracking, and specifies that the ESRP priority for VLAN
esrp-1 be set to 10 upon a diagnostic failure:
configure vlan esrp-1 add track-rip failover 10

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 671

ESRP Commands

configure vlan add track-vlan

configure vlan <vlan name> add track-vlan <vlan_tracked>

Description
Configures an ESRP-enabled VLAN or a VRRP VLAN to track port connectivity to a specified VLAN.

Syntax Description

vlan name Specifies an ESRP-enabled or VRRP VLAN name.

vlan_tracked Specifies the VLAN to be tracked.

Default
Disabled.

Usage Guidelines
If no active ports remain on the specified VLANs, the device automatically relinquishes master status
and remains in slave mode (for ESRP) or backup mode (for VRRP).

An ESRP or VRRP VLAN can track one VLAN.

This command can be used with both ESRP-enabled VLANs and VRRP VLANs.

Example
The following command enables ESRP-enabled VLAN esrp-1 to track port connectivity to VLAN
engineering:
configure vlan esrp-1 add track-vlan engineering

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

672 ExtremeWare 7.3e Command Reference Guide

 configure vlan delete domain-member vlan

configure vlan delete domain-member vlan

configure vlan <super_esrp_vlan> delete domain-member vlan <sub_esrp_vlan>

Description
Deletes a VLAN from an ESRP domain.

Syntax Description

super_esrp_vlan Specifies a domain master-VLAN name.

sub_esrp_vlan Specifies a domain member-VLAN name.

Default
N/A.

Usage Guidelines
The domain master does not need to have all the ports as the domain members. Domain master VLANs
can have their own set of ports and the members can have different ports.

Example
The following command deletes the domain member-VLAN sub_esrp1 from ESRP-enabled domain
master-VLAN esrp-super:
configure vlan esrp-super delete domain-member vlan sub_esrp1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 673

ESRP Commands

configure vlan delete elrp-poll ports

configure vlan <vlan name> delete elrp-poll ports [<portlist> | all]

Description
Disables ELRP packet transmission on ports of an ESRP-enabled VLAN.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

portlist Specifies list of ports or slots and ports. May be in the form 1, 2, 3-5.
all Specifies all ports in the VLAN.

Default
All ports of an ESRP-enabled VLAN have ELRP transmission enabled.

Usage Guidelines
If you have host ports on an ESRP-enabled VLAN, you do not need to send ELRP packets to those
ports.

If you change your network configuration, and a port no longer connects to a master, slave, or
ESRP-aware switch, you can disable ELRP transmission on that port.

Example
The following command disables ELRP packet transmission for ports 3-5 on VLAN esrp1:
configure vlan esrp1 delete elrp-poll ports 3-5

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

674 ExtremeWare 7.3e Command Reference Guide

 configure vlan delete track-diagnostic

configure vlan delete track-diagnostic

configure vlan <vlan name> delete track-diagnostic

Description
Disables diagnostics failure tracking for an ESRP-enabled VLAN.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables diagnostic failure tracking for VLAN esrp-1:
configure vlan esrp-1 delete track-diagnostic

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 675

ESRP Commands

configure vlan delete track-environment

configure vlan <vlan name> delete track-environment

Description
Disables environmental failure tracking.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables environmental failure tracking for VLAN esrp-1:
configure vlan esrp-1 delete track-environment

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

676 ExtremeWare 7.3e Command Reference Guide

 configure vlan delete track-iproute

configure vlan delete track-iproute

configure vlan <vlan name> delete track-iproute <ipaddress>/<masklength>

Description
Disables route table entry tracking for an ESRP-enabled VLAN or a VRRP VLAN.

Syntax Description

vlan name Specifies an ESRP-enabled or VRRP VLAN name.

ipaddress Specifies the IP address of the route entry to be tracked.

Default
N/A.

Usage Guidelines
This command can be used with both ESRP-enabled VLANs and VRRP VLANs.

Example
The following command disables tacking of routes to the specified subnet for VLAN esrp-1:
configure vlan esrp-1 delete track-iproute 192.168.46.0/24

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 677

ESRP Commands

configure vlan delete track-ospf

configure vlan <vlan name> delete track-ospf

Description
Disables OSPF route tracking for an ESRP-enabled VLAN.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables OSPF route tracking for VLAN esrp-1:
configure vlan esrp-1 delete track-ospf

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

678 ExtremeWare 7.3e Command Reference Guide

 configure vlan delete track-ping

configure vlan delete track-ping

configure vlan <vlan name> delete track-ping <ipaddress>

Description
Disables the tracking of an external gateway using ping.

Syntax Description

vlan name Specifies an ESRP-enabled or VRRP VLAN name.

ipaddress Specifies the IP address of the external gateway.

Default
N/A.

Usage Guidelines
This command can be used with both ESRP-enabled VLANs and VRRP VLANs.

Example
The following command disables ping tracking for the external gateway at 10.207.29.17:
configure vlan esrp-1 delete track-ping 10.207.29.17

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 679

ESRP Commands

configure vlan delete track-rip

configure vlan <vlan name> delete track-rip

Description
Disables RIP route tracking for an ESRP-enabled VLAN.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

Default
No RIP route tracking.

Usage Guidelines
None.

Example
The following command disables RIP route failure tracking for VLAN esrp-1:
configure vlan esrp-1 delete track-rip

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

680 ExtremeWare 7.3e Command Reference Guide

 configure vlan delete track-vlan

configure vlan delete track-vlan

configure vlan <vlan name> delete track-vlan <vlan_tracked>

Description
Disables the tracking of port connectivity to a specified VLAN.

Syntax Description

vlan name Specifies an ESRP-enabled or VRRP VLAN name.

vlan_tracked Specifies the VLAN to be tracked.

Default
N/A.

Usage Guidelines
This command can be used with both ESRP-enabled VLANs and VRRP VLANs.

Example
The following command disables the tracking of port connectivity to VLAN engineering:
configure vlan esrp-1 delete track-vlan engineering

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 681

ESRP Commands

configure vlan esrp elrp-master-poll disable

configure vlan <vlan name> esrp elrp-master-poll disable

Description
Disables the use of ELRP by ESRP in the master state.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

Default
Disabled.

Usage Guidelines
Use this command to disable the use of ELRP by ESRP in the master state. When you disable ELRP, the
ESRP master switch no longer transmits ELRP PDUs to detect network loops.

Example
The following command disables the use of ELRP in the master state on the ESRP-enabled VLAN
elrp1:
configure vlan elrp1 esrp elrp-master poll disable

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

682 ExtremeWare 7.3e Command Reference Guide

 configure vlan esrp elrp-master-poll enable

configure vlan esrp elrp-master-poll enable

configure vlan <vlan name> esrp elrp-master-poll enable {interval
<seconds>}

Description
Enables the use of ELRP by ESRP in the master state, and configures how often the master checks for
loops in the network.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

seconds Specifies how often, in seconds, successive ELRP packets are sent. The
default is 1 second. The range is 1 to 32 seconds.

Default
• Use of ELRP in the master state—disabled
• Interval—1 second

Usage Guidelines
Use this command to enable the use of ELRP by ESRP in the master state. When an ESRP-enabled
switch is in the master state, and you enable elrp-master-poll, the switch periodically sends ELRP PDUs
at the configured interval level. If a loop is detected in the network, the transmitted PDUs are received
by the switch. The ESRP master switch then transitions to the slave state to break the network loop.

Specify the interval parameter to configure how often successive ELRP PDUs are sent while in the
master state. If you do not specify an interval value, the default value is used.

Example
The following command enables the use of ELRP in the master state on the ESRP-enabled VLAN elrp1:
configure vlan elrp1 esrp elrp-master poll enable

The following command configures the ESRP master to check for loops in the network every 3 seconds:

configure vlan elrp1 esrp elrp-master-poll enable interval 3

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 683

ESRP Commands

configure vlan esrp elrp-premaster-poll disable

configure vlan <vlan name> esrp elrp-premaster-poll disable

Description
Disables the use of ELRP by ESRP in the pre-master state.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

Default
Disabled.

Usage Guidelines
Use this command to disable the use of ELRP by ESRP in the pre-master state. When you disable ELRP
in the pre-master state, the ESRP pre-master switch no longer transmits ELRP PDUs to detect network
loops prior to changing to the master state.

Example
The following command disables the use of ELRP in the pre-master state on the ESRP-enabled VLAN
elrp1:
configure vlan elrp1 esrp elrp-premaster poll disable

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

684 ExtremeWare 7.3e Command Reference Guide

 configure vlan esrp elrp-premaster-poll enable

configure vlan esrp elrp-premaster-poll enable

configure vlan <vlan name> esrp elrp-premaster-poll enable {count <number>
| interval <seconds>}

Description
Enables the use of ELRP by ESRP in the pre-master state, and configures how many times the switch
sends ELRP PDUs and how often the switch sends ELRP PDUS in the pre-master state.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

number Specifies the number of times the switch sends ELRP PDUs. The default is 3.
The range is 1to 32.
seconds Specifies how often, in seconds, the ELRP PDUs are sent. The default is 1
second. The range is 1 to 32 seconds.

Default
• Use of ELRP in the pre-master state—disabled
• Count—3 times
• Interval—1 second

Usage Guidelines
Use this command to enable the use of ELRP by ESRP in the pre-master state to prevent network loops
from occurring. When an ESRP-enabled switch is in the pre-master state (waiting to become the master),
and you enable elrp-premaster-poll, the switch periodically sends ELRP PDUs at the configure level for
a specified number of times. If there is a loop in the network, the transmitted PDUs are received by the
switch. If this happens, the ESRP pre-master switch does not transition to the master state; rather, the
switch transitions to the slave state.

If you do not specify the optional count or interval parameters, the default values are used.

If no packets are received by the sender, there is no loop in the network.

Example
The following command enables the use of ELRP in the pre-master state on the ESRP-enabled VLAN
elrp1:
configure vlan elrp1 esrp elrp-premaster poll enable

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 685

ESRP Commands

configure vlan esrp esrp-election

configure vlan <vlan name> esrp esrp-election [ports-track-priority |
ports-track-priority-mac | track-ports-priority | track-ports-priority-mac
| priority-ports-track-mac | priority-track-ports-mac | priority-mac-only]

Description
Configures the election algorithm on the switch.

Syntax Description

vlan name Specifies a VLAN name.

ports-track-priority
ports-track-priority-mac
track-ports-priority
track-ports-priority-mac
priority-ports-track-mac
priority-track-ports-mac
priority-mac-only
Specifies that this VLAN should consider election factors in the following
order: Active ports, tracking information, ESRP priority.
Specifies that this VLAN should consider election factors in the following
order: Active ports, tracking information, ESRP priority, MAC address. This is
the default election algorithm.
Specifies that this VLAN should consider election factors in the following
order: Tracking information, active ports, ESRP priority.
Specifies that this VLAN should consider election factors in the following
order: Tracking information, active ports, ESRP priority, MAC address.
Specifies that this VLAN should consider election factors in the following
order: ESRP priority, active ports, tracking information, MAC address.
Specifies that this VLAN should consider election factors in the following
order: ESRP priority, tracking information, active ports, MAC address.
Specifies that this VLAN should consider election factors in the following
order: ESRP priority, MAC address.

Default
ports_track_priority_mac election algorithm.

Usage Guidelines
The election algorithm determines the order of precedence of the election factors used to determine the
ESRP Master. The election factors are:
• Active Ports (ports): the number of active ports (the switch with the highest number takes priority)
• Tracking Information (track): whether the switch is using ESRP tracking. A switch using tracking
has priority.
• ESRP Priority (priority): a user-defined priority number between 0 and 254. A higher number has
higher priority. The default priority setting is 0. A priority setting of 255 makes an ESRP switch
remain in slave mode and is the recommended setting for system maintenance. A switch with a
priority setting of 255 will never become the master.
• MAC address (mac): the switch MAC address. A higher-number address has priority.

The election algorithm must be the same on all switches for a particular VLAN.

686 ExtremeWare 7.3e Command Reference Guide

 configure vlan esrp esrp-election

The ports-track-priority or track-ports-priority options can be used to ensure that there is no

failback if the original Master recovers (the Master will have the same ports, tracks and priority, but a
higher MAC).

If a switch is master, it actively provides layer 3 routing services to other VLANs, and layer 2 switching
between all the ports of that VLAN. Additionally, the switch exchanges ESRP packets with other
switches that are in slave mode.

If a switch is in slave mode, it exchanges ESRP packets with other switches on that same VLAN. When
a switch is in slave mode, it does not perform layer 3 routing or layer 2 switching services for the
VLAN.

Example
The following command configures the election algorithm to use tracking information as the first
criteria for determining the ESRP master switch for VLAN esrp-1:
configure vlan esrp-1 esrp esrp-election track-ports-priority-mac

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 687

ESRP Commands

configure vlan esrp esrp-premaster-timeout

configure vlan <vlan name> esrp esrp-premaster-timeout <premaster-timer
(0-512, 0 restores dflt)>

Description
Configures the ESRP pre-master timeout value.

Syntax Description

vlan name Specifies a VLAN name.

premaster-timer Specifies the maximum length of time, in seconds, that the transitioning
master VLAN remains in the pre-master state. The range is 0 to 512.

Default
The default timeout is 6 seconds (three times the hello timer).

Usage Guidelines
The premaster-timer range is 0 - 512. If you set the premaster-timer to 0, ESRP uses the default. To
see the premaster-timer settings, use the show esrp vlan command.

CAUTION

Configure the pre-master state timeout only with guidance from Extreme Networks personnel.
Misconfiguration can severely degrade the performance of ESRP and your switch.

Example
The following command configures the pre-master timeout to 10 seconds for the VLAN esrp-1:
configure vlan esrp-1 esrp esrp-premaster-timeout 10

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

688 ExtremeWare 7.3e Command Reference Guide

 configure vlan esrp group

configure vlan esrp group

configure vlan <vlan name> esrp group <group_number>

Description
Configures the group number to be used for the ESRP VLAN.

Syntax Description

vlan name Specifies a VLAN name.

group_number Specifies the ESRP group to which this VLAN should be added.

Default
The default group number is 0.

Usage Guidelines
Each group runs an instance of ESRP within the same VLAN or broadcast domain. A maximum of four
ESRP groups can be defined within the same networked broadcast domain. In addition a maximum of
four distinct ESRP groups can be supported on a single ESRP switch.You can configure a maximum of
32 ESRP groups in a network.

The most typical application for multiple ESRP groups is when two or more sets of ESRP switches are
providing fast-failover protection within a common subnet for two or more groups of users. An
additional use for ESRP groups is ESRP Host Attach; ESRP VLANs that share ESRP HA ports must be
members of different ESRP groups.

Example
The following command configures VLAN esrp-1 to be a member of ESRP group 2:
configure vlan esrp-1 esrp group 2

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 689

ESRP Commands

configure vlan esrp group add esrp-aware-ports

configure vlan <vlan name> esrp group <group_number> add esrp-aware-ports
[all | <portlist>]

Description
Enables selective forwarding on an ESRP-aware VLAN.

Syntax Description

vlan name Specifies an ESRP-aware VLAN name.

group_number Specifies the ESRP group to which this ESRP-aware VLAN belongs.
all Specifies all of the ports to be configured.
portlist Specifies the ports to be configured. May be in the form 1, 2, 3-5.

Default
Disabled.

Usage Guidelines
An ESRP-aware switch floods ESRP PDUs to all ports in an ESRP-aware VLAN and the CPU. This
flooding increases the amount of network traffic because all ports receive ESRP PDUs, whether or not
they are connected to switches running the same ESRP group. To reduce the amount of traffic, you can
select the ports that receive ESRP PDUs by configuring selective forwarding on an ESRP-aware VLAN.
By configuring selective forwarding, you create a portlist for the ESRP groups associated with an
ESRP-aware VLAN, and that portlist is used for forwarding ESRP PDUs on the relevant ports only.

The ESRP group number must be the same as the ESRP-aware VLAN number.

If you specify the all or portlist options, the ports must be connected to switches running ESRP, and
the ports must connect to the ESRP master and slave switches.

When an ESRP-aware switch receives an ESRP PDU, the software will lookup the group to which the
PDU belongs and will forward the ESRP PDU to the group's portlist and the CPU.

Example
The following command configures ESRP-aware VLAN purple to receive ESRP PDUs on ports 1, 2, 3,
and 4:
configure vlan purple esrp group 1 add esrp-aware-ports 1-4

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

690 ExtremeWare 7.3e Command Reference Guide

 configure vlan esrp group delete esrp-aware-ports

configure vlan esrp group delete esrp-aware-ports

configure vlan <vlan name> esrp group <group_number> delete
esrp-aware-ports [all | <portlist>]

Description
Disables selective forwarding on an ESRP-aware VLAN.

Syntax Description

vlan name Specifies an ESRP-aware VLAN name.

group_number Specifies the ESRP group to which this ESRP-aware VLAN belongs.
all Specifies all of the ports to be disabled.
portlist Specifies the ports to be disabled. May be in the form 1, 2, 3-5.

Default
Disabled.

Usage Guidelines
An ESRP-aware switch floods ESRP PDUs to all ports in an ESRP-aware VLAN and the CPU. This
flooding increases the amount of network traffic because all ports, regardless if they are connected to
switches running the same ESRP group or not, receive ESRP PDUs. To reduce the amount of traffic, you
can select the ports that receive ESRP PDUs by configuring selective forwarding on an ESRP-aware
VLAN. By configuring selective forwarding, you create a portlist for the ESRP groups associated with
an ESRP-aware VLAN, and that portlist is used for forwarding ESRP PDUs on the relevant ports only.

If all ports are removed from the esrp-aware-ports list, selective forwarding is disabled.

Example
The following command disables selective forwarding for ESRP-aware VLAN purple:
configure vlan purple esrp group 1 delete esrp-aware-ports 1-4

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 691

ESRP Commands

configure vlan esrp priority

configure vlan <vlan name> esrp priority <value>

Description
Configures the ESRP priority.

Syntax Description

vlan name Specifies a VLAN name.

value Specifies a number between 0 and 255.

Default
Priority = 0.

Usage Guidelines
The ESRP priority is one of the factors used by the ESRP election algorithm in determining which
switch is the Master switch.

The range of the priority value is 0 to 254, with 0 being the lowest priority, 254 being the highest. If the
ESRP priority is the determining criteria for the election algorithm, the highest priority value
determines which switch will act as master for a particular VLAN.

Setting the priority to 255 configures the switch to slave mode, and to be ineligible to become the
master. The switch will remain in slave mode even when the VLAN fails over from the current master.
This feature is typically used to ensure a switch cannot become the ESRP master while it is offline for
servicing.

Example
The following command configures the ESRP priority to the highest priority on VLAN esrp-1:
configure vlan esrp-1 esrp priority 254

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

692 ExtremeWare 7.3e Command Reference Guide

 configure vlan esrp timer

configure vlan esrp timer

configure vlan <vlan name> esrp timer <timervalue> {esrp-nbr-timeout
<timeoutvalue>}

Description
Configures the ESRP timer values.

Syntax Description

vlan name Specifies a VLAN name.

timervalue Specifies the number of seconds between keep-alive packets. The range is 1
to 255 seconds.
esrp-nbr-timeout Specifies the number of seconds after which an ESRP neighbor times out.
The range is 3 to 7650 seconds.

Default
The default timervalue is 2 seconds.

The default neighbor timeout is 3 times the timervalue.

Usage Guidelines
The timer specifies the interval, in seconds, for exchanging keep-alive packets between the ESRP
switches for this VLAN. A lower value specifies a more frequent exchange of keep-alive messages,
resulting in the faster detection of a failover condition. The timer setting must be configured identically
for the VLAN across all participating switches. If your configuration contains more than 2,500 ESRP
VLANs and 256,000 FDB entries, we recommend a timer setting greater than 3 seconds.
The neighbor timeout specifies the amount of time that ESRP waits before considering the neighbor
down. The timeout value must be at least 3 times, but not more than 30 times the timervalue. Entering a
value outside of that range generates an error message.

In a large ESRP configuration, the slave ESRP VLAN might inadvertently become the master ESRP
VLAN. This can occur when FDB entries are flushed during a master-slave transition. To avoid this we
recommend the general neighbor timeout guidelines listed in Table 15.

Table 15: General neighbor timeout

Number of Domains Number of VLANs Number of Active ports Suggested Neighbor Timeout
64 1000 6 or more >8
48 or more 1500 4 or more > 10
48 or more 2000 4 or more > 11

Example
The following command configures the ESRP timer to 3 seconds and the ESRP neighbor timeout to 12
seconds:
configure vlan esrp-1 esrp timer 3 esrp-nbr-timeout 12

ExtremeWare 7.3e Command Reference Guide 693

ESRP Commands

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

694 ExtremeWare 7.3e Command Reference Guide

 disable esrp vlan

disable esrp vlan

disable esrp vlan <vlan name>

Description
Disables ESRP on a VLAN.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

Default
Disabled.

Usage Guidelines
None.

Example
The following command disables ESRP on the VLAN accounting:
disable esrp vlan accounting

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 695

ESRP Commands

enable esrp vlan

enable esrp vlan <vlan name>

Description
Enables ESRP on a VLAN.

Syntax Description

vlan name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
EDP must be enabled on all ports participating in ESRP.

ESRP cannot be enabled on the VLAN default.

Example
The following command enables ESRP on the VLAN esrp-1:
enable esrp vlan esrp-1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

696 ExtremeWare 7.3e Command Reference Guide

 show elrp

show elrp
show elrp {<vlan name> | detail}

Description
Displays ELRP information.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

detail Specifies detail for each switch in the ESRP VLAN.

Default
N/A.

Usage Guidelines
If you enter the show elrp command without a keyword, the command displays the:
• Total number of clients registered with ELRP
• ELRP packets transmitted
• ELRP packets received

If you enter the detail keyword, more detailed status information for VLANs in the master and
pre-master states is displayed. If you enter a vlan name, the command displays ELRP information for
that specific VLAN.

The additional table output for the detail keyword or a specific VLAN name includes the following:

Client name Displays the name of the ELRP client.

VLAN Displays the name of the VLAN with ELRP enabled.
Interval Displays the configured interval. An interval of 3 indicates that ELRP PDUs are transmitted
every 3 seconds.
Count Lists the configured number of ELRP PDUs that are transmitted. The PDUs are transmitted at
the configured interval. This method of ELRP PDU transmission is used by ESRP in the
pre-master state. A count of 0 indicates continuous PDU transmission. If the Cyclic value is
Yes, the count is always 0.
Cyclic Indicates whether ELRP PDUs are being continuously sent. The column shows Yes for the
master VLAN because that VLAN is continuously sending ELRP PDUs for loop detection.
When a VLAN is in the pre-master state, it only sends three ELRP PDUs before changing to
master or slave. During this time the column shows No for that VLAN.
Pkts-Xmit Displays the number of ELRP PDUs transmitted.
Pkts-Rcvd Displays the number of ELRP PDUs received.

ExtremeWare 7.3e Command Reference Guide 697

ESRP Commands

Example
The following command displays summary ELRP status information on the switch:
show elrp

The following sample output is displayed:

Number of ELRP Clients = 1

Number of ELRP pkts transmitted = 69345
Number of ELRP pkts Received = 150

The following command displays detailed ELRP status information on the switch:
show elrp detail

The following sample output is displayed:

Number of ELRP Clients = 1

Number of ELRP pkts transmitted = 70305
Number of ELRP pkts Received = 150

Client VLAN Interval Count Cyclic Pkts-Xmit Pkts-Rcvd

-------------------------------------------------------------------------------
tEsrpTask uj-mas64 3 0 Yes 1095 0
tEsrpTask uj-mas63 3 0 Yes 1095 0
tEsrpTask uj-mas62 3 0 Yes 1095 0
tEsrpTask uj-mas61 3 0 Yes 1095 0
tEsrpTask uj-mas60 3 0 Yes 1095 0
tEsrpTask uj-mas59 3 0 Yes 1095 0
tEsrpTask uj-mas58 3 0 Yes 1095 0
tEsrpTask uj-mas57 3 0 Yes 1095 0
tEsrpTask uj-mas56 3 0 Yes 1095 0
tEsrpTask uj-mas55 3 0 Yes 1095 0
tEsrpTask uj-mas54 3 0 Yes 1095 0
tEsrpTask uj-mas53 3 0 Yes 1095 0
tEsrpTask uj-mas52 3 0 Yes 1095 0
tEsrpTask uj-mas51 3 0 Yes 1095 0
tEsrpTask uj-mas50 3 0 Yes 1095 0
tEsrpTask uj-mas49 3 0 Yes 1095 0

The following command displays the ELRP status information for VLAN uj-mas:

show elrp uj-mas

The following sample output is displayed:

Client VLAN Interval Count Cyclic Pkts-Xmit Pkts-Rcvd

-------------------------------------------------------------------------------
tEsrpTask uj-mas 3 0 Yes 1095 0

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

698 ExtremeWare 7.3e Command Reference Guide

 show esrp

show esrp
show esrp {detail}

Description
Displays ESRP configuration information.

Syntax Description

detail Specifies detail for each switch in the ESRP VLAN.

Default
Shows summary ESRP information.

Usage Guidelines
This command shows information about the state of an ESRP VLAN and its neighbors. This includes
information about tracked devices.

In addition to ESRP information, ELRP status information is also displayed. This includes information
about the master and pre-master states, number of transitions to the pre-master state, and the ports
where ELRP is disabled.

This command also displays ESRP hitless failover statistics.

The output varies depending upon the configuration and the state of the switch:

• Standby switch—Information about the impending failover and the timeout is displayed
• none—Information about not participating in hitless failover is displayed

Example
The following command displays summary ESRP status information for the VLANs on the switch:
show esrp
It produces output similar to the following:
VLAN Name VID Virtual IP/IPX State Master MAC Addres NbrPri/Gr/Prt/In/TR/TP/T
uj-mas1 0001 192.169.1.1 Master 00:E0:2B:80:E6:00 1
070/10/004/00/01/00/02

Nbr - Number of Neighbors, Pri - Priority In Use, Gr - Group

Prt - Number of ActivePorts, In - Internal Ports, TR - Tracked Rt/Ping/LSP
TP - Tracked Ports, T - Hello Time.
Host (Direct-attach) Ports on System:
No-count ports on the System:

The following command displays detailed ESRP status information for the VLANs on the switch:
show esrp detail
It produces output similar to the following:

ExtremeWare 7.3e Command Reference Guide 699

ESRP Commands

VLAN Interface(Layer 2): demo_esrp

Priority: 0 (Priority In Use: 0)
Active Ports: 2
Internal Ports: 0
Tracked Rt/Ping/LSP: 0
Tracked Ports: 0
Tracked Diag: -
Tracked Env: -
Tracked RIP: -
Tracked OSPF: -
Tracked BGP: -
Tracked LSP: None
ELRP in Premaster(Int, Cnt):Enabled(1, 3)
ELRP in Master(Int): Enabled(1)
Election Algorithm: ports-track-priority-mac
Group: 0
Hello Timer: 2
Esrp Nbr Timeout: 6
Premaster Timeout: 6
State: Enabled(Slave) on Mon Jun 2 10:09:48 2003
State Trans Counters: ToMaster:(1) ToPremaster:(1) ToSlave:(2)

Host (Direct-Attach) ports : None

No-count ports: None
Restart Ports: None
Tracked VLANs: None
Tracked Ip Routes: None
Tracked Pings/Freq/N_miss:
192.12.1.1/5/2*
Neighbours:
[1] Nbr Active Ports: 3
Nbr Internal Ports: 0
Nbr Tracked Rt/Ping/LSP: 0
Nbr Tracked Ports: 0
Nbr Priority: 0
Nbr MacID: 00:01:30:33:28:00
Nbr HelloTimer: 2
Nbr ESRP State: Master

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

700 ExtremeWare 7.3e Command Reference Guide

 show esrp-aware-ports

show esrp-aware-ports
show esrp-aware-ports {vlan <vlan name>}

Description
Displays the ESRP-aware VLAN(s), the ESRP group(s), and the ESRP-aware port(s) that receive ESRP
PDUs.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
To reduce the amount of traffic, you can select the ports that receive ESRP PDUs by configuring
selective forwarding on ESRP-aware VLANs. By configuring selective forwarding, you create a portlist
of the ESRP groups associated with an ESRP-aware VLAN, and that portlist is used for forwarding
ESRP PDUs on the relevant ports only. Use the show esrp-aware-ports command to view the ESRP
group portlist that forwards ESRP PDUs.

Example
The following command displays selective forwarding statistics:
show esrp-aware-ports

The show esrp-aware-ports command produces output similar to the following:

VLAN tt
--------
ESRP Group 0: 1:2 1:1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 701

ESRP Commands

show esrp-aware vlan

show esrp-aware vlan <vlan name>

Description
Displays ESRP-aware information for a specific VLAN.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

Default
Displays summary information for the VLAN.

Usage Guidelines
The display includes the group number, MAC address for the master of the group, and age of the
information.

Example
The following command displays ESRP-aware status information for ESRP-aware VLAN
demo-esrp-aware:
show esrp-aware vlan demo-esrp-aware

On an ESRP-aware switch, it produces output similar to the following:

Summit48i:24 # sh esrp-aware
VLAN Interface: [demo-esrp-aware1]. DisableLearnTimeout=0 secs, Total-Fdb-Flushes=6
Last EsrpAware Fdb-Flush on Mon Nov 18 05:22:26 2002
Esrp-Group:0 Esrp-Master-Mac=00:01:30:08:36:00, Age=1 secs

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

702 ExtremeWare 7.3e Command Reference Guide

 show esrp vlan

show esrp vlan

show esrp vlan <vlan name> {counters}

Description
Displays ESRP configuration information for a specific VLAN.

Syntax Description

vlan name Specifies an ESRP-enabled VLAN name.

counters Displays ESRP counters.

Default
Displays summary ESRP and ELRP information for the VLAN.

Usage Guidelines
None.

Example
The following command displays ESRP status information for ESRP-enabled VLAN demo-esrp:
show esrp vlan demo-esrp
It produces output similar to the following:
VLAN Interface(Layer 2): demo_esrp
Priority: 0 (Priority In Use: 0)
Active Ports: 2
Internal Ports: 0
Tracked Rt/Ping/LSP: 0
Tracked Ports: 0
Tracked Diag: -
Tracked Env: -
Tracked RIP: -
Tracked OSPF: -
Tracked BGP: -
Tracked LSP: None
ELRP in Premaster(Int, Cnt):Enabled(1, 3)
ELRP in Master(Int): Enabled(1)
Election Algorithm: ports-track-priority-mac
Group: 0
Hello Timer: 2
Esrp Nbr Timeout: 6
Premaster Timeout: 6
State: Enabled(Slave) on Mon Jun 2 10:09:48 2003
State Trans Counters: ToMaster:(1) ToPremaster:(1) ToSlave:(2)

Host (Direct-Attach) ports : None

No-count ports: None
Restart Ports: None

ExtremeWare 7.3e Command Reference Guide 703

ESRP Commands

Tracked VLANs: None

Tracked Ip Routes: None
Tracked Pings/Freq/N_miss:
192.12.1.1/5/2*
Neighbours:
[1] Nbr Active Ports: 3
Nbr Internal Ports: 0
Nbr Tracked Rt/Ping/LSP: 0
Nbr Tracked Ports: 0
Nbr Priority: 0
Nbr MacID: 00:01:30:33:28:00
Nbr HelloTimer: 2
Nbr ESRP State: Master

The following command displays the ESRP counters for ESRP-enabled VLAN demo-esrp:
show esrp vlan demo-esrp counters
It produces output similar to the following:
VLAN=demo_esrp Current-time: Mon Jun 2 08:40:15 2003
Rx-Esrp-Pkts=0 Tx-Esrp-Pkts=0
Rx-Aware-Esrp-Pkts=0, Rx-Elrp-Pkts=0

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

704 ExtremeWare 7.3e Command Reference Guide

15 STP Commands

This chapter describes:

• Commands related to creating, configuring, enabling, and disabling Spanning Tree Protocol (STP) on
the switch
• Commands related to enabling and disabling Rapid Spanning Tree Protocol (RSTP) on the switch
• Commands related to displaying and resetting STP settings on the switch

The Spanning Tree Protocol (STP) is a bridge-based mechanism for providing fault tolerance on
networks. STP is a part of the 802.1d bridge specification defined by the IEEE Computer Society. To
explain STP in terms used by the 802.1d specification, the switch will be referred to as a bridge.

STP allows you to implement parallel paths for network traffic, and ensure that:
• Redundant paths are disabled when the main paths are operational.
• A redundant path is enabled if the main path fails.

The Rapid Spanning Tree Protocol (RSTP; 802.1w) provides an enhanced spanning tree algorithm that
improves the convergence speed of bridged networks. RSTP takes advantage of point-to-point links in
the network and actively confirms that a port can safely transition to the forwarding state without
relying on any timer configurations. If a network topology change or failure occurs, RSTP rapidly
recovers network connectivity by confirming the change locally before propagating that change to other
devices across the network. For broadcast links, there is no difference in convergence time between STP
and RSTP.

RSTP supersedes legacy STP protocols, supports the existing STP parameters and configurations, and
allows for seamless interoperability with legacy STP.

Spanning Tree Domains

The switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independent
Spanning Tree instance. Each Spanning Tree instance is called a Spanning Tree Domain (STPD). Each
STPD has its own root bridge and active path. After an STPD is created, one or more VLANs can be
assigned to it.

A port can belong to multiple STPDs. In addition, a VLAN can span multiple STPDs.

The key points to remember when configuring VLANs and STP are:

• Each VLAN forms an independent broadcast domain.

ExtremeWare 7.3e Command Reference Guide 705

STP Commands

• STP blocks paths to create a loop-free environment.

• When STP blocks a path, no data can be transmitted or received on the blocked port.
• Within any given STPD, all VLANs belonging to it use the same spanning tree.

If you delete a STPD, the VLANs that were members of that STPD are also deleted. You must remove
all VLANs associated with the STP before deleting the STPD.

STPD Modes
An STPD has two modes of operation:
• 802.1d mode
Use this mode for backward compatibility with previous STP versions and for compatibility with
third-party switches using IEEE standard 802.1d. When configured in this mode, all rapid
configuration mechanisms are disabled.
• 802.1w mode
Use this mode for compatibility with Rapid Spanning Tree (RSTP). When configured in this mode,
all rapid configuration mechanisms are enabled. This mode is available for point-to-point links only.
RSTP is enabled or disabled on a per STPD basis only. You do not enable RSTP on a per port basis.

By default, the:

• STPD operates in 802.1d mode

• Default device configuration contains a single STPD called s0
• Default VLAN is a member of STPD s0

All STP parameters default to the IEEE 802.1d values, as appropriate.

Port Modes
An STP port has three modes of operation:

• 802.1d mode
This mode is used for backward compatibility with previous STP versions and for compatibility with
third-party switches using IEEE standard 802.1d. BPDUs are sent untagged in 1D mode. Because of
this, on any given physical interface there can be only one STPD running in 1D mode.
• Limited Support for Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode
Normally EMISTP mode is an extension of STP that allows a physical port to belong to multiple
STPDs by assigning the port to multiple VLANs. BPDUs are sent with an 802.1Q tag having an
STPD instance Identifier (StpdID) in the VLANid field.
With this implementation on the “e” series of switches, EMISTP is limited to supporting a single
EMISTP domain per physical port, called Compatibility Mode. Compatibility mode is supported to
allow other switches using the full EMISTP mode to interoperate with the “e” series.
• Limited Support for PVST+ mode
This mode implements PVST+ in compatibility with third-party switches running this version of STP.
The STPDs running in this mode have a one-to-one relationship with VLANs, and send and process
packets in PVST+ format.

706 ExtremeWare 7.3e Command Reference Guide

 With this implementation on the Summit “e” series, PVST+ is also limited to supporting a single
PVST+ domain per physical port, called Compatibility Mode. Compatibility mode is supported to
allow other switches using the full PVST+ mode to interoperate with the switch.

These port modes are for STP ports, not for physical ports. When a physical port belongs to multiple
STPDs, it is associated with multiple STP ports It is possible for the physical port to run in different
modes for different domains to which it belongs.

ExtremeWare 7.3e Command Reference Guide 707

STP Commands

configure stpd add vlan

configure stpd <spanning tree name> add vlan <vlan name> {ports <portlist>
[dot1d | emistp |pvst-plus]}

Description
Adds one or more VLANs, or a list of ports within a VLAN, to a specified STPD.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

vlan name Specifies a VLAN name.
ports Specifies the port or ports to be included in the STPD.
dot1d Specifies the STP port mode of operation to be 802.1d.
emistp Specifies the STP port mode of operation to be limited EMISTP.
pvst-plus Specifies the STP port mode of operation to be limited PVST+.

Default
All ports are emistp mode, except those in STPD s0, whose default setting is dot1d mode.

Usage Guidelines
This command adds a list of ports within a VLAN to a specified STPD. If no ports are specified, the
entire VLAN is added.
Care must be taken to ensure that ports in overlapping domains do not interfere with the orderly
working of each domain’s protocol.

You must create a VLAN to add a VLAN to the STPD. To create a VLAN, use the create vlan <vlan
name> command.

You can create STP domains using the create stpd <name> command.

The keywords dot1d, emistp, and pvst-plus specify STP port modes:
• dot1d—In this mode, BPDUs are sent untagged in 802.1d mode. Because of this, on any given
physical interface there can be only one STPD running in 802.1d mode. This mode supports the
industry standard implementation, and can be used with non-Extreme devices. It can also be used
for backward compatibility with previous STP versions.
• emistp—This mode sends BPDUs with an 802.1Q tag having an STPD instance Identifier (StpdID) in
the VLANid field. This is an Extreme proprietary mode, and cannot be used with non-Extreme
devices. EMISTP is limited to supporting a single EMISTP domain per physical port., called
Compatibility Mode. Compatibility mode is supported to allow other switches using the full PVST+
mode to interoperate with “e” switches.
• pvst-plus—.This mode implements PVST+ in compatibility with third-party switches running this
version of STP. The STPDs running in this mode have a one-to-one relationship with VLANs, and
send and process packets in PVST+ format. Like EMISTP compatibility mode, PVST+ also is also
limited to supporting a single PVST+ domain per physical port. PVST+ compatibilty mode is
supported to allow other switches using the full PVST+ mode to interoperate with “e” switches.

708 ExtremeWare 7.3e Command Reference Guide

 configure stpd add vlan

An StpdID is used to identify each STP domain. You assign the StpdID when configuring the domain.
An StpdID must be identical to the VLANid of one of the member VLANs in that STP domain, and that
VLAN cannot belong to another STPD.

These port modes are for STP ports, not for physical ports. If it is in EMISTP or PVST+ compatibility
mode it is limited to a single physical port.

When the switch boots, it automatically creates a VLAN named default with a tag value of 1, and STPD
s0 with an StpdID of zero or none. The switch associates VLAN default to STPD s0. By default, all ports
that belong to this VLAN and STPD are in 802.1d mode.

Example
Create a VLAN named marketing and an STPD named STPD1 as follows:
create vlan marketing
create stpd stpd1

The following command adds the VLAN named marketing to the STPD STPD1:
configure stpd stpd1 add vlan marketing

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support STP port mode configurations. The
default port mode also changed from dot1d to emistp in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 709

STP Commands

configure stpd delete vlan

configure stpd <spanning tree name> delete vlan <vlan name> {ports
<portlist>}

Description
Deletes a VLAN from and STPD or one or more ports in the specified VLAN from an STPD.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

vlan name Specifies a VLAN name.
ports Specifies the port or ports to be removed from the STPD.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes a VLAN named Marketing from the STPD STPD1:
configure stpd stpd1 delete vlan marketing

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

The default mode was changed from dot1d to emistp in ExtremeWare 7.3e.

Platform Availability
This command is available on the “e” series platforms.

710 ExtremeWare 7.3e Command Reference Guide

 configure stpd forwarddelay

configure stpd forwarddelay

configure stpd <spanning tree name> forwarddelay <seconds>

Description
Specifies the time (in seconds) that the ports in this STPD spend in the listening and learning states
when the switch is the Root Bridge.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

seconds Specifies the forward delay time in seconds.

Default
15 seconds.

Usage Guidelines
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.

The range for the <seconds> parameter is 4 through 30 seconds.

Example
The following command sets the forward delay from STPD1 to 20 seconds:
configure stpd stpd1 forwarddelay 20

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 711

STP Commands

configure stpd hellotime

configure stpd <spanning tree name> hellotime <seconds>

Description
Specifies the time delay (in seconds) between the transmission of Bridge Protocol Data Units (BPDUs)
from this STPD when it is the Root Bridge.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

seconds Specifies the hello time in seconds.

Default
2 seconds.

Usage Guidelines
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.

The range for the <seconds> parameter is 1 through 10 seconds.

Example
The following command sets the time delay from STPD1 to 10 seconds:
configure stpd stpd1 hellotime 10

History
This command was first available in ExtremeWare 6.2a ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

712 ExtremeWare 7.3e Command Reference Guide

 configure stpd maxage

configure stpd maxage

configure stpd <spanning tree name> maxage <seconds>

Description
Specifies the maximum age of a BPDU in the specified STPD.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

seconds Specifies the maxage time in seconds.

Default
20 seconds.

Usage Guidelines
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.

The range for the <seconds> parameter is 6 through 40 seconds.

Note that the time must be greater than, or equal to 2 * (Hello Time + 1) and less than, or equal to 2 *
(Forward Delay –1).

Example
The following command sets the maximum age of STPD1 to 30 seconds:
configure stpd stpd1 maxage 30

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 713

STP Commands

configure stpd mode

configure stpd <spanning tree name> mode [dot1d | dot1w]

Description
Configures the operational mode for the specified STP domain.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

dot1d Specifies the STPD mode of operation to be 802.1d.
dot1w Specifies the STPD mode of operation to be 802.1w, and rapid configuration
is enabled.

Default
Operates in 802.1d mode.

Usage Guidelines
If you configure the STP domain in 802.1d mode, the rapid reconfiguration mechanism is disabled.

If you configure the STP domain in 802.1w mode, the rapid reconfiguration mechanism is enabled.

Example
The following command configures STPD s1 to enable the rapid reconfiguration mechanism and operate
in 802.1w mode:
configure stpd s1 mode dot1w

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

714 ExtremeWare 7.3e Command Reference Guide

 configure stpd ports cost

configure stpd ports cost

configure stpd <spanning tree name> ports cost <cost> <portlist>

Description
Specifies the path cost of the port in the specified STPD.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

cost Specifies a numerical port cost value. The range is 1 through 65,535.
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
The switch automatically assigns a default path cost based on the speed of the port, as follows:
• For a 10Mbps port, the default cost is 100.
• For a 100Mbps port, the default cost is 19.
• For a 1000Mbps port, the default cost is 4.

Usage Guidelines
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.
The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

The range for the cost parameter is 1 through 65,535. The switch automatically assigns a default path
cost based on the speed of the port.

Example
The following command configures a cost of 100 to ports 1 through 5 in STPD s0:
configure stpd s0 ports cost 100 1-5

History
This command was first available in ExtremeWare 6.2a and 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 715

STP Commands

configure stpd ports link-type

configure stpd <spanning tree name> ports link-type [auto | edge |
broadcast | point-to-point] <portlist>

Description
Configures the ports in the specified STPD as auto, edge, broadcast or point-to-point link types.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

auto Specifies the switch to automatically determine the port link type. An auto link
behaves like a point-to-point link if the link is in full duplex mode or if link
aggregation is enabled on the port. Used for 802.1w configurations.
edge Specifies a port that does not have a bridge attached. An edge port is placed
and held in the STP forwarding state unless a BPDU is received by the port.
broadcast Specifies a port attached to a LAN segment with more than two bridges. Used
for 802.1d configurations. A port with broadcast link type cannot participate in
rapid reconfiguration. By default, all ports are broadcast links.
point-to-point Specifies a port attached to a LAN segment with only two bridges. A port with
point-to-point link type can participate in rapid reconfiguration. Used for
802.1w configurations.
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
All ports are broadcast link types.

Usage Guidelines
The default, broadcast links, supports legacy STP (802.1d) configurations.

If you configure a port to be an edge port, the port immediately enters the forwarding state. Edge ports
remain in the forwarding state unless the port receives a BPDU.

RSTP does not send any BPDUs from an edge port, nor does it generate topology change events when
an edge port changes its state.

RSTP rapidly moves the designated ports of a point-to-point link type into the forwarding state. This
behavior is supported by RSTP only.

An auto link behaves like a point-to-point link if the link is in full duplex mode or if link aggregation is
enabled on the port; otherwise, an auto link behaves like a broadcast link. If a non-STP switch exists
between several switches operating in 802.1w mode with auto links, the non-STP switch may negotiate
full duplex even though the broadcast domain extends over several STP devices. In this situation, an
802.1w port may advance to the “forwarding” state more quickly than desired.

If the switch operates in 802.1d mode, any configured port link type will behave the same as the
broadcast link type.

716 ExtremeWare 7.3e Command Reference Guide

 configure stpd ports link-type

Example
The following command configures ports 1 through 4 to be point-to-point links in STPD s1:
configure stpd s1 ports link-type point-to-point 1-4

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 717

STP Commands

configure stpd ports mode

configure stpd <spanning tree name> ports mode [dot1d | emistp | pvst-plus]
<portlist>

Description
Configures the STP mode of operation for the specified port list.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

dot1d Specifies IEEE 802.1d-compliant packet formatting. A physical port can only
be a member of one STPD running it dot1d mode.
emistp Specifies 802.1d formatting and 802.1q tagging.
pvst-plus Specifies PVST+ packet formatting.
portlist Specifies one or more numbers. May be in the form 1, 2, 3-5.

Default
Ports in the default STPD (s0) are dot1d mode. Ports in user-created STPDs are in emistp mode.

Usage Guidelines
None.

Example
The following command configures STPD s1 with dot1d packet formatting for port 1:
configure stpd s1 ports mode dot1d 1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

718 ExtremeWare 7.3e Command Reference Guide

 configure stpd ports priority

configure stpd ports priority

configure stpd <spanning tree name> ports priority <priority> <portlist>

Description
Specifies the port priority of the port in the specified STPD.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

priority Specifies a numerical port priority value.
portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
The default setting is 16.

Usage Guidelines
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.

By changing the priority of the port, you can make it more or less likely to become the root port or a
designated port.

A setting of 0 indicates the highest priority.

The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

The range for the priority parameter is 0 through 31.

Example
The following command assigns a priority of 1 to ports 1 through 5 in STPD s0:
configure stpd s0 ports priority 1 1-5

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 719

STP Commands

configure stpd priority

configure stpd <spanning tree name> priority <priority>

Description
Specifies the bridge priority of the STPD.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

priority Specifies the bridge priority of the STPD.

Default
32,768.

Usage Guidelines
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.

By changing the priority of the STPD, you can make it more or less likely to become the root bridge.

The range for the priority parameter is 0 through 65,535. A setting of 0 indicates the highest priority.

Example
The following command sets the bridge priority of STPD1 to 16,384:
configure stpd stpd1 priority 16384

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

720 ExtremeWare 7.3e Command Reference Guide

 configure stpd tag

configure stpd tag

configure stpd <spanning tree name> tag <vlan tag>

Description
Assigns an StpdID to an STPD.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

vlan tag Specifies the VLANid of a VLAN that is owned by the STPD.

Default
N/A.

Usage Guidelines
You should not configure any STP parameters unless you have considerable knowledge and experience
with STP. The default STP parameters are adequate for most networks.

An StpdID is used to identify each STP domain. You assign the StpdID when configuring the domain.
An StpdID must be identical to the VLANid of one of the member VLANs in that STP domain, and that
VLAN cannot belong to another STPD. Unless all ports are running in 802.1d mode, an STPD must be
configured with an StpdID.

You must create and configure the VLAN, along with the tag, before you can configure the STPD tag. To
create a VLAN, use the create vlan command. To configure the VLAN, use the configure vlan
command.

In addition to the VLAN attributes that you will use in the STPD, you must first create an STPD. To
create an STPD, use the create stpd command.

Example
The following command assigns an StpdID to the purple_st STPD:
configure stpd purple_st tag 200

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 721

STP Commands

configure vlan add ports stpd

configure vlan <vlan name> add ports [all | <portlist>] stpd <spanning tree
name> {[dot1d | emistp | pvst-plus]}

Description
Adds a list of ports within a VLAN to a specified STPD.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all of the ports to be included in the STPD.
portlist Specifies the port or ports to be included in the STPD.
spanning tree name Specifies an STPD name on the switch.
dot1d Specifies the STP port mode of operation to be 802.1d.
emistp Specifies the STP port mode of operation to be limited EMISTP.
pvst-plus Specifies the STP port mode of operation to be limited PVST+.

Default
All ports are in emistp mode, except those in STPD s0, whose default setting is dot1d mode.

Usage Guidelines
This command performs the same function as the configure stpd add vlan command with the ports
option included.

This command adds a list of ports within a VLAN to a specified STPD, and specifies the mode for those
ports.

• dot1d—In this mode, BPDUs are sent untagged in 802.1d mode. Because of this, on any given
physical interface there can be only one STPD running in 802.1d mode. This mode supports the
industry standard implementation, and can be used with non-Extreme devices. It can also be used
for backward compatibility with previous STP versions.
• emistp—This mode sends BPDUs with an 802.1Q tag having an STPD instance Identifier (StpdID) in
the VLANid field. This is an Extreme proprietary mode, and cannot be used with non-Extreme
devices. EMISTP is limited to supporting a single EMISTP domain per physical port., called
Compatibility Mode. Compatibilty mode is supported to allow other switches using the full PVST+
mode to interoperate with “e” switches.
• pvst-plus—This mode implements PVST+ in compatibility with third-party switches running this
version of STP. The STPDs running in this mode have a one-to-one relationship with VLANs, and
send and process packets in PVST+ format. Like EMISTP compatibility mode, PVST+ also is also
limited to supporting a single PVST+ domain per physical port. PVST+ compatibilty mode is
supported to allow other switches using the full PVST+ mode to interoperate with “e” switches..

These port modes are for STP ports, not for physical ports. When a physical ports belongs to multiple
STPDs, it is associated with multiple STP ports if it is in Dot1d mode. If it is in EMISTP or PVST+
compatiblity mode, it is limited to a single physical port. It is possible for the physical port to run in
different modes for different domains for which it belongs.

722 ExtremeWare 7.3e Command Reference Guide

 configure vlan add ports stpd

Example
The following command adds ports 2 and 3, members of a VLAN named Marketing, to the STPD named
STPD1, and specifies that they be in EMISTP mode:
configure vlan marketing add ports 2-3 stpd stpd1 emistp

History
This command was first available in ExtremeWare 7.2e

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 723

STP Commands

create stpd
create stpd <name>

Description
Creates a user-defined STPD.

Syntax Description

name Specifies a user-defined STPD name.

Default
The default device configuration contains a single STPD called s0.
When an STPD is created, the STPD has the following default parameters:
• State—disabled
• StpdID—none
• Assigned VLANs—none
• Bridge priority—32,768
• Max age—20 seconds
• Hello time—2 seconds
• Forward delay—15 seconds
• Operational mode—802.1d
• Rapid Root Failover—disabled state
• Port mode—Ports in the default STPD (s0) are 802.1d mode. Ports in user-created STPDs are in
emistp mode.

