Page 1: Cli Reference Guide
Dell PowerConnect 7000 Series Systems CLI Reference Guide Regulatory Model: PC7024, PC7024F, PC7024P, PC7048, PC7048P, PC7048R, and PC7048R-RA...
Page 2 Other trademarks and trade names may be used in this publication to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
Contents Command Groups ....Introduction ..... . . Command Groups .
Page 4 Layer 2 Switching Commands ..AAA Commands ....TACACS+ Accounting ....Commands in this Chapter .
Page 5 password (User EXEC) ....show aaa ias-users ....show aaa statistics .
Page 6 Commands in this Chapter ....access-list ......deny | permit (IP ACL) .
Page 7 show mac address-table ....show mac address-table address ... . show mac address-table count ... . . show mac address-table dynamic .
Page 8 isdp timer ......show isdp ......show isdp entry .
Page 9 show dhcp l2relay remote-id vlan ... . clear dhcp l2relay statistics interface ..11 DHCP Management Interface Commands 359 Commands in this Chapter .
Page 10 show ip dhcp snooping ....show ip dhcp snooping binding ... . . show ip dhcp snooping database .
Page 11 logging email ..... . logging email urgent ....logging traps .
Page 12 flowcontrol ......interface ......interface range .
Page 13 16 Ethernet CFM Commands ... Commands in this Chapter ....ethernet cfm domain ....service .
Page 14 Energy Efficient Ethernet ....Commands in this Chapter ....green-mode energy-detect .
Page 15 19 IGMP Snooping Commands ..Commands in this Chapter ....ip igmp snooping ..... show ip igmp snooping .
Page 16 show ip igmp snooping querier ... . . 21 IP Addressing Commands ... Commands in this Chapter ....clear host .
Page 17 show ip address-conflict ....show ip helper-address ....show ipv6 dhcp interface out-of-band statistics .
Page 18 show ipv6 mld snooping ....show ipv6 mld snooping groups ... . . show ipv6 mld snooping mrouter .
Page 19 26 iSCSI Optimization Commands ..Commands in this Chapter ....iscsi aging time ..... iscsi cos .
Page 20 clear lldp statistics ....dcb enable ......lldp med .
Page 21 show lldp statistics ....29 Multicast VLAN Registration Commands 617 Commands in this Chapter ....
Page 22 LAG Hashing ..... . . Enhanced LAG Hashing ....Manual Aggregation of LAGs .
Page 23 show monitor session ....32 QoS Commands ....Access Control Lists .
Page 24 mark cos ......mark ip-dscp ..... . . mark ip-precedence .
Page 25 police-simple ..... . police-two-rate ..... policy-map .
Page 26 33 RADIUS Commands ....Commands in this Chapter ....aaa accounting dot1x default start-stop .
Page 27 show aaa servers ....show accounting methods ....show radius statistics .
Page 28 spanning-tree forward-time ....spanning-tree guard ....spanning-tree loopguard .
Page 29 priority ......show tacacs ..... . . tacacs-server host .
Page 30 37 VLAN Commands ....Double VLAN Mode ....Independent VLAN Learning .
Page 31 show vlan association mac ....show vlan association subnet ....switchport access vlan .
Page 32 switchport mode private-vlan ....private-vlan ..... . . show vlan private-vlan .
Page 33 dot1x max-users ..... dot1x port-control ....dot1x re-authenticate .
Page 34 show dot1x advanced ....40 Layer 3 Commands ....41 ARP Commands .
Page 35 ip dhcp pool ..... . . bootfile ......clear ip dhcp binding .
Page 36 service dhcp ..... . . sntp ......show ip dhcp binding .
Page 37 show ipv6 dhcp statistics ....44 DVMRP Commands ....Commands in this Chapter .
Page 38 ip igmp last-member-query-interval ..ip igmp query-interval ....ip igmp query-max-response-time ... ip igmp robustness .
Page 39 show ip igmp-proxy groups detail ... 48 IP Helper/DHCP Relay Commands ..Commands in this Chapter ....bootpdhcprelay maxhopcount .
Page 40 Commands in this Chapter 1008 ....encapsulation 1009 ..... ip address 1009 .
Page 41 50 IPv6 PIM Commands 1037 ....ipv6 pim 1037 ......ipv6 pim sparse (Global config) 1038 .
Page 42 51 IPv6 Routing Commands 1057 ... IPv6 Limitations & Restrictions 1057 ... . Commands in this Chapter 1057 ....clear ipv6 neighbors 1058 .
Page 43 ipv6 nd other-config-flag 1072 ....ipv6 nd prefix 1073 ..... . ipv6 nd ra-interval 1074 .
Page 44 show ipv6 neighbors 1100 ....show ipv6 route 1101 ....show ipv6 route preferences 1103 .
Page 45 ip pim dense 1123 ..... . ip pim dr-priority 1123 ....ip pim hello-interval 1124 .
Page 46: Area Nssa No-Summary
54 OSPF Commands 1145 ....Route Preferences 1146 ....OSPF Equal Cost Multipath (ECMP) 1146 .
Page 47: Area Virtual-Link Retransmit-Interval
area virtual-link retransmit-interval 1167 ..area virtual-link transmit-delay 1168 ... . auto-cost 1169 ......bandwidth 1170 .
Page 48 ip ospf mtu-ignore 1185 ....ip ospf network 1186 ....ip ospf priority 1187 .
Page 49 show ip ospf asbr 1211 ....show ip ospf database 1212 ....show ip ospf database database-summary 1215 .
Page 50 area nssa no-summary 1242 ....area nssa translator-role 1243 ....area nssa translator-stab-intv 1244 .
Page 51 ipv6 ospf hello-interval 1261 ....ipv6 ospf mtu-ignore 1262 ....ipv6 ospf network 1263 .
Page 52 show ipv6 ospf database 1281 ....show ipv6 ospf database database-summary 1284 ..show ipv6 ospf interface 1285 ....show ipv6 ospf interface brief 1287 .
Page 53 57 Routing Information Protocol Commands 1307 Commands in this Chapter 1307 ....auto-summary 1307 ..... default-information originate (Router RIP Configuration) 1308 default-metric 1309...
Page 54 58 Tunnel Interface Commands 1323 ..Commands in this Chapter 1323 ....interface tunnel 1324 ....show interfaces tunnel 1324 .
Page 55 vrrp priority 1338 ..... . . vrrp timers advertise 1339 ....vrrp timers learn 1340 .
Page 56 show auto-copy-sw 1361 ....show boot 1362 ..... . . 62 Captive Portal Commands 1365 .
Page 57 session-timeout 1378 ....verification 1379 ..... . . captive-portal client deauthenticate 1380 .
Page 58 user group name 1396 ....63 CLI Macro Commands 1397 ... . . Commands in this Chapter 1398 .
Page 59 sntp broadcast client enable 1414 ... . . sntp client poll timer 1414 ....sntp server 1415 .
Page 60 66 Configuration and Image File Commands 1431 File System Commands 1431 ....Command Line Interface Scripting 1431 ..Commands in this Chapter 1431 .
Page 61 67 Denial of Service Commands 1453 ..Commands in this Chapter 1454 ....dos-control firstfrag 1455 ....dos-control icmp 1455 .
Page 62 show line 1469 ......speed 1470 ......69 Management ACL Commands 1471 .
Page 63 Commands in this Chapter 1485 ....passwords aging 1486 ....passwords history 1486 .
Page 64 73 Power Over Ethernet Commands 1505 ..Flexible Power Management 1505 ... . . Commands in this Chapter 1505 ....power inline 1506 .
Page 65 rmon event 1523 ..... . . show rmon alarm 1524 ....show rmon alarms 1526 .
Page 66 debug ip acl 1548 ..... . debug ip dvmrp 1548 ..... debug ip igmp 1549 .
Page 67 debug vrrp 1563 ..... . . show debugging 1563 ....77 Sflow Commands 1565 .
Page 68 show snmp views 1583 ....show trapflags 1584 ..... snmp-server community 1586 .
Page 69 ip ssh port 1609 ..... . . ip ssh pubkey-auth 1610 ....ip ssh server 1611 .
Page 70 logging facility 1630 ..... logging file 1631 ..... . . logging monitor 1632 .
Page 71 hardware profile portmode 1650 ....hostname 1651 ......initiate failover 1652 .
Page 72 show nsf 1670 ......show power-usage-history 1671 ....show process cpu 1673 .
Page 73 traceroute 1706 ..... . . 82 Telnet Server Commands 1709 ... Telnet Client Behaviors 1709 .
Page 74 Commands in this Chapter 1726 ....unmount usb 1726 ..... . show usb 1727 .
Page 75 ip http secure-certificate 1743 ....ip http secure-port 1744 ....ip http secure-server 1745 .
Page 76 Contents...
Page 77: Command Groups
Command Groups Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
Page 78 (continued) Table 1-1. System Command Groups Command Group Description Administrative Profiles Configures and displays ACL information. Address Table Configures bridging address tables. Auto-VoIP Configures Auto VoIP for IP phones on a switch. CDP Interoperability Configures Cisco Discovery Protocol (CDP). ® DHCP L2 Relay Enables the Layer 2 DHCP Relay agent for an interface.
Page 79 (continued) Table 1-1. System Command Groups Command Group Description Radius Configures and displays RADIUS information. Spanning Tree Configures and reports on Spanning Tree protocol. TACACS+ Configures and displays TACACS+ information. VLAN Configures VLANs and displays VLAN information. Voice VLAN Configures voice VLANs and displays voice VLAN information.
Page 80 (continued) Table 1-1. System Command Groups Command Group Description Tunnel Interface (IPv6) Managing tunneling operations. Virtual Router Controls virtual LAN routing. Redundancy (IPv4) Virtual Router Manages router redundancy on the system. Redundancy (IPv4) Utility Commands Auto-Install Automatically configures switch when a configuration file is not found.
Page 81: Mode Types
(continued) Table 1-1. System Command Groups Command Group Description Syslog Manages and displays syslog messages. System Management Configures the switch clock, name and authorized users. Telnet Server Configures Telnet service on the switch and displays Telnet information. User Interface Describes user commands used for entering CLI commands.
Page 82 • MA — Management Access-level • MC — MST Configuration • MDC — Maintenance Domain Configuration • ML — MAC-List Configuration • MSC — Mail Server Configuration • MT — MAC-acl • OG — OSPFv2 Global Configuration • PE — Privileged EXEC •...
Page 83: Layer 2 Commands
Layer 2 Commands Command Description Mode aaa authentication dot1x Specifies an authentication method for 802.1x default clients. aaa authentication enable Defines authentication method lists for accessing higher privilege levels. aaa authentication login Defines login authentication. aaa authorization network Enables the switch to accept VLAN assignment default radius by the RADIUS server.
Page 84: Administrative Profiles
Command Description Mode show users accounts Displays information about the local user database. show users login-history Displays information about login histories of users. username Establishes a username-based authentication system. Optionally allows the specification of an Administrative Profile for a local user. username unlock Transfers local user passwords between devices without having to know the passwords.
Page 85: Address Table
Command Description Mode deny | permit (IP ACL) The deny command denies traffic if the conditions defined in the deny statement are matched. The permit command allows traffic if the conditions defined in the permit statement are matched. ip access-group Attaches a specified access-control list to an GC or interface.
Page 86 Command Description Mode mac address-table static vlan Registers MAC-layer multicast addresses to the bridge forwarding table, and adds static ports to the group. mac address-table static vlan Adds a static MAC-layer station source address to the bridge table. port security Disables new address learning on an interface.
Page 87 Auto-VoIP Command Description Mode switchport voice detect auto Enables the VoIP Profile on all the interfaces of GC or the switch. show switchport voice Displays the status of auto-voip on an interface or all interfaces. For the meaning of each Mode abbreviation, see Mode Types on page 81.
Page 88: Dhcp Snooping
DHCP L2 Relay Command Description Mode dhcp l2relay (Global Enables the Layer 2 DHCP Relay agent for an GC or Configuration) interface or globally. dhcp l2relay circuit-id Enables user to set the DHCP Option 82 Circuit ID for a VLAN. dhcp l2relay remote-id Enables user to set the DHCP Option 82 Remote ID for a VLAN.
Page 89 Command Description Mode clear ip dhcp snooping Clears all DHCP Snooping statistics. statistics ip dhcp snooping Enables DHCP snooping globally or on a GC or specific VLAN. ip dhcp snooping binding Configures a static DHCP Snooping binding. ip dhcp snooping database Configures the persistent location of the DHCP snooping database.
Page 90: Dynamic Arp Inspection
Dynamic ARP Inspection Command Description Mode arp access-list Creates an ARP ACL. clear ip arp inspection Resets the statistics for Dynamic ARP statistics Inspection on all VLANs. ip arp inspection filter Configures the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets.
Page 91 E-mail Alerting Command Description Mode logging email Enables e-mail alerting and sets the lowest severity level for which log messages are e- mailed. logging email urgent Sets the lowest severity level at which log messages are e-mailed in an urgent manner. logging traps Sets the lowest severity level at which SNMP traps are logged.
Page 92: Ethernet Configuration
Command Description Mode show mail-server Displays the configuration of all the mail servers or a particular mail server. For the meaning of each Mode abbreviation, see Mode Types on page 81. Ethernet Configuration Command Description Mode clear counters Clears statistics on an interface. description Adds a description to an interface.
Page 93 Command Description Mode shutdown Disables interfaces. speed Configures the speed of a given Ethernet interface when not using auto-negotiation. storm-control broadcast Enables Broadcast storm control. storm-control multicast Enables the switch to count Multicast packets together with Broadcast packets. storm-control unicast Enables Unicast storm control.
Page 94: Green Ethernet
81. Green Ethernet Command Description Mode green-mode energy-detect Enables a Dell proprietary mode of power reduction on ports that are not connected to another interface. green-mode eee Enables EEE low power idle mode on an interface or all the interfaces.
Page 95 Command Description Mode show green-mode interface- Displays the green-mode configuration and operational status of the port. This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled.
Page 96: Igmp Snooping
IGMP Snooping Command Description Mode ip igmp snooping In Global Config mode, Enables Internet Group Management Protocol (IGMP) snooping. show ip igmp snooping Displays Multicast groups learned by IGMP groups snooping. show ip igmp snooping Displays information on dynamically learned mrouter Multicast router interfaces.
Page 97 Command Description Mode ip igmp snooping querier Enables the Snooping Querier to participate in election participate the Querier Election process when it discovers the presence of another Querier in the VLAN. ip igmp snooping querier Sets the IGMP Querier Query Interval time. query-interval ip igmp snooping querier Sets the IGMP Querier timer expiration period.
Page 98 Command Description Mode ip name-server Configures available name servers. ipv6 address (Interface Sets the IPv6 address of the management Config) interface. ipv6 address (OOB Port) Sets the IPv6 prefix on the out-of-band port. ipv6 address dhcp Enables the DHCPv6 client on an IPv6 interface.
Page 99: Ipv6 Mld Snooping
Command Description Mode ipv6 traffic-filter Attaches a specific IPv6 ACL to an interface or associates it with a VLAN ID in a given direction. show ipv6 access-lists Displays an IPv6 access list (and the rules defined for it). For the meaning of each Mode abbreviation, see Mode Types on page 81.
Page 100: Iscsi Optimization
Command Description Mode ipv6 mld snooping querier Sets the global MLD Snooping Querier address GC or address on the system or on a VLAN. ipv6 mld snooping querier Enables the Snooping Querier to participate in election participate the Querier Election process when it discovers the presence of another Querier in the VLAN.
Page 101 Command Description Mode iscsi cos Sets the quality of service profile that will be applied to iSCSI flows. iscsi enable Enables Global Configuration mode command globally enables iSCSI awareness. iscsi target port Configures an iSCSI target port (optionally configures target port address and name). show iscsi Displays the iSCSI settings.
Page 102 LLDP Command Description Mode clear lldp remote-data Deletes all data from the remote data table. clear lldp statistics Resets all LLDP statistics. lldp med Enables/disables LLDP-MED on an interface. lldp med confignotification Enables sending the topology change notification. lldp med Sets the value of the fast start repeat count.
Page 103: Multicast Vlan Registration
Command Description Mode show lldp med local-device Displays the advertised LLDP local data in detail detail. show lldp med remote- Displays the current LLDP MED remote data. PE device show lldp remote-device Displays the current LLDP remote data. show lldp statistics Displays the current LLDP traffic statistics.
Page 104: Port Channel
Port Channel Command Description Mode channel-group Associates a port with a port-channel. interface port-channel Enters the interface configuration mode of a specific port-channel. interface range port-channel Enters the interface configuration mode to configure multiple port-channels. hashing-mode Sets the hashing algorithm on trunk ports. IC (port- channel) lacp port-priority...
Page 105 Command Description Mode assign-queue Modifies the queue ID to which the associated PCMC traffic stream is assigned. class Creates an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements.
Page 106 Command Description Mode mark cos Marks all packets for the associated traffic PCMC stream with the specified class of service value in the priority field of the 802.1p header. mark ip-dscp Marks all packets for the associated traffic PCMC stream with the specified IP DSCP value. mark ip-precedence Marks all packets for the associated traffic PCMC...
Page 107: Police-Simple
Command Description Mode match ip tos Adds to the specified class definition a match condition based on the value of the IP TOS field in a packet. match protocol Adds to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation.
Page 108: Random-Detect Exponential-Weighting-Constant
Command Description Mode random-detect exponential- Configures the decay in the calculation of the GC, IC, weighting-constant average queue size user for WRED on an or IR interface or all interfaces. redirect Specifies that all incoming packets for the PCMC associated traffic stream are redirected to a specific egress interface (physical port or port- channel).
Page 109: Show Service-Policy
Command Description Mode show service-policy Displays a summary of policy-oriented statistics information for all interfaces. traffic-shape Specifies the maximum transmission GC or bandwidth limit for the interface as a whole. For the meaning of each Mode abbreviation, see Mode Types on page 81.
Page 110 Command Description Mode radius-server attribute 4 Sets the network access server (NAS) IP address for the RADIUS server. radius-server deadtime Improves RADIUS response times when servers are unavailable. Causes the unavailable servers to be skipped. radius-server host Specifies a RADIUS server host. radius-server key Sets the authentication and encryption key for all RADIUS communications between the...
Page 111: Spanning-Tree Forward-Time
Spanning Tree Command Description Mode clear spanning-tree Restarts the protocol migration process on all detected-protocols interfaces or on the specified interface. exit (mst) Exits the MST configuration mode and applies configuration changes. instance (mst) Maps VLANs to an MST instance. name (mst) Defines the MST configuration name.
Page 112: Spanning-Tree Mode
Command Description Mode spanning-tree mode Configures the spanning tree protocol. spanning-tree mst Enables configuring an MST region by entering configuration the multiple spanning-tree (MST) mode. spanning-tree mst cost Configures the path cost for multiple spanning tree (MST) calculations. spanning-tree mst port- Configures port priority.
Page 113 Command Description Mode show tacacs Displays TACACS+ server settings and statistics. tacacs-server host Specifies a TACACS+ server host. tacacs-server key Sets the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. tacacs-server timeout Sets the interval for which the switch waits for a server host to reply.
Page 114 Command Description Mode show dvlan-tunnel interface Displays detailed information about Double VLAN Tunneling for the specified interface. show interfaces switchport Displays switchport configuration. show port protocol Displays the Protocol-Based VLAN information for either the entire system or for the indicated group.
Page 115: Voice Vlan
Command Description Mode switchport private-vlan Defines a private-VLAN association for an isolated or community port or a mapping for a promiscuous port. switchport trunk Adds or removes VLANs from a trunk port. vlan Creates a VLAN. vlan (Global Config) Configures a VLAN. vlan association mac Associates a MAC address to a VLAN.
Page 116 802.1x Command Description Mode dot1x dynamic-vlan enable Enables the capability of creating VLANs dynamically when a RADIUS-assigned VLAN does not exist in the switch. dot1x initialize Begins the initialization sequence on the specified port. dot1x mac-auth-bypass Enables MAB on an interface. dot1x max-req Sets the maximum number of times the switch sends an EAP-request frame to the client before...
Page 117 Command Description Mode dot1x timeout supp-timeout Sets the number of seconds the switch waits for a response to an EAP-request frame from the client before retransmitting the request. dot1x timeout tx-period Sets the number of seconds the switch waits for a response to an EAP-request/identify frame from the client before resending the request.
Page 118: Layer 3 Commands
Layer 3 Commands ARP (IPv4) Command Description Mode Creates an Address Resolution Protocol (ARP) entry. arp cachesize Configures the maximum number of entries in the ARP cache. arp dynamicrenew Enables the ARP component to automatically renew dynamic ARP entries when they age out. arp purge Causes the specified IP address to be removed from the ARP cache.
Page 119 DHCP Server and Relay Agent (IPv4) Command Description Mode ip dhcp pool Defines a DHCP address pool that can be used to supply addressing information to DHCP client. This command puts the user into DHCP Pool Configuration mode. bootfile Sets the name of the image for the DHCP client to load.
Page 120 Command Description Mode netbios-name-server Configures the IPv4 address of the Windows ® Internet Naming Service (WINS) for a Microsoft DHCP client. netbios-node-type Sets the NetBIOS node type for a Microsoft DHCP client. network Defines a pool of IPv4 addresses for distributing to clients.
Page 121 Command Description Mode domain-name (IPv6 DHCP Sets the DNS domain name which is provided v6DP Pool Config) to a DHCPv6 client by the DHCPv6 server. ipv6 dhcp pool Enters IPv6 DHCP Pool Configuration mode. ipv6 dhcp relay Configures an interface for DHCPv6 Relay functionality.
Page 122 Command Description Mode isplays the next hop information on show ip dvmrp nexthop outgoing interfaces for routing multicast datagrams. show ip dvmrp prune Displays the table that lists the router’s upstream prune information. show ip dvmrp route Displays the multicast routing information for DVMRP.
Page 123: Igmp Proxy
Command Description Mode ip igmp query-max-response- Configures the maximum response time time interval for the specified interface. ip igmp robustness Configures the robustness that allows tuning of the interface. ip igmp startup-query-count Sets the number of queries sent out on startup—at intervals equal to the startup query interval for the interface.
Page 124 Command Description Mode show ip igmp-proxy Displays a detailed list of the host interface interface status parameters. show ip igmp-proxy groups Displays a table of information about multicast groups that IGMP Proxy reported. show ip igmp-proxy groups Displays complete information about multicast detail groups that IGMP Proxy has reported.
Page 125 Command Description Mode ip helper-address (interface Configures the relay of certain UDP broadcast configuration) packets received on a specific interface. ip helper enable Enables relay of UDP packets. show ip helper-address Displays the IP helper address configuration. show ip dhcp relay Displays the BootP/DHCP Relay information.
Page 126: Ipv6 Routing
Command Description Mode show ip protocols Displays the parameters and current state of the active routing protocols. show ip route Displays the routing table. show ip route preferences Displays detailed information about the route preferences. show ip route summary Shows the number of all routes, including best and non-best routes.
Page 127 Command Description Mode ipv6 mld last-member- Sets the number of listener-specific queries IC (VC) query-count sent before the router assumes that there are no local members on the interface. ipv6 mld last-member- Sets the last member query interval for the IC (VC) query-interval MLD interface, which is the value of the...
Page 128 Command Description Mode ipv6 nd prefix Sets the IPv6 prefixes to include in the router advertisement. ipv6 nd ra-interval Sets the transmission interval between router advertisements. ipv6 nd ra-lifetime Sets the value that is placed in the Router Lifetime field of the router advertisements sent from the interface.
Page 129: Loopback Interface
Command Description Mode show ipv6 mld-proxy Displays information about multicast groups groups detail that MLD Proxy reported. show ipv6 mld-proxy Displays a detailed list of the host interface interface status parameters. show ipv6 mld traffic Displays MLD statistical information for the router.
Page 130 Multicast Command Description Mode ip mcast boundary Adds an administrative scope multicast boundary. ip mroute Creates a static multicast route for a source range. ip multicast Sets the administrative mode of the IP multicast forwarder in the router to active. ttlvalue ip multicast ttl-threshold Applies a...
Page 131 Command Description Mode ip pim ssm Administratively configures PIM Source Specific Multicast (SSM) range of addresses for IP multicast routing. show ip multicast Displays the system-wide multicast information. show ip mcast boundary Displays the system-wide multicast information. show ip multicast interface Displays the multicast information for the specified interface.
Page 132: Ipv6 Multicast
IPv6 Multicast Command Description Mode ipv6 pim (Global config) Administratively enables PIMSM for IPv6 multicast routing ipv6 pim (VLAN Interface Administratively enables PIM-SM multicast config) routing mode on a particular IPv6 router interface. ipv6 pim bsr-border Prevents bootstrap router (BSR) messages from being sent or received through an interface.
Page 133 Command Description Mode ipv6 pim ssm Defines the Source Specific Multicast (SSM) range of multicast addresses. show ipv6 pim Displays global status of IPv6 PIMSM and its PE or IPv6 routing interfaces. show ipv6 pim bsr Displays the bootstrap router (BSR) PE or information.
Page 134 Command Description Mode area nssa no-summary Configures the NSSA so that summary LSAs are ROSPF not advertised into the NSSA. area nssa translator-role Configures the translator role of the NSSA. ROSPF area nssa translator-stab- Configures the translator stability interval of the ROSPF intv NSSA.
Page 135 Command Description Mode compatible rfc1583 Enables OSPF 1583 compatibility. ROSPF default-information Controls the advertisement of default routes. ROSPF originate (Router OSPF Configuration) default-metric Sets a default for the metric of distributed routes. ROSPF distance ospf Sets the route preference value of OSPF in the ROSPF router.
Page 136 Command Description Mode maximum-paths Sets the number of paths that OSPF can report ROSPF for a given destination. Enables OSPF graceful restart. ROSPF nsf helper Allow OSPF to act as a helpful neighbor for a ROSPF restarting router. nsf helper strict-lsa- Set an OSPF helpful neighbor exit helper mode ROSPF checking...
Page 137 Command Description Mode show ip ospf database Displays the number of each type of LSA in the database-summary database for each area and for the router. show ip ospf interface Displays the information for the IFO object or virtual interface tables. show ip ospf interface Displays brief information for the IFO object or brief...
Page 138 Command Description Mode area nssa default-info- Configures the metric value and type for the ROSV3 originate (Router default route advertised into the NSSA. OSPFv3 Config) area nssa no-redistribute Configures the NSSA ABR so that learned ROSV3 external routes will not be redistributed to the NSSA.
Page 139 Command Description Mode distance ospf Sets the route preference value of OSPF in the ROSV3 router. enable Resets the default administrative mode of OSPF ROSV3 in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF. ROSV3 external-lsdb-limit Configures the external LSDB limit for OSPF. ROSV3 ipv6 ospf Enables OSPF on a router interface or loopback...
Page 140 Command Description Mode nsf helper strict-lsa- Requires that an OSPF helpful neighbor exit ROSV3 checking helper mode whenever a topology change occurs. nsf restart-interval Configures the length of the grace period on the ROSV3 restarting router. passive-interface Sets the interface or tunnel as passive. passive-interface default Enables the global passive mode by default for all ROSV3...
Page 141 Command Description Mode show ipv6 ospf interface Displays OSPFv3 configuration and status vlan information for a specific VLAN. show ipv6 ospf neighbor Displays information about OSPF neighbors. show ipv6 ospf range Displays information about the area ranges for the specified area identifier. show ipv6 ospf stub table Displays the OSPF stub table.
Page 142: Routing Information Protocol
Command Description Mode show ip irdp Displays the router discovery information for all interfaces, or for a specified interface. For the meaning of each Mode abbreviation, see Mode Types on page 81. Routing Information Protocol Command Description Mode auto-summary Enables the RIP auto-summarization mode. default-information Controls the advertisement of default routes.
Page 143 Command Description Mode show ip rip interface Displays information related to a particular RIP interface. show ip rip interface brief Displays general information for each RIP interface. split-horizon Sets the RIP split horizon mode. For the meaning of each Mode abbreviation, see Mode Types on page 81.