Usage Guidelines
Each STPD name must be unique, and cannot duplicate any other named elements on the switch (such
as VLANs, QoS profiles, Access profiles, or route maps). If you are uncertain about the VLAN profile
names on the switch, use the show vlan command to view the VLAN profiles. If you are uncertain
about QoS profile names on the switch, use the show qos <qos profile> command to view the QoS
profiles.

Each STPD has its own Root Bridge and active path. After the STPD is created, one or more VLANs can
be assigned to it.

Example
The following example creates an STPD named purple_st:
create stpd purple_st

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

724 ExtremeWare 7.3e Command Reference Guide

 create stpd

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 725

STP Commands

delete stpd
delete stpd <spanning tree name>

Description
Removes a user-defined STPD from the switch.

Syntax Description

spanning tree name Specifies a user-defined STPD name on the switch.

Default
N/A.

Usage Guidelines
If you remove an STPD, the VLANs that were members of that STPD are also deleted. An STPD should
only be removed if all VLANs have been deleted from it.

The default STPD, s0, cannot be deleted.

Example
The following command deletes an STPD named purple_st:
delete stpd purple_st

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

726 ExtremeWare 7.3e Command Reference Guide

 disable ignore-stp vlan

disable ignore-stp vlan

disable ignore-stp vlan <vlan name>

Description
Allows a VLAN to use STP port information.

Syntax Description

vlan name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
The vlan keyword is optional. To configure the switch to ignore the STP protocol and not block traffic
for the VLAN(s), see the following command: enable ignore-stp vlan <vlan name>.

Example
The following command disables the ignore-stp option on the VLAN accounting:
disable ignore-stp accounting

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 727

STP Commands

disable stpd
disable stpd {<spanning tree name>}

Description
Disables the STP protocol on a particular STPD or for all STPDs.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

Default
Disabled.

Usage Guidelines
All VLANs belong to an STPD. If you do not want to run STP on a VLAN, you must add the VLAN to
an STPD that is disabled.

The spanning tree name keyword is optional. You do not need to indicate an STPD name if you
disable the STP protocol for all STPDs.

To enable or re-enable the STP protocol on a particular STPD or on all STPDs, use the enable stpd
{<spanning tree name>} command.

Example
The following command disables an STPD named purple_st:
disable stpd purple_st

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

728 ExtremeWare 7.3e Command Reference Guide

 disable stpd ports

disable stpd ports

disable stpd <spanning tree name> {ports <portlist>|vlan <vlan name>}

Description
Disables STP on one or more ports for a given STPD.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
Disabling STP on one or more ports puts those ports in forwarding state; all Bridge Protocol Data Units
(BPDUs) received on those ports will be disregarded and dropped.

The portlist keyword is optional. You do not need to indicate a list of ports if you want to disable STP
on all ports in the STPD.

The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

You must create one or more STP domains, configure, and enable an STPD before you can use the
disable stpd ports command.

To enable STP on one or more ports for a given STPD, use the enable stpd <spanning tree name>
{ports <portlist>|vlan <vlan name> command.

Example
The following command disables port 4 on an STPD named Backbone_st:
disable stpd backbone_st ports 4

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 729

STP Commands

disable stpd rapid-root-failover

disable stpd <spanning tree name> rapid-root-failover

Description
Disables rapid root failover for STP recovery times.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

Default
Disabled.

Usage Guidelines
To view the status of rapid root failover on the switch, use the show stpd command. The show stpd
command displays information about the STPD configuration on the switch including the
enable/disable state for rapid root failover. To enable or re-enable rapid root failover for STP recovery
times, use the enable stpd <spanning tree name> rapid-root-failover command.

Example
The following command disables rapid root fail over on STPD Backbone_st:
disable stpd backbone_st rapid-root-failover

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

730 ExtremeWare 7.3e Command Reference Guide

 enable ignore-stp vlan

enable ignore-stp vlan

enable ignore-stp vlan <vlan name>

Description
Configures the switch to ignore the STP protocol and not block traffic for the VLAN(s).

Syntax Description

vlan name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
This command is useful when multiple VLANs share the same physical ports, but only some of the
VLANs require STP protection. To allow a VLAN to use STP port information, use the disable
ignore-stp vlan <vlan name> command.

Example
The following command enables the ignore-stp option on the VLAN accounting:
enable ignore-stp accounting

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 731

STP Commands

enable stpd
enable stpd {<spanning tree name>}

Description
Enables the STP protocol for one or all STPDs.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

Default
Disabled.

Usage Guidelines
You must create one or more STP domains and configure an STPD before you can use the enable stpd
command. Use the create stpd <name> command to create an STPD.

The spanning tree name keyword is optional. You do not need to indicate an STPD name if you
enable the STP protocol for all STPDs

To disable the STP protocol on a particular STPD or on all STPDs, use the disable stpd {<spanning
tree name>} command.

The default port mode is emistp, which requires an StpdID. When using 802.1d, configure the mode of
all the ports to dot1d before enabling the domain.

Example
The following command enables an STPD named Backbone_st:
enable stpd backbone_st

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

732 ExtremeWare 7.3e Command Reference Guide

 enable stpd ports

enable stpd ports

enable stpd <spanning tree name> {ports <portlist>|vlan <vlan name>

Description
Enables the STP protocol on one or more ports.

Syntax Description

spanning tree name Specifies an STPD on the switch.

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5 or vlan
<vlan name>

Default
Enabled.

Usage Guidelines
If STPD is enabled for a port, Bridge Protocol Data Units (BPDUs) will be generated on that port if STP
is enabled for the associated STPD.

You must create and configure one or more STP domains before you can use the enable stpd ports
command. Use the create stpd <name> command to create an STP domain. If you have considerable
knowledge and experience with STP, you can configure the STPD using the configure stpd
commands. However, the default STP parameters are adequate for most networks.

To disable STP on one or more ports for a given STPD, use the disable stpd <spanning tree name>
{ports <portlist>|vlan <vlan name>} command.

The <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

Example
The following command enables port 4 on an STPD named Backbone_st:
enable stpd backbone_st ports 4

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 733

STP Commands

enable stpd rapid-root-failover

enable stpd <spanning tree name> rapid-root-failover

Description
Enables rapid root failover for faster STP recovery times.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

Default
Disabled.

Usage Guidelines
To view the status of rapid root failover on the switch, use the show stpd command. The show stpd
command displays information about the STPD configuration on the switch including the
enable/disable state for rapid root failover. To disable rapid root failover, use the disable stpd
<spanning tree name> rapid-root-failover command.

Example
The following command enables rapid root fail over on STPD Backbone_st:
enable stpd backbone_st rapid-root-failover

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

734 ExtremeWare 7.3e Command Reference Guide

 show stpd

show stpd
show stpd {<domain>}

Description
Displays STPD settings on the switch.

Syntax Description

domain Specifies an STPD on the switch.

Default
N/A.

Usage Guidelines
The command displays the following STPD information:
• STPD name
• STPD state
• STPD mode of operation
• Rapid Root Failover
• Tag
• Ports
• Active VLANs
• Bridge Priority
• Bridge ID
• Designated root
• STPD configuration information

You can create, configure, and enable one or more STP domains and use the show stpd command to
display STP configurations. Use the create stpd <name> command to create an STP domain. Use the
enable stpd {<spanning tree name>} command to enable an STPD. If you have considerable
knowledge and experience with STP, you can configure the STPD using the configure stpd
commands. However, the default STP parameters are adequate for most networks.

Example
The following command displays STPD settings on an STPD named Backbone_st:
show stpd backbone_st

The results for this command are as follows:

* Summit200:47 # show stpd Backbone_st

Stpd: Backbone_st Stp: ENABLED Number of Ports: 14
Rapid Root Failover: Disabled
Operational Mode: 802.1W

ExtremeWare 7.3e Command Reference Guide 735

STP Commands

802.1Q Tag: (none)

Ports:2:5,2:6,3:1,3:2,3:3,3:4,3:5,3:6,3:7,3:8,4:1,4:2
4:3,4:4
Active Vlans: Default
Bridge Priority: 32768
BridgeID: 80:00:00:01:30:23:c1:00
Designated root: 80:00:00:01:30:23:c1:00
RootPathCost: 0 Root Port: ----
MaxAge: 20s HelloTime: 2s ForwardDelay: 15s
CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s
Topology Change Time: 35s Hold time: 1s
Topology Change Detected: FALSE Topology Change: FALSE
Number of Topology Changes: 1
Time Since Last Topology Change: 134s

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

736 ExtremeWare 7.3e Command Reference Guide

 show stpd ports

show stpd ports

show stpd <spanning tree name> ports <portlist| {vlan} <vlan name>>

Description
Displays the STP state of a port.

Syntax Description

spanning tree name Specifies an STPD name.

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5 or vlan
<vlan name>

Default
N/A.

Usage Guidelines
This command displays the following:
• STPD port configuration
• STPD port mode of operation
• STPD path cost
• STPD priority
• STPD state (root bridge, and so on)
• Port role (root bridge, edge port, etc.)
• STPD port state (forwarding, blocking, and so on)
• Configured port link type
• Operational port link type

The, <portlist> can be one or more port numbers. For a detailed explanation of port specification, see
“Switch Numerical Ranges” in Chapter 1.

When an STPD is disabled on a port, the STPD port state is displayed as forwarding.

Example
The following command displays the state of port 4 on an STPD named Backbone_st:
show stpd Backbone_st ports 4

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Support for the detail keyword was introduced in ExtremeWare 7.2e.

ExtremeWare 7.3e Command Reference Guide 737

STP Commands

Platform Availability
This command is available on the “e” series platforms.

738 ExtremeWare 7.3e Command Reference Guide

 show vlan stpd

show vlan stpd

show vlan <vlan name> stpd

Description
Displays the STP configuration of the ports assigned to a specific VLAN. It is an alternate syntax to the
show stpd <spanning tree name> ports vlan <vlan name> command.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
If you have a VLAN that spans multiple STPDs, use this command to display the STP configuration of
the ports assigned to that specific VLAN.

This command displays the following:

• STPD port configuration

• STPD port mode of operation
• STPD path cost
• STPD priority
• STPD state (root bridge, and so on)
• Port role (root bridge, edge port, etc.)
• STPD port state (forwarding, blocking, and so on)
• Configured port link type
• Operational port link type

Example
The following command displays the spanning tree configurations for the vlan Default:
show vlan default stpd

The results for this command are as follows:

* Summit1iTx:30 # show vlan "Default" stpd

s0(enabled) Tag: (none) Ports: 8 Root/P/C: 80:00:00:01:30:1d:48:30/2/4

Port Mode State Cost Flags Priority Port ID Designated Bridge

1 802.1D FORWARDING 19 e-Dbb-d- 16 16385 80:00:00:01:30:b6:99:10
2 802.1D FORWARDING 4 e-Rbb-w- 16 16386 80:00:00:01:30:1d:48:30
3 802.1D DISABLED 4 e------- 16 16387 00:00:00:00:00:00:00:00
4 802.1D DISABLED 4 e------- 16 16388 00:00:00:00:00:00:00:00

ExtremeWare 7.3e Command Reference Guide 739

STP Commands

5 802.1D FORWARDING 19 e-Dbb-w- 16 16389 80:00:00:01:30:b6:99:10

6 802.1D DISABLED 4 e------- 16 16390 00:00:00:00:00:00:00:00
7 802.1D DISABLED 4 e------- 16 16391 00:00:00:00:00:00:00:00
8 802.1D DISABLED 4 e------- 16 16392 00:00:00:00:00:00:00:00

------------------------- Flags: ----------------------------

1: e=Enable, d=Disable
2: L = Loopback port
3: (Port role) R=Root, D=Designated, A=Alternate, B=Backup
4: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto
5: (Oper. type) b=broadcast, p=point-to-point, e=edge
6: p=proposing, a=agree
7: (partner mode) d = 802.1d, w = 802.1w
8: i = edgeport inconsistency

The following command displays the detailed spanning tree configurations for s0:
show stpd s0 ports detail

The results for this command are as follows:

* Summit400-48t:4 # show stpd s0 ports detail

Stpd: s0 Port: 13 PortId: 400d Stp: ENABLED Path Cost: 4
Port Mode: 802.1D
Port State: FORWARDING Topology Change Ack: FALSE
Port Priority: 16 Loopback Port: FALSE
Designated Root: 00:00:00:00:00:00:00:00 Designated Cost: 0
Designated Bridge: 00:00:00:00:00:00:00:00 Designated Port Id: 0

Partner STP version: Dot1d

Stpd: s0 Port: 14 PortId: 400e Stp: ENABLED Path Cost: 4
Port Mode: 802.1D
Port State: FORWARDING Topology Change Ack: FALSE
Port Priority: 16 Loopback Port: FALSE
Designated Root: 00:00:00:00:00:00:00:00 Designated Cost: 0
Designated Bridge: 00:00:00:00:00:00:00:00 Designated Port Id: 0

Partner STP version: Dot1d

* Summit400-48t:5 #

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

740 ExtremeWare 7.3e Command Reference Guide

 unconfigure stpd

unconfigure stpd
unconfigure stpd {<spanning tree name>}

Description
Restores default STP values to a particular STPD or all STPDs.

Syntax Description

spanning tree name Specifies an STPD name on the switch.

Default
N/A.

Usage Guidelines
Use this command to restore default STP values to a particular STPD. If you want to restore default STP
values on all STPDs, do not specify a spanning tree name.

Example
The following command restores default values to an STPD named Backbone_st:
unconfigure stpd backbone_st

History
This command was first available in ExtremeWare 6.2a and ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 741

STP Commands

742 ExtremeWare 7.3e Command Reference Guide

16 VRRP Commands

This chapter describes the following commands:

• Commands for enabling and disabling Virtual Router Redundancy Protocol (VRRP)
• Commands for performing basic VRRP configuration

NOTE
Commands for enabling and disabling port restart and enabling and disabling failure tracking for VRRP
are described in Chapter 14, “ESRP Commands”.

Like ESRP, VRRP is a protocol that allows multiple switches to provide redundant routing services to
users. A virtual router is a group of one or more physical devices that acts as the default gateway for
hosts on the network. The virtual router is identified by a virtual router identifier (VRID) and an IP
address. All of the VRRP routers that participate in the virtual router are assigned the same VRID.

Extreme Networks’ VRRP implementation is compliant with RFC 2338, Virtual Router Redundancy
Protocol.

The following points pertain to VRRP:

• VRRP packets are encapsulated IP packets.
• The VRRP multicast address is 224.0.0.18.
• The virtual router MAC address is 00 00 5E 00 01 <vrid>
• An interconnect link between VRRP routers should not be used, except when VRRP routers have
hosts directly attached.
• A maximum of 64 VRID instances are supported on the router.
• Up to 4 unique VRIDs can be configured on an interface. VRIDs can be re-used, but not on the same
interface.
• VRRP and Spanning Tree can be simultaneously enabled on the same switch.
• VRRP and ESRP cannot be simultaneously enabled on the same switch.

VRRP uses an election algorithm to dynamically assign responsibility for the master router to one of the
VRRP routers on the network. A VRRP router is elected master if one of the following is true:
• The router is the IP address owner (router that has the IP address of the virtual router configured as
its real interface address).
• The router is configured with the highest priority (the range is 1 - 255).

ExtremeWare 7.3e Command Reference Guide 743

VRRP Commands

If the master router becomes unavailable, the election process provides dynamic failover and the backup
router that has the highest priority assumes the role of master.

A new master is elected when one of the following things happen:

• VRRP is disabled on the master router.
• Communication is lost between master and backup router(s). The master router sends periodic
advertisements to the backup routers to indicate that it is alive.

VRRP also supports the following tracking options:

• VRRP VLAN tracking
• VRRP route table tracking
• VRRP ping tracking

If a tracking option is enabled, and the object being tracked becomes unreachable, the master device will
fail over. These tracking features are documented in the chapter on ESRP.

VRRP also supports port restart. Like the tracking features, the commands to enable and disable this
feature are described in the chapter on ESRP.

744 ExtremeWare 7.3e Command Reference Guide

 configure vrrp add vlan

configure vrrp add vlan

configure vrrp add vlan <vlan name>

Description
Enables VRRP on a particular VLAN.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
None.

Example
The following enables VRRP on VLAN vrrp-1:
configure vrrp add vlan vrrp-1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 745

VRRP Commands

configure vrrp delete

configure vrrp delete [vlan <vlan name> | all]

Description
Disables VRRP on one or all VLANs.

Syntax Description

vlan name Specifies the name of a VLAN on which to disable VRRP.

all Specifies that VRRP should be disabled on all VLANs on this device.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables VRRP on VLAN vrrp-1:
configure vrrp delete vlan vrrp-1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

746 ExtremeWare 7.3e Command Reference Guide

 configure vrrp vlan add

configure vrrp vlan add

configure vrrp vlan <vlan name> add [master | backup] vrid <number> <ip
address>

Description
Configures the VRID instance on the VRRP VLAN as master or backup.

Syntax Description

vlan name Specifies the name of a VRRP VLAN.

master Specifies that this device is the master router for the virtual router.
backup Specifies that this device is a backup router for this VLAN.
number Specifies a Virtual Router ID (VRID). Value can be in the range of 1-255.
ip address Specifies the IP address of the virtual router in which this device participates.

Default
N/A.

Usage Guidelines
The IP address must be the same on all VRRP routers that make up the virtual router for this VLAN. If
the IP address is the same as the actual interface address of the device, this device is the IP address
owner, and is automatically elected as the master router as long as it remains functional.

Example
The following command sets up this device as the master router for VLAN vrrp-1, using IP address
192.168.1.3 as the virtual router IP address:
configure vrrp vlan vrrp-1 add master vrid 1 192.168.1.3

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 747

VRRP Commands

configure vrrp vlan authentication

configure vrrp vlan <vlan name> authentication [none | simple-password
<simple password>]

Description
Configures VRRP authentication.

Syntax Description

vlan name Specifies the name of a VRRP VLAN.

none Specifies that no password is required.
simple password Specifies the password for VRRP authentication. The maximum password
length is eight characters.

Default
N/A.

Usage Guidelines
None.

Example
The following command configures authentication for VRRP VLAN vrrp-1 with the password newvrrp:
configure vrrp vlan vrrp-1 authentication simple-password newvrrp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

748 ExtremeWare 7.3e Command Reference Guide

 configure vrrp vlan delete vrid

configure vrrp vlan delete vrid

configure vrrp vlan <vlan name> delete vrid [<number> | all]

Description
Deletes one or all VRIDs.

Syntax Description

vlan name Specifies the name of a VRRP VLAN.

number Specifies a Virtual Router ID (VRID). Value can be in the range of 1-255.
all Specifies that all virtual routers should be deleted for this VLAN on this device.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the virtual router identified by VRID 2:
configure vrrp vlan vrrp-1 delete vrid 2

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 749

VRRP Commands

configure vrrp vlan vrid

configure vrrp vlan <vlan name> vrid <number> [priority <priority_number> |
advertisement-interval <ad_interval_number> | dont_preempt | preempt]

Description
Configures VRRP parameters.

Syntax Description

vlan name Specifies the name of a VRRP VLAN.

number Specifies a Virtual Router ID (VRID). Value can be in the range of 1-255.
priority_number Specifies the priority value to be used by this VRRP router in the master
election process. The range is 1 - 254. The default value is 100.
ad_interval_number Specifies the time interval between advertisements, in seconds. The range is
1 - 255. The default value is 1 second.
dont_preempt Specifies that this router, as master, may not be preempted by a higher
priority backup router.
preempt Specifies that this router, as master, may be preempted by a higher-priority
backup router. This is the default.

Default
N/A.

Usage Guidelines
This command may be used to configure a VRRP router priority, advertisement interval, and preempt
mode.

The priority is used to determine which VRRP router takes over when the master fails over. A value of
255 is reserved for the router that is configured with the virtual router IP address. A value of 0 is
reserved for the master router’s use to indicate it is releasing responsibility for the virtual router.

The advertisement interval specifies the interval between advertisements sent by the master router to
inform the backup routers that it is alive. The master down interval is the interval that a backup router
waits after the last received advertisement before it determines that the master router is down.

If you have an extremely busy CPU, a short dual master situation can occur. To avoid this, increase the
advertisement interval.

The preempt mode controls whether a higher priority backup router preempts a lower priority master.
preempt allows preemption. dont_preempt prohibits preemption. The default setting is preempt. The
router that owns the virtual router IP address always preempts, independent of the setting of this
parameter.

Example
The following commands set a priority and advertisement interval for the VRRP router on VLAN
vrrp-1, and sets the preempt mode to disallow preemption:
configure vrrp vlan vrrp-1 vrid 2 priority 200

750 ExtremeWare 7.3e Command Reference Guide

 configure vrrp vlan vrid

configure vrrp vlan vrrp-1 vrid 2 advertisement-interval 15

configure vrrp vlan vrrp-1 vrid 2 dont_preempt

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 751

VRRP Commands

disable vrrp
disable vrrp

Description
Disables VRRP on the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This disables VRRP on the device. All virtual routers defined on this device will also be disabled.

Example
The following command disables VRRP on the device:
disable vrrp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

752 ExtremeWare 7.3e Command Reference Guide

 enable vrrp

enable vrrp
enable vrrp

Description
Enables VRRP on the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
IGMP snooping must be enabled for VRRP to operate correctly. Use the following command to enable
IGMP snooping:
enable igmp snooping

Example
The following command enables VRRP on this device:
enable vrrp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 753

VRRP Commands

show vrrp
show vrrp [vlan <vlan name> | all] {detail}

Description
Displays VRRP configuration information for one or all VLANs.

Syntax Description

vlan name Specifies the name of a VRRP VLAN.

all Specifies that information should be displayed for all VLANs.
detail Specifies detail information.

Default
N/A.

Usage Guidelines
Use the detail option for a detailed display.

Example
The following command displays summary status information for VRRP:
show vrrp
It produces output similar to the following:
VRRP Router: Enabled
VLAN Name VRID Pri Virtual IP Addr State Master Mac Addres Prt/TR/TPr/W/M/T
demo_vr(En) 0001 100 192.168.1.1 MSTR 00:00:5E:00:01:01 1 0 0 Y Y 1

En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, M-Preempt

Prt-Active Ports, TR-Tracked Routes/Pings, TPr-Tracked Ports, W-TrackWinner

The following command displays detail status information for VRRP:

show vrrp detail
It produces output similar to the following:
VRRP Router: Enabled
Vlan:demo_vrrp IpAddress Owner=192.168.1.2 Vrrp:ENABLED Router:ENABLED
Authentication: None
Tracked VLANs: -
Tracked Ip Routes: -
Tracked Pings/Freq/N_miss: -
Tracked Diag: -
Tracked Env: -
Track Winner: Yes
1) Backup-Vrid:1 Virtual-IP:192.168.1.1 Priority:100
Active Ports:1, Advert-Interval:1, Preempt:Yes
State:MASTER on Wed Jan 23 10:17:42 2002

754 ExtremeWare 7.3e Command Reference Guide

 show vrrp

Transition Counters: ToMaster:1 ToBackup:1

Skew:0.609375 Master-Dn-Int:3.60938

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

ExtremeWare 7.3e Command Reference Guide 755

VRRP Commands

show vrrp vlan stats

show vrrp vlan <vlan name> stats

Description
Displays VRRP statistics for a particular VLAN.

Syntax Description

vlan name Specifies the name of a VRRP VLAN.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays statistics for VLAN vrrp-1:
show vrrp vlan vrrp-1 stats

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on all platforms.

756 ExtremeWare 7.3e Command Reference Guide

17 IP Unicast Commands

Extreme Networks switches provide full layer 3, IP unicast routing. They exchange routing information
with other routers on the network using either the Routing Information Protocol (RIP) or the Open
Shortest Path First (OSPF) protocol. The switches dynamically build and maintain routing tables and
determine the best path for each of its routes.

Each host that uses the IP unicast routing functionality of the switch must have a unique IP address
assigned. In addition, the default gateway assigned to the host must be the IP address of the router
interface.

The routing software and hardware directs IP traffic between router interfaces. A router interface is
simply a VLAN that has an IP address assigned to it.

As you create VLANs with IP addresses belonging to different IP subnets, you can also choose to route
between the VLANs. The VLAN switching and IP routing functions occur within the switch.

Each IP address and mask assigned to a VLAN must represent a unique IP subnet. You cannot
configure the same IP subnet on different VLANs.

The Extreme Networks switch maintains an IP routing table for network routes and host routes. The
table is populated from the following sources:
• Dynamically, by way of routing protocol packets or by ICMP redirects exchanged with other routers
• Statically, by way of routes entered by the administrator
— Default routes, configured by the administrator
— Locally, by way of interface addresses assigned to the system
— By other static routes, as configured by the administrator

Dynamic routes are typically learned by way of RIP or OSPF. Routers that use RIP or OSPF exchange
information in their routing tables in the form of advertisements. Using dynamic routes, the routing
table contains only networks that are reachable.

Dynamic routes are aged out of the table when an update for the network is not received for a period of
time, as determined by the routing protocol.

Static routes are manually entered into the routing table. Static routes are used to reach networks not
advertised by routers. You can configure up to 64 static unicast routes on the switch.

Static routes can also be used for security reasons, to control which routes you want advertised by the
router. Static routes are never aged out of the routing table.

ExtremeWare 7.3e Command Reference Guide 757

IP Unicast Commands

A static route must be associated with a valid IP subnet. An IP subnet is associated with a single VLAN
by its IP address and subnet mask. If the VLAN is subsequently deleted, the static route entries using
that subnet must be deleted manually.

When there are multiple, conflicting choices of a route to a particular destination, the router picks the
route with the longest matching network mask. If these are still equal, the router picks the route using
the following criteria (in the order specified):
• Directly attached network interfaces
• ICMP redirects
• Static routes
• Directly attached network interfaces that are not active

If you define multiple default routes, the route that has the lowest metric is used. If there are multiple
default routes that have the same lowest metric, the system picks one of the routes.

You can also configure blackhole routes—traffic to these destinations is silently dropped.

Internet Control Message Protocol (ICMP) is used to transmit information needed to control IP traffic. It
is used mainly to provide information about routes to destination addresses. ICMP redirect messages
inform hosts about more accurate routes to other systems, whereas ICMP unreachable messages indicate
problems with a route.

Additionally, ICMP can cause TCP connection to terminate gracefully if the route becomes unavailable.

After IP unicast routing has been configured, you can configure the switch to forward Dynamic Host
Configuration Protocol (DHCP) or BOOTP requests coming from clients on subnets being service by the
switch and going to hosts on different subnets. This feature can be used in various applications,
including DHCP services between Windows NT servers and clients running Windows 95.

UDP-forwarding is a flexible and generalized routing utility for handling the directed forwarding of
broadcast UDP packets. UDP-forwarding allows applications, such as multiple DHCP relay services
from differing sets of VLANs, to be directed to different DHCP servers. The following rules apply to
UDP broadcast packets handled by this feature:
• If the UDP profile includes BOOTP or DHCP, the packet is handled according to guidelines in RFC
1542.
• If the UDP profile includes other types of traffic, these packets have the IP destination address
modified as configured, and changes are made to the IP and UDP checksums and decrements to the
TTL field, as appropriate.

If the UDP-forwarding is used for BOOTP or DHCP forwarding purposes, do not configure or use the
existing bootprelay function. However, if the previous bootprelay functions are adequate, you can
continue to use them.

To configure UPD-forwarding, you must first create a UDP-forward destination profile. The profile
describes the types of UDP packets (by port number) that are used and where they are to be forwarded.
You must give the profile a unique name, in the same manner as a VLAN, protocol filter, or Spanning
Tree Domain (STD).

Next, configure a VLAN to make use of the UDP-forwarding profile. As a result, all incoming traffic
from the VLAN that matches the UDP profile is handled as specified in the UDP-forwarding profile.

A maximum of 10 UDP-forwarding profiles can be defined. Each named profile may contain a
maximum of eight “rules” defining the UDP port, and destination IP address or VLAN. A VLAN can

758 ExtremeWare 7.3e Command Reference Guide

 use a single UDP-forwarding profile. UDP packets directed toward a VLAN use an all-ones broadcast
on that VLAN.

Proxy Address Resolution Protocol (ARP) was first developed so that ARP-capable devices could
respond to ARP Request packets on behalf of ARP-incapable devices. Proxy ARP can also be used to
achieve router redundancy and simplify IP client configuration. The Extreme Networks switch supports
proxy ARP for this type of network configuration.

Once IP ARP is configured, the system responds to ARP Requests on behalf of the device, as long as the
following conditions are satisfied:
• The valid IP ARP Request is received on a router interface.
• The target IP address matches the IP address configured in the proxy ARP table.
• The proxy ARP table entry indicates that the system should always answer this ARP Request,
regardless of the ingress VLAN (the always parameter must be applied).

After all the proxy ARP conditions have been met, the switch formulates an ARP Response using the
configured MAC address in the packet.

In some networks, it is desirable to configure the IP host with a wider subnet than the actual subnet
mask of the segment. Proxy ARP can be used so that the router answers ARP Requests for devices
outside of the subnet. As a result, the host communicates as if all devices are local. In reality,
communication with devices outside of the subnet are proxied by the router.

ExtremeWare 7.3e Command Reference Guide 759

IP Unicast Commands

clear iparp
clear iparp {<ip address> | vlan <vlan name>}

Description
Removes dynamic entries in the IP ARP table.

Syntax Description

ip address Specifies an IP address.

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
Permanent IP ARP entries are not affected.

Example
The following command removes a dynamically created entry from the IPARP table:
clear iparp 10.1.1.5/24

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

760 ExtremeWare 7.3e Command Reference Guide

 clear ipfdb

clear ipfdb
clear ipfdb {<ip address> <netmask>| vlan <vlan name>}

Description
Removes the dynamic entries in the IP forwarding database.

Syntax Description

ip address Specifies an IP address.

netmask Specifies a subnet mask.
vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
If no options are specified, all IP FDB entries are removed.

Example
The following command removes dynamically created entries in the IP forwarding database:
clear ipfdb 10.1.2.1/24

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 761

IP Unicast Commands

configure bootprelay add

configure bootprelay add <ip address>

Description
Configures the addresses to which BOOTP requests should be directed.

Syntax Description

ip address Specifies an IP address.

Default
N/A.

Usage Guidelines
After IP unicast routing has been configured, you can configure the switch to forward Dynamic Host
Configuration Protocol (DHCP) or BOOTP requests coming from clients on subnets being serviced by
the switch and going to hosts on different subnets. To configure the relay function, follow these steps:
1 Configure VLANs and IP unicast routing.
2 Enable the DHCP or BOOTP relay function, using the following command:
enable bootprelay
3 Configure the addresses to which DHCP or BOOTP requests should be directed, using the following
command:
configure bootprelay add <ip address>

Example
The following command configures BOOTP requests to be directed to 123.45.67.8:
configure bootprelay add 123.45.67.8

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms

762 ExtremeWare 7.3e Command Reference Guide

 configure bootprelay delete

configure bootprelay delete

configure bootprelay delete [<ip address> | all]

Description
Removes one or all IP destination addresses for forwarding BOOTP packets.

Syntax Description

ip address Specifies an IP address.

all Specifies all IP address entries.

Default
N/A.

Usage Guidelines
After IP unicast routing has been configured, you can configure the switch to forward Dynamic Host
Configuration Protocol (DHCP) or BOOTP requests coming from clients on subnets being serviced by
the switch and going to hosts on different subnets. To configure the relay function, follow these steps:
1 Configure VLANs and IP unicast routing.
2 Enable the DHCP or BOOTP relay function, using the following command:
enable bootprelay
3 Configure the addresses to which DHCP or BOOTP requests should be directed, using the following
command:
configure bootprelay add <ip address>

Example
The following command removes the destination address:
configure bootprelay delete 123.45.67.8

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 763

IP Unicast Commands

configure bootprelay dhcp-agent information check

configure bootprelay dhcp-agent information check

Description
Enables the Dynamic Host Configuration Protocol (DHCP) relay agent option (option 82) information
checking in the DHCP reply packet.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
After IP unicast routing has been configured, you can configure the switch to forward DHCP or BOOTP
requests coming from clients on subnets being serviced by the switch and going to hosts on different
subnets.

To configure the relay function and enable relay agent information checking in the DHCP reply packet,
follow these steps:

1 Configure VLANs and IP unicast routing.

2 Enable the DHCP or BOOTP relay function, using the following command:
enable bootprelay
3 Configure the addresses to which DHCP or BOOTP requests should be directed, using the following
command:
configure bootprelay add <ip address>
4 Configure the DHCP relay agent option (option 82), using the following command:
configure bootprelay dhcp-agent information option
5 Configure the option 82 check, using the following command:
configure bootprelay dhcp-agent information check

To disable the DHCP relay agent information checking in the DHCP reply packet, use the following
command:

unconfigure bootprelay dhcp-agent information check

Example
The following command configures DHCP relay agent option check:
configure bootprelay dhcp-agent information check

History
This command was available in ExtremeWare 7.2e.

764 ExtremeWare 7.3e Command Reference Guide

 configure bootprelay dhcp-agent information check

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 765

IP Unicast Commands

configure bootprelay dhcp-agent information option

configure bootprelay dhcp-agent information option

Description
Enables the Dynamic Host Configuration Protocol (DHCP) relay agent option (option 82).

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
After IP unicast routing has been configured, you can configure the switch to forward DHCP or BOOTP
requests coming from clients on subnets being serviced by the switch and going to hosts on different
subnets.

To configure the relay function, follow these steps:

1 Configure VLANs and IP unicast routing.

2 Enable the DHCP or BOOTP relay function, using the following command:
enable bootprelay
3 Configure the addresses to which DHCP or BOOTP requests should be directed, using the following
command:
configure bootprelay add <ip address>
4 Configure the DHCP relay agent option (option 82), using the following command:
configure bootprelay dhcp-agent information option

To disable the DHCP relay agent option (option 82), use the following command:

unconfigure bootprelay dhcp-agent information option

Example
The following command configures the DHCP relay agent option:
configure bootprelay dhcp-agent information option

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

766 ExtremeWare 7.3e Command Reference Guide

 configure bootprelay dhcp-agent information policy

configure bootprelay dhcp-agent information policy

configure bootprelay dhcp-agent information policy <policy>

Description
Configures the Dynamic Host Configuration Protocol (DHCP) relay agent reforwarding policy.

Syntax Description

policy Configures the policy according to one of the following values:

• drop—Drops the DHCP request if agent information is present in the DHCP request.
• keep—Keeps the agent information if agent information is present in the DHCP request.
• replace—Replaces the existing relay agent information with its own information if agent
information is present in the DHCP request.

Default
Replace.

Usage Guidelines
After IP unicast routing has been configured, you can configure the switch to forward DHCP or BOOTP
requests coming from clients on subnets being serviced by the switch and going to hosts on different
subnets.

To configure the relay function and the relay agent reforwarding policy, follow these steps:

1 Configure VLANs and IP unicast routing.

2 Enable the DHCP or BOOTP relay function, using the following command:
enable bootprelay
3 Configure the addresses to which DHCP or BOOTP requests should be directed, using the following
command:
configure bootprelay add <ip address>
4 Configure the DHCP relay agent option (option 82), using the following command:
configure bootprelay dhcp-agent information option
5 Configure the DHCP relay agent reforwarding policy, using the following command:
configure bootprelay dhcp-agent information policy <policy>

To disable the DHCP relay agent reforwarding policy, using the following command:

unconfigure bootprelay dhcp-agent information policy

Example
The following command configures the relay agent to drop the packets with existing relay agent
information:
configure bootprelay dhcp-agent information policy drop

ExtremeWare 7.3e Command Reference Guide 767

IP Unicast Commands

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

768 ExtremeWare 7.3e Command Reference Guide

 configure iparp add

configure iparp add

configure iparp add <ip address> <mac_address>

Description
Adds a permanent entry to the ARP table. Specify the IP address and MAC address of the entry.

Syntax Description

ip address Specifies an IP address.

mac_address Specifies a MAC address.

Default
N/A.

Usage Guidelines
Add a permanent IP ARP entry to the system. The ip address is used to match the IP interface
address to locate a suitable interface.

Example
The following command adds a permanent IP ARP entry to the switch for IP address 10.1.2.5:
configure iparp add 10.1.2.5 00:11:22:33:44:55

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 769

IP Unicast Commands

configure iparp add proxy

configure iparp add proxy <ip address> {<mask>} {<mac_address>} {always}

Description
Configures the switch to respond to ARP Requests on behalf of devices that are incapable of doing so.
Up to 64 proxy ARP entries can be configured.

Syntax Description

ip address Specifies an IP address.

mask Specifies a subnet mask.
mac_address Specifies a MAC address.
always Specifies all ARP Requests.

Default
N/A.

Usage Guidelines
When mask is not specified, an address with the mask 255.255.255.255 is assumed. When mac_address
is not specified, the MAC address of the switch is used in the ARP Response. When always is specified,
the switch answers ARP Requests without filtering requests that belong to the same subnet of the
receiving router interface.

After IP ARP is configured, the system responds to ARP Requests on behalf of the device as long as the
following conditions are satisfied:
• The valid IP ARP Request is received on a router interface.
• The target IP address matches the IP address configured in the proxy ARP table.
• The proxy ARP table entry indicates that the system should always answer this ARP Request,
regardless of the ingress VLAN (the always parameter must be applied).

After all the proxy ARP conditions have been met, the switch formulates an ARP Response using the
configured MAC address in the packet.

Example
The following command configures the switch to answer ARP Requests for all devices with the address
range of 100.101.45.1 to 100.101.45.255:
configure iparp add proxy 100.101.45.0/24

History
This command was available in ExtremeWare 7.1e.

770 ExtremeWare 7.3e Command Reference Guide

 configure iparp add proxy

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 771

IP Unicast Commands

configure iparp delete

configure iparp delete <ip address>

Description
Deletes an entry from the ARP table. Specify the IP address of the entry.

Syntax Description

ip address Specifies an IP address.

Default
N/A.

Usage Guidelines
Removes any IP ARP entry (dynamic or permanent) from the table. The ip address is used to match
the IP interface address to locate a suitable interface.

Example
The following command deletes an IP address entry from the ARP table:
configure iparp delete 10.1.2.5

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

772 ExtremeWare 7.3e Command Reference Guide

 configure iparp delete proxy

configure iparp delete proxy

configure iparp delete proxy [<ip address> {<mask>} | all]

Description
Deletes one or all proxy ARP entries.

Syntax Description

ip address Specifies an IP address.

mask Specifies a subnet mask.
all Specifies all ARP entries.

Default
Not Always.

Usage Guidelines
Proxy ARP can be used for two purposes:
1 To support host that cannot process ARP traffic. In this case, the switch answers the ARP Request for
that host.
2 To hide the IP topology from the host. The network administrator can configure a large network on
the host machine (16-bit mask) and a smaller network on each router interface (for example, 22-bit
mask). When the host sends ARP Request for another host on another subnet, the switch answers
the ARP Request and all subsequent traffic will be sent directly to the router.

You can configure up to 64 proxy ARP entries. When the mask is not specified, then software will
assume a host address (that is, a 32-bit mask). When the MAC address is not specified, then the
software uses the switch's MAC address as the proxy host. Always should be specified for type-1 usage,
not always is the default (type-2).

Example
The following command deletes the IP ARP proxy entry 100.101.45.0/24:
configure iparp delete proxy 100.101.45.0/24

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 773

IP Unicast Commands

configure iparp max-entries

configure iparp max-entries <number>

Description
Configures the maximum allowed IP ARP entries.

Syntax Description

number Specifies a number of maximum IP ARP entries.

Default
4096.

Usage Guidelines
Range: 1 - 20480. The maximum IP ARP entries include dynamic, static, and incomplete IP ARP
entries.

Example
The following command sets the maximum IP ARP entries to 2000 entries:
configure iparp max-entries 2000

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

774 ExtremeWare 7.3e Command Reference Guide

 configure iparp max-pending-entries

configure iparp max-pending-entries

configure iparp max-pending-entries <number>

Description
Configures the maximum allowed incomplete IP ARP entries.

Syntax Description

number Specifies a number of maximum IP ARP entries.

Default
256.

Usage Guidelines
Range: 1 - 20480, but cannot be greater than the configured IP ARP max-entries value.

Example
The following command sets the maximum IP ARP entries to 500 entries:
configure iparp max-pending-entries 500

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 775

IP Unicast Commands

configure iparp timeout

configure iparp timeout <minutes>

Description
Configures the IP ARP timeout period.

Syntax Description

minutes Specifies a time in minutes.

Default
20 minutes.

Usage Guidelines
A setting of 0 disables ARP aging.

Example
The following command sets the IP ARP timeout period to 10 minutes:
configure iparp timeout 10

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

776 ExtremeWare 7.3e Command Reference Guide

 configure ip-down-vlan-action

configure ip-down-vlan-action
configure ip-down-vlan-action [consume | drop | forward]

Description
Configures the forwarding functionality destined to nonworking IP interfaces.

Syntax Description

consume Specifies the consume function.

drop Specifies the drop function.
forward Specifies the forwarding function.

Default
N/A.

Usage Guidelines
None.

Example
The following command configures the forwarding functionality destined to nonworking IP interfaces:
configure ip-down-vlan-action forward

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 777

IP Unicast Commands

configure ipfdb route-add

configure ipfdb route-add [clear-all | clear-subnet]

Description
Specifies which routes are deleted and reinstalled with a new gateway.

Syntax Description

clear-all Clears all IPFDB entries associated with a route if a more specific route
is installed.
clear-subnet Clears only the IPFDB entries associated with the new route’s subnet.

Default
The default is clear-all.

Usage Guidelines
To see the current setting, use the show ipconfig command.

Example
The following command clears only the IPFDB entries associated with the new route’s subnet:
configure ipfdb route-add clear-subnet

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

778 ExtremeWare 7.3e Command Reference Guide

 configure iproute add

configure iproute add

configure iproute add <ip address> <mask> <gateway> <metric>

Description
Adds a static address to the routing table.

Syntax Description

ip address Specifies an IP address.

mask Specifies a subnet mask.
gateway Specifies a VLAN gateway.
metric Specifies a cost metric.

Default
N/A.

Usage Guidelines
Use a value of 255.255.255.255 for mask to indicate a host entry.

Example
The following command adds a static address to the routing table:
configure iproute add 10.1.1.1/24 123.45.67.1 5

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 779

IP Unicast Commands

configure iproute add blackhole

configure iproute add blackhole <ip address> <mask>

Description
Adds a blackhole address to the routing table. All traffic destined for a configured blackhole IP address
is silently dropped, and no Internet Control Message Protocol (ICMP) message is generated.

Syntax Description

ip address Specifies an IP address.

mask Specifies a subnet mask.

Default
N/A.

Usage Guidelines
A blackhole entry configures packets with a specified MAC destination address to be discarded.
Blackhole entries are useful as a security measure or in special circumstances where a specific
destination address must be discarded. Blackhole entries are treated like permanent entries in the event
of a switch reset or power off/on cycle. Blackhole entries are never aged out of the forwarding database
(FDB).

Example
The following command adds a blackhole address to the routing table for packets with a destination
address of 100.101.145.4:
configure iproute add blackhole 100.101.145.4

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

780 ExtremeWare 7.3e Command Reference Guide

 configure iproute add blackhole default

configure iproute add blackhole default

configure iproute add blackhole default

Description
Adds a default blackhole route to the routing table. All traffic destined for an unknown IP destination is
silently dropped, and no Internet Control Message Protocol (ICMP) message is generated.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
While a default route is for forwarding traffic destined to an unknown IP destination, and a blackhole
route is for discarding traffic destined to a specified IP destination, a default blackhole route is for
discarding traffic to the unknown IP destination.

Using this command, all traffic with an unknown destination is discarded. If there is another static
default route existing in the routing table, the blackhole default route takes higher route priority.

The default blackhole route is treated like a permanent entry in the event of a switch reset or power
off/on cycle. The default blackhole route’s origin is “b” or “blackhole” and the gateway IP address for
this route is 0.0.0.0.

Example
The following command adds a blackhole default route into the routing table:
configure iproute add blackhole default

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 781

IP Unicast Commands

configure iproute add default

configure iproute add default <gateway> {<metric>}

Description
Adds a default gateway to the routing table.

Syntax Description

gateway Specifies a VLAN gateway

metric Specifies a cost metric. If no metric is specified, the default of 1 is used.

Default
If no metric is specified, the default metric of 1 is used.

Usage Guidelines
Default routes are used when the router has no other dynamic or static route to the requested
destination. A default gateway must be located on a configured IP interface. Use the unicast-only or
multicast-only options to specify a particular traffic type. If not specified, both unicast and multicast
traffic uses the default route.

Example
The following command configures a default route for the switch:
configure iproute add default 123.45.67.1

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

782 ExtremeWare 7.3e Command Reference Guide

 configure iproute delete

configure iproute delete

configure iproute delete <ip address> <mask> <gateway>

Description
Deletes a static address from the routing table.

Syntax Description

ip address Specifies an IP address.

mask Specifies a subnet mask.
gateway Specifies a VLAN gateway.

Default
N/A.

Usage Guidelines
Use a value of 255.255.255.255 for mask to indicate a host entry.

Example
The following command deletes an address from the gateway:
configure iproute delete 10.101.0.250/24 10.101.0.1

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 783

IP Unicast Commands

configure iproute delete blackhole

configure iproute delete blackhole <ip address> <mask>

Description
Deletes a blackhole address from the routing table.

Syntax Description

ip address Specifies an IP address.

mask Specifies a subnet mask.

Default
N/A.

Usage Guidelines
None.

Example
The following command removes a blackhole address from the routing table:
configure iproute delete blackhole 100.101.145.4

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

784 ExtremeWare 7.3e Command Reference Guide

 configure iproute delete blackhole default

configure iproute delete blackhole default

configure iproute delete blackhole default

Description
Deletes a default blackhole route from the routing table.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes a blackhole default route from the routing table:
configure iproute delete blackhole default

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 785

IP Unicast Commands

configure iproute delete default

configure iproute delete default <gateway>

Description
Deletes a default gateway from the routing table.

Syntax Description

gateway Specifies a VLAN gateway.

Default
N/A.

Usage Guidelines
Default routes are used when the router has no other dynamic or static route to the requested
destination. A default gateway must be located on a configured IP interface.

Example
The following command deletes a default gateway:
configure iproute delete default 123.45.67.1

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

786 ExtremeWare 7.3e Command Reference Guide

 configure iproute priority

configure iproute priority

configure iproute priority [rip | bootp | icmp | static | ospf-intra |
ospf-inter | ospf-as-external | ospf-extern1 | ospf-extern2] <priority>

Description
Changes the priority for all routes from a particular route origin.

Syntax Description

rip Specifies RIP.

bootp Specifies BOOTP.
icmp Specifies ICMP.
static Specifies static routes.
ospf-intra Specifies OSPFIntra routing.
ospf-inter Specifies OSPFInter routing.
ospf-as-external Specifies OSPF as External routing.
ospf-extern1 Specifies OSPF External 1 routing.
ospf-extern2 Specifies OSPF External 2 routing.
priority Specifies a priority number.

Default
Table 16 lists the relative priorities assigned to routes depending upon the learned source of the route.

Table 16: Relative Route Priorities

Route Origin Priority

Direct 10
Blackhole 50
Static 1100
ICMP 1200
OSPFIntra 2200
OSPFInter 2300
RIP 2400
OSPF External 1 3200
OSPF External 2 3300
BOOTP 5000

Usage Guidelines
Although these priorities can be changed, do not attempt any manipulation unless you are expertly
familiar with the possible consequences.

ExtremeWare 7.3e Command Reference Guide 787

IP Unicast Commands

Example
The following command sets IP route priority for static routing to 1200:
configure iproute priority static 1200

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

788 ExtremeWare 7.3e Command Reference Guide

 configure irdp

configure irdp
configure irdp [multicast | broadcast]

Description
Configures the destination address of the router advertisement messages.

Syntax Description

multicast Specifies multicast setting.

broadcast Specifies broadcast setting.

Default
Multicast (224.0.0.1).

Usage Guidelines
None.

Example
The following command sets the address of the router advertiser messages to multicast:
configure irdp multicast

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 789

IP Unicast Commands

configure irdp
configure irdp <mininterval> <maxinterval> <lifetime> <preference>

Description
Configures the router advertisement message timers, using seconds.

Syntax Description

mininterval Specifies the minimum amount of time between router advertisements in

seconds. The default setting is 450 seconds.
maxinterval Specifies the maximum amount of time between router advertisements in
seconds. The default setting is 600 seconds.
lifetime Specifies the client aging time. The default setting is 1,800 seconds.
preference Specifies the preference level of the router. The default setting is 0.

Default
N/A.

Usage Guidelines
All arguments need to be specified. All time intervals are in seconds.

An ICMP Router Discover Protocol (IRDP) client always uses the router with the highest preference
level. Change the preference setting to encourage or discourage the use of this router. The default
setting is 0.

Example
The following command configures the router advertisement message timers:
configure irdp 30 40 300 1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

790 ExtremeWare 7.3e Command Reference Guide

 configure udp-profile add

configure udp-profile add

configure udp-profile <profile_name> add <udp_port> [vlan <vlan name> | ip
address <dest_ipaddress>]

Description
Configures a UDP-forwarding profile.

Syntax Description

profile_name Specifies a UDP profile name.

udp_port Specifies a UDP port number.
vlan name Specifies a VLAN name.
dest_ipaddress Specifies an IP address.

Default
N/A.

Usage Guidelines
A maximum of 10 UDP-forwarding profiles can be defined. Each named profile may contain a
maximum of eight “rules” defining the UDP port, and destination IP address or VLAN. A VLAN can
make use of a single UDP-forwarding profile. UDP packets directed toward a VLAN use an all-ones
broadcast on that VLAN.

Example
The following command adds port 34 to UDP profile port_34_to_server:
configure udp-profile port_34_to_server add 34 ip address 10.1.1.1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 791

IP Unicast Commands

configure udp-profile delete

configure udp-profile <profile_name> delete <udp_port> [vlan <vlan name> |
ip address <dest_ipaddress>]

Description
Deletes a forwarding entry from the specified UDP-profile.

Syntax Description

profile_name Specifies a UDP profile name.

udp_port Specifies a UDP port number.
vlan name Specifies a VLAN name.
dest_ipaddress Specifies an IP address.

Default
N/A.

Usage Guidelines
None.

Example
The following command removes port 34 from UDP profile port_34_to_server:
configure udp-profile port_34_to_server delete 34 ip address 10.1.1.1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

792 ExtremeWare 7.3e Command Reference Guide

 configure vlan upd-profile

configure vlan upd-profile

configure vlan <vlan name> udp-profile <profile_name>

Description
Assigns a UDP-forwarding profile to the source VLAN.

Syntax Description

vlan name Specifies a VLAN name.

profile_name Specifies a UDP profile name.

Default
N/A.

Usage Guidelines
After the UDP profile has been associated with the VLAN, the switch picks up any broadcast UDP
packets that match the user-configured UDP port number, and forwards those packets to the
user-defined destination. If the UDP port is the DHCP/BOOTP port number, appropriate
BOOTP/DHCP proxy functions are invoked.

Example
The following command assigns a UDP profile to VLAN accounting:
configure vlan accounting udp-profile port_34_to_server

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 793

IP Unicast Commands

create udp-profile
create udp-profile <profile_name>

Description
Creates a UDP-forwarding destination profile that describes the types of UDP packets (by port number)
that are used, and where they are to be forwarded.

Syntax Description

profile_name Specifies a UDP profile name.

Default
N/A.

Usage Guidelines
You must give the profile a unique name, in the same manner as a VLAN, protocol filter, or Spanning
Tree Domain (STD). A maximum of 10 UDP-forwarding profiles can be defined.

Example
The following command creates a UPD profile named backbone:
create udp-profile backbone

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

794 ExtremeWare 7.3e Command Reference Guide

 delete udp-profile

delete udp-profile
delete udp-profile <profile_name>

Description
Deletes a UDP-forwarding profile.

Syntax Description

profile_name Specifies a UDP profile name.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes a UPD profile named backbone:
delete udp-profile backbone

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 795

IP Unicast Commands

disable bootp vlan

disable bootp vlan [<vlan name> | all]

Description
Disables the generation and processing of BOOTP packets on a VLAN to obtain an IP address for the
VLAN from a BOOTP server.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.

Default
Enabled for all VLANs.

Usage Guidelines
None.

Example
The following command disables the generation and processing of BOOTP packets on a VLAN named
accounting:
disable bootp vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

796 ExtremeWare 7.3e Command Reference Guide

 disable bootprelay

disable bootprelay
disable bootprelay

Description
Disables the BOOTP relay function.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
After IP unicast routing has been configured, you can configure the switch to forward Dynamic Host
Configuration Protocol (DHCP) or BOOTP requests coming from clients on subnets being serviced by
the switch and going to hosts on different subnets. This feature can be used in various applications,
including DHCP services between Windows NT servers and clients running Windows 95. To configure
the relay function, follow these steps:
1 Configure VLANs and IP unicast routing.
2 Enable the DHCP or BOOTP relay function, using the following command:
enable bootprelay
3 Configure the addresses to which DHCP or BOOTP requests should be directed, using the following
command:
configure bootprelay add <ip address>

Example
The following command disables the forwarding of BOOTP requests:
disable bootprelay

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 797

IP Unicast Commands

disable icmp address-mask

disable icmp address-mask {vlan <vlan name>}

Description
Disables the generation of an ICMP address-mask reply on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Disables the generation of an ICMP address-mask reply (type 18, code 0) when an ICMP address mask
request is received. The default setting is enabled. If a VLAN is not specified, the command applies to
all IP interfaces.

This command only affects the generation of certain ICMP packets. Filtering of ICMP packets usually
forwarded by the switch is controlled by the access-list commands.

Example
The following command disables the generation of an ICMP address-mask reply on VLAN accounting:
disable icmp address-mask vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

798 ExtremeWare 7.3e Command Reference Guide

 disable icmp parameter-problem

disable icmp parameter-problem

disable icmp parameter-problem {vlan <vlan name>}

Description
Disables the generation of an ICMP parameter-problem message on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Disables the generation of an ICMP parameter-problem message (type 12) when the switch cannot
properly process the IP header or IP option information. If a VLAN is not specified, the command
applies to all IP interfaces.

This command only affects the generation of certain ICMP packets. Filtering of ICMP packets usually
forwarded by the switch is controlled by the access-list commands.

Example
The following command disables the generation of an ICMP parameter-problem message on VLAN
accounting:
disable icmp parameter-problem vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 799

IP Unicast Commands

disable icmp port-unreachables

disable icmp port-unreachables {vlan <vlan name>}

Description
Disables the generation of ICMP port unreachable messages on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Disables the generation of ICMP port unreachable messages (type 3, code 3) when a TPC or UDP
request is made to the switch, and no application is waiting for the request, or access policy denies the
request. If a VLAN is not specified, the command applies to all IP interfaces.

This command only affects the generation of certain ICMP packets. Filtering of ICMP packets usually
forwarded by the switch is controlled by the access-list commands.

Example
The following command disables ICMP port unreachable messages on VLAN accounting:
disable icmp port-unreachables vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

800 ExtremeWare 7.3e Command Reference Guide

 disable icmp redirects

disable icmp redirects

disable icmp redirects {vlan <vlan name>}

Description
Disables generation of ICMP redirect messages on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
This option only applies to the switch when the switch is not in routing mode.

Example
The following command disables ICMP redirects from VLAN accounting:
disable icmp redirects vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 801

IP Unicast Commands

disable icmp time-exceeded

disable icmp time-exceeded {vlan <vlan name>}

Description
Disables the generation of ICMP time exceeded messages on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Disables the generation of an ICMP time exceeded message (type 11) when the TTL field expires during
forwarding. IP multicast packets do not trigger ICMP time exceeded messages. If a VLAN is not
specified, the command applies to all IP interfaces.

This command only affects the generation of certain ICMP packets. Filtering of ICMP packets usually
forwarded by the switch is controlled by the access-list commands.

Example
The following command disables the generation of ICMP time exceeded messages on VLAN accounting:
disable icmp time-exceeded vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

802 ExtremeWare 7.3e Command Reference Guide

 disable icmp timestamp

disable icmp timestamp

disable icmp timestamp {vlan <vlan name>}

Description
Disables the generation of an ICMP timestamp response on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Disables the generation of an ICMP timestamp response (type 14, code 0) when an ICMP timestamp
request is received. If a VLAN is not specified, the command applies to all IP interfaces.

This command only affects the generation of certain ICMP packets. Filtering of ICMP packets usually
forwarded by the switch is controlled by the access-list commands.

Example
The following command disables the generation of an ICMP timestamp response on VLAN accounting:
disable icmp timestamp vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 803

IP Unicast Commands

disable icmp unreachables

disable icmp unreachables {vlan <vlan name>}

Description
Disables the generation of ICMP unreachable messages on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
None.

Example
The following command disables the generation of ICMP unreachable messages on all VLANs:
disable icmp unreachables

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

804 ExtremeWare 7.3e Command Reference Guide

 disable icmp useredirects

disable icmp useredirects

disable icmp useredirects

Description
Disables the modification of route table information when an ICMP redirect message is received.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This option only applies to the switch when the switch is not in routing mode.

Example
The following command disables the changing of routing table information:
disable icmp useredirects

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 805

IP Unicast Commands

disable iparp checking

disable iparp checking

Description
Disable checking if the ARP Request source IP address is within the range of the local interface or
VLAN domain.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command disables IP ARP checking:
disable iparp checking

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

806 ExtremeWare 7.3e Command Reference Guide

 disable iparp refresh

disable iparp refresh

disable iparp refresh

Description
Disables IP ARP to refresh its IP ARP entries before timing out.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
IP ARP refresh can only be disabled if IP forwarding is disabled. The purpose of disabling ARP refresh
is to reduce ARP traffic in a high node count layer 2 switching only environment.

Example
The following command disables IP ARP refresh:
disable iparp refresh

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 807

IP Unicast Commands

disable ipforwarding
disable ipforwarding {[broadcast |ignore-broadcast]} {vlan <vlan name>}

Description
Disables routing (or routing of broadcasts) for one or all VLANs. If no argument is provided, disables
routing for all VLANs.

Syntax Description

broadcast Specifies broadcast IP forwarding.

ignore-broadcast Specifies to ignore broadcast forwarding.
vlan name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
Disabling IP forwarding also disables broadcast forwarding. Broadcast forwarding can be disabled
without disabling IP forwarding.When new IP interfaces are added, IP forwarding and IP broadcast
forwarding) is disabled by default.
Other IP related configuration is not affected.

Example
The following command disables forwarding of IP broadcast traffic for a VLAN named accounting:
disable ipforwarding broadcastvlan accounting

History
This command was available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support broadcast IP forwarding.

Platform Availability
This command is available on the “e” series platforms.

808 ExtremeWare 7.3e Command Reference Guide

 disable ip-option loose-source-route

disable ip-option loose-source-route

disable ip-option loose-source-route

Description
Disables the loose source route IP option.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command disables the loose source route IP option:
disable ip-option loose-source-route

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 809

IP Unicast Commands

disable ip-option record-route

disable ip-option record-route

Description
Disables the record route IP option.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command disables the record route IP option:
disable ip-option record-route

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

810 ExtremeWare 7.3e Command Reference Guide

 disable ip-option record-timestamp

disable ip-option record-timestamp

disable ip-option record-timestamp

Description
Disables the record timestamp IP option.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command disables the record timestamp IP option:
disable ip-option record-timestamp

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 811

IP Unicast Commands

disable ip-option strict-source-route

disable ip-option strict-source-route

Description
Disables the strict source route IP option.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command disables the strict source route IP option:
disable ip-option strict-source-route

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

812 ExtremeWare 7.3e Command Reference Guide

 disable ip-option use-router-alert

disable ip-option use-router-alert

disable ip-option use-router-alert

Description
Disables the generation of the router alert IP option.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command disables generation of the router alert IP option:
disable ip-option use-router-alert

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 813

IP Unicast Commands

disable iproute sharing

disable iproute sharing

Description
Disables load sharing if multiple routes to the same destination are available. When multiple routes to
the same destination are available, load sharing can be enabled to distribute the traffic to multiple
destination gateways. Only paths with the same lowest cost is will be shared.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
IP route sharing allows multiple equal-cost routes to be used concurrently. IP route sharing can be used
with static routes or with OSPF routes. In OSPF, this capability is referred to as equal cost multipath
(ECMP) routing.

Configure static routes and/or OSPF as you would normally. ExtremeWare supports unlimited route
sharing across static routes and up to 12 ECMP routes for OSPF.

Route sharing is useful only in instances where you are constrained for bandwidth. This is typically not
the case using Extreme switches. Using route sharing makes router troubleshooting more difficult
because of the complexity in predicting the path over which the traffic will travel.

Example
The following command disables load sharing for multiple routes:
disable iproute sharing

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

814 ExtremeWare 7.3e Command Reference Guide

 disable irdp

disable irdp
disable irdp {vlan <vlan name>}

Description
Disables the generation of ICMP router advertisement messages on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
If no optional argument is specified, all the IP interfaces are affected.

Example
The following command disables IRDP on VLAN accounting:
disable irdp vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 815

IP Unicast Commands

disable loopback-mode vlan

disable loopback-mode vlan [<vlan name> | all]

Description
Disallows a VLAN to be placed in the UP state without an external active port. This allows (disallows)
the VLANs routing interface to become active.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.

Default
N/A.

Usage Guidelines
Use this command to specify a stable interface as a source interface for routing protocols. This decreases
the possibility of route flapping, which can disrupt connectivity.

Example
The following command disallows the VLAN accounting to be placed in the UP state without an
external active port:
disable loopback-mode vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

816 ExtremeWare 7.3e Command Reference Guide

 disable udp-echo-server

disable udp-echo-server
disable udp-echo-server

Description
Disables UDP echo server support.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
UDP Echo packets are used to measure the transit time for data between the transmitting and receiving
end.

Example
The following command disables UDP echo server support:
disable udp-echo-server

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 817

IP Unicast Commands

enable bootp vlan

enable bootp vlan [<vlan name> | all]

Description
Enables the generation and processing of BOOTP packets on a VLAN to obtain an IP address for the
VLAN from a BOOTP server.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.

Default
Enabled for all VLANs.

Usage Guidelines
None.

Example
The following command enables the generation and processing of BOOTP packets on a VLAN named
accounting:
enable bootp vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

818 ExtremeWare 7.3e Command Reference Guide

 enable bootprelay

enable bootprelay
enable bootprelay

Description
Enables the BOOTP relay function.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
After IP unicast routing has been configured, you can configure the switch to forward Dynamic Host
Configuration Protocol (DHCP) or BOOTP requests coming from clients on subnets being serviced by
the switch and going to hosts on different subnets. This feature can be used in various applications,
including DHCP services between Windows NT servers and clients running Windows 95. To configure
the relay function, follow these steps:
1 Configure VLANs and IP unicast routing.
2 Enable the DHCP or BOOTP relay function, using the following command:
enable bootprelay
3 Configure the addresses to which DHCP or BOOTP requests should be directed, using the following
command:
configure bootprelay add <ip address>

Example
The following command enables the forwarding of BOOTP requests:
enable bootprelay

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 819

IP Unicast Commands

enable icmp address-mask

enable icmp address-mask {vlan <vlan name>}

Description
Enables the generation of an ICMP address-mask reply on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Enables the generation of an ICMP address-mask reply (type 18, code 0) when an ICMP address mask
request is received.The default setting is enabled. If a VLAN is not specified, the command applies to all
IP interfaces.

This command only affects the generation of certain ICMP packets. Filtering of ICMP packets usually
forwarded by the switch is controlled by the access-list commands.

Example
The following command enables the generation of an ICMP address-mask reply on VLAN accounting:
enable icmp address-mask vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

820 ExtremeWare 7.3e Command Reference Guide

 enable icmp parameter-problem

enable icmp parameter-problem

enable icmp parameter-problem {vlan <vlan name>}

Description
Enables the generation of an ICMP parameter-problem message on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Enables the generation of an ICMP parameter-problem message (type 12) when the switch cannot
properly process the IP header or IP option information. If a VLAN is not specified, the command
applies to all IP interfaces.

This command only affects the generation of certain ICMP packets. Filtering of ICMP packets usually
forwarded by the switch is controlled by the access-list commands.

Example
The following command enables the generation of an ICMP parameter-problem message on VLAN
accounting:
enable icmp parameter-problem vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 821

IP Unicast Commands

enable icmp port-unreachables

enable icmp port-unreachables {vlan <vlan name>}

Description
Enables the generation of ICMP port unreachable messages on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Enables the generation of ICMP port unreachable messages (type 3, code 3) when a TPC or UDP request
is made to the switch, and no application is waiting for the request, or access policy denies the request.
If a VLAN is not specified, the command applies to all IP interfaces.

This command only affects the generation of certain ICMP packets. Filtering of ICMP packets usually
forwarded by the switch is controlled by the access-list commands.

Example
The following command enables ICMP port unreachable messages on VLAN accounting:
enable icmp port-unreachables vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

822 ExtremeWare 7.3e Command Reference Guide

 enable icmp redirects

enable icmp redirects

enable icmp redirects {vlan <vlan name>}

Description
Enables generation of ICMP redirect messages on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
This option only applies to the switch when the switch is not in routing mode.

Example
The following command enables the generation of ICMP redirect messages on all VLANs:
enable icmp redirects

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 823

IP Unicast Commands

enable icmp time-exceeded

enable icmp time-exceeded {vlan <vlan name>}

Description
Enables the generation of ICMP time exceeded messages on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Enables the generation of an ICMP time exceeded message (type 11) when the TTL field expires during
forwarding. IP multicast packets do not trigger ICMP time exceeded messages. If a VLAN is not
specified, the command applies to all IP interfaces.

This command only affects the generation of certain ICMP packets. Filtering of ICMP packets usually
forwarded by the switch is controlled by the access-list commands.

Example
The following command enables the generation of ICMP time exceeded messages on VLAN accounting:
enable icmp time-exceeded vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

824 ExtremeWare 7.3e Command Reference Guide

 enable icmp timestamp

enable icmp timestamp

enable icmp timestamp {vlan <vlan name>}

Description
Enables the generation of an ICMP timestamp response on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Enables the generation of an ICMP timestamp response (type 14, code 0) when an ICMP timestamp
request is received. If a VLAN is not specified, the command applies to all IP interfaces.

This command only affects the generation of certain ICMP packets. Filtering of ICMP packets usually
forwarded by the switch is controlled by the access-list commands.

Example
The following command enables the generation of an ICMP timestamp response on VLAN accounting:
enable icmp timestamp vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 825

IP Unicast Commands

enable icmp unreachables

enable icmp unreachables {vlan <vlan name>}

Description
Enables the generation of ICMP unreachable messages on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
None.

Example
The following command enables the generation of ICMP unreachable messages on all VLANs:
enable icmp unreachables

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

826 ExtremeWare 7.3e Command Reference Guide

 enable icmp useredirects

enable icmp useredirects

enable icmp useredirects

Description
Enables the modification of route table information when an ICMP redirect message is received.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This option only applies to the switch when the switch is not in routing mode.

Example
The following command enables the modification of route table information:
enable icmp useredirects

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 827

IP Unicast Commands

enable iparp checking

enable iparp checking

Description
Enables checking if the ARP Request source IP address is within the range of the local interface or
VLAN domain.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command enables IP ARP checking:
enable iparp checking

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

828 ExtremeWare 7.3e Command Reference Guide

 enable iparp refresh

enable iparp refresh

enable iparp refreshenable iparp refresh

Description
Enables IP ARP to refresh its IP ARP entries before timing out.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
IP ARP refresh can only be disabled if IP forwarding is disabled. The purpose of disabling ARP refresh
is to reduce ARP traffic in a high node count layer 2 switching only environment.

Example
The following command enables IP ARP refresh:
enable iparp refresh

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 829

IP Unicast Commands

enable ipforwarding
enable ipforwarding {[broadcast | ignore-broadcast]}{vlan <vlan name>}

Description
Enables IP routing or IP broadcast forwarding for one or all VLANs. If no argument is provided,
enables IP routing for all VLANs that have been configured with an IP address.

Syntax Description

broadcast Specifies broadcast IP forwarding.

ignore-broadcast Specifies to ignore broadcast forwarding.
vlan name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
IP forwarding must first be enabled before IP broadcast forwarding can be enabled. When new IP
interfaces are added, IP forwarding (and IP broadcast forwarding) is disabled by default.

Other IP related configuration is not affected.

Example
The following command enables forwarding of IP traffic for all VLANs with IP addresses:
enable ipforwarding

The following command enables forwarding of IP broadcast traffic for a VLAN named accounting:
enable ipforwarding broadcast vlan accounting

History
This command was available in ExtremeWare 7.1e.

This command was modified in an ExtremeWare 7.2e to support the ignore-broadcast keyword.

Platform Availability
This command is available on the “e” series platforms.

830 ExtremeWare 7.3e Command Reference Guide

 enable ip-option loose-source-route

enable ip-option loose-source-route

enable ip-option loose-source-route

Description
Enables the loose source route IP option.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command enables the loose source route IP option:
enable ip-option loose-source-route

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 831

IP Unicast Commands

enable ip-option record-route

enable ip-option record-route

Description
Enables the record route IP option.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command enables the record route IP option:
enable ip-option record-route

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

832 ExtremeWare 7.3e Command Reference Guide

 enable ip-option record-timestamp

enable ip-option record-timestamp

enable ip-option record-timestamp

Description
Enables the record timestamp IP option.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command enables the record timestamp IP option:
enable ip-option record-timestamp

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 833

IP Unicast Commands

enable ip-option strict-source-route

enable ip-option strict-source-route

Description
Enables the strict source route IP option.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command enables the strict source route IP option:
enable ip-option strict-source-route

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

834 ExtremeWare 7.3e Command Reference Guide

 enable ip-option use-router-alert

enable ip-option use-router-alert

enable ip-option use-router-alert

Description
Enables the generation of the router alert IP option.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command enables generation of the router alert IP option:
enable ip-option use-router-alert

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 835

IP Unicast Commands

enable iproute sharing

enable iproute sharing

Description
Enables load sharing if multiple routes to the same destination are available. When multiple routes to
the same destination are available, load sharing can be enabled to distribute the traffic to multiple
destination gateways. Only paths with the same lowest cost is will be shared.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
IP route sharing allows multiple equal-cost routes to be used concurrently. IP route sharing can be used
with static routes or with OSPF routes. In OSPF, this capability is referred to as equal cost multipath
(ECMP) routing.

Configure static routes and/or OSPF as you would normally. ExtremeWare supports unlimited route
sharing across static routes and up to 12 ECMP routes for OSPF.

Route sharing is useful only in instances where you are constrained for bandwidth. This is typically not
the case using Extreme switches. Using route sharing makes router troubleshooting more difficult
because of the complexity in predicting the path over which the traffic will travel.

Example
The following command enables load sharing for multiple routes:
enable iproute sharing

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

836 ExtremeWare 7.3e Command Reference Guide

 enable irdp

enable irdp
enable irdp {vlan <vlan name>}

Description
Enables the generation of ICMP router advertisement messages on one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
If no optional argument is specified, all the IP interfaces are affected.

Example
The following command enables IRDP on VLAN accounting:
enable irdp vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 837

IP Unicast Commands

enable loopback-mode vlan

enable loopback-mode vlan [<vlan name> | all]

Description
Allows a VLAN to be placed in the UP state without an external active port. This allows (disallows) the
VLANs routing interface to become active.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.

Default
N/A.

Usage Guidelines
Use this command to specify a stable interface as a source interface for routing protocols. This decreases
the possibility of route flapping, which can disrupt connectivity.

Example
The following command allows the VLAN accounting to be placed in the UP state without an external
active port:
enable loopback-mode vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

838 ExtremeWare 7.3e Command Reference Guide

 enable udp-echo-server

enable udp-echo-server
enable udp-echo-server

Description
Enables UDP echo server support.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
UDP Echo packets are used to measure the transit time for data between the transmitting and receiving
end.

Example
The following command enables UDP echo server support:
enable udp-echo-server

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 839

IP Unicast Commands

rtlookup
rtlookup [<ip address> | <hostname>]

Description
Performs a look-up in the route table to determine the best route to reach an IP address or host.

Syntax Description

hostname Specifies a hostname.

ip address Specifies an IP address.

Default
N/A.

Usage Guidelines
The output of the rtlookup command has been enhanced to include information about MPLS LSPs
associated with the routes. The flags field displayed by this command has been enhanced to indicate the
presence of MPLS next hops. An uppercase L indicates the presence of a direct LSP next hop for the
route. A lowercase l indicates the presence of an indirect LSP next hope for the route.

An optional mpls keyword has been added to the rtlookup command. When the mpls keyword is
specified, the information displayed is modified; some of the information normally displayed is
omitted, and the LSP endpoint and outgoing MPLS label are displayed instead. The LSP endpoint is the
IP address/prefix of the FEC associated with the LSP. The LSP endpoint matches the destination for
direct LSPs and is a 32-bit prefix address of a proxy router for indirect LSPs.

Example
The following command performs a look up in the route table to determine the best way to reach the
specified hostname:
rtlookup berkeley.edu

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

840 ExtremeWare 7.3e Command Reference Guide

 show iparp

show iparp
show iparp {<ip address> | <mac_address> | vlan <vlan name> | permanent}

Description
Displays the IP Address Resolution Protocol (ARP) table. You can filter the display by IP address, MAC
address, VLAN, or permanent entries.

Syntax Description

ip address Specifies an IP address.

mac_address Specifies a MAC address.
vlan name Specifies a VLAN name.
permanent Specifies permanent entries.

Default
Show all entries.

Usage Guidelines
Displays the IP ARP table, including:
• IP address
• MAC address
• Aging timer value
• VLAN name, VLAN ID and port number
• Flags

Example
The following command displays the IP ARP table:
show iparp 10.1.1.5/24

History
This command was available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2.e to provide the MAC address option.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 841

IP Unicast Commands

show iparp proxy

show iparp proxy {<ip address> {<mask>}}

Description
Displays the proxy ARP table.

Syntax Description

ip address Specifies an IP address.

mask Specifies a subnet mask.

Default
N/A.

Usage Guidelines
If no argument is specified, then all proxy ARP entries are displayed.

Example
The following command displays the proxy ARP table:
show iparp proxy 10.1.1.5/24

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

842 ExtremeWare 7.3e Command Reference Guide

 show ipconfig

show ipconfig
show ipconfig {vlan <vlan name>} {detail}

Description
Displays configuration information for one or more VLANs.

Syntax Description

vlan name Specifies a VLAN name.

detail Specifies to display global IP configuration information in the detailed format.

Default
N/A.

Usage Guidelines
If no VLAN information is specified, then global IP configuration is displayed. Otherwise, specific
VLAN(s) information will be displayed. Global IP configuration information includes:
• IP address/netmask/etc.
• IP forwarding information / IP multicast forwarding information
• BOOTP configuration
• VLAN name and VLANID
• ICMP configuration (global)
• IGMP configuration (global)
• IRDP configuration (global)

Example
The following command displays configuration information on a VLAN named accounting:
show ipconfig vlan accounting

History
This command was available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support the detail keyword.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 843

IP Unicast Commands

show ipfdb
show ipfdb {<ip address> <netmask> | vlan <vlan name>}

Description
Displays the contents of the IP forwarding database (FDB) table. Used for technical support purposes. If
no option is specified, all IP FDB entries are displayed.

Syntax Description

ip address Specifies an IP address.

netmask Specifies a subnet mask.
vlan name Specifies a VLAN name.

Default
Default is to show all IP FDB entries.

Usage Guidelines
Displays IP FDB table content including:

Dest IP Addr IP address

TblIdx IP FDB hash index and entry number
MacIdx MAC FDB hash index and entry number
Flag Flags
MAC Address Next hop router MAC address
VLAN Egress VLAN ID
Port Egress port number

Example
The following command displays the contents of the IP FDB table on a VLAN named accounting:
show ipfdb vlan accounting

Dest IP Addr TblIdx MacIdx Flag MAC Address VLAN Port

--------------- ------ ------ ---- ----------------- ---- ----
10.205.4.201 00C3.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1
10.205.4.200 01C3.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1
10.205.4.203 02C3.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1
10.205.4.202 03C3.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1
10.205.4.205 04C3.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1
10.0.5.0 050F.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1
10.205.4.204 05C3.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1
10.205.4.207 06C3.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1
10.205.4.206 07C3.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1
10.205.0.202 07C7.0 4646.0 0000 00:10:E3:1D:00:1E 4000 1
10.205.4.193 08C3.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1

844 ExtremeWare 7.3e Command Reference Guide

 show ipfdb

10.205.4.192 09C3.0 9C32.0 0000 00:E0:2B:04:DA:00 4000 1

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 845

IP Unicast Commands

show iproute
show iproute {priority | vlan <vlan name> | permanent | <ip address>
<netmask> | origin [direct | static | blackhole | rip | bootp | icmp |
ospf-intra | ospf-inter | ospf-as-external | ospf-extern1 | ospf-extern2]}
{sorted}

Description
Displays the contents of the IP routing table or the route origin priority.

Syntax Description

priority Specifies a route priority.

vlan name Specifies a VLAN name.
permanent Specifies permanent routing.
ip address Specifies an IP address.
netmask Specifies a subnet mask.
origin Specifies a display of the route map origin.
sorted Specifies to sort the information displayed.

Default
N/A.

Usage Guidelines
Route maps for IP routing can be configured based on the route origin. When routes are added to the IP
routing table from various sources, the route map configured for the origin of the route is applied to the
route. After matching on specified characteristics, the characteristics for the route can be modified using
the route maps. The characteristics that can be matched and modified are dependent on the origin of the
route. Route maps for IP routing can be dynamically changed. In the case of direct and static route
origins, the changes are reflected immediately. In the case of routes that are sourced from other origin,
the changes are reflected within 30 seconds.

The output of the show iproute command has been enhanced to include information about MPLS
LSPs associated with the routes. The flags field displayed by this command has been enhanced to
indicate the presence of MPLS next hops. An uppercase L indicates the presence of a direct LSP next
hop for the route. A lowercase l indicates the presence of an indirect LSP next hope for the route.

An optional mpls keyword has been added to the show iproute command. When the mpls keyword is
specified, the information displayed is modified; some of the information normally displayed is
omitted, and the LSP endpoint and outgoing MPLS label are displayed instead. The LSP endpoint is the
IP address/prefix of the FEC associated with the LSP. The LSP endpoint matches the destination for
direct LSPs and is a 32-bit prefix address of a proxy router for indirect LSPs.

If a route is active and in use, it is preceded in the display by an “*”. If there are multiple routes to the
same destination network, the “*” will indicate which route is the most preferable route.

The Use and M-Use fields indicate the number of times the route table entry is being used for packet
forwarding decisions. The Use field indicates a count for unicast routing while the M-Use field indicates

846 ExtremeWare 7.3e Command Reference Guide

 show iproute

a count for multicast routing. If the use count is going up unexpectedly, the software is making route
decisions and should be investigated further.

Example
The following command displays detailed information about all IP routing:
show iproute detail

Following is the output from this command:

Destination: 10.10.121.111/30
Gateway: 10.10.121.201 VLAN : helium Origin : *d
Metric : 1 Flags : U------u- Time : 13:15:26:49
Use : 14409 M-Use : 0 Acct-1 : 0

Destination: 10.11.166.112/29
Gateway: 10.17.0.1 VLAN : helium Origin : *be
Metric : 2 Flags : UG-----um Time : 01:11:23:49
Use : 0 M-Use : 0 Acct-1 : 0

Destination: 10.13.105.112/29
Gateway: 10.11.110.123 VLAN : helium Origin : *be
Metric : 2 Flags : UG-----um Time : 00:29:09:23
Use : 0 M-Use : 0 Acct-1 :

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 847

IP Unicast Commands

show ipstats
show ipstats {vlan <vlan name>}

Description
Displays IP statistics for the CPU for the switch or for a particular VLAN.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
This command only shows statistics of the CPU-handled packets. Not all packets are handled by the
CPU.

The fields displayed in the show ipstats command are defined in Table 17 though Table 21.

Table 17: Global IP Statistics Field Definitions

Field Definition
InReceives Total number of incoming IP packets processed by the CPU.
InUnicast Total number of unicast IP packets processed by the CPU.
InBcast Total number of broadcast IP packets processed by the CPU.
InMcast Total number of multicast IP packets processed by the CPU.
InHdrEr Total number of packets with an IP Header Error forwarded to the CPU.
Bad vers Total number of packets with a version other than IP v4 in the IP version field.
Bad chksum Total number of packets with a bad IP checksum forwarded to the CPU.
Short pkt IP packets that are too short.
Short hdr IP packets with a header that is too short.
Bad hdrlen IP packets with a header length that is less than the length specified.
Bad length IP packets with a length less than that of the header.
InDelivers IP packets passed to upper layer protocols.
Bad Proto IP packets with unknown (not standard) upper layer protocol.
OutRequest IP packets sent from upper layers to the IP stack.
OutDiscard IP packets that are discarded due to lack of buffer space or the router
interface being down, or broadcast packets with broadcast forwarding
disabled.
OutNoRoute IP packets with no route to the destination.
Forwards ForwardOK and Fwd Err aggregate count.
ForwardOK Total number of IP packets forwarded correctly.
Fwd Err Total number of IP packets that cannot be forwarded.

848 ExtremeWare 7.3e Command Reference Guide

 show ipstats

Table 17: Global IP Statistics Field Definitions (Continued)

Field Definition
NoFwding Aggregate number of IP packets not forwarded due to errors.
Redirects IP packets forwarded on the same network.
No route Not used.
Bad TTL IP packets with a bad time-to-live.
Bad MC TTL IP packets with a bad multicast time-to-live.
Bad IPdest IP packets with an address that does not comply with the IP v4 standard.
Blackhole IP packets with a destination that is a blackhole entry.
Output err Not used. This is the same as Fwd Err.
MartianSrc IP packets with an invalid source address.

Table 18: Global ICMP Statistics Field Definitions

Field Definition
OutResp Echo replies sent from the CPU.
OutError Redirect from broadcast or multicast source addresses.
InBadcode Incoming ICMP packets with an invalid CODE value.
InTooshort Incoming ICMP packets that are too short.
Bad chksum Incoming ICMP packets with checksum errors.
In Badlen Incoming ICMP packets with length errors.
echo reply (In/Out): ICMP “echo reply” packets that are received and transmitted.
destination unreachable (In/Out): ICMP packets with destination unreachable that are received and transmitted.
port unreachable (In/Out): ICMP packets with port unreachable that are received and transmitted.
echo (In/Out): ICMP echo packets that are received and transmitted.

Table 19: Global IGMP Statistics Field Definitions

Field Definition
Out Query Number of IGMP query messages sent by the router.
Out Report Number of reports sent on an active multicast route interface for reserved
multicast addresses and for regular IGMP reports forwarded by the query
router.
Out Leave Number of IGMP out leave messages forwarded for IP multicast router
interfaces.
In Query Number of IGMP query messages received.
In Report Number of IGMP report messages received (mostly from hosts).
In Leave Number of IGMP leave messages received (mostly from hosts).
In Error Number of IGMP packets with bad header fields or checksum failures.

ExtremeWare 7.3e Command Reference Guide 849

IP Unicast Commands

Table 20: DHCP/BOOTP Statistics Field Definitions

Field Definition
Received to server Number of DHCP packets forwarded to server.
Received to client Number of DHCP packets received by clients.
Requests relayed Number of DHCP request packets relayed.
Responses relayed Number of DHCP response packets relayed.
DHCP Discover Number of DHCP Discover messages.
DHCP Offer Number of DHCP Offer messages.
DHCP Request Number of DHCP Request messages.
DHCP Decline Number of DHCP Decline responses.
DHCP Ack Number of DHCP Ack responses.
DHCP NAck Number of DHCP NAck responses.
DHCP Release Number of DHCP Release instances.
DHCP Inform Not used.

Table 21: Router Interface Statistics Field Definitions

Field Definition
Packets IN/OUT Total number of IP packets received or transmitted on a VLAN router
interface.
Octets IN/OUT Total number of octets received or transmitted on a VLAN router interface.
Mcast packets IN/OUT Total number of multicast packets received or transmitted on a VLAN router
interface.
Bcast packets IN/OUT Total number of broadcast packets received or transmitted on a VLAN router
interface.
Errors IN/OUT Total number of IP packets with errors received or transmitted on a VLAN
router interface.
Discards IN/OUT Total number of IP packets that cannot travel up to the CPU due to lack of
buffer space.
Unknown Protocols IN/OUT Total number of IP packets with unknown upper layer protocols received by
the router interface.

Example
The following command displays IP statistics for the VLAN accounting:
show ipstats vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

850 ExtremeWare 7.3e Command Reference Guide

 show udp-profile

show udp-profile
show udp-profile {<profile_name>}

Description
Displays the UDP profile information.

Syntax Description

profile_name Specifies a UDP profile name.

Default
N/A.

Usage Guidelines
Displays the following information:
• Profile names
• Input rules of UDP port, destination IP address, or VLAN
• Source VLANs to which the profile is applied.

Example
The following command displays the UDP profile information for the UPD profile named backbone:
show udp-profile backbone

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 851

IP Unicast Commands

unconfigure bootprelay dhcp-agent information check

unconfigure bootprelay dhcp-agent information check

Description
Disables the Dynamic Host Configuration Protocol (DHCP) relay agent information checking in the
DHCP reply packet.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
The following command configures DHCP relay agent option check:
configure bootprelay dhcp-agent information check

To disable the DHCP relay agent information check in the DHCP reply packet, use the following
command:

unconfigure bootprelay dhcp-agent information check

Example
The following command disables DHCP relay agent information checking in the DHCP reply packet:
unconfigure bootprelay dhcp-agent information check

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

852 ExtremeWare 7.3e Command Reference Guide

 unconfigure bootprelay dhcp-agent information option

unconfigure bootprelay dhcp-agent information option

unconfigure bootprelay dhcp-agent information option

Description
Disables the Dynamic Host Configuration Protocol (DHCP) relay agent option (option 82).

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
The following command configures the DHCP relay agent option:
configure bootprelay dhcp-agent information option

To disable the DHCP relay agent option (option 82), use the following command:

unconfigure bootprelay dhcp-agent information option

Example
The following command disables the DHCP relay agent option (option 82):
unconfigure bootprelay dhcp-agent information option

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 853

IP Unicast Commands

unconfigure bootprelay dhcp-agent information policy

unconfigure bootprelay dhcp-agent information policy

Description
Disables the Dynamic Host Configuration Protocol (DHCP) relay agent reforwarding policy.

Syntax Description
This command has no arguments or variables.

Default
Replace. (Replaces the existing the relay agent information with its own information.)

Usage Guidelines
The following command configures the DHCP relay agent reforwarding policy:
configure bootprelay dhcp-agent information policy <policy>

To disable the DHCP relay agent reforwarding policy, use the following command:

unconfigure bootprelay dhcp-agent information policy

Example
The following command disables the DHCP relay agent reforwarding policy:
unconfigure bootprelay dhcp-agent information policy

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

854 ExtremeWare 7.3e Command Reference Guide

 unconfigure icmp

unconfigure icmp
unconfigure icmp

Description
Resets all ICMP settings to the default values.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command resets all ICMP settings to the default values.
unconfigure icmp

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 855

IP Unicast Commands

unconfigure iparp
unconfigure iparp

Description
Resets IP ARP timeout, IP ARP max-entries, and IP ARP max-pending-entries to their default values.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command resets all IP ARP related settings to the default values:
unconfigure iparp

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

856 ExtremeWare 7.3e Command Reference Guide

 unconfigure irdp

unconfigure irdp
unconfigure irdp

Description
Resets all router advertisement settings to the default values.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command resets all router advertisement settings to the default values.
unconfigure irdp

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 857

IP Unicast Commands

unconfigure udp-profile
unconfigure udp-profile vlan [<vlan name> | all]

Description
Removes the UDP-forwarding profile configuration for one or all VLANs.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all UDP profiles.

Default
N/A.

Usage Guidelines
None.

Example
The following command removes the UDP profile configuration from the VLAN accounting:
unconfigure udp-profile vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

858 ExtremeWare 7.3e Command Reference Guide

18 IGP Commands

This chapter documents commands used for the following interior gateway protocols:
• OSPF
• RIP

OSPF is a link-state protocol that distributes routing information between routers belonging to a single
IP domain, also known as an autonomous system (AS). In a link-state routing protocol, each router
maintains a database describing the topology of the autonomous system. Each participating router has
an identical database maintained from the perspective of that router.

From the link-state database (LSDB), each router constructs a tree of shortest paths, using itself as the
root. The shortest path tree provides the route to each destination in the autonomous system. When
several equal-cost routes to a destination exist, traffic can distributed among them. The cost of a route is
described by a single metric.

OSPF allows parts of a networks to be grouped together into areas. The topology within an area is
hidden from the rest of the autonomous system. Hiding this information enables a significant reduction
in LSA traffic, and reduces the computations needed to maintain the LSDB. Routing within the area is
determined only by the topology of the area.

The three types of routers defined by OSPF are as follows:

• Internal Router (IR)—An internal router has all of its interfaces within the same area.
• Area Border Router (ABR)—An ABR has interfaces belonging to two or more areas. It is responsible
for exchanging summary advertisements with other ABRs.
• Autonomous System Border Router (ASBR)—An ASBR acts as a gateway between OSPF and other
routing protocols, or other autonomous systems.

Each switch that is configured to run OSPF must have a unique router ID. It is recommended that you
manually set the router ID of the switches participating in OSPF, instead of having the switch
automatically choose its router ID based on the highest interface IP address. Not performing this
configuration in larger, dynamic environments could result in an older LSDB remaining in use.

NOTE
Do not set the router ID to 0.0.0.0.

ExtremeWare 7.3e Command Reference Guide 859

IGP Commands

Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) first used in computer routing
in the Advanced Research Projects Agency Network (ARPAnet) as early as 1969. It is primarily intended
for use in homogeneous networks of moderate size.

To determine the best path to a distant network, a router using RIP always selects the path that has the
least number of hops. Each router that data must traverse is considered to be one hop.

The routing table in a router using RIP contains an entry for every known destination network. Each
routing table entry contains the following information:
• IP address of the destination network
• Metric (hop count) to the destination network
• IP address of the next router
• Timer that tracks the amount of time since the entry was last updated

The router exchanges an update message with each neighbor every 30 seconds (default value), or if
there is a change to the overall routed topology (also called triggered updates). If a router does not receive
an update message from its neighbor within the route timeout period (180 seconds by default), the
router assumes the connection between it and its neighbor is no longer available.

A new version of RIP, called RIP version 2 (RIPv2), expands the functionality of RIP version 1 to
include:
• Variable-Length Subnet Masks (VLSMs)
• Next-hop addresses
• Support for next-hop addresses allows for optimization of routes in certain environments
• Multicasting

If you are using RIP with supernetting/Classless Inter-Domain Routing (CIDR), you must use RIPv2
only, and RIP route aggregation must be turned off.

860 ExtremeWare 7.3e Command Reference Guide

 configure ospf area interarea-filter

configure ospf area interarea-filter

configure ospf area <area identifier> interarea-filter [<access profile> |
none]

Description
Configures a global inter-area filter policy.

Syntax Description

area identifier Specifies the OSPF target area.

access profile Specifies an access profile.
none Specifies not to apply an interarea filter.

Default
N/A.

Usage Guidelines
For switches configured to support multiple OSPF areas (an ABR function), an access profile can be
applied to an OSPF area that filters a set of OSPF inter-area routes from being sourced from any other
areas.

Example
The following command configures an inter-area filter policy from the access profile nosales:
configure ospf area 0.0.0.6 interarea-filter nosales

History
This command was first available in ExtremeWare 7.1e.

ExtremeWare 7.3e Command Reference Guide 861

IGP Commands

configure ospf area external-filter

configure ospf area <area identifier> external-filter [<access profile>
|none]

Description
Configures an external filter policy.

Syntax Description

area identifier Specifies the OSPF target area.

access profile Specifies an access profile.
none Specifies not to apply an external filter.

Default
N/A.

Usage Guidelines
For switches configured to support multiple OSPF areas (an ABR function), an access profile can be
applied to an OSPF area that filters a set of OSPF external routes from being advertised into that area.

NOTE
If any of the external routes specified in the filter have already been advertised, those routes will remain
until the associated LSAs in that area time-out.

Using the none mode specifies that no external filter is applied.

Example
The following command configures an external filter policy from the access profile nosales:
configure ospf area 1.2.3.4 external-filter nosales

History
This command was first available in ExtremeWare 7.1e.

862 ExtremeWare 7.3e Command Reference Guide

 configure ospf cost

configure ospf cost

configure ospf [area <area identifier> | vlan [<vlan name> | all]] cost
[automatic | <cost>]

Description
Configures the cost metric of one or all interface(s).

Syntax Description

area identifier Specifies an OSPF area.

vlan name Specifies a VLAN name.
all Specifies all VLANs.
automatic Determine the advertised cost from the OSPF metric table.
cost Specifies the cost metric.

Default
The default cost is automatic.

Usage Guidelines
None.

Example
The following command configures the cost metric of the VLAN accounting:
configure ospf vlan accounting cost 10

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 863

IGP Commands

configure ospf priority

configure ospf [area <area identifier> | vlan [<vlan name> | all]] priority
<priority>

Description
Configures the priority used in the designated router-election algorithm for one or all OSPF interface(s)
for all the interfaces within the area.

Syntax Description

area identifier Specifies an OSPF area.

vlan name Specifies a VLAN name.
all Specifies all VLANs.
priority Specifies a priority range. The range is 0 through 255.

Default
The default setting is 1.

Usage Guidelines
The range is 0 through 255, and the default setting is 1. Setting the value to 0 ensures that the router is
never selected as the designated router or backup designated router.

Example
The following command sets the switch to not be selected as the designated router:
configure ospf area 1.2.3.4 priority 0

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

864 ExtremeWare 7.3e Command Reference Guide

 configure ospf virtual-link authentication password

configure ospf virtual-link authentication password

configure ospf [vlan <vlan name> | area <area identifier> | virtual-link
<routerid> <area identifier>] authentication [simple-password <password> |
md5 <md5_key_id> <md5_key>| none | encrypted [simple-password <password> |
md5 <md5_key_id> <md5_key>]

Description
Specifies the authentication password (up to eight characters) or Message Digest 5 (MD5) key for one or
all interfaces in an area.

Syntax Description

vlan name Specifies a VLAN name.

area identifier Specifies an OSPF area.
routerid Specifies a router identifier number.
password Specifies an authentication password (up to 8 ASCII characters).
md5-key_id Specifies a Message Digest 5 key, from 0-255.
md5_key Specifies a numeric value from 0-65,536. Can also be alphanumeric
none Disables authentication.

Default
N/A.

Usage Guidelines
The md5_key is a numeric value with the range 0 to 65,536 or alphanumeric. When the OSPF area is
specified, authentication information is applied to all OSPF interfaces within the area.

Example
The following command configures MD5 authentication on the VLAN subnet_26:
configure ospf vlan subnet_26 authentication md5 32 test

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 865

IGP Commands

configure ospf timer

configure ospf [vlan <vlan name> | area <area identifier> | virtual-link
<routerid> <area identifier>] timer <retransmit interval> <transit delay>
<hello interval> <dead interval> {<wait timer interval>}

Description
Configures the timers for one interface or all interfaces in the same OSPF area.

Syntax Description

vlan name Specifies a VLAN name.

area identifier Specifies an OSPF area.
routerid Specifies a router number.
retransmit interval Specifies the length of time that the router waits before retransmitting an LSA
that is not acknowledged. The range is 0 - 3,600 seconds.
transit delay Specifies the length of time it takes to transmit an LSA packet over the
interface. The range is 0 - 3,600 seconds.
hello interval Specifies the interval at which routers send hello packets. The range is 1 -
65,535 seconds.
dead interval Specifies the interval after which a neighboring router is declared down due to
the fact that hello packets are no longer received from the neighbor. The
range is 1 - 2,147,483,647 seconds.
wait timer interval Specifies the interval between the interface coming up and the election of the
DR and BDR. Usually equal to the dead timer interval.

Default
• retransmit interval—Default: 5
• transit delay—Default: 1
• hello interval—Default: 10
• dead interval—Default: 40
• wait timer interval—Default: dead interval

Usage Guidelines
Configuring OSPF timers and authentication on a per-area basis is a shorthand for applying the timers
and authentication to each VLAN in the area at the time of configuration. If you add more VLANs to
the area, you must configure the timers and authentication for the new VLANs explicitly.

Example
The following command sets the timers on the virtual link in area 0.0.0.2:
configure ospf virtual-link 6.6.6.6 0.0.0.2 timer 10 1 20 200

History
This command was available in ExtremeWare 7.1e.

866 ExtremeWare 7.3e Command Reference Guide

 configure ospf timer

The syntax was modified in ExtremeWare 7.2e to support the wait timer interval.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 867

IGP Commands

configure ospf add virtual-link

configure ospf add virtual-link <routerid> <area identifier>

Description
Adds a virtual link connected to another ABR.

Syntax Description

routerid Specifies an IP address that identifies the router.

area identifier Specifies an OSPF area.

Default
N/A.

Usage Guidelines
A virtual link provides a logical path between the ABR of the disconnected area and the ABR of the
normal area that connects to the backbone. A virtual link must be established between two ABRs that
have a common area, with one ABR connected to the backbone. Specify the following:
• routerid—Far-end router identifier number.
• area identifier—Transit area used for connecting the two end-points. The transit area cannot have the
IP address 0.0.0.0. the transit area cannot be a stub area or an NSSA.

Example
The following command configures a virtual link between the two interfaces:
configure ospf add virtual-link 10.1.2.1 10.1.0.0

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

868 ExtremeWare 7.3e Command Reference Guide

 configure ospf add vlan area

configure ospf add vlan area

configure ospf add vlan <vlan name> area <area identifier>

Description
Associates a VLAN (router interface) with an OSPF area. By default, all router interfaces are associated
with area 0.0.0.0. The Summit 400 allows up to two non-passive interfaces.

Syntax Description

vlan name Specifies a VLAN name.

area identifier Specifies an OSPF area.

Default
Area 0.0.0.0

Usage Guidelines
Any OSPF network that contains more than one area is required to have an area configured as area 0,
also called the backbone. All areas in an autonomous system must be connected to the backbone. When
designing networks, you should start with area 0, and then expand into other areas.

The backbone allows summary information to be exchanged between ABRs. Every ABR hears the area
summaries from all other ABRs. The ABR then forms a picture of the distance to all networks outside of
its area by examining the collected advertisements, and adding in the backbone distance to each
advertising router.

When a VLAN is configured to run OSPF, by default you must assign it to an area.

If a user attempts to configure more than two non-passive interfaces, the Summit 400 displays the
following warning message:

Cannot enable OSPF on vlan <name>. Non-passive interface limit reached.

Example
The following command associates the VLAN accounting with an OSPF area:
configure ospf vlan accounting area 0.0.0.6

History
This command was available in ExtremeWare 2.0.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 869

IGP Commands

configure ospf add vlan area

configure ospf add vlan [<vlan name> | all] area <area identifier>
{passive}

Description
Enables OSPF on one or all VLANs (router interfaces).

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.
area identifier Specifies the area to which the VLAN is assigned.
passive Specifies to stop sending and receiving hello packets on this interface.

Default
Disabled.

Usage Guidelines
None.

Using OSPF and MPLS. The following detailed information pertains to using OSPF in conjunction
with MPLS. When the peer LSR is also an Extreme switch, the following options are available for
ensuring that an OSPF route is advertised for the tunnel endpoint IP address:
• A route is advertised when OSPF is enabled on the VLAN to which the IP address is assigned (using
the configure ospf add vlan command on the peer switch).
• A route is advertised when the peer switch is configured to distribute direct routes into the OSPF
domain (via the enable ospf export direct command). The export option should be used when
the tunnel LSP needs to cross OSPF area boundaries or when the Extreme Standby Routing Protocol
(ESRP) is enabled on the VLAN to which the IP address is assigned.

In either case, LDP must be configured to advertise label mappings for direct routing interfaces.

In some configurations, you may want to enable loopback mode on the VLAN to which the tunnel
endpoint IP address is assigned. One situation where loopback mode may be useful is when multiple
physical interfaces, associated with different VLANs, are connected to the MPLS backbone. In this case,
use of loopback-mode can provide redundancy by enabling TLS traffic to continue even when the
physical interfaces associated with the tunnel endpoint IP address VLAN fail.

Example
The following command enables OSPF on a VLAN named accounting:
configure ospf add vlan accounting area 0.0.0.1

History
This command was available in ExtremeWare 7.1e.

870 ExtremeWare 7.3e Command Reference Guide

 configure ospf add vlan area

This command was modified in an ExtremeWare 7.2e to support the all keyword.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 871

IGP Commands

configure ospf add vlan area link-type

configure ospf add vlan [<vlan name> | all] area <area identifier>
link-type [auto | broadcast | point-to-point] {passive}

Description
Configures the OSPF link type.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.
area identifier Specifies the area to which the VLAN is assigned.
auto Specifies to automatically determine the OSPF link type based on the
interface type.
broadcast Specifies a broadcast link, such as Ethernet. Routers must elect a DR and a
BDR during synchronization.
point-to-point Specifies a point-to-point link type, such as PPP.
passive Specifies to stop sending and receiving packets on this interface.

Default
Auto.

Usage Guidelines
The passive parameter indicates that the router only synchronizes and listens, and does not originate or
send any new information on the interface.

Example
The following command configures the OSPF link type as automatic on a VLAN named accounting:
configure ospf add vlan accounting area 0.0.0.1 link-type auto

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support the all keyword.

Platform Availability
This command is available on the “e” series platforms.

872 ExtremeWare 7.3e Command Reference Guide

 configure ospf area external-filter

configure ospf area external-filter

configure ospf area <area identifier> external-filter [<access profile>
|none]

Description
Configures an external filter policy.

Syntax Description

area identifier Specifies the OSPF target area.

access profile Specifies an access profile.
none Specifies not to apply an external filter.

Default
N/A.

Usage Guidelines
For switches configured to support multiple OSPF areas (an ABR function), an access profile can be
applied to an OSPF area that filters a set of OSPF external routes from being advertised into that area.

NOTE
If any of the external routes specified in the filter have already been advertised, those routes will remain
until the associated LSAs in that area time-out.

Using the none mode specifies that no external filter is applied.

Example
The following command configures an external filter policy from the access profile nosales:
configure ospf area 1.2.3.4 external-filter nosales

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 873

IGP Commands

configure ospf area interarea-filter

configure ospf area <area identifier> interarea-filter [<access profile> |
none]

Description
Configures a global inter-area filter policy.

Syntax Description

area identifier Specifies the OSPF target area.

access profile Specifies an access profile.
none Specifies not to apply an interarea filter.