Page 144 Command Description Mode vrrp authentication Sets the authentication details value for the virtual router configured on a specified interface. vrrp description Assigns a description to the VRRP group. vrrp ip Sets the virtual router IP address value for an interface. vrrp mode Enables the virtual router configured on an interface.
Page 145: Utility Commands
Command Description Mode ip vrrp accept-mode Enables the VRRP Master to accept ping packets sent to one of the virtual router’s IP addresses. show ip vrrp interface Displays the configured value for Accept Mode. UE or For the meaning of each Mode abbreviation, see Mode Types on page 81.
Page 146: Captive Portal
Captive Portal Command Description Mode authentication timeout Configures the authentication timeout. captive-portal Enables the captive portal configuration mode. GC enable Globally enables captive portal. http port Configures an additional HTTP port for captive portal to monitor. https port Configures an additional HTTPS port for captive portal to monitor.
Page 147 Command Description Mode verification Configures the verification mode for a captive portal configuration. captive-portal client Deauthenticates a specific captive portal client. PE deauthenticate show captive-portal client Displays client connection details or a status connection summary for connected captive portal users. show captive-portal Displays the clients authenticated to all captive configuration client status...
Page 148 Command Description Mode show captive-portal Displays information about all interfaces configuration interface assigned to a captive portal configuration or about a specific interface assigned to a captive portal configuration. show captive-portal Displays locales associated with a specific configuration locales captive portal configuration. show captive-portal Displays information about all configured configuration status...
Page 149 Command Description Mode show sntp status Displays the SNTP status. sntp authenticate Set to require authentication for received NTP traffic from servers. sntp authentication-key Defines an authentication key for SNTP . sntp broadcast client enable Enables SNTP Broadcast clients. sntp client poll timer Defines polling time for the SNTP client.
Page 150: Configuration And Image Files
For the meaning of each Mode abbreviation, see Mode Types on page 81. Configuration and Image Files Command Description Mode boot system Specifies the system image that the switch loads at startup. clear config Restores switch to default configuration. copy Copies files from a source to a destination.
Page 151: Denial Of Service
Denial of Service Command Description Mode dos-control firstfrag Enables Minimum TCP Header Size Denial of Service protection. dos-control icmp Enables Maximum ICMP Packet Size Denial of Service protections. dos-control l4port Enables L4 Port Denial of Service protection. dos-control sipdip Enables Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection.
Page 152: Management Acl
Command Description Mode history Enables the command history function. history size Changes the command history buffer size for a particular line. line Identifies a specific line for configuration and enters the line configuration command mode. show line Displays line parameters. speed Sets the line baud rate.
Page 153: Password Management
For the meaning of each Mode abbreviation, see Mode Types on page 81. Password Management Command Description Mode passwords aging Implements aging on the passwords such that users are required to change passwords when they expire. passwords history Enables the administrator to set the number of previous passwords that are stored to ensure that users do not reuse their passwords too frequently.
Page 154 Command Description Mode passwords strength Enforces the minimum number of character minimum character-classes classes (uppercase letters, lowercase letters, numeric characters and special characters) that a password must contain. passwords strength exclude- Enforces a maximum number of consecutive keyword characters that a password can contain. enable password encrypted Used by an Administrator to transfer the enable password between devices without having to...
Page 155 power inline detection Configures the detection type that tells which types of PD’s will be detected and powered by the switch. power inline high-power Configures the port high power mode. power inline limit Configures the type of power limit. power inline management Sets the power management type.
Page 156: Sdm Templates
Command Description Mode show rmon alarms Displays the alarms summary table. show rmon collection history Displays the requested group of statistics. show rmon events Displays the RMON event table. show rmon history Displays RMON Ethernet Statistics history. show rmon log Displays the RMON logging table.
Page 157 Command Description Mode debug ip acl Enables debug of IP Protocol packets matching the ACL criteria. debug ip dvmrp Traces DVMRP packet reception and transmission. debug ip igmp Traces IGMP packet reception and transmission. debug ip mcache Traces MDATA packet reception and transmission.
Page 158 Command Description Mode debug ping Enables tracing of ICMP echo requests and responses. debug rip Enables tracing of RIP requests and responses. debug sflow Enables sFlow debug packet trace. debug spanning-tree Traces spanning tree BPDU packet reception and transmission. debug vrrp Enables VRRP debug protocol messages.
Page 159 SNMP Command Description Mode show snmp Displays the SNMP status. show snmp engineID Displays the SNMP engine ID. show snmp filters Displays the configuration of filters. show snmp group Displays the configuration of groups. show snmp user Displays the configuration of users. show snmp views Displays the configuration of views.
Page 160 Command Description Mode crypto key generate dsa Generates DSA key pairs for the switch. crypto key generate rsa Generates RSA key pairs for the switch. crypto key pubkey-chain ssh Enters SSH Public Key-chain configuration mode. Erases all public key chains or the public crypto key zeroize pubkey- key chain for a user.
Page 161 Syslog Command Description Mode clear logging Clears messages from the internal logging buffer. clear logging file Clears messages from the logging file. description (Logging) Describes the syslog server. level Specifies the importance level of syslog messages. logging cli-command Enable CLI command logging. logging Logs messages to a syslog server.
Page 162: System Management
System Management Command Description Mode asset-tag Specifies the switch asset-tag. banner exec Sets the message that is displayed after a successful login. banner login Sets the message that is displayed just before the login prompt. banner motd Specifies message-of-the-day banner. banner motd Acknowledges message-of-the-day banner.
Page 163 Command Description Mode set description Associates a text description with a switch in the stack. slot Configures a slot in the system. show banner Displays banner information. show boot-version Displays the boot image version details. show checkpoint Displays the statistics for the checkpointing statistics process.
Page 164: Telnet Server
Command Description Mode show system power Displays information about the system level UE or PE power consumption. show system Displays information about the system UE or PE temperature temperature and fan status. show tech-support Displays system and configuration information (for debugging/calls to technical support). show users Displays information about the active users, including which profiles have been assigned to...
Page 165: Terminal Length
For the meaning of each Mode abbreviation, see Mode Types on page 81. Terminal Length Command Description Mode terminal length Sets the terminal length. For the meaning of each Mode abbreviation, see Mode Types on page 81. Time Ranges Command Description Mode time-range...
Page 166: Web Server
Command Description Mode Gets the CLI user control back to the privileged execution mode or user execution mode. exit Exits any configuration mode to the previously (All) highest mode in the CLI mode hierarchy. exit (EXEC) Closes an active terminal session by logging off the switch.
Page 167 Command Description Mode organization-unit Specifies the organization-unit or department name. show crypto certificate Displays the SSL certificates of your switch. mycertificate show ip http server status Displays the HTTP server status information. show ip http server secure Displays the HTTP secure server status UE or status information.
Page 168 Command Groups...
Page 169: Using The Cli
Using the CLI Introduction This chapter describes the basics of entering and editing the Dell PowerConnect 70xx Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
Page 170 Two instances where the help information can be displayed are: Keyword lookup — The <?> key is entered in place of a command. A list • of all valid commands and corresponding help messages is displayed. • Partial keyword lookup — A command is incomplete and the <?> key is entered in place of a parameter.
Page 171 Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall <Ctrl>+<P> successively older commands. Down-arrow key Returns to more recent commands in the history buffer after recalling commands with the up-arrow key.
Page 172 --------- ------------------------- ------ ------- ---- ------ ------------ Gi1/0/1 Unknown Auto Down Inactive Gi1/0/2 Unknown Auto Down Inactive Gi1/0/3 Unknown Auto Down Inactive Gi1/0/4 Unknown Auto Down Inactive Gi1/0/5 Unknown Auto Down Inactive Gi1/0/6 Unknown Auto Down Inactive Command Completion CLI can complete partially entered commands when the user presses the <tab>...
Page 173 Table 2-2. CLI Shortcuts Keyboard Key Description <Delete, Backspace> Delete previous character <Ctrl>+<A> Go to beginning of line <Ctrl>+<E> Go to end of line <Ctrl>+<F> Go forward one character <Ctrl>+<B> Go backward one character <Ctrl>+<D> Delete current character <Ctrl>+<U,X> Delete to beginning of line <Ctrl>+<K>...
Page 174 Operating on Multiple Objects (Range) The CLI allows the user to operate on the set of objects at the same time. The guidelines are as follows for range operation: • Operations on objects with four or more instances support the range operation, unless noted otherwise in the specific command documentation.
Page 175 • Some parameters must be configured individually for each port or interface. Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, any characters entered after the <!> character are treated as a comment and ignored by the CLI. Also, the CLI allows the user to disable session timeouts.
Page 176 Interface Naming Conventions The conventions for naming interfaces in CLI commands are as follows: Ethernet Interfaces The gigabit Ethernet and ten-gigabit Ethernet ports are identified in the CLI unit/slot/port by the variable , where: <Interface Type> Unit#/Slot#/Port# — Identifies a specific interface by •...
Page 177 Table 2-4. Interface Identifiers Interface Type Long Form Short Form Identifier Fast Ethernet fastethernet unit/slot/port Gigabit Ethernet gigabitethernet unit/slot/port 10-Gigabit tengigabitethernet unit/slot/port Ethernet Loopback loopback loopback-id (0-7) Port Channel port-channel port-channel-number Tunnel tunnel tunnel-id (0-7) Vlan vlan vlan-id (1-4093) When listed in command line output, gigabit Ethernet interfaces are preceded by the characters , ten-gigabit Ethernet interfaces are preceded by as shown in the examples below.
Page 178 --------------- ------------- -------------- default Po1-48, Default Gi1/0/1-24 Example #3 console#show slot 1/0 Slot......1/0 Slot Status....... Full Admin State....... Enable Power State....... Enable Inserted Card: Model Identifier....PowerConnect 7024F Card Description....Dell 24 Port Fiber Configured Card: Using the CLI...
Page 179 Model Identifier....PowerConnect 7024F Card Description....Dell 24 Port Fiber Pluggable......No Power Down......No console#show slot 1/2 Slot......1/2 Slot Status....... Empty Admin State....... Disable Power State....... Disable Pluggable......Yes Power Down......No Using the CLI...
Page 180: Cli Command Modes
CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level.
Page 181 The Privileged EXEC mode provides access to commands that can not be executed in the User EXEC mode and permits access to the switch Configuration mode. The Global Configuration mode manages switch configuration on a global level. For specific interface configurations, command modes exist at a sub- level.
Page 182 Global Configuration Mode Global Configuration commands apply to features that affect the system as a whole, rather than just a specific interface. The Privileged EXEC mode command configure is used to enter the Global Configuration mode. console(config)# The following are the Global Configuration modes: •...
Page 183 VLAN Database — Contains commands to create a VLAN as a whole. • The Global Configuration mode command vlan database is used to enter the VLAN Database mode. Router OSPF Configuration — Global configuration mode command • router ospf is used to enter into the Router OSPF Configuration mode. •...
Page 184 member ports as a single entity. The Global Configuration mode port-channel-number is used to enter command interface port-channel the Port Channel mode. Tunnel — Contains commands to manage tunnel interfaces. The Global • Configuration mode command interface tunnel enters the Tunnel Configuration mode to configure an tunnel type interface.
Page 185 device name command mode- object ][([ ]])][# | >] device name ] — is the name of the managed switch, which is typically the user-configured hostname established by the hostname command. command mode ] — is the current configuration mode and is omitted for the top configuration levels.
Page 186 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode Global From Privileged Use the exit console(config)# Configuration EXEC mode, use command, or the configure press command. <Ctrl>+<Z> to return to the Privileged EXEC mode.
Page 187 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode Class-Map From Global To exit to Global console(config-classmap)# Configuration Configuration mode, use the class- mode, use the map command. exit command, or press <Ctrl>+<Z>...
Page 188 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode TACACS From Global To exit to Global console(tacacs)# Configuration Configuration mode, use the mode, use the tacacs-server host exit command, command. or press <Ctrl>+<Z>...
Page 189 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode SNMP From Global To exit to Global console(config-snmp)# Community Configuration Configuration Configuration mode, use the mode, use the snmp-server exit command, community or press command.
Page 190 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode Logging From Global To exit to Global console(config-logging)# Configuration Configuration mode, use the mode, use the logging command. exit command, or press <Ctrl>+<Z>...
Page 191 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode Router RIP From Global To exit to Global console(config-router)# Config Configuration Configuration mode, use the mode, use the router rip exit command, command.
Page 192 (continued) Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode 10 Gigabit From Global To exit to Global console (config-if- unit/slot/port Ethernet Configuration Configuration mode, use the mode, use the interface exit command, tengigabitethernet or press command.
Page 193: Starting The Cli
Web, CLI and the remote Dell Network Manager. After initial setup, the user may enter to the system to set up more advanced configurations.
Page 194 By default the switch is shipped from the factory with an IP address of 192.168.2.1 but the Easy Setup Wizard provides the opportunity to customize the IP address. The initial activation must be done using the serial interface since, without a unique IP address, the user can not access the other management interfaces.
Page 195 running, the system does not display any unsolicited or unrelated status messages. For example, the system does not display event notification or system status messages. After completing the wizard, the user is given a chance to save his configuration and continue to the CLI. If the user chooses to discard his configuration, any restart of the wizard must be from the beginning.
Page 196 Figure 2-1. Easy Setup Wizard Did the user Transfer to CLI mode previously save a startup configuration? Does the user want Transfer to CLI mode to use setup wizard? Request SNMP Is SNMP Management Community String & Required? Server IP Address Request user name, password Request IP Address, Network...
Page 197 A default gateway address is configured. The following example contains the sequence of prompts and responses associated with running an example Dell Easy Setup Wizard session, using the input values listed above. Note in this case a static IP address for the management interface is being set up.
Page 198 IP address and the "community string" or password that the particular management system uses to access the switch. The wizard automatically assigns the highest access level [Privilege Level 15] to this account. You can use Dell Using the CLI...
Page 199 Network Manager or other management interfaces to change this setting, and to add additional management system later. For more information on adding management systems, see the user documentation. To add a management station: Please enter the SNMP community string to be used. {public}: public<Enter>...
Page 200 Optionally you may request that the system automatically retrieve an IP address from the network via DHCP (this requires that you have a DHCP server running on the network). To setup an IP address: Please enter the IP address of the device (A.B.C.D) or enter "DHCP"...
Page 201: Using Cli Functions And Tools
Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode..console> Using CLI Functions and Tools The CLI has been designed to manage the switch’s configuration file system and to manage switch security. A number of resident tools exist to support these and other functions.
Page 202 Copying Files The copy command not only provides a method for copying files within the file system, but also to and from remote servers. With the copy command and URLs to identify files, the user can back up images to local or remote systems or restore images from local or remote systems.
Page 203 startup-config — This file refers to the special configuration image stored • in flash memory which is loaded when the system next reboots. The user may copy a particular configuration file (remote or local) to this special file name and reboot the system to force it to use a particular configuration. •...
Page 204 User Accounts Management The CLI provides authentication for users either through remote authentication servers supporting TACACS+ or Radius or through a set of locally managed user accounts. The setup wizard asks the user to create the initial administrator account and password at the time the system is booted. The following rules and specifications apply: •...
Page 205 When Radius is used, the field returns the access level for the user. Two vendor specific options are supported. These are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA (user-group=x). TACACS+ provides the appropriate level of access. The following rules and specifications apply: •...
Page 206 • If a log server is not specified by the user, the CLI maintains at most the last 1000 critical system events. In this case, less important events are not recorded. Security Logs Security logs are maintained to record all security events including the following: •...
Page 207 • SSH and the keying information to use for SSH. • HTTP. • HTTPS and the security certificate to be used. • SNMPv1/v2c and the read and read/write community strings to be used. • SNMPv3 and the security information for used this protocol. For each of these management profiles, the user defines the list of hosts or subnets from which the management profiles may be used.
Page 208 CFI Probe: Found 2x16 devices in x16 mode /DskVol// - disk check in progress ... /DskVol// - Volume is OK volume descriptor ptr (pVolDesc): 0x814cf10 XBD device block I/O handle: 0x10001 auto disk check on mount: DOS_CHK_REPAIR |DOS_CHK_VERB_2 volume write mode: copyback (DOS_WRITE) volume options: max # of simultaneously open files: 52...
Page 209 - first cluster is in sector # 260 - Update last access date for open-read-close = FALSE Boot Menu 4.1.0.6 Select an option. If no selection in 10 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu. Select (1, 2): Operational Code Date: Mon Feb 28 16:43:14 2011 Uncompressing..
Page 210 file descriptors in use: # of different files in use: # of descriptors for deleted files: 0 # of obsolete descriptors: current volume configuration: - volume label: NO LABEL ; (in boot sector: - volume Id: 0xbb - total number of sectors: 124,408 - bytes per sector: - # of sectors per cluster: 4 - # of reserved sectors: 1...
Page 211 Instantiating /download as rawFs, device = 0x20001 Formatting /download for DOSFS Instantiating /download as rawFs, device = 0x20001 Formatting...OK. <186> NOV 15 09:34:53 0.0.0.0-1 General[1073741072]: bootos.c(220) 1 %% Event(0xaaaaaaaa)Instantiating RamCP: as rawFs, device = 0x30001 Formatting RamCP: for DOSFS Instantiating RamCP: as rawFs, device = 0x30001 Formatting...OK.
Page 212 - Update boot code - Delete backup image - Reset the system 10 - Restore configuration to factory defaults (delete config files) 11 - Activate Backup Image 12 - Password Recovery Procedure 13 - Reformat and restore file system [Boot Menu] 2 Select baud rate: 1 - 1200 2 - 2400...
Page 213 File asciilog.bin Ready to SEND in binary mode Estimated File Size 0K, 12 Sectors, 89 Bytes Estimated transmission time 14 seconds Send several Control-X characters to cancel before transfer starts. [Boot Menu] 4 Ready to receive the file with XMODEM/CRC..Ready to RECEIVE File xcode.bin in binary mode Send several Control-X characters to cancel before transfer starts.
Page 214 Size...........0xc178 dc (12679388) Number of Components......3 Operational Code Size......0xa73af4 (10959604) Operational Code Offset......0x74 (116) Operational Code FLASH flag....1 Operational Code CRC......0x20E7 Operational Compression flag....2 (lzma) Boot Code Version......1 Boot Code Size.........0x100000 (1048576) Boot Code Offset.......0xa73b68 (10959720) Boot Code FLASH flag......0 Boot Code CRC........0x578 VPD - rel 4 ver 1 maint_lvl 0 build_num 6 Timestamp - Mon Feb 28 16:43:14 2011...
Page 215 [Boot Menu] 7 Do you wish to update Boot Code and reset? (y/n) y Validating image2..OK Extracting boot code from image...CRC valid Erasing Boot Flash..Done. Wrote 0x10000 bytes. Wrote 0x20000 bytes. Wrote 0x30000 bytes. Wrote 0x40000 bytes. Wrote 0x50000 bytes. Wrote 0x60000 bytes.
Page 216 Flash update completed. Rebooting... CPU Card ID: 0x508548 CFI Probe: Found 2x16 devices in x16 mode /DskVol// - disk check in progress ... /DskVol// - Volume is OK Change volume Id from 0x0 to 0x79 volume descriptor ptr (pVolDesc): 0x814cf10 XBD device block I/O handle: 0x10001 auto disk check on mount: DOS_CHK_REPAIR...
Page 217 - bytes per sector: - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: FAT16 - # of sectors per FAT copy: - # of FAT table copies: - # of hidden sectors: - first cluster is in sector # - Update last access date for open-read-close = FALSE Boot Menu 4.1.0.6 Select an option.
Page 218 - Retrieve event log using XMODEM - Load new operational code using XMODEM - Display operational code vital product data - Abort boot code update - Update boot code - Delete backup image - Reset the system 10 - Restore configuration to factory defaults (delete config files) 11 - Activate Backup Image 12 - Password Recovery Procedure...
Page 219 [Boot Menu] 12 Operational Code Date: Mon Feb 28 16:43:14 2011 Uncompressing..Bulk Class Driver Successfully Initialized Adding 0 symbols for standalone. CFI Probe: Found 2x16 devices in x16 mode volume descriptor ptr (pVolDesc): 0x5157150 XBD device block I/O handle: 0x10001 auto disk check on mount: DOS_CHK_REPAIR |DOS_CHK_VERB_2...
Page 220 current volume configuration: - volume label: NO LABEL ; (in boot sector: ) - volume Id: 0x79 - total number of sectors: 124,408 - bytes per sector: - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: FAT16 - # of sectors per FAT copy: - # of FAT table copies:...
Page 221 Formatting RamCP: for DOSFS Instantiating RamCP: as rawFs, device = 0x30001 Formatting...OK. (Unit 1 - Waiting to select management unit)>USB Auto Configuration process is completed! Applying Global configuration, please wait ... Welcome to Dell Easy Setup Wizard Using the CLI...
Page 222 [ctrl+z]. Would you like to run the setup wizard (you must answer this question within 60 seconds)? [Y/N] n Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode. Applying Interface configuration, please wait ...
Page 223 Reloading all switches. Boot Menu 4.1.0.6 CPU Card ID: 0x508548 CFI Probe: Found 2x16 devices in x16 mode /DskVol// - disk check in progress ... /DskVol//files /DskVol//files/image2 /DskVol//files/boot.dim /DskVol//files/crashdump.ctl /DskVol//files/dh512.pem /DskVol//files/dh1024.pem /DskVol//files/sslt_cert1.pem /DskVol//files/sslt_key1.pem /DskVol//files/ssh_host_key /DskVol//files/ssh_host_dsa_key /DskVol//files/ssh_host_rsa_key /DskVol//files/log2.bin /DskVol//files/hpc_broad.cfg /DskVol//files/slog0.txt /DskVol//files/olog0.txt /DskVol//files/sslt.rnd Using the CLI...
Page 224 /DskVol// - Volume is OK volume descriptor ptr (pVolDesc): 0x814cf10 XBD device block I/O handle: 0x10001 auto disk check on mount: DOS_CHK_REPAIR |DOS_CHK_VERB_2 volume write mode: copyback (DOS_WRITE) volume options: max # of simultaneously open files: file descriptors in use: # of different files in use: # of descriptors for deleted files: # of obsolete descriptors:...
Page 225 - first cluster is in sector # - Update last access date for open-read-close = FALSE Boot Menu 4.1.0.6 Select an option. If no selection in 10 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu. Select (1, 2):2 Boot Menu 4.1.0.6 Options available...
Page 226 11 - Activate Backup Image 12 - Password Recovery Procedure 13 - Reformat and restore file system [Boot Menu] 13 Instantiating /RamDisk/ as rawFs, device = 0x20001 Formatting /RamDisk/ for DOSFS Instantiating /RamDisk/ as rawFs, device = 0x20001 Formatting.../RamDisk/: file system is marked clean, skipping check copying file /DskVol/files/image1 ->...
Page 227 copying file /DskVol/files/ssh_host_key -> /RamDisk/ssh_host_key copying file /DskVol/files/ssh_host_dsa_key -> /RamDisk/ssh_host_dsa_key copying file /DskVol/files/ssh_host_rsa_key -> /RamDisk/ssh_host_rsa_key image2 12679504 11/15/113 9:30:36 hpc_broad.cfg 11/15/113 10:04:30 boot.dim 4/22/105 8:00:02 dh512.pem 5/30/113 0:20:24 dh1024.pem 5/30/113 0:20:24 sslt_cert1.pem 6/2/113 5:09:30 sslt_key1.pem 6/2/113 5:09:30 ssh_host_key 5/30/113 0:20:24 ssh_host_dsa_key 5/30/113 0:20:24...
Page 228 Erasing FFS: CFI Probe: Found 2x16 devices in x16 mode Formatted 1 of 251 units = 0.3 % Formatted 2 of 251 units = 0.7 % Formatted 3 of 251 units = 1.1 % Formatted 4 of 251 units = 1.5 % Formatted 5 of 251 units = 1.9 % Formatted 6 of 251 units = 2.3 % Formatted 7 of 251 units = 2.7 %...
Page 229 Formatted 26 of 251 units = 10.3 % Formatted 27 of 251 units = 10.7 % Formatted 28 of 251 units = 11.1 % Formatted 29 of 251 units = 11.5 % Formatted 30 of 251 units = 11.9 % Formatted 31 of 251 units = 12.3 % Formatted 32 of 251 units = 12.7 % Formatted 33 of 251 units = 13.1 %...
Page 230 Formatted 52 of 251 units = 20.7 % Formatted 53 of 251 units = 21.1 % Formatted 54 of 251 units = 21.5 % Formatted 55 of 251 units = 21.9 % Formatted 56 of 251 units = 22.3 % Formatted 57 of 251 units = 22.7 % Formatted 58 of 251 units = 23.1 % Formatted 59 of 251 units = 23.5 %...
Page 231 Formatted 78 of 251 units = 31.0 % Formatted 79 of 251 units = 31.4 % Formatted 80 of 251 units = 31.8 % Formatted 81 of 251 units = 32.2 % Formatted 82 of 251 units = 32.6 % Formatted 83 of 251 units = 33.0 % Formatted 84 of 251 units = 33.4 % Formatted 85 of 251 units = 33.8 %...
Page 232 Formatted 104 of 251 units = 41.4 % Formatted 105 of 251 units = 41.8 % Formatted 106 of 251 units = 42.2 % Formatted 107 of 251 units = 42.6 % Formatted 108 of 251 units = 43.0 % Formatted 109 of 251 units = 43.4 % Formatted 110 of 251 units = 43.8 % Formatted 111 of 251 units = 44.2 %...
Page 233 Formatted 130 of 251 units = 51.7 % Formatted 131 of 251 units = 52.1 % Formatted 132 of 251 units = 52.5 % Formatted 133 of 251 units = 52.9 % Formatted 134 of 251 units = 53.3 % Formatted 135 of 251 units = 53.7 % Formatted 136 of 251 units = 54.1 % Formatted 137 of 251 units = 54.5 %...
Page 234 Formatted 156 of 251 units = 62.1 % Formatted 157 of 251 units = 62.5 % Formatted 158 of 251 units = 62.9 % Formatted 159 of 251 units = 63.3 % Formatted 160 of 251 units = 63.7 % Formatted 161 of 251 units = 64.1 % Formatted 162 of 251 units = 64.5 % Formatted 163 of 251 units = 64.9 %...
Page 235 Formatted 182 of 251 units = 72.5 % Formatted 183 of 251 units = 72.9 % Formatted 184 of 251 units = 73.3 % Formatted 185 of 251 units = 73.7 % Formatted 186 of 251 units = 74.1 % Formatted 187 of 251 units = 74.5 % Formatted 188 of 251 units = 74.9 % Formatted 189 of 251 units = 75.2 %...
Page 236 Formatted 208 of 251 units = 82.8 % Formatted 209 of 251 units = 83.2 % Formatted 210 of 251 units = 83.6 % Formatted 211 of 251 units = 84.0 % Formatted 212 of 251 units = 84.4 % Formatted 213 of 251 units = 84.8 % Formatted 214 of 251 units = 85.2 % Formatted 215 of 251 units = 85.6 %...
Page 237 Formatted 234 of 251 units = 93.2 % Formatted 235 of 251 units = 93.6 % Formatted 236 of 251 units = 94.0 % Formatted 237 of 251 units = 94.4 % Formatted 238 of 251 units = 94.8 % Formatted 239 of 251 units = 95.2 % Formatted 240 of 251 units = 95.6 % Formatted 241 of 251 units = 96.0 %...
Page 238 XBD device block I/O handle: 0x40001 auto disk check on mount: DOS_CHK_REPAIR |DOS_CHK_VERB_2 volume write mode: copyback (DOS_WRITE) volume options: max # of simultaneously open files: file descriptors in use: # of different files in use: # of descriptors for deleted files: # of obsolete descriptors: current volume configuration: - volume label:...