Default
N/A.

Usage Guidelines
For switches configured to support multiple OSPF areas (an ABR function), an access profile can be
applied to an OSPF area that filters a set of OSPF inter-area routes from being sourced from any other
areas.

Example
The following command configures an inter-area filter policy from the access profile nosales:
configure ospf area 0.0.0.6 interarea-filter nosales

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

874 ExtremeWare 7.3e Command Reference Guide

 configure ospf area add range

configure ospf area add range

configure ospf area <area identifier> add range <ipaddress> <mask>
[advertise | noadvertise] {type-3 | type-7}

Description
Configures a range of IP addresses in an OSPF area to be aggregated.

Syntax Description

area identifier Specifies an OSPF area.

ipaddress Specifies an IP address
mask Specifies a subnet mask.
advertise Specifies to advertise the aggregated range of IP addresses.
noadvertise Specifies not to advertise the aggregated range of IP addresses.
type-3 Specifies type 3 LSA, summary LSA.
type-7 Specifies type 7 LSA, NSSA external LSA.

Default
N/A.

Usage Guidelines
If advertised, the aggregated IP range is exported as a single LSA by the ABR.

Example
The following command is used to summarize a certain range of IP addresses within an area and export
them out as a single address:
configure ospf area 1.2.3.4 add range 10.1.2.0/24 advertise type-3

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 875

IGP Commands

configure ospf area delete range

configure ospf area <area identifier> delete range <ipaddress> <mask>

Description
Deletes a range of aggregated IP addresses in an OSPF area.

Syntax Description

area identifier Specifies an OSPF area.

ipaddress Specifies an IP address.
mask Specifies a subnet mask.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes an aggregated IP address range:
configure ospf area 1.2.3.4 delete range 10.1.2.0/24

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

876 ExtremeWare 7.3e Command Reference Guide

 configure ospf area normal

configure ospf area normal

configure ospf area <area identifier> normal

Description
Configures an OSFP area as a normal area.

Syntax Description

area identifier Specifies an OSPF area.

Default
Normal.

Usage Guidelines
A normal area is an area that is not any of the following:
• Stub area
• NSSA

Virtual links can be configured through normal areas. External routes can be distributed into normal
areas.

Example
The following command configures an OSPF area as a normal area:
configure ospf area 10.1.0.0 normal

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 877

IGP Commands

configure ospf area nssa stub-default-cost

configure ospf area <area identifier> nssa [summary | nosummary]
stub-default-cost <cost> {translate}

Description
Configures an OSPF area as an NSSA.

Syntax Description

area identifier Specifies an OSPF area.

summary Specifies that type-3 can be propagated into the area.
nosummary Specifies that type-3 cannot be propagated into the area.
cost Specifies a cost metric.
translate Specifies whether type-7 LSAs are translated into type-5 LSAs.

Default
N/A.

Usage Guidelines
NSSAs are similar to the existing OSPF stub area configuration option, but have the following two
additional capabilities:
• External routes originating from an ASBR connected to the NSSA can be advertised within the
NSSA.
• External routes originating from the NSSA can be propagated to other areas, including the backbone
area, if translated to type 5 LSAs.

When configuring an OSPF area as an NSSA, the translate option should only be used on NSSA border
routers, where translation is to be enforced. If translate is not used on any NSSA border router in a
NSSA, one of the ABRs for that NSSA is elected to perform translation (as indicated in the NSSA
specification). The option should not be used on NSSA internal routers. Doing so inhibits correct
operation of the election algorithm.

Example
The following command configures an OSPF area as an NSSA:
configure ospf area 10.1.1.0 nssa summary stub-default-cost 10 translate

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

878 ExtremeWare 7.3e Command Reference Guide

 configure ospf area stub stub-default-cost

configure ospf area stub stub-default-cost

configure ospf area <area identifier> stub [summary | nosummary]
stub-default-cost <cost>

Description
Configures an OSPF area as a stub area.

Syntax Description

area identifier Specifies an OSPF area.

summary Specifies that type-3 can be propagated into the area.
nosummary Specifies that type-3 cannot be propagated into the area.
cost Specifies a cost metric.

Default
N/A.

Usage Guidelines
A stub area is connected to only one other area. The area that connects to a stub area can be the
backbone area. External route information is not distributed into stub areas. Stub areas are used to
reduce memory and computation requirements on OSPF routers.

Example
The following command configures an OSPF area as a stub area:
configure ospf area 0.0.0.6 stub nosummary stub-default-cost 10

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 879

IGP Commands

configure ospf asbr-filter

configure ospf asbr-filter [<access profile> | none]

Description
Configures a route filter for all OSPF exported routes.

Syntax Description

access profile Specifies an access profile.

none Specifies not to apply an ASBR filter.

Default
N/A.

Usage Guidelines
For switches configured to support RIP, and static route re-distribution into OSPF, an access profile can
be used to limit the routes that are advertised into OSPF for the switch as a whole.

Example
The following command configures a route filter for all routes OSPF exports from RIP or other sources:
configure ospf asbr-filter subnet25-filter

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

880 ExtremeWare 7.3e Command Reference Guide

 configure ospf ase-limit

configure ospf ase-limit

configure ospf ase-limit <number> {timeout <seconds>}

Description
Configures the AS-external LSA limit and overflow duration associated with OSPF database overflow
handling.

Syntax Description

number Specifies the number of external routes that can be held on a link-state
database.
seconds Specifies a duration for which the system has to remain in the overflow state.

Default
The default for timeout is 0, which indicates that once the router goes into overflow state, it stays there
until OSPF is disabled and then re-enabled.

Usage Guidelines

None.

Example
The following command configures the AS-external LSA limit and overflow duration:
configure ospf ase-limit 50000 timeout 1800

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 881

IGP Commands

configure ospf ase-summary add

configure ospf ase-summary add <ip address> <mask> cost <cost>
{tag <number>}

Description
Aggregates AS-external routes in a specified address range.

Syntax Description

ipaddress Specifies an IP address.

mask Specifies a subnet mask.
cost Specifies a metric that will be given to the summarized route.
tag Specifies an OSPF external route tag.

Default
N/A.

Usage Guidelines
This command is only valid on an ASBR.

Example
The following command summarizes AS-external routes:
configure ospf ase-summary add 175.1.0.0/16 cost 10

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

882 ExtremeWare 7.3e Command Reference Guide

 configure ospf ase-summary delete

configure ospf ase-summary delete

configure ospf ase-summary delete <ip address> <mask>

Description
Deletes an aggregated OSPF external route.

Syntax Description

ipaddress Specifies an IP address.

mask Specifies a subnet mask.

Default
N/A.

Usage Guidelines
This command is only valid on an ASBR.

Example
The following command deletes the aggregated AS-external route:
configure ospf ase-summary delete 175.1.0.0/16

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 883

IGP Commands

configure ospf delete virtual-link

configure ospf delete virtual-link <routerid> <area identifier>

Description
Removes a virtual link.

Syntax Description

routerid Specifies a router interface number.

area identifier Specifies an OSPF area.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes a virtual link:
configure ospf delete virtual-link 10.1.2.1 10.1.0.0

History
This command was available in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

884 ExtremeWare 7.3e Command Reference Guide

 configure ospf delete vlan

configure ospf delete vlan

configure ospf delete vlan [<vlan name> | all]

Description
Disables OSPF on one or all VLANs (router interfaces).

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables OSPF on VLAN accounting:
configure ospf delete vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 885

IGP Commands

configure ospf direct-filter

configure ospf direct-filter [<access profile> | none]

Description
Configures a route filter for direct routes.

Syntax Description

access profile Specifies an access profile.

none Specifies not to apply a direct filter.

Default
N/A.

Usage Guidelines
If none is specified, all direct routes are exported if ospf export direct is enabled.

In other versions of ExtremeWare, direct routes corresponding to the interfaces on which RIP was
enabled were exported into OSPF as part of RIP routes, using the command enable ospf export rip.
Using ExtremeWare 6.0 and above, you must configure ExtremeWare to export these direct routes to
OSPF. You can use an access profile to filter unnecessary direct routes.

For switches configured to support direct route re-distribution into OSPF, an access profile can be used
to limit the routes that are advertised into OSPF for the switch as a whole.

Example
The following command configures a route filter for direct routes based on the access profile nosales:
configure ospf direct-filter nosales

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

886 ExtremeWare 7.3e Command Reference Guide

 configure ospf lsa-batch-interval

configure ospf lsa-batch-interval

configure ospf lsa-batch-interval <seconds>

Description
Configures the OSPF LSA batching interval.

Syntax Description

seconds Specifies a time in seconds.

Default
The default setting is 30 seconds.

Usage Guidelines
The range is between 0 (disabled) and 600 seconds, using multiples of 5 seconds. The LSAs added to the
LSDB during the interval are batched together for refresh or timeout.

Example
The following command configures the OSPF LSA batch interval to a value of 100 seconds:
configure ospf lsa-batch-interval 100

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 887

IGP Commands

configure ospf metric-table

configure ospf metric-table 10M <cost> 100M <cost> 1G <cost> {10G <cost>}

Description
Configures the automatic interface costs for 10 Mbps, 100 Mbps, 1 Gbps, and 10 Gbps interfaces.

Syntax Description

cost Specifies the interface cost for the indicated interfaces.

Default
• 10 Mbps—The default cost is 10.
• 100 Mbps—The default cost is 5.
• 1 Gbps—The default cost is 4.
• 10 Gbps—The default cost is 2.

Usage Guidelines
None.

Example
The following command configures the automatic interface costs for 10 Mbps,
100 Mbps, and 1 Gbps interfaces:
configure ospf metric-table 10m 20 100m 10 1g 2

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

888 ExtremeWare 7.3e Command Reference Guide

 configure ospf routerid

configure ospf routerid

configure ospf routerid [automatic | <routerid>]

Description
Configures the OSPF router ID. If automatic is specified, the switch uses the highest IP interface address
as the OSPF router ID.

Syntax Description

automatic Specifies to use automatic addressing.

routerid Specifies a router address.

Default
Automatic.

Usage Guidelines
Each switch that is configured to run OSPF must have a unique router ID. It is recommended that you
manually set the router ID of the switches participating in OSPF, instead of having the switch
automatically choose its router ID based on the highest interface IP address. Not performing this
configuration in larger, dynamic environments could result in an older link-state database remaining in
use.

NOTE
Do not set the router ID to 0.0.0.0.

The implementation of the configure ospf routerid command has been augmented to support automatic
advertisement of a label mapping for the OSPF router ID. A label is advertised for the OSPF router ID
regardless of whether OSPF distributes a route for the router ID IP address in its router LSA.

To support the use of indirect LSPs, Extreme LSRs automatically advertise a label mapping for a /32
LSP to its OSPF router ID (configured using the configure ospf routerid command).

Example
The following command sets the router ID:
configure ospf routerid 10.1.6.1

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 889

IGP Commands

configure ospf spf-hold-time

configure ospf spf-hold-time <seconds>

Description
Configures the minimum number of seconds between Shortest Path First (SPF) recalculations.

Syntax Description

seconds Specifies a time in seconds.

Default
3 seconds.

Usage Guidelines
None.

Example
The following command configures the minimum number of seconds between Shortest Path First (SPF)
recalculations:
configure ospf spf-hold-time 6

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

890 ExtremeWare 7.3e Command Reference Guide

 configure ospf vlan neighbor add

configure ospf vlan neighbor add

configure ospf vlan <vlan name> neighbor add <ipaddress>

Description
Configures the IP address of a point-to-point neighbor.

Syntax Description

vlan name Specifies a VLAN name.

ipaddress Specifies an IP address.

Default
N/A.

Usage Guidelines
None.

Example
The following command configures the IP address of a point-to-point neighbor:
configure ospf vlan accounting neighbor add 10.0.0.1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 891

IGP Commands

configure ospf vlan neighbor delete

configure ospf vlan <vlan name> neighbor delete <ipaddress>

Description
Deletes the IP address of a point-to-point neighbor.

Syntax Description

vlan name Specifies a VLAN name.

ipaddress Specifies an IP address.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the IP address of a point-to-point neighbor:
configure ospf vlan accounting neighbor delete 10.0.0.1

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

892 ExtremeWare 7.3e Command Reference Guide

 configure ospf vlan timer

configure ospf vlan timer

configure ospf vlan <vlan name> timer <retransmit interval>

Description
Configures the OSPF timer interval.

Syntax Description

Default
• retransmit interval—5 seconds.

Usage Guidelines
Specify the following:
• retransmit interval—If you set an interval that is too short, unnecessary retransmissions will result.

Example
The following command configures the OSPF retransmit interval on the VLAN accounting:
configure ospf vlan accounting timer 10

History
This command was first available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 893

IGP Commands

configure rip add vlan

configure rip add vlan [<vlan name> | all]

Description
Configures RIP on an IP interface.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.

Default
All. If no VLAN is specified, then all is assumed.

Usage Guidelines
When an IP interface is created, RIP configuration is disabled on the interface by default. When the RIP
interface is disabled, the parameters are not reset to default automatically.

Example
The following command configures RIP on the VLAN finance:
configure rip add finance

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

894 ExtremeWare 7.3e Command Reference Guide

 configure rip delete vlan

configure rip delete vlan

configure rip delete vlan [<vlan name> | all]

Description
Disables RIP on an IP interface.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.

Default
All. If no VLAN is specified, then all is assumed.

Usage Guidelines
When an IP interface is created, RIP configuration is disabled on the interface by default. When the RIP
interface is disabled, the parameters are not reset to default automatically.

Example
The following command deletes RIP on a VLAN named finance:
configure rip delete finance

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 895

IGP Commands

configure rip garbagetime

configure rip garbagetime {<seconds>}

Description
Configures the RIP garbage time.

Syntax Description

seconds Specifies a time in seconds.

Default
120 seconds.

Usage Guidelines
None.

Example
The following command configures the RIP garbage time to have a 60-second delay:
configure rip garbagetime 60

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

896 ExtremeWare 7.3e Command Reference Guide

 configure rip routetimeout

configure rip routetimeout

configure rip routetimeout {<seconds>}

Description
Configures the route timeout period.

Syntax Description

seconds Specifies a time in seconds.

Default
180 seconds.

Usage Guidelines
If a router does not receive an update message from its neighbor within the route timeout period (180
seconds by default), the router assumes the connection between it and its neighbor is no longer
available.

Example
The following example sets the route timeout period to 120 seconds:
configure rip routetimeout 120

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 897

IGP Commands

configure rip rxmode

configure rip rxmode [none | v1only | v2only | any] {vlan [<vlan name> |
all]}

Description
Changes the RIP receive mode for one or more VLANs.

Syntax Description

none Specifies to drop all received RIP packets.

v1only Specifies to accept only RIP version 1 format packets.
v2only Specifies to accept only RIP version 2 format packets.
any Specifies to accept RIP version 1 and RIP version 2 packets.
vlan name Specifies to apply settings to specific VLAN name.
all Specifies all VLANs.

Default
Any.

Usage Guidelines
If no VLAN is specified, the setting is applied to all VLANs.

Example
The following command configures the receive mode for the VLAN finance to accept only RIP version 1
format packets:
configure rip rxmode v1only finance

History
This command was available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support the all keyword.

Platform Availability
This command is available on the “e” series platforms.

898 ExtremeWare 7.3e Command Reference Guide

 configure rip txmode

configure rip txmode

configure rip txmode [none | v1only | v1comp | v2only] {vlan [<vlan name> |
all]}

Description
Changes the RIP transmission mode for one or more VLANs.

Syntax Description

none Specifies to not transmit any packets on this interface.

v1only Specifies to transmit RIP version 1 format packets to the broadcast address.
v1comp Specifies to transmit RIP version 2 format packets to the broadcast address.
v2only Specifies to transmit RIP version 2 format packets to the RIP multicast
address.
vlan name Specifies to apply settings to a specific VLAN name.
all Specifies all VLANs.

Default
v2only.

Usage Guidelines
If no VLAN is specified, the setting is applied to all VLANs.

Example
The following command configures the transmit mode for the VLAN finance to transmit version 2
format packets to the broadcast address:
configure rip txmode v1comp finance

History
This command was available in ExtremeWare 7.1e.

This command was modified in ExtremeWare 7.2e to support the all keyword.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 899

IGP Commands

configure rip updatetime

configure rip updatetime {<seconds>}

Description
Specifies the time interval in seconds within which RIP sends update packets.

Syntax Description

seconds Specifies a time in seconds.

Default
30 seconds.

Usage Guidelines
The router exchanges an update message with each neighbor every 30 seconds (default value), or if
there is a change to the overall routed topology (also called triggered updates). The timer granularity is 10
seconds.

Example
The following command sets the update timer to 60 seconds:
configure rip updatetime 60

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

900 ExtremeWare 7.3e Command Reference Guide

 configure rip vlan cost

configure rip vlan cost

configure rip vlan [<vlan name> | all] cost <cost>

Description
Configures the cost (metric) of the interface.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.
cost Specifies a cost metric.

Default
The default setting is 1.

Usage Guidelines
None.

Example
The following command configures the cost for the VLAN finance to a metric of 3:
configure rip vlan finance cost 3

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 901

IGP Commands

configure rip vlan export-filter

configure rip vlan [<vlan name> | all] export-filter [<access profile> |
none]

Description
Configures RIP to suppress certain routes when performing route advertisements.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.
access profile Specifies an access-profile name.
none Specifies to check the access profile for permit and deny attributes.

Default
N/A.

Usage Guidelines
Use an access profile to determine trusted RIP router neighbors for the VLAN on the switch running
RIP.

Using the none mode, the access profile can contain a combination of permit and deny entries. Each
entry must have a permit or deny attribute. The operation is compared with each entry in the list. When
a match is found, the operation is either permitted or denied, depending on the configuration of the
matched entry. If no match is found, the operation is implicitly denied.

Example
The following command uses the access profile nosales to determine which RIP routes are advertised
into the VLAN backbone:
configure rip vlan backbone export-filter nosales

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

902 ExtremeWare 7.3e Command Reference Guide

 configure rip vlan import-filter

configure rip vlan import-filter

configure rip vlan [<vlan name> | all] import-filter [<access profile> |
none]

Description
Configures RIP to ignore certain routes received from its neighbor.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.
access profile Specifies an access-profile name.
none Specifies to check the access profile for permit and deny attributes.

Default
N/A.

Usage Guidelines
Configures an import filter policy, which uses an access profile to determine which RIP routes are
accepted as valid routes. This policy can be combined with the trusted neighbor policy to accept
selected routes only from a set of trusted neighbors.

Using the none mode, the access profile can contain a combination of permit and deny entries. Each
entry must have a permit or deny attribute. The operation is compared with each entry in the list. When
a match is found, the operation is either permitted or denied, depending on the configuration of the
matched entry. If no match is found, the operation is implicitly denied.

Example
The following command configures the VLAN backbone to accept selected routes from the access profile
nosales:
configure rip vlan backbone import-filter nosales

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 903

IGP Commands

configure rip vlan trusted-gateway

configure rip vlan [<vlan name> | all] trusted-gateway [<access profile> |
none]

Description
Configures a trusted neighbor policy, which uses an access profile to determine trusted RIP router
neighbors for the VLAN on the switch running RIP.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.
access profile Specifies an access-profile name.
none Specifies to check the access profile for permit and deny attributes.

Default
N/A.

Usage Guidelines
Using the none mode, the access profile can contain a combination of permit and deny entries. Each
entry must have a permit or deny attribute. The operation is compared with each entry in the list. When
a match is found, the operation is either permitted or denied, depending on the configuration of the
matched entry. If no match is found, the operation is implicitly denied.

Example
The following command configures RIP to use the access profile nointernet to determine from which RIP
neighbor to receive (or reject) the routes to the VLAN backbone:
configure rip vlan backbone trusted-gateway nointernet

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

904 ExtremeWare 7.3e Command Reference Guide

 create ospf area

create ospf area

create ospf area <area identifier>

Description
Creates an OSPF area.

Syntax Description

area identifier Specifies an OSPF area.

Default
Area 0.0.0.0

Usage Guidelines
Area 0.0.0.0 does not need to be created. It exists by default.

Example
The following command creates an OSPF area:
create ospf area 1.2.3.4

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 905

IGP Commands

delete ospf area

delete ospf area [<area identifier> | all]

Description
Deletes an OSPF area.

Syntax Description

area identifier Specifies an OSPF area.

all Specifies all areas.

Default
N/A.

Usage Guidelines
An OSPF area cannot be deleted if it has an associated interface.

Example
The following command deletes an OSPF area:
delete ospf area 1.2.3.4

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

906 ExtremeWare 7.3e Command Reference Guide

 disable ospf

disable ospf
disable ospf

Description
Disables the OSPF process for the router.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables the OSPF process for the router:
disable ospf

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 907

IGP Commands

disable ospf capability opaque-lsa

disable ospf capability opaque-lsa

Description
Disables opaque LSAs across the entire system.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Opaque LSAs are a generic OSPF mechanism used to carry auxiliary information in the OSPF database.
Opaque LSAs are most commonly used to support OSPF traffic engineering.

Normally, support for opaque LSAs is auto-negotiated between OSPF neighbors. In the event that you
experience interoperability problems, you can disable opaque LSAs.

If your network uses opaque LSAs, all routers on your OSPF network should support opaque LSAs.
Routers that do not support opaque LSAs do not store or flood them. At minimum a
well-interconnected subsection of your OSPF network needs to support opaque LSAs to maintain
reliability of their transmission.

On an OSPF broadcast network, the designated router (DR) must support opaque LSAs or none of the
other routers on that broadcast network will reliably receive them. You can use the OSPF priority
feature to give preference to an opaque-capable router, so that it becomes the elected DR.

For transmission to continue reliably across the network, the backup designated router (BDR) must also
support opaque LSAs.

Example
The following command disables opaque LSAs across the entire system:
disable ospf capability opaque-lsa

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

908 ExtremeWare 7.3e Command Reference Guide

 disable ospf export

disable ospf export

disable ospf export [direct | rip | static]

Description
Disables redistribution of routes to OSPF.

Syntax Description

direct Specifies direct routes.

rip Specifies RIP routes.
static Specifies static routes.

Default
The default setting is disabled.

Usage Guidelines
Use this command to stop OSPF from exporting routes derived from other protocols.

Example
The following command disables OSPF to export RIP-related routes to other OSPF routers:
disable ospf export rip

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 909

IGP Commands

disable rip
disable rip

Description
Disables RIP for the whole router.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
RIP has a number of limitations that can cause problems in large networks, including:
• A limit of 15 hops between the source and destination networks
• A large amount of bandwidth taken up by periodic broadcasts of the entire routing table
• Slow convergence
• Routing decisions based on hop count; no concept of link costs or delay
• Flat networks; no concept of areas or boundaries

Example
The following command disables RIP for the whole router:
disable rip

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

910 ExtremeWare 7.3e Command Reference Guide

 disable rip aggregation

disable rip aggregation

disable rip aggregation

Description
Disables the RIP aggregation of subnet information on a RIP version 2 (RIPv2) interface.

Syntax Description
This command has no arguments or variables.

Default
RIP aggregation is disabled by default.

Usage Guidelines
The disable RIP aggregation command disables the RIP aggregation of subnet information on a switch
configured to send RIPv2-compatible traffic. The switch summarizes subnet routes to the nearest class
network route. The following rules apply when using RIP aggregation:
• Within a class boundary, no routes are aggregated.
• If aggregation is disabled, subnet routes are never aggregated, even when crossing a class boundary.

Example
The following command disables RIP aggregation on the interface:
disable rip aggregation

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 911

IGP Commands

disable rip export

disable rip export [direct | | ospf | ospf-extern1 | ospf-extern2 |
ospf-inter | ospf-intra | static]

Description
Disables RIP from redistributing routes from other routing protocols.

Syntax Description

direct Specifies interface routes (only interfaces that have IP forwarding enabled are
exported).
ospf Specifies all OSPF routes.
ospf-extern1 Specifies OSPF external route type 1.
ospf-extern2 Specifies OSPF external route type 2.
ospf-inter Specifies OSPF-inter area routes.
ospf-intra Specifies OSPF-intra area routes.
static Specifies static routes.

Default
Disabled.

Usage Guidelines
This command disables the exporting of static, direct, and OSPF-learned routes into the RIP domain.

Example
The following command disables RIP from redistributing any routes learned from OSPF:
disable rip export ospf

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

912 ExtremeWare 7.3e Command Reference Guide

 disable rip exportstatic

disable rip exportstatic

disable rip exportstatic

Description
Disables the redistribution of static routes.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Static routes are manually entered into the routing table. Static routes are used to reach networks not
advertised by routers. You can configure 64 static unicast routes. Static routes can also be used for
security reasons, to control which routes you want advertised by the router. You can decide if you want
all static routes to be advertised. Static routes are never aged out of the routing table.

A static route must be associated with a valid IP subnet. An IP subnet is associated with a single VLAN
by its IP address and subnet mask. If the VLAN is subsequently deleted, the static route entries using
that subnet must be deleted manually.

Example
The following command disables the redistribution of static routes:
disable rip exportstatic

History
This command was removed in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 913

IGP Commands

disable rip originate-default

disable rip originate-default

Description
Disables the advertisement of a default route.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command unconfigures a default route to be advertised by RIP if no other default route
is advertised:
disable rip originate-default cost 0

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

914 ExtremeWare 7.3e Command Reference Guide

 disable rip poisonreverse

disable rip poisonreverse

disable rip poisonreverse

Description
Disables poison reverse algorithm for RIP.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Like split horizon, poison reverse is a scheme for eliminating the possibility of loops in the routed
topology. In this case, a router advertises a route over the same interface that supplied the route, but the
route uses a hop count of 16, defining it as unreachable.

Example
The following command disables the split horizon with poison reverse algorithm for RIP:
disable rip poisonreverse

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 915

IGP Commands

disable rip splithorizon

disable rip splithorizon

Description
Disables the split horizon algorithm for RIP.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Split horizon is a scheme for avoiding problems caused by including routes in updates sent to the
router from which the route was learned. Split horizon omits routes learned from a neighbor in updates
sent to that neighbor.

Example
The following command disables the split horizon algorithm for RIP:
disable rip splithorizon

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

916 ExtremeWare 7.3e Command Reference Guide

 disable rip triggerupdate

disable rip triggerupdate

disable rip triggerupdate

Description
Disables the trigger update mechanism. Triggered updates are a mechanism for immediately notifying a
router’s neighbors when the router adds or deletes routes or changes their metric.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Triggered updates occur whenever a router changes the metric for a route and it is required to send an
update message immediately, even if it is not yet time for a regular update message to be sent. This will
generally result in faster convergence, but may also result in more RIP-related traffic.

Example
The following command disables the trigger update mechanism:
disable rip triggerupdate

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 917

IGP Commands

enable ospf
enable ospf

Description
Enables the OSPF process for the router.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command enables the OSPF process for the router:
enable ospf

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

918 ExtremeWare 7.3e Command Reference Guide

 enable ospf capability opaque-lsa

enable ospf capability opaque-lsa

enable ospf capability opaque-lsa

Description
Enables opaque LSAs across the entire system.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Opaque LSAs are a generic OSPF mechanism used to carry auxiliary information in the OSPF database.
Opaque LSAs are most commonly used to support OSPF traffic engineering.

Normally, support for opaque LSAs is auto-negotiated between OSPF neighbors. In the event that you
experience interoperability problems, you can disable opaque LSAs.

If your network uses opaque LSAs, all routers on your OSPF network should support opaque LSAs.
Routers that do not support opaque LSAs do not store or flood them. At minimum a
well-interconnected subsection of your OSPF network needs to support opaque LSAs to maintain
reliability of their transmission.

On an OSPF broadcast network, the designated router (DR) must support opaque LSAs or none of the
other routers on that broadcast network will reliably receive them. You can use the OSPF priority
feature to give preference to an opaque-capable router, so that it becomes the elected DR.

For transmission to continue reliably across the network, the backup designated router (BDR) must also
support opaque LSAs.

Example
The following command enables opaque LSAs across the entire system:
enable ospf capability opaque-lsa

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 919

IGP Commands

enable ospf export

enable ospf export [direct | rip | static] [cost <number> [ase-type-1 |
ase-type-2] {tag <number>}]

Description
Enables redistribution of routes to OSPF.

Syntax Description

direct Specifies direct routes.

rip Specifies RIP routes.
static Specifies static routes.
number Specifies a cost metric.
ase-type-1 Specifies AS-external type 1 routes.
ase-type-2 Specifies AS-external type 2 routes.
number Specifies a tag value.

Default
The default tag number is 0. The default setting is disabled.

Usage Guidelines
After it is enabled, the OSPF router is considered to be an ASBR. Interface routes that correspond to the
interface that has OSPF enabled are ignored.

Exporting routes from OSPF to RIP, and from RIP to OSPF, are discrete configuration functions. To run
OSPF and RIP simultaneously, you must first configure both protocols and then verify the independent
operation of each. Then you can configure the routes to export from OSPF to RIP and the routes to
export from RIP to OSPF.

The cost metric is inserted for all RIP-learned, static, and direct routes injected into OSPF. If the cost
metric is set to 0, the cost is inserted from the route. The tag value is used only by special routing
applications. Use 0 if you do not have specific requirements for using a tag. The tag value in this
instance has no relationship with 802.1Q VLAN tagging.

The same cost, type, and tag values can be inserted for all the export routes, or route maps can be used
for selective insertion. When a route map is associated with the export command, the route map is
applied on every exported route. The exported routes can also be filtered using route maps.

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

920 ExtremeWare 7.3e Command Reference Guide

 enable ospf export direct

enable ospf export direct

enable ospf export direct [cost <metric> [ase-type-1 | ase-type-2] {tag
<number>} | <route map>]

Description
Enables the redistribution of local interface (direct) routes into the OSPF domain. This will not export
the loopback address of 127.0.0.1.

Syntax Description

metric Specifies a cost metric.

ase-type-1 Specifies AS-external type 1 routes.
ase-type-2 Specifies AS-external type 2 routes.
number Specifies a tag value.
route map Specifies a route map.

Default
The default tag number is 0. The default setting is disabled.

Usage Guidelines
After it is enabled, the OSPF router is considered to be an ASBR. Interface routes that correspond to the
interface that has OSPF enabled are ignored.

Exporting routes from OSPF to RIP, and from RIP to OSPF, are discreet configuration functions. To run
OSPF and RIP simultaneously, you must first configure both protocols and then verify the independent
operation of each. Then you can configure the routes to export from OSPF to RIP and the routes to
export from RIP to OSPF.

The cost metric is inserted for all RIP-learned, static, and direct routes injected into OSPF. If the cost
metric is set to 0, the cost is inserted from the route. The tag value is used only by special routing
applications. Use 0 if you do not have specific requirements for using a tag. The tag value in this
instance has no relationship with 802.1Q VLAN tagging.

The same cost, type, and tag values can be inserted for all the export routes, or route maps can be used
for selective insertion. When a route map is associated with the export command, the route map is
applied on every exported route. The exported routes can also be filtered using route maps.

Example
The following command enables the distribution of local interface (direct) routes into the OSPF domain:
enable ospf export direct cost 1 ase-type-1 tag 0

History
This command was first available in ExtremeWare 7.1e.

ExtremeWare 7.3e Command Reference Guide 921

IGP Commands

Platform Availability
This command is available on the “e” series platforms.

922 ExtremeWare 7.3e Command Reference Guide

 enable ospf export rip

enable ospf export rip

enable ospf export rip [cost <metric> [ase-type-1 | ase-type-2] {tag
<number>} ]

Description
Enables the redistribution of RIP to OSPF.

Syntax Description

metric Specifies a cost metric.

ase-type-1 Specifies AS-external type 1 routes.
ase-type-2 Specifies AS-external type 2 routes.
number Specifies a tag value.

Default
The default tag number is 0. The default setting is disabled.

Usage Guidelines
After it is enabled, the OSPF router is considered to be an ASBR.

This command enables the exporting of RIP by way of LSA to other OSPF routers as AS-external type 1
or type 2 routes.

The cost metric is inserted for all RIP-learned, static, and direct routes injected into OSPF. The tag value
is used only by special routing applications. Use 0 if you do not have specific requirements for using a
tag. The tag value in this instance has no relationship with 802.1Q VLAN tagging.

When re-distributing RIP routes, you should turn off RIP aggregation unless you are expertly familiar
with the possible consequences and impact. By default, new configurations of RIP disable RIP
aggregation. In previous ExtremeWare versions, RIP aggregation is enabled by default. Verify the
configuration using the command show rip.

Example
The following command enables the exporting of RIP to OSPF:
enable ospf export rip cost 1 ase-type-1 tag 0

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 923

IGP Commands

enable ospf export static

enable ospf export static [cost <metric> [ase-type-1 | ase-type-2] {tag
<number>}]

Description
Enables the redistribution of static routes to OSPF.

Syntax Description

metric Specifies a cost metric.

ase-type-1 Specifies AS-external type 1 routes.
ase-type-2 Specifies AS-external type 2 routes.
number Specifies a tag value.

Default
The default tag number is 0. The default setting is disabled.

Usage Guidelines
After it is enabled, the OSPF router is considered to be an ASBR.

This command enables the redistribution of static routes by way of LSA to other OSPF routers as
AS-external type 1 or type 2 routes.

The cost metric is inserted for all RIP-learned, static, and direct routes injected into OSPF. The tag value
is used only by special routing applications. Use 0 if you do not have specific requirements for using a
tag. The tag value in this instance has no relationship with 802.1Q VLAN tagging.

Example
The following command enables the exporting of static routes to OSPF:
enable ospf export static cost 0 ase-type-1 tag 0

History
This command was first available in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

924 ExtremeWare 7.3e Command Reference Guide

 enable ospf originate-default

enable ospf originate-default

enable ospf originate-default {always} cost <metric> [ase-type-1 |
ase-type-2] {tag <number>}

Description
Enables a default external LSA to be generated by OSPF, if no other default route is originated by OSPF
by way of RIP and static route re-distribution.

Syntax Description

always Specifies for OSPF to always advertise the default route.

metric Specifies a cost metric.
ase-type-1 Specifies AS-external type 1 routes.
ase-type-2 Specifies AS-external type 2 routes.
number Specifies a tag value.

Default
N/A.

Usage Guidelines
If always is specified, OSPF always advertises the default route. If always is not specified, OSPF adds
the default LSA if a reachable default route is in the route table.

Example
The following command generates a default external type-1 LSA:
enable ospf originate-default cost 1 ase-type-1 tag 0

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 925

IGP Commands

enable rip
enable rip

Description
Enables RIP for the whole router.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
RIP has a number of limitations that can cause problems in large networks, including:
• A limit of 15 hops between the source and destination networks
• A large amount of bandwidth taken up by periodic broadcasts of the entire routing table
• Slow convergence
• Routing decisions based on hop count; no concept of link costs or delay
• Flat networks; no concept of areas or boundaries

Example
The following command enables RIP for the whole router:
enable rip

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

926 ExtremeWare 7.3e Command Reference Guide

 enable rip aggregation

enable rip aggregation

enable rip aggregation

Description
Enables the RIP aggregation of subnet information on a RIP version 2 (RIPv2) interface.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
The enable (disable) rip aggregation command enables (disables) the RIP aggregation of subnet
information on an interface configured to send RIPv1 or RIPv2-compatible traffic. The switch
summarizes subnet routes to the nearest class network route. The following rules apply when using RIP
aggregation:
• Subnet routes are aggregated to the nearest class network route when crossing a class boundary.
• Within a class boundary, no routes are aggregated.
• If aggregation is enabled, the behavior is the same as in RIPv1.
• If aggregation is disabled, subnet routes are never aggregated, even when crossing a class boundary.

Example
The following command enables RIP aggregation on the interface:
enable rip aggregation

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 927

IGP Commands

enable rip export cost

enable rip export [direct | ospf | ospf-extern1 | ospf-extern2 | ospf-inter
| ospf-intra | static] cost <number> {tag <number>}

Description
Enables RIP to redistribute routes from other routing functions.

Syntax Description

direct Specifies interface routes (only interfaces that have IP forwarding enabled are
exported).
ospf Specifies all OSPF routes.
ospf-extern1 Specifies OSPF external route type 1.
ospf-extern2 Specifies OSPF external route type 2.
ospf-inter Specifies OSPF-inter area routes.
ospf-intra Specifies OSPF-intra area routes.
static Specifies static routes.
cost <number>t Specifies the cost metric, from 0-15. If set to 0, RIP uses the route metric
obtained from the route origin.
tag <number> Specifies a tag number.

Default
Disabled.

Usage Guidelines
This command enables the exporting of static, direct and OSPF-learned routes into the RIP domain. You
can choose which types of OSPF routes are injected, or you can simply choose ospf, which injects all
learned OSPF routes regardless of type.

The cost metric is inserted for all RIP-learned, static, and direct routes injected into OSPF. If the cost
metric is set to 0, the cost is inserted from the route. The tag value is used only by special routing
applications. Use 0 if you do not have specific requirements for using a tag.

Example
The following command enables RIP to redistribute routes from all OSPF routes:
enable rip export ospf cost 0

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

928 ExtremeWare 7.3e Command Reference Guide

 enable rip exportstatic

enable rip exportstatic

enable rip exportstatic

Description
Enables the redistribution of static routes.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Static routes are manually entered into the routing table. Static routes are used to reach networks not
advertised by routers. You can configure 64 static unicast routes. Static routes can also be used for
security reasons, to control which routes you want advertised by the router. You can decide if you want
all static routes to be advertised. Static routes are never aged out of the routing table.

A static route must be associated with a valid IP subnet. An IP subnet is associated with a single VLAN
by its IP address and subnet mask. If the VLAN is subsequently deleted, the static route entries using
that subnet must be deleted manually.

Example
The following command enables the redistribution of static routes:
enable rip exportstatic

History
This command was removed in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 929

IGP Commands

enable rip originate-default cost

enable rip originate-default {always} cost <number> {tag<number>}

Description
Configures a default route to be advertised by RIP if no other default route is advertised.

Syntax Description

always Specifies to always advertise the default route.

cost <number> Specifies a cost metric.
tag <number> Specifies a tag number.

Default
Disabled.

Usage Guidelines
If always is specified, RIP always advertises the default route to its neighbors. If always is not specified,
RIP adds a default route if a reachable default route is not in the route table.

The cost metric is inserted for all RIP-learned, static, and direct routes injected into OSPF. If the cost
metric is set to 0, the cost is inserted from the route. The tag value is used only by special routing
applications. Use 0 if you do not have specific requirements for using a tag.

Example
The following command configures a default route to be advertised by RIP if no other default route is
advertised:
enable rip originate-default cost 0

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

930 ExtremeWare 7.3e Command Reference Guide

 enable rip poisonreverse

enable rip poisonreverse

enable rip poisonreverse

Description
Enables poison reverse algorithm for RIP.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Like split horizon, poison reverse is a scheme for eliminating the possibility of loops in the routed
topology. In this case, a router advertises a route over the same interface that supplied the route, but the
route uses a hop count of 16, defining it as unreachable.

Example
The following command enables the split horizon with poison reverse algorithm for RIP:
enable rip poisonreverse

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 931

IGP Commands

enable rip splithorizon

enable rip splithorizon

Description
Enables the split horizon algorithm for RIP.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Split horizon is a scheme for avoiding problems caused by including routes in updates sent to the
router from which the route was learned. Split horizon omits routes learned from a neighbor in updates
sent to that neighbor.

Example
The following command enables the split horizon algorithm for RIP:
enable rip splithorizon

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

932 ExtremeWare 7.3e Command Reference Guide

 enable rip triggerupdate

enable rip triggerupdate

enable rip triggerupdate

Description
Enables the trigger update mechanism. Triggered updates are a mechanism for immediately notifying a
router’s neighbors when the router adds or deletes routes or changes their metric.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Triggered updates occur whenever a router changes the metric for a route and it is required to send an
update message immediately, even if it is not yet time for a regular update message to be sent. This will
generally result in faster convergence, but may also result in more RIP-related traffic.

Example
The following command enables the trigger update mechanism:
enable rip triggerupdate

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 933

IGP Commands

show ospf
show ospf

Description
Displays global OSPF information.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays global OSPF information:
show ospf

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

934 ExtremeWare 7.3e Command Reference Guide

 show ospf area

show ospf area

show ospf area <area identifier>

Description
Displays information about a particular OSPF area.

Syntax Description

area identifier Specifies an OSPF area.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays information about OSPF area 1.2.3.4:
show ospf area 1.2.3.4

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 935

IGP Commands

show ospf area detail

show ospf area detail

Description
Displays information about all OSPF areas.

Syntax Description

detail Specifies to display the information in detailed format.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays information about all OSPF areas:
show ospf area detail

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

936 ExtremeWare 7.3e Command Reference Guide

 show ospf ase-summary

show ospf ase-summary

show ospf ase-summary

Description
Displays the OSPF external route aggregation configuration.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays the OSPF external route aggregation configuration:
show ospf ase-summary

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 937

IGP Commands

show ospf interfaces detail

show ospf interfaces detail

Description
Displays detailed information about all OSPF interfaces.

Syntax Description

detail Specifies to display the information in detailed format.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays information about all OSPF interfaces:
show ospf interfaces detail

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

938 ExtremeWare 7.3e Command Reference Guide

 show ospf interfaces

show ospf interfaces

show ospf interfaces {vlan <vlan name> | area <area identifier>}

Description
Displays information about one or all OSPF interfaces.

Syntax Description

vlan name Specifies a VLAN name.

area identifier Specifies an OSPF area.

Default
If no argument is specified, all OSPF interfaces are displayed.

Usage Guidelines
None.

Example
The following command displays information about one or all OSPF interfaces on the VLAN accounting:
show ospf interfaces vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 939

IGP Commands

show ospf lsdb area lstype

show ospf lsdb area [all | <area identifier>[/<len>] | detail | interface |
lsid <id>[/<len>] | lstype [all | as-external | external-type7 | network |
opaque-area | opaque-global | opaque-local | router | summary-asb
|summary-net| routerid <id>[/<len>] | stats | summary | vlan <vlan name>]

Description
Displays a table of the current LSDB.

Syntax Description

all Specifies all OSPF areas.

area identifier Specifies an OSPF area.
detail Specifies to display all fields of matching LSAs in a multi-line format.
interface Specifies to display interface types.
id Specifies an LS ID.
id Specifies a router ID.
stats Specifies to display the number of matching LSAs, but not any of their
contents.
summary Specifies to display several important fields of matching LSAs, one line per
LSA.
vlan name Specifies a VLAN name.

Default
Display in summary format.

Usage Guidelines
ExtremeWare provides several filtering criteria for the show ospf lsdb command. You can specify
multiple search criteria and only results matching all of the criteria are displayed. This allows you to
control the displayed entries in large routing tables.

A common use of this command is to omit all optional parameters, resulting in the following shortened
form:
show ospf lsdb

The shortened form displays all areas and all types in a summary format.

You can filter the display using either the area ID, the remote router ID, or the link-state ID. The default
setting is all with no detail. If detail is specified, each entry includes complete LSA information.

Example
The following command displays all areas and all types in a summary format:
show ospf lsdb

940 ExtremeWare 7.3e Command Reference Guide

 show ospf lsdb area lstype

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 941

IGP Commands

show ospf virtual-link

show ospf virtual-link {routerid <routerid> <area identifier>}

Description
Displays virtual link information about a particular router or all routers.

Syntax Description

routerid Specifies a router interface number.

area identifier Specifies an OSPF area.

Default
N/A.

Usage Guidelines
area identifier—Transit area used for connecting the two end-points. The transit area cannot have the IP
address 0.0.0.0.

Example
The following command displays virtual link information about a particular router:
show ospf virtual-link routerid 1.2.3.4 10.1.6.1

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

942 ExtremeWare 7.3e Command Reference Guide

 show rip

show rip
show rip {detail}

Description
Displays RIP specific configuration and statistics for all VLANs.

Syntax Description

detail Specifies to display the information in detailed format.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays RIP specific configuration and statistics for all VLANs:
show rip

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 943

IGP Commands

show rip stats

show rip stats {detail}

Description
Displays RIP-specific statistics for all VLANs.

Syntax Description

detail Specifies to display the information in detailed format.

Default
All.

Usage Guidelines
Statistics include the following per interface:
• Packets transmitted
• Packets received
• Bad packets received
• Bad routes received
• Number of RIP peers
• Peer information

Example
The following command displays RIP-specific statistics for all VLANs:
show rip stat

History
This command was available in ExtremeWare 7.1e

Platform Availability
This command is available on the “e” series platforms.

944 ExtremeWare 7.3e Command Reference Guide

 show rip stats vlan

show rip stats vlan

show rip stats vlan <vlan name>

Description
Displays RIP specific statistics for a VLAN.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays RIP specific statistics for the VLAN accounting:
show rip stat accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 945

IGP Commands

show rip vlan

show rip vlan <vlan name>

Description
Displays RIP configuration and statistics for a VLAN.

Syntax Description

vlan name Specifies a VLAN name.

Default
All.

Usage Guidelines
None.

Example
The following command displays RIP configuration and statistics for the VLAN accounting:
show rip vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

946 ExtremeWare 7.3e Command Reference Guide

 unconfigure ospf

unconfigure ospf
unconfigure ospf {vlan <vlan name> | area <area identifier>}

Description
Resets one or all OSPF interfaces to the default settings.

Syntax Description

vlan name Specifies a VLAN name.

area identifier Specifies an OSPF area.

Default
N/A.

Usage Guidelines
None.

Example
The following command resets the OSPF interface to the default settings on the VLAN accounting:
unconfigure ospf accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 947

IGP Commands

unconfigure rip
unconfigure rip {vlan <vlan name>}

Description
Resets all RIP parameters to the default VLAN.

Syntax Description

vlan name Specifies a VLAN name.

Default
All.

Usage Guidelines
Does not change the enable/disable state of the RIP settings.

Example
The following command deletes RIP configuration from the VLAN finance:
unconfigure rip finance

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

948 ExtremeWare 7.3e Command Reference Guide

19 IP Multicast Commands

IP multicast routing is a function that allows a single IP host to send a packet to a group of IP hosts.
This group of hosts can include devices that reside on the local network, within a private network, or
outside of the local network.

IP multicast routing consists of the following functions:

• A router that can forward IP multicast packets
• A router-to-router multicast protocol [for example, Protocol Independent Multicast (PIM)]
• A method for the IP host to communicate its multicast group membership to a router [for example,
Internet Group Management Protocol (IGMP)]

NOTE
You must configure IP unicast routing before you configure IP multicast routing.

IGMP is a protocol used by an IP host to register its IP multicast group membership with a router.
Periodically, the router queries the multicast group to see if the group is still in use. If the group is still
active, a single IP host responds to the query, and group registration is maintained.

IGMP is enabled by default on the switch. However, the switch can be configured to disable the
generation of period IGMP query packets. IGMP query should be enabled when the switch is
configured to perform IP unicast or IP multicast routing.

Protocol Independent Multicast (PIM) is a multicast routing protocol with no inherent route exchange
mechanism. The switch supports sparse mode operation.

Protocol independent Multicast-Sparse Mode (PIM-SM) routes multicast packets to multicast groups.
The sparse mode protocol is designed for installations where the multicast groups are scattered over a
large area such as a wide area network (WAN). PIM-SM is a router-to-router protocol, so all routers and
switches must upgrade to the same PIM-SM version. Summit 400 switches use PIM-SM version 2 to
forward IP packets that are destined to the IP addresses in the Class D Range to multiple networks
using the Multicast Routing information setup.

PIM-SM is an explicit join and prune protocol that is a mixture of the shared tree and shortest path tree
(SPT) models. The routers must explicitly join the group(s) in which they are interested in becoming a
member, which is beneficial for large networks that have group members who are sparsely distributed.
PIM-SM is not dependant on a specific unicast routing protocol.

ExtremeWare 7.3e Command Reference Guide 949

IP Multicast Commands

Using PIM-SM, the router sends a join message for groups learned from IGMP to the rendezvous point
(RP). The RP is a central multicast router that is responsible for receiving and distributing multicast
packets. By default, the RP is selected dynamically (but not automatically). You can also define a static
RP in your network, using the following command:
configure pim crp static <rp address> [none | <access profile>] {<priority [0-254]>}

When a router has a multicast packet to distribute, it encapsulates the packet in a unicast message and
sends it to the RP. The RP decapsulates the multicast packet and distributes it among all member
routers.

When a last-hop receiving-router determines that the multicast rate from of a particular group has
exceeded a configured threshold, that router can send an explicit join to the originating router. When
this occurs, the receiving router gets the multicast directly from the sending router, and bypasses the RP.

950 ExtremeWare 7.3e Command Reference Guide

 clear igmp group

clear igmp group

clear igmp group {vlan <vlan name>}

Description
Removes one or all IGMP groups.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
This command can be used by network operations to manually remove IGMP group entries instantly.

Example
The following command clears IGMP groups from VLAN accounting:
clear igmp group accounting

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 951

IP Multicast Commands

clear igmp snooping

clear igmp snooping {vlan <vlan name>}

Description
Removes one or all IGMP snooping entries.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
This command can be used by network operations to manually remove IGMP snooping entries
instantly. However, removing an IGMP snooping entry can disrupt the normal forwarding of multicast
traffic.

The static IGMP snooping entry will not be removed. The dynamic IGMP snooping entry will be
removed, then re-created upon the next general query.

Example
The following command clears IGMP snooping from VLAN accounting:
clear igmp snooping accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

952 ExtremeWare 7.3e Command Reference Guide

 clear ipmc cache

clear ipmc cache

clear ipmc cache {<IP multicast group> {<source IP address>/<netmask>}}

Description
Resets the IP multicast cache table.

Syntax Description

IP multicast group Specifies a group address.

source IP address Specifies a source IP address.
netmask Specifies a subnet mask.

Default
If no options are specified, all IP multicast cache entries are flushed.

Usage Guidelines
This command can be used by network operators to manually remove IPMC hardware forwarding
cache entries instantly. If the source is available, caches will be re-created, otherwise caches are removed
permanently. This command can disrupt the normal forwarding of multicast traffic.

Example
The following command resets the IP multicast table for group 224.1.2.3:
clear ipmc cache 224.1.2.3

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 953

IP Multicast Commands

clear ipmc fdb

clear ipmc fdb {group <ip address> {sender <ip address> / <netmask>}}

Description
Resets the IP multicast forwarding hardware entry.

Syntax Description

ip address Specifies an IP address.

netmask Specifies a netmask.

Default
N/A.

Usage Guidelines
If no options are specified, all IP multicast forwarding database entries are cleared. This command has
an effect similar to the command clear ipmc cache, except that the targets are the forwarding
database entries.

Example
The following command resets the IP multicast forwarding database entry:
clear ipmc fdb group 224.1.2.3 sender 10.0.0.0/24

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

954 ExtremeWare 7.3e Command Reference Guide

 configure igmp

configure igmp
configure igmp <query interval> <query response interval> <last member
query interval>

Description
Configures the Internet Group Management Protocol (IGMP) timers.

Syntax Description

query interval Specifies the interval (in seconds) between general queries.
query response interval Specifies the maximum query response time (in seconds).
last member query interval Specifies the maximum group-specific query response time (in seconds).

Default
• query interval—125 seconds
• query response interval—10 seconds
• last member query interval—1 second

Usage Guidelines
Timers are based on RFC2236. Specify the following:
• query interval—The amount of time, in seconds, the system waits between sending out general
queries. The range is 1 to 429,496,729 seconds.
• query response interval—The maximum response time inserted into the periodic general queries.
The range is 1 to 25 seconds.
• last member query interval—The maximum response time inserted into a group-specific query sent
in response to a leave group message. The range is 1 to 25 seconds.

Example
The following command configures the IGMP timers:
configure igmp 100 5 1

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 955

IP Multicast Commands

configure igmp snooping add static group

configure igmp snooping vlan <vlan name> ports <portlist> add static
group <ip address>

Description
Configures VLAN ports to receive the traffic from a multicast group, even if no IGMP joins have been
received on the port.

Syntax Description

vlan name Specifies a VLAN name.

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.
ip address Specifies the multicast group IP address.

Default
None.

Usage Guidelines
Use this command to forward a particular multicast group to VLAN ports. In effect, this command
emulates a host on the port that has joined the multicast group. As long as the port is configured with
the static entry, multicast traffic for that multicast group will be forwarded to that port.

The switch sends proxy IGMP messages in place of those generated by a real host. The proxy messages
use the VLAN IP address for source address of the messages. If the VLAN has no IP address assigned,
the proxy IGMP message will use 0.0.0.0 as the source IP address.

The multicast group should be in the class-D multicast address space, but should not be in the multicast
control packets range (224.0.0.x/24).

If the ports also have an IGMP filter configured, the filter entries take precedence. IGMP filters are
configured using the command:

configure igmp snooping vlan <vlan name> ports <portlist> filter <access
profile>

Example
The following command configures a static IGMP entry so the multicast group 224.34.15.37 will be
forwarded to VLAN marketing on ports 2-4:
configure igmp snooping marketing ports 2-4 add static group 224.34.15.37

History
This command was first available in ExtremeWare 7.2e.

956 ExtremeWare 7.3e Command Reference Guide

 configure igmp snooping add static group

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 957

IP Multicast Commands

configure igmp snooping delete static group

configure igmp snooping vlan <vlan name> ports <portlist> delete static
group [<ip address> | all]

Description
Removes the port configuration that causes multicast group traffic to be forwarded, even if no IGMP
leaves have been received on the port.

Syntax Description

vlan name Specifies a VLAN name.

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.
ip address Specifies the multicast group IP address.
all Delete all the static groups.

Default
None.

Usage Guidelines
Use this command to remove an entry created by the following command:

configure igmp snooping vlan <vlan name> ports <portlist> add static
group <group address>

Example
The following command removes a static IGMP entry that forwards the multicast group 224.34.15.37 to
the VLAN marketing on ports 2-4:
configure igmp marketing ports 2-4 delete static group 224.34.15.37

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

958 ExtremeWare 7.3e Command Reference Guide

 configure igmp snooping add static router

configure igmp snooping add static router

configure igmp snooping vlan <vlan name> ports <portlist> add static router

Description
Configures VLAN ports to forward the traffic from all multicast groups, even if no IGMP joins have
been received on the port.

Syntax Description

vlan name Specifies a VLAN name.

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
None.

Usage Guidelines
Use this command to forward all multicast groups to the specified VLAN ports. In effect, this command
emulates a multicast router attached to those ports. As long as the ports are configured with the static
entry, all available multicast traffic will be forwarded to those ports.

Example
The following command configures a static IGMP entry so all multicast groups will be forwarded to
VLAN marketing on ports 1-4:
configure igmp snooping marketing ports 1-4 add static router

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 959

IP Multicast Commands

configure igmp snooping delete static router

configure igmp snooping vlan <vlan name> ports <portlist> delete static
router

Description
Removes the configuration that causes VLAN ports to forward the traffic from all multicast groups,
even if no IGMP joins have been received on the port.

Syntax Description

vlan name Specifies a VLAN name.

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.

Default
None.

Usage Guidelines
Use this command to remove the static IGMP entry created with the following command:

configure igmp snooping vlan <vlan name> ports <portlist> add static router

Example
The following command removes the static IGMP entry that caused all multicast groups to be
forwarded to VLAN marketing on ports 1-4:
configure igmp snooping marketing ports 1-4 delete static router

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

960 ExtremeWare 7.3e Command Reference Guide

 configure igmp snooping filter

configure igmp snooping filter

configure igmp snooping vlan <vlan name> ports <portlist> filter [<access
profile> | none]

Description
Configures an IGMP snooping access profile filter on VLAN ports.

Syntax Description

vlan name Specifies a VLAN name.

portlist Specifies one or more port numbers. May be in the form 1, 2, 3-5.
access profile Specifies an access profile for the ports.

Default
None.

Usage Guidelines
Use this command to filter multicast groups to the specified VLAN ports.

The access profile specified in this command must only include IP address type entries, and the IP
addresses included in the entries must be in the class-D multicast address space, but should not be in
the multicast control packets range (224.0.0.x/24).

To remove IGMP snooping filtering from a port, use the none keyword version of the command.

Example
The following command configures the access profile ap_multicast to filter multicast packets forwarded
to VLAN marketing on ports 1-4:
configure igmp snooping marketing ports 1-4 filter ap_multicast

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 961

IP Multicast Commands

configure igmp snooping flood-list

configure igmp snooping flood-list [<access profile> | none]

Description
Configures certain multicast addresses to be slow path flooded within the VLAN.

Syntax Description

access profile Specifies an access profile with a list of multicast addresses to be handled.
The access profile must be type IP address.
none Specifies no access profile is to be used.

Default
None.

Usage Guidelines
With this command, a user can configure certain multicast addresses to be slow path flooded within the
VLAN, which otherwise will be fast path forwarded according to IGMP and/or layer 3 multicast
protocol.

The specified access profile <access profile> should contain a list of addresses which will determine
if certain multicast streams are to be treated specially. Typically, if the switch receives a stream with
destination address which is in the <access profile> in 'permit' mode, that stream will be software
flooded and no hardware entry would be installed.

The specified access profile must be type IP address.

When adding an IP address into the access-profile, a 32-bit host address is recommended.

This feature is meant to solve the multicast connectivity problem for unknown destination addresses
within system reserved ranges. Specifically this feature was introduced to solve the problem of
recognizing certain stream as control packets.

NOTE
The switch will not validate any IP address in the access profile used in this command. Therefore,
slow-path flooding should be used only for streams which are very infrequent, such as control packets.
It should not be used for multicast data packets. This option overrides any default mechanism of
hardware forwarding (with respect to IGMP) so it should be used with caution.

Slow path flooding will be done within the L2 VLAN only.

Use the none option to effectively disable slow path flooding.

You can use the show ipconfig command to see the configuration of slow path flooding. It will be
listed in the IGMP snooping section of the display.

962 ExtremeWare 7.3e Command Reference Guide

 configure igmp snooping flood-list

Example
Given access profile access1 created as follows:
create access-profile access1 type ipaddress
configure access-profile access1 add ipaddress 224.1.0.1/32

The following command configures the multicast data stream specified in access1 for slow path flooding:
configure igmp snooping flood-list access1

The following command specifies that no access profile is to be used, this effectively disabling slow path
flooding:
configure igmp snooping flood-list none

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 963

IP Multicast Commands

configure igmp snooping leave-timeout

configure igmp snooping leave-timeout <leave_time ms>

Description
Configures the IGMP snooping leave timeout.

Syntax Description

leave_time ms Specifies an IGMP leave timeout value in milliseconds.

Default
1000 ms.

Usage Guidelines
The range is 0 - 10000 ms (10 seconds). For timeout values of one second or less, you must set the
leave-timeout to a multiple of 100 ms. For values of more than one second, you must set the
leave-timeout to a multiple of 1000 ms (one second).

The specified time is the maximum leave timeout value. The switch could leave sooner if an IGMP
leave message is received before the timeout occurs.

Example
The following command configures the IGMP snooping leave timeout:
configure igmp snooping leave-timeout 10000

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

964 ExtremeWare 7.3e Command Reference Guide

 configure igmp snooping timer

configure igmp snooping timer

configure igmp snooping timer <router timeout> <host timeout>

Description
Configures the IGMP snooping timers.

Syntax Description

router timeout Specifies the time in seconds between router discovery.

host timeout Specifies the time in seconds between host reports

Default
The router timeout default setting is 260 seconds. The host timeout setting is 260 seconds.

Usage Guidelines
Timers should be set to approximately 2.5 times the router query interval in use on the network. Specify
the following:
• router timeout—The interval, in seconds, between the last time the router was discovered and the
current time. The range is 10 to 2,147,483,647 seconds (68 years). The default setting is 260 seconds.
• host timeout—The interval, in seconds, between the last IGMP group report message from the host
and the current time. The range is 10 to 2,147,483,647 seconds (68 years). The default setting is 260
seconds.

IGMP snooping is a layer 2 function of the switch. It does not require multicast routing to be enabled.
The feature reduces the flooding of IP multicast traffic. IGMP snooping optimizes the usage of network
bandwidth and prevents multicast traffic from being flooded to parts of the network that do not need it.
The switch does not reduce any IP multicast traffic in the local multicast domain (224.0.0.x).

IGMP snooping is enabled by default on the switch. If you are using multicast routing, IGMP snooping
can be enabled or disabled. If IGMP snooping is disabled, all IGMP and IP multicast traffic floods
within a given VLAN. IGMP snooping expects at least one device on every VLAN to periodically
generate IGMP query messages. Without an IGMP querier, the switch eventually stops forwarding IP
multicast packets to any port, because the IGMP snooping entries will time out, based on the value
specified in host timeout. An optional optimization for IGMP snooping is the strict recognition of
routers only if the remote devices are running a multicast protocol.

Example
The following command configures the IGMP snooping timers:
configure igmp snooping timer 600 600

History
This command was available in ExtremeWare 7.1e.

ExtremeWare 7.3e Command Reference Guide 965

IP Multicast Commands

Platform Availability
This command is available on the “e” series platforms.

966 ExtremeWare 7.3e Command Reference Guide

 configure pim add vlan

configure pim add vlan

configure pim add {vlan} [<vlan name>] {passive}

Description
Enables PIM on an IP interface.

Syntax Description

vlan name Specifies a VLAN name.

passive Specifies the IP interface as passive.

Default
N/A

Usage Guidelines
When an IP interface is created, per-interface PIM configuration is disabled by default.

The switch supports edge mode operation. You can configure sparse mode on a per-interface basis. If
you specify passive, the interface does not act as a peer with another PIM router or switch. Typically all
non-passive interfaces align with USPF non-passive interfaces. A maximum of 2 non-passive PIM
interfaces is allowed on the “e” series.

Example
The following command enables PIM-SM multicast routing on VLAN accounting:
configure pim add vlan accounting

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 967

IP Multicast Commands

configure pim crp static

configure pim crp static <rp address> [none | <access profile>] {<priority
[0-254]>}

Description
Configures a rendezvous point and its associated groups statically, for PIM sparse mode operation.

Syntax Description

rp address Specifies a rendezvous point address.

none Deletes the static rendezvous point.
access profile Specifies an access profile name.
priority Specifies a priority setting. The range is 0 - 254, with 0 indicating the highest
priority and 254 indicating the lowest priority.

Default
The default setting for priority is 0, which indicates highest priority. (A priority setting of 254 indicates
the lowest priority.)

Usage Guidelines
Using PIM-SM, the router sends a join message to the rendezvous point (RP). The RP is a central
multicast router that is responsible for receiving and distributing multicast packets. If you use a static
RP, all switches in your network must be configured with the same RP address for the same group
(range).

The RP address cannot be any locally configured IP interface on the series “e” switch. The series “e”
switches are not eligible to be RPs.

The access profile contains a list of multicast group accesses served by this RP.

Example
The following command statically configures an RP and its associated groups defined in access profile
rp-list:
configure pim crp static 10.0.3.1 rp-list

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

968 ExtremeWare 7.3e Command Reference Guide

 configure pim delete vlan

configure pim delete vlan

configure pim delete vlan [<vlan name> | all]

Description
Disables PIM on an interface.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables PIM-SM on VLAN accounting:
configure pim delete vlan accounting

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 969

IP Multicast Commands

configure pim register-rate-limit-interval

configure pim register-rate-limit-interval <time>

Description
Configures the initial PIM-SM periodic register rate.

Syntax Description

time Specifies an interval time in seconds. Range is 0 - 60. Default is 0.

Default
Default is 0.

Usage Guidelines
Configuring a non-zero interval time can reduce the CPU load on the first hop in case register stop
messages are not received normally.

If a non-zero value is configured, the first hop switch would send register messages only at time second
intervals. The default value is zero, which sends continuos register messages. This command takes effect
only until the register stop message is not received, in other words, when the register suppression timer
is not running.

Example
The following command configures the initial PIM register rate limit interval:
configure pim register-rate-limit-interval 2

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

970 ExtremeWare 7.3e Command Reference Guide

 configure pim register-suppress-interval register-probe-interval

configure pim register-suppress-interval

register-probe-interval
configure pim register-suppress-interval <time> register-probe-interval
<time>

Description
Configures an interval for periodically sending null-registers.

Syntax Description
register-suppress-interval <time> Specifies an interval time in seconds. Range is 30 - 200 seconds. Default is
60.
register-probe-interval <time> Specifies an interval time in seconds. Default is 5.

Default
The following defaults apply:
• register-suppress-interval—60
• register-probe-interval—5

Usage Guidelines
The register-probe-interval time should be set less than the register-suppress-interval time. By default, a
null register is sent every 55 seconds (register-suppress-interval - register-probe-interval).
A response to the null register is expected within register probe interval. By specifying a larger interval,
a CPU peak load can be avoided because the null-registers are generated less frequently. The register
probe time should be less than half of the register suppress time, for best results.

Example
The following command configures the register suppress interval and register probe time:
configure pim register-suppress-interval 90 register-probe time 10

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 971

IP Multicast Commands

configure pim register-checksum-to

configure pim register-checksum-to [include-data | exclude-data]

Description
Configures the checksum computation to either include data (for compatibility with Cisco Systems
products) or to exclude data (for RFC-compliant operation), in the register message.

Syntax Description

include-data Specifies to include data.

exclude-data Specifies to exclude data.

Default
Include data

Usage Guidelines
None.

Example
The following command configures the checksum mode to include data for compatibility with Cisco
Systems products:
configure pim register-checksum-to include-data

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

972 ExtremeWare 7.3e Command Reference Guide

 configure pim spt-threshold

configure pim spt-threshold

configure pim spt-threshold <last hop router threshold> {<rp threshold>}

Description
Configures the threshold, in kbps, for switching to SPT. On leaf routers, this setting is based on data
packets. On the RP, this setting is based on register packets.

Syntax Description

last hop router threshold Specifies a last hop router threshold.

rp threshold Specifies an RP threshold.

Default
The default setting is 0.

Usage Guidelines
For the best performance leveraged by hardware forwarding, use default value “0,0”, or small values
below 16. Since the RP learns the source address from the register message, the RP threshold has no
effect.

Example
The following command sets the threshold for switching to SPT:
configure pim spt-threshold 4 16

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 973

IP Multicast Commands

configure pim timer vlan

configure pim timer <hello interval> <join prune interval> vlan [<vlan
name>]

Description
Configures the global PIM timers.

Syntax Description

hello interval Specifies the amount of time before a hello message is sent out by the PIM
router. The range is 1 to 65,519 seconds.
join prune interval Specifies the join/prune interval. The range is 1 to 65,519 seconds.
vlan name Specifies a VLAN name.

Default
• hello interval—30 seconds.
• join prune interval—60 seconds.

Usage Guidelines
None.

Example
The following command configures the global PIM timers on the VLAN accounting:
configure pim timer 150 300 vlan accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

974 ExtremeWare 7.3e Command Reference Guide

 configure pim vlan trusted-gateway

configure pim vlan trusted-gateway

configure pim vlan [<vlan name> | all] trusted-gateway [<access profile> |
none]

Description
Configures a trusted neighbor policy.

Syntax Description

vlan name Specifies a VLAN name.

all Specifies all VLANs.
access profile Specifies an access profile name.
none Specifies no access profile, so all gateways are trusted.

Default
No access profile, so all gateways are trusted.

Usage Guidelines
When the PIM protocol is used for routing IP multicast traffic, the switch can be configured to use an
access profile to determine trusted PIM router neighbors for the VLAN on the switch running PIM.

You can use this feature to select or exclude routers as peers. PIM control packets from non-trusted
sources are not processed.

Example
The following command configures a trusted neighbor policy on the VLAN backbone:
configure pim vlan backbone trusted-gateway

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 975

IP Multicast Commands

disable igmp
disable igmp {vlan <vlan name>}

Description
Disables IGMP on a router interface. If no VLAN is specified, IGMP is disabled on all router interfaces.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
IGMP is a protocol used by an IP host to register its IP multicast group membership with a router.
Periodically, the router queries the multicast group to see if the group is still in use. If the group is still
active, hosts respond to the query, and group registration is maintained.

IGMP is enabled by default on the switch. However, the switch can be configured to disable the
generation and processing of IGMP packets. IGMP should be enabled when the switch is configured to
perform IP unicast or IP multicast routing.

Example
The following command disables IGMP on VLAN accounting:
disable igmp vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

976 ExtremeWare 7.3e Command Reference Guide

 disable igmp snooping

disable igmp snooping

disable igmp snooping {forward-mcrouter-only | vlan <vlan name>}

Description
Disables IGMP snooping.

Syntax Description

forward-mcrouter-only Specifies that the switch forwards all multicast traffic to the multicast router
only.
vlan name Specifies a VLAN.

Default
Enabled.

Usage Guidelines
If a VLAN is specified, IGMP snooping is disabled only on that VLAN, otherwise IGMP snooping is
disabled on all VLANs.
If the switch is in the forward-mcrouter-only mode, then the command disable igmp snooping
forward-mcrouter-only changes the mode so that all multicast traffic is forwarded to any IP router. If
not in the forward-mcrouter-mode, the command disable igmp snooping forward-mcrouter-only
has no effect.

To change the snooping mode you must disable IP multicast forwarding. Use the command:

disable ipmcforwarding

Example
The following command disables IGMP snooping on the VLAN accounting:
disable igmp snooping accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 977

IP Multicast Commands

disable igmp snooping with-proxy

disable igmp snooping with-proxy

Description
Disables the IGMP snooping proxy. The default setting is enabled.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command can be used for troubleshooting purpose. It should be enabled for normal network
operation.

Enabling the proxy allows the switch to suppress the duplicate join requests on a group to forward to
the connected layer 3 switch. The proxy also suppresses unnecessary IGMP leave messages so that they
are forwarded only when the last member leaves the group.

Example
The following command disables the IGMP snooping proxy:
disable igmp snooping with-proxy

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

978 ExtremeWare 7.3e Command Reference Guide

 disable ipmcforwarding

disable ipmcforwarding
disable ipmcforwarding {vlan <vlan name>}

Description
Disables IP multicast forwarding on an IP interface.

Syntax Description

vlan name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
If no options are specified, all configured IP interfaces are affected. When new IP interfaces are added,
IP multicast forwarding is disabled by default.

IP forwarding must be enabled before enabling IP multicast forwarding, and IP multicast forwarding
must be disabled before disabling IP forwarding.

Disabling IP multicast forwarding disables any layer 3 forwarding for the streams coming to the
interface.

Example
The following command disables IP multicast forwarding on the VLAN accounting:
disable ipmcforwarding vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 979

IP Multicast Commands

disable pim
disable pim

Description
Disables PIM on the system.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command disables PIM on the system:
disable pim

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

980 ExtremeWare 7.3e Command Reference Guide

 enable igmp

enable igmp
enable igmp {vlan <vlan name>}

Description
Enables IGMP on a router interface. If no VLAN is specified, IGMP is enabled on all router interfaces.

Syntax Description

vlan name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
IGMP is a protocol used by an IP host to register its IP multicast group membership with a router.
Periodically, the router queries the multicast group to see if the group is still in use. If the group is still
active, IP hosts respond to the query, and group registration is maintained.

IGMP is enabled by default on the switch. However, the switch can be configured to disable the
generation and processing of IGMP packets. IGMP should be enabled when the switch is configured to
perform IP unicast or IP multicast routing.

Example
The following command enables IGMP on the VLAN accounting:
enable igmp vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 981

IP Multicast Commands

enable igmp snooping

enable igmp snooping {forward-mcrouter-only | vlan <vlan name>}

Description
Enables IGMP snooping on the switch.

Syntax Description

forward-mcrouter-only Specifies that the switch forwards all multicast traffic to the multicast router
only.
vlan name Specifies a VLAN.

Default
Enabled.

Usage Guidelines
If a VLAN is specified, IGMP snooping is enabled only on that VLAN, otherwise IGMP snooping is
enabled on all VLANs.

Two IGMP snooping modes are supported:

• The forward-mcrouter-only mode forwards all multicast traffic to the multicast router (that is, the
router running PIM.
• When not in the forward-mcrouter-only mode, the switch forwards all multicast traffic to any IP
router (multicast or not).

To change the snooping mode you must disable IP multicast forwarding. To disable IP multicast
forwarding, use the command:

disable ipmcforwarding
To change the IGMP snooping mode from the forward-mcrouter-only mode to the
non-forward-mcrouter-only mode, use the command:
disable igmp snooping forward-mcrouter-only

The snooping mode is not changed from the non-forward-mcrouter-only mode to the
forward-mcrouter-only mode solely by enabling that mode. You must disable IGMP snooping, then
enable IGMP snooping for multicast only. Disable IP multicast forwarding, then use the following
commands:

disable igmp snooping

enable igmp snooping forward-mcrouter-only

Example
The following command enables IGMP snooping on the switch:
enable igmp snooping

982 ExtremeWare 7.3e Command Reference Guide

 enable igmp snooping

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 983

IP Multicast Commands

enable igmp snooping with-proxy

enable igmp snooping with-proxy

Description
Enables the IGMP snooping proxy. The default setting is enabled.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command should be enabled for normal network operation. The command does not alter the
snooping setting. IP multicast forwarding should be disabled globally for this command.

Enabling the proxy allows the switch to suppress the duplicate join requests on a group to forward to
the connected layer 3 switch. The proxy also suppresses unnecessary IGMP leave messages so that they
are forwarded only when the last member leaves the group.

Example
The following command enables the IGMP snooping proxy:
enable igmp snooping with-proxy

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

984 ExtremeWare 7.3e Command Reference Guide

 enable ipmcforwarding

enable ipmcforwarding
enable ipmcforwarding {vlan <vlan name>}

Description
Enables IP multicast forwarding on an IP interface.

Syntax Description

vlan name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
If no options are specified, all configured IP interfaces are affected. When new IP interfaces are added,
IPMC forwarding is disabled by default.

IP forwarding must be enabled before enabling IPMC forwarding, and IPMC forwarding must be
disabled before disabling IP forwarding.

Example
The following command enables IPMC forwarding on the VLAN accounting:
enable ipmcforwarding vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 985

IP Multicast Commands

enable pim
enable pim

Description
Enables PIM on the system.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command enables PIM on the system:
enable pim

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

986 ExtremeWare 7.3e Command Reference Guide

 mrinfo

mrinfo
mrinfo <ip address> {from <ip address>} {timeout <seconds>}

Description
Initiates a request to get multicast information from a router.

Syntax Description

<ip address> Specifies an IP address. The first <ip address> parameter specifies the
unicast IP address of the router to query.
from Specifies the unicast address of an interface in the system to use as the
source address in the request.
timeout Specifies the time to wait before indicating a failure.

Defaults
• from—outgoing interface
• timeout—three seconds

Usage Guidelines
This command queries a multicast router for information useful for tracing and troubleshooting. The
command returns the following information:

• code version
• system multicast information
• interface information
— interface IP address
— interface multicast capabilities
— metric configured on the interface
— threshold configured on the interface
— count and IP address of the neighbors discovered on the interface

Example
The following command queries the router at 10.10.34.14:
mrinfo 10.10.34.14

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 987

IP Multicast Commands

mtrace
mtrace source <ip address> {destination <ip address>} {group <ip address>}
{from <ip address>} {gateway <ip address >} {timeout <seconds>}
{maximum-hops <number>}

Description
Initiates a request to trace the path of multicast traffic from the source to the destination of a multicast
group.

Syntax Description

<ip address> Specifies an IP address.

source Specifies the unicast address of the multicast source.
destination Specifies the unicast address of the destination to which the path of the
multicast traffic will be traced.
group Specifies the multicast IP address of the group for which the traffic will be
traced.
from Specifies the unicast address of an interface in the system to use as the
response address in the request.
gateway Specifies the unicast address of a first hop router to which the query will be
directed.
timeout Specifies the time to wait before indicating a failure.
maximum-hops Specifies the maximum number of hops the mtrace request can traverse.

Defaults
• destination—current system
• group—0.0.0.0
• from—outgoing interface to reach the source or destination
• gateway—destination 224.0.0.2
• timeout—three seconds
• maximum-hops—255

Usage Guidelines
This command relies on a feature of multicast routers that is accessed using the IGMP protocol. Since
multicast uses reverse path forwarding, a multicast trace is run from the destination to the source. A
query packet is sent to the last-hop multicast router. This router builds a trace response packet, fills in a
report for its hop, and forwards the packet to the next upstream router. As the request is forwarded,
each router in turn adds its own report to the trace response. When the request reaches the first-hop
router, the filled in request is sent back to the system requesting the trace. The request will also be
returned if the maximum hop limit is reached.

If a router does not support the mtrace functionality, it will silently drop the request packet and no
information will be returned. For this situation, you would send the trace with a small number of
maximum hops allowed, increasing the number of hops as the stream is traced.

988 ExtremeWare 7.3e Command Reference Guide

 mtrace

The group IP address must be in the class-D multicast address space, but should not be in the multicast
control subnet range (224.0.0.x/24).

ExtremeWare based systems do not maintain packet forwarded statistics for each source/group
combination (S,G) and cannot return that information.

Example
The following command traces the multicast group 221.160.14.23 originating at 10.10.32.14 that is
coming through the gateway at 172.16.255.1:
mtrace source 10.10.34.14 group 227.160.14.23 gateway 172.16.255.1

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 989

IP Multicast Commands

show igmp group

show igmp group {<ip address> {sender <ip address>}} {vlan <vlan name>}

Description
Lists the IGMP group membership for the specified VLAN.

Syntax Description

group <ip address> Specifies a group IP address.

sender <ip address> Specifies a sender’s IP address.
vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
If no VLAN is specified all VLANs are displayed. You can also filter the display by group address and
by multicast stream sender address.

Example
The following command lists the IGMP group membership for the VLAN accounting:
show igmp group 10.0.0.1 sender 10.0.0.2 accounting

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

990 ExtremeWare 7.3e Command Reference Guide

 show igmp snooping

show igmp snooping

show igmp snooping {vlan <vlan name> | detail}

Description
Displays IGMP snooping registration information and a summary of all IGMP timers and states.

Syntax Description

vlan name Specifies a VLAN name.

detail Specifies to display the information in detailed format.

Default
N/A.

Usage Guidelines
The two types of IGMP snooping entry are sender entry and subscribed entry.

The following information is displayed in a per-interface format:

• Group membership information
• Router entry
• Timeout information

Example
The following command displays IGMP snooping registration information on the VLAN accounting:
show igmp snooping vlan accounting

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 991

IP Multicast Commands

show igmp snooping filter

show igmp snooping {vlan <vlan name>} filter

Description
Displays IGMP snooping filters.

Syntax Description

vlan name Specifies a VLAN name.

Default
None.

Usage Guidelines
Use this command to display IGMP snooping filters configured on the specified VLAN. When no
VLAN is specified, all the filters will be displayed.

Example
To display the IGMP snooping filter configured on VLAN vlan101, use the following command:
show igmp snooping vlan101 filter

The output of the command will be similar to the following:

VLAN vlan101 (4094)
Filter Port
ap5 31 (-)
Total number of configured static filters = 1

Flags: (a) Active

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

992 ExtremeWare 7.3e Command Reference Guide

 show igmp snooping static group

show igmp snooping static group

show igmp snooping {vlan <vlan name>} static group

Description
Displays static IGMP snooping entries.

Syntax Description

vlan name Specifies a VLAN name.

Default
None.

Usage Guidelines
Use this command to display IGMP snooping filters configured on the specified VLAN. When no
VLAN is specified, all the filters will be displayed.

Example
To display the IGMP snooping static groups configured on VLAN vlan101, use the following command:
show igmp snooping vlan101 static group

The output of the command will be similar to the following:

VLAN vlan101 (4094)
Group Port Flags
239.1.1.2 29 s-
239.1.1.2 30 s-
239.1.1.2 31 sa
239.1.1.2 32 s-
239.1.1.2 34 s-

Total number of configured static IGMP groups = 5

Flags: (s) Static, (a) Active

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 993

IP Multicast Commands

show ipmc cache

show ipmc cache {detail} | {<IP multicast group> {<source IP address>
<netmask>}}

Description
Displays the IP multicast forwarding cache.

Syntax Description

detail Specifies to display the information in detailed format.

IP multicast group Specifies an IP group address.
source IP address Specifies an IP source address.
netmask Specifies a subnet mask.

Default
N/A.

Usage Guidelines
Displays the following information:
• IP group address
• IP source address / source mask
• Upstream neighbor (RPF neighbor)
• Interface (VLAN-port) to upstream neighbor
• Cache expiry time
• Routing protocol

When the detail option is specified, the switch displays the egress VLAN list and the pruned VLAN list.

Example
The following command displays the IP multicast table for group 224.1.2.3:
show ipmc cache 224.1.2.3

History
This command was available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

994 ExtremeWare 7.3e Command Reference Guide

 show ipmc fdb

show ipmc fdb

show ipmc fdb {<ip address>}

Description
Displays the IP multicast forwarding database in hardware.

Syntax Description

ip address Specifies an IP group address.

Default
N/A.

Usage Guidelines
If the group address is specified, only the IP multicast FDB entries corresponding to the group address
are displayed.

Example
The following command displays the IP multicast forwarding database:
show ipmc fdb

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 995

IP Multicast Commands

show l2stats
show l2stats {vlan <vlan name>}

Description
Displays the counters for the number of packets bridged, switched, and snooped.

Syntax Description

vlan name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
None.

Example
The following command displays the counters for the number of packets bridged, switched, and
snooped for the VLAN accounting:
show l2stats accounting

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

996 ExtremeWare 7.3e Command Reference Guide

 show pim

show pim
show pim {detail | rp-set {<IP multicast group>}| vlan <vlan name>}

Description
Displays the PIM configuration and statistics.

Syntax Description

detail Specifies to display the detailed format.

IP multicast group Specifies an IP multicast group.
vlan name Specifies a VLAN name.

Default
If no VLAN is specified, the configuration is displayed for all PIM interfaces.

If no multicast group is specified for the rp-set option (Rendezvous Point set), all groups are
displayed.

Usage Guidelines
The detail version of this command displays the global statistics for PIM register and register-stop
packets.

Example
The following command displays the PIM configuration and statistics for the VLAN accounting:
show pim accounting

History
This command was first available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 997

IP Multicast Commands

unconfigure igmp
unconfigure igmp

Description
Resets all IGMP settings to their default values and clears the IGMP group table.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command resets all IGMP settings to their default values and clears the IGMP group
table:
unconfigure igmp

History
This command was available in ExtremeWare 7.1e.

Platform Availability
This command is available on the “e” series platforms.

998 ExtremeWare 7.3e Command Reference Guide

 unconfigure pim

unconfigure pim
unconfigure pim {vlan <vlan name>}

Description
Resets all PIM settings on one or all VLANs to their default values.

Syntax Description

vlan name Specifies a VLAN name.

Default
If no VLAN is specified, the configuration is reset for all PIM interfaces.

Usage Guidelines
None.

Example
The following command resets all PIM settings on the VLAN accounting:
unconfigure pim vlan accounting

History
This command was first available in ExtremeWare 7.2e.

Platform Availability
This command is available on the “e” series platforms.

ExtremeWare 7.3e Command Reference Guide 999

IP Multicast Commands

1000 ExtremeWare 7.3e Command Reference Guide

20 Wireless Commands

The Summit 300 series of switches and the Altitude 300 wireless port extend network service to wireless
802.11a/b/g clients within a fully integrated network infrastructure. Ports on the Summit 300 handle all
of the management functions typically associated with an access point. The Altitude 300 wireless port
serves as the radio transmitter and receiver, inheriting configuration information as soon as it is
attached to the switch and as changes are made to the wireless profiles after the system is deployed.

Summary of Wireless Features

The Summit 300 series supports the following wireless features:
• Simultaneous support for 802.11a, 802.11b, and 802.11g
• EAP authentication for 802.1X devices—Protected Extensible Authentication Protocol (PEAP), EAP
Tunneled TLS Authentication Protocol (EAP-TTLS), and Extensible Authentication Protocol
Transport Layer Security (EAP-TLS
• Wi-Fi Protected Access (WPA) using Temporal Key Integrity Protocol (TKIP) and Advanced
Encryption Standard (AES)
• Per-user VLAN classification
• AccessAdapt™ management
• Remote troubleshooting
• Easy upgrading of wireless ports
• Detailed reports and logging

Wireless Devices
You configure ports on the Summit 300 with the “personality” of the device to be connected. Each port
contains separately configurable interfaces for each of its two radios (A and G).
Physical security for the wireless networks ceases to be a problem at the wireless access location
because the Altitude 300 wireless port does not store any security settings. Information is not stored in
the Altitude 300 wireless port, but loaded as needed from the switch. Even if the Altitude 300 wireless
port is physically moved, it can only be reconnected to another Summit 300 model.

You can set network policies at layers 2 and 3 to cover both the wired and wireless networks. In this
way you can block access to individuals suspected of intrusion across the entire network infrastructure.

ExtremeWare 7.3e Command Reference Guide 1001

Wireless Commands

In addition to traditional wired devices, the switch supports the Altitude 300 wireless port, third party
access points, and devices that rely on Power over Ethernet (PoE).

1002 ExtremeWare 7.3e Command Reference Guide

 clear wireless ports counters

clear wireless ports counters

clear wireless ports [all | <portlist>] counters

Description
Clears the counters on one or more wireless ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.
all Specifies all ports.

Default
N/A

Usage Guidelines
Use this command to clear the counters for all wireless ports or for a port list.

Example
The following example clears all the counters for wireless ports:

clear wireless ports all counters

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1003

Wireless Commands

clear wireless ports interface ap-scan results

clear wireless ports [<portlist> | all] interface [1 | 2] ap-scan results

Description
This command clears the scan results table.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.

Default
N/A

Usage Guidelines
Use this command to clear the access point (AP) scan results on any interface: 1 or 2.

Examples
The following command clears the AP scan result table for port 1:18 on interface 1:

clear wireless port 1:18 interface 1 ap-scan results

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1004 ExtremeWare 7.3e Command Reference Guide

 clear wireless ports interface client-history

clear wireless ports interface client-history

clear wireless ports [<portlist> | all] interface [1 | 2] client-history
[<mac-address> | all]

Description
Clears the counters for a specific MAC address or for all clients.

Syntax Description

mac-address Specifies the MAC address of the client network interface card.
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
N/A

Usage Guidelines
Although this command clear the counters, client entries are not removed from the client information
database.

Example
The following example clears the client-history counters on all ports and interface 1:

clear wireless ports all interface 1 client-history all

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1005

Wireless Commands

clear wireless ports interface client-scan counters

clear wireless ports [<portlist> | all] interface [1 | 2] client-scan
counters [<hexoctet> | all]

Description
Clears the statistics associated with a particular client or with all clients.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
hexoctet Specifies to use the hexadecimal value to identify a particular entry in the
client scan information table.
all Specifies all entries in the client scan information table.

Default
N/A.

Usage Guidelines
Use this command to clear client scan counters on any interface: 1 or 2.

Examples
The following example clears ports 15 and interface 1 of all client-scan statistics:

clear wireless ports 15 interface 1 client-scan counters all

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1006 ExtremeWare 7.3e Command Reference Guide

 clear wireless ports interface client-scan results

clear wireless ports interface client-scan results

clear wireless ports [<portlist> | all] interface [1 | 2] client-scan
results [<hexoctet> | all]

Description
Clears the contents of the client scan information table or for a specific client MAC address.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
hexoctet Specifies to use the hexadecimal value to identify a particular entry in the
client scan information table.
all Specifies all entries in the client scan information table.

Default
N/A.

Usage Guidelines
Use this command to clear the client scan results on any interface: 1 or 2.

Examples
The following example clears ports 15 and interface 1 of all client-scan results:

clear wireless ports 15 interface 1 client-scan results all

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1007

Wireless Commands

clear wireless ports log

clear wireless ports [all | <portlist>] log

Description
Clears the log on one or more wireless ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.
all Specifies all ports.

Default
N/A

Usage Guidelines
Use this command to clear the log for all wireless ports or for a port list.

Example
The following example clears the counters for wireless port 1:1:

clear wireless ports 1:1 counters

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1008 ExtremeWare 7.3e Command Reference Guide

 configure debug-trace wireless ports iapp

configure debug-trace wireless ports iapp

configure debug-trace wireless ports [<portlist> | all] iapp <debug-level>

Description
Enables debug tracing for Inter-Access Point Protocol (IAPP) on a per interface basis to troubleshoot
IAPP scenarios.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
debug-level Specifies a debug level in the following range (0-5). The default is 0 (off).

Default
Disabled.

Usage Guidelines
IAPP uses layer 2 updates to allow connected layer 2 devices to update forwarding tables with the
address of the client. The access point (AP) sends the updates on behalf of the clients by inserting the
MAC address of the mobile station in the source address. The switch looks up the UDP request packet
on the local subnet that contains the AP’s MAC address which contains the needed IP address. All APs
on the subnet receive this message. The AP with the matching MAC address sends a unicast response
packet with its IP address.

Example
The following example enables debug tracing for IAPP on port 1:15 with a debug level of 2:
configure debug-trace wireless ports 1:15 iapp 2

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1009

Wireless Commands

configure rf-profile beacon-interval

configure rf-profile <name> beacon-interval <value>

Description
Specifies the frequency interval of the beacon in milliseconds.

Syntax Description

name Specifies the names of the RF profile.

value Specifies the interval of the beacon in milliseconds. Valid values are from 20
to 1000.

Default
40 ms

Usage Guidelines
A beacon is a packet broadcasted by the wireless port to synchronize the wireless network. The
beacon-interval is the time in milliseconds between beacons.

Examples
The following command sets the beacon interval to 100 ms:

configure rf-profile rfprof1 beacon-interval 100

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1010 ExtremeWare 7.3e Command Reference Guide

 configure rf-profile dtim-interval

configure rf-profile dtim-interval

configure rf-profile <name> dtim-interval <value>

Description
Specifies the interval of the delivery traffic indication message (DTIM) in number of beacons.

Syntax Description

name Specifies the names of the RF profile.

value Specifies the interval of the DTIM indicating the number of beacons. Valid
values are integers from 1 to 100. The default value is 2.

Default
2

Usage Guidelines
A DTIM field is a countdown field informing clients of the next listening window to broadcast and
multicast messages. When the wireless port has buffered broadcast or multicast messages, it sends the
next DTIM with a DTIM interval value. Its clients hear the beacons and awaken to receive the broadcast
and multicast messages.

Clients achieve greater power savings with larger DTM intervals. However, a larger DTM interval will
increase the delay before multicast frames are delivered to all stations.

Examples
The following command sets the DTIM interval to every 5 beacons:

configure rf-profile rfprof1 dtim-interval 5

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1011

Wireless Commands

configure rf-profile frag-length

configure rf-profile <name> frag-length <value>

Description
Specifies the fragment size in bytes.

Syntax Description

name Specifies the names of the RF profile.

value Specifies the fragment size in bytes. Valid values are from 256 to 2345.

Default
2345 bytes

Usage Guidelines
This value should remain at its default setting of 2345. It specifies the maximum size for a packet before
data is fragmented into multiple packets. If you experience a high packet error rate, you may slightly
increase the fragmentation threshold. Setting the fragmentation threshold too low may result in poor
network performance. Only minor modifications of this value are recommended.

Examples
The following command sets the fragment size to the default setting:

configure rf-profile rfprof1 frag-length 2345

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1012 ExtremeWare 7.3e Command Reference Guide

 configure rf-profile long-retry

configure rf-profile long-retry

configure rf-profile <name> long-retry <value>

Description
Specifies the number of transmission attempts of a frame larger than the request-to-send (RTS)
threshold.

Syntax Description

name Specifies the names of the RF profile.

value Specifies the number of transmission attempts of a frame. Valid values are
from 1 to 255.

Default
7

Usage Guidelines
Use this command to set the number of transmission attempts for frames larger than the RTS threshold
setting in the same RF profile. The long-retry value specifies the number of attempts before a frame
will be discarded when a station attempts to retransmit a frame. Long retry applies to frames longer
than the RTS threshold and it is set to 7 by default. A frame requiring RTS/CTS clearing is
retransmitted seven times before being discarded.

To specify a the number of transmission attempts of a frame smaller than the RTS threshold, use the
following command:
configure rf-profile <name> rts-threshold <value>.

Examples
The following command sets the transmission attempts to 10:

configure rf-profile rfprof1 long-retry 10

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1013

Wireless Commands

configure rf-profile preamble

configure rf-profile <name> preamble [short | long]

Description
Specifies the size of the packet preamble.

Syntax Description

name Specifies the names of the RF profile.

short Specifies 802.11a.
long Specifies 802.11b and 802.11g.

Default
Short

Usage Guidelines
Use this command to configure the RF profile for 802.11b using the long packet preamble. Configure
the RF profile for 802.11a and 802.11g using the short packet preamble.

Examples
The following command sets the preamble to long:

configure rf-profile rfprof1 preamble long

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1014 ExtremeWare 7.3e Command Reference Guide

 configure rf-profile rts-threshold

configure rf-profile rts-threshold

configure rf-profile <name> rts-threshold <value>

Description
Specifies the request to send (RTS) threshold in bytes.

Syntax Description

name Specifies the names of the RF profile.

value Specifies the RTS threshold in bytes. Valid values are from 0 to 2347.

Default
2330 bytes

Usage Guidelines
Should you encounter inconsistent data flow, only minor modifications are recommended. If a network
packet is smaller than the preset RTS threshold size, the RTS and clear-to-send (CTS) mechanism is not
enabled. The wireless port sends RTS frames to a particular receiving station and negotiates the sending
of a data frame. After receiving an RTS, the wireless station responds with a CTS frame to acknowledge
the right to begin transmission.

Examples
The following command sets the RTS threshold to the default setting:

configure rf-profile rfprof1 rts-threshold 2330

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1015

Wireless Commands

configure rf-profile short-retry

configure rf-profile <name> short-retry <value>

Description
Specifies the number of transmission attempts of frames smaller than the request-to-send (RTS)
threshold.

Syntax Description

name Specifies the names of the RF profile.

value Specifies the number of transmission attempts of a frame. Valid values are
from 1 to 255.

Default
4

Usage Guidelines
Use this command to set the number of transmission attempts for frames smaller than the RTS
threshold setting in the same RF profile. The short-retry value specifies the number of attempts
before a frame will be discarded when a station attempts to retransmit a frame. Short retry applies to
frames shorter than the RTS threshold and it is set to 4 by default. A frame requiring RTS/CTS clearing
is retransmitted four times before being discarded.

To specify a the number of transmission attempts of a frame larger than the RTS threshold, use the
following command:
configure rf-profile <name> long-retry <value>.

Examples
The following command sets the transmission attempts to 3:

configure rf-profile rfprof1 short-retry 3

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1016 ExtremeWare 7.3e Command Reference Guide

 configure wireless country-code

configure wireless country-code

configure wireless country-code <code>

Description
Configures the country identifier for the switch.

Syntax Description

code Sets the country identifier for the switch.

Default
Extreme_default

Usage Guidelines
When the Summit 300 is set to factory defaults, you must configure the correct country code using the
country code properties listed in the following table. The country code feature allows you to configure
the approved 802.11a or 802.11b/g “channels” applicable to each of the supported countries.

Australia Austria Belgium Canada China Denmark

extreme_default Finland France Germany Greece Hong_Kong
Iceland Ireland Italy Japan Korea_Republic Liechtenstein
Luxembourg Mexico Netherlands Norway Portugal Spain
Sweden Switzerland Taiwan Thailand UK USA

Extreme Networks ships the Summit 300 to be programmed with Extreme Network's special
extreme_default country code, which brings up only the B/G radio in channel 6, and turns off the A
radio. When an Altitude 300 wireless port is connected and the Summit 300 is unable to determine the
country for which the Altitude is programmed, then the extreme_default country code is used. You
must program the country code on the Summit 300 to enable the remaining channels for the desired
country.

The Altitude 300 wireless port is shipped with a pre-programmed code for the following countries:

• North America (United States, Canada, Hong Kong)

• Japan
• Taiwan
• European Union and the Rest of the World.

If you do not program the country code in the Summit 300, then the switch inherits the country code of
the first Altitude 300 wireless port that connects to it, if the Altitude is not programmed for the
'European Union and the Rest of World.

If there is a mismatch between the country codes between the Altitude 300 wireless port and the code
programmed on the Summit 300, the Altitude 300 wireless port is not allowed to come up.

ExtremeWare 7.3e Command Reference Guide 1017

Wireless Commands

Example
The following example configures the switch level property for Spain:

configure wireless country-code Spain

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1018 ExtremeWare 7.3e Command Reference Guide

 configure wireless default-gateway

configure wireless default-gateway

configure wireless default-gateway <ip_address>

Description
Configures the default gateway IP address.

Syntax Description

ip_address Indicates the IP address of the default gateway. By default, this is the same IP
address as the management VLAN.

Default
0.0.0.0.

Usage Guidelines
The wireless default gateway IP address is usually set to the wireless management VLAN address. This
address is used by all wireless client traffic whose destination is upstream switches.

Example
The following example configures the switch level property for the default gateway:

configure wireless default-gateway 192.168.1.1

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1019

Wireless Commands

configure wireless management-vlan

configure wireless management-vlan <vlan name>

Description
Identifies the VLAN on which the Altitude 300 wireless port communicates with the Summit 300
switch.

Syntax Description

vlan name The name of the VLAN with which the Altitude 300 wireless port
communicates with the Summit 300 switch.

Default
Default VLAN

Usage Guidelines
Identifying the VLAN on which the Altitude 300 wireless port communicates with the switch is
required before wireless features can work. This VLAN can be the default VLAN and it can either have
a public or private IP address. This VLAN is an untagged VLAN on which all the Altitude 300 devices
are connected.

Example
The following example configures the switch level property for the default gateway:

configure wireless management-vlan Default

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1020 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports antenna-location

configure wireless ports antenna-location

configure wireless ports [<portlist> | all] antenna-location <indoor |
outdoor>

Description
Sets the Altitude 300-2d detachable antenna for indoor or outdoor use.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
indoor Specifies that the antenna is for indoor use.
outdoor Specifies that the antenna is for outdoor use.

Default
Indoor

Usage Guidelines
The detachable Altitude 300-2d antenna is compatible with the Summit 300 switches. Use this command
to configure the antenna type as indoor or outdoor and to comply with regulatory requirements.

Example
The following example configures all ports on the Altitude 300 for indoor use.

configure wireless ports all antenna-location indoor

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1021

Wireless Commands

configure wireless ports detected-station-timeout

configure wireless ports [<portlist> | all] detected-station-timeout
<seconds>

Description
Sets the client current state age time-out value.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
seconds Specifies the amount of time in seconds when the client current state table
times out. Valid values are between 60 to 3600.

Default
600 seconds

Usage Guidelines
Client aging allows you to configure an aging timer for wireless stations. When a specified period of
time elapses with no data traffic from the client to the Altitude 300, the client is de-authenticated and
removed from all client station tables for that interface. After a client is aged out, it can reassociate and
re-authenticate to the Altitude 300. Age-out information can be collected from such events as client
station failures, station idle-timeouts, or a client abruptly leaving the wireless network without notifying
the associated Altitude 300. The timeout value is configured for each port and affects both interfaces 1
and 2.

Example
The following command configures ports 13-24 to time-out the client current state table at 120 seconds.

configure wireless ports 13-24 detected-station-timeout 120

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1022 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports force-disassociation

configure wireless ports force-disassociation

configure wireless ports <portlist> force-disassociation [all-clients
[every <hour <0-23>> <minute <0-59>> | time <month <1-12>> <day> <year
<yyyy>> <hour <0-23>> <minute <0-59>>] | cancel-scheduler | <mac-address>]

Description
Configures the client force-disassociation capability.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all-clients Specifies all clients associated with the port list.
every Specifies a repeating disassociation.
time Specifies a single disassociation at a specific time and date. If you do not
specify the every or time parameters, the user immediately disassociates.
cancel-scheduler Specifies to disable forced disassociation.
mac-address Specifies the MAC address of the client network interface card.

Default
No schedule.

Usage Guidelines
Force disassociation permits client user disassociation based on a recurring schedule, a date and time, or
a particular MAC address. You can also disassociate a user immediately. You can specify access based
on a preferred time periods, such as during off-hours, weekends, and holidays. You can also set up a
user policy on a RADIUS server to allow user authentication based on time of day.

Example
The following command configures ports 1:18 to force disassociate all clients every day at noon:.

configure wireless ports 1:18 force-disassociation all-clients every 12 0

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1023

Wireless Commands

configure wireless ports health-check

configure wireless ports [<portlist> | all] health-check [on | off]

Description
Configures whether the health check reset function is on or off for the specified port or ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5,
all Specifies all ports.
on Indicates that the health check reset function is on. The port should be reset if
the health check timer expires.
off Indicates that the health check reset function is off. The port is not reset if the
health check timer expires.

Default
On

Usage Guidelines
This command determines whether the port is reset if the health check timer expires.

Example
The following command configures port 1:18 on the Summit 300-48 to use the health check facility:

configure wireless ports 1:18 health-check on

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1024 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface ap-scan added-trap

configure wireless ports interface ap-scan added-trap

configure wireless ports [<portlist> | all] interface [1 | 2] ap-scan
added-trap [on | off]

Description
Use this command to have the access point (AP) scan to send an SNMP trap when new stations are
added to the results table.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
on Specifies that the AP scan should send an SNMP trap when new stations are
added to the results table.
off Specifies that the AP scan should not send an SNMP trap when new stations
are added to the results table.

Default
Off.

Usage Guidelines
Use this command when an SNMP-based remote management application is used to monitor the
network.

Example
The following command configures port 18 on the Summit 300-24 to have the AP scan to send an
SNMP trap when new stations are added to the results table:

configure wireless ports 18 interface 2 ap-scan added-trap on

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1025

Wireless Commands

configure wireless ports interface ap-scan off-channel

configure wireless ports [<portlist> | all] interface [1 | 2] ap-scan
off-channel <add | del> {current-channel | channel-number | all-channels |
every-channel}

Description
Adds or removes specific channels for the off-channel access point (AP) scan.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
add Specifies to add the specific channel.
del Specifies to delete the specific channel.
current-channel Specifies to perform the scan on the current channel only.
channel-number Specifies to perform the scan on the channel indicated.
all-channels Specifies to perform the scan on all channels in a given country code.
every-channel Specifies to perform the scan on all channels regardless of the country code.
No beacons are sent on out-of-country-code channels.

Default
All channels.

Usage Guidelines
Use this command when the AP scan must be started on a particular interface.

Example
The following command causes scans on the current channel for wireless port 1:5 using interface 2:

configure wireless ports 1:5 interface 2 add current channel

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1026 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface ap-scan off-channel continuous

configure wireless ports interface ap-scan off-channel

continuous
configure wireless ports [all | <portlist>] interface [1 | 2] ap-scan
off-channel continuous [on | off]

Description
Turns continuous off-channel scan on or off.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
on Specifies to turn the continuous off-channel scan on.
off Specifies to turn the continuous off-channel scan off.