Page 239 done Filesystem size 63567872 Bytes used Bytes free 63567872 copying file /RamDisk/image1 -> /DskVol/files/image1 copying file /RamDisk/image2 -> /DskVol/files/image2 copying file /RamDisk/startup-config -> /DskVol/files/startup-config copying file /RamDisk/vpd.bin -> /DskVol/files/vpd.bin copying file /RamDisk/hpc_broad.cfg -> /DskVol/files/hpc_broad.cfg copying file /RamDisk/boot.dim -> /DskVol/files/boot.dim copying file /RamDisk/dh512.pem -> /DskVol/files/dh512.pem copying file /RamDisk/dh1024.pem ->...
Page 240 copying file /RamDisk/ssh_host_dsa_key -> /DskVol/files/ssh_host_dsa_key copying file /RamDisk/ssh_host_rsa_key -> /DskVol/files/ssh_host_rsa_key image2 12679504 11/15/113 9:30:36 hpc_broad.cfg 11/15/113 10:04:30 boot.dim 4/22/105 8:00:02 dh512.pem 5/30/113 0:20:24 dh1024.pem 5/30/113 0:20:24 sslt_cert1.pem 6/2/113 5:09:30 sslt_key1.pem 6/2/113 5:09:30 ssh_host_key 5/30/113 0:20:24 ssh_host_dsa_key 5/30/113 0:20:24 ssh_host_rsa_key 5/30/113 0:20:24 Filesystem size 63567872 Bytes used...
Page 241 [Boot Menu] Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system. This feature is equivalent to the alarm-monitoring window in a typical network management system. The user enables events or monitor traps from the CLI by entering the command logging console.
Page 242 Using the CLI...
Page 243: Tacacs+ Commands
Layer 2 Switching Commands The chapters that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
Page 244 Layer 2 Switching Commands...
Page 245: Aaa Commands
AAA Commands Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in SNMP Commands). To ensure that only authorized users can access and change the configuration of the switch, users must be authenticated. Users can be authenticated based on: •...
Page 246: Tacacs+ Accounting
support the concept of time-out, subsequent entries in the list are never attempted. For example, the local authentication method implementation does not supply a time-out value. If a list contains the local method, followed by the radius authentication method, the radius method is not attempted. Once an APL is created, a reference to that APL can be stored in the access line configuration to determine how specific components should authenticate users.
Page 247: Commands In This Chapter
Accounting Method Lists An Accounting Method List (AML) is an ordered list of accounting methods that can be applied to the accounting types (exec or commands). Accounting Method Lists are identified by the default keyword or by a user-defined name. TACACS+ and RADIUS are supported as accounting methods.
Page 248: Aaa Authentication Dot1X Default
aaa authorization ip http authentication show authentication methods aaa authorization network ip https authentication show users accounts default radius aaa ias-user username login authentication show users login-history aaa new-model password (aaa IAS User username Configuration) aaa authentication dot1x default Use the aaa authentication dot1x default command in Global Configuration mode to specify an authentication method for 802.1x clients.
Page 249: Aaa Authentication Enable
User Guidelines Only one authentication method may be specified in the command. For the RADIUS authentication method, if the RADIUS server cannot be contacted, the supplicant fails authentication. The none method always allows access. the ias method utilizes the internal authentication server. The internal authentication server only supports the EAP-MD5 method.
Page 250: Default Configuration
Keyword Source or destination enable Uses the enable password for authentication. line Uses the line password for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The default enable list is enableList.
Page 251: Aaa Authentication Login
Example The following example sets authentication when accessing higher privilege levels. console(config)# aaa authentication enable default enable aaa authentication login Use the aaa authentication login command in Global Configuration mode to set the authentication method required for user at login. To return to the default configuration, use the no form of this command.
Page 252: Aaa Authorization
Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command. Create a list-name method list by entering the aaa authentication login command for list-name a particular protocol, where is any character string used to name...
Page 253 Syntax default list-name aaa authorization {commands|exec|network}{ } method1 [method2] default list-name no aaa authorization {commands|exec|network} { Parameter Description Parameter Description Authorization specifier: exec Provides EXEC authorization. All methods are supported. commands Performs authorization of user commands. Only none and tacacs methods are supported. network Performs RADIUS authorization of commands.
Page 254 The following default Authorization Methods List is present by default: Default List Name Description Authorization Method dfltCmdAuthList Default Command List None dfltExecAuthList Default EXEC list None Command Mode Global Config mode User Guidelines A maximum of five authorization method lists may be created for command types.
Page 255: Aaa Authorization Network Default Radius
aaa authorization network default radius Use the aaa authorization network default radius command in Global Configuration mode to enable the switch to accept VLAN assignment by the RADIUS server. Syntax aaa authorization network default radius no aaa authorization network default radius Default Configuration By default, the switch does not accept VLAN assignments by the RADIUS server.
Page 256: Aaa New-Model
Syntax user aaa ias-user username user no aaa ias-user username Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines. Examples console#configure console(config)#aaa ias-user username client-1...
Page 257: Clear (Ias)
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the switch to use the new model command set. (config)# aaa new-model clear (IAS) Use the clear aaa ias-users command in Privileged EXEC mode to delete all IAS users.
Page 258: Authorization
Example console#clear aaa ias-users authorization Use the authorization command to apply a command authorization method to a line config. Use the no form of the command to return the authorization for the line mode to the default. Syntax list_name authorization {commands|exec } [default| no authorization {commands|exec } Parameter Description Parameter...
Page 259: Enable Authentication
User Guidelines When command authorization is configured for a line-mode, the switch sends information about the entered command to the method specified in the command list. The authorization method validates the received command and responds with either a PASS or FAIL response. If approved, the command is executed.
Page 260: Enable Password
Command Mode Line Configuration mode User Guidelines Use of the no form of the command does not disable authentication. Instead, it sets the authentication list to the default list (same as enable authentication default). Example The following example specifies the default authentication method when accessing a higher privilege level console.
Page 261: Ip Http Authentication
User Guidelines The PowerConnect firmware emulates industry standard behavior for enable mode authentication over SSH and telnet. The default enable authentication method for telnet and SSH uses the enableNetList method, which requires an enable password. If users are unable to enter privileged mode when accessing the switch via telnet or SSH, the administrator will need to either change the enable authentication method, e.g.
Page 262: Ip Https Authentication
Default Configuration The local user database is checked. This action has the same effect as the command ip http authentication local. Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 263: Login Authentication
Keyword Source or destination radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The local user database is checked. This action has the same effect as the command ip https authentication local.
Page 264: Password (Aaa Ias User Configuration)
default — Uses the default list created with the aaa authentication login • command. list-name — Uses the indicated list created with the aaa authentication • login command. Default Configuration Uses the default set with the command aaa authentication login. Command Mode Line Configuration mode User Guidelines...
Page 265: Password (Line Configuration)
Default Configuration This command has no default configuration. Command Mode aaa IAS User Configuration User Guidelines This command has no user guidelines. Example console#configure console(config)#aaa ias-user username client-1 console(Config-IAS-User)#password client123 console(Config-IAS-User)#no password Example of a adding a MAB Client to the Internal user database: console#configure console(config)#aaa ias-user username 1f3ccb1157 console(Config-IAS-User)#password 1f3ccb1157...
Page 266 no password password — Password for this level. (Range: 8- 64 characters) • • encrypted — Encrypted password to be entered, copied from another switch configuration. Default Configuration No password is specified. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies a password "mcmxxyyy"...
Page 267: Show Aaa Ias-Users
Default Configuration There is no default configuration for this command. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example shows the prompt sequence for executing the password command. console>password Enter old password:******** Enter new password:******** Confirm new password:******** show aaa ias-users...
Page 268: Show Aaa Statistics
Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console#show aaa ias-users UserName ------------------- Client-1 Client-2 Following are the IAS configuration commands shown in the output of the show running-config command. Passwords shown in the command output are always encrypted.
Page 269: Show Authentication Methods
Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Examples console#show aaa statistics Number of Accounting Notifications sent at beginning of an EXEC session: 0 Errors when sending Accounting Notifications beginning of an EXEC session: 0 Number of Accounting Notifications sent at end of an EXEC session: 0 Errors when sending Accounting Notifications at end of an EXEC session: 0 Number of Accounting Notifications sent at beginning of a command execution:...
Page 270: Show Authorization Methods
Example The following example displays the authentication configuration. console#show authentication methods Login Authentication Method Lists --------------------------------- defaultList : none networkList : local Enable Authentication Method Lists ---------------------------------- enableList : enable none enableNetList : enable Line Login Method List Enable Method List ------- ----------------- ------------------...
Page 271: Command Mode
Syntax show authorization methods Default Configuration This command has no default setting. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines Command authorization is supported only for the line, telnet, and SSH access methods. Example console#show authorization methods Command Authorization List Method -------------------------------------...
Page 272: Show Users Accounts
show users accounts Use the show users accounts command in Privileged EXEC mode to display the local user status with respect to user account lockout and password aging. Syntax show users accounts Parameter Description The following fields are displayed by this command. Parameter Description User Name...
Page 273: Show Users Login-History
UserName Privilege Password Password Lockout Aging Expiry date ----------- --------- --------- ----------- ------- admin False guest False brcm1 False console#show users accounts long User Name ------------ thisisaverylongusernameitisquitelong show users login-history Use the show users login-history command in Global Configuration mode to display information about the login history of users.
Page 274: Username
Example The following example show user login history outputs. console#show users login-history Login Time Username Protocol Location -------------------- --------- --------- ----------- Jan 19 2005 08:23:48 Serial Jan 19 2005 08:29:29 Robert HTTP 172.16.0.8 Jan 19 2005 08:42:31 John 172.16.0.1 Jan 19 2005 08:49:52 Betty Telnet 172.16.1.7...
Page 275 Parameter Description password The authentication password for the user. Range: 8-64 characters. This value can be 0 [zero] if the no passwords min-length command has been executed. The special characters allowed in the password include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~.
Page 276 Message Type Message Description Successful Completion Message No message is displayed. Error Completion Message Could not set user password! Reason behind the failure Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command.
Page 277: Username Unlock
username unlock Use the username unlock command in Global Configuration mode to unlock a locked user account. Only a user with read/write access can re-activate a locked user account. Syntax username username unlock Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
Page 278 AAA Commands...
Page 279: Administrative Profiles Commands
This capability is similar to the industry standard “User Roles” feature. The main difference is that the Administrative Profile is obtained via authentication rather than via authorization. This was necessary because Dell PowerConnect does not support AAA authorization of users.
Page 280: Commands In This Chapter
If the successful authentication method does not provide an Administrative Profile for a user, then the user is permitted access based upon the user’s privilege level (as in previous releases). This means that if a user successfully passes enable authentication, the user is permitted access to all commands. This is also true if none of the Administrative Profiles provided are configured on the switch.
Page 281: Admin-Profile
admin-profile Use the admin-profile command in Global Config mode to create an administrative profile. The system-defined administrative profiles cannot be deleted. When creating a profile, the user is placed into Administrative Profile Configuration mode. Use the no form of the command to delete an administrative profile and all its rules.
Page 282: Description (Administrative Profile Config)
description (Administrative Profile Config) Use the description command in Administrative Profile Configuration mode to add a description to an administrative profile. Use the no form of this command to delete the description. Syntax text description no description Parameter Description Parameter Description text A description of, or comment about, the administrative profile.
Page 283: Rule
rule Use the rule command to add a rule to an administrative profile. Use the no form of this command to delete a rule. Syntax number command-string mode-name rule {deny|permit} {command |mode number no rule Parameter Description Parameter Description number The sequence number of the rule.
Page 284: Show Admin-Profiles
show admin-profiles Use the show admin-profiles command in Privileged EXEC mode to show the administrative profiles. If the optional profile name parameter is used, only that profile will be shown. Syntax profile-name show admin-profiles [name Parameter Description Parameter Description profile-name The name of the administrative profile to display.
Page 285: Show Admin-Profiles Brief
Example console#show admin-profiles name qos Profile: qos Description: This profile allows access to QoS commands. ----------------------------------------------------------- Rule Perm Type Entity ----------------------------------------------------------- 1 permit command access-list * 2 permit command access-group * 3 permit mode class-map show admin-profiles brief Use the show admin-profiles brief command in Privileged EXEC mode to list the names of the administrative profiles defined on the switch.
Page 286: Show Cli Modes
Example console#show admin-profiles brief Profile: network-admin Profile: network-security Profile: router-admin Profile: multicast-admin Profile: dhcp-admin Profile: CP-admin Profile: network-operator show cli modes Use the show cli modes command in Privileged EXEC mode to list the names of all the CLI modes. Syntax show cli modes Default Configuration...
Page 287 global-config ethernet-config port-channel-config Administrative Profiles Commands...
Page 288 Administrative Profiles Commands...
Page 289: Acl Commands
ACL Commands Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
Page 290 classifier rule. The ACL logging feature allows these hardware hit counts to be collected on a per-rule basis and reported periodically to the network administrator using the system logging facility and an SNMP trap. The PowerConnect ACL permit/deny rule specification supports a log parameter that enables hardware hit count collection and reporting.
Page 291 Table 6-1. Common Ethertypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3)
Page 292: Access-List
Commands in this Chapter This chapter explains the following commands: access-list mac access-list extended rename deny | permit (IP ACL) service-acl input deny | permit (Mac-Access-List- show service-acl interface Configuration) ip access-group show ip access-lists mac access-group show mac access-list mac access-list extended –...
Page 293 Parameter Description Parameter Description list-name Access-list name up to 31 characters in length. deny permit Specifies whether the IP ACL rule permits or denies an action. every Allows all protocols. Equal. Refers to the Layer 4 port number being used as match criteria.
Page 294: Deny | Permit (Ip Acl)
Command Mode Global Configuration mode User Guidelines Access list names can consist of any printable character. Names can be up to 31 characters in length. Examples The following examples create an ACL to discard any HTTP traffic from 192.168.77.171, but allow all other traffic from 192.168.77.171: console(config)#access-list alpha deny ip 192.168.77.171 0.0.0.0 0.0.0.0 255.255.255.255 eq http...
Page 295 number srcip {deny | permit} {every | {{icmp | igmp | ip | tcp | udp | srcmask portkey 0-65535 dstip dstmask portkey 0-65535 [{eq { [{eq { precedence tos tosmask dscp [precedence | tos | dscp ] [log] [time-range time-range-name queue-id interface-id...
Page 296: Deny | Permit (Mac-Access-List-Configuration)
Ethertype Protocol 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – 802.1x) 0x88CC Link Layer Discovery Protocol 0x8906 Fibre Channel over Ethernet 0x8914 FCoE Initialization Protocol 0x9100 Q in Q deny permit (Mac-Access-List-Configuration) Use the deny command in Mac-Access-List Configuration mode to deny traffic if the conditions defined in the deny statement are matched.
Page 297 Parameter Description Parameter Description srcmac Valid source MAC address in format xxxx.xxxx.xxxx. srcmacmask Valid MAC address bitmask for the source MAC address in format xxxx.xxxx.xxxx. Packets sent to or received from any MAC address dstmac Valid destination MAC address in format xxxx.xxxx.xxxx. destmacmask Valid MAC address bitmask for the destination MAC address in format xxxx.xxxx.xxxx.
Page 298: Ip Access-Group
Default Configuration This command has no default configuration. Command Mode Mac-Access-List Configuration mode User Guidelines The no form of this command is not supported, as the rules within an ACL cannot be deleted individually. Rather the entire ACL must be deleted and respecified.
Page 299: Mac Access-Group
direction — Direction of the ACL. (Range: in or out. Default is in .) • seqnum — Precedence for this interface and direction. A lower sequence • number has higher precedence. Range: 1 – 4294967295. Default is Default Configuration This command has no default configuration. Command Mode Global Configuration and Interface Configuration (Ethernet, VLAN, or Port Channel) modes...
Page 300: Mac Access-List Extended
sequence — Order of access list relative to other access lists already • assigned to this interface and direction. (Range: 1-4294967295) Default Configuration The default direction is in (in-bound). Command Mode Global Configuration mode or Interface Configuration (Ethernet, VLAN or Port Channel) mode User Guidelines An optional sequence number may be specified to indicate the order of this...
Page 301: Mac Access-List Extended Rename
name no mac access-list extended name — Name of the access list. (Range: 1-31 characters) • Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Use this command to create a mac access control list. The CLI mode is changed to Mac-Access-List Configuration when this command is successfully executed.
Page 302: Service-Acl Input
Command Mode Global Configuration mode User Guidelines Command fails if the new name is the same as the old one. Example The following example shows the mac access-list extended rename command. console(config)#mac access-list extended rename DELL1 DELL2 service-acl input Use the service-acl input command in Interface Configuration mode to block Link Local Protocol Filtering (LLPF) protocol(s) on a given port.
Page 303: Show Service-Acl Interface
Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet, Port-channel) User Guidelines To specify multiple protocols, enter the protocol parameters together on the command line, separated by spaces. This command can only be entered once per interface if no intervening no service-acl input command has been entered.
Page 304: Show Ip Access-Lists
Example console#show service-acl interface gi1/0/1 Block CDP........ Enable Block VTP.........Enable Block DTP........Enable Block UDLD........ Enable Block PAGP.........Enable Block SSTP........ Enable Block All......... Enable show ip access-lists Use the show ip access-lists command in Privileged EXEC mode to display an IP ACL and time-range parameters. Syntax accesslistnumber show ip access-lists [...
Page 305: Show Mac Access-List
Examples The following example displays IP ACLs configured on a device. console#show ip access-lists Current number of ACLs: 2 Maximum number of ACLs: 100 ACL Name Rules Interface(s) Vlan(s) ----------------------------------------------------- ACL40 ACL41 show mac access-list Use the show mac access-list command in Privileged EXEC mode to display a MAC access list and all of the rules that are defined for the MAC ACL.
Page 306 Example The following example displays a MAC access list and all associated rules. console#show mac access-list DELL123 The command output provides the following information: Fields Description MAC ACL Name The name of the MAC access list. Rules The number of user-configured rules defined for the MAC ACL.
Page 307: Address Table Commands
Address Table Commands Static MAC Filtering allows the administrator to add a number of unicast or multicast MAC addresses directly to the forwarding database. This is typically a small number relative to the total size of the database. Associated with each static MAC address is a set of source ports, a set of destination ports and VLAN information.
Page 308: Clear Mac Address-Table
Commands in this Chapter This chapter explains the following commands: clear mac address-table show mac address-table show mac address-table multicast interface mac address-table aging- show mac address-table show mac address-table time static mac address-table multicast show mac address-table show mac address-table vlan forbidden address address mac address-table static...
Page 309: Mac Address-Table Aging-Time
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example In this example, the mac address-table tables are cleared. console#clear mac address-table dynamic mac address-table aging-time Use the mac address-table aging-time command in Global Configuration mode to set the aging time of the address.
Page 310: Mac Address-Table Multicast Forbidden Address
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example In this example the MAC Address Table aging time is set to 400. console(config)#mac address-table aging-time 400 mac address-table multicast forbidden address Use the mac address-table multicast forbidden address command in Global Configuration mode to forbid adding a specific Multicast address to specific ports.
Page 311: Mac Address-Table Static Vlan
Parameter Description interface-list Specify a comma separated list of interfaces, a range of interfaces, or a combination of both. Interfaces can be port- channel numbers or physical ports in unit/slot/port format. Default Configuration No forbidden addresses are defined. Command Mode Global Configuration mode User Guidelines Before defining forbidden ports, ensure that the Multicast group is registered.
Page 312: Port Security
Syntax Description Parameter Description mac-address A valid MAC address in the format xxxx.xxxx.xxxx or xx:xx:xx:xx:xx:xx vlan-id Valid VLAN ID (1-4093) interface-id The interface to which the received packet is forwarded. Default Configuration No static addresses are defined. The default mode for an added address is permanent.
Page 313: Port Security Max
Syntax port security [discard] no port security • discard — Discards frames with unlearned source addresses. This is the default if no option is indicated. Default Configuration Disabled No port security — Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines When port security is enabled on an interface, all dynamic entries learned up to that point are flushed, and new entries can be learned only to the limit set...
Page 314: Show Mac Address-Table Multicast
max-addr — The maximum number of addresses that can be learning on • the port. (Range: 0-600) Default Configuration The default value for this command is 100. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
Page 315: Show Mac Address-Table
Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines A MAC address can be displayed in IP format only if it is in the range 01:00:5e:00:00:00 through 01:00:5e:7f:ff:ff. Example In this example, Multicast MAC address table information is displayed. console#show mac address-table multicast Vlan MAC Address...
Page 316 Parameter Description This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the mac address-table are displayed. console#show mac address-table Aging time is 300 Sec Vlan Mac Address...
Page 317: Show Mac Address-Table Address
show mac address-table address Use the show mac address-table address command in User EXEC or Privileged EXEC mode to display all entries in the bridge-forwarding database for the specified MAC address. Syntax mac-address interface-id show mac address-table address [interface ] [vlan vlan-id Parameter Description Parameter...
Page 318: Show Mac Address-Table Count
---- -------------- -------- ------------- 0000.E26D.2C2A Dynamic 1/0/1 show mac address-table count Use the show mac address-table count command in User EXEC or Privileged EXEC mode to display the number of addresses present in the Forwarding Database. Syntax vlan-id interface-id show mac address-table count [vlan | interface Parameter Description Parameter...
Page 319: Show Mac Address-Table Dynamic
Secure addresses: 1 Dynamic addresses: 97 Internal addresses: 9 show mac address-table dynamic Use the show mac address-table command in User EXEC or Privileged EXEC mode to display all dynamic entries in the bridge-forwarding database. Syntax mac-address interface- show mac address-table dynamic [address ] [interface vlan-id ] [vlan...
Page 320: Show Mac Address-Table Interface
Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ------- ------------- 0000.0001.0000 Dynamic gi1/0/1 0000.8420.5010 Dynamic gi1/0/1 0000.E26D.2C2A Dynamic gi1/0/1 0000.E89A.596E Dynamic gi1/0/1 0001.02F1.0B33 Dynamic gi1/0/1 show mac address-table interface Use the show mac address-table command in User EXEC or Privileged EXEC mode to display all entries in the mac address-table.
Page 321: Show Mac Address-Table Static
Example In this example, all classes of entries in the bridge-forwarding database for gigabit Ethernet interface 1/0/1 are displayed. console#show mac address-table interface gigabitethernet 1/0/1 Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ---- ------------- 0000.0001.0000 Dynamic gi1/0/1 0000.8420.5010 Dynamic gi1/0/1 0000.E26D.2C2A Dynamic gi1/0/1 0000.E89A.596E Dynamic gi1/0/1...
Page 322: Show Mac Address-Table Vlan
Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example In this example, all static entries in the bridge-forwarding database are displayed.
Page 323: Show Ports Security
Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the bridge-forwarding database are displayed.
Page 324 Syntax port- show ports security [{gigabitethernet unit/slot/port| port-channel channel-number | tengigabitethernet unit/slot/port unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the port-lock status are displayed.
Page 325: Show Ports Security Addresses
Field Description Maximum The maximum addresses that can be associated on this port in Static Learning mode or in Dynamic Learning mode. Trap Indicates if traps would be sent in case of violation. Frequency The minimum time between consecutive traps. show ports security addresses Use the show ports security addresses command in Privileged EXEC mode to display current dynamic addresses in locked ports.
Page 326 Maximum addresses: 100 Learned addresses ------- --------- Address Table Commands...
Page 327: Auto-Voip Commands
Auto-VoIP Commands Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
Page 328: Show Switchport Voice
show switchport voice Use the show switchport voice command to show the status of Auto-VoIP on an interface or all interfaces. Syntax port- show switchport voice [gigabitethernet unit/slot/port| port-channel channel-number | tengigabitethernet unit/slot/port ] Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines...
Page 329 Gi1/0/8 Disabled Gi1/0/9 Disabled Gi1/0/10 Disabled Gi1/0/11 Disabled Gi1/0/12 Disabled Gi1/0/13 Disabled Gi1/0/14 Disabled Gi1/0/15 Disabled Gi1/0/16 Disabled Gi1/0/17 Disabled Gi1/0/18 Disabled Gi1/0/19 Disabled Gi1/0/20 Disabled Gi1/0/21 Disabled Gi1/0/22 Disabled Gi1/0/23 Disabled Gi1/0/24 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled...
Page 330: Switchport Voice Detect Auto
Po10 Disabled Po11 Disabled Po12 Disabled Po13 Disabled Po14 Disabled Po15 Disabled --More-- or (q)uit The following example shows command output when a port is specified: console#show switchport voice gigabitethernet 1/0/1 Interface Auto VoIP Mode Traffic Class --------- -------------- ------------- Gi1/0/1 Disabled The command output provides the following information:...
Page 331 Syntax switchport voice detect auto no switchport voice detect auto Default Configuration This feature is disabled by default. Command Mode Global Configuration mode, Config mode and all Config sub-modes, Interface (gigabitethernet, port-channel, tengigabitethernet) Configuration mode User Guidelines This command has no user guidelines Example console(config)#interface tengigabitethernet 1/0/1 console(config-if-Te1/0/1)#switchport voice detect auto...
Page 332 Auto-VoIP Commands...
Page 333: Cdp Interoperability Commands
CDP Interoperability Commands Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices. PowerConnect switches participate in the ISDP protocol and are able to both discover and be discovered by devices that support the Cisco Discovery Protocol (CDP).
Page 334: Clear Isdp Table
User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines...
Page 335: Isdp Enable
Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#isdp advertise-v2 isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP.
Page 336: Isdp Holdtime
Example The following example enables isdp on interface 1/0/1. console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it.
Page 337: Isdp Timer
isdp timer The isdp timer command sets period of time between sending new ISDP packets. The range is given in seconds. Use the “no” form of this command to reset the timer to the default. Syntax time isdp timer no isdp timer Parameter Description Parameter Description...
Page 338: Show Isdp Entry
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example console#show isdp Timer........ 30 Hold Time......180 Version 2 Advertisements..... Enabled Neighbors table last time changed..
Page 339 Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example console#show isdp entry Switch Device ID PC7000 Switch Address(es): IP Address: 172.20.1.18...
Page 340: Show Isdp Interface
Compiled Wed 21-Mar-07 12:20 by tinhuang show isdp interface The show isdp interface command displays ISDP settings for the specified interface. Syntax show isdp interface {all | gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port} Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines...
Page 341: Show Isdp Neighbors
1/0/8 Enabled 1/0/9 Enabled 1/0/10 Enabled 1/0/11 Enabled 1/0/12 Enabled 1/0/13 Enabled 1/0/14 Enabled 1/0/15 Enabled 1/0/16 Enabled 1/0/17 Enabled 1/0/18 Enabled 1/0/19 Enabled 1/0/20 Enabled 1/0/21 Enabled 1/0/22 Enabled 1/0/23 Enabled 1/0/24 Enabled console#show isdp interface gigabitethernet 1/0/1 Interface Mode --------------- ----------...
Page 342 Syntax unit/slot/port show isdp neighbors {[gigabitethernet | tengigabitethernet unit/slot/port | detail]} Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The information displayed varies based upon the information received from the ISDP neighbor.
Page 343: Show Isdp Traffic
Interface 1/0/1 Port ID GigabitEthernet1/1 Holdtime Advertisement Version Entry last changed time 0 days 00:55:20 Version : Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 21-Mar-07 12:20 by tinhuang show isdp traffic The show isdp traffic command displays ISDP statistics.
Page 344 ISDP Packets Transmitted....... 127 ISDPv1 Packets Received......0 ISDPv1 Packets Transmitted..... 0 ISDPv2 Packets Received......4253 ISDPv2 Packets Transmitted..... 4351 ISDP Bad Header........ 0 ISDP Checksum Error......0 ISDP Transmission Failure...... 0 ISDP Invalid Format......0 ISDP Table Full........ 392 ISDP Ip Address Table Full.....
Page 345: Dhcp Layer 2 Relay Commands
DHCP Layer 2 Relay Commands In the majority of network configurations, DHCP clients and their associated servers do not reside on the same IP network or subnet. Therefore, some kind of third-party agent is required to transfer DHCP messages between clients and servers.
Page 346: Dhcp L2Relay (Interface Configuration)
Syntax dhcp l2relay no dhcp l2relay Default Configuration DHCP L2 Relay is disabled by default. Command Mode Global Configuration. User Guidelines There are no user guidelines for this command. Example console(config)#dhcp l2relay dhcp l2relay (Interface Configuration) Use the dhcp l2relay command to enable DHCP L2 Relay for an interface. Use the "no"...
Page 347: Dhcp L2Relay Circuit-Id
Example console(config-if-Gi1/0/1)#dhcp l2relay dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82. Use the "no" form of this command to disable setting the DHCP Option 82 Circuit ID.
Page 348: Dhcp L2Relay Remote-Id
dhcp l2relay remote-id Use the dhcp l2relay remote-id command to enable setting the DHCP Option 82 Remote ID for a VLAN. When enabled, the supplied string is used for the Remote ID in DHCP Option 82. Use the "no" form of this command to disable setting the DHCP Option 82 Remote ID.
Page 349: Dhcp L2Relay Vlan
Syntax dhcp l2relay trust no dhcp l2relay trust Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay trust dhcp l2relay vlan Use the dhcp l2relay vlan command to enable the L2 DHCP Relay agent for a set of VLANs.
Page 350: Show Dhcp L2Relay All
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#dhcp l2relay vlan 10,340-345 show dhcp l2relay all Use the show dhcp l2relay all command in Privileged EXEC mode to display the summary of DHCP L2 Relay configuration. Syntax show dhcp l2relay all Default Configuration...
Page 351: Show Dhcp L2Relay Interface
VLAN Id L2 Relay CircuitId RemoteId --------- ---------- ----------- ------------ Disabled Enabled --NULL-- Enabled Enabled --NULL-- Enabled Enabled broadcom Enabled Disabled --NULL-- Enabled Disabled --NULL-- Enabled Disabled --NULL-- Enabled Disabled --NULL-- show dhcp l2relay interface Use the show dhcp l2relay interface command in Privileged EXEC mode to display DHCP L2 Relay configuration specific to interfaces.
Page 352: Show Dhcp L2Relay Stats Interface
Example console#show dhcp l2relay interface all DHCP L2 Relay is Enabled. Interface L2RelayMode TrustMode ---------- ----------- -------------- Enabled untrusted Disabled trusted show dhcp l2relay stats interface Use the show dhcp l2relay stats interface command in Privileged EXEC mode to display DHCP L2 Relay statistics specific to interfaces. Syntax interface-id show dhcp l2relay stats interface {all |...
Page 353: Show Dhcp L2Relay Subscription Interface
DHCP L2 Relay is Enabled. Interface UntrustedServer UntrustedClient TrustedServer TrustedClient MsgsWithOpt82 MsgsWithOpt82 MsgsWithoutOpt82 MsgsWithoutOpt82 --------- --------------- ----------------- ----------------- ---------- Gi1/0/1 Gi1/0/2 Gi1/0/3 show dhcp l2relay subscription interface Use the show dhcp l2relay subscription interface command in Privileged EXEC mode to display DHCP L2 Relay Option-82 configuration specific to interfaces.
Page 354 Syntax vlan-range show dhcp l2relay agent-option vlan Parameter Description Parameter Description vlan-range Show information for the specified VLAN range. A range may be a single VLAN ID or two VLAN IDs separated by a single dash with no embedded spaces. Default Configuration This command has no default configuration.
Page 355: Show Dhcp L2Relay Vlan
show dhcp l2relay vlan Use the show dhcp l2relay vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled on the specified VLAN or VLAN range. Syntax vlan-range show dhcp l2relay vlan Parameter Description Parameter Description vlan-range Show information for the specified VLAN range.
Page 356: Show Dhcp L2Relay Circuit-Id Vlan
show dhcp l2relay circuit-id vlan Use the show dhcp l2relay circuit-id vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled and whether the DHCP Circuit-ID option is enabled on the specified VLAN or VLAN range. Syntax vlan-range show dhcp l2relay circuit-id vlan...
Page 357: Show Dhcp L2Relay Remote-Id Vlan
show dhcp l2relay remote-id vlan Use the show dhcp l2relay remote-id vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled and shows the remote ID configured on the specified VLAN or VLAN range. Syntax vlan-range show dhcp l2relay remote-id vlan Parameter Description...
Page 358: Clear Dhcp L2Relay Statistics Interface
clear dhcp l2relay statistics interface Use the show dhcp l2relay statistics interface command in Privileged EXEC mode to reset the DHCP L2 Relay counters to zero. Specify the port with the counters to clear, or use the all keyword to clear the counters on all ports. Syntax interface-id clear dhcp l2relay statistics interface {all |...
Page 359: Dhcp Management Interface Commands
DHCP Management Interface Commands PowerConnect switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP .
Page 360: Release Dhcp
renew dhcp show dhcp lease release dhcp Use the release dhcp command in Privileged EXEC mode to force the DHCPv4 client to release a leased address. Syntax interface-id release dhcp Parameter Description Parameter Description interface-id Any valid VLAN interface. See Interface Naming Conventions for interface representation.
Page 361: Renew Dhcp
Example console#release dhcp vlan2 renew dhcp Use the renew dhcp command in Privileged EXEC mode to force the DHCP client to immediately renew an IPv4 address lease. Syntax interface-id renew dhcp { | out-of-band} Parameter Description Parameter Description interface-id Any valid routing interface. See Interface Naming Conventions for interface representation.
Page 362: Debug Dhcp Packet
Examples The first example is for routing interfaces. console#renew dhcp vlan 2 The second example is for out-of-band port. console#renew dhcp out-of-band debug dhcp packet Use the debug dhcp packet command in Privileged EXEC mode to display debug information about DHCPv4 client activities and to trace DHCPv4 packets to and from the local DHCPv4 client.
Page 363: Show Dhcp Lease
console#debug dhcp packet transmit The third example is for receive flow. console#debug dhcp packet receive show dhcp lease Use the show dhcp lease command in Privileged EXEC mode to display IPv4 addresses leased from a DHCP server. Syntax interface-id show dhcp lease [interface Parameter Description Parameter Description...
Page 364 Term Description DHCP Lease server The IPv4 address of the DHCP server that leased the address. State State of the DHCPv4 Client on this interface. DHCP transaction The transaction ID of the DHCPv4 Client. Lease The time (in seconds) that the IP address was leased by the server.
Page 365 DHCP Lease server: 10.1.20.3, state: 5 Bound DHCP transaction id: 0x7AD Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs Retry count: 0 DHCP Management Interface Commands...
Page 366 DHCP Management Interface Commands...
Page 367: Dhcp Snooping Commands
DHCP Snooping Commands DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized. The DHCP snooping application processes incoming DHCP messages.
Page 368: Clear Ip Dhcp Snooping Binding
Commands in this Chapter This chapter explains the following commands: clear ip dhcp snooping binding ip dhcp snooping trust clear ip dhcp snooping statistics ip dhcp snooping verify mac-address ip dhcp snooping show ip dhcp snooping ip dhcp snooping binding show ip dhcp snooping binding ip dhcp snooping database show ip dhcp snooping database...
Page 369: Clear Ip Dhcp Snooping Statistics
User Guidelines There are no user guidelines for this command. clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines...
Page 370: Ip Dhcp Snooping Binding
Default Configuration DHCP Snooping is disabled by default. Command Mode Global Configuration mode User Guidelines In order to enable DHCP snooping, perform the following three steps: 1 Enable DHCP Snooping globally. 2 Enable DHCP Snooping per VLAN. 3 Set DHCP Snooping trusted port on the port in the DHCP server direction.
Page 371: Ip Dhcp Snooping Database
Parameter Description Parameter Description mac-address The client's MAC address. vlan-id The number of the VLAN the client is authorized to use. ip-address The IP address of the client. interface The interface on which the client is authorized. The form is unit/slot/port.
Page 372: Ip Dhcp Snooping Database Write-Delay
Parameter Description Parameter Description hostIP The IP address of the remote host. filename The name of the file for the database on the remote host. The filename may contain any printable character and is checked only when attempting to open the file. Default Configuration The database is stored locally by default.
Page 373: Ip Dhcp Snooping Limit
no ip dhcp snooping database write-delay Parameter Description Parameter Description seconds The write delay (Range: 15–86400 seconds). Default Configuration The write delay is 300 seconds by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping database write-delay 500 ip dhcp snooping limit...
Page 374: Ip Dhcp Snooping Log-Invalid
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines If DHCP packets are received on a port at a rate that exceeds the threshold for the specified time, the port will be diagnostically disabled. The threshold is configurable up to 300 pps, and the burst is configurable up to 15s long. The default is 15 pps.
Page 375: Ip Dhcp Snooping Trust
Example console(config-if-1/0/1)#ip dhcp snooping log-invalid console(config-if-1/0/1)#no ip dhcp snooping log-invalid ip dhcp snooping trust Use the ip dhcp snooping trust command to configure a port as trusted. Use the “no” form of this command to configure a port as untrusted. Syntax ip dhcp snooping trust no ip dhcp snooping trust...
Page 376: Show Ip Dhcp Snooping
Syntax ip dhcp snooping verify mac-address no ip dhcp snooping verify mac-address Default Configuration Source MAC address verification is enabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping verify mac-address show ip dhcp snooping Use the show ip dhcp snooping command to display the DHCP snooping global configuration.
Page 377: Show Ip Dhcp Snooping Binding
User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping DHCP snooping is Disabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs: 11 - 30, 40 Interface Trusted Log Invalid Pkts --------- --------...
Page 378: Show Ip Dhcp Snooping Database
vlan-id — The number of the VLAN for which to show bindings. • Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping binding Total number of bindings: 2...
Page 379: Show Ip Dhcp Snooping Interfaces
Command Mode User EXEC, Privileged EXEC, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping database agent url: /10.131.13.79:/sai1.txt write-delay: 5000 show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces.
Page 380: Show Ip Dhcp Snooping Statistics
Interface Trust State Rate Limit Burst Interval (pps) (seconds) ---------- ------------- ------------- --------------- 1/0/1 1/0/2 1/0/3 console#show ip dhcp snooping interfaces gigabitethernet 1/0/15 Interface Trust State Rate Limit Burst Interval (pps) (seconds) ---------- ------------- ------------- --------------- 1/0/15 show ip dhcp snooping statistics Use the show ip dhcp snooping statistics command to display the DHCP snooping filtration statistics.
Page 381 User Guidelines The following fields are displayed by this command: Fields Description MAC Verify The number of DHCP messages that were filtered on an Failures untrusted interface because of source MAC address and client MAC address mismatch. Client Ifc The number of DHCP release and Deny messages received on Mismatch the different ports than previously learned.
Page 382 1/0/13 1/0/14 1/0/15 1/0/16 1/0/17 1/0/18 1/0/19 1/0/20 DHCP Snooping Commands...
Page 383: Dynamic Arp Inspection Commands
Dynamic ARP Inspection Commands Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors. The miscreant sends ARP requests or responses mapping another station IP address to its own MAC address.
Page 384: Clear Ip Arp Inspection Statistics
Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command in Privileged EXEC mode to reset the statistics for Dynamic Address Resolution Protocol (ARP) inspection on all VLANs.
Page 385: Ip Arp Inspection Filter
Example console#clear ip arp inspection statistics ip arp inspection filter Use the ip arp inspection filter command to configure the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings.
Page 386: Ip Arp Inspection Trust
Configuring none for the limit means the interface is not rate limited for Dynamic ARP Inspection. Syntax seconds ip arp inspection limit {none | rate [burst interval no ip arp inspection limit • none — To set no rate limit. pps —...
Page 387: Ip Arp Inspection Validate
Syntax ip arp inspection trust no ip arp inspection trust Default Configuration Interfaces are configured as untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines There are no user guidelines for this command. Example console(config-if-1/0/3)#ip arp inspection trust ip arp inspection validate Use the ip arp inspection validate command to enable additional validation checks like source MAC address validation, destination MAC address...
Page 388: Ip Arp Inspection Vlan
• For validating the IP address of an ARP packet. — Default Configuration There is no additional validation enabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console(config)#ip arp inspection validate src-mac dst-mac ip console(config)#ip arp inspection validate src-mac ip console(config)#ip arp inspection validate dst-mac ip console(config)#ip arp inspection validate ip...
Page 389: Permit Ip Host Mac Host
User Guidelines There are no user guidelines for this command. Example console(config)#ip arp inspection vlan 200-300 console(config)#ip arp inspection vlan 200-300 logging permit ip host mac host Use the permit ip host mac host command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation.
Page 390: Show Arp Access-List
show arp access-list Use the show arp access-list command to display the configured ARP ACLs with the rules. Giving an ARP ACL name as the argument would display only the rules in that ARP ACL. Syntax acl-name show arp access-list [ acl-name —...
Page 391 Syntax interface-id vlan-range show ip arp inspection [interfaces [ ] | statistics [vlan vlan-range | vlan Parameter Description Parameter Description interfaces Display the Dynamic ARP Inspection configuration on all the interface-id DAI enabled interfaces. Giving an interface argument, it displays the values for that interface. statistics vlan vlan- Display the statistics of the ARP packets processed by Dynamic...
Page 392 DHCP Drops The number of packets dropped due to DHCP Snooping binding database match failure. ACL Drops The number of packets dropped due to ARP ACL rule match failure. DHCP Permits The number of packets permitted due to DHCP snooping binding database match.
Page 393: Show Ip Arp Inspection Vlan
VLAN Forwarded Dropped ---- --------- ------- console#show ip arp inspection statistics vlan 10,20 VLAN DHCP DHCP Bad Src Bad Dest Invalid Drops Drops Permits Permits ---- ---------- ---------- ---------- ---------- ---------- ---------- ------ show ip arp inspection vlan Use the show ip arp inspection vlan command to display the Dynamic ARP Inspection configuration on all the VLANs in the given VLAN range.
Page 394 Parameter Description Source Mac Validation If Source Mac validation of ARP frame is enabled. Destination Mac If Destination Mac validation of ARP Response frame is Validation enabled. IP Address Validation If IP address validation of ARP frame is enabled. The following fields are displayed for each VLAN: Field Description VLAN...
Page 395: E-Mail Alerting Commands
E-mail Alerting Commands E-mail Alerting is an extension of the logging system. The PowerConnect logging system allows the user to configure a variety of destinations for log messages. This feature adds e-mail configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
Page 396: Logging Email
logging email show logging email statistics logging email urgent clear logging email statistics logging traps security logging email message-type to-addr mail-server ip-address | hostname logging email from-addr port (Mail Server Configuration Mode) logging email message-type subject username (Mail Server Configuration Mode) logging email logtime password (Mail Server Configuration...
Page 397 Parameter Description Parameter Description severity If you specify a severity level, log messages at or above the severity level are e-mailed. The severity level may either be specified by keyword or as an integer from 0 to 7. The accepted keywords, and the numeric severity level each represents, are as follows.
Page 398: Logging Email Urgent
logging email urgent Use the logging email urgent command in Global Configuration mode to set the lowest severity level at which log messages are e-mailed in an urgent manner. To revert the urgent severity level to its default value, use the no form of this command.
Page 399: Logging Traps
Command Mode Global Configuration mode User Guidelines Log messages at or above this severity level are considered urgent. By default, Emergency and Alert log messages are considered urgent. Urgent log messages are e-mailed immediately, one log message per e-mail message, and do not wait for the log time to expire.
Page 400: Logging Email Message-Type To-Addr
Default Configuration The default severity level is info(6). Command Mode Global Configuration mode User Guidelines You can filter log messages that appear in the buffered log by severity level. You can specify the severity level of log messages that are e-mailed. You can use this command to specify the severity level at which SNMP traps are logged, and thus control whether traps appear in the buffered log or are e- mailed and, if they are e-mailed, whether traps are considered urgent or non-...
Page 401: Logging Email From-Addr
Command Mode Global Configuration User Guidelines This command removes the configured to-addr field of e-mail. logging email from-addr Use the logging email from-addr command in Global Configuration mode to configure the From address of the e-mail. Use the no form of this command to remove the e-mail source address.
Page 402: Logging Email Logtime
Syntax message-type subject logging email message-type subject message-type no logging email message-type subject Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The user must enter the message-type parameter manually as tab and space bar completion do not work for this parameter.
Page 403: Logging Email Test Message-Type
Command Mode Global Configuration User Guidelines This command has no user guidelines. logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server. Syntax message-type message-body...
Page 404: Show Logging Email Statistics
show logging email statistics Use the show logging email statistics command in Privileged EXEC mode to show the statistics about the e-mails. The command displays information on how many e-mails are sent, how many e-mails failed, when the last e-mail was sent, how long it has been since the last e-mail was sent, how long it has been since the e-mail changed to disabled mode.
Page 405: Security
Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines. security Use the security command in Mail Server Configuration mode to set the e- mail alerting security protocol. This enables and disables the switch to use TLS authentication with the SMTP Server.
Page 406: Mail-Server Ip-Address | Hostname
mail-server ip-address hostname Use the mail-server ip-address | hostname command in Global Configuration mode to configure the SMTP server IP address and change the mode to Mail Server Configuration mode. The server address can be in the IPv4, IPv6, or DNS name format. Use the no form of this command to remove the configured SMTP server address.
Page 407: Port (Mail Server Configuration Mode)
port (Mail Server Configuration Mode) Use the port command in Mail Server Configuration mode to configure the TCP port to use for communication with the SMTP server. Port can be set to 465 or 25. Use the no form of the command to revert the SMTP port to the default port.
Page 408: Password (Mail Server Configuration Mode)
Parameter Description This command does not require a parameter description. Default Configuration The default value for username is admin. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. password (Mail Server Configuration Mode) Use the password command in Mail Server Configuration mode to configure the password required to authenticate to the e-mail server.
Page 409: Show Mail-Server
show mail-server Use the show mail-server command in Privileged EXEC mode to display the configuration of all the mail servers or a particular mail server. Syntax ip-address hostname show mail-server { | all} Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
Page 410 SMTP server authentication details: Username: admin Mail server2 configuration: SMTP server IP Address: 10.131.1.31 SMTP server Port: SMTP server security protocol: SMTP server authentication details: Username: admin console#show mail-server ip-address 10.131.1.11 SMTP server IP Address: 10.131.1.11 SMTP server Port: SMTP server security protocol: SMTP server authentication details: Username: admin...
Page 411: Ethernet Configuration Commands
Ethernet Configuration Commands PowerConnect switches support a variety of configuration options to optimize network operations. Features such as flow-control and jumbo frames are supported along with a variety of commands to display traffic statistics as well as limit the effects of network loops or other network issues. Jumbo frame technology is employed in certain situations to reduce the task load on a server CPU and to transmit large amounts of data efficiently.
Page 412: Clear Counters
On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. speed duplex commands control interface link speeds and auto-...
Page 413: Description
Command Mode Privileged EXEC mode User Guidelines Use of the clear counters command with no parameters indicates that both switch and all interface statistics are to be cleared. Example In the following example, the counters for port 1/0/1 are cleared. console#clear counters gigabitethernet 1/0/1 description Use the description command in Interface Configuration mode to add a...
Page 414: Duplex
Example The following example adds a description to the Ethernet port 5. console(config)#interface gigabitethernet 1/0/5 console(config-if-1/0/5)# description RD_SW#3 duplex Use the duplex command in Interface Configuration mode to configure the duplex operation of a given Ethernet interface. To restore the default, use the no form of this command.
Page 415: Flowcontrol
parameter. Fiber ports do not support auto-negotiation and therefore require the operator to enter the duplex full command and the speed command with the desired operating bandwidth. Disabling auto-negotiation on 1G copper ports may lead to random frame loss as the clock master has not been arbitrated by the auto-negotiation process.
Page 416: Interface
interface Use this command to configure parameters for the gigabit Ethernet and ten- gigabit Ethernet ports, and for port-channels. While in Global Configuration mode, enter the interface command (with a specific interface). To exit to Global Configuration mode, enter exit. To return to Privileged EXEC mode, press Ctrl-Z or enter end.
Page 417: Interface Range
interface range Use the interface range command in Global Configuration mode to execute a command on multiple ports at the same time. NOTE: An additional form of this command enables configuring a range of VLANs. interface range vlan. Syntax port-rang port-type interface range { all}...
Page 418 console(config-if-range)# The following example shows how all gigabitethernet ports can be configured at once. console(config)# interface range gigabitethernet all console(config-if-range)# The following examples demonstrate various valid interface ranges: console(config)#interface range gigabitEthernet 1/0/1-20 console(config)#interface range gi1/0/20-48 console(config)#interface range gi1/0/1,gi1/0/48 console(config)#interface range gi2/0/1-10,gi1/0/30 console(config)#interface range gi1/0/1-10,gi1/0/30-48 console(config)#interface range gi1/0/1,te1/1/1 console(config)#interface range gigabitEthernet...
Page 419: Show Interfaces Advertise
User Guidelines Because the switch does not fragment frames, received frames that are larger than the MTU setting are dropped. Packets originated by the CPU are fragmented on transmission if the link MTU is smaller than the IP MTU. Setting the MTU less than the IPv4 MTU causes CPU-generated IPv4 packets to be fragmented.
Page 420 User Guidelines The priority resolution field indicates the auto-negotiated link speed and duplex. The clock field indicates whether the local interface has auto- negotiated to clock master or clock slave. When the link is down, the field will show No link. When the link is down, the Oper Peer Advertisement and Priority Resolution fields will show dashes.
Page 421: Show Interfaces Configuration
Port: Gi1/0/1 Type: Gigabit - Level Link State: Down Auto Negotiation: Enabled 802.3az EEE: Disabled Clock: Master 1000f 1000h 100f 100h 10f 10h ----- ----- ---- ---- --- --- Admin Local Link Advertisement no yes no Oper Local Link Advertisement yes no Oper Peer Advertisement yes yes...
Page 422 Example The following example displays the configuration for all configured interfaces: console>show interfaces configuration Port Type Duplex Speed Admin State ----- ------------------------------ ------ ------- ---- ----- 1/0/1 Gigabit - Level Full Auto 1/0/2 Gigabit - Level Unknown Auto 1/0/3 Gigabit - Level Unknown Auto 1/0/4...
Page 423: Show Interfaces Counters
Field Description Port Type The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling including both Tx and Rx transmissions. Duplex Displays the port Duplex status. Speed Refers to the port speed. Describes the Auto-negotiation status. Admin State Displays whether the port is enabled or disabled.
Page 424 3/0/1 123899 1788 Port OutOctets OutUcastPkts ---- ---------- --------- 1/0/1 9188 2/0/1 3/0/1 8789 InOctets InUcastPkts ---- ---------- --------- 27889 OutOctets OutUcastPkts ---- ---------- --------- 23739 The following example displays counters for Ethernet port 1/0/1. console(config-if-Te1/0/1)#show interfaces counters te1/0/1 Port InOctets InUcastPkts InMcastPkts...
Page 425 Excessive Collisions: ......0 Multiple Collisions: ......0 Oversize Packets: ......0 Internal MAC Rx Errors: ....... 0 Received Pause Frames: ......0 Transmitted Pause Frames: ..... 0 Received PFC Frames: ......0 Transmitted PFC Frames: ....... 0 The following table describes the fields shown in the display: Field Description InOctets...
Page 426: Show Interfaces Description
Field Description Oversize Packets Counted frames received that exceed the maximum permitted frame size. Internal MAC Rx Errors A count of frames for which reception fails due to an internal MAC sublayer receive error. Received Pause Frames A count of MAC Control frames received with an opcode indicating the PAUSE operation.
Page 427: Show Interfaces Detail
Example The following example displays the description for all interfaces. console>show interfaces description Port Description ---- ------------------------------------------------ 1/0/1 Port that should be used for management only 2/0/1 2/0/2 Description ---- ----------- Output show interfaces detail Use the show interfaces detail command in Privileged EXEC mode to display detailed status and configuration of the specified interface.
Page 428 User Guidelines This command has no user guidelines. Example The following example displays detailed status and configuration of the specified interface. console#show interfaces detail gi1/0/1 Port Type Duplex Speed Admin Link State State ----- ------------------------------ ------ ------- ---- ----- ----- Gi1/0/1Gigabit - Level Unknown Auto...
Page 429: Show Interfaces Status
VLAN Name Egress rule ---- --------------------------------- ----------- Forbidden VLANS: VLAN Name ---- --------------------------------- Port Gi1/0/1 Enabled State: Disabled Role: Disabled Port id: 128.1 Port Cost: 0 Port Fast: No (Configured: no) Root Protection: No Designated bridge Priority: 32768 Address: 001E.C9AA.AF51 Designated port id: 128.1 Designated path cost: 40000 CST Regional Root: 80:00:00:1E:C9:AA:AF:51...
Page 430: Show Statistics
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines Port channels are only displayed if configured. Use the show interfaces port- channel command to display configured and unconfigured port channels. Interfaces configured as stacking ports will show as detached in the output of show interfaces status command.
Page 431 Parameter Description Parameter Description unit/slot/port A valid interface. See Interface Naming Conventions interface representation. switchport Displays statistics for the entire switch. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
Page 432 Packets RX and TX 512-1023 Octets....0 Packets RX and TX 1024-1518 Octets..... 0 Packets RX and TX 1519-2047 Octets..... 0 Packets RX and TX 2048-4095 Octets..... 0 Packets RX and TX 4096-9216 Octets..... 0 Total Packets Received Without Errors..0 Unicast Packets Received.......
Page 433 Packets Transmitted > 1518 Octets....0 Max Frame Size......... 1518 Total Packets Transmitted Successfully..0 Unicast Packets Transmitted....0 Multicast Packets Transmitted....0 Broadcast Packets Transmitted....0 Total Transmit Errors......0 Total Transmit Packets Discarded....0 Single Collision Frames......0 Multiple Collision Frames......
Page 434: Show Statistics Switchport
show statistics switchport Use the show statistics command in Privileged EXEC mode to display detailed statistics for a specific port or for the entire switch. Syntax interface-id show statistics { |switchport} Parameter Description Parameter Description interface-id Interface id. See Interface Naming Conventions for interface representation.
Page 435 Broadcast Packets Received..... 0 Receive Packets Discarded...... 0 Octets Transmitted......0 Packets Transmitted Without Errors..... 0 Unicast Packets Transmitted....0 Multicast Packets Transmitted....0 Broadcast Packets Transmitted....0 Transmit Packets Discarded..... 0 Most Address Entries Ever Used....3 Address Entries Currently in Use....3 Maximum VLAN Entries......
Page 436: Show Storm-Control
show storm-control Use the show storm-control command in Privileged EXEC mode to display the configuration of storm control. Syntax show storm-control [all | {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
Page 437: Shutdown
shutdown Use the shutdown command in Interface Configuration mode to disable an interface. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, Port-Channel, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
Page 438 Syntax speed {10 | 100 | 1000 | 10000 | auto [10 | 100 | 1000 | 10000]} no speed Parameter Description Parameter Description Configures the port to 10 Mbps operation. Configures the port to 100 Mbps operation. 1000 Configures the port to 1000 Mbps operation. 10000 Configures the port to 10 Gbps operation.
Page 439: Storm-Control Broadcast
support all speeds, even if they are available in the command. Entering an unsupported speed will produce the following error message An invalid interface has been used for this function. Fiber ports do not support auto-negotiation. Both ends of fiber connections must be set to full-duplex and the same speed.
Page 440: Storm-Control Multicast
Example console(config-if-1/0/1)#storm-control broadcast level 5 storm-control multicast Use the storm-control multicast command in Interface Configuration mode to enable multicast storm recovery mode for an interface. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 441: Storm-Control Unicast
storm-control unicast Use the storm-control unicast command in Interface Configuration mode to enable unknown unicast storm control for an interface. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 442: Switchport Protected
switchport protected Use the switchport protected command in Interface Configuration mode to groupid configure a protected port. The parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group. You are required to remove an interface from one group before adding it to another group.