Default
Scan on.

Usage Guidelines
Use this command to toggle continuous off-channel on a particular interface either on or off.

Example
The following command turns off the off-channel scan for wireless port 1:5 using interface 2:

configure wireless ports 1:5 interface 2 ap-scan off-channel continuous off

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1027

Wireless Commands

configure wireless ports interface ap-scan off-channel

max-wait
configure wireless ports [<portlist> | all] interface [1 | 2] ap-scan
off-channel max-wait <num>

Description
Use this command to set the maximum time an off-channel scan waits at a particular channel.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
num Specifies the wait time in milliseconds. Valid entries are between 10 and
10000 milliseconds.

Default
600 ms.

Usage Guidelines
Use this command to specify the time that the access point (AP) should wait on a particular channel.

Example
The following command sets the wait time at 5 milliseconds:

configure wireless ports 1:5 interface 2 ap-scan off-channel max-wait 5

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1028 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface ap-scan off-channel min-wait

configure wireless ports interface ap-scan off-channel

min-wait
configure wireless ports [<portlist> | all] interface [1 | 2] ap-scan
off-channel min-wait <num>

Description
Use this command to set the minimum time an off-channel scan waits at a particular channel.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5,
all Specifies all ports.
interface Specifies an interface: 1 or 2.
num Specifies the minimum wait time in milliseconds. Valid entries are between 10
and 10000 milliseconds.

Default
60 ms.

Usage Guidelines
Use this command to specify the minimum time that the access point (AP) should scan a particular
channel.

Example
The following command sets the wait time at 5 milliseconds:

configure wireless ports 1:5 interface 2 ap-scan off-channel min-wait 5

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1029

Wireless Commands

configure wireless ports interface ap-scan probe-interval

configure wireless ports [<portlist> | all] interface [1 | 2] ap-scan
probe-interval <msec>

Description
Use this command to configure the interval between probe request packets for active off-channel
scanning.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
msec Specifies the time between probe request packets in milliseconds. Valid
entries are between 50 and 3600000 milliseconds.

Default
100 ms.

Usage Guidelines
Use this command to send probe requests at particular intervals on a selected channel during an access
point (AP) scan.

Example
The following example configures the interval between probe request packets to be 10 ms for port 1:9
on interface 2:

configure wireless ports 1:9 interface 2 ap-scan probe-interval 10

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1030 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface ap-scan removed-trap

configure wireless ports interface ap-scan removed-trap

configure wireless ports [<portlist> | all] interface [1 | 2] ap-scan
removed-trap [on | off]

Description
Use this command to have the access point (AP) scan to send an SNMP trap when new stations are
removed from the results table.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5
all Specifies all ports.
interface Specifies an interface: 1 or 2.
on Specifies that the AP scan should send an SNMP trap when new stations are
removed from the results table.
off Specifies that the AP scan should not send an SNMP trap when new stations
are removed from the results table.

Default
Off.

Usage Guidelines
Use this command to see a trap when stations are removed from the results table.

Example
The following command configures port 18 on the Summit 300-24 to have the AP scan to send an
SNMP trap when new stations are removed from the results table:

configure wireless ports 18 interface 2 ap-scan removed-trap on

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1031

Wireless Commands

configure wireless ports interface ap-scan results size

configure wireless ports [<portlist> | all] interface [1 | 2] ap-scan
results size <num>

Description
Sets the number of elements that the wireless interface stores.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
num Specifies the number of elements that the wireless interface stores. Valid
numbers are between 1 and 128.

Default
128.

Usage Guidelines
Use this command to specify the size of the results table.

Example
The following command configures port 1:7 and interface 1 to store 100 elements:

configure wireless ports 1:7 interface 1 ap-scan results size 100

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1032 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface ap-scan results timeout

configure wireless ports interface ap-scan results timeout

configure wireless ports [<portlist> | all] interface [1 | 2] ap-scan
results timeout <time>

Description
This command sets the timeout threshold that sets when entries are aged out from the table.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
time Specifies the time in seconds before an entry is aged out of the results table.
Valid numbers are between 0 and n (any number).

Default
300 seconds.

Usage Guidelines
Use this command to specify the age-out time for the clients in the results table.

Example
The following command configures port 1:7 and interface 1 to have a timeout threshold of 5 seconds:

configure wireless ports 1:7 interface 1 ap-scan results timeout 5

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1033

Wireless Commands

configure wireless ports interface ap-scan send-probe

configure wireless ports [<portlist> | all] interface [1 | 2] ap-scan
send-probe <on |off>

Description
Use this command to enable the sending of probes for active scanning.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
on Specifies to send probes (active scanning).
off Specifies not to send probes (passive scanning).

Default
Off.

Usage Guidelines
Use this command to enable the sending of probes. Setting send-probe to on specifies active scanning.
Setting send-probe to off specifies passive scanning.

Example
The following example enables the port range 1:15-1:24 using interface 1 to enable probes.

configure wireless ports 1:15-1:24 interface 1 ap-scan send-probe on

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1034 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface ap-scan updated-trap

configure wireless ports interface ap-scan updated-trap

configure wireless ports [<portlist> | all] interface [1 | 2] ap-scan
updated-trap <on |off>

Description
Use this command to configure the access point (AP) scan to send an SNMP trap when information
about an AP has changed.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
on Specifies to send an SNMP trap when an AP has changed.
off Specifies not to send an SNMP trap when an AP has changed.

Default
Off.

Usage Guidelines
None.

Example
The following example enables the port 20 on a Summit 300-24 using interface 1 to send an SNMP trap
when an AP has changed.

configure wireless ports 20 interface 1 ap-scan updated-trap on

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1035

Wireless Commands

configure wireless ports interface channel

configure wireless ports <portlist> interface [1 | 2] channel {0 |
<channel>}

Description
Configures a channel for the specified interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
interface Specifies an interface: 1 or 2.
0 Specifies that channels will be automatically selected. Enter ‘0’ (zero) to
specify auto selection.
channel Specifies a particular channel. (See Table 22 for valid values.)

Default
Auto for both interfaces

Usage Guidelines
Each wireless port on the Summit 300 contains two interfaces. Interface 1 supports 802.11a, and interface
2 supports 802.11b/g radio signals. The configure wireless port interface channel command
allows you to configure one of the two individual interfaces (1|2) on a port or ports. You can move an
interface from one profile to another without having to shut it down.
Valid channel values are shown in Table 22.

Table 22: Valid wireless interface channel values

WLAN Standard Valid Channels

802.11a 0 (auto), 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157,
161, 165, 169, (34, 38, 42, 46 for Japan)
802.11b and 802.11g 0 (auto), 1-14 (Must be valid entry for the country code
range; e.g., valid range for USA is 1-11.)

Example
The following command configures a channel for interface 2 on port 5 on a Summit 300-24:

configure wireless port 5 interface 2 channel auto

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

1036 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface channel

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1037

Wireless Commands

configure wireless ports interface client-history size

configure wireless ports [<portlist> | all] interface [1 | 2]
client-history size <integer>

Description
Use this command to configure the client history size.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
integer Specifies the size of the client-history table in terms of the number of entries.
Valid values are between 1 and 128 entries.

Default
128.

Usage Guidelines
Use this command to specify the maximum number of entries that the client-history table can store.

Example
The following example sets the client-history table for ports 1:1-1:20 and interface 2 to 100 entries:
configure wireless ports 1:1-1:30 interface 2 client-history size 100

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1038 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface client-history timeout

configure wireless ports interface client-history timeout

configure wireless ports [<portlist> | all] interface [1 | 2]
client-history timeout <number>

Description
Use this command to configure the client history timeout interval.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
number Specifies the timeout interval of the client-history table in seconds. Valid
numbers are between 0 and n (any number).

Default
600 seconds.

Usage Guidelines
Use this command to specify the timeout interval for the clients in the client history table.

Example
The following example sets the timeout interval for the client-history table for ports 1:1-1:20 and
interface 2 to 100 seconds.

configure wireless ports 1:1-1:20 interface 2 client-history timeout 100

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1039

Wireless Commands

configure wireless ports interface client-scan added-trap

configure wireless ports [<portlist> | all] interface [1 | 2] client-scan
added-trap [on |off]

Description
Enables or disables traps from the client-scan feature when a new client is detected.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
on Enables traps when a new client is detected.
off Disables traps when a new client is detected.

Default
Off.

Usage Guidelines
Enabling traps can saturate management stations if an area is heavily populated.

Example
The following command enables traps for port 1:5 and interface 2:

configure wireless port 1:5 interface 2 client-scan added-trap on

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1040 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface client-scan removed-trap

configure wireless ports interface client-scan

removed-trap
configure wireless ports [<portlist> | all] interface [1 | 2] client-scan
removed-trap [on |off]

Description
Enables or disables traps from the client-scan feature when a new client has aged-out of the table.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
on Enables traps when a client has aged out of the table.
off Disables traps when a client has aged out of the table.

Default
Off.

Usage Guidelines
Enabling traps can saturate management stations if an area is heavily populated.

Example
The following command disables traps for port 1:9 and interface 1:

configure wireless port 1:9 interface 1 client-scan removed-trap off

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1041

Wireless Commands

configure wireless ports interface client-scan results size

configure wireless ports [<portlist> | all] interface [1 | 2] client-scan
results size <value>

Description
Configures the maximum number of entries in the client scan information table.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
value Specifies the maximum number of entries in the client scan information table.
The default value is 128. (Range is unlimited.)

Default
128.

Usage Guidelines
Use this command to specify the maximum number of entries that the client-history table can store.

Example
The following command configures the maximum number of entries in the client scan table as 1000 for
port 1:5 and interface 2:

configure wireless port 1:5 interface 2 client-scan results size 1000

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1042 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface client-scan results timeout

configure wireless ports interface client-scan results

timeout
configure wireless ports <portlist> interface [1 | 2] client-scan results
timeout <number>

Description
Configures the timeout period for entries in the client scan information table.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
interface Specifies an interface: 1 or 2.
number Specifies the timeout in seconds for the client scan information table. Valid
numbers are between 0 and n (any number).

Default
600 seconds.

Usage Guidelines
Use this command to specify the age-out time for the clients in the client-scan results table.

Example
The following command sets the timeout period to 150 seconds for entries in the client scan information
table:

configure wireless ports 1:5-1:20 interface 2 client-scan results timeout 150

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

ExtremeWare 7.3e Command Reference Guide 1043

Wireless Commands

configure wireless ports interface max-clients

configure wireless ports [<portlist> | all] interface [1 | 2] max-clients
<value>

Description
Sets the maximum number of clients that can connect simultaneously to a wireless interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.
value Specifies the maximum number of clients that are allowed to connect
simultaneously. Valid values are from 0 to 128. The default value is 100.

Default
100.

Usage Guidelines
Use this command to limit the number of clients that can connect on any interface: 1 or 2.

Example
The following example sets the maximum client level to 72 for port 15 and interface 1:

configure wireless ports 15 interface 1 max-clients 72

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1044 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface power-level

configure wireless ports interface power-level

configure wireless ports <portlist> interface [1 | 2] power-level <level>

Description
Configures the power-level for the specified interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
interface Specifies an interface: 1 or 2.
level Specifies the power level for the interface. Valid values are:
• Full
• Half
• Quarter
• One-eighth
• Min (minimum)

Default
Full

Usage Guidelines
Each wireless port on the Summit 300 contains two interfaces. Interface 1 supports 802.11a, and interface
2 supports 802.11b/g radio signals. The configure wireless port interface power-level
command allows you to configure one of the two individual interfaces (1|2) on a port or ports. If there
is radio interference from other devices, then you can adjust the power level to an appropriate level
below full power.

Example
The following command configures the power level to half-power for interface 1 on ports 5 to 16 on a
Summit 300-24:

configure wireless port 5-16 interface 1 power-level half

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1045

Wireless Commands

configure wireless ports interface rf-profile

configure wireless ports <portlist> interface [1 | 2] rf-profile <name>

Description
Attaches a port or ports and interface to an RF profile.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
interface Specifies an interface: 1 or 2.
name Specifies the name of the profile.

Default
A for interface 1.
B_G for interface 2.

Usage Guidelines
Each wireless port on the Summit 300 contains two interfaces. Interface 1 supports 802.11a, and interface
2 supports 802.11b/g radio signals. The configure wireless port interface command allows you
to configure one of the two individual interfaces (1|2) on a port or ports.
All ports in the port list must have the same wireless port version.

Example
The following command attaches the RF profile radio1 to interface 1 on port 1:7 on a Summit 300-48:
configure wireless port 1:7 interface 1 security-profile radio1

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1046 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface security-profile

configure wireless ports interface security-profile

configure wireless ports <portlist> interface [1 | 2] security-profile
<name>

Description
Attaches a port or ports and interface to a security profile.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
interface Specifies an interface: 1 or 2.
name Specifies the name of the profile.

Default
Unsecure.

Usage Guidelines
Each wireless port on the Summit 300 contains two interfaces. Interface 1 supports 802.11a, and interface
2 supports 802.11b/g radio signals. The configure wireless port interface command allows you
to configure one of the two individual interfaces (1|2) on a port or ports..
All ports in the port list must have the same wireless port version.

Example
The following command attaches the security profile secure-wep to interface 1 on port 1:7 on a Summit
300-48:
configure wireless port 1:7 interface 1 security-profile secure-wep

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1047

Wireless Commands

configure wireless ports interface transmit-rate

configure wireless ports <portlist> interface [1 | 2] transmit-rate <rate>

Description
Configures a transmission rate for the specified port.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
interface Specifies an interface: 1 or 2.
rate Specifies the transmission rate for the port. Entering auto specifies automatic
transmission rate selection. Valid values are shown in Table 23.

Default
54 Mbps

Usage Guidelines
Each wireless port on the Summit 300 contains two interfaces. Interface 1 supports 802.11a, and interface
2 supports 802.11b/g radio signals. The configure wireless port interface transmit-level
command allows you to configure the transmission rate for one of the two individual interfaces (1|2) on
a port or ports.
Valid transmission rate values are shown in Table 23.

Table 23: Valid transmission rate values

Mode Valid Transmission Rate

A 6, 9, 12, 18, 24, 36, 48, 54, auto
B 1, 2, 5.5, 11, auto
G 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, 54, auto

Example
The following command configures the port 14 on a Summit 300-24 to transmit at 54 Mbps for both
interface 1 and 2 (A and G):

configure wireless port 14 interface 1 transmit-rate 54Mbps

configure wireless port 14 interface 2 transmit-rate 54Mbps

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1048 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports interface wireless-bridging

configure wireless ports interface wireless-bridging

configure wireless ports <portlist> interface [1 | 2] wireless-bridging [on
| off]

Description
Enables or disables the interface as a bridge for wireless clients.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
interface Specifies an interface: 1 or 2.
on Specifies that the indicated interface is enabled. When enabled, wireless
clients on the same interface are able to communicate.
off Specifies that the indicated interface is disabled. When disabled, wireless
clients on the same interface cannot communicate.

Default
On (enabled)

Usage Guidelines
Wireless bridging on an Summit 300 switches allow wireless users within the same VLAN to
communicate with other wireless users on the same switch using layer 2 bridging. Wireless bridging can
be enabled or disabled for each interface of the wireless port, and the setting is locally significant on
each Altitude 300 wireless port. This setting does not prevent bridging between wired and wireless
MAC addresses in the same VLAN or between remote wireless stations associated with a remote
Altitude 300 wireless port.

Example
The following command disables bridging interface 2 on port 1:15 on a Summit 300-48:
configure wireless port 1:15 interface 2 wireless-bridging off

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1049

Wireless Commands

configure wireless ports ipaddress

configure wireless ports <portlist> ipaddress <address>

Description
Configures the source IP address for the specified port or ports.

Syntax Description

portlist Specifies the port for which the IP address is being set
address Indicates the source IP address. The IP address must be an IP address on
the management VLAN.

Default
The default address is 0.0.0.0.

Usage Guidelines
The source IP address can be public or private IP addresses in class A through class C.

Example
The following command configures the default IP address for port 1:18 on the Summit 300-48:

configure wireless ports 1:18 192.168.0.100.18

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1050 ExtremeWare 7.3e Command Reference Guide

 configure wireless ports location

configure wireless ports location

configure wireless ports <portlist> location <location name>

Description
Configures the physical location of the access point (AP) for the specified port or ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
location name Identifies the location to be configured.

Default
Unknown Location

Usage Guidelines
Use this command to indicate the physical location of the access point (AP) for the specified port or
ports. For example, you could designate a physical location as follows: bldg 1, pole 14, cube 7.
Funk Radius can use this attribute for authentication.

Example
The following command configures the location, cube_a7, on port 18 on the Summit 300-24:

configure wireless ports 18 location cube_a7

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1051

Wireless Commands

create rf-profile copy

create rf-profile <profile_name> copy <name>

Description
Creates a new RF profile by copying an existing RF profile and assigning a new name.

Syntax Description

profile_name Specifies the name of the new RF profile.

name Specifies the names of the RF profile to be copied.

Default
N/A.

Usage Guidelines
Use this command to create a new profile identified by the string name. The copy argument specifies
the name of an existing profile from which to obtain the initial values.

Example
The following command creates a new RF profile called rfprof_alpha from an existing profile called
wireless_prof:

create rf-profile rfprof_alpha copy wireless_prof

The following command can be used to validate that you created the new RF profile as entered:

show rf-profile rfprof_alpha

or

show rf-profile

The latter command shows all RF profiles.

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1052 ExtremeWare 7.3e Command Reference Guide

 create rf-profile mode

create rf-profile mode

create rf-profile <profile_name> mode [ A | B | B_G | G ]

Description
Creates a new RF profile by defining the interface mode,.

Syntax Description

profile_name Specifies the name of the new RF profile.

A Specifies the 802.11a interface mode.
B Specifies the 802.11b interface mode.
B_G Specifies the 802.11b or 802.11g interface modes.
G Specifies the 802.11g interface mode.

Default
N/A.

Usage Guidelines
Use this command to create a new profile without copying from an existing profile.

Example
The following command creates a new RF profile called rfprof_alpha using interface mode G:

create rf-profile rfprof_alpha mode g

The following command can be used to validate that you created the new RF profile as entered:

show rf-profile rfprof_alpha

or

show rf-profile

The latter command shows all RF profiles.

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1053

Wireless Commands

delete rf-profile
delete rf-profile <name>

Description
Deletes the named RF profile.

Syntax Description

name Specifies the name of an existing RF profile to be deleted.

Default
N/A

Usage Guidelines
Use this command to delete the named RF profile. The named profile cannot be attached to any active
ports before deletion.

Example
The following example deletes the RF profile named rfprof_alpha:

delete rf-profile rfprof_alpha

The following command can be used to validate that you deleted the RF profile as entered:

show rf-profile rfprof_alpha

or

show rf-profile

The latter command shows all RF profiles.

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1054 ExtremeWare 7.3e Command Reference Guide

 disable wireless ports

disable wireless ports

disable wireless ports <portlist>

Description
Administratively disables a wireless port for use.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.

Default
N/A

Usage Guidelines
Use this command to disable one or more wireless ports.

Example
The following command disables port 1:17:

disable wireless ports 1:17

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1055

Wireless Commands

disable wireless ports cancel-scheduler

disable wireless ports <portlist> cancel-scheduler

Description
Cancels previously scheduled enable or disable scheduling commands for the port.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.

Default
N/A

Usage Guidelines
Use this command with the force disassociation scheduler to cancel a force disassociation schedule.

Example
The following command cancels all scheduled enable or disable commands:

disable wireless ports all cancel-scheduler

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1056 ExtremeWare 7.3e Command Reference Guide

 disable wireless ports every

disable wireless ports every

disable wireless ports <portlist> every <hour>

Description
Disables the specified port or ports every day at the specified hour.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
hour Specifies the hour in military format (0-23).

Default
N/A.

Usage Guidelines
Use this command to configure the disabling of wireless ports according to a daily schedule. The
selected port or ports will be disabled each day on the specified hour.

Example
The following command disables port 1:17 every day at 7 a.m.:

disable wireless ports every 1:17 7

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1057

Wireless Commands

disable wireless ports interface

disable wireless ports <portlist> interface [1 | 2]

Description
Disables the specified port interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.

Default
N/A

Usage Guidelines
Use this command to disable one of the interfaces. If both interfaces are disabled, it’s the same as using
the command: disable wireless ports x:x.

Example
The following command disables port 1:35 and interface 1:

disable wireless ports 1:35 interface 1

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1058 ExtremeWare 7.3e Command Reference Guide

 disable wireless ports interface ap-scan

disable wireless ports interface ap-scan

disable wireless ports <portlist> interface [1 |2] ap-scan

Description
Stops an on-channel wireless port scan for the indicated port or ports and interface for the Altitude 300.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
interface Specifies an interface: 1 or 2.

Default
N/A

Usage Guidelines
When the scan feature is disabled, entries slowly age out of the scan results table until it is empty. If the
scan is restarted, the table values from the previous scan will be kept.

Example
The following command disables interface 2 on ports 1:18 to 1:28 on a Summit 300-48:

disable wireless ports 1:18-1:28 interface 2 ap-scan

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1059

Wireless Commands

disable wireless ports interface ap-scan off-channel

disable wireless ports <portlist> interface [1 | 2] ap-scan off-channel [at
| every] <time>

Description
Stops the access point (AP) scan on the indicated interface at the specified time.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
interface Specifies an interface: 1 or 2.
at Specifies a once-only start time for a scan.
every Specifies to start the scan every day at the specified time.
time Specifies the hour in the format (0-23)

Default
N/A

Usage Guidelines
Use this command to stop the off-channel AP scan.

Example
The following command disables port 23 using interface 1 on the Summit 300-24:

disable wireless ports 23 interface 1 ap-scan off-channel at 18

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1060 ExtremeWare 7.3e Command Reference Guide

 disable wireless ports interface client-history

disable wireless ports interface client-history

disable wireless ports [portlist | all] interface [1 | 2] client-history

Description
Disables logging of client historical information.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
interface Specifies an interface: 1 or 2.

Default
Disable.

Usage Guidelines
Use this command to disable logging of client-history information on the specified wireless interface.

Example
The following example sets port 1:23 and interface 1 to disable logging of historical information:

disable wireless ports 1:23 interface 1 client-history

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1061

Wireless Commands

disable wireless ports interface client-scan

disable wireless ports <portlist> interface [1 | 2] client-scan

Description
Disables the client scan feature on the specified wireless interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.

Default
N/A

Usage Guidelines
Use this command to disable the client scan feature on the specified wireless interface. Disabling the
feature can improve performance if the network is heavily populated and beginning to show
degradation.

Example
The following command disables port 1:31 and interface 2:

disable wireless ports 1:31 interface 2 client-scan

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1062 ExtremeWare 7.3e Command Reference Guide

 disable wireless ports interface iapp

disable wireless ports interface iapp

disable wireless ports [<portlist> | all] interface [1 | 2] iapp

Description
Disables Inter-Access Point Protocol (IAPP) on a per interface basis.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all ports.
interface Specifies an interface: 1 or 2.

Default
Enabled.

Usage Guidelines
Use this command to disable IAPP for the selected ports and interface. IAPP uses layer 2 updates to
allow connected layer 2 devices to update forwarding tables with the address of the client. The access
point (AP) sends the updates on behalf of the clients by inserting the MAC address of the mobile station
in the source address. The switch looks up the UDP request packet on the local subnet that contains the
AP’s MAC address which contains the needed IP address. All APs on the subnet receive this message.
The AP with the matching MAC address sends a unicast response packet with its IP address.

Example
The following example disables port 1:15 and interface 1 for IAPP:
disable wireless ports 1:15 interface 1 iapp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1063

Wireless Commands

disable wireless ports interface svp

disable wireless ports [<portlist> | all] interface [1 | 2] svp

Description
Disables the QoS protocol, SpectraLink Voice Protocol (SVP), for VoIP on the specified port and
interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5
all Specifies all ports.
interface Specifies an interface: 1 or 2.

Default
Disabled

Usage Guidelines
Use this command to disable the QoS protocol for VoIP. By enabling QoS for VoIP, you give voice traffic
a higher priority than data traffic. VoIP traffic has less tolerance for error recovery than data. Although
voice traffic can tolerate some degree of error recovery, it can be noticeable to users. This command
allows you to enable QoS for VoIP on the port and interface level.

Example
The following example, disables SVP on port 17 and interface 1:

disable wireless ports 17 interface 1 svp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1064 ExtremeWare 7.3e Command Reference Guide

 disable wireless ports time

disable wireless ports time

disable wireless ports <portlist> time <date> <hour>

Description
Disables the specified ports at the given date and hour.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
date Specifies the date in the format (m/d/yyyy).
hour Specifies the hour in the format (0-23)

Default
N/A

Usage Guidelines
Use this command to disable one or more wireless ports at a specified time.

Example
The following command disables port 1:18 on June 29, 2005 at 3 p.m.:

disable wireless ports 1:18 time 6/29/2005 15

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1065

Wireless Commands

enable wireless ports

enable wireless ports <portlist>

Description
Administratively enables a wireless port for use.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-.

Default
N/A

Usage Guidelines
Use this command to enable wireless ports.

Example
The following command enables port 1:17:

enable wireless ports 1:17

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1066 ExtremeWare 7.3e Command Reference Guide

 enable wireless ports cancel-scheduler

enable wireless ports cancel-scheduler

enable wireless ports <portlist> cancel-scheduler

Description
This command cancels the scheduler on all ports or on a particular port.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.

Default
N/A

Usage Guidelines
Use this command to cancel the scheduler.

Example
The following command cancels all scheduled enable or disable commands:

enable wireless ports all cancel-scheduler

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1067

Wireless Commands

enable wireless ports every

enable wireless ports <portlist> every <hour>

Description
Enables the specified port or ports every day at the specified hour.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
hour Specifies the hour in military format (0-23).

Default
N/A

Usage Guidelines
Use this command to automatically enable wireless ports according to a daily schedule. The selected
port or ports will be enabled each day on the specified hour.

Example
The following command enables port 1:17 every day at 7 a.m.:

enable wireless ports every 1:17 7

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1068 ExtremeWare 7.3e Command Reference Guide

 enable wireless ports interface

enable wireless ports interface

enable wireless ports <portlist> interface [1 | 2]

Description
Enables the specified port interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
interface Specifies an interface: 1 or 2.

Default
N/A

Usage Guidelines
Use this command for per interface enabling.

Example
The following command enables port 1:35 and interface 1:

enable wireless ports 1:35 interface 1

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1069

Wireless Commands

enable wireless ports interface ap-scan

enable wireless ports <portlist> interface [1 |2] ap-scan

Description
Starts a wireless port on-channel scan for the indicated port or ports and interface for the Altitude 300.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
interface Specifies an interface: 1 or 2.

Default
N/A.

Usage Guidelines
Use this command to start the wireless port on-channel scan on the indicated port and interface for the
Altitude 300. The Altitude 300 continues to carry user traffic during scans operating on the current
channel (“on-channel” scans).

Example
The following command enables interface 2 on ports 1:18 to 1:28 on a Summit 300-48:

enable wireless ports 1:18-1:28 interface 2 ap-scan

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1070 ExtremeWare 7.3e Command Reference Guide

 enable wireless ports interface ap-scan off-channel

enable wireless ports interface ap-scan off-channel

enable wireless ports <portlist> interface [1 | 2] ap-scan off-channel [at
| every] <time>

Description
Starts the access point (AP) scan on the indicated interface at the specified time.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
interface Specifies an interface: 1 or 2.
at Specifies a once-only start time for a scan.
every Specifies to start the scan every day at the specified time.
time Specifies the hour in the format (0-23)

Default
N/A.

Usage Guidelines
Use this command to schedule the off-channel AP scan. During an “off-channel” scan, the Altitude 300
is not available for user traffic.

Example
The following command enables port 23 using interface 1 on the Summit 300-24:

enable wireless ports 23 interface 1 ap-scan off-channel at 18

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1071

Wireless Commands

enable wireless ports interface client-history

enable wireless ports [<portlist> | all] interface [1 | 2] client-history

Description
Sets the Altitude 300 to log client historical information.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.

Default
Disable.

Usage Guidelines
Use this command to get the detail status about each associated client.

Example
The following example sets port 1:23 and interface 1 to keep historical information:

enable wireless ports 1:23 interface 1 client-history

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1072 ExtremeWare 7.3e Command Reference Guide

 enable wireless ports interface client-scan

enable wireless ports interface client-scan

enable wireless ports [<portlist> | all] interface [1 | 2] client-scan

Description
Enables the client scan feature on the specified wireless interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all ports.
interface Specifies an interface: 1 or 2.

Default
N/A

Usage Guidelines
Use this command to enable the client scan feature on the specified wireless interface.

Example
The following command enables port 1:31 and interface 2:

enable wireless ports 1:31 interface 2 client-scan

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1073

Wireless Commands

enable wireless ports interface iapp

enable wireless ports [<portlist> | all] interface [1 | 2] iapp

Description
Enables Inter-Access Point Protocol (IAPP) on a per interface basis.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all ports.
interface Specifies an interface: 1 or 2.

Default
Enabled.

Usage Guidelines
Use this command to enable IAPP for the selected ports and interface. IAPP uses layer 2 updates to
allow connected layer 2 devices to update forwarding tables with the address of the client. The access
point (AP) sends the updates on behalf of the clients by inserting the MAC address of the mobile station
in the source address. The switch looks up the UDP request packet on the local subnet that contains the
AP’s MAC address which contains the needed IP address. All APs on the subnet receive this message.
The AP with the matching MAC address sends a unicast response packet with its IP address.

Example
The following example enables port 1:15 and interface 1 for IAPP:
enable wireless ports 1:15 interface 1 iapp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1074 ExtremeWare 7.3e Command Reference Guide

 enable wireless ports interface svp

enable wireless ports interface svp

enable wireless ports [<portlist> | all] interface [1 | 2] svp

Description
Enables the QoS protocol, SpectraLink Voice Protocol (SVP), for VoIP on the specified port and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all ports.
interface Specifies an interface: 1 or 2.

Default
Disabled.

Usage Guidelines
Use this command to implement the QoS protocol for VoIP. By enabling QoS for VoIP, you give voice
traffic a higher priority than data traffic. VoIP traffic has less tolerance for error recovery than data.
Although voice traffic can tolerate some degree of error recovery, it can be noticeable to users. This
command allows you to enable QoS for VoIP on the port and interface level.

Example
The following example, turns on SVP on port 17 and interface 1:

enable wireless ports 17 interface 1 svp

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1075

Wireless Commands

enable wireless ports time

enable wireless ports <portlist> time <date> <hour>

Description
Enables the specified ports at the given date and hour.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
date Specifies the date in the format (m/d/yyyy).
hour Specifies the hour in the format (0-23)

Default
N/A

Usage Guidelines
Use this command to enable selected wireless ports at a particular time.

Example
The following command enables port 1:18 on June 29, 2005 at 3 p.m.:

enable wireless ports 1:18 time 6/29/2005 15

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1076 ExtremeWare 7.3e Command Reference Guide

 reset wireless ports

reset wireless ports

reset wireless ports <portlist>

Description
Resets the wireless ports to their default values

Syntax Description
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-51:*, 1:5, 1:6-1:8.

Default
N/A

Usage Guidelines
Use this command to return a port the default values. Default values are:
• Health check—on
• IP address—192.168.0.100 + port number (1-24 for the Summit 300-24 and 1-48 for the Summit
300-48)
• Location—Unknown Location

Example
The following example resets all the wireless ports to the default values:

reset wireless ports

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1077

Wireless Commands

reset wireless ports interface

reset wireless ports <portlist> interface [1 | 2]

Description
Forces the wireless port interface to reset.

Syntax Description
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.
interface Specifies an interface: 1 or 2.

Default
N/A

Usage Guidelines
Use this command to return a port interface the default values. Default values are:
• Channel—auto
• Power level—full
• Transmit rate—54 Mbps

Example
The following example resets all of interface 1 ports to the default values:

reset wireless ports interface 1

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1078 ExtremeWare 7.3e Command Reference Guide

 show rf-profile

show rf-profile
show rf-profile {<profile_name>}

Description
Displays configuration attributes for a particular RF profile or all RF profiles.

Syntax Description
profile_name Specifies the name of the RF profile whose configuration is to be displayed. If
you do not enter an RF profile name, configuration attributes will be displayed
for all RF profiles.

Default
All.

Usage Guidelines
Use this command to display configuration attributes for a particular RF profile or all RF profiles. If you
do not enter an RF profile name, configuration attributes will be displayed for all RF profiles.

Example
The following command displays configuration information about the RF profile named rfprof_alpha:
show rf-profile rfprof_alpha

The output from this command is similar to:

Profile Name: rfprof_alpha
Mode: G
Beacon Interval: 1000
DTIM: 100
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Long
Short Retry: 4
Long Retry: 7
No interfaces bound to this RF profile

The following command displays configuration information about all RF profiles:

show rf-profile

The output from this command is similar to:

Profile Name: DEFAULT_A

Mode: A
Beacon Interval: 40
DTIM: 2
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Short

ExtremeWare 7.3e Command Reference Guide 1079

Wireless Commands

Short Retry: 4
Long Retry: 7
Interfaces: 64
1:1:1, 1:2:1, 1:3:1, 1:4:1, 1:5:1,
1:6:1, 1:7:1, 1:8:1, 1:9:1, 1:10:1,
1:11:1, 1:12:1, 1:13:1, 1:14:1, 1:15:1,
1:16:1, 1:17:1, 1:18:1, 1:19:1, 1:20:1,
1:21:1, 1:22:1, 1:23:1, 1:24:1, 1:25:1,
1:26:1, 1:27:1, 1:28:1, 1:29:1, 1:30:1,
1:31:1, 1:32:1, 2:1:1, 2:2:1, 2:3:1,
2:4:1, 2:5:1, 2:6:1, 2:7:1, 2:8:1,
2:9:1, 2:10:1, 2:11:1, 2:12:1, 2:13:1,
2:14:1, 2:15:1, 2:16:1, 2:17:1, 2:18:1,
2:19:1, 2:20:1, 2:21:1, 2:22:1, 2:23:1,
2:24:1, 2:25:1, 2:26:1, 2:27:1, 2:28:1,
2:29:1, 2:30:1, 2:31:1, 2:32:1

Profile Name: DEFAULT_BG

Mode: B_G
Beacon Interval: 40
DTIM: 2
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Long
Short Retry: 4
Long Retry: 7
Interfaces: 63
1:1:2, 1:2:2, 1:3:2, 1:4:2, 1:5:2,
1:6:2, 1:7:2, 1:8:2, 1:9:2, 1:10:2,
1:11:2, 1:12:2, 1:13:2, 1:14:2, 1:15:2,
1:16:2, 1:17:2, 1:18:2, 1:19:2, 1:20:2,
1:21:2, 1:22:2, 1:23:2, 1:24:2, 1:25:2,
1:26:2, 1:27:2, 1:28:2, 1:29:2, 1:30:2,
1:31:2, 1:32:2, 2:2:2, 2:3:2, 2:4:2,
2:5:2, 2:6:2, 2:7:2, 2:8:2, 2:9:2,
2:10:2, 2:11:2, 2:12:2, 2:13:2, 2:14:2,
2:15:2, 2:16:2, 2:17:2, 2:18:2, 2:19:2,
2:20:2, 2:21:2, 2:22:2, 2:23:2, 2:24:2,
2:25:2, 2:26:2, 2:27:2, 2:28:2, 2:29:2,
2:30:2, 2:31:2, 2:32:2

Profile Name: DEFAULT_B

Mode: B
Beacon Interval: 100
DTIM: 2
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Long
Short Retry: 4
Long Retry: 7
Interfaces: 1
2:1:2

1080 ExtremeWare 7.3e Command Reference Guide

 show rf-profile

Profile Name: DEFAULT_G

Mode: G
Beacon Interval: 40
DTIM: 2
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Short
Short Retry: 4
Long Retry: 7
No interfaces bound to this RF profile

Profile Name: MinSetting_A

Mode: A
Beacon Interval: 20
DTIM: 1
Fragmentation Length: 1020
RTS Threshold: 1024
Preamble: Short
Short Retry: 1
Long Retry: 1
No interfaces bound to this RF profile

Profile Name: MinSetting_B

Mode: B
Beacon Interval: 20
DTIM: 1
Fragmentation Length: 256
RTS Threshold: 0
Preamble: Long
Short Retry: 1
Long Retry: 1
No interfaces bound to this RF profile

Profile Name: MinSetting_G

Mode: G
Beacon Interval: 20
DTIM: 1
Fragmentation Length: 256
RTS Threshold: 0
Preamble: Long
Short Retry: 1
Long Retry: 1
No interfaces bound to this RF profile

Profile Name: MaxSetting_A

Mode: A
Beacon Interval: 1000
DTIM: 100
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Short
Short Retry: 255

ExtremeWare 7.3e Command Reference Guide 1081

Wireless Commands

Long Retry: 255

No interfaces bound to this RF profile

Profile Name: MaxSetting_B

Mode: B
Beacon Interval: 1000
DTIM: 100
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Long
Short Retry: 255
Long Retry: 255
No interfaces bound to this RF profile

Profile Name: MaxSetting_G

Mode: G
Beacon Interval: 1000
DTIM: 100
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Long
Short Retry: 255
Long Retry: 255
No interfaces bound to this RF profile

Profile Name: MaxSetting_BG

Mode: B_G
Beacon Interval: 1000
DTIM: 100
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Long
Short Retry: 255
Long Retry: 255
No interfaces bound to this RF profile

Profile Name: MaxBeacon_BG

Mode: B_G
Beacon Interval: 1000
DTIM: 100
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Long
Short Retry: 4
Long Retry: 7
No interfaces bound to this RF profile

Profile Name: MaxBeacon_B

Mode: B
Beacon Interval: 1000
DTIM: 100

1082 ExtremeWare 7.3e Command Reference Guide

 show rf-profile

Fragmentation Length: 2345

RTS Threshold: 2330
Preamble: Long
Short Retry: 4
Long Retry: 7
No interfaces bound to this RF profile

Profile Name: MaxBeacon_G

Mode: G
Beacon Interval: 1000
DTIM: 100
Fragmentation Length: 2345
RTS Threshold: 2330
Preamble: Long
Short Retry: 4
Long Retry: 7
No interfaces bound to this RF profile

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1083

Wireless Commands

show wireless ap-scan results

show wireless ap-scan results {detail}

Description
Displays a switch-wide, correlated view of the results of the access point (AP) scan.

Syntax Description
detail This optional keyword, provides more in-depth information.

Default
N/A

Usage Guidelines
Use this command to see the results of an AP scan. Use the optional keyword, detail, to see all of the
fields in Table 24.

Table 24: AP Scan Results (Alphabetized)

Data Value Description
APMAC MAC address of the discovered AP
Capability Capability field from a received information packet (in detail
output only)
Channel The channel on which this AP was discovered
ESS Name String ESS ID I.E.
Last Update Time value at which this entry was updated
Min/Max/Avg RSS Received Signal Strength statistics
Network Type Ad-hoc or BSSID network (in detail output only)
Number of beacons Count of beacon packets seen from this AP (in detail output only)
Number of probe resp Count of PROBE RESP packets sent from the AP (in detail
output only)
Supported Rate Set List of supported rates
WEP required/WEP authentication supported WEP information from beacon and probe packets
WPA WPA information, including authentication and supported
encryption algorithms

Example
The following command displays information about the AP scan.

show wireless ap-scan results

The output from the command is similar to:

AP Mac Address Intf ESS Name AvgRSS Type Chan WEP WPA Last

1084 ExtremeWare 7.3e Command Reference Guide

 show wireless ap-scan results

The output from the command is similar to:

AP Mac Address Intf ESS Name AvgRSS Type Chan WEP WPA Last
===================================================================================
00:04:96:05:80:B0 5:2 Extreme_g 2 bss 12 Y Y 01:36:17
00:04:96:05:80:F0 5:2 fz-dot1x-128 0 bss 1 Y Y 01:36:15
00:04:96:05:81:50 5:2 Extreme_g 8 bss 2 Y 01:36:18
00:04:96:05:82:00 5:2 DEFAULT_ESS 0 bss 11 N 01:36:18
00:04:96:05:82:80 5:2 Extreme_g 0 bss 1 Y Y 01:36:15
00:04:96:0C:00:00 5:2 wpadyn-g-tkip-ess 0 bss 11 Y Y 01:36:18
00:04:96:0C:04:30 5:2 fz-shared-wep-64 0 bss 7 Y 01:36:11
00:04:96:0C:05:50 5:2 Extreme_gax 0 bss 1 Y Y 01:36:18
00:04:96:0C:1E:F0 5:2 DEFAULT_ESS 3 bss 3 N 01:36:18
00:04:96:0C:23:60 5:2 DEFAULT_ESS 3 bss 11 N 01:36:18
00:04:96:0C:23:B0 5:2 TFZ 0 bss 7 Y 01:36:18
00:04:96:0C:30:A0 5:2 DEFAULT_ESS 0 bss 4 N 01:36:18
00:04:96:0C:31:30 5:2 DEFAULT_ESS 0 bss 10 N 01:36:16
00:04:96:0C:36:30 5:2 DEFAULT_ESS 1 bss 10 N 01:35:58
00:04:96:0C:3C:70 5:2 fz-open-wep-64 4 bss 7 Y 01:36:18
00:04:96:0C:5F:F0 5:2 DEFAULT_ESS 2 bss 11 N 01:36:18
00:04:96:0C:CA:C0 5:2 Extreme_gx 5 bss 11 Y Y 01:36:18
00:04:96:0C:D8:40 5:2 fz-wpa-dyn-aes 3 bss 11 Y Y 01:36:18
00:04:96:0C:DB:A0 5:2 Atheros 3 bss 12 Y Y 01:36:17
00:04:96:0D:9C:70 5:2 DEFAULT_ESS 0 bss 14 N 01:35:50
===================================================================================

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability

This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1085

Wireless Commands

show wireless ap-scan results mac_address

show wireless ap-scan results <mac_address>

Description
Displays information about the access point (AP) MAC-address that is entered.

Syntax Description

mac-address Specifies the MAC address of the client network interface card.

Default
N/A

Usage Guidelines
Use this command to review details about the specified AP..

Example
The following command displays information about the AP 00:04:96:0C:23:70:

show wireless ap-scan results 00:04:96:0C:23:70

The results of the command are similar to:

AP Mac Address Intf ESS Name AvgRSS Type Chan WEP WPA Last
================================================================================
00:04:96:0C:23:70 1:23:2 DEFAULT_ESS 27 bss 6 N02:18:51

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1086 ExtremeWare 7.3e Command Reference Guide

 show wireless client-scan results

show wireless client-scan results

show wireless client-scan results {detail}

Description
Displays information about client scan results.

Syntax Description
detail This optional keyword, provides more in-depth information.

Default
N/A

Usage Guidelines
Use this command to get information about client scan results. Use the detail option to get further
details of the client scan.

Examples
The following example displays information about the wireless configuration:

show wireless client-scan results

The output of the command is similar to:

Source : 00:04:23:90:03:91

Intf Probe ProbeResp FirstSeen LastChange

1:25:2 100337 0 21:46:47 23:41:43

LastRSS LastRate LastChan

12 0 6

Source : 00:05:4E:48:45:F8

Intf Probe ProbeResp FirstSeen LastChange

1:25:2 985 0 23:06:41 23:41:36
1:25:1 958 0 23:06:50 23:41:38

LastRSS LastRate LastChan

21 0 6
19 0 40

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

ExtremeWare 7.3e Command Reference Guide 1087

Wireless Commands

Platform Availability
This command is available on Summit 300 series only.

1088 ExtremeWare 7.3e Command Reference Guide

 show wireless client-scan results mac-address

show wireless client-scan results mac-address

show wireless client-scan results <mac-address> {detail}

Description
Displays information about a client by MAC address from the client scan results table.

Syntax Description
mac-address Specifies the MAC address of the client network interface card.
detail This optional keyword, provides more in-depth information.

Default
N/A

Usage Guidelines
Use this command to get information about a client from the client scan results table by using the MAC
address. Use the detail option to get further details.

Examples
The following example displays information about a client from the client scan results table:

Source Intf Probes ProbeResp LastRSS LastChan

================================================================================
00:04:23:90:03:91 1:25:2 100445 0 15 6

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1089

Wireless Commands

show wireless configuration

show wireless configuration

Description
Displays the country, management VLAN, and gateway.

Syntax Description
This command has no arguments or variables.

Default
N/A

Usage Guidelines
Use this command to check the basic wireless configuration on a switch.

Examples
The following example displays information about the wireless configuration:

show wireless configuration

The output of the command is similar to:

Summit300-48:4 # show wireless configuration

Country Code: Extreme Default
Management VLAN: Default
Gateway: 192.168.0.1

Timed Command Information:

Summit300-48:5 #

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1090 ExtremeWare 7.3e Command Reference Guide

 show wireless ports

show wireless ports

show wireless ports [all | <portlist>]{detail}

Description
This command shows a summary or detailed report of all wireless ports.

Syntax Description
all Specifies all active ports.
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 1:5, 1:6-1:8.
detail This optional keyword, provides more in-depth information.

Default
N/A

Usage Guidelines
Use this command to show a summary of all ports or for a particular port.

Examples
The following example displays summary information about the wireless ports:

show wireless ports all

The output is similar to:

Port HW Version MAC Addr Serial # State Last Change

-------------------------------------------------------------------------------
1:1 EN Mon Sep 13 11:01:32 2004
1:2 DIS Tue Sep 9 02:25:16 2003
1:3 DIS Tue Sep 9 02:25:16 2003
1:4 DIS Tue Sep 9 02:25:16 2003
1:5 DIS Tue Sep 9 02:25:16 2003
1:6 DIS Tue Sep 9 02:25:16 2003
1:7 DIS Tue Sep 9 02:25:16 2003
1:8 01010001 00:04:96:0C:22:00 03418-00410 ON Mon Sep 13 11:03:16 2004
1:9 DIS Tue Sep 9 02:25:16 2003
1:10 DIS Tue Sep 9 02:25:16 2003
1:11 DIS Tue Sep 9 02:25:16 2003
1:12 DIS Tue Sep 9 02:25:16 2003
1:13 DIS Tue Sep 9 02:25:16 2003
1:14 DIS Tue Sep 9 02:25:16 2003
1:15 DIS Tue Sep 9 02:25:16 2003
1:16 DIS Tue Sep 9 02:25:16 2003
1:17 DIS Tue Sep 9 02:25:16 2003
1:18 DIS Tue Sep 9 02:25:16 2003
1:19 DIS Tue Sep 9 02:25:16 2003
Press <SPACE> to continue or <Q> to quit:

ExtremeWare 7.3e Command Reference Guide 1091

Wireless Commands

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1092 ExtremeWare 7.3e Command Reference Guide

 show wireless ports configuration

show wireless ports configuration

show wireless ports [all | <portlist>] configuration

Description
Displays a summary of the wireless configuration.

Syntax Description
all Specifies all active ports.
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
N/A

Usage Guidelines
Use this command to review the configuration of one or more wireless ports.

Example
The following example displays a summary report of all the configured wireless ports:

show wireless ports all configuration

The output of the command is similar to:

Port IP Address Location Descr Ant-Loc TOut HealthChk State

------------------------------------------------------------------------------
1:1 0.0.0.0 Unknown Location indoor 600 on EN
1:2 0.0.0.0 Unknown Location indoor 600 on DIS
1:3 0.0.0.0 Unknown Location indoor 600 on DIS
1:4 0.0.0.0 Unknown Location indoor 600 on DIS
1:5 0.0.0.0 Unknown Location indoor 600 on DIS
1:6 0.0.0.0 Unknown Location indoor 600 on DIS
1:7 0.0.0.0 Unknown Location indoor 600 on DIS
1:8 10.211.37.83 Unknown Location indoor 600 on EN
1:9 0.0.0.0 Unknown Location indoor 600 on DIS
1:10 0.0.0.0 Unknown Location indoor 600 on DIS
1:11 0.0.0.0 Unknown Location indoor 600 on DIS
1:12 0.0.0.0 Unknown Location indoor 600 on DIS
1:13 0.0.0.0 Unknown Location indoor 600 on DIS
1:14 0.0.0.0 Unknown Location indoor 600 on DIS
1:15 0.0.0.0 Unknown Location indoor 600 on DIS
1:16 0.0.0.0 Unknown Location indoor 600 on DIS
1:17 0.0.0.0 Unknown Location indoor 600 on DIS
1:18 0.0.0.0 Unknown Location indoor 600 on DIS
1:19 0.0.0.0 Unknown Location indoor 600 on DIS
Press <SPACE> to continue or <Q> to quit:

ExtremeWare 7.3e Command Reference Guide 1093

Wireless Commands

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1094 ExtremeWare 7.3e Command Reference Guide

 show wireless ports debug-trace

show wireless ports debug-trace

show wireless ports [all | <portlist>] debug-trace

Description
Displays whether debug-trace is enabled on one or more ports.

Syntax Description
all Specifies all active ports.
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
N/A

Usage Guidelines
Use this command to review the debug-trace status on a port.

Example
The following example displays a summary report of the status of debug-trace on all wireless ports:

show wireless ports all debug-trace

The output of the command is similar to:

Wireless Port : 1:8

Messages Sent : 0
Total Bytes Sent : 0
Messages Suppressed : 278409
Other Errors : 0

Trace Description CUR MSGS BYTES SUPP

-----------------------------------------------------------------------------
dot1x 802.1x Processing 0 0 0 69058
radius Radius Backend 0 0 0 0
mac Wireless MAC 0 0 0 34
snmp SNMP Subagent 0 0 0 1980
wlan-driver WLAN Driver 0 0 0 0
eth-driver ETH Driver 0 0 0 0
ap-scan AP Scan 0 0 0 46
client-diag Client Diag 0 0 0 6
mac-radius MAC Radius 0 0 0 0
wpa WPA State Machine 0 0 0 207152
iapp IAPP 0 0 0 133
Wireless Port : 1:25
Messages Sent : 0
Total Bytes Sent : 0
Messages Suppressed : 36059188
Other Errors : 0

ExtremeWare 7.3e Command Reference Guide 1095

Wireless Commands

Trace Description CUR MSGS BYTES SUPP

-----------------------------------------------------------------------------
dot1x 802.1x Processing 0 0 0 69094
radius Radius Backend 0 0 0 0
mac Wireless MAC 0 0 0 334
snmp SNMP Subagent 0 0 0 45947
wlan-driver WLAN Driver 0 0 0 0
eth-driver ETH Driver 0 0 0 0
ap-scan AP Scan 0 0 0 35736423
client-diag Client Diag 0 0 0 15
mac-radius MAC Radius 0 0 0 0
wpa WPA State Machine 0 0 0 207188
iapp IAPP 0 0 0 187

--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------

1(i) show wireless ports [all | <portlist>] interface [1 | 2] ap-scan results <mac
address> --This command is used to get information about a AP whose mac address is
selected from the AP scan result table.

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1096 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface ap-scan configuration

show wireless ports interface ap-scan configuration

show wireless ports [<portlist> | all] interface [1 |2] ap-scan
configuration {detail}

Description
Displays the current configuration of the scan feature for the selected ports and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
detail Specifies to display the information in detailed format.

Default
N/A.