Page 443: Switchport Protected Name
switchport protected name Use the switchport protected name command in Global Configuration mode to adds the port to the protected group 1 and also sets the group name to "protected". Syntax groupid name switchport protected name groupid no switchport protected name groupid —...
Page 444: Show Switchport Protected
show switchport protected Use the show switchport protected command in Privileged EXEC mode to display the status of all the interfaces, including protected and unprotected interfaces. Syntax groupid show switchport protected groupid — Identifies which group the port is to be protected in. •...
Page 445: Ethernet Cfm Commands
Ethernet CFM Commands Connectivity Fault Management (CFM) is the OAM Protocol provision for end-to-end service layer OAM in carrier Ethernet networks. CFM provides mechanisms to support the operator in performing connectivity checks, fault detection, fault verification and isolation, and fault notification per service in the network domain of interest.
Page 446: Ethernet Cfm Domain
ethernet cfm mep archive-hold-time show ethernet cfm statistics ethernet cfm mip level debug cfm ethernet cfm domain Use the ethernet cfm domain command in Global Configuration mode to enter into maintenance domain config mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain config mode.
Page 447: Service
User Guidelines Each domain must have a unique name and level, for example, one cannot create a domain qwerty at level 2 if domain qwerty already exists at level 1. Likewise, one cannot create a domain dvorak at level 2 if a domain of any name exists at level 2.
Page 448: Ethernet Cfm Cc Level
Command Mode Maintenance domain config mode User Guidelines This command has no user guidelines. Example console(config-cfm-mdomain)#service serv1 vlan 10 ethernet cfm cc level Use the ethernet cfm cc level command in Global Configuration mode to initiate sending continuity checks (CCMs) at the specified interval and level on a VLAN monitored by an existing domain.
Page 449: Ethernet Cfm Mep Level
Default Configuration CCMs are not sent by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#ethernet cfm cc level 1 vlan 15 interval 10 ethernet cfm mep level Use the ethernet cfm mep level command in Interface Configuration mode to create a Maintenance End Point (MEP) on an interface at the specified level and direction.
Page 450: Ethernet Cfm Mep Enable
Command Mode Interface Configuration User Guidelines This command has no user guidelines. Example The following example creates a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep level 1 direction up mpid 1010 vlan 10 ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction.
Page 451: Ethernet Cfm Mep Active
User Guidelines The maintenance domain must exist for it to be enabled. Example The following example enables a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep enable level 1 vlan 10 mpid 1010 ethernet cfm mep active Use the ethernet cfm mep active command in Interface Configuration mode to activate a MEP at the specified level and direction.
Page 452: Ethernet Cfm Mep Archive-Hold-Time
ethernet cfm mep archive-hold-time Use the ethernet cfm mep archive-hold-time command in Interface Configuration mode to maintain internal information on a missing MEP. Use the no form of the command to return the interval to the default value. Syntax hold-time ethernet cfm mep archive-hold-time Parameter Description Parameter...
Page 453: Ping Ethernet Cfm
Syntax ethernet cfm mip level Parameter Description Parameter Description level Maintenance association level Default Configuration No MIPs are preconfigured. Command Mode Interface Configuration User Guidelines This command has no user guidelines. Example console(config-if-gi1/0/1)# ethernet cfm mip level <7> ping ethernet cfm Use the ping ethernet cfm command in Privileged EXEC mode to generate a loopback message (LBM) from the configured MEP .
Page 454: Traceroute Ethernet Cfm
Parameter Description mac-addr The destination MAC address for which the connectivity needs to be verified. Either MEP ID or the MAC address option can be used. remote-mpid The MEP ID for which connectivity is to be verified; i.e. the destination MEP ID. domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 455 Syntax mac-addr 1-8191 traceroute ethernet cfm {mac | remote-mpid } {domain domain name vlan-id 1-8191 1-255 | level } vlan mpid [ttl Parameter Description Parameter Description level Maintenance association level mac-addr The destination MAC address for which the route needs to be traced.
Page 456: Show Ethernet Cfm Errors
show ethernet cfm errors Use the show ethernet cfm errors command in Privileged EXEC mode to display the cfm errors. Syntax domain-id show ethernet cfm errors {domain | level Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 457: Show Ethernet Cfm Maintenance-Points Local
Syntax domain-id show ethernet cfm domain {brief | Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
Page 458 Syntax interface- show ethernet cfm maintenance-points local {level | interface domain-name | domain Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). level Maintenance association level interface-id Show all MPs associated with the interface. Default Configuration This command has no default configuration.
Page 459: Show Ethernet Cfm Maintenance-Points Remote
show ethernet cfm maintenance-points remote Use the show ethernet cfm maintenance-points remote command in Privileged EXEC mode to display the configured remote maintenance points. Syntax domain- show ethernet cfm maintenance-points remote {level | domain name mac-address MEPId domain-name | detail [mac | mep ] [domain vlan-id...
Page 460: Show Ethernet Cfm Statistics
MEP Id RMEP Id Level VLAN Expiry Timer(sec) Service Id ------ ------- ----- ----------------- ---- ----------------- ----------- 00:11:22:33:44:55 10 serv1 show ethernet cfm statistics Use the show ethernet cfm maintenance-points remote command in Privileged EXEC mode to display the CFM statistics. Syntax domain-name show ethernet cfm statistics [domain...
Page 461: Debug Cfm
Out-of-sequence CCM's received CCM's transmitted : 259 In-order Loopback Replies received Out-of-order Loopback Replies received: 0 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 2' ------------------------------------------------------------------ Out-of-sequence CCM's received CCM's transmitted In-order Loopback Replies received...
Page 462 Syntax debug cfm {event | {pdu {all | ccm | ltm | lbm |} {tx | rx}}} Parameter Description Parameter Description event CFM events CFM PDUs Continuity check messages Link trace messages Loopback messages Transmit only Receive only Everything Default Configuration This command has no default configuration.
Page 463 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 2' ------------------------------------------------------------------ Out-of-sequence CCM's received CCM's transmitted In-order Loopback Replies received Out-of-order Loopback Replies received: 5 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received ------------------------------------------------------------------...
Page 464 Ethernet CFM Commands...
Page 465: Green Ethernet Commands
Green Ethernet Commands PowerConnect switches support various Green Ethernet modes, i.e., power saving modes, namely: • Energy-Detect Mode • Energy Efficient Ethernet These modes can enable significant operational cost reductions through direct power savings and reducing cooling costs. Energy-Detect Mode With this mode enabled, when the port link is down the PHY automatically goes down for short periods of time and then wakes up periodically to check for link pulses.
Page 466: Green-Mode Energy-Detect
– green-mode energy-detect This command enables a Dell proprietary mode of power reduction on ports that are not connected to another interface. Use the green-mode energy- detect command in Interface Configuration mode to enable energy-detect mode on an interface or all the interfaces. Energy-detect mode is disabled by default on 1G copper interfaces and enabled by default on 10G copper interfaces.
Page 467: Green-Mode Eee
User Guidelines Cable diagnostics (show copper-ports commands) may give misleading results if green mode is enabled on the port. Disable green mode prior to running any cable diagnostics. green-mode eee Use the green-mode eee command in Interface Configuration mode to enable EEE low power idle mode on an interface.
Page 468: Clear Green-Mode Statistics
clear green-mode statistics Use the clear green-mode statistics command in Privileged EXEC mode to clear: • The EEE LPI event count, and LPI duration • The EEE LPI history table entries • The Cumulative Power savings estimates for a specified interface or for all the interfaces based upon the argument. Syntax interface-id clear green-mode statistics {...
Page 469 Syntax 30 sec 36000 sec green-mode eee-lpi-history {sampling-interval – | max- samples Parameter Description Parameter Description sampling-interval The interval in seconds at which power consumption data needs to be collected. max-samples Maximum number of samples to keep. Default Configuration The sampling-interval default value is 3600 seconds and the max-samples default value is 168.
Page 470 interface-id show green-mode interface-id Use the show green-mode command in Privileged EXEC mode to display the green-mode configuration and operational status of the port. This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled.
Page 471 Term Description Reason for Energy- The energy detect mode may be administratively enabled, but detect current the operational status may be inactive. The possible reasons are: operational status Port is currently operating in the fiber mode Link is up. If the energy-detect operational status is active, then the reason field shows up as: No energy Detected EEE Admin Mode...
Page 472 Term Description Tw_sys_rx Echo Integer that indicates the remote systems Receive Tw_sys that (μSec) was used by the local system to compute the Tw_sys that it can support. This value maps into the aLldpXdot3LocRxTwSysEcho attribute. Fallback Tw_sys Integer that indicates the value of fallback Tw_sys that the local (μSec) system requests from the remote system.
Page 473 Term Description Time Since Time Since Counters Last Cleared (since the time of power up, Counters Last or after clear eee counters is executed) Cleared Example console#show green-mode gi1/0/1 Energy Detect Admin Mode... Enabled Operational Status..... Active Reason......No Energy Detected Auto Short Reach Admin Mode....
Page 474: Show Green-Mode
Remote Tw_sys_tx Echo(usec)..XX Remote Tw_sys_rx (usec)....XX Remote Tw_sys_tx Echo(usec)..XX Remote fallback Tw_sys (usec)..XX Tx DLL enabled......Yes Tx DLL ready......Yes Rx DLL enabled......Yes Rx DLL ready......Yes Power Saving (%)...... XX Time Since Counters Last Cleared..1 day 20 hr 47 min 34 sec show green-mode Use the show green-mode command in Privileged EXEC mode to display the...
Page 475: Show Green-Mode Eee-Lpi-History Interface
User Guidelines This command output provides the following information. Term Description Energy Detect Energy-detect Energy-detect Admin mode is enabled or disabled. Config Energy-detect Opr Energy detect mode is currently active or inactive. The energy detect mode may be administratively enabled, but the operational status may be inactive.
Page 476 Parameter Description Parameter Description interface-id Any valid interface. See Interface Naming Conventions interface representation. Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines On combo ports, samples are only collected on the copper ports when enabled.
Page 477 Example This example is on a platform capable of providing power consumption details. Percentage of Percentage of SampleTime Since Time Spent in Time Spent in No. the SampleLPI Mode SinceLPI Mode Since Was Recorded Last SampleLast Reset ------ -------------- -------------- -------------- 0d:00:00:13 0d:00:00:44...
Page 478 Green Ethernet Commands...
Page 479: Gvrp Commands
GVRP Commands GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network.
Page 480: Garp Timer
Syntax port- clear gvrp statistics [{gigabitethernet unit/slot/port | port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example clears all the GVRP statistics information on port 1/0/8.
Page 481: Gvrp Enable (Global)
Default Configuration The default timer values are as follows: • Join timer — 20 centiseconds • Leave timer — 60 centiseconds • Leaveall timer — 1000 centiseconds Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines relationships The following for the various timer values must be maintained: •...
Page 482: Gvrp Enable (Interface)
Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (interface) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface.
Page 483: Gvrp Registration-Forbid
Membership in untagged VLAN would be propagated in a same way as a tagged VLAN. In such cases it is the administrator’s responsibility to set the PVID to be the untagged VLAN VID. Example The following example enables GVRP on gigabit ethernet 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#gvrp enable gvrp registration-forbid...
Page 484: Gvrp Vlan-Creation-Forbid
console(config-if-1/0/8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To enable dynamic VLAN creation, use the no form of this command. Syntax gvrp vlan-creation-forbid no gvrp vlan-creation-forbid Default Configuration By default, dynamic VLAN creation is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode...
Page 485 Syntax port- show gvrp configuration [{gigabitethernet unit/slot/port | port-channel channel-number | tengigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows how to display GVRP configuration information:...
Page 486: Show Gvrp Error-Statistics
show gvrp error-statistics Use the show gvrp error-statistics command in User EXEC mode to display GVRP error statistics. Syntax port- show gvrp error-statistics [{gigabitethernet unit/slot/port| port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
Page 487: Show Gvrp Statistics
---- ------- ------- ------- ------- -------- 1/0/1 1/0/2 1/0/3 1/0/4 show gvrp statistics Use the show gvrp statistics command in User EXEC mode to display GVRP statistics. Syntax port- show gvrp statistics [{gigabitethernet unit/slot/port| port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration.
Page 488 : Join Empty Sent : Join In Sent sEmp : Empty Sent sLIn : Leave In Sent : Leave Empty Sent : Leave All Sent Port rJIn rEmp rLIn sJIn sEmp sLIn ---- ---- ---- ---- ---- ---- --- 1/0/1 1/0/2 1/0/3 1/0/4...
Page 489: Igmp Snooping Commands
IGMP Snooping Commands Snooping of Internet Group Management Protocol (IGMP) messages is a feature that allows PowerConnect switches to forward multicast traffic intelligently on the switch. Multicast traffic is traffic that is destined to a host group. Host groups are identified by the destination MAC address, i.e. the range 01:00:5e:00:00:00-01:00:5e:7f:ff:ff:ff for IPv4 multicast traffic or 33:33:xx:xx:xx:xx for IPv6 multicast traffic.
Page 490: Ip Igmp Snooping
and thus not detectable by the switch. If a query is not received on an interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management.
Page 491 Parameter Description Parameter Description vlan-id Specifies a VLAN ID value. Default Configuration IGMP snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode User Guidelines Use this command without parameters to globally enable IGMP snooping. Use the no form of the command to disable IGMP snooping.
Page 492: Show Ip Igmp Snooping
show ip igmp snooping Use the show ip igmp snooping command in Privileged EXEC mode to display the IGMP snooping configuration. Syntax vlan-id show ip igmp snooping [vlan Parameter Description Parameter Description vlan-id Specifies a VLAN ID value (available only in Privileged EXEC mode).
Page 493: Show Ip Igmp Snooping Groups
Vlan 10: --------- IGMP Snooping Admin Mode....Enabled Fast Leave Mode......Disabled Group Membership Interval....260 Last Member Query Interval....10 Multicast Router Expiry Time....300 Report Suppression Mode..... Enabled Vlan 20: --------- IGMP Snooping Admin Mode....Enabled Fast Leave Mode......Disabled Group Membership Interval....
Page 494: Show Ip Igmp Snooping Mrouter
Default Configuration This command has no default configuration. Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines To see the full Multicast address table (including static addresses) use the show mac address-table command. Example The example shows Multicast groups learned by IGMP snooping for all VLANs.
Page 495: Ip Igmp Snooping Vlan Immediate-Leave
Syntax show ip igmp snooping mrouter Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows IGMP snooping mrouter information. console#show ip igmp snooping mrouter VLAN ID Port...
Page 496: Ip Igmp Snooping Vlan Groupmembership-Interval
Syntax vlan-id ip igmp snooping vlan immediate-leave vlan-id no ip igmp snooping vlan immediate-leave vlan id — Number assigned to the VLAN. • Default Configuration IGMP snooping immediate-leave mode is disabled on VLANs by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Page 497: Ip Igmp Snooping Vlan Last-Member-Query-Interval
• time — IGMP group membership interval time in seconds. (Range: 2–3600) Default Configuration The default group membership interval time is 260 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures an IGMP snooping group membership interval of 1500 seconds on VLAN 2.
Page 498: Ip Igmp Snooping Vlan Mcrtrexpiretime
Default Configuration The default maximum response time is 10 seconds. Command Mode Global Configuration mode User Guidelines When using IGMP Snooping Querier, this parameter should be less than the value for the IGMP Snooping Querier query interval. Example The following example sets the maximum response time to 7 seconds on VLAN 2.
Page 499: Ip Igmp Snooping Report-Suppression
Command Mode Global Configuration mode User Guidelines The mcrexpiretime should be less than the group membership interval. Example The following example sets the multicast router present expiration time on VLAN 2 to 60 seconds. console(config)#ip igmp snooping vlan 2 mcrtexpiretime 1500 ip igmp snooping report-suppression This command enables IBMP report suppression on a specific VLAN.
Page 500: Ip Igmp Snooping Unregistered Floodall
Example The following example sets the multicast router present expiration time on VLAN 2 to 60 seconds. console(config)#ip igmp snooping report suppression vlan 10 ip igmp snooping unregistered floodall This command enables flooding of unregistered multicast traffic to all ports in the VLAN.
Page 501 Syntax vlan-id interface-id ip igmp snooping vlan mrouter interface no ip igmp snooping vlan mrouter vlan id — The number assigned to the VLAN. • • interface-id—The next-hop interface to the multicast router. Default Configuration There are no multicast router ports configured by default. Command Mode Global Configuration mode.
Page 502 IGMP Snooping Commands...
Page 503: Igmp Snooping Querier Commands
IGMP Snooping Querier Commands The IGMP/MLD Snooping Querier is an extension to the IGMP/MLD Snooping feature. IGMP/MLD Snooping Querier allows the switch to simulate an IGMP/MLD router in a Layer 2-only network, thus removing the need to have an IGMP/MLD Router to collect and refresh the multicast group membership information.
Page 504 source address when generating periodic queries. The no form of this command disables IGMP Snooping Querier on the system. Use the optional address parameter to set or reset the querier address. If a VLAN has IGMP Snooping Querier enabled, and IGMP Snooping is operationally disabled on the VLAN, IGMP Snooping Querier functionality is disabled on that VLAN.
Page 505: Ip Igmp Snooping Querier Election Participate
Example The following example enables IGMP snooping querier in Global Configuration mode. console(config)#ip igmp snooping querier vlan 1 address 10.19.67.1 ip igmp snooping querier election participate This command enables the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN.
Page 506: Ip Igmp Snooping Querier Query-Interval
console(config)#ip igmp snooping querier election participate ip igmp snooping querier query-interval This command sets the IGMP Querier Query Interval time, which is the amount of time in seconds that the switch waits before sending another periodic query. The no form of this command sets the IGMP Querier Query Interval time to its default value.
Page 507: Ip Igmp Snooping Querier Version
Syntax seconds ip igmp snooping querier timer expiry no ip igmp snooping querier timer expiry seconds — The time in seconds that the switch remains in Non-Querier • mode after it has discovered that there is a multicast querier in the network.
Page 508: Syntax
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the IGMP version of the querier to 1. console(config)#ip igmp snooping querier version 1 show ip igmp snooping querier This command displays IGMP Snooping Querier information. Configured information is displayed whether or not IGMP Snooping Querier is enabled.
Page 509 Parameter Description Source IP Address Shows the IP address that is used in the IPv4 header when sending out IGMP queries. It can be configured using the appropriate command. Query Interval Shows the amount of time in seconds that a Snooping Querier waits before sending out the periodic general query.
Page 510: Default Configuration This Command Has No Default Configuration
When the optional argument detail is used, the command shows the global information and the information for all Querier enabled VLANs. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged Exec modes User Guidelines This command has no user guidelines. Example The following example shows querier information for VLAN 2.
Page 511: Ip Addressing Commands
IP Addressing Commands Interfaces on the PowerConnect switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, PowerConnect switches act as a host for management of the switch. Commands in this category allow the network operator to configure the local host address, utilize the embedded DHCP client to obtain an address, resolve names to addresses using DNS servers, and detect address conflicts on the local subnet.
Page 512: User Guidelines
clear host Use the clear host command in Privileged EXEC mode to delete entries from the host name-to-address cache. Syntax name clear host { | *} name — Host name to be deleted from the host name-to-address cache. • (Range: 1-255 characters) •...
Page 513: Interface Out-Of-Band
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console# console#configure console(config)#clear ip address-conflict-detect interface out-of-band Use the interface out-of-band command to enter into OOB interface configuration mode. Syntax Description interface out-of-band Default Configuration...
Page 514: Ip Address (Out-Of-Band)
console(config-if)# ip address (Out-of-Band) Use the ip address command in Interface Configuration mode to set an IP address for the out-of-band interface. Use the no form of this command to return the ip address configuration to its default value. Syntax ip-address mask prefix-length...
Page 515: Ip Address-Conflict-Detect Run
In order to ensure the security of the switches from intruders, it is strongly recommended that the out-of-band interface be isolated on a physically separate network from the in-band ports. Example The following examples configure the out-of-band interface with an IP address 131.108.1.27 and subnet mask 255.255.255.0 and the same IP address with prefix length of 24 bits.
Page 516: Ip Address Dhcp (Interface Config)
console#configure console(config)#ip address-conflict-detect run ip address dhcp (Interface Config) Use the ip address dhcp command in Interface (VLAN) Configuration mode to enable the DHCPv4 client on an interface. Syntax ip address dhcp no ip address dhcp Parameter Description This command does not require a parameter description. Default Configuration DHCPv4 is disabled by default on routing interfaces.
Page 517: Ip Default-Gateway
• The IPv4 address of a default gateway. If the device learns different default gateways on different interfaces, the system uses the first default gateway learned. The system installs a default route in the routing table, with the default gateway’s address as the next hop address. This default route has a preference of 254.
Page 518: Ip Domain-Lookup
Command Mode Global Configuration mode User Guidelines When the system does not have a more specific route to a packet’s destination, it sends the packet to the default gateway. The system installs a default IPv4 route with the gateway address as the next hop address. The route preference is 253.
Page 519: Ip Domain-Name
(Range: 1-255 characters). Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a default domain name of dell.com. console(config)#ip domain-name dell.com IP Addressing Commands...
Page 520: Ip Name-Server
Example The following example defines a static host name-to-address mapping in the host cache. console(config)#ip host accounting.dell.com 176.10.23.1 ip name-server Use the ip name-server command in Global Configuration mode to define available IPv4 or IPv6 name servers. To delete a name server, use the no form of this command.
Page 521: Ipv6 Address (Interface Config)
server-address — Valid IPv4 or IPv6 addresses of the name server. (Range: • 1–255 characters) Default Configuration No name server IP addresses are specified. Command Mode Global Configuration mode User Guidelines Server preference is determined by entry order. Up to eight servers can be defined in one command or by using multiple commands.
Page 522 autoconfig—Use this keyword to set the IPv6 address auto configuration • mode. • dhcp—Use this keyword to obtain an IPv6 address via DHCP. Default Configuration There is no IPv6 address configured by default. Command Mode Interface Configuration mode (VLAN, loopback, port-channel) User Guidelines When setting the prefix length on an IPv6 address, no space can be present between the address and the mask.
Page 523: Ipv6 Address (Oob Port)
console(config)#no ipv6 address ipv6 address (OOB Port) Use the ipv6 address command in Interface (out-of-band) Config mode to set the IPv6 prefix on the out-of-band port. If a prefix is specified, the address will be configured using the prefix and length A link local address in EUI-64 format may also be assigned.
Page 524: Ipv6 Address Dhcp
User Guidelines When DHCPv6 is enabled on the Out-of-Band interface, the system automatically deletes all manually configured IPv6 addresses on the interface. DHCPv6 can be enabled on the Out-of-Band interface only when IPv6 auto configuration or DHCPv6 is not enabled on any of the in-band management interfaces.
Page 525: Ipv6 Enable (Interface Config)
This command will fail if DHCPv6 server has been configured on the interface. Examples In the following example, DHCPv6 is enabled on interface vlan2. console#config console(config)#interface vlan2 console(config-if-vlan2)#ipv6 address dhcp ipv6 enable (Interface Config) Use the ipv6 enable command in Interface Config mode to enable IPv6 on a routing interface.
Page 526: Ipv6 Enable (Oob Config)
ipv6 enable (OOB Config) Use the ipv6 enable command in Interface (out-of-band) Config mode to enable IPv6 operation on the out-of-band interface. Prefixes configured by the ipv6 address command are not configured until the interface is enabled. Syntax ipv6 enable no ipv6 enable Default Configuration By default, IPv6 is not enabled on the out-of-band port.
Page 527: Show Hosts
Default Configuration By default, no IPv6 gateway is configured. Command Mode Interface (out-of-band) Configuration mode User Guidelines There are no user guidelines for this command. show hosts Use the show hosts command in User EXEC mode to display the default domain name, a list of name server hosts, and the static and cached list of host names and addresses.
Page 528: Show Ip Address-Conflict
Host Addresses -------------------------- ---------------------------- accounting.gm.com 176.16.8.8 Cache: TTL (Hours) Host Total Elapsed Type Addresses ---------------- ----- ------- ------- ------------- www.stanford.edu 171.64.14.203 show ip address-conflict Use the show ip address-conflict command in User EXEC or Privileged EXEC mode to display the status information corresponding to the last detected address conflict.
Page 529: Show Ip Helper-Address
Term Description Last Conflicting IP The IP address that was last detected as conflicting on any Address interface. Last Conflicting The MAC Address of the conflicting host that was last detected MAC Address on any interface. Time Since Conflict The time in days, hours, minutes, and seconds since the last Detected address conflict was detected.
Page 530: Show Ipv6 Dhcp Interface Out-Of-Band Statistics
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console#show ip helper-address IP helper is enabled Interface UDP Port Discard Hit Count Server Address -------------------- ----------- ---------- ---------- ---------------- vlan 25...
Page 531: Show Ipv6 Interface Out-Of-Band
User Guidelines This command has no user guidelines. Example console#show ipv6 dhcp interface out-of-band statistics DHCPv6 Client Statistics ------------------------- DHCPv6 Advertisement Packets Received..0 DHCPv6 Reply Packets Received....0 Received DHCPv6 Advertisement Packets Discard.. 0 Received DHCPv6 Reply Packets Discarded..0 DHCPv6 Malformed Packets Received....
Page 532 Parameter Description Parameter Description ipv6-address An IPv6 address (not a prefix). Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console(config-if)#do show ipv6 interface out-of-band IPv6 Administrative Mode..Enabled IPv6 Prefix is....FE80::21E:C9FF:FEAA:AD79/64 ::/128...
Page 533: Ipv6 Access List Commands
IPv6 Access List Commands Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
Page 534: Deny | Permit (Ipv6 Acl)
deny permit (IPv6 ACL) This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list. A rule may either deny or permit traffic according to the specified classification fields.
Page 535 Parameter Description every Allows all protocols. icmpv6 | ipv6 | tcp Protocol to match, specified as keywords icmp, igmp, ipv6, tcp, | udp | udp or as a standard protocol number from 1–255. protocolnumber sourceipv6 any | any matches any source IP address. Or, you can specify a source prefix IPv6 addressed expressed as a prefix/prefixlength.
Page 536: Ipv6 Access-List
Default Configuration This command has no default configuration. Command Mode IPv6-Access-List Configuration mode User Guidelines Users are permitted to add rules, but if a packet does not match any user- specified rules, the packet is dropped by the implicit “deny all” rule. The 'no' form of this command is not supported, since the rules within an IPv6 ACL cannot be deleted individually.
Page 537: Ipv6 Access-List Rename
name no ipv6 access-list name — Alphanumeric string of 1 to 31 characters uniquely identifying • the IPv6 access list. Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example creates an IPv6 ACL named "DELL_IP6"...
Page 538: Ipv6 Traffic-Filter
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(Config)#ipv6 access-list rename DELL_IP6 DELL_IP6_NEW_NAME ipv6 traffic-filter The ipv6 traffic-filter command either attaches a specific IPv6 Access Control List (ACL) to an interface or associates it with a VLAN ID in a given direction.
Page 539: Show Ipv6 Access-Lists
Default Configuration This command has no default configuration. Command Modes Global Configuration mode Interface Configuration (Ethernet, Port-channel, VLAN) mode User Guidelines This command specified in 'Interface Config' mode only affects a single interface, whereas the 'Global Config' mode setting is applied to all interfaces. Example The following example attaches an IPv6 access control list to an interface.
Page 540 Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example The following example displays configuration information for the IPv6 ACLs. console#show ipv6 access-lists Current number of all ACLs: 1 Maximum number of all ACLs: 100 IPv6 ACL Name Rules Direction...
Page 541 Rule Number The ordered rule number identifier defined within the IPv6 ACL. Action Displays the action associated with each rule. The possible values are Permit or Deny. Match All Indicates whether this access list applies to every packet. Possible values are True or False. Protocol This displays the protocol to filter for this rule.
Page 542 IPv6 Access List Commands...
Page 543: Ipv6 Mld Snooping Commands
IPv6 MLD Snooping Commands In IPv6, Multicast Listener Discover (MLD) snooping performs functions similar to IGMP snooping in IPv4. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN.
Page 544: Ipv6 Mld Snooping Vlan Groupmembership-Interval
ipv6 mld snooping vlan groupmembership- interval The ipv6 mld snooping vlan groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.
Page 545: Ipv6 Mld Snooping Listener-Message-Suppression
You should enable immediate-leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port, but were still interested in receiving multicast traffic directed to that group.
Page 546: Ipv6 Mld Snooping Vlan Last-Listener-Query-Interval
Default Configuration Listener message suppression is enabled by default. Command Mode Global Configuration mode. User Guidelines MLD listener message suppression is equivalent to IGMP report suppression. When MLD listener message suppression is enabled, the switch only sends the first report received for a group in response to a query. Listener message suppression is only applicable to MLDv1.
Page 547: Ipv6 Mld Snooping Vlan Mcrtexpiretime
User Guidelines This command has no user guidelines. Example console(config)#ipv6 mld snooping vlan 2 last- listener-query-interval 7 ipv6 mld snooping vlan mcrtexpiretime The ipv6 mld snooping mcrtexpiretime command sets the Multicast Router Present Expiration time. The time is set for a particular interface or VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached.
Page 548: Ipv6 Mld Snooping Vlan Mrouter
ipv6 mld snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. The no form of this command removes the static binding. Syntax vlan-id interface ipv6 mld snooping vlan mrouter interface vlan-id interface no ipv6 mld snooping vlan...
Page 549: Show Ipv6 Mld Snooping
Default Configuration MLD Snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode. User Guidelines Use this command without parameters to globally enable MLD Snooping. Use the no form of the command to disable MLD Snooping. Use the vlan parameter to enable MLD Snooping on a specific VLAN.
Page 550 Syntax show ipv6 mld snooping [interface {{gigabitethernet unit/slot/port| port- port-channel-number | tengigabitethernet unit/slot/port }} | vlan channel vlan-id Default Configuration This command has no default configuration Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example With no optional arguments, the command displays the following information:...
Page 551: Show Ipv6 Mld Snooping Groups
• Last Listener Query Interval—Displays the amount of time the switch waits after it sends a query on an interface, participating in the VLAN, because it did not receive a report for a particular group on that interface. This value may be configured. •...
Page 552: Show Ipv6 Mld Snooping Mrouter
---- ----------------------- ------- --------------------------- 3333.0000.0003 Dynamic 1/0/1,1/0/3 3333.0000.0004 Dynamic 1/0/1,1/0/3 3333.0000.0005 Dynamic 1/0/1,1/0/3 MLD Reporters that are forbidden statically: --------------------------------------------- Vlan Ipv6 Address Ports ---- ----------------------- ------------------------------------ console#show ipv6 mld snooping groups vlan 2 Vlan Ipv6 Address Type Ports ---- ----------------------- ------- ---------------------------...
Page 553 Syntax show ipv6 mld snooping mrouter Default configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console# show ipv6 mld snooping mrouter VLAN ID Port -------...
Page 554 IPv6 MLD Snooping Commands...
Page 555: Ipv6 Mld Snooping Querier Commands
IPv6 MLD Snooping Querier Commands IGMP/MLD Snooping Querier is an extension of the IGMP/MLD Snooping feature. IGMP/MLD Snooping Querier allows the switch to simulate an IGMP/MLD router in a Layer 2-only network, thus removing the need to have an IGMP/MLD Router to collect the multicast group membership information.
Page 556: Ipv6 Mld Snooping Querier (Vlan Mode)
ipv6 mld snooping querier Use the ipv6 mld snooping querier command to enable MLD Snooping Querier on the system. Use the no form of this command to disable MLD Snooping Querier. Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default.
Page 557: Ipv6 Mld Snooping Querier Address
Command Mode VLAN Database mode User Guidelines There are no user guidelines for this command. Example console(config-vlan)#ipv6 mld snooping querier 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the no form of this command to reset the global MLD Snooping Querier address to the default.
Page 558: Ipv6 Mld Snooping Querier Election Participate
ipv6 mld snooping querier election participate Use the ipv6 mld snooping querier election participate command to enable the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN. When this mode is enabled, if the Snooping Querier finds that the other Querier's source address is numerically lower than the Snooping Querier's address, it stops sending periodic queries.
Page 559: Ipv6 Mld Snooping Querier Query-Interval
ipv6 mld snooping querier query-interval Use the ipv6 mld snooping querier query-interval command to set the MLD Querier Query Interval time. It is the amount of time in seconds that the switch waits before sending another general query. Use the "no" form of this command to reset the Query Interval to the default.
Page 560: Show Ipv6 Mld Snooping Querier
ipv6 mld snooping querier timer expiry timer — The time that the switch remains in Non-Querier mode after it • has discovered that there is a multicast querier in the network. (Range: 60–300 seconds) Default Configuration The default timer expiration period is 60 seconds. Command Mode Global Configuration mode User Guidelines...
Page 561 User Guidelines When the optional argument vlan vlan-id is not used, the command shows the following information: Parameter Description MLD Snooping Querier Indicates whether or not MLD Snooping Querier is Mode active on the switch. Querier Address Shows the IP Address which will be used in the IPv6 header while sending out MLD queries.
Page 562 Operational Version Indicates the version of MLD that will be used while sending out the queries. This is defaulted to MLD v1 and it can not be changed. When the optional argument detail is used, the command shows the global information and the information for all Querier enabled VLANs as well as the following information: Last Querier Address...
Page 563: Ip Source Guard Commands
IP Source Guard Commands IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. The network administrator configures whether enforcement includes the source MAC address.
Page 564: Ip Verify Source Port-Security
Syntax ip verify source Default Configuration By default, IPSG is disabled on all interfaces. Command Mode Interface Configuration mode User Guidelines This command has no user guidelines. Example console(config-if-Gi1/0/1)#ip verify source ip verify source port-security Use the ip verify source port-security command in Interface Configuration mode to enable filtering of IP packets matching the source IP address and the source MAC address.
Page 565: Ip Verify Binding
ip verify binding Use the ip verify binding command in Global Configuration mode to configure static bindings. Use the no form of the command to remove the IPSG entry. Syntax macaddr vlan ipaddr interface ip verify binding Default Configuration By default, there will not be any static bindings configured. Command Mode Global Configuration mode User Guidelines...
Page 566: Show Ip Verify Source Interface
User Guidelines This command has no user guidelines. Example console#show ip verify interface gigabitethernet 1/0/1 show ip verify source interface Use the show ip verify source interface command in Privileged EXEC mode to display the bindings configured on a particular interface. Syntax show ip verify source interface Default Configuration...
Page 567 Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console#show ip source binding IP Source Guard Commands...
Page 568 IP Source Guard Commands...
Page 569: Iscsi Optimization Commands
iSCSI Optimization Commands iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.
Page 570: Iscsi Aging Time
iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator. Enabling iSCSI Optimization uses one ACL list to monitor for iSCSI sessions. Each monitored iSCSI session utilizes two rules from additional ACL lists up to a maximum of two ACL lists.
Page 571: Iscsi Cos
• When aging time is increased, current sessions will be timed out according to the new value. • When aging time is decreased, any sessions that have been dormant for a time exceeding the new setting will be immediately deleted from the table. All other sessions will continue to be monitored against the new time out value.
Page 572 Default Configuration By default, frames are not remarked. The default vpt setting for iSCSI is 4, which the default class of service dot1p mapping assigns to queue 2. Command Mode Global Configuration mode. User Guidelines The remark option only applies to DSCP values. Remarking is not available for vpt values.
Page 573: Iscsi Enable
console(config)#iscsi cos dscp 10 remark iscsi enable The iscsi enable command globally enables iSCSI optimization. To disable iSCSI optimization, use the no form of this command. Syntax iscsi enable no iscsi enable Default Configuration iSCSI is enabled by default. Command Mode Global Configuration mode User Guidelines This command modifies the running config to enable flow control on all...
Page 574: Iscsi Target Port
AE Priority = priority configured for iSCSI PFC (the VPT value above). This TLV is sent in addition to any Application Priority TLV information received from the configuration source. If the configuration source is sending iSCSI or FCoE application priority information, it is not necessary to enable iscsi cos to send the iSCSI Application Priority TLV.
Page 575 Parameter Description targetname iSCSI name of the iSCSI target. The name can be statically configured; however, it can be obtained from iSNS or from sendTargets response. The initiator MUST present both its iSCSI Initiator Name and the iSCSI Target Name to which it wishes to connect in the first login request of a new session or connection.
Page 576: Show Iscsi
Example The following example configures TCP Port 49154 to target IP address 172.16.1.20. console(config)#iscsi target port 49154 address 172.16.1.20 show iscsi Use the show iscsi command in Privileged EXEC mode to display the iSCSI configuration. Syntax show iscsi Default Configuration There is no default configuration for this command.
Page 577: Show Iscsi Sessions
------------------------------------------------ iSCSI Static Rule Table ------------------------------------------------ Index TCP Port IP Address IP Address Mask TCP Port Target IP AddressName show iscsi sessions Use the show iscsi sessions command in Privileged EXEC mode to display the iSCSI status. Syntax show iscsi sessions [detailed] •...
Page 578 Target: iqn.103-1.com.storage-vendor:sn.43338. storage.tape:sys1.xyz Session 3: Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12 Session 4: Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 Console# show iscsi sessions detailed Target: iqn.1993-11.com.disk-vendor:diskarrays.sn.45678 ----------------------------------------------------- Session 1: Initiator: iqn.1992-04.com.os vendor.plan9:cdrom.12.storage:sys1.xyz ----------------------------------------------------- Time started: 17-Jul-2008 10:04:50 Time for aging out: 10 min ISID: 11 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.3 49154 172.16.1.20 30001 172.16.1.4 49155 172.16.1.21 30001...
Page 579 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.30 49200 172.16.1.20 30001 172.16.1.30 49201 172.16.1.21 30001 iSCSI Optimization Commands...
Page 580 iSCSI Optimization Commands...
Page 581: Link Dependency Commands
Link Dependency Commands Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface.
Page 582: Link-Dependency Group
Default Configuration The default configuration for a group is down, i.e. the group members will mirror the depended-on link status by going down when all depended-on interfaces are down. Command Mode Link Dependency mode User Guidelines The action up command will cause the group members to be up when no depended-on interfaces are up.
Page 583: Add Gigabitethernet
Example console(config)#link-dependency group 1 console(config-linkDep-group-1)# add gigabitethernet Use this command to add member gigabit Ethernet port(s) to the dependency list. Syntax intf-list add gigabitethernet intf-list — List of Ethernet interfaces in unit/slot/port format. Separate • nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports.
Page 584: Add Port-Channel
intf-list — List of Ethernet interfaces in unit/slot/port format. Separate • nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. (Range: Valid Ethernet interface list or range) Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines...
Page 585: Depends-On
Command Mode Link Dependency mode User Guidelines No specific guidelines Example console(config-depend-1)#add port-channel 10-12 depends-on Use this command to add the dependent Ethernet ports or port channels list. Use the no depends-on command to remove the dependent Ethernet ports or port-channels list.
Page 586: Show Link-Dependency
Examples console(config-linkDep-group-1)#depends-on gigabitethernet 1/0/10 console(config-linkDep-group-1)#depends-on port-channel 6 show link-dependency Use the show link-dependency command to show the link dependencies configured for a particular group. If no group is specified, then all the configured link-dependency groups are displayed. Syntax group GroupId show link-dependency [ ] [detail] Parameter Description...
Page 587 1 Gi4/0/2-3,Gi4/0/5 Gi4/0/10-12 Link Up Up/Down The following command shows link dependencies for group 1 only. console#show link-dependency group 1 GroupId Member Ports Ports Depended On Link Action Group State ------- ----------------------------------------------------- 1 Gi4/0/2-3,Gi4/0/5 Gi4/0/10-12 Link Up Up/Down The following command shows detailed information for group 1. console#show link-dependency group 1 detail GroupId: 1 Link Action: Link UpGroup...
Page 588 Link Dependency Commands...
Page 589: Lldp Commands
LLDP Commands The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows stations residing on an 802 LAN to advertise major capabilities, physical descriptions, and management information to physically adjacent devices, allowing a network management system (NMS) to access and display this information.
Page 590: Clear Lldp Remote-Data
The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection.
Page 591: Clear Lldp Statistics
Default Configuration By default, data is removed only on system reset. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data. console#clear lldp remote-data clear lldp statistics Use the clear lldp statistics command in Privileged EXEC mode to reset all LLDP statistics.
Page 592: Dcb Enable
dcb enable This command enables the sending of DCBX information in LLDP frames. Syntax Description dcb enable no dcb enable Command Mode Global Config mode Default Value The sending of DCBX information in enabled by default. Usage Guidelines Use this command to disable the sending of DCBX information when it is desirable to utilize legacy QoS and disable the automatic configuration of CNAs based on transmitted DCBX information.
Page 593: Lldp Med Confignotification
Command Mode Interface (Ethernet) Configuration Default Value LLDP-MED is disabled on all supported interfaces. Usage Guidelines No specific guidelines. Example console(config)#interface gigabitethernet 1/0/1 console(config-if-1/0/1)#lldp med lldp med confignotification This command is used to enable sending the topology change notification. Syntax Description lldp med confignotification no lldp med confignotification Parameter Ranges...
Page 594: Lldp Med Faststartrepeatcount
Example console(config)#lldp med confignotification lldp med faststartrepeatcount This command is used to set the value of the fast start repeat count. Syntax Description count lldp med faststartrepeatcount no lldp med faststartrepeatcount count — Number of LLDPPDUs that are transmitted when the protocol is •...
Page 595: Lldp Notification
Syntax Description lldp med transmit-tlv [capabilities] [network-policy] [ex-pse] [ex-pd] [location] [inventory] no med lldp transmit-tlv [capabilities] [network-policy] [ex-pse] [ex-pd] [location] [inventory] Parameter Description Parameter Ranges Not applicable. Command accepts keywords only. Command Mode Interface (Ethernet) Configuration Default Value By default, the capabilities and network policy TLVs are included. Example console(config)#interface gigabitethernet 1/0/1 console(config-if-1/0/1)#lldp med transmit-tlv capabilities...
Page 596: Lldp Notification-Interval
Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to enable remote data change notifications. console(config-if-1/0/3)#lldp notification lldp notification-interval Use the lldp notification-interval command in Global Configuration mode to limit how frequently remote data change notifications are sent. To return the notification interval to the factory default, use the no form of this command.
Page 597: Lldp Receive
Example The following example displays how to set the interval value to 10 seconds. console(config)#lldp notification-interval 10 lldp receive Use the lldp receive command in Interface Configuration mode to enable the LLDP receive capability. To disable reception of LLDPDUs, use the no form of this command.
Page 598 Syntax lldp timers [interval transmit-interval] [hold hold-multiplier] [reinit reinit- delay] no lldp timers [interval] [hold] [reinit] transmit-interval — The interval in seconds at which to transmit local data • LLDPDUs. (Range: 5–32768 seconds) hold-multiplier — Multiplier on the transmit interval used to set the TTL •...
Page 599: Lldp Transmit
lldp transmit Use the lldp transmit command in Interface Configuration mode to enable the LLDP advertise (transmit) capability. To disable local data transmission, use the no form of this command. Syntax lldp transmit no lldp transmit Default Configuration LLDP is enabled on all supported interfaces. Command Mode Interface Configuration (Ethernet) mode User Guidelines...
Page 600: Lldp Transmit-Tlv
Default Configuration By default, management address information is not included. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to include management information in the LLDPDU. console(config-if-1/0/3)#lldp transmit-mgmt lldp transmit-tlv Use the lldp transmit-tlv command in Interface Configuration mode to specify which optional type-length-value settings (TLVs) in the 802.1AB basic management set will be transmitted in the LLDPDUs.
Page 601: Show Lldp
User Guidelines This command has no user guidelines. Example The following example shows how to include the system description TLV in local data transmit. console(config-if-1/0/3)#lldp transmit-tlv sys-desc show lldp Use the show lldp command in Privileged EXEC mode to display the current LLDP configuration summary.
Page 602: Show Lldp Interface
console#show lldp LLDP transmit and receive disabled on all interfaces show lldp interface Use the show lldp interface command in Privileged EXEC mode to display the current LLDP interface state. Syntax show lldp interface {gigabitethernet unit/slot/port | tengigabitethernet | all} Default Configuration This command has no default configuration.
Page 603: Show Lldp Local-Device
console# show lldp interface 1/0/1 Interface Link Transmit Receive Notify TLVs Mgmt --------- ---- -------- -------- -------- ------- ---- 1/0/1 Enabled Enabled Enabled 0,1,2,3 TLV Codes: 0 – Port Description, 1 – System Name, 2 – System Description, 3 – System Capability show lldp local-device Use the show lldp local-device command in Privileged EXEC mode to display the advertised LLDP local data.
Page 604: Show Lldp Med
Interface Port ID Port Description --------- -------------------- -------------------- 1/0/1 00:62:48:00:00:02 console# show lldp local-device detail 1/0/1 LLDP Local Device Detail Interface: 1/0/1 Chassis ID Subtype: MAC Address Chassis ID: 00:62:48:00:00:00 Port ID Subtype: MAC Address Port ID: 00:62:48:00:00:02 System Name: System Description: Routing Port Description: System Capabilities Supported: bridge, router...
Page 605: Show Lldp Med Interface
Command Mode Privileged EXEC, Config mode and all Config sub-modes Default Value Not applicable Usage Guidelines No specific guidelines. Example console(config)#show lldp med LLDP MED Global Configuration Fast Start Repeat Count: 3 Device Class: Network Connectivity show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface.
Page 606: Show Lldp Med Local-Device Detail
Default Value Not applicable Example console#show lldp med interface all LLDP MED Interface Configuration Interface Link configMED operMED ConfigNotify TLVsTx --------- ------ --------- -------- ------------ ----------- Gi1/0/1 Detach Enabled EnabledEnabled0,1 Gi1/0/2 Detach Disabled Disabled Disabled Gi1/0/3 Detach Disabled Disabled Disabled Gi1/0/4 Detach Disabled...
Page 607 Command Mode Privileged EXEC, Config mode and all Config sub-modes Default Value Not applicable Example Console#show lldp med local-device detail 1/0/1 LLDP MED Local Device Detail Interface: 1/0/8 Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unknown: False Tagged: True...
Page 608 Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE...
Page 609: Show Lldp Med Remote-Device
show lldp med remote-device This command displays the current LLDP MED remote data. This command can display summary information or detail for each interface. Syntax Description show lldp med remote-device {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | all} show lldp med remote-device detail {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port} •...
Page 610 1/0/2 Not Defined 1/0/3Class II 1/0/4Class III 1/0/5Network Con Console#show lldp med remote-device detail 1/0/1 LLDP MED Remote Device Detail Local Interface: 1/0/1 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse MED Capabilities Enabled: capabilities, networkpolicy Device Class: Endpoint Class I Network Policies Media Policy Application Type : voice Vlan ID: 10...
Page 611 Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx...
Page 612: Show Lldp Remote-Device
Extended POE PD Required: 0.2 Watts Source: local Priority: low show lldp remote-device Use the lldp remote-device command in Privileged EXEC mode to display the current LLDP remote data. This command can display summary information or detail for each interface. Syntax interface interface...
Page 613: Show Lldp Statistics
--------- ----------------- ----------------- ---------- 1/0/1 01:23:45:67:89:AB 01:23:45:67:89:AC 60 seconds 1/0/2 01:23:45:67:89:CD 01:23:45:67:89:CE 120 seconds 1/0/3 01:23:45:67:89:EF 01:23:45:67:89:FG 80 seconds console# show lldp remote-device detail 1/0/1 Ethernet1/0/1, Remote ID: 01:23:45:67:89:AB System Name: system-1 System Description: System Capabilities: Bridge Port ID: 01:23:45:67:89:AC Port Description: 1/0/4 Management Address: 192.168.112.1 TTL: 60 seconds...
Page 614: Traffic Statistics
Examples The following examples shows an example of the display of current LLDP traffic statistics. console#show lldp statistics all LLDP Device Statistics Last Update........0 days 22:58:29 Total Inserts........ 1 Total Deletes........ 0 Total Drops........0 Total Ageouts........ 1 TLV TLV Interface Total Total Discards Errors Ageout Discards Unknowns MED 802.1 802.3 --------- ----- ----- -------- ------ ------ -------- -------- ---- ----- ----- 1/0/11...
Page 615 Fields Description Receive Total Total number of valid LLDP frames received on the indicated port. Discards Number of LLDP frames received on the indicated port and discarded for any reason. Errors Number of non-valid LLDP frames received on the indicated port.
Page 616 LLDP Commands...
Page 617: Multicast Vlan Registration Commands
Multicast VLAN Registration Commands Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
Page 618: Commands In This Chapter
Commands in this Chapter This chapter explains the following commands: mvr type mvr group mvr vlan group mvr mode show mvr mvr querytime show mvr members mvr vlan show mvr interface mvr immediate show mvr traffic Use the mvr command in Global Config and Interface Config modes to enable MVR.
Page 619: Mvr Group
mvr group Use the mvr group command in Global Config mode to add an MVR membership group. Use the no form of the command to remove an MVR membership group. Syntax A.B.C.D count mvr group A.B.C.D count no mvr group Parameter Description Parameter Description...
Page 620: Mvr Mode
console(config)#mvr group 239.0.1.0 100 console(config)#mvr vlan 10 mvr mode Use the mvr mode command in Global Config mode to change the MVR mode type. Use the no form of the command to set the mode type to the default value. Syntax mvr mode {compatible | dynamic} no mvr mode...
Page 621 Syntax 1–100 mvr querytime no mvr querytime Parameter Description Parameter Description querytime The query time is a maximum time to wait for an IGMP membership report on a receiver port before removing the port from the multicast group. The query time only applies to receiver ports.
Page 622: Mvr Vlan
mvr vlan Use the mvr vlan command in Global Config mode to set the MVR multicast VLAN. Use the no form of the command to set the MVR multicast VLAN to the default value. Syntax 1–4094 mvr vlan no mvr vlan Parameter Description Parameter Description...
Page 623: Mvr Type
Syntax mvr immediate no mvr immediate Parameter Description This command does not require a parameter description. Default Configuration The default value is Disabled. Command Mode Interface Config User Guidelines Immediate leave should only be configured on ports with a single receiver. When immediate leave is enabled, a receiver port will leave a group on receipt of a leave message.
Page 624: Interface Config
Syntax mvr type {receiver | source} no mvr type Parameter Description Parameter Description receiver Configure the port as a receiver port. Receiver ports are ports over which multicast data will be sent but not received. source Configure the port as a source port. Source ports are ports over which multicast data is received or sent.
Page 625: Mvr Vlan Group
console(config-if-Gi1/0/1)#interface Gi1/0/24 console(config-if-Gi1/0/24)#switchport mode trunk console(config-if-Gi1/0/24)#switchport trunk native vlan 99 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 99 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#exit mvr vlan group Use the mvr vlan group command in Interface Config mode to participate in the specific MVR group. Use the no form of this command to remove the port participation from the specific MVR group.
Page 626: Show Mvr
User Guidelines This command statically configures a port to receive the specified multicast group on the specified VLAN. This command only applies to receiver ports in compatible mode. It also applies to source ports in dynamic mode. In dynamic mode, receiver ports can also join multicast groups using IGMP messages.
Page 627: Show Mvr Members
Parameter Description MVR Current Multicast groups The current number of MVR groups allocated. MVR Query Response Time The current MVR query response time. MVR Mode The current MVR mode. It can be compatible or dynamic. Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines...
Page 628 Syntax A.B.C.D show mvr members [ Parameter Description The parameter is a valid multicast address in IPv4 dotted notation. The following table explains the output parameters. Parameter Description MVR Group IP MVR group multicast IP address. Status The status of the specific MVR group. It can be active or inactive.
Page 629: Show Mvr Interface
console#show mvr members 224.1.1.1 MVR Group IP Status Members ------------------ --------------- --------------------- 224.1.1.1 INACTIVE 1/0/1, 1/0/2, 1/0/3 show mvr interface Use the show mvr interface command in Privileged EXEC mode to display the MVR enabled interfaces configuration. Syntax interface-id vid ]]] show mvr interface [ [members [vlan Parameter Description...
Page 630: Show Mvr Traffic
Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled Examples console#show mvr interface Port...
Page 631 Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message...
Page 632 console#show mvr traffic IGMP Query Received......2 IGMP Report V1 Received......0 IGMP Report V2 Received......3 IGMP Leave Received......0 IGMP Query Transmitted......2 IGMP Report V1 Transmitted..... 0 IGMP Report V2 Transmitted..... 3 IGMP Leave Transmitted......1 IGMP Packet Receive Failures....0 IGMP Packet Transmit Failures....
Page 633: Port Channel Commands
Port Channel Commands A port channel is a set of one or more links that can be aggregated together to form a bonded channel (Link Aggregation Group or LAG). Individual conversations in a particular direction always travel over a single link in the port channel, however, in aggregate, the bandwidth usage of all of the links is fairly evenly distributed.
Page 634: Vlans And Lags
an additional parameter static which makes this LAG not require a partner system running Link Aggregation Control Protocol (LACP) to be able to aggregate it's member ports. A static LAG does not transmit or process received LACPDUs, that is, the member ports do not transmit LACPDUs and all the LACPDUs it may receive are dropped.
Page 635: Port Channels
Port Channels Trunking, which is also called Port Channels or Link Aggregation, is initiated and maintained by the periodic exchanges of Link Aggregation Control PDUs (LACPDUs). From a system perspective, a LAG is treated as a physical port. A LAG and a physical port use the same configuration parameters for administrative enable/disable, port priority, and path cost.
Page 636: Enhanced Lag Hashing
• Source/Destination IP and source/destination TCP/UDP Port fields of the packet. Enhanced LAG Hashing PowerConnect devices based on Broadcom XGS-IV silicon support configuration of hashing algorithms for each LAG interface. The hashing algorithm is used to distribute traffic load among the physical ports of the LAG while preserving the per-flow packet order.
Page 637: Manual Aggregation Of Lags
Manual Aggregation of LAGs PowerConnect switching supports the manual addition and deletion of links to aggregates. Flexible Assignment of Ports to LAGs Assignment of interfaces to dynamic LAGs is based upon a maximum of 144 interfaces assigned to dynamic LAGs, a maximum of 128 dynamic LAGs and a maximum of 8 interfaces per dynamic LAG.
Page 638: Interface Port-Channel
active — Forces the port to join a channel with LACP (dynamic LAG). • Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example shows how port 1/0/5 is configured to port-channel 1 without LACP (static LAG).
Page 639: Interface Range Port-Channel
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters the context of port-channel 1. console(config)# interface port-channel 1 console(config-if-po1)# interface range port-channel Use the interface range port-channel command in Global Configuration mode to execute a command on multiple port channels at the same time.
Page 640: Hashing-Mode
Example The following example shows how port-channels 1, 2 and 8 are grouped to receive the same command. console(config)# interface range port-channel 1-2,8 console(config-if)# hashing-mode Use the hashing-mode command to set the hashing algorithm on trunk ports. Use the no hashing-mode command to set the hashing algorithm on Trunk ports to the default (3).
Page 641: Lacp Port-Priority
Example console(config)#interface port-channel l console(config-if-po1)#hashing-mode 4 console(config-if-po1)#no hashing mode lacp port-priority Use the lacp port-priority command in Interface Configuration mode to configure the priority value for physical ports. To reset to default priority value, use the no form of this command. Syntax value lacp port-priority...
Page 642: Lacp System-Priority
lacp system-priority Use the lacp system-priority command in Global Configuration mode to configure the Link Aggregation system priority. To reset to default, use the no form of this command. Syntax value lacp system-priority no lacp system-priority value — Port priority value. (Range: 1–65535) •...
Page 643: Port-Channel Local-Preference
short — Specifies a short timeout value. • Default Configuration The default port timeout value is long. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example assigns an administrative LACP timeout for port 1/0/8 to a long timeout value.