Usage Guidelines
Use this command to see the current configuration of the AP scan feature for the specified wireless port
and interface. Use the optional keyword, detail, to see the detailed or expanded configuration.

Examples
The following example displays the configuration of port 1:5 and interface 1:

show wireless ports 1:5 interface 1 ap-scan configuration

The output of the command is similar to:

Intf En Add Rem Update Probe ProbeInt OCS Cont. Size Timeout Channels
-------------------------------------------------------------------------------
1:5:1 N off off off off 100 N N 128 300

The following example shows the extra details shown when the keyword detail is added to the
command:

show wireless ports 1:5 interface 1 ap-scan configuration detail

The output of the command is similar to:

Interface : 1:5:1
Enabled : N
Send Added Trap : off
Send Removed Trap : off
Send Updated Trap : off
Probe Interval : 100 (msec)
Send Probe : N
Result Table Size : 128

ExtremeWare 7.3e Command Reference Guide 1097

Wireless Commands

Off Channel Scan (OCS) : N

OCS Continuous Scan : N
OCS Channels :
OCS Min-wait : 60 (msec)
OCS Max-wait : 600 (msec)
Scheduled OCS :
Schedule#1 : Currently disabled
Schedule#2 : Currently disabled
Schedule#3 : Currently disabled
Schedule#4 : Currently disabled
Schedule#5 : Currently disabled
Schedule#6 : Currently disabled
Schedule#7 : Currently disabled
Schedule#8 : Currently disabled

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1098 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface ap-scan results

show wireless ports interface ap-scan results

show wireless ports [<portlist> | all] interface [1 | 2] ap-scan results
{detail}

Description
Displays information about the results of an access point (AP) scan from the port perspective.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
detail (Optional) Specifies to display the information in detailed format.

Default
N/A

Usage Guidelines
Use this command to see the results of an AP scan. Use the optional keyword, detail, to see all of the
fields in Table 24.

Table 25: AP Scan Results (Alphabetized)

Data Value Description
APMAC MAC address of the discovered AP
Capability Capability field from a received information packet (in detail
output only)
Channel The channel on which this AP was discovered
ESS Name String ESS ID I.E.
Last Update Time value at which this entry was updated
Min/Max/Avg RSS Received Signal Strength statistics
Network Type Ad-hoc or BSSID network (in detail output only)
Number of beacons Count of beacon packets seen from this AP (in detail output only)
Number of probe resp Count of PROBE RESP packets sent from the AP (in detail
output only)
Supported Rate Set List of supported rates
WEP required/WEP authentication supported WEP information from beacon and probe packets
WPA WPA information, including authentication and supported
encryption algorithms

ExtremeWare 7.3e Command Reference Guide 1099

Wireless Commands

Example
The following example shows summary AP scan results for port 1:2 and interlace 1:
show wireless ports 1:2 interface 1 ap-scan results

The output of the command is similar to:

Intf AP Mac Address ESS Name AvgRSS Type Chan WEP WPA Last
=================================================================================
1:2:1 00:04:96:05:80:B0 Extreme_a 18 bss 36 Y Y 19:05:33
1:2:1 00:04:96:0C:CA:C0 Extreme_a 7 bss 40 Y Y 19:05:33
1:2:1 00:04:96:05:82:80 Extreme_a 5 bss 40 Y Y 19:05:33
1:2:1 00:04:96:05:80:F0 fz-dot1x-128 30 bss 56 Y Y 19:05:34
1:2:1 00:04:96:05:81:50 Extreme_a 9 bss 64 Y Y 19:05:34
1:2:1 00:04:96:0C:00:00 wpadyn-a-aes-e 6 bss 48 Y Y 19:05:34
1:2:1 00:04:96:0C:23:60 DEFAULT_ESS 10 bss 52 N 19:05:34
1:2:1 00:04:96:0C:04:30 fz-open-wep-64 27 bss 64 Y 19:05:34
1:2:1 00:04:96:0C:02:40 fz-dot1x-128 25 bss 157 Y Y 19:05:34
1:2:1 00:04:96:0C:23:B0 fz-web-unsecure 24 bss 64 N 19:05:34
1:2:1 00:04:96:0C:3C:70 fz-web-unsecure 2 bss 64 N 19:05:34
1:2:1 00:04:96:0C:5F:F0 md-5 9 bss 161 Y Y 19:05:34
1:2:1 00:D0:4D:96:D0:CD Atheros 12 bss 48 Y Y 19:05:33
1:2:1 00:04:96:0C:D8:40 fz-wpa-dyn-tkip 54 bss 52 Y Y 19:05:34
1:2:1 00:04:96:0D:B4:20 QADS300-2410 bss 149 N 1
1:2:1 00:04:96:0D:9E:C0 wpapsk 13 bss 161 Y Y 19:05:34
1:2:1 00:04:96:0D:77:90 Extreme_a 3 bss 161 Y Y 19:05:34
1:2:1 00:30:F1:92:44:39 fz-wpa-psk-tkip 39 bss 153 Y Y 19:05:34

=================================================================================

The following example shows detail AP scan results for port 2:2 and interlace 1:
show wireless ports 2:2 interface 1 ap-scan results detail

The output of the command is similar to:

Intf : 2:2:1
AP Mac Address : 00:04:96:05:80:B0
ESS Name : Extreme_a
Network Type : bss
Channel : 36
First Seen : 21:23:04
Last Change : 21:23:04
Rate Set : 6,9*,12,18*,24,36*,48*,54*
Ext. Rate Set :
Number of Beacons : 2
Number of Probes : 0
RSS: Min : 35
Max : 37
Avg : 23

WPA Information
Version : 1
Unicast Ciphers : TKIP
Multicast Ciphers : WEP104
WPA Auth Suite : DOT1X

1100 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface ap-scan results

Capability Information
N - G Short Slot
N - Channel Agility
N - PBCC
N - CF Poll REQ
N - CF Pollable
Y - WEP Required
bss - Network Type
L - Preamble

Intf : 2:2:1
AP Mac Address : 00:04:96:0C:CA:C0
ESS Name : Extreme_a
Network Type : bss
Channel : 40
First Seen : 21:23:04
Last Change : 21:23:04
Rate Set : 6,9*,12,18*,24,36*,48*,54*
Ext. Rate Set :
Number of Beacons : 1
Number of Probes : 0
RSS: Min : 14
Max : 14
Avg : 7

WPA Information
Version : 1
Unicast Ciphers : TKIP
Multicast Ciphers : WEP104
WPA Auth Suite : DOT1X

Capability Information
Y - G Short Slot
N - Channel Agility
N - PBCC
N - CF Poll REQ
N - CF Pollable
Y - WEP Required
bss - Network Type
L - Preamble
..

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1101

Wireless Commands

show wireless ports interface ap-scan results

mac-address
show wireless ports [all | <portlist>] interface [1 | 2] ap-scan results
<mac-address>

Description
Displays information about an access point (AP) whose MAC address is selected from the AP scan
results table.

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
mac-address Specifies the MAC address selected from the AP scan results table.

Default
N/A

Usage Guidelines
Use this command to get information about an AP using its MAC address.

Example
The following example display information about an AP by MAC address:

show wireless ports 1:8 interface 2 ap-scan results 00:04:96:5:80:B0:

The output of the command is similar to:

AP Mac Address Intf ESS Name AvgRSS Type Chan WEP WPA Last
================================================================================
00:04:96:05:80:B0 1:8:2 Extreme_g 8 bss 11 Y 23:53:34

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1102 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface ap-scan status

show wireless ports interface ap-scan status

show wireless ports [<portlist> | all] interface [1|2] ap-scan status

Description
Displays the status of the AP scan for the port and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5
all Specifies all active ports.
interface Specifies an interface: 1 or 2.

Default
N/A

Usage Guidelines
Use this command to check the AP scan status on a particular port and interface.

Examples
The following command shows the status of the AP scan for the port and interface:

show wireless port 1:5 interface 1 ap-scan status

The output of the command is similar to the following:

Intf Enabled Num-Probes Num-APs WaterMark TimeOuts Overflows OCS

-------------------------------------------------------------------------------
1:1 N 0 0 0 0 0 N

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1103

Wireless Commands

show wireless ports interface client mac-statistics

show wireless ports [all | <portlist>] interface [1 | 2] client
<mac-address> mac-statistics

Description
Displays information about a client whose MAC address is selected from the client list.

Syntax Description

all Specifies all active ports.

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-51:*, 1:5, 1:6-1:8.
interface Specifies an interface: 1 or 2.
mac-address Specifies the MAC address of the client network interface card.

Default
N/A

Usage Guidelines
Use this command to review MAC statistic information for a client by MAC address.

Example
The following example displays MAC statistic information for port 1:8 on interface 1:
show wireless ports 1:8 interface 1 client 00:0D:54:98:AC:35 mac-statistics

The output of the command is similar to:

Intf : 1:8:1
AP Mac Address : 00:0D:54:98:AC:35
RSS: Min : 0
Max : 0
Avg : 0
Total PROBE REQ : 0
Total AUTH REQ : 1
Total ASSOC REQ : 2
Total REASSOC REQ : 0
Total DEASSOC REQ : 0
Total DEAUTH REQ : 0
Total PS POLL : 0
Total Data Frames : 0
NAV Value : 0
--------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------

1104 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface client mac-statistics

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1105

Wireless Commands

show wireless ports interface client-history configuration

show wireless ports [<portlist> | all] interface [1 | 2] client-history
configuration

Description
Displays the current configuration of the client history and diagnostic features.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.

Default
N/A

Usage Guidelines
Use this command to see the current configuration of the client-history feature for the specified wireless
port and interface.

Example
The following example displays the client history and diagnostic features on port 1:25 and interface 1:

show wireless ports 1:25 interface 1 client-history configuration

The output of the command is similar to:

Intf Enabled TableSize Timeout

----------------------------------------------------------------
1:25:1 Y 128 600

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1106 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface client-history diagnostics

show wireless ports interface client-history diagnostics

show wireless ports [<portlist> | all] interface [1 | 2] client-history
diagnostics <mac_address>

Description
Displays counters and errors the information collected on a per-client basis.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
mac_address Specifies the MAC address of the wireless client.

Default
N/A

Usage Guidelines
Use this command to display diagnostic counters and error information contained in the
extremeWirelessClientDiagTable.

Example
The following example displays client-history diagnostics information for port 1:25 and interface 1
based on the MAC address of the client:

show wireless ports 1:25 interface 1 client-history diagnostics 00:0D:54:98:AC:35

The output of the command is similar to:

Interface : 1:25:1
AP Mac Address : 00:0D:54:98:AC:35
State Watermark : FORWARDING
Events In Detected
Enters : 1
Errors : 0
AUTH REQ : 0
Other : 1
MGMT Action : 0
Time Outs : 0
Events In Authenticated
Enters : 1
Errors : 0
ASSOC REQ : 1
Other : 1
MGMT Action : 0
Time Outs : 0
Events In Associated

ExtremeWare 7.3e Command Reference Guide 1107

Wireless Commands

Enters : 1
Errors : 0
MGMT Action : 0
Time Outs : 0
Events In Forwarding
Enters : 1
MGMT Action : 0
Time Outs : 1

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1108 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface client-history mac-layer

show wireless ports interface client-history mac-layer

show wireless ports [<portlist> | all] interface [1 | 2] client-history
mac-layer <mac_address>

Description
Displays 802.11 MAC layer information collected on a per-client basis.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
mac_address Specifies the MAC address of the wireless client.

Default
N/A

Usage Guidelines
Use this command to display information on the operation of the 802.11 MAC layer.

Example
The following example displays client-history information for port 1:25 and interface 1 based on the
MAC address of the client:

show wireless ports 1:25 interface 1 client-history mac-layer 00:0D:54:98:AC:35

The output of the command is similar to:

Intf : 1:25:1
AP Mac address : 00:0D:54:98:AC:35
Authentication Information
Authenticated : Y
Total AUTH REQ : 1
Total AUTH RESP : 1
Total AUTH OK : 1
Total AUTH Failed : 0
Total AUTH (open) : 0
Total AUTH (shared) : 1
Last AUTH REQ : 19:40:06
Last Auth Type : OPEN
Authentication Error Information
Last Error Time : 00:00:00
Last Error Type : NONE
Errors by Type
Sequence Number : 0
Challenge Text (key) : 0
Type Mismatch (open|shared) : 0

ExtremeWare 7.3e Command Reference Guide 1109

Wireless Commands

Key Index : 0
Other : 0
Association Information
Associated : Y
Total ASSOC REQ : 2
Total REASSOC REQ : 0
Total ASSOC RESP : 1
Total ASSOC OK : 1
Total ASSOC Fail : 0
Association Error Information
Last Error Time : 00:00:00
Last Error Type : NONE
Errors by Type
Rate Mismatch : 0
Capability : 0
Counter Measure : 0
Cipher Suite : 0
Max Associations : 0
RSN Required : 0
RSN Mismatch : 0
Other : 0
Rate Set : 6*,9*,12*,18*,24*,36*,48*,54*

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1110 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface client-history status

show wireless ports interface client-history status

show wireless ports [<portlist> | all] interface [1 | 2] client-history
status

Description
Displays the current status of the historical client information.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.

Default
N/A

Usage Guidelines
This command displays information about the client diagnostic and history database. The output has
the following fields:

Field Description
Enable This value indicates if historical information is being collected on this interface or
not.
TableSize This is the number of entries allowed in each of the historical client tables.
Timeout This is the time, in seconds, that entries will persist in the historical client tables
after the referenced client is removed from the SIB.
CurrentSize The current number of entries in the historical client database
Watermark The maximum number of entries which have ever been in the historical client
database.
Overflows Number of entries which have been overwritten in order to make room for a new
entry.
AgeOuts Number of entries which have been aged out of the table

Example
The following example displays the client diagnostic information for port 1 and interface 1:

show wireless ports 1 interface 1 client-history status

The output of the command is similar to:

Intf Enabled TableSize Timeout CurrSize Watermark Overflows Ageouts

----------------------------------------------------------------
1:1 N 128 600 0 0 0 0

ExtremeWare 7.3e Command Reference Guide 1111

Wireless Commands

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1112 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface client-scan configuration

show wireless ports interface client-scan configuration

show wireless ports [<portlist> | all] interface [1 | 2] client-scan
configuration

Description
Displays the current configuration of the client scan feature.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.

Default
N/A

Usage Guidelines
Displays the current configuration of the client scan feature, including:

Port: The port number used in the scan

Interface 1 or 2

Enabled: Y (yes) N (no)

Send Added: on | off

Send Removed: on | off

Timeout: Parameter specified for scan timeouts

Max Size: Parameter specified for the number of entries for the table

Examples
The following example displays the current configuration of the client scan feature on port 1:5 and
interface 1:

show wireless ports 1:5 interface 1 client-scan configuration

It produces output similar to the following:

Summit300-48:15 # show wireless ports all interface 1 client-scan configuration

Intf Enabled Send-Added Send-Removed Timeout Max-Size
-------------------------------------------------------------------------------

1:5:1 N off off 600 128

ExtremeWare 7.3e Command Reference Guide 1113

Wireless Commands

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

It produces output similar to the following:

1114 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface client-scan results

show wireless ports interface client-scan results

show wireless ports [<portlist> | all] interface [1 | 2] client-scan
results {detail}

Description
Displays the current contents of the probe information table.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
detail Specifies to display the information in detailed format.

Default
N/A

Usage Guidelines
The output of this command displays the probe information table, which has the following fields:

Variable Description
Intf Wireless port and interface on which this client is seen
MAC address of the source MAC address of the source
Probe REQs Number of PROBE REQ packets seen from this source
Last RSS RSSI of last received PROBE REQ packet
Channel Channel on which last PROBE REQ was received
Last Seen Time last PROBE REQ was seen from this source
Client Client is associated to the Altitude 300 (Y | N)

Example
The following example displays the probe information table for port 1:25 and interface 2:

show wireless port 1:25 interface 2 client-scan results

This command produces output similar to the following:

Intf Source Probe REQs Last RSS Channel Last SeenClient

================================================================================
1:25:2 00:20:A6:4C:40:69 8005 52 1 19:37:36 N
1:25:2 00:09:5B:92:43:63 262 34 1 19:37:37 N
1:25:2 00:09:5B:68:27:A6 482 43 1 19:37:37 N
1:25:2 00:09:5B:66:ED:F3 390 47 1 19:37:35 N
1:25:2 00:09:5B:66:E4:C9 314 12 1 19:37:30 N

ExtremeWare 7.3e Command Reference Guide 1115

Wireless Commands

1:25:2 00:02:C7:FF:09:99 46 28 1 19:37:28 N

1:25:2 00:09:5B:41:99:8C 30 26 1 19:36:56 N
1:25:2 00:04:23:90:03:91 4 12 1 19:35:50 N
1:25:2 00:09:5B:41:99:29 2 19 1 19:28:03 N
1:25:2 00:04:96:05:82:00 2 28 1 19:35:46 N
1:25:2 00:09:5B:68:25:44 347 34 1 19:37:34 N
1:25:2 00:0E:9B:01:3F:FA 30 24 1 19:37:13 N
1:25:2 00:0D:88:65:75:E0 196 21 1 19:37:35 N
1:25:2 00:0D:54:99:16:C3 89 12 1 19:37:36 N
1:25:2 00:09:5B:A2:75:37 251 24 1 19:37:32 N
1:25:2 00:0D:54:98:AC:35 126 30 1 19:37:36 N
1:25:2 00:0C:41:FA:62:FE 9 7 1 19:36:44 N
1:25:2 00:09:5B:A2:75:3B 17 11 1 19:36:36 N
1:25:2 00:0C:41:60:D0:73 81 20 1 19:36:58 N
1:25:2 00:0D:54:A7:0C:89 475 29 1 19:37:36 N
================================================================================

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1116 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface client-scan results mac-address

show wireless ports interface client-scan results

mac-address
show wireless ports [<portlist> | all] interface [1 | 2] client-scan
results <mac_address> {detail)

Description
Displays the details about the specified client MAC address.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
detail Specifies to display the information in detailed format.

Default
N/A

Usage Guidelines
Use this command to check details about the clients in the client scan table.

Example
The following example shows the details of client MAC address 00:03:7F:BE:FE:9D.
show wireless port 5 interface 1 client-scan results 00:03:7F:BE:FE:9D

It produces output similar to the following:

Intf Source Probe REQs Last RSS Channel Last SeenClient

================================================================================
5:1 00:03:7F:BE:FE:9D 17 4 161 01:39:48 N

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1117

Wireless Commands

show wireless ports interface client-scan status

show wireless ports [<portlist> | all] interface [1 | 2] client-scan status

Description
Displays the overall operation of the client scan results.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.

Default
N/A

Usage Guidelines
The output of this command displays the performance results for the following variables on a per
wireless interface basis:

Variable Description
CurrentTableSize The current size of the table (in entries)
TableWatermark The maximum size the table has been since the last reset of the
historical statistics
TotalOverflows The number of times an entry has been overwritten because the
table is full
TotalTimeouts The number of times an entry has been aged out from the table
LastElement The last time an element was added to the table
TotalProbes The total number of probes received on this interface

Examples
The following example displays the performance results for port 5 on interface 1:

show wireless ports 5 interface 1 client-scan status

It produces output similar to the following:

S300-24-FZ:28 # show wireless ports 1 interface 1 client-scan status

Intf Table-Size WaterMark Overflows Timeouts LastElement Total-Probes
-------------------------------------------------------------------------------
1:1 0 0 0 0 0 0
S300-24-FZ:29 #

1118 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface client-scan status

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1119

Wireless Commands

show wireless ports interface clients

show wireless ports [<portlist> | all] interface [1 | 2] clients
<mac-address> {detail}

Description
Displays the current wireless client state of a selected port or ports and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
mac-address Specifies to use the MAC address to select the client from the client list.
detail (Optional) Specifies to display the information in detailed format.

Default
N/A

Usage Guidelines
Client current state information is available for all clients that have sent an authentication message to
the Altitude 300. Information in this table is timed out if no packets are received from the client by the
configurable period of time set by the administrator.
The following fields of the client state table are displayed with this command:

Fields Description
Client MAC MAC address of the client adapter
Current State DETECTED, AUTHED, ASSOC, or FORWARD. Indicates which part
of the state machine the client is currently in.
Last state change The system time when the client last changed states
Encryption Type Type of MAC-level encryption the client is using. This is negotiated
during the association state machine, so is only valid if client state is
FORWARDING.
Authentication Type Last type of authentication the client tried. In the case of a client in
FORWARDING, indicates the type of authentication that granted
access to the network.
ESSID Extended service set identifier of the network
Wireless Port Wireless switch port serving the client
Client VLAN VLAN assigned to this client by a radius VSA or other mechanism.
This is only valid for clients in FORWARDING.
Client Priority Quality of service (QoS) level for the client
Tx Frames Number of frames transferred to the client
Rx Frames Number of frames returned by the client

1120 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface clients

Fields Description
Tx Bytes Number of bytes transferred to the client
Rx Bytes Number of bytes returned by the client
RSS Received signal strength

Example
The following command displays information about client MAC address 00:09:5B:A1:1F:8F on port 1:

show wireless ports 1 interface 1 clients 00:09:5B:A1:1F:8F detail

The output of the command is similar to:

Client MAC : 00:09:5B:A1:1F:8F

Wireless Port : 1:1
Current State : FORWARD
Last State Change : 4:42:39
Authentication Type : PSK
Encryption Type : AES
ESS ID : fz-wpa-psk-aes
Client VLAN : SKSPVlan
Client Priority : 0
Received Signal Strength : 195
TX Frames : 17067
RX Frames : 34228
TX Bytes : 1712753
RX Bytes : 3857802

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1121

Wireless Commands

show wireless ports interface configuration

show wireless ports [<portlist> | all] interface [1 | 2] configuration
{detail}

Description
Displays information about wireless configuration for the selected ports and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
detail Specifies to display the information in detailed format.

Default
N/A

Usage Guidelines
Use this command to show in table or list format the configuration and state of the interface of the
selected port or ports.

Examples
The following example displays information about the wireless port configuration for ports 1:26-1:30
and interface 1:

show wireless ports 1:26-1:30 interface 1 configuration

Output of the command is similar to:

Port Intf State RF Prof. Sec. Prof. TxRate Power Chan. Max Cl. Bridging
-------------------------------------------------------------------------------
1:26 1 EN rf_26 Unsecure 54 FULL 0 100 EN
1:27 1 EN rf_27 Unsecure 54 FULL 0 100 EN
1:28 1 EN rf_28 Unsecure 54 FULL 0 100 EN
1:29 1 EN DEFAULT_A Unsecure 54 FULL 0 100 EN
1:30 1 EN DEFAULT_A Unsecure 54 FULL 0 100 EN

EN- Enabled, DIS - Disabled

The following example shows the extra details shown when the keyword detail is added to the
command:

show wireless ports 1:26-1:30 interface 1 configuration detail

The detailed output is similar to:

1122 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface configuration

Summit300-48:20 # show wireless ports 1:26-1:30 interface 1 configuration detail

Wireless Interface: 1:26:1

State: Enabled
RF Profile: rf_26
Security Profile: Unsecure
Transmit Rate: 54
Power: FULL
Channel: 0
Max Clients: 100
Wireless Bridging: Enabled

Wireless Interface: 1:27:1

State: Enabled
RF Profile: rf_27
Security Profile: Unsecure
Transmit Rate: 54
Power: FULL
Channel: 0
Max Clients: 100
Wireless Bridging: Enabled

Wireless Interface: 1:28:1

State: Enabled
RF Profile: rf_28
Security Profile: Unsecure
Transmit Rate: 54
Power: FULL
Channel: 0
Max Clients: 100
Wireless Bridging: Enabled

Wireless Interface: 1:29:1

State: Enabled
RF Profile: DEFAULT_A
Security Profile: Unsecure
Transmit Rate: 54
Power: FULL
Channel: 0
Max Clients: 100
Wireless Bridging: Enabled

Wireless Interface: 1:30:1

State: Enabled
RF Profile: DEFAULT_A
Security Profile: Unsecure
Transmit Rate: 54
Power: FULL
Channel: 0
Max Clients: 100
Wireless Bridging: Enabled

Summit300-48:21 #

ExtremeWare 7.3e Command Reference Guide 1123

Wireless Commands

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1124 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface pae-diagnostics

show wireless ports interface pae-diagnostics

show wireless ports [<portlist> | all] interface [1 | 2] pae-diagnostics
{detail}

Description
Displays Port Authentication Entity (PAE) diagnostics for the selected port and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
detail Specifies to display the information in detailed format.

Default
N/A.

Usage Guidelines
Use this command to display the PAE diagnostics of the clients associated with the access point (AP).

Examples
The following example lists the output of the PAE diagnostics for ports 1:11 on interface 2:

show wireless ports 1:11 interface 2 pae-diagnostics

The output of the command is similar to:

PAE Diagnostic Statistics

CLIENT MAC Port Intf Failures Timeouts Success Logoffs ReAuth
================================================================================
00:0D:54:98:AC:35 1:25 1 0 0 2 0 0

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1125

Wireless Commands

show wireless ports interface pae-statistics

show wireless ports [<portlist> | all] interface [1 | 2] pae-statistics
{detail}

Description
Displays Port Authentication Entity (PAE) statistics for the selected port and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 1:*, 1:5, 1:6-1:8.
detail Specifies to display the information in detailed format.

Default
N/A

Usage Guidelines
Use this command to display the PAE statistics of the clients associated with the access point (AP).

Examples
The following example lists the output of the PAE statistics for ports 1:11 on interface 2:

show wireless ports 1:11 interface 2 pae-statistics

The output of the command is similar to:

PAE Statistics
CLIENT MAC Port Intf STATE TX RX ERRORS CLIENT ID
================================================================================
00:0D:54:98:AC:35 1:25 1 AUTHED 16 17 0 sqalab\labu

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1126 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface rf-status

show wireless ports interface rf-status

show wireless ports [<portlist> | all] interface [1 | 2] rf-status {detail}

Description
Displays data rates for the selected port and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
detail Specifies to display the information in detailed format.

Default
N/A

Usage Guidelines
Each wireless port on the Summit 300 contains two interfaces. Interface 1 supports 802.11a, and interface
2 supports 802.11b/g radio signals. The show wireless port interface rf-status command
allows you to display information about one of the two individual interfaces (1|2) on a port or ports.

Examples
The following example displays rf-status of all active ports of the switch:

show wireless ports all interface 1 rf-status

The output of the command is similar to:

Port Intf Tx Rate Channel Noise Floor

--------------------------------------------------------------
1:37 1 54 64 85
1:38 1 54 64 84

show wireless ports all interface 1 rf-status detail

The output of the command is similar to:

S300-24-FZ:31 # show wireless ports 1 interface 1 rf-status detail

Wireless Interface: 1:37:1

Transmit Rate: 54
Beacon Interval: 40
DTIM: 2
Preamble: Short
Long Retry: 7
Short Retry: 4
Fragmentation Length: 2345

ExtremeWare 7.3e Command Reference Guide 1127

Wireless Commands

RTS Threshold: 2330

Power: FULL
RF Mode: A
Channel: 64
Noise Floor (dBm): 85
Supported Rates: 6,9,12,18,24,36,48,54
Supported Modes: A

Wireless Interface: 1:38:1

Transmit Rate: 54
Beacon Interval: 40
DTIM: 2
Preamble: Short
Long Retry: 7
Short Retry: 4
Fragmentation Length: 2345
RTS Threshold: 2330
Power: FULL
RF Mode: A
Channel: 64
S300-24-FZ:32 #

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1128 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface security-status

show wireless ports interface security-status

show wireless ports [<portlist> | all ] interface [1 |2] security-status
{detail}

Description
Displays Wired Equivalent Privacy (WEP) protocol, authentication, dot1x, and ESS name information
for the selected port and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5, 2:*, 2:5, 2:6-2:8.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.
detail Specifies to display the information in detailed format.

Default
N/A

Usage Guidelines
Each wireless port on the Summit 300 contains two interfaces. Interface 1 supports 802.11a, and
interface 2 supports 802.11b/g radio signals. The show wireless port interface security-status
command allows you to display security status information about one of the two individual interfaces
(1|2) on a port or ports.

Examples
The following example displays the security setting of all active wireless ports of the switch:

show wireless ports all interface 2 security-status

The output of the command is similar to:

Port Intf Dot11 Auth Network Auth ESS

-------------------------------------------------------------------------------
1:37 2 shared none TFZ
1:38 2 open none fz-open-wep-64

The following example shows the detailed security setting of all active wireless ports of the switch:

show wireless ports all interface 2 security-status detail

The output of the command is similar to:

Wireless Interface: 1:37:2

Dot11 Authentication: shared
Network Authentication: none
ESS Name: TFZ
Encryption: wep128

ExtremeWare 7.3e Command Reference Guide 1129

Wireless Commands

Specified WEP Keys: 0,1,2,3

Default WEP Key: 0
SSID in Beacon: on
User VLAN: ExtrAvaya
Use Dynamic Vlan: Yes

Wireless Interface: 1:38:2

Dot11 Authentication: open
Network Authentication: none
ESS Name: fz-open-wep-64
Encryption: wep64
Specified WEP Keys: 0
Default WEP Key: 0
SSID in Beacon: on
User VLAN: SKSPVlan
Use Dynamic Vlan: Yes
Noise Floor (dBm): 85
Supported Rates: 6,9,12,18,24,36,48,54
Supported Modes: A

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1130 ExtremeWare 7.3e Command Reference Guide

 show wireless ports interface stats

show wireless ports interface stats

show wireless ports [<portlist> | all] interface [1 |2] stats

Description
Displays 802.11 interface statistics for the selected port and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.

Default
N/A.

Usage Guidelines
Use this command to search for errors on a per interface basis.

Examples
The following example displays 802.11 interface statistics for ports 1:5-1:34 and interface 1:

show wireless ports 1:5-1:34 interface 1 stats

The output of the command is similar to:

802.11 Interface Statistics

Port Intf Frames TX Frag TX Frag RX MC Frag TX MC Frag RX WEP Error Errors
================================================================================
2 1 9277 8763 0 92 0 0 1137

================================================================================

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1131

Wireless Commands

show wireless ports interface status

show wireless ports [<portlist> | all] interface [1 |2] status

Description
Displays the current state of the selected port and interface.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
all Specifies all active ports.
interface Specifies an interface: 1 or 2.

Default
N/A.

Usage Guidelines
Use this command to examine RF profiles on a per wireless port basis. This command allows you to
view the log of a specific port or ports, filtering out the switch log.

Examples
The following example displays the status for wireless ports 3 on interface 1:

show wireless ports 3 interface 1 status

The output of the command is similar to:

Intf St. Tx Rate Power Ch ESS Max Cl. Last State Change

-------------------------------------------------------------------------------
3:1 EN 54 FULL 52 fz-wpa-psk-aes 100 Mon Jul 26 17:15:11 2004

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1132 ExtremeWare 7.3e Command Reference Guide

 show wireless ports log

show wireless ports log

show wireless ports [<portlist>| all] {summary} log

Description
Displays the event log of the selected port or ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 1:2, 3-5.
summary Specifies to display a summary of the log information.

Default
N/A

Usage Guidelines
Use this command to display the Altitude 300 local log for debugging errors.

Examples
The following command displays log information for all ports on the device:

show wireless ports all log

The output of the command is similar to:

S300-24-FZ:36 # show wireless ports 3 log

Log Servers for port 3 :
Server 192.168.1.244:514, Facility local0, Severity info
[3] Jul 26 17:51:06 :2 Client 00:0C:41:2B:E4:27 aged out (name
"OPEN:[email protected]")
[3] Jul 26 17:40:58 :2 DOT1X 00:0C:41:2B:E4:27 Exhausted retries on RADIUS servers.
[3] Jul 26 17:40:52 Failed with primary radius server. Trying secondary.
[3] Jul 26 17:40:32 :2 DOT1X 00:0C:41:2B:E4:27 Exhausted retries on RADIUS servers.
[3] Jul 26 17:40:26 Failed with primary radius server. Trying secondary.
[3] Jul 26 17:40:00 :2 DOT1X 00:0C:41:2B:E4:27 Exhausted retries on RADIUS servers.
[3] Jul 26 17:39:54 Failed with primary radius server. Trying secondary.
[3] Jul 26 17:20:41 :2 Client 00:0D:88:C2:4D:AC Auth Failed (name "802.1x:unknown")
[3] Jul 26 17:19:10 :2 Client 00:0D:88:C2:4D:AC Auth Failed (name "802.1x:unknown")
[3] Jul 26 17:17:36 :2 Client 00:0D:88:C2:4D:AC Auth Failed (name "802.1x:unknown")
[3] Jul 26 17:15:18 :2 Radio channel updated to AUTO
[3] Jul 26 17:15:18 :2 Radio channel updated to 4
[3] Jul 26 17:15:10 :2 Radio Interface Enabled
[3] Jul 26 17:15:10 :1 Radio channel updated to AUTO
[3] Jul 26 17:15:10 :1 Radio channel updated to 52
[3] Jul 26 17:14:59 :1 Radio Interface Enabled
[3] Jul 26 17:14:57 :2 SSID updated to fz-dot1x-128
[3] Jul 26 17:14:57 :1 SSID updated to fz-wpa-psk-aes
[3] Jul 26 17:14:56 :2 WEP Encryption Mode set to 128-BIT Encryption

ExtremeWare 7.3e Command Reference Guide 1133

Wireless Commands

[3] Jul 26 17:14:56 :1 WEP Encryption Mode set to 128-BIT Encryption

[3] Jul 26 17:14:56 :2 Web netlogin mode disabled
[3] Jul 26 17:14:56 :1 Web netlogin mode disabled
[3] Jan 01 00:00:12 :2 Authentication state time updated to 600
[3] Jan 01 00:00:12 :2 Association state time updated to 600
[3] Jan 01 00:00:12 :1 Authentication state time updated to 600
[3] Jan 01 00:00:12 :1 Association state time updated to 600
[3] Jan 01 00:00:12 :2 Max association clients updated to 100
[3] Jan 01 00:00:11 :1 Max association clients updated to 100
[3] Jan 01 00:00:11 :2 Long Retry Limit updated to 7
[3] Jan 01 00:00:11 :1 Long Retry Limit updated to 7
[3] Jan 01 00:00:11 :2 Short Retry Limit updated to 4
[3] Jan 01 00:00:11 :1 Short Retry Limit updated to 4
[3] Jan 01 00:00:11 :1 Preamble mode set to SHORT
[3] Jan 01 00:00:10 :2 RTS Length updated to 2330
[3] Jan 01 00:00:10 :1 RTS Length updated to 200
[3] Jan 01 00:00:10 :2 Fragmentation Threshold updated to 2345
[3] Jan 01 00:00:10 :1 Fragmentation Threshold updated to 1200
[3] Jan 01 00:00:10 :2 Beacon Interval updated to 40
[3] Jan 01 00:00:10 :1 Beacon Interval updated to 40
[3] Jan 01 00:00:00 Wireless Port Up
[3] Jan 01 00:00:00 Boot reason: Power-on Boot
S300-24-FZ:37 #

History
This command was first available in ExtremeWare 6.2a and added to the “e” series in 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1134 ExtremeWare 7.3e Command Reference Guide

21 Power Over Ethernet Commands

Power over Ethernet (PoE) is an effective method of supplying 48 VDC power to certain types of
powered devices (PDs) through Category 5 or Category 3 twisted pair Ethernet cables. PDs include the
Altitude 300 wireless port, IP telephones, laptop computers, web cameras, and other devices. With PoE,
a single Ethernet cable supplies power and the data connection, reducing costs associated with separate
power cabling and supply. PoE for ExtremeWare includes a method of detection to assure that power is
delivered only to devices that meet the IEEE 802.3af specification for PoE.

Summary of PoE Software Features

The Summit “e” series supports the following PoE software features:
• Configuration and control of the power distribution for PoE at the port level
• Real time detection of powered devices on the line
• Monitor and control of PoE fault conditions
• Support for configuring and monitoring PoE status at the port level
• Management of an over-subscribed power budget

Port Power Management

When you connect PDs, the both models of the Summit 300automatically discovers and classifies those
that are 802.3AF-compliant. The following functions are supported for delivering power to specific
ports:
• Enabling the port for discovery and classification
• Enabling power delivery to a discovered device
• Enforcing port power limits by denying power to a device that exceeds the power limit
• Enforcing class limits by denying power to a device that exceeds the class limit
• Reporting and tracking port power faults
• Managing power budgets and allocation

In addition, the Summit 300-24 also supports legacy devices that are not 802.3AF compliant.

ExtremeWare 7.3e Command Reference Guide 1135

Power Over Ethernet Commands

For more conceptual information about configuring and managing PoE, see the ExtremeWare Software
User Guide.

1136 ExtremeWare 7.3e Command Reference Guide

 clear inline-power connection-history slot

clear inline-power connection-history slot

clear inline-power connection-history slot <slot_number>

Description
Clears the port connection history for the specified slot.

Syntax Description

slot_number Specifies the slot for which the port connection history is cleared.

Default
N/A.

Usage Guidelines
None.

Example
The following command clears the port connection history for slot 2:
clear inline-power connection-history slot 2

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 only.

ExtremeWare 7.3e Command Reference Guide 1137

Power Over Ethernet Commands

clear inline-power fault ports

clear inline-power fault ports <portlist>

Description
Clears the fault condition on the specified ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5.

Default
N/A.

Usage Guidelines
None.

Example
The following command clears the fault condition for port 3:
clear inline-power fault ports 3

History
This command was first available in ExtremeWare7.3e.

Platform Availability
This command is available on Summit 300 series only.

1138 ExtremeWare 7.3e Command Reference Guide

 clear inline-power stats

clear inline-power stats

clear inline-power stats <portlist>

Description
Clears the inline statistics for the selected port to zero.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
N/A.

Usage Guidelines
Use this command to clear all the information displayed by the show inline-power stats ports
<portlist> command.

Example
The following command clears the inline statistics for ports 1-8:
clear inline-power stats 1-8

The following command displays cleared inline power configuration information for ports 1-8:

show inline-power stats 1-8

Following is sample output from this command:

Port State Class Absent InvSig Denied OverCurrent Short

1 searching ------ 0 0 0 0 0
2 delivering class0 0 0 0 0 0
3 searching ------ 0 0 0 0 0
4 searching ------ 0 0 0 0 0
5 searching ------ 1 0 0 0 0
6 delivering class3 0 0 0 0 0
7 searching ------ 0 0 0 0 0
8 searching ------ 0 0 0 0 0

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1139

Power Over Ethernet Commands

configure inline-power budget

configure inline-power budget <watts> slot <slot_number>

Description
Configures the amount of power available for inline-power on the slot.

Syntax Description

watts An integer specifying wattage in the range of 1 to 450 W.

slot_number Specifies the slot being configured for power.

Default
15.4 W.

Usage Guidelines
Before issuing this command, disable the slot using the disable inline-power slot <slot_id>
command. The device is allowed to draw about 10% more power than the configured amount before
power is shut off to the device.

Example
The following example configures slot 1 at 10 watts.

disable inline-power slot 1

configure inline-power budget 10 slot 1

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the Summit 300 only.

1140 ExtremeWare 7.3e Command Reference Guide

 configure inline-power detection

configure inline-power detection

configure inline-power detection [auto | discovery-test-only] ports
<portlist>

Description
Sets the power detection mechanism on the specified ports.

Syntax Description

auto Forces automatic power discovery operations and supplies power to detected
power devices (PDs) for the specified ports.
discovery-test-only Forces power discovery operations and does not supply power to detected
PDs for the specified ports.
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
Auto.

Usage Guidelines
This command controls the power detection mechanism on the specified ports. Test mode forces power
discovery operations; however, power is not supplied to detected PDs.

Example
The following command forces automatic power discovery operations and specifies that power is
supplied to detected PDs for ports 1:4 –1: 6:
configure inline-power detection auto ports 1:4-1:6

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the Summit 300-48 only.

ExtremeWare 7.3e Command Reference Guide 1141

Power Over Ethernet Commands

configure inline-power disconnect-precedence

configure inline-power disconnect-precedence [lowest-priority | deny-port]

Description
Controls the disconnect function of power management.

Syntax Description

lowest-priority Specifies that the port with the lowest priority is to be shut down when the
next port connects.
deny-port Specifies that the next port is denied power, regardless of priority.

Default
Deny-port

Usage Guidelines
The PoE controller disconnects one of the ports to prevent an overload on the power supply. The
disconnect function occurs when the power drain exceeds the available power budget because of a rise
in power consumption after power is allocated to the ports.

Example
The following example configures the disconnect precedence to disconnect the lowest priority port
when the next port attempts to connect:

configure inline-power disconnect-precedence lowest-priority

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the Summit 300-48 only.

1142 ExtremeWare 7.3e Command Reference Guide

 configure inline-power label ports

configure inline-power label ports

configure inline-power label <string> ports <portlist>

Description
Lets you create your own label for a specified power port.

Syntax Description

string Specifies a name up to 13 characters in length to identify the specified power

port(s).
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8..

Default
No label.

Usage Guidelines
Use the show inline-power configuration port <portlist> command, as shown in the following
example, to display inline power configuration information, including the display string (if any) for
each port. The display string is shown under the “Label” column:
show inline-power configuration port 1:1-1:7

Following is sample output from this command:

Port Config Detect Rsvd Pwr Oper Lmt Viol Prec Label
1:1 enabled auto 0.0 15.4 max-class-operator
1:2 enabled auto 10.0 15.4 advertised-limit test_port2
1:3 enabled auto 0.0 15.4 max-class-operator
1:4 enabled auto 0.0 15.4 max-class-operator
1:5 enabled auto 0.0 15.4 max-class-operator
1:6 enabled auto 0.0 15.4 max-class-operator test_port6
1:7 enabled auto 0.0 15.4 max-class-operator

Example
The following command assigns the name “alpha-test_1” to port 1 on slot 1:
configure inline-power label alpha-test_1 ports 1:1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1143

Power Over Ethernet Commands

configure inline-power operator-limit

configure inline-power operator-limit <milliwatts> ports <portlist>

Description
Sets the maximum power available for powered devices (PDs) on a per port basis.

Syntax Description

milliwatts An integer specifying milliwatts in the range of 3000 – 15400 mW.

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8..

Default
15400 mW.

Usage Guidelines
The Summit 300-24 has an operator limit range of 300 to 15400 milliwatts. The Summit 300-48 has an
operator limit range of 300 to 20000 milliwatts.

The standard 802.3af protocol permits a PD to be classified into one of 5 classes, each of which
determines the maximal power draw to the power sourcing equipment (PSE). Extreme PSEs, in the
default configuration, use the classification-to-power draw in performing power management and
budgeting.

Classification is optional, and many PD devices do not support it. Therefore, under normal conditions,
the Extreme PSE budgets for the maximum permitted power (15.4 watts), even though the maximum
device draw may be less. This may cause fewer devices to be powered, since the power budget is
prematurely exhausted. There is a wide variation in power consumption levels between 802.3af classes
(~8 watts). In such cases, the power level limit (operator-limit) can be set on a per port basis. If this is
done, the operator limit, rather than the discovered class limit will be used for power budgeting. It is
also necessary for the violation-precedence to be set to operator-limit.

Regardless of how the port power limit is derived (through automatic classification or operator limit),
the port power limit is used to determine whether the overall system limit has been exceeded. On the
Summit 300-48, after the overall system limit is reached, additional PoE ports are powered based on the
system violation-precedence setting and port power priority. The Summit 300-24 has sufficient power to
support 15.4 watts on all 24 ports.

The power port limit is also used during system operation to limit the power supplied to each PoE port.
If a powered device attempts to draw more power than has been budgeted, the chassis will remove
power from that port to prevent system overload or device damage.

This command is used in conjunction with the configure inline-power violation-precedence

[advertised-class | operator-limit | max-class-operator | none] ports <portlist>e
command and has no effect if either none or advertised-class is selected for violation precedence.

1144 ExtremeWare 7.3e Command Reference Guide

 configure inline-power operator-limit

Example
The following command sets the limit on ports 1:3 – 1:6 to 10000 mW on a Summit 300-48:
configure inline-power operator-limit 10000 ports 1:3-1:6

History

This command was first available in ExtremeWare.

7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1145

Power Over Ethernet Commands

configure inline-power power-supply

configure inline-power power-supply [redundant | load-sharing]

Description
This command selects the power supply operating mode.

Syntax Description

redundant Specifies redundant power supply mode.

load-sharing Specifies load-sharing mode.

Default
Redundant mode

Usage Guidelines
The PoE subsystem on the Summit 300-48 supports dual power supplies for either redundant or
load-sharing modes. Redundant mode is the default and provides hitless PoE should one of the two
power supplies fail, be removed, or powered off. Load-sharing mode allows both power supplies to
provide power to the PoE system, providing greater PoE power capacity. For load-sharing operation,
the amount of power provided to the PoE system is the sum of the power supplied by the power
supplies. With load-sharing, all PoE devices may experience a power hit if a power supply fails.

Example
The following command configures a Summit 300-48 for redundant power supply mode:

configure inline-power power-supply redundant

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 only.

1146 ExtremeWare 7.3e Command Reference Guide

 configure inline-power priority

configure inline-power priority

configure inline-power priority [low | high | critical] ports <portlist>

Description
Configures the port priority.

Syntax Description

low Specifies that the port is to have low priority, which is the default value. Ports
with this priority level are given power only after all critical and high priority ports
have power.
high Specifies that the port is to have high priority. Ports with this priority level are
given power only after all critical ports have power.
critical Specifies that the port is to have critical priority. Ports with this priority receive
power first.
portlist Specifies one or more slots and ports. May be in the form 1:1, 1:2, 1:3-1:5.

Default
Low priority

Usage Guidelines
Power is allocated to ports by their designated priority. Power allocation is first provided to the higher
priority ports.

Example
The following example sets port 5 as a critical power port:

configure inline-power priority critical ports 5

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 only.

ExtremeWare 7.3e Command Reference Guide 1147

Power Over Ethernet Commands

configure inline-power reserved budget

configure inline-power reserved budget <milliwatts> ports <portlist>

Description
Sets the reserved power on the specified ports to either the default value or the specified watts.

Syntax Description

milliwatts An integer specifying milliwatts at zero (0) or in the range of 3000 – 20000 mW.
portlist Specifies one or more slots and ports. May be in the form 1:1, 1:2, 1:3-1:5.

Default
0 mW.

Usage Guidelines
This command sets the reserved power on the specified ports to either the default value or the specified
watts. The reserved power range is 0 or 3000-20000 mW. The default reserved power range value is 0
mW. Total power reserved may be up to but not greater than the total power for the card. If all of the
power available to the card is reserved, then the common power pool is empty.

Example
The following command sets the reserved power for ports 4 to 15000 mW:
configure inline-power reserved budget 15000 ports 4

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 model only.

1148 ExtremeWare 7.3e Command Reference Guide

 configure inline-power type

configure inline-power type

configure inline-power type [phone | webcam | wireless | other] ports
<portlist>

Description
Sets the type of powered device (PD) connected to the specified ports.

Syntax Description

phone Specifies an IP telephone.

webcam Specifies a webcam.
wireless Specifies an 802.11a/b/g client.
other Specifies another type of powered device other than a telephone, webcam or a
wireless client.

Default
Other

Usage Guidelines
This command sets the type of PD connected to the specified ports. This is a management-controlled
entity because there is no support for dynamically determining the PD device type.

Use the detail port argument in the show inline-power info [detail] port <portlist] command to
display the inline-power type for a selected port.

Example
The following command specifies the type of PD connected to port 3 as a wireless device on a
Summit 300-48 switch:
configure inline-power type wireless ports 1:3

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 switches only.

ExtremeWare 7.3e Command Reference Guide 1149

Power Over Ethernet Commands

configure inline-power usage-threshold

configure inline-power usage-threshold <threshold>

Description
Sets the inline power usage alarm threshold.

Syntax Description

threshold Integer in the range 1 – 99 expressed as a percentage for derating of available

power to measured power. The default value is 90 on the Summit 300-24 and the
default is 70 on the Summit 300-48.

Default
Summit 300-24: 90
Summit 300-48: 70

Usage Guidelines
This command sets the threshold for initiation of an alarm if the measured power exceeds the threshold.

On the Summit 300-48, the alarm threshold is shared between the system-level utilization and the
allocated power budget per slot. If either measurement exceeds the threshold level, an alarm is initiated.
On the Summit 300-24, the usage threshold is not shared with the system usage, it is power used by the
PDs only.

Example
The following command sets the inline power usage alarm threshold at 75%:
config inline-power usage-threshold 75

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1150 ExtremeWare 7.3e Command Reference Guide

 configure inline-power violation-precedence

configure inline-power violation-precedence

configure inline-power violation-precedence [advertised-class |
operator-limit | max-class-operator | none] ports <portlist>

Description
Sets a user-defined limit on a port or ports..

Syntax Description

advertised-class Removes or denies power if an IEEE 802.3af-compliant power device (PD)

consumes power beyond its advertised class limit.
operator-limit Removes or denies power if the PD consumes power beyond the configured
operator limit.
max-class-operator Removes or denies power if the PD consumes power beyond the detected
class limit or the operator limit, whichever is greater. Max-class-operator is the
default value, which allows operation of 802.3af compliant PDs.
none Removes or denies power if the PD exceeds the maximum limit of 20 watts.
portlist Specifies one or more slots and ports. May be in the form 1:1, 1:2, 1:3-1:5 or
1, 2, 3-5.

Default
max-class-operator

Usage Guidelines
This command sets a user-defined limit for the specified ports. Power is removed or denied to PDs
connected to the selected ports if the PD consumes more power than the entered limit. The default
value is max-class-operator, which removes or denies power if the PD consumes power beyond the
greater value of the detected class limit or the configured operator limit, whichever is greater. The
operator limit is configured with the following command:

configure inline-power operator-limit <milliwatts> ports <portlist>

Example
The following command sets the violation precedence for port 3 to the configured operator limit:
configure inline-power violation-precedence operator-limit ports 3

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 switches.

ExtremeWare 7.3e Command Reference Guide 1151

Power Over Ethernet Commands

disable inline-power
disable inline-power

Description
Shuts down power to all ports.

Syntax Description
This command has no arguments or variables.

Default
Enable.

Usage Guidelines
You can control whether inline power is provided to the system by using the disable inline-power
command and the enable inline-power command. Using the disable inline-power command
shuts down power currently provided on all ports on all slots. By default, inline power provided to the
system is enabled.

Example
The following command shuts down power currently provided on all ports on all slots:
disable inline-power

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1152 ExtremeWare 7.3e Command Reference Guide

 disable inline-power legacy

disable inline-power legacy

disable inline-power legacy

Description
Disables legacy (802.3af compliant) devices from being detected by the PoE subsystem.

Syntax Description
This command has no arguments or variables.

Default
disabled

Usage Guidelines
The Summit 300-24 is capable of powering devices that are compliant to the IEEE 802.3af Power over
Ethernet standard. The enable inline-power legacy command allows PoE devices build before the
standard was approved to be powered.
If all the devices connected to the switch are 802.3af standards compliant, it is advised to keep the
default setting of disabled for legacy device support.
You can determine whether a device connected to the switch is standards compliant or not by using the
show inline-power info [detail] port <portlist] command. The detailed status line shows if
the device is 802.3af standards compliant.