Page 644: Port-Channel Min-Links
User Guidelines For a LAG that contains links distributed across stacking units, the default behavior is to distribute locally received ingress traffic across all LAG links in the stack per the selected hashing algorithm. When enabled, this command disables forwarding of ingress unicast traffic across stacking links for a LAG that is comprised of links on multiple stack units.
Page 645: Show Interfaces Port-Channel
Command Mode Interface Configuration (port-channel) mode User Guidelines This command has no user guidelines. show interfaces port-channel Use the show interfaces port-channel command to show port-channel information. Syntax Description port-channel-number ] show interfaces port-channel [ Parameter Description The command displays the following information. Parameter Description index...
Page 646: Show Lacp
Example #1 console#show interfaces port-channel ChannelPorts ChTypeHash Algorithm Typemin-Links ------------------------- ----------------------------------- Po1Inactive: Gi1/0/3Dynamic31 Po2No Configured PortsStatic31 Hash Algorithm Type 1 - Source MAC, VLAN, Ethertype, source module and port ID 2 - Destination MAC, VLAN, Ethertype, source module and port ID 3 - Source IP and source TCP/UDP port 4 - Destination IP and destination TCP/UDP port 5 - Source/Destination MAC, VLAN, Ethertype, source MODID/port...
Page 647 Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows how to display LACP Ethernet interface information. console#show lacp gigabitethernet 1/0/1 Port 1/0/1 LACP parameters: Actor system priority: system mac addr: 00:00:12:34:56:78...
Page 648: Show Statistics Port-Channel
port Admin key: port Oper key: port Admin priority: port Oper priority: port Oper timeout: LONG LACP Activity: ASSIVE Aggregation: AGGREGATABLE synchronization: FALSE collecting: FALSE distributing: FALSE expired: FALSE Port 1/0/1 LACP Statistics: LACP PDUs sent: LACP PDUs received: show statistics port-channel Use the show statistics port-channel command in Privileged EXEC mode to display statistics about a specific port-channel.
Page 649 User Guidelines This command has no user guidelines. Example The following example shows statistics about port-channel 1. console#show statistics port-channel 1 Total Packets Received (Octets)....0 Packets Received > 1522 Octets....0 Packets RX and TX 64 Octets....1064 Packets RX and TX 65-127 Octets....140 Packets RX and TX 128-255 Octets....
Page 650 FCS Errors........0 Overruns........0 Total Received Packets Not Forwarded... 0 Local Traffic Frames......0 802.3x Pause Frames Received....0 Unacceptable Frame Type......0 Multicast Tree Viable Discards....0 Reserved Address Discards...... 0 Broadcast Storm Recovery....... 0 CFI Discards........0 Upstream Threshold......
Page 651 Excessive Collision Frames..... 0 Port Membership Discards....... 0 802.3x Pause Frames Transmitted....0 GVRP PDUs received......0 GVRP PDUs Transmitted......0 GVRP Failed Registrations...... 0 Time Since Counters Last Cleared....0 day 0 hr 17 min 52 sec console# Port Channel Commands...
Page 652 Port Channel Commands...
Page 653: Port Monitor Commands
Port Monitor Commands PowerConnect switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed.
Page 654: Monitor Session
monitor session show monitor session monitor session Use the monitor session command in Global Configuration mode to configure a probe port and a monitored port for monitor session (port monitoring). Use the src-interface parameter to specify the interface to monitor. Use rx to monitor only ingress packets, or use tx to monitor only egress packets.
Page 655: Show Monitor Session
User Guidelines The source of a monitoring session must be configured before the destination can be configured. Only one session with a single destination is supported, however, that session supports multiple sources. Example The following examples show a simple port level configuration that mirrors both transmitted and received packet from one port to another.
Page 656 Session ID Admin Mode Probe Port Mirrored Port Type ---------- ---------- ---------- ------------- ----- Enable 1/0/10 1/0/8 Rx,Tx Port Monitor Commands...
Page 657: Qos Commands
QoS Commands Quality of Service (QoS) technologies are intended to provide guaranteed timely delivery of specific application data to a particular destination. In contrast, standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee.
Page 658: Layer 2 Acls
A user configures an ACL permit rule to force its matching traffic stream to a specific egress interface, bypassing any forwarding decision normally performed by the device. The interface can be a physical port or a LAG. The redirect interface rule action is independent of, but compatible with, the assign queue rule action.
Page 659: Queue Mapping
– Untrusted Port Default Priority • Queue Configuration This enables PowerConnect switches to support a wide variety of delay sensitive video and audio multicast applications. CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as physical port interfaces. Queue Mapping The priority of a packet arriving at an interface is used to steer the packet to the appropriate outbound CoS queue through a mapping table.
Page 660: Commands In This Chapter
process is also used for cases where a trusted port mapping is unable to be honored, such as when a nonIP packet arrives at a port configured to trust the IP precedence or IP DSCP value. Commands in this Chapter This chapter explains the following commands: assign-queue mark ip-dscp...
Page 661: Assign-Queue
assign-queue Use the assign-queue command in Policy-Class-Map Configuration mode to modify the queue ID to which the associated traffic stream is assigned. Syntax queueid assign-queue queueid — Specifies a valid queue ID. (Range: integer from 0–6.) • Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines...
Page 662: Class-Map
Example The following example shows how to specify the DiffServ class name of "DELL." console(config)#policy-map DELL1 console(config-classmap)#class DELL class-map Use the class-map command in Global Configuration mode to define a new match-all . To delete the existing class, use the no form DiffServ class of type of this command.
Page 663: Class-Map Rename
User Guidelines There are no user guidelines for this command. Example The following example creates a class-map named "DELL" which requires all ACE’s to be matched. console(config)#class-map DELL console(config-cmap)# class-map rename Use the class-map rename command in Global Configuration mode to change the name of a DiffServ class.
Page 664: Classofservice Dot1P-Mapping
console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an 802.1p priority to an internal traffic class. In Interface Configuration mode, the mapping is applied only to packets received on that interface. Use the no form of the command to remove mapping between an 802.1p priority and an internal traffic class.
Page 665: Classofservice Ip-Dscp-Mapping
User Guidelines None Example The following example configures mapping for user priority 1 and traffic class console(config)#classofservice dot1p-mapping 1 2 classofservice ip-dscp-mapping Use the classofservice ip-dscp-mapping command in Global Configuration mode to map an IP DSCP value to an internal traffic class. Use the no form of the command to return the classofservice mapping to the default, and remove a traffic class mapping for an IP DSCP value.
Page 666 IP DSCP Traffic Class 8(cs1) 10(af11) 12(af12) 14(af13) 16(cs2) 18(af21) 20(af22) 22(af23) 24(cs3) 26(af31) 28(af32) QoS Commands...
Page 667 IP DSCP Traffic Class 30(af33) 32(cs4) 34(af41) 36(af42) 38(af43) 40(cs5) 46(ef) 48(cs6) 56(cs7) QoS Commands...
Page 668: Classofservice Trust
IP DSCP Traffic Class Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays mapping for IP DSCP 1 and traffic class 2. console(config)#classofservice ip-dscp-mapping 1 2 classofservice trust Use the classofservice trust command in either Global Configuration mode or Interface Configuration mode to set the class of service trust mode of an interface.
Page 669: Conform-Color
ip-dscp — Specifies that the mode be set to trust IP DSCP packet • markings. Default Configuration This command has no default configuration. Command Mode Global Configuration mode or Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command has no user guidelines. Examples The following example displays how you set the class of service trust mode of an interface to trust dot1p (802.1p) packet markings when in Global...
Page 670 Syntax conform-color { class-map-name} [ exceed-color { class-map-name } ] Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines Color conforming classes must be one of the following types: • Primary COS • Secondary COS •...
Page 671: Cos-Queue Min-Bandwidth
console(config)#policy-map color in console(config-policy-map)#class class-ipv4 console(config-policy-classmap)#police-simple 1000 16 conform-action transmit violate-action transmit console(config-policy-classmap)#conform-color class- cos1 console(config-policy-classmap)#exit console(config-policy-map)#exit console(config)# cos-queue min-bandwidth Use the cos-queue min-bandwidth command in either Global Configuration mode or Interface Configuration mode to specify the minimum transmission bandwidth for each interface queue. To restore the default for each queue’s minimum bandwidth value, use the no form of this command.
Page 672: Cos-Queue Random-Detect
User Guidelines The maximum number of queues supported per interface is seven. It is recommended that the operator avoid the use of queue 5-7 in order to avoid conflicts with inter- and intra-network control traffic. In order to better accommodate bursty traffic, it is recommended that the sum of the configured min-bandwidths be much less than 100%.
Page 673 Parameter Description Parameter Description queue-id An integer indicating the queue-id which is to be enabled for WRED. Range 0-6. Up to 7 queues may be simultaneously specified. Default Configuration WRED queue management policy is disabled by default. Tail-drop queue management policy is enabled by default. The threshold for invoking tail- drop behavior when WRED is disabled is approximately 1/2 of the remaining free packet buffer in the switch.
Page 674: Cos-Queue Strict
Example Enable WRED on the default CoS 0 queue for unmarked packets and set the green, yellow, and red colored traffic to utilize WRED starting at 3% of port congestion with a drop probability of 1%, 2% and 3%, respectively. In this configuration, non-TCP traffic uses tail-drop queue discipline with a drop threshold at 100% of the statically calculated port queue length vs.
Page 675: Diffserv
User Guidelines Strict priority (SP) queues are scheduled in priority order ahead of WRR queues. Strict priority queues are allocated unlimited bandwidth. Use the cos-queue min-bandwidth command on lower priority SP and WRR queues to ensure fairness to lower priority queues. Example The following example displays how to activate the strict priority scheduler mode for two queues.
Page 676: Drop
Example The following example displays how to set the DiffServ operational mode to active. console(Config)#diffserv drop Use the drop command in Policy-Class-Map Configuration mode to specify that all packets for the associated traffic stream are to be dropped at ingress. Syntax drop Default Configuration...
Page 677: Mark Ip-Dscp
Syntax cos-value mark cos cos-value — Specifies the CoS value as an integer. (Range: 0–7) • Default Configuration There is no default cos-value for this command. Packets are not remarked by default. Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to mark all packets with a CoS value.
Page 678: Mark Ip-Precedence
Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to mark all packets with an IP DSCP value of "cs4." console(config-policy-classmap)#mark ip-dscp cs4 mark ip-precedence Use the mark ip-precedence command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP precedence value.
Page 679: Match Class-Map
console(config-policy-classmap)#mark ip-precedence 2 console(config-policy-classmap)# match class-map Use the match class-map command to add to the specified class definition the set of match conditions defined for another class. Use the no form of this command to remove from the specified class definition the set of match conditions defined for another class.
Page 680: Match Cos
Example The following example adds match conditions defined for the Dell class to the class currently being configured. console(config-classmap)#match class-map Dell The following example deletes the match conditions defined for the Dell class from the class currently being configured.
Page 681: Match Destination-Address Mac
Example The following example displays adding a match condition to the specified class. console(config-classmap)#match cos 1 match destination-address mac Use the match destination-address mac command in Class-Map Configuration mode to add a match condition based on the destination MAC address of a packet. Syntax macaddr macmask match destination-address mac...
Page 682: Match Dstip
match dstip Use the match dstip command in Class-Map Configuration mode to add a match condition based on the destination IP address of a packet. Syntax ipaddr ipmask match dstip ipaddr — Specifies a valid IP address. • ipmask — Specifies a valid IP address bit mask. Note that even though this •...
Page 683: Match Dstl4Port
prefix-length —IPv6 prefix length value. • Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-classmap)#match dstip6 2001:DB8::/32 match dstl4port Use the match dstl4port command in Class-Map Configuration mode to add a match condition based on the destination layer 4 port of a packet using a single keyword or a numeric notation.
Page 684: Match Ethertype
User Guidelines This command has no user guidelines. Example The following example displays adding a match condition based on the destination layer 4 port of a packet using the "echo" port name keyword. console(config-classmap)#match dstl4port echo match ethertype Use the match ethertype command in Class-Map Configuration mode to add a match condition based on the value of the ethertype.
Page 685: Match Ip6Flowlbl
match ip6flowlbl The match ip6flowlbl command adds to the specified class definition a match condition based on the IPv6 flow label of a packet. Syntax label match ip6flowlbl label - The value to match in the Flow Label field of the IPv6 header •...
Page 686: Match Ip Precedence
dscpval — Specifies an integer value or a keyword value for the DSCP • af11 , af12 , af13 , af21 , af22 , field. (Integer Range: 0–63) (Keyword Values: af23 , af31 , af32 , af33 , af41 , af42 , af43 , be , cs0 , cs1 , cs2 , cs3 , cs4 , cs5 , cs6 , cs7 , ef ) Default Configuration This command has no default configuration.
Page 687: Match Ip Tos
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation.
Page 688: Match Protocol
Command Mode Class-Map Configuration mode User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. free form This specification is the version of the IP DSCP/Precedence/TOS...
Page 689: Match Source-Address Mac
User Guidelines This command has no user guidelines. Example The following example displays adding a match condition based on the "ip" protocol name keyword. console(config-classmap)#match protocol ip match source-address mac Use the match source-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source MAC address of the packet.
Page 690: Match Srcip
console(config-classmap)# match source-address mac 10:10:10:10:10:10 11:11:11:11:11:11 match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet. Syntax ipaddr ipmask match srcip ipaddr —...
Page 691: Match Srcl4Port
Syntax source-ipv6-prefix/prefix-length match srcip6 source-ipv6-prefix —IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value. • Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-classmap)#match srcip6 2001:DB8::/32 match srcl4port...
Page 692: Match Vlan
Command Mode Class-Map Configuration mode User Guidelines Only one srcl4port matching criteria can be specified. To remove the matching criteria, delete the class map. Example The following example displays how to add a match condition using the "snmp" port name keyword. console(config-classmap)#match srcl4port snmp match vlan Use the match vlan command in Class-Map Configuration mode to add to...
Page 693: Mirror
Example The following example displays adding a match condition for the VLAN ID "2." console(config-classmap)#match vlan 2 mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified. Syntax interface mirror...
Page 694 Syntax datarate burstsize conform-action {drop | set-prectransmit police-simple { cos | set-dscp-transmit dscpval | transmit} [violate-action {drop | set-cos- cos | set-prec-transmit cos | set-dscp-transmit dscpval | transmit}]} transmit datarate — Data rate in kilobits per second (kbps). (Range: • 1–4294967295) burstsize —...
Page 695: Police-Two-Rate
console(config-policy-classmap)#police-simple 1000 64 conform-action transmit violate-action drop police-two-rate Use the police-two-rate command to implement a two-rate Three Color Market (trTCM) per RFC 2698. A trTCM meters a traffic stream and colors packets according to four parameters: Committed Information Rate (CIR) Committed Burst Size (CBS) Peak Information Rate (PIR) Peak Burst Size (PBS)
Page 696: Policy-Map
– transmit— Transmit the packet unmodified. Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines The CIR and PIR are measured in Kbps (not pps as indicated in the RFC), the CBS in Kbytes, and the PBS in Kbytes. It is recommended that the CBS and PBS be configured to be larger than the largest expected IP packet.
Page 697: Random-Detect Queue-Parms
Example The following example shows how to establish a new ingress DiffServ policy named "DELL." console(config)#policy-map DELL in console(config-policy-classmap)# random-detect queue-parms Use the random-detect queue-parms command to configure the WRED green, yellow and red TCP and non-TCP packet minimum and maximum thresholds and corresponding drop probabilities on an interface or all interfaces.
Page 698 Syntax queue-id minthresh- random-detect queue-parms [queue-id] ... min-thresh green minthresh-yellow minthresh-red minthresh-nontcp max- max-thresh thresh-green max-thresh-yellow max-thresh-red maxthresh-nontcp queue-id no random-detect queue-parms [queue-id] ... Parameter Description Parameter Description queue-id The class of service queue. Range 0 to 6. min-thresh The minimum threshold at which to begin dropping, based on the configured maximum drop probability for each color and for non-TCP packets.
Page 699 Command Mode Global Config mode, Interface Config mode (physical and port-channel), Interface Range mode User Guidelines The Green/Yellow/Red Ranges may overlap and are applied to each color independently. Within a color, the range from minimum to maximum is divided into eight (0...7) fixed probabilities at which packets are dropped based on the instantaneous egress queue size: 0 - 6.25% of maximum drop probability 1 - 18.75% of maximum drop probability...
Page 700: Random-Detect Exponential-Weighting-Constant
console(config-if-Te2/0/1)#random-detect queue-parms 0 min- thresh 5 10 15 50 max-thresh 15 25 50 98 drop-prob-scale 1 2 3 25 random-detect exponential-weighting-constant Use the random-detect exponential-weighting-constant command to configure the decay in the calculation of the average queue size user for WRED on an interface or all interfaces.
Page 701: Service-Policy
Syntax interface redirect interface — Specifies any valid interface. Interface is Ethernet port or • port-channel (Range: po1-po32 or gi1/0/1-gi1/0/24) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example shows how to redirect incoming packets to port 1/0/1.
Page 702: Show Class-Map
ACLs and DiffServ policies may not both exist on the same interface in the same direction. Example The following example shows how to attach a service policy named "DELL" to all interfaces. console(config)#service-policy DELL show class-map Use the show class-map command in Privileged EXEC mode to display all configuration information for the specified class.
Page 703 Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays all the configuration information for the class named "Dell". console#show class-map Class L3 Class Name Type Proto...
Page 704: Show Classofservice Dot1P-Mapping
Class Name........stop_http_class Class Type........All Class Layer3 Protocol......ipv6 Match Criteria Values ---------------------------- ------------------------------------- Source IP Address 2001:DB8::/32 Source Layer 4 Port 80(http/www) show classofservice dot1p-mapping Use the show classofservice dot1p-mapping command in Privileged EXEC mode to display the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface.
Page 705: Show Classofservice Ip-Dscp-Mapping
------------- --------------- The following table lists the parameters in the example and gives a description of each. Parameter Description User Priority The 802.1p user priority value. Traffic Class The traffic class internal queue identifier to which the user priority value is mapped. show classofservice ip-dscp-mapping Use the show classofservice ip-dscp-mapping command in Privileged EXEC mode to display the current IP DSCP mapping to internal traffic classes for a...
Page 706 User Guidelines Example console#show classofservice ip-dscp-mapping IP DSCP Traffic Class ------------- ------------- 0(be/cs0 8(cs1) 10(af11) 12(af12) 14(af13) 16(cs2) 18(af21) QoS Commands...
Page 707 --More-- or (q)uit 20(af22) 22(af23) 24(cs3) 26(af31) 28(af32) 30(af33) 32(cs4) 34(af41) 36(af42) 38(af43) 40(cs5) --More-- or (q)uit QoS Commands...
Page 708: Show Classofservice Trust
46(ef) 48(cs6) 56(cs7) console# show classofservice trust Use the show classofservice trust command in Privileged EXEC mode to display the current trust mode setting for a specific interface. QoS Commands...
Page 709 Syntax port- show classofservice trust [{gigabitethernet unit/slot/port| port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines If the interface is specified, the port trust mode of the interface is displayed. If omitted, the port trust mode for global configuration is shown.
Page 710 Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show diffserv DiffServ Admin mode......Enable Class Table Size Current/Max....5 / 25 Class Rule Table Size Current/Max....
Page 711 Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console#show diffserv service interface gigabitethernet 1/0/1 in DiffServ Admin Mode......Enable Interface........1/0/1 Direction........
Page 712 Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines Not applicable Example console#show diffserv service interface port-channel 1 in DiffServ Admin Mode......Enable Interface........po1 Direction........In No policy is attached to this interface in this direction show diffserv service brief Use the show diffserv service brief command in Privileged EXEC mode to display all interfaces in the system to which a DiffServ policy has been...
Page 713 Policy Name ----------- ----------- ------------ ------------------- 1/0/1 Down DELL show interfaces cos-queue Use the show interfaces cos-queue command in Privileged EXEC mode to display the class-of-service queue configuration for the specified interface. Syntax show interfaces cos-queue [{gigabitethernet unit/slot/port | port-channel...
Page 714 Interface Shaping Rate......0 Queue Id Min. Bandwidth Scheduler Type Queue Management Type -------- -------------- -------------- -------------- Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop This example displays the COS configuration for the specified interface 1/0/1. console#show interfaces cos-queue gigabitethernet 1/0/1 Interface........
Page 715 Parameter Description Intf Shaping Rate The maximum transmission bandwidth limit for the interface as a whole. It is independent of any per-queue maximum bandwidth values in effect for the interface. This value is a configured value. Queue Mgmt Type The queue depth management technique used for all queues on this interface.
Page 716 Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show policy-map Policy Name Policy Type Class Members ----------- ----------- ------------- POLY1 DellClass DELL DellClass QoS Commands...
Page 717 Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the statistics information for port te1/0/1. console#show policy-map interface te1/0/1 in Interface........te1/0/1 Operational Status......Down Policy Name........DELL QoS Commands...
Page 718 User Guidelines This command has no user guidelines. Example The following example displays a summary of policy-oriented statistics information. console#show service-policy Oper Policy Intf Stat Name ------ ----- ------------------------------- 1/0/1 Down DELL 1/0/2 Down DELL 1/0/3 Down DELL QoS Commands...
Page 719: Traffic-Shape
1/0/4 Down DELL 1/0/5 Down DELL 1/0/6 Down DELL 1/0/7 Down DELL 1/0/8 Down DELL 1/0/9 Down DELL 1/0/10 Down DELL traffic-shape Use the traffic-shape command in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit rate shaping for the interface as a whole.
Page 720 Example The following example displays the setting of traffic-shape to a maximum bandwidth of 1024 Kbps. console(config-if-1/0/1)#traffic-shape 1024 kbps QoS Commands...
Page 721: Radius Commands
RADIUS Commands Managing and determining the validity of users in a large network can be significantly simplified by making use of a single database of accessible information supplied by an Authentication Server. These servers commonly use the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
Page 722 Table 33-1. RADIUS Attributes Supported by PowerConnect Switch Service Type RADIUS Attribute Name 802.1X User Manager Captive Portal NAS-IP-ADDRESS NAS-PORT SERVICE-TYPE FILTER-ID FRAMED-MTU REPLY-MESSAGE STATE CLASS VENDOR-SPECIFIC SESSION-TIMEOUT IDLE-TIMEOUT TERMINATION-ACTION CALLED-STATION-ID CALLING-STATION-ID NAS-IDENTIFIER ACCT-STATUS-TYPE Set by RADIUS client for Accounting ACCT-INPUT-OCTETS ACCT-OUTPUT-OCTETS ACCT-SESSION-ID...
Page 723 Table 33-1. RADIUS Attributes Supported by PowerConnect Switch Service Type RADIUS Attribute Name 802.1X User Manager Captive Portal NAS-PORT-TYPE TUNNEL-TYPE TUNNEL-MEDIUM-TYPE EAP-MESSAGE MESSAGE-AUTHENTICATOR Set by RADIUS client for Accounting TUNNEL-PRIVATE-GROUP-ID Yes The following attributes are processed in the RADIUS Access-Accept message received from a RADIUS server: •...
Page 724: Commands In This Chapter
• FILTER-ID – Name of the filter list for this user. • TUNNEL-TYPE – Used to indicate that a VLAN is to be assigned to the user when set to tunnel type VLAN (13). • TUNNEL-MEDIUM-TYPE – Used to indicate the tunnel medium type. Must be set to medium type 802 (6) to enable VLAN assignment.
Page 725: Aaa Accounting Dot1X Default Start-Stop
aaa accounting dot1x default start-stop The aaa accounting network default start-stop group radius command has been migrated to the aaa accounting dot1x default start-stop {radius|none} command. Use the aaa accounting dot1x default start-stop command in Global Config mode to create an accounting method list. Use the no form of the command to delete a list.
Page 726 Parameter Description start-stop Issue a start accounting notice at the beginning and stop accounting notice at the end of the accounted method. Accounting notices are sent when the user logs into the switch and when the user logs out of the exec mode. Accounting notifications are also sent at the beginning and at the end of the user executed command.
Page 727: Accounting
The same list-name can be used for both exec and commands accounting types. AAA accounting for commands with RADIUS as the accounting method is not supported. TACACS+ supports both exec and commands accounting types. There is exactly one accounting method list for dot1x: default. accounting Use the accounting command in Line Config mode to apply an accounting method to a line config.
Page 728: Acct-Port
User Guidelines When enabling accounting for exec mode for the current line-configuration type, users logged in with that mode will be logged out. Examples Use the following command to enable exec type accounting for telnet. console(config)#line telnet console(config-telnet)# accounting exec default acct-port Use the acct-port command to set the port that connects to the RADIUS accounting server.
Page 729: Auth-Port
console(Config-acct-radius)#acct-port 56 auth-port Use the auth-port command in Radius mode to set the port number for authentication requests of the designated Radius server. Syntax auth-port-number auth-port auth-port-number — Port number for authentication requests. (Range: 1 - • 65535) Default Configuration The default value of the port number is 1812.
Page 730: Debug Aaa Accounting
server will be used until it no longer responds. RADIUS servers whose deadtime interval has not expired are skipped when searching for a new RADIUS server to contact. Syntax deadtime deadtime deadtime — The amount of time that the unavailable server is skipped •...
Page 731 Default Configuration Debugging is disabled by default. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Use the key command to specify the encryption key which is shared with the RADIUS server. Use the "no" form of this command to remove the key. Syntax key-string key-string —...
Page 732: Msgauth
msgauth Use the msgauth command to enable the message authenticator attribute to be used for the RADIUS Authenticating server being configured. Use the “no” form of this command to disable the message authenticator attribute. Syntax msgauth no msgauth Default Configuration The message authenticator attribute is enabled by default.
Page 733 Parameter Description Parameter Description servername The name for the RADIUS server (Range: 1 - 32 characters). Default Configuration The default RADIUS server name is Default-RADIUS-Server. Command Mode Radius Config mode User Guidelines Names may only be set for authentication servers, not for accounting servers. Names may consist of alphanumeric characters and the underscore, dash and blanks.Embed the name in double quotes to use a name with blanks.
Page 734: Primary
primary Use the primary command to specify that a configured server should be the primary server in the group of authentication servers which have the same server name. Multiple primary servers can be configured for each group of servers which have the same name. When the RADIUS client has to perform transactions with an authenticating RADIUS server of the specified name, it uses the primary server that has the specified server name by default.
Page 735: Radius-Server Attribute 4
Default Configuration The default priority is 0. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies a priority of 10 for the designated server. console(config)#radius-server host 192.143.120.123 console(config-radius)#priority 10 radius-server attribute 4...
Page 736: Radius-Server Deadtime
User Guidelines This command does not change the address in the IP header for the request sent to the RADIUS server. It only changes the address sent to the RADIUS server inside the RADIUS packet. Example The following example sets the NAS IP address in RADIUS attribute 4 to 192.168.10.22.
Page 737: Radius-Server Host
User Guidelines If only one RADIUS server is configured, it is recommended that the deadtime interval be left at 0. Example The following example sets the minimum interval for a RADIUS server will not be contacted after becoming unresponsive. console(config)#radius-server deadtime 10 radius-server host Use the radius-server host command in Global Configuration mode to specify a RADIUS server host and enter RADIUS Configuration mode.
Page 738: Radius-Server Key
User Guidelines Radius servers are keyed by the host name, therefore it is advisable to use unique server host names. Example The following example specifies a Radius server host with the following characteristics: Server host IP address — 192.168.10.1 console(config)#radius-server host 192.168.10.1 radius-server key Use the radius-server key command in Global Configuration mode to set the authentication and encryption key for all Radius communications between...
Page 739: Radius-Server Retransmit
Example The following example sets the authentication and encryption key for all Radius communications between the device and the Radius server to “dell- .” server console(config)#radius-server key dell-server radius-server retransmit Use the radius-server retransmit command in Global Configuration mode to specify the number of times the Radius client will retransmit requests to the Radius server.