Sample output from the show inline-power info detail ports command follows:

Summit300-24:3 # show inline-power info detail ports 5

PORT - 5

Configured Admin State: Enabled

Inline Power State: delivering
MIB Detect Status: delivering
Label:
Violation Precedence: max-class-operator
Operator Limit: 15400 milliwatts
Inline Type: other
PD Class: class3
Max Allowed Power: 15.400 W
Measured Power: 6.90 W
Line Voltage: 50.2 Volts
Current: 117 mA
Fault Status: None (D 0)
Detailed Status: valid resistor detected, 802.3af-compliant PD was detected

ExtremeWare 7.3e Command Reference Guide 1153

Power Over Ethernet Commands

Example
The following command disables 802.3af compliant devices:
disable inline-power legacy

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-24 only.

1154 ExtremeWare 7.3e Command Reference Guide

 disable inline-power ports

disable inline-power ports

disable inline-power ports <portlist>]

Description
Disables power provided by all system ports or specified ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
Enable.

Usage Guidelines
You can control whether inline power is provided by all system ports or specified ports by using the
disable inline-power ports <portlist>] command and the enable inline-power ports
<portlist>] command. Using the disable inline-power ports <portlist>] command shuts
down power currently provided by all system ports or specified ports. The system defaults to enabling
power on all 10/100 ports.

To power any port, the following conditions must be met:

• The system must be enabled for power.

• The slot must be enabled for power.
• The ports must be enabled for power.

Disabling a port providing power to a powered device (PD) immediately removes power to the PD.

Example
The following command shuts down power currently provided by port 2:
disable inline-power 2

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series models only.

ExtremeWare 7.3e Command Reference Guide 1155

Power Over Ethernet Commands

disable inline-power slot

disable inline-power slot <slot_id>

Description
Disables power provided to the specified slot.

Syntax Description

slot_id Specifies the slot for which power will be disabled.

Default
Enable.

Usage Guidelines
You can control whether inline power is provided to a specific slot by using the disable inline-power
slot <slot_id> command and the enable inline-power slot <slot_id> command. Using the
disable inline-power slot <slot_id> command shuts down power currently provided to the
selected slot. The system defaults to enabling power on all slots.

To power any port, the following conditions must be met:

• The system must be enabled for power.

• The slot must be enabled for power.
• The ports must be enabled for power.

Disabling a slot providing power to a powered device (PD) through one of its powered ports
immediately removes power to the PD.

Example
The following command shuts down power currently provided by slot 1:1.
disable inline-power slots 1:1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 only.

1156 ExtremeWare 7.3e Command Reference Guide

 enable inline-power

enable inline-power
enable inline-power

Description
Enables inline power to all ports, except for the ports that are explicitly disabled by the
disable inline-power ports command.

Syntax Description
This command has no arguments or variables.

Default
Enable.

Usage Guidelines
You can control whether inline power is provided to the system by using the disable inline-power
command and the enable inline-power command. Using the enable inline-power command
makes power available on all ports on all slots. Using the disable inline-power command shuts
down power currently provided on all ports on all slots. By default, inline power provided to the
system is enabled. To shutdown power to a specific port, use the disable inline-power ports
command.

Example
The following command enables power currently provided on all ports:
enable inline-power

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1157

Power Over Ethernet Commands

enable inline-power legacy

enable inline-power legacy

Description
Enables legacy (802.3af compliant) devices from being detected by the PoE subsystem.

Syntax Description
This command has no arguments or variables.

Default
disabled

Usage Guidelines
The Summit 300-24 is capable of powering devices that are compliant to the IEEE 802.3af Power over
Ethernet standard. The enable inline-power legacy command allows PoE devices build before the
standard was approved to be powered.
If all the devices connected to the switch are 802.3af standards compliant, it is advised to keep the
default setting of disabled for legacy device support.
You can determine whether a device connected to the switch is standards compliant or not by using the
show inline-power info [detail] port <portlist] command. The detailed status line shows if
the device is 802.3af standards compliant.

Sample output from the show inline-power info detail ports command follows:

Summit300-24:3 # show inline-power info detail ports 5

PORT - 5

Configured Admin State: Enabled

Inline Power State: delivering
MIB Detect Status: delivering
Label:
Violation Precedence: max-class-operator
Operator Limit: 15400 milliwatts
Inline Type: other
PD Class: class3
Max Allowed Power: 15.400 W
Measured Power: 6.90 W
Line Voltage: 50.2 Volts
Current: 117 mA
Fault Status: None (D 0)
Detailed Status: valid resistor detected, 802.3af-compliant PD was detected
To disable legacy devices, use the disable inline-power legacy command.

Example
The following command disables 802.3af compliant devices:

1158 ExtremeWare 7.3e Command Reference Guide

 enable inline-power legacy

enable inline-power legacy

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-24 only.

ExtremeWare 7.3e Command Reference Guide 1159

Power Over Ethernet Commands

enable inline-power ports

enable inline-power ports <portlist>]

Description
Enables power provided by all system ports or specified ports.

Syntax Description

portlist Specifies one or more slots and ports. May be in the form 1, 2, 3-5, 1:1, 2,
1:3-1:5.

Default
Enable.

Usage Guidelines
You can control whether inline power is provided by all system ports or specified ports by using the
disable inline-power ports <portlist>] command and the enable inline-power ports
<portlist>] command. Using the enable inline-power ports <portlist>] command makes
power available to all system ports or specified ports. Using the disable inline-power ports
<portlist>] command shuts down power currently provided by all system ports or specified ports.
The system defaults to enabling power on all 10/100 ports.

To power any port, the following conditions must be met:

• The system must be enabled for power.

• The slot must be enabled for power.
• The ports must be enabled for power.

Disabling a port providing power to a powered device (PD) immediately removes power to the PD.

Example
The following command enables power currently provided by port 2:
enable inline-power ports 2

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the Summit 300 switches.

1160 ExtremeWare 7.3e Command Reference Guide

 enable inline-power slot

enable inline-power slot

enable inline-power slot <slot_id>

Description
Enables power provided to the specified slot.

Syntax Description

slot_id Specifies the slot for which power will be enabled.

Default
Enable.

Usage Guidelines
You can control whether inline power is provided to a specific slot by using the disable inline-power
slot <slot_id> command and the enable inline-power slot <slot_id> command. Using the
enable inline-power slot <slot_id> command makes power available to the selected slot. Using
the disable inline-power slot <slot_id> command shuts down power currently provided to the
selected slot. The system defaults to enabling power on all slots.

To power any port, the following conditions must be met:

• The system must be enabled for power.

• The slot must be enabled for power.
• The ports must be enabled for power.

Disabling a slot providing power to a powered device (PD) through one of its powered ports
immediately removes power to the PD.

Example
The following command makes power available to slot 1:
enable inline-power slots 1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 only.

ExtremeWare 7.3e Command Reference Guide 1161

Power Over Ethernet Commands

reset inline-power ports

reset inline-power ports <portlist>

Description
Power cycles the specified ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
N/A.

Usage Guidelines
This command power cycles the specified ports. Ports are immediately de-powered and re-powered,
maintaining current power allocations.

Example
The following command resets power for port 4:
reset inline-power ports 4

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 seriesonly.

1162 ExtremeWare 7.3e Command Reference Guide

 reset inline-power slot

reset inline-power slot

reset inline-power slot <slot number>

Description
Resets the specified slot.

Syntax Description

slot Specifies that the PoE system is to use a specific slot.

Default
N/A.

Usage Guidelines
This command resets the specified slots. Slots are immediately de-powered and re-powered,
maintaining current power allocations.

Example
The following command resets power for slot 1:

reset inline-power slot 1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 only.

ExtremeWare 7.3e Command Reference Guide 1163

Power Over Ethernet Commands

show inline-power
show inline-power

Description
Displays inline power status information for the system.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
The output indicates the following inline power status information for the system:

• System maximum inline power—The nominal power available, in watts.

• Configured System Power Usage—The configured power usage threshold for the system, shown in
watts and as a percentage of available power.

The output indicates the following inline power status information for each slot:

• Main PSU Status—The operational status of the main power supply unit. The status conditions are:
— ON: Power is being provided to the PoE controller.
— OFF: Power is not being provided to the PoE controller.
— FAULT: An error has occurred.
• Backup PSU Status—The condition of the backup power device, indicated by the following
information:
— State: Present, Not Present, Fault
— Status: ACTIVATED, DEACTIVATED
Valid State, Status combinations are:
• Present, ACTIVATED
• Present, DEACTIVATED
• Not Present
• Fault
• Firmware Status—The condition of the firmware, indicated by one the following states:
— Initializing—Firmware is still coming up.
— Operational—Firmware is up and running.
— Download failure—Firmware failed to download properly.
— Needs calibrating—Firmware downloaded properly or is up and running, but values stored in
EEPROM are invalid. The unit should be returned to Extreme Networks Service for recalibration.

1164 ExtremeWare 7.3e Command Reference Guide

 show inline-power

— Image not found—No firmware image found.

— Version mismatch—Firmware version does not match what the system expects for this particular
ExtremeWare release.
— Invalid—Firmware was corrupted. Repeat the firmware download.

Example
The following command displays inline power status for the system:
show inline-power

Following is sample output from this command:

Inline Power System Information

System maximum inline-power: 32 watts
Power Usage: 70% (22 watts)

Slot Main PSU Status Backup PSU Status Firmware Status

1 OFF Present, ACTIVATED Operational

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1165

Power Over Ethernet Commands

show inline-power configuration port

show inline-power configuration port <portlist>

Description
Displays inline power configuration information for the specified ports.

Syntax Description

Default
portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

N/A.

Usage Guidelines
The output displays the following inline power configuration information for the specified ports:

• Config—Indicates whether the port is enabled to provide power:

— Enabled: The port is available to provide power.
— Disabled: The port is not available to provide power.
• Detect—Indicates the detect level:
— Auto: The port will power up if there is enough available power.
— Test: The port will not power up. Indicates a test mode to determine whether the port can be
discovered.
• Rsvd Pwr—Displays the amount of configured reserved power in watts.
• Oper Lmt—Displays the configured operator limit in watts. The operator limit is used only with
violation precedence.
• Viol Prec—Displays the violation precedence settings:
— ADVERTISED-LIMIT: Removes or denies power if an IEEE 802.3af-compliant powered device
(PD) consumes power beyond its advertised class limit.
— OPERATOR-LIMIT: Removes or denies power if the PD consumes power beyond the configured
operator limit.
— MAX-CLASS-OPERATOR: Removes or denies power if the PD consumes power beyond the
maximum of the detected class limit or the operator limit.
— NONE: Removes or denies power if the PD consumes power in excess of the regulatory
maximum allowable wattage.
• Label—Displays a text string, up to 13 characters in length, associated with the port.

Example
The following command displays inline power configuration information for ports 1-7 in slot 1:

1166 ExtremeWare 7.3e Command Reference Guide

 show inline-power configuration port

show inline-power configuration port 1:1-1:7

Following is sample output from this command:

Port Config Detect Rsvd Pwr Oper Lmt Viol Prec Label
1:1 enabled auto 0.0 15.4 max-class-operator
1:2 enabled auto 10.0 15.4 advertised-limit test_port2
1:3 enabled auto 0.0 15.4 max-class-operator
1:4 enabled auto 0.0 15.4 max-class-operator
1:5 enabled auto 0.0 15.4 max-class-operator
1:6 enabled auto 0.0 15.4 max-class-operator test_port6
1:7 enabled auto 0.0 15.4 max-class-operator

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the Summit 300 switches.

ExtremeWare 7.3e Command Reference Guide 1167

Power Over Ethernet Commands

show inline-power configuration slot

show inline-power configuration slot <slotlist>

Description
Displays inline power configuration information for the specified slots.

Syntax Description

slotlist Specifies one or more slots.

Default
N/A.

Usage Guidelines
The output displays the following inline power configuration information for the specified slots:

• Status—Indicates power status:

— Enabled: The slot is available to provide power.
— Disabled: The slot is not available to provide power.
• Cfg PSU Backup—Indicates the current setting of power source precedence:
— Internal
— None
• PSU Active—Indicates the power source currently supplying power:
— Internal
— External
• Usage Threshold—Displays the configured alarm threshold as a percentage.
• Connection Order—Displays the list of ports (1 – 32) by current connection order.

Example
The following command displays inline power configuration information for slot 1:
show inline-power configuration slot 1

Following is sample output from this command:

Slot Status Cfg PSU Backup PSU Active Usage Threshold

1 Enabled Internal Internal 70%

History
This command was first available in ExtremeWare 7.3e.

1168 ExtremeWare 7.3e Command Reference Guide

 show inline-power configuration slot

Platform Availability
This command is available on the Summit 300-48 only.

ExtremeWare 7.3e Command Reference Guide 1169

Power Over Ethernet Commands

show inline-power info port

show inline-power info [detail] port <portlist]

Description
Displays inline power information for the specified ports.

Syntax Description

detail Generates a detailed report.

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
N/A.

Usage Guidelines
You can use this command to generate a summary report or a detailed report.

Summary output displays the following inline power information for the specified ports:

• State—Displays the port power state:

— Disabled
— Searching
— Discovered
— Delivering
— Faulted
— Disconnected
— Other
— Denied
• Class—Displays the class type:
— “-----”: disabled or searching
— “class0”: class 0 device
— “class1”: class 1 device
— “class2”: class 2 device
— “class3”: class 3 device
— “class4”: class 4 device
• Connect History—Displays the connection order of the port from the connection history (if one
exists):
— 0: No connection history exists or the port is not in the history list.
— 1 – 32: There is a connection history and the port is in the history list.

1170 ExtremeWare 7.3e Command Reference Guide

 show inline-power info port

• Volts—Displays the measured voltage. A value from 0 – 2V is valid for ports that are in a searching
or discovered state.
• Curr—Displays the measure current in milli Amps (mA).
• Res—Displays the measured resistance in kilo Ohms (Kohms). A value greater than 100 Kohms
indicates an empty port.
• Power—Displays the measured power in watts.
• Fault—Displays the fault value:
— 0: No fault
— 1: Over voltage
— 2: Over voltage spike
— 3: Peak over current
— 4: Overload
— 8: Discovery resistance failed
— 9: Class violation
— 10: Disconnect
— 11: Discovery resistance, A2D fail
— 12: Classify, A2D fail
— 13: Sample A2D fail
— 14: Device fault, A2D fail

The detail command lists all inline power information for the selected ports. Detail output displays the
following information:

• Configured Admin State

• Inline Power State
• MIB Detect Status
• Label
• Violation Precedence
• Operator Limit
• Detection
• Reserved Power
• Inline Type
• Connect Order
• PD Class
• Max Allowed Power
• Measured Power
• Line Voltage
• Discovered Resistance
• Discovered Capacitance
• Current

ExtremeWare 7.3e Command Reference Guide 1171

Power Over Ethernet Commands

• Fault Status

Example
The following command displays summary inline power information for port 1:
show inline info port 1:1

Following is sample output from this command:

Port State Class Connect Volts Curr Res Power Fault

History (mA) (Kohms) (Watts)
1:1 searching ----- 0 0.0 0 0.0 0.00 0
The following command displays detail inline power information for port 1:
show inline info detail port 1:1

Following is sample output from this command from a Summit 300-24:

Inline-Power System Information

System maximum internal inline-power: 376 watts
Power Usage Threshold: 70% (263 watts)
Internal PSU: ON
External PSU: NOT PRESENT
System inline-power admin state: Enabled
Legacy Support: Disabled

Common Power
Configured Allocated Measured usage
376000mW 0 mW 0 mW

INLINE-POWER STATISTICS

PoE firmware status : Operational

PoE firmware revision: 290.21
PoE device revision : 2

Total ports powered: 0

Total ports waiting for power: 0
Total ports faulted: 0
Total ports disabled: 0

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 switches.

1172 ExtremeWare 7.3e Command Reference Guide

 show inline-power slot

show inline-power slot

show inline-power slot <slotlist>

Description
Displays inline power information for the specified slots.

Syntax Description

slotlist Specifies one or more slots.

Default
N/A.

Usage Guidelines
The output displays the following inline power information for the specified slots:

• Common Power:
— Configured: Displays in watts the configured amount of common power available. This amount is
equal to the total amount of configured power minus the amount of configured reserved power.
— Allocated: Displays in watts the amount of common power allocated.
• Reserved Power:
— Configured: Displays in watts the amount of power configured as reserved.
— Allocated: Displays in watts the amount of reserved power utilized.
• Measured Usage—Displays measured power in watts.

Example
The following command displays inline power information for slot 1:
show inline-power slot 1

Following is sample output from this command:

Common Power (mW) Reserved Power (mW)

Slot Configured Allocated Configured Allocated Actual usage
1 306000 15400 0 0 0 / 15400 / 306000

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 only.

ExtremeWare 7.3e Command Reference Guide 1173

Power Over Ethernet Commands

show inline-power stats ports

show inline-power stats ports <portlist>

Description
Displays inline power statistics for the specified ports.

Syntax Description

portlist Specifies one or more ports. May be in the form 1:1,1: 1:2, 1:3-1:5.

Default
N/A.

Usage Guidelines
The output displays the following inline power statistics for the specified ports:

• State—Displays the inline power state:

— Disabled
— Searching
— Discovered
— Delivering
— Faulted
— Disconnected
— Other
— Denied
• Class—Displays the class type:
— “-----”: disabled or searching
— “class0”: class 0 device
— “class1”: class 1 device
— “class2”: class 2 device
— “class3”: class 3 device
— “class4”: class 4 device
• Absent—Displays the number of times the port was disconnected.
• InvSig—Displays the number of times the port had an invalid signature.
• Denied—Displays the number of times the port was denied.
• Over-current—Displays the number of times the port entered an over-current state.
• Short—Displays the number of times the port entered under-current state.

1174 ExtremeWare 7.3e Command Reference Guide

 show inline-power stats ports

Example
The following command displays inline power configuration information for ports 1-8 in slot 1:
show inline-power stats ports 1:1-1:8

Following is sample output from this command:

Port State Class Absent InvSig Denied OverCurrent Short

1:1 searching ------ 0 0 0 0 0
1:2 delivering class0 0 0 0 0 0
1:3 searching ------ 0 0 0 0 0
1:4 searching ------ 0 0 0 0 0
1:5 searching ------ 1 0 0 0 0
1:6 delivering class3 0 0 0 0 0
1:7 searching ------ 0 0 0 0 0
1:8 searching ------ 0 0 0 0 0

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the Summit 300-48 only.

ExtremeWare 7.3e Command Reference Guide 1175

Power Over Ethernet Commands

show inline-power stats slot

show inline-power stats slot <slotlist>

Description
Displays inline power statistics for the specified slots.

Syntax Description

slotlist Specifies one or more slots.

Default
N/A.

Usage Guidelines
Use this command to produce a report that shows how many ports are faulted, powered, and waiting
for power for the selected slots.

Example
The following command displays inline power statistics information for slot 1:
show inline-power stats slot 1

Following is sample output from this command:

PoE firmware status: Operational

PoE firmware revision: 1.6
Connection Order: 3 15
Total ports powered: 1
Total ports waiting for power: 0
Total ports faulted: 0
Total ports disabled: 1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 series only.

1176 ExtremeWare 7.3e Command Reference Guide

 unconfigure inline-power detection ports

unconfigure inline-power detection ports

unconfigure inline-power detection ports <portlist>

Description
Resets the power detection scheme to the default for the specified ports.

Syntax Description

portlist Specifies one or more slots and ports. May be in the form 1:*, 1:5, 1:6-1:8.

Default
N/A.

Usage Guidelines
This command resets the power detection scheme configured with the following command:

configure inline-power detection [auto | discovery-test-only] ports <portlist>

Example
The following command resets the power detection scheme to its default for port 1 on slot 1:
unconfigure inline-power detection ports 1:1

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 only.

ExtremeWare 7.3e Command Reference Guide 1177

Power Over Ethernet Commands

unconfigure inline-power disconnect-precedence

unconfigure inline-power disconnect-precedence

Description
Returns the disconnect-precedence to the default value.

Syntax Description
This command has no arguments or variables.

Default
Deny-port

Usage Guidelines
The PoE controller disconnects one of the ports to prevent an overload on the power supply. The
disconnect function occurs when the power drain exceeds the available power budget because of a rise
in power consumption after power is allocated to the ports.

Example
The following example configures the disconnect precedence to disconnect the next port regardless of
priority:

unconfigure inline-power disconnect-precedence

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the Summit 300-48 only.

1178 ExtremeWare 7.3e Command Reference Guide

 unconfigure inline-power operator-limit ports

unconfigure inline-power operator-limit ports

unconfigure inline-power operator-limit ports <portlist>

Description
Resets the operator limit back to the default for the specified ports.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
The default operator limit is 15400 mW.

Usage Guidelines
This command resets the operator limit configured with the following command:

configure inline-power operator-limit <milliwatts> ports <portlist>

The Summit 300-24 has an operator limit range of 300 to 15400 milliwatts. The Summit 300-48 has an
operator limit range of 300 to 20000 milliwatts.

Example
The following command resets the operator limit to its default for port 2 on slot 1:
unconfigure inline-power operator-limit ports 1:2

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on the Summit 300 switches.

ExtremeWare 7.3e Command Reference Guide 1179

Power Over Ethernet Commands

unconfigure inline-power power-supply

unconfigure inline-power power-supply

Description
Sets the power supply mode to the default setting of redundant mode.

Syntax Description
This command has no arguments or variables.

Usage Guidelines
The Summit 300-48 PoE subsystem supports dual power supplies for either redundant or load-sharing
modes. Redundant mode is the default and provides hitless PoE should one of the two power supplies
fail, be removed, or powered off. Load-sharing mode allows both power supplies to provide power to
the PoE system, providing greater PoE power capacity. For load-sharing operation, the amount of power
provided to the PoE system is the sum of the power supplied by the power supplies.

Example
The following command returns a Summit 300-48 to redundant power supply mode:

unconfigure inline-power power-supply

History
This command was first available in ExtremeWare 7.3e

Platform Availability
This command is available on the Summit 300-48 only.

1180 ExtremeWare 7.3e Command Reference Guide

 unconfigure inline-power priority ports

unconfigure inline-power priority ports

unconfigure inline-power priority ports <portlist>

Description
Resets one or more ports to the default value of low priority.

Syntax Description

portlist Specifies one or more slots and ports. May be in the form 1:1,!:2, !:3-!:5.

Default
Low priority

Usage Guidelines
Power is allocated to ports by their designated priority. Power allocation is first provided to the higher
priority ports.

Example
The following example resets port 1:5 to low priority:

unconfigure inline-power priority ports 1:5

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300-48 only.

ExtremeWare 7.3e Command Reference Guide 1181

Power Over Ethernet Commands

unconfigure inline-power reserved-budget ports

unconfigure inline-power reserved-budget ports <portlist>

Description
Resets the reserved budget back to the default value.

Syntax Description

portlist Specifies one or more ports or slots and ports. Can be one or more port
numbers. May be in the form 1, 2, 3-5, 1:*, 1:5, 1:6-1:8.

Default
The default reserved budget value is 0 mW.

Usage Guidelines
This command resets to default the reserved power budget configured with the following command:

configure inline-power reserved budget <milliwatts> ports <portlist>

Example
The following command resets the reserved power budget to its default for port 3 on slot 1:
unconfigure inline-power reserved-budget ports 1:3

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1182 ExtremeWare 7.3e Command Reference Guide

 unconfigure inline-power usage-threshold

unconfigure inline-power usage-threshold

unconfigure inline-power usage-threshold

Description
Resets the inline power usage threshold to the default value.

Syntax Description
This command has no arguments or variables.

Default
The default value for the inline power usage threshold is 70 percent.

Usage Guidelines
This command resets to default the inline power usage threshold configured with the following
command:

configure inline-power usage-threshold <threshold>

Example
The following command resets the inline power usage threshold to its default value:
unconfigure inline-power usage-threshold

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

ExtremeWare 7.3e Command Reference Guide 1183

Power Over Ethernet Commands

unconfigure inline-power violation-precedence ports

unconfigure inline-power violation-precedence ports <portlist>

Description
Resets violation precedence to the default value for the specified ports.

Syntax Description

portlist Specifies one or more slots and ports. May be in the form 2:*, 2:5, 2:6-2:8.

Default
The default violation precedence value is max-class-operator.

Usage Guidelines
This command resets the violation precedence configured with the following command:

configure inline-power violation-precedence [advertised-class | operator-limit |

max-class-operator | none] ports <portlist>

Example
The following command resets the violation precedence to its default value for port 3 on slot 1:
unconfigure inline-power violation-precedence ports 1:3

History
This command was first available in ExtremeWare 7.3e.

Platform Availability
This command is available on Summit 300 series only.

1184 ExtremeWare 7.3e Command Reference Guide

 Index of Commands

C configure banner 45
clear counters 316 configure banner netlogin 46
clear debug-trace 590 configure bootprelay add 762
clear elrp stats 659 configure bootprelay delete 763
clear fdb 274 configure bootprelay dhcp-agent information option
clear igmp group 951 766
clear igmp snooping 952 configure cpu-dos-protect 407, 408
clear inline-power connection-history slot 1137 configure cpu-dos-protect trusted-ports 410, 411
clear inline-power fault ports 1138 configure debug-trace accounting 591
clear inline-power stats 1139 configure debug-trace bootprelay 592
clear iparp 760 configure debug-trace card-state-change 593
clear ipfdb 761 configure debug-trace debug-link 594
clear ipmc cache 953 configure debug-trace flow-redirect 595
clear ipmc fdb 954 configure debug-trace iparp 597
clear log 317 configure debug-trace rip-message 599
clear log counters 318 configure debug-trace rip-route-change 600
clear log diag-status 317 configure debug-trace rip-triggered-update 601
clear log error-led 317 configure debug-trace udp-forwarding 602
clear log messages 317 configure debug-trace wireless 603
clear log static 317 configure debug-trace wireless ports iapp 1009
clear nat 298 configure dns-client add 47
clear netlogin state 394 configure dns-client add domain-suffix 48
clear netlogin state mac-address 395 configure dns-client add name-server 49
clear session 42 configure dns-client default-domain 50
clear wireless ports counters 1003 configure dns-client delete 51
clear wireless ports interface ap-scan results 1004 configure dns-client delete domain-suffix 52
clear wireless ports interface client-history counters configure dns-client delete name-server 53
1005 configure download server 574
clear wireless ports interface client-scan counters 1006 configure eaps add control vlan 628
clear wireless ports interface client-scan results 1007 configure eaps add protect vlan 629
clear wireless ports log 1008 configure eaps delete control vlan 630
configure access-profile add 396 configure eaps delete protect vlan 631
configure access-profile delete 398 configure eaps failtime 632
configure access-profile mode 399 configure eaps failtime expiry-action 633
configure account 43 configure eaps hellotime 635
configure auth mgmt-access radius 400 configure eaps mode 636
configure auth mgmt-access tacacs 402 configure eaps name 637
configure auth netlogin radius 404 configure eaps port 638
configure auth netlogin tacacs 406 configure eaps shared-port domain 639

ExtremeWare 7.3e Command Reference Guide 1185

Index of Commands

configure eaps shared-port mode 640 configure log filter events 320
configure enhanced-dos-protect ipfdb agingtime 412 configure log filter events match 323
configure enhanced-dos-protect ipfdb cache-size 413 configure log filter events strict-match 323
configure enhanced-dos-protect ipfdb learn-window configure log filter set severity 326
415 configure log filter set severity match 327
configure enhanced-dos-protect learn-limit 414 configure log target filter 329
configure enhanced-dos-protect learn-window 417 configure log target format 331
configure enhanced-dos-protect ports 416 configure log target match 335
configure esrp port-mode ports 660 configure log target severity 337
configure fdb agingtime 275 configure mac-vlan add mac-address 252
configure idletimeouts 54 configure mac-vlan delete 254
configure igmp 955 configure mirroring add 191
configure igmp snooping add static group 956 configure mirroring delete 193
configure igmp snooping add static router 959 configure nat add vlan map 299
configure igmp snooping delete static group 958 configure nat delete 302
configure igmp snooping delete static router 960 configure nat finrst-timeout 304
configure igmp snooping filter 961 configure nat icmp-timeout 305
configure igmp snooping flood-list 962 configure nat syn-timeout 306
configure igmp snooping leave-timeout 964 configure nat tcp-timeout 307
configure igmp snooping timer 965 configure nat timeout 308
configure inline-power detection 1141, 1177 configure nat udp-timeout 309
configure inline-power label 1143 configure nat vlan 310
configure inline-power operator-limit 1144, 1151, 1179 configure netlogin base-url 419
configure inline-power power-supply 1146 configure netlogin redirect-page 420
configure inline-power priority 1147 configure ospf add virtual-link 868
configure inline-power reserved budget 1148, 1182 configure ospf add vlan area 870
configure inline-power type 1149 configure ospf add vlan area link-type 872
configure inline-power usage-threshold 1150, 1183 configure ospf area add range 875
configure inline-power violation-precedence 1151, configure ospf area delete range 876
1184 configure ospf area external-filter 862, 873
configure iparp add 769 configure ospf area interarea-filter 861, 874
configure iparp add proxy 770 configure ospf area normal 877
configure iparp delete 772 configure ospf area nssa stub-default-cost 878
configure iparp delete proxy 773 configure ospf area stub stub-default-cost 879
configure iparp max-entries 774 configure ospf asbr-filter 880
configure iparp max-pending-entries 775 configure ospf ase-limint 881
configure iparp timeout 776 configure ospf ase-summary add cost 882
configure ip-down-vlan-action 777 configure ospf ase-summary delete 883
configure ipfdb route-add 778 configure ospf authentication 865
configure ip-mtu vlan 187 configure ospf cost 863
configure iproute add 779 configure ospf delete virtual-link 884
configure iproute add blackhole 780 configure ospf delete vlan 885
configure iproute add blackhole default 781 configure ospf direct-filter 886
configure iproute add default 782 configure ospf lsa-batching-timer 887
configure iproute delete 783 configure ospf metric-table 888
configure iproute delete blackhole 784 configure ospf priority 864
configure iproute delete blackhole default 785 configure ospf routerid 889
configure iproute delete default 786 configure ospf spf-hold-time 890
configure iproute priority 787 configure ospf timer 866
configure irdp 789 configure ospf vlan area 869
configure irpd 790 configure ospf vlan neighbor add 891
configure irpp 789 configure ospf vlan neighbor delete 892
configure jumbo-frame size 189 configure pim add vlan 967
configure log display 319 configure pim crp static 968

1186 ExtremeWare 7.3e Command Reference Guide

 Index of Commands

configure pim delete vlan 969 configure security-profile use-dynamic-vlan 435

configure pim register-checksum-to 972 configure security-profile wep default-key-index 435,
configure pim register-rate-limit-interval 970 436
configure pim register-suppress-interval regis- configure security-profile wep key add 436
ter-probe-interval 971 configure security-profile wep key add hex plainstring
configure pim spt-threshold 973 437
configure pim timer vlan 974 configure security-profile wep key delete 438
configure pim vlan trusted-gateway 975 configure security-profile wpa-psk 439
configure ports 194 configure sharing address-based 207
configure ports auto off 197 configure snmp access-profile readonly 79
configure ports auto on 199 configure snmp access-profile readwrite 81
configure ports auto-polarity 200 configure snmp add community 83
configure ports display-string 201 configure snmp add trapreceiver 85
configure ports interpacket-gap 202 configure snmp community 89
configure ports preferred-medium 203 configure snmp delete community 91
configure ports redundant 205 configure snmp delete trapreceiver 93
configure protocol add 255 configure snmp syscontact 94
configure protocol delete 256 configure snmp syslocation 95
configure radius server 421 configure snmp sysname 96
configure radius shared-secret 422 configure snmpv3 add access 97
configure radius timeout 423 configure snmpv3 add community 99
configure radius-accounting server 424 configure snmpv3 add filter 100
configure radius-accounting shared-secret 425 configure snmpv3 add filter-profile 101
configure radius-accounting timeout 426 configure snmpv3 add group user 102
configure reboot-loop-protection 604 configure snmpv3 add mib-view 104
configure rf-preamble 1014 configure snmpv3 add notify 106
configure rf-profile beacon-interval 1010 configure snmpv3 add target-addr 107
configure rf-profile dtim-interval 1011 configure snmpv3 add target-params 109
configure rf-profile frag-length 1012 configure snmpv3 add user 111
configure rf-profile long-retry 1013 configure snmpv3 add user clone-from 113
configure rf-profile rts-threshold 1015 configure snmpv3 delete access 114
configure rf-profile short-retry 1016 configure snmpv3 delete community 116
configure rip add vlan 894 configure snmpv3 delete filter 117
configure rip delete vlan 895 configure snmpv3 delete filter-profile 118
configure rip garbagetime 896 configure snmpv3 delete group user 119
configure rip routetimeout 897 configure snmpv3 delete mib-view 121
configure rip rxmode 898 configure snmpv3 delete notify 122
configure rip txmode 899 configure snmpv3 delete target-addr 123
configure rip updatetime 900 configure snmpv3 delete target-params 124
configure rip vlan cost 901 configure snmpv3 delete user 125
configure rip vlan export-filter 902 configure snmpv3 engine-boots 126
configure rip vlan import-filter 903 configure snmpv3 engine-id 127
configure rip vlan trusted-gateway 904 configure snmpv3 target-addr-ext 128
configure security-profile default-user-vlan 427, 435 configure sntp-client server 130
configure security-profile dot11-auth network-auth en- configure sntp-client update-interval 131
cryption 428 configure ssh2 440
configure security-profile dot1x-wpa-timers group-up- configure ssl certificate pregenerated 442
date-timer 430 configure ssl certificate prikeylen country organization
configure security-profile dot1x-wpa-timers pair- common-name 443
wise-update-timer 431 configure ssl privkey pregenerated 445
configure security-profile dot1x-wpa-timers reauth-pe- configure stpd add vlan 708
riod 432 configure stpd delete vlan 710
configure security-profile ess-name 433 configure stpd forwarddelay 711
configure security-profile ssid-in-beacon 434 configure stpd hellotime 712

ExtremeWare 7.3e Command Reference Guide 1187

Index of Commands

configure stpd maxage 713 configure vlan esrp group delete esrp-aware-ports 691
configure stpd mode 714 configure vlan esrp priority 692
configure stpd port link-type 716 configure vlan esrp timer 693
configure stpd ports cost 715 configure vlan ipaddress 259
configure stpd ports mode 718 configure vlan name 260
configure stpd ports priority 719 configure vlan netlogin-lease-timer 457
configure stpd priority 720 configure vlan priority 289
configure stpd tag 721 configure vlan tag 261
configure syslog add 340 configure vlan udp-profile 793
configure syslog delete 342 configure vrrp add vlan 745
configure sys-recovery-level 339 configure vrrp delete 746
configure tacacs server 446 configure vrrp vlan add 747
configure tacacs shared-secret 447 configure vrrp vlan authentication 748
configure tacacs timeout 448 configure vrrp vlan delete vrid 749
configure tacacs-accounting server 449 configure vrrp vlan vrid 750
configure tacacs-accounting shared-secret 450 configure web login-timeout 132
configure tacacs-accounting timeout 451 configure wireless country-code 1017
configure time 55 configure wireless default-gateway 1019
configure timezone 56 configure wireless management-vlan 1020
configure udp-profile add 791 configure wireless port interface ap-scan added-trap
configure udp-profile delete 792 1025
configure vlan add domain-member vlan 662 configure wireless ports client-scan removed-trap 1041
configure vlan add elrp-poll ports 663, 674 configure wireless ports detected-station-timeout 1022
configure vlan add ports 257 configure wireless ports force-disassociation 1023
configure vlan add ports no-restart 664 configure wireless ports health-check 1024
configure vlan add ports restart 665 configure wireless ports interface ap-scan off-channel
configure vlan add ports stpd 722 1026
configure vlan add track-diagnostic 666 configure wireless ports interface ap-scan off-channel
configure vlan add track-environment 667 continuous 1027
configure vlan add track-iproute 668 configure wireless ports interface ap-scan off-channel
configure vlan add track-ospf 669 max-wait 1028
configure vlan add track-ping 670 configure wireless ports interface ap-scan off-channel
configure vlan add track-rip 671 min-wait 1029
configure vlan add track-vlan 672 configure wireless ports interface ap-scan probe-inter-
configure vlan delete domain-member vlan 673 val 1030
configure vlan delete port 258 configure wireless ports interface ap-scan re-
configure vlan delete track-diagnostic 675 moved-trap 1031
configure vlan delete track-environment 676 configure wireless ports interface ap-scan results size
configure vlan delete track-iproute 677 1032
configure vlan delete track-ospf 678 configure wireless ports interface ap-scan results time-
configure vlan delete track-ping 679 out 1033
configure vlan delete track-rip 680 configure wireless ports interface ap-scan send-probe
configure vlan delete track-vlan 681 1034
configure vlan dhcp-address-range 452 configure wireless ports interface ap-scan updated-trap
configure vlan dhcp-lease-timer 453 1035
configure vlan dhcp-options 454 configure wireless ports interface channel 1036
configure vlan esrp elrp-master-poll disable 682 configure wireless ports interface client-history size
configure vlan esrp elrp-master-poll enable 683 1038
configure vlan esrp elrp-premaster-poll disable 684 configure wireless ports interface client-history timeout
configure vlan esrp elrp-premaster-poll enable 685 1038, 1039
configure vlan esrp esrp-election 686 configure wireless ports interface client-scan add-
configure vlan esrp esrp-premaster-timeout 688 ed-trap 1040
configure vlan esrp group 689 configure wireless ports interface client-scan results
configure vlan esrp group add esrp-aware-ports 690 timeout 1043

1188 ExtremeWare 7.3e Command Reference Guide

 Index of Commands

configure wireless ports interface max-clients 1044 disable cpu-dos-protect 477

configure wireless ports interface power-level 1045 disable dhcp ports vlan 134, 478
configure wireless ports interface rf-profile 1046 disable diffserv examination ports 290
configure wireless ports interface security-profile 1047 disable eapol-flooding 133, 144, 160
configure wireless ports interface transmit-rate 1048 disable eaps 645
configure wireless ports interface wireless-bridging disable edp ports 208
1049 disable enhanced-dos-protect rate-limit 479
configure wireless ports ipaddress 1050 disable esrp vlan 695
configure wireless ports location 1051 disable icmp address-mask 798
create access-mask 460 disable icmp parameter-problem 799
create access-profile type 461 disable icmp port-unreachables 800
create account 60 disable icmp redirects 801
create eaps 641 disable icmp time-exceeded 802
create eaps shared-port 642 disable icmp timestamp 803
create fdbentry vlan blackhole 276 disable icmp unreachables 804
create fdbentry vlan dynamic 278 disable icmp useredirects 805
create fdbentry vlan ports 280 disable idletimeouts 65
create log filter 343 disable igmp 976
create ospf area 905 disable igmp snooping 977
create protocol 262 disable igmp snooping with-proxy 978
create rf-profile copy 1052 disable ignore-stp vlan 727
create rf-profile mode 1053 disable inline-power 1152, 1157
create security-profile 464 disable inline-power ports 1155, 1160
create stpd 724 disable inline-power slots 1156, 1161
create trusted-mac-address 465 disable iparp checking 806
create upd-profile 794 disable iparp refresh 807
create vlan 263 disable ipforwarding 808
disable ipmcforwarding 979
D disable ip-option loose-source-route 809
delete access-list 467 disable ip-option record-route 810
delete access-profile 469 disable ip-option record-timestamp 811
delete account 62 disable ip-option strict-source-route 812
delete eaps 643 disable ip-option use-router-alert 813
delete eaps shared-port 644 disable iproute sharing 814
delete fdbentry 282 disable irdp 815
delete log filter 344 disable jumbo-frame ports 209
delete ospf area 906 disable lbdetect port 210
delete rate-limit 470 disable learning ports 211
delete rf-profile 1054 disable log debug-mode 346, 605
delete security-profile 471 disable log display 347
delete stpd 726 disable log target 348
delete trusted-mac address 472 disable loopback-mode vlan 816
delete udp-profile 795 disable mac-vlan port 266
delete vlan 265 disable mirroring 212
disable access-list 468 disable nat 311
disable access-list counter 468 disable netlogin 480
disable access-list log 468 disable netlogin logout-privilege 481
disable arp-learning 473 disable netlogin ports 482
disable arp-learning ports 474 disable netlogin ports vlan 482
disable arp-learning vlan 475, 476 disable netlogin session-refresh 483
disable bootp vlan 796 disable ospf 907
disable bootprelay 797 disable ospf capability opaque-lsa 908
disable cli-config-logging 345 disable ospf export 909
disable clipaging 64 disable pim 980

ExtremeWare 7.3e Command Reference Guide 1189

Index of Commands

disable ports 213 E

disable radius 484 enable arp-learning 496, 497
disable radius-accounting 485 enable arp-learning vlan 498
disable rip 910 enable bootprelay 819
disable rip aggregation 911 enable bootpvlan 818
disable rip export 912 enable cli-config-logging 352
disable rip exportstatic 913 enable clipaging 66
disable rip originate-default 914 enable cpu-dos-protect 499
disable rip poisonreverse 915 enable cpu-dos-protect simulated 500
disable rip splithorizon 916 enable dhcp ports vlan 145, 501
disable rip triggerupdate 917 enable diffserv examination ports 291
disable rmon 350 enable eaps 646
disable sharing 214 enable edp ports 216
disable smartredundancy 215 enable enhanced-dos-protect rate-limit 502
disable snmp access 135 enable esrp vlan 696
disable snmp dot1dTpFdbTable 136 enable icmp address-mask 820
disable snmp traps 137 enable icmp parameter-problem 821
disable snmp traps port-up-down ports 138 enable icmp port-unreachables 822
disable sntp-client 140 enable icmp redirects 823
disable ssh2 486 enable icmp time-exceeded 824
disable stpd 728 enable icmp timestamp 825
disable stpd ports 729 enable icmp unreachables 826
disable stpd rapid-root-failover 730 enable icmp useredirects 827
disable syslog 351 enable idletimeouts 67
disable system-watchdog 141 enable igmp 981
disable tacacs 487 enable igmp snooping 982
disable tacacs-accounting 488 enable igmp snooping with-proxy 984
disable tacacs-authorization 489 enable ignore-stp vlan 731
disable telnet 142 enable inline-power 1152, 1157
disable trusted-mac-address 490 enable inline-power ports 1155, 1160
disable udp-echo-server 817 enable inline-power slots 1156, 1161
disable vrrp 752 enable iparp checking 828
disable web 143, 491 enable ipforwarding 830
disable web http 492 enable ipmcforwarding 985
disable web https 493 enable ip-option loose-source-route 831
disable wireless pors interface client-scan 1062 enable ip-option record-route 832
disable wireless ports 1055 enable ip-option record-timestamp 833
disable wireless ports cancel-scheduler 1056 enable ip-option strict-source-route 834
disable wireless ports every 1057 enable ip-option use-router-alert 835
disable wireless ports interface 1058 enable iproute sharing 836
disable wireless ports interface ap-scan 1059 enable irdp 837
disable wireless ports interface ap-scan off-channel enable jumbo-frame ports 217
1060 enable lbdetect port 218
disable wireless ports interface client-history 1061 enable learning ports 219
disable wireless ports interface iapp 1063 enable license 68
disable wireless ports interface svp 1064 enable log debug-mode 353, 606
disable wireless ports time 1065 enable log display 354
download bootrom 575 enable log target 355
download configuration 576 enable loopback-mode vlan 838
download configuration cancel 578 enable mac-vlan mac-group 267
download configuration every 579 enable nat 312
download ssl certificate 494 enable netlogin 503
download ssl privkey 495 enable netlogin logout-privilege 504
enable netlogin ports 505

1190 ExtremeWare 7.3e Command Reference Guide

 Index of Commands

enable netlogin ports vlan 505 enable wireless ports interface client-history 1072
enable netlogin session-refresh 506 enable wireless ports interface client-scan 1073
enable ospf 918 enable wireless ports interface iapp 1074
enable ospf capability opaque-lsa 919 enable wireless ports interface svp 1075
enable ospf export 920 enable wireless ports time 1076
enable ospf export direct 921 exit 157
enable ospf export rip 923
enable ospf export static 924 H
enable ospf originate-default 925 history 69
enable pim 986
enable ports 222 L
enable radius 507 logout 158
enable radius-accounting 508
enable rip 926 M
enable rip aggregation 927 mrinfo 987
enable rip export cost 928 mtrace 988
enable rip exportstatic 929
enable rip originate-default cost 930 N
enable rip poisonreverse 931 nslookup 607
enable rip splithorizon 932
enable rip triggerupdate 933
P
enable rmon 357
ping 608
enable sharing grouping 223
enable smartredundancy 225
enable snmp access 146
Q
quit 159
enable snmp dot1dtpfdbtable 148
enable snmp traps 149
enable snmp traps port-up-down 150 R
enable sntp-client 152 reate access-profile 461
enable ssh2 509 reboot 70
enable stpd 732 reset inline-power ports 1162, 1163
enable stpd ports 733 reset wireless ports 1077
enable stpd rapid-root-failover 734 reset wireless ports interface 1078
enable syslog 359 restart ports 226
enable system-watchdog 153 rtlookup 840
enable tacacs 510 run diagnostics 610
enable tacacs accounting. 511 run diagnostics cable ports 611
enable tacacs-authorization 512
enable telnet 154 S
enable trusted-mac-address 513 save configuration 581
enable udp-echo-server 839 scp2 519
enable vrrp 753 scp2 configuration 521
enable web 156, 514 show access-list 522
enable web http 515 show access-mask 524
enable web http access-profile 516 show access-profile 525
enable web https 492, 517 show arp-learning vlan 526
enable web https access-profile 518 show arp-learning vlan port 527
enable wireless ports 1066 show banner 71
enable wireless ports cancel-scheduler 1067 show configuration 200, 582
enable wireless ports every 1068 show cpu-dos-protect 529
enable wireless ports interface 1069 show debug-trace 613
enable wireless ports interface ap-scan 1070 show dns-client 72
enable wireless ports interface ap-scan off-channel show eaps 647
1071 show eaps shared-port 651

ExtremeWare 7.3e Command Reference Guide 1191

Index of Commands

show eaps summary 652 show ospf virtual-link 942

show edp 227 show pim 997
show elrp 697 show pim rp-set 997
show enhanced-dos-protect 531 show ports cable diagnostics 617
show esrp 699 show ports collisions 230
show esrp vlan 703 show ports configuration 232
show esrp-aware 73 show ports info 234
show esrp-aware vlan 702 show ports packet 237
show esrp-aware-ports 701 show ports qosmonitor 292
show fdb 283 show ports redundant 239
show igmp group 990 show ports rxerrors 377
show igmp snooping 991 show ports sharing 240
show igmp snooping filter 992 show ports stats 379
show igmp snooping static group 993 show ports txerrors 382
show inline-power 1164 show ports utilization 242
show inline-power configuration port 1166 show ports vlan info 245
show inline-power configuration slot 1168 show ports vlan stats 247
show inline-power info 1170 show protocol 269
show inline-power info port 1153, 1158 show qosprofile 294
show inline-power slot 1173 show radius 534
show inline-power stats ports 1139, 1174 show radius-accounting 536
show inline-power stats slot 1176 show rate-limit 538
show iparp 841 show rip 943
show iparp proxy 842 show rip stat 944
show ipconfig 843 show rip stat vlan 945
show ipfdb 844 show rip vlan 946
show ipmc cache 994 show security-profile 540
show ipmc fdb 995 show session 164
show iproute 846 show sharing address-based 248
show ipstats 848 show snmpv3 access 166
show l2stats 996 show snmpv3 context 167
show log 360 show snmpv3 counters 168
show log components 364 show snmpv3 engine-info 169
show log configuration 366 show snmpv3 filter 170
show log configuration filter 368 show snmpv3 filter-profile 171
show log configuration target 370 show snmpv3 group 172
show log counters 371 show snmpv3 mib-view 173
show log events 373 show snmpv3 notify 174
show mac-vlan 268 show snmpv3 target-addr 175, 176
show management 161 show snmpv3 target-params 177
show memory 375 show snmpv3 user 178
show mirroring 229 show sntp-client 179
show nat 313 show ssl 543
show netlogin 532 show stpd 735
show netlogin ports 532 show stpd ports 737
show odometer 163 show switch 74
show ospf 934 show tacacs 546
show ospf area 935 show tacacs-accounting 548
show ospf area detail 936 show tech-support 619
show ospf ase-summary 937 show trusted-mac-address 550
show ospf interfaces 939 show udp-profile 851
show ospf interfaces detail 938 show version 384
show ospf lsdb 940 show vlan 270
show ospf lsdb area lstype 940 show vlan dhcp-address-allocation 181

1192 ExtremeWare 7.3e Command Reference Guide

 Index of Commands

show vlan dhcp-config vlan 182 unconfigure enhanced-dos-protect ipfdb cache-size

show vlan security 551 558
show vlan stpd 739 unconfigure enhanced-dos-protect ipfdb learn-limit
show vrrp 754 559
show vrrp vlan stats 756 unconfigure enhanced-dos-protect learn-window 560,
show wireless ap-scan results 1084 562
show wireless ap-scan results mac_address 1086 unconfigure enhanced-dos-protect ports 561
show wireless client-scan results 1087, 1089 unconfigure icmp 855
show wireless configuration 1090 unconfigure igmp 998
show wireless ports 1091 unconfigure inline-power detection ports 1177
show wireless ports configuration 1093 unconfigure inline-power operator-limit ports 1179
show wireless ports debug-trace 1095 unconfigure inline-power reserved-budget ports 1182
show wireless ports interface ap-scan configuration unconfigure inline-power usage-threshold 1183
1097 unconfigure inline-power violation-precedence ports
show wireless ports interface ap-scan results 1099 1184
show wireless ports interface ap-scan status 1103 unconfigure iparp 856
show wireless ports interface client mac-statistics 1104 unconfigure irdp 857
show wireless ports interface client-history configura- unconfigure log filter 385
tion 1106 unconfigure log target format 386
show wireless ports interface client-history diagnostics unconfigure management 184
1107 unconfigure ospf 947
show wireless ports interface client-history mac-layer unconfigure pim 999
1109 unconfigure ports display-string 249
show wireless ports interface client-history status 1111 unconfigure ports redundant 250
show wireless ports interface clients 1120 unconfigure radius 564
show wireless ports interface client-scan configuration unconfigure radius-accounting 565
1113 unconfigure rip 948
show wireless ports interface client-scan results 1115 unconfigure stpd 741
show wireless ports interface client-scan results unconfigure switch 583
mac-address 1117 unconfigure tacacs 566
show wireless ports interface client-scan status 1118 unconfigure tacacs-accounting 567
show wireless ports interface configuration 1122 unconfigure udp-profile 858
show wireless ports interface pae-diagnostics 1125 unconfigure vlan dhcp-address-range 568
show wireless ports interface pae-statistics 1126 unconfigure vlan dhcp-options 570
show wireless ports interface rf-status 1127 unconfigure vlan ipaddress 272
show wireless ports interface security-status 1129 upload configuration 584
show wireless ports interface stats 1131 upload configuration cancel 586
show wireless ports interface status 1132 upload log 388
show wireless ports log 1133 use configuration 587
ssh2 552

T
telnet 183
top 621
traceroute 76

U
unconfigure cpu-dos-protect 554, 555, 556
unconfigure diffserv examination ports 296
unconfigure eaps port 656
unconfigure eaps shared-port 654
unconfigure eaps shared-port mode 655
unconfigure enhanced-dos-protect ipfdb agingtime
557

ExtremeWare 7.3e Command Reference Guide 1193

Index of Commands

1194 ExtremeWare 7.3e Command Reference Guide