Page 740: Radius-Server Source-Ip
radius-server source-ip Use the radius-server source-ip command in Global Configuration mode to specify the source IP address used for communication with Radius servers. To return to the default, use the no form of this command. 0.0.0.0 is interpreted as a request to use the IP address of the outgoing IP interface. Syntax source radius-server source-ip...
Page 741: Retransmit
timeout — Specifies the timeout value in seconds. (Range: 1–30) • Default Configuration The default value is 3 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the interval for which a switch waits for a server host to reply to 5 seconds.
Page 742: Show Aaa Servers
Example The following example of the retransmit command specifies five retries. console(config)#radius-server host 192.143.120.123 console(config-radius)#retransmit 5 show aaa servers Use the show aaa servers command to display the list of configured RADIUS servers and the values configured for the global parameters of the RADIUS client.
Page 743 Field Description Configured The number of RADIUS Authentication servers that have Authentication Servers been configured. Configured Accounting The number of RADIUS Accounting servers that have Servers been configured. Named Authentication The number of configured named RADIUS server groups. Server Groups Named Accounting The number of configured named RADIUS server groups.
Page 744: Show Accounting Methods
Global values -------------------------------------------- Number of Configured Authentication Servers..5 Number of Configured Accounting Servers..1 Number of Named Authentication Server Groups... 2 Number of Named Accounting Server Groups..1 Number of Retransmits......3 Timeout Duration....... 15 Deadtime........0 Source IP........0.0.0.0 RADIUS Accounting Mode......
Page 745: Show Radius Statistics
Examples console#show accounting methods Acct Type Method Name Record Type Method Type ---------- ------------ ------------ ------------ Exec dfltExecList start-stop TACACS Commands dfltCmdsList stop-only TACACS Commands UserCmdAudit start-stop TACACS Line EXEC Method List Command Method List ------- --------------------------------------- Console dfltExecList dfltCmdsList Telnet dfltExecList dfltCmdsList...
Page 746 Parameter Description hostname Host name of the Radius server host. (Range: 1–158 characters). The command allows spaces in the host name when specified in double quotes. For example, console(config)#snmp-server host "host name" servername The alias used to identify the server. Default Configuration There is no default configuration for this command.
Page 747 Field Description Malformed The number of malformed RADIUS Accounting Response Responses packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed accounting responses. The number of RADIUS Accounting Response packets Authenticators containing invalid authenticators received from this accounting server.
Page 748 Field Description Malformed Access The number of malformed RADIUS Access Response packets Responses received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed access responses. The number of RADIUS Access Response packets containing Authenticators invalid authenticators or signature attributes received from this...
Page 749: Source-Ip
Access Accepts........ 0 Access Rejects........ 0 Access Challenges......0 Malformed Access Responses....0 Bad Authenticators......0 Pending Requests......0 Timeouts........0 Unknown Types......... 0 Packets Dropped....... 0 source-ip Use the source-ip command in Radius mode to specify the source IP address to be used for communication with Radius servers.
Page 750: Timeout
timeout Use the timeout command in Radius mode to set the timeout value in seconds for the designated Radius server. Syntax timeout timeout timeout — Timeout value in seconds for the specified server. (Range: 1-30 • seconds.) Default Configuration The default value is 3 seconds. Command Mode Radius mode User Guidelines...
Page 751 Default Configuration all. The default variable setting is Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example login The following example specifies usage type console(config)#radius-server host 192.143.120.123 console(config-radius)#usage login RADIUS Commands...
Page 752 RADIUS Commands...
Page 753: Spanning Tree Commands
Spanning Tree Commands The Multiple Spanning Tree Protocol (MSTP) component complies with IEEE 802.1s by efficiently navigating VLAN traffic over separate interfaces for multiple instances of Spanning Tree. IEEE 802.1D, Spanning Tree and IEEE 802.1w, Rapid Spanning Tree are supported through the IEEE 802.1s implementation.
Page 754: Commands In This Chapter
port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role.
Page 755: Clear Spanning-Tree Detected-Protocols
revision (mst) spanning-tree spanning-tree mst spanning-tree tcnguard disable cost show spanning-tree spanning-tree spanning-tree mst spanning-tree transmit forward-time port-priority hold-count show spanning-tree spanning-tree guard spanning-tree mst – summary priority spanning-tree spanning-tree spanning-tree – loopguard portfast clear spanning-tree detected-protocols Use the clear spanning-tree detected-protocols command in Privileged EXEC mode to restart the protocol migration process (force the renegotiation with neighboring switches) on all interfaces or on the specified interface.
Page 756: Instance (Mst)
exit (mst) Use the exit command in MST mode to exit the MST configuration mode and apply all configuration changes. Syntax exit Default Configuration MST configuration. Command Mode MST mode User Guidelines This command has no user guidelines. Example The following example shows how to exit the MST configuration mode and save changes.
Page 757 Default Configuration VLANs are mapped to the common and internal spanning tree (CIST) instance (instance 0). Command Mode MST mode User Guidelines Before mapping VLANs to an instance use the spanning-tree mst enable command to enable the instance. All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree (CIST) instance (instance 0) and cannot be unmapped from the CIST.
Page 758: Name (Mst)
console(config-mst)#instance 2 add vlan 450-499 console(config-mst)#instance 2 add vlan 2000-2199 console(config-mst)#instance 2 add vlan 2500-2599 console(config-mst)#instance 2 add vlan 2800-2999 console(config-mst)#exit console(config)#interface te1/1/1 console(config-if-Te1/1/1)#switchport mode trunk console(config-if-Te1/1/1)#switchport trunk allowed vlan add 2-150 console(config-if-Te1/1/1)#spanning-tree mst 1 port-priority 16 console(config-if-Te1/1/1)#interface te1/1/2 console(config-if-Te1/1/2)#switchport mode trunk console(config-if-Te1/1/2)#switchport trunk allowed vlan add 200-349 console(config-if-Te1/1/2)#spanning-tree mst 2 port-priority 16 console(config-if-Te1/1/2)#exit...
Page 759: Show Spanning-Tree
console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command. Syntax version revision no revision version — Configuration revision number. (Range: 0-65535) •...
Page 760 instance-id show spanning-tree [detail] [active | blockedports] | [instance show spanning-tree mst-configuration Parameter Description Parameter Description detail Displays detailed information. active Displays active ports only. blockedports Displays blocked ports only. mst-configuration Displays the MST configuration identifier. instance -id ID of the spanning -tree instance. Default Configuration This command has no default configuration.
Page 761 Interfaces Name State Prio.Nbr Cost Role Restricted ------ -------- --------- --------- ---- ----- ---------- Gi1/0/1 Enabled 128.1 20000 Root Gi1/0/2 Enabled 128.2 Disb Gi1/0/3 Enabled 128.3 Disb Gi1/0/4 Enabled 128.4 Disb console#show spanning-tree gigabitethernet 1/0/1 Port Gi1/0/1 Enabled State: Forwarding Role: Root Port id: 128.1 Port Cost: 20000...
Page 762 Port id: 128.1 Port Cost: 20000 Root Protection: No Designated bridge Priority: 32768 Address: 0010.1882.1C53 Designated port id: 128.48 Designated path cost: 0 CST Regional Root: 80:00:00:10:18:82:1C:53 CST Port Cost: 0 BPDU: sent 24, received 500 console#show spanning-tree detail active Spanning tree Enabled (BPDU flooding : Disabled) Portfast BPDU filtering Disabled mode rstp...
Page 763: Show Spanning-Tree Summary
Regional Root Path Cost: ROOT ID Priority 32768 Address 0010.1882.1C53 Path Cost 20000 Root Port Gi1/0/1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 show spanning-tree summary Use the show spanning-tree summary command to display spanning tree settings and parameters for the switch.
Page 764: Spanning-Tree
Configuration Name Identifier used to identify the configuration currently being used. Configuration Revision Identifier used to identify the configuration currently Level being used. Configuration Digest Key A generated Key used in the exchange of the BPDUs. Configuration Format Specifies the version of the configuration format being Selector used in the exchange of BPDUs.
Page 765: Spanning-Tree Auto-Portfast
no spanning-tree Default Configuration Spanning-tree is enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables spanning-tree functionality. console(config)#spanning-tree spanning-tree auto-portfast Use the spanning-tree auto-portfast command to set the port to auto portfast mode.
Page 766: Spanning-Tree Bpdu Flooding
Example The following example enables spanning-tree functionality on gigabit ethernet interface 4/0/1. console#config console(config)#interface gigabitethernet 4/0/1 console(config-if-4/0/1)#spanning-tree auto-portfast spanning-tree bpdu flooding The spanning-tree bpdu flooding command allows flooding of BPDUs received on non-spanning-tree ports to all other non-spanning-tree ports. Use the “no”...
Page 767: Spanning-Tree Cost
For an access layer device, the access port is generally connected to the user terminal (such as a desktop computer) or file server directly and configured as an edge port to implement the fast transition. When the port receives a BPDU packet, the system sets it to non-edge port and recalculates the spanning tree, which causes network topology flapping.
Page 768 Syntax cost spanning-tree cost no spanning-tree cost cost — The port path cost. (Range: 0–200,000,000) • Default Configuration The default cost is 0, which signifies that the cost is automatically calculated based on port speed. • 10G Port path cost — 2000 •...
Page 769: Spanning-Tree Disable
spanning-tree disable Use the spanning-tree disable command in Interface Configuration mode to disable spanning-tree on a specific port. To enable spanning-tree on a port, use the no form of this command. Syntax spanning-tree disable no spanning-tree disable Default Configuration By default, all ports are enabled for spanning-tree. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode...
Page 770 no spanning-tree forward-time seconds — Time in seconds. (Range: 4–30) • Default Configuration The default forwarding-time for IEEE Spanning-tree Protocol (STP) is 15 seconds. Command Mode Global Configuration mode. User Guidelines When configuring the Forward-Time the following relationship should be satisfied: 2*(Forward-Time - 1) >= Max-Age.
Page 771 Default Configuration Neither root nor loop guard is enabled. Command Mode Interface Configuration (Ethernet, Port Channel) mode. User Guidelines There are no user guidelines for this command. Example The following example disables spanning-tree guard functionality on gigabit ethernet interface 4/0/1. console#config console(config)#interface gigabitethernet 4/0/1 console(config-if-4/0/1)#spanning-tree guard none...
Page 772 Example The following example enables spanning-tree loopguard functionality on all ports. console(config)#spanning-tree loopguard default spanning-tree max-age Use the spanning-tree max-age command in Global Configuration mode to configure the spanning-tree bridge maximum age. To reset the default maximum age, use the no form of this command. Syntax seconds spanning-tree max-age...
Page 773 spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree. Use the “no” form of this command to reset the Max Hops to the default. Syntax hops spanning-tree max-hops...
Page 774 mst — Multiple Spanning Tree Protocol (MSTP) is enabled. • Default Configuration Rapid Spanning Tree Protocol (RSTP) is supported. Command Mode Global Configuration mode User Guidelines In RSTP mode, the switch would use STP when the neighbor switch is using STP .
Page 775 User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name. Example The following example configures an MST region. console (config)#spanning-tree mst configuration console (config-mst)#instance 1 add vlan 10-20 console (config-mst)#name region1 console (config-mst)#revision 1...
Page 776 — 20,000 • Port-Channel Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines MST instance id 0 is the common internal spanning tree instance (CIST). Example The following example configures the MSTP instance 1 path cost for interface 1/0/9 to 4. console(config)#interface gigabitethernet 1/0/9 console(config-if-1/0/9)#spanning-tree mst 1 cost 4 spanning-tree mst port-priority...
Page 777 Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. Example The following example configures the port priority of gigabit Ethernet interface 1/0/5 to 144. console(config)# interface gigabitethernet 1/0/5 console(config-if)#...
Page 778: Spanning-Tree Portfast
Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. The switch with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096.
Page 779 User Guidelines This command only applies to access ports. The command is to be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operations. An interface with PortFast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting the standard forward-time delay.
Page 780 Example The following example discards BPDUs received on spanning-tree ports in portfast mode. console#spanning-tree portfast bpdufilter default spanning-tree portfast default Use the spanning-tree portfast default command to enable Portfast mode only on access ports. Use the no form of this command to disable Portfast mode on all ports.
Page 781: Spanning-Tree Port-Priority
spanning-tree port-priority Use the spanning-tree port-priority command in Interface Configuration mode to configure port priority. To reset the default port priority, use the no form of this command. Syntax priority spanning-tree port-priority no spanning-tree port-priority priority — The port priority. (Range: 0–240) •...
Page 782: Spanning-Tree Tcnguard
Syntax priority spanning-tree priority no spanning-tree priority priority — Priority of the bridge. (Range: 0–61440) • Default Configuration The default bridge priority for IEEE STP is 32768. Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The switch with the lowest priority is the root of the spanning tree.
Page 783: Spanning-Tree Transmit Hold-Count
User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree tcnguard on 4/0/1. console(config-if-4/0/1)#spanning-tree tcnguard spanning-tree transmit hold-count Use the spanning-tree transmit hold-count command to set the maximum number of BPDUs that a bridge is allowed to send within a hello time window (2 seconds).
Page 784 Spanning Tree Commands...
Page 785: Commands In This Chapter
TACACS+ Commands TACACS+ provides access control for networked devices via one or more centralized servers, similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides for separate authentication, authorization and accounting services.
Page 786: Port
show tacacs timeout Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon. Syntax key [key-string] —...
Page 787: Priority
Default Configuration The default port number is 49. Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to specify server port number 1200. console(tacacs)#port 1200 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority.
Page 788: Show Tacacs
console(tacacs)#priority 10000 show tacacs Use the show tacacs command in Privileged EXEC mode to display the configuration and statistics of a TACACS+ server. Syntax ip-address show tacacs [ ip-address — • The name or IP address of the host. Default Configuration This command has no default configuration.
Page 789: Tacacs-Server Host
tacacs-server host Use the tacacs-server host command in Global Configuration mode to configure a TACACS+ server. This command enters into the TACACS+ configuration mode. To delete the specified hostname or IP address, use the no form of this command. Syntax ip-address hostname tacacs-server host {...
Page 790: Tacacs-Server Key
tacacs-server key Use the tacacs-server key command in Global Configuration mode to set the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. To disable the key, use the no form of this command. Syntax key-string tacacs-server key [...
Page 791: Tacacs-Server Timeout
tacacs-server timeout Use the tacacs-server timeout command in Global Configuration mode to set the interval during which a switch waits for a server host to reply. To restore the default, use the no form of this command. Syntax timeout tacacs-server timeout [ no tacacs-server timeout timeout —...
Page 792 Default Configuration If left unspecified, the timeout defaults to the global value. Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example This example shows how to specify the timeout value. console(tacacs)#timeout 23 TACACS+ Commands...
Page 793: Udld Commands
UDLD Commands The UDLD feature detects unidirectional links on physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction. UDLD must be enabled on the both sides of the link in order to detect a unidirectional link.
Page 794: Processing Udld Traffic From Neighbors
recognize only the sending failures on unidirectional links. If all devices in the network support UDLD, this functionality is enough to detect all unidirectional links. Processing UDLD Traffic from Neighbors Every UDLD-capable device collects information about all other UDLD- capable devices. Each device populates UDLD echo packets with collected neighbor information to help neighbors identify unidirectional links.
Page 795: Commands In This Chapter
UDLD will put the port into the shutdown state in the following cases: When there is a loopback. The device ID and port ID sent out on a port is received back. UDLD PDU is received from a partner does not have its own details (echo).
Page 796: Udld Reset
Command Mode Global Config mode User Guidelines This command globally enables UDLD. Interfaces which are not connected or enabled at the Ethernet layer at the time the command is issued will be enabled for UDLD when connected or enabled. udld reset Use the udld reset command in Privileged EXEC mode to reset (enable) all interfaces disabled by UDLD.
Page 797: Udld Message Time
udld message time Use the udld message time command in Global Config mode to configure the interval between the transmission of UDLD probe messages on ports that are in the advertisement phase. Use the no form of the command to return the message transmission interval to the default value.
Page 798: Udld Enable (Interface Config)
Use the no form of the command to return the value to the default setting. Syntax timeout-interval udld timeout interval no udld timeout interval Parameter Description Parameter Description timeout-interval UDLD timeout interval. Range is 5 to 60 seconds. Default Configuration The default timeout interval is 5 seconds.
Page 799: Udld Port
Command Mode Interface (physical) Config mode User Guidelines UDLD cannot be enabled on a port channel. Instead, enable UDLD on the physical interfaces of a port channel. udld port Use the udld port command in Interface (physical) Config mode to select the UDLD operating mode on a specific interface.
Page 800: Show Udld
show udld Use the show udld command in User EXEC or Privileged EXEC mode to display the global settings for UDLD. Syntax show udld [interface-id|all] Field Description When no interface is specified, the following fields are shown: Field Description Admin Mode The global administrative mode of UDLD.
Page 801: Debug Udld
Field Description UDLD Status The status of the link as determined by UDLD. The options are: • Undetermined – UDLD has not collected enough information to determine the state of the port. • Not applicable – UDLD is disabled, either globally or on the port.
Page 802 Parameter Description Parameter Description Packet Display transmitted and received UDLD packets. Receive Debug packets received by the switch. Transmit Debug packets transmitted by the switch. Events Display UDLD events. Default Configuration By default, debugging is disabled. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 803: Vlan Commands
VLAN Commands PowerConnect 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.
Page 804: Independent Vlan Learning
two TPID values can be different or the same. VLAN normalization, source MAC learning, and forwarding are based on the S-TAG value in a received frame. PowerConnect supports configuring one outer VLAN TPID value per switch. The global default TPID is 0x88A8, which indicates a Virtual Metropolitan Area Network (VMAN).
Page 805: Ip Subnet Based Vlans
its own VLAN. Additionally, protocol-based classification allows an administrator to assign nonrouting protocols, such as NetBIOS or DECnet, to larger VLANs than routing protocols like IPX or IP. This maximizes the efficiency gains that are possible with VLANs. In port-based VLAN classification, the Port VLAN Identifier (PVID) is associated with the physical ports.
Page 806 • Isolated VLAN Is a secondary VLAN. It carries traffic from isolated ports to promiscuous ports. Only one isolated VLAN can be configured per private VLAN. • Community VLAN Is a secondary VLAN. It forwards traffic between ports which belong to the same community and to the promiscuous ports.
Page 807 Figure 37-1. Private VLANs Isolated VLAN An endpoint connected over an isolated VLAN is allowed to communicate with endpoints connected to promiscuous ports only. Endpoints connected to adjacent endpoints over an isolated VLAN cannot communicate with each other. Community VLAN An endpoint connected over a community VLAN is allowed to communicate with the endpoints within the community and can also communicate with any configured promiscuous port.
Page 808: Commands In This Chapter
In order to enable Private VLAN operation across multiple switches which are not stacked, the inter-switch links should carry VLANs which belong to a private VLAN. The trunk ports which connect neighbor switches have to be assigned to the primary, isolated, and community VLANs of a private VLAN. In regular VLANs, ports in the same VLAN switch traffic at L2.
Page 809: Dvlan-Tunnel Ethertype
protocol vlan group switchport access vlan (Global show vlan private-vlan– vlan Config) protocol vlan group switchport general vlan association – forbidden vlan Private VLAN Commands switchport private- private-vlan show interfaces show vlan private-vlan vlan switchport switchport mode – – – private-vlan dvlan-tunnel ethertype Use the dvlan-tunnel ethertype command in Global Configuration mode to...
Page 810: Interface Vlan
Default Configuration The default for this command is 802.1Q. The default S-TAG TPID, when double-tagging is enabled, is 0x88A8. The default C-TAG TPID when double vlan tagging is enabled is 0x8100. Command Mode Global Configuration, Interface Configuration mode User Guidelines This command configures the TPID value on the outer VLAN (S-VLAN).
Page 811: Interface Range Vlan
Default Configuration By default, routing is enabled on VLAN 1. However, VLAN 1 does not route packets until an IP address is assigned to the VLAN. DHCP is not enabled on VLAN 1 by default. Command Mode VLAN Configuration or Global Configuration modes User Guidelines Assigning an IP address to a VLAN interface enables routing on the VLAN interface.
Page 812: Mode Dvlan-Tunnel
User Guidelines Commands used in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution continues on other interfaces. Example The following example groups VLAN 221 through 228 and VLAN 889 to execute the commands entered in interface range mode.
Page 813: Name (Vlan Configuration)
Uplink Port Behavior If a single-tagged (SP tagged) or double-tagged (SP tag as outer tag) packet ingresses an uplink port, the switch passes it through unchanged to the respective access or uplink ports. If an untagged or single tagged (802.1Q tagged) packet ingresses an uplink port, the switch tags it with the configured ethertype and service provider VLAN ID taken from the ingress port PVID.
Page 814: Protocol Group
Default Configuration The default VLAN name is default. Command Mode VLAN Configuration mode User Guidelines The VLAN name may include any alphanumeric characters including a space, underscore, or dash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may truncate entries at the first illegal character or reject the entry entirely.
Page 815: Protocol Vlan Group
groupid — The protocol-based VLAN group ID, which is automatically • generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. vlanid —...
Page 816: Protocol Vlan Group All
Syntax groupid protocol vlan group groupid no protocol vlan group groupid — The protocol-based VLAN group ID, which is automatically • generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command.
Page 817: Show Dvlan-Tunnel
Syntax groupid protocol vlan group all groupid no protocol vlan group all groupid — The protocol-based VLAN group ID, which is automatically • generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command.
Page 818: Show Dvlan-Tunnel Interface
Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows how to display all interfaces for Double VLAN Tunneling. console#show dvlan-tunnel Interfaces Enabled for DVLAN Tunneling..1/0/1 show dvlan-tunnel interface Use the show dvlan-tunnel interface command in Privileged EXEC mode to display detailed information about Double VLAN Tunneling for the specified...
Page 819: Show Interfaces Switchport
console#show dvlan-tunnel interface 1/0/1 Interface Mode EtherType --------- ------- -------------- 1/0/1 Enable vMAN The following table describes the significant fields shown in the example. Field Description Mode This field specifies the administrative mode through which Double VLAN Tunneling can be enabled or disabled. The default disabled value for this field is Interface...
Page 820 Parameter Description private-vlan Displays VLAN mapping for the private-VLAN promiscuous mapping ports. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Interface Config mode and all Config sub-modes User Guidelines Do not configure private VLANs on ports configured with any of these features: •...
Page 821 Port 1/0/1 is member in: VLAN Name Egress rule Type ---- --------- ----------- ----- default untagged Default VLAN008 tagged Dynamic VLAN0011 tagged Static IPv6 VLAN untagged Static VLAN0072 untagged Static Static configuration: PVID: 1 (default) Ingress Filtering: Enabled Acceptable Frame Type: All Port 1/0/1 is statically configured to: VLAN Name...
Page 822 PVID: 4095 (discard vlan) Ingress Filtering: Enabled Acceptable Frame Type: All Port 1/0/1 is member in: VLAN Name Egress rule Type ---- --------- ----------- ----- IP Telephony tagged Static Static configuration: PVID: 8 Ingress Filtering: Disabled Acceptable Frame Type: All Port 1/0/2 is statically configured to: VLAN Name...
Page 823: Show Port Protocol
GVRP status: Disabled Port 2/0/19 is member in: VLAN Name Egress rule Type ---- --------- ----------- ----- 2921 Primary A untagged Static 2922 Community A1 untagged Static Static configuration: PVID: 2922 Ingress Filtering: Enabled Acceptable Frame Type: Untagged GVRP status: Disabled Port 2/0/19 is member in: VLAN Name...
Page 824: Show Vlan
Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the Protocol-Based VLAN information for either the entire system. console#show port protocol all Group Group Name Protocol(s VLAN Interface(s)
Page 825: Show Vlan Association Mac
Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays information for VLAN id 1, 2 and 3. console#show vlan id 1 VLAN Name Ports Type ----- --------------- -------------...
Page 826: Show Vlan Association Subnet
mac-address — Specifies the MAC address to be entered in the list. • (Range: Any valid MAC address) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows no entry in MAC address to VLAN cross- reference.
Page 827: Switchport Access Vlan
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The command has no user guidelines. Example The following example shows the case if no IP Subnet to VLAN association exists.
Page 828: Switchport General Forbidden Vlan
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command removes the port from the previous VLAN membership and adds it to the specified VLAN. The no form of the command sets the port VLAN membership to VLAN 1. Example The following example configures interface gi1/0/8 to operate in access mode with a VLAN membership of 23.
Page 829: Switchport General Acceptable-Frame-Type Tagged-Only
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This configuration only applies to ports configured in general mode. Example The following example forbids adding VLAN numbers 234 through 256 to port 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#switchport general forbidden vlan add 234-256 switchport general acceptable-frame-type tagged-only...
Page 830: Switchport General Allowed Vlan
Example The following example configures 1/0/8 to discard untagged frames at ingress. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#switchport general acceptable-frame-type tagged-only switchport general allowed vlan Use the switchport general allowed vlan command in Interface Configuration mode to add VLANs to or remove VLANs from a general port. Syntax vlan-list switchport general allowed vlan add...
Page 831: Switchport General Ingress-Filtering Disable
User Guidelines You can use this command to change the egress rule (for example, from tagged to untagged) without first removing the VLAN from the list. Example The following example shows how to add VLANs 1, 2, 5, and 8 to the allowed list.
Page 832: Switchport General Pvid
switchport general pvid Use the switchport general pvid command in Interface Configuration mode to configure the Port VLAN ID (PVID) when the interface is in general mode. Use the switchport mode general command to set the VLAN membership mode of a port to "general." To configure the default value, use the no form of this command.
Page 833: Switchport Mode
switchport mode Use the switchport mode command in Interface Configuration mode to configure the VLAN membership mode of a port. To reset the mode to the appropriate default for the switch, use the no form of this command. Syntax switchport mode {access | trunk | general} no switchport mode Parameter Description Parameter...
Page 834: Switchport Trunk
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example configures 1/0/5 to access mode. console(config)#interface gigabitethernet 1/0/5 console(config-if-1/0/5)#switchport mode access switchport trunk Use the switchport trunk command in Interface Configuration mode to add VLANs to or remove VLANs from a trunk port, or to set the native VLAN for an interface in Trunk Mode.
Page 835 Parameter Description Parameter Description vlan–list Set the list of allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode. The default is all. The vlan–list format is as follows: The vlan-list format is all remove except vlan–atom...
Page 836: Vlan
User Guidelines Untagged traffic received on a trunk port is forwarded on the native VLAN, if configured. To drop untagged traffic on a trunk port, remove the native VLAN from the trunk port. (Ex. switchport trunk allowed vlan remove 1.) Management traffic is still allowed on the trunk port in this configuration.
Page 837: Vlan (Global Config)
User Guidelines Deleting the VLAN used by an access port will cause that port to become unusable until it is assigned a VLAN that exists. Creating a VLAN adds it to the allowed list for all trunk ports except for those where it is specifically excluded.
Page 838: Vlan Association Mac
User Guidelines Deleting the VLAN for an access port will cause that port to become unusable until it is assigned a VLAN that exists. Creating a VLAN adds it to the allowed list for all trunk ports except those where it is specifically excluded. Example The following example shows how to create (add) VLAN of IDs 22, 23, and console(config)#vlan 22,23,56...
Page 839: Vlan Association Subnet
console(config)# vlan 1 console(config-vlan-1)#vlan association mac 0001.0001.0001 vlan association subnet Use the vlan association subnet command in VLAN Config mode to associate a VLAN to a specific IP-subnet. Only packets with a matching source IP address are placed into the VLAN. Syntax ip-address subnet-mask vlan association subnet...
Page 840: Vlan Makestatic
Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters the VLAN database mode. console(config)#vlan database console(config-vlan)# vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined).
Page 841: Vlan Protocol Group
User Guidelines The dynamic VLAN (created via GRVP) should exist prior to executing this command. See the Type column in output from the show vlan command to determine that the VLAN is dynamic. Example The following changes vlan 3 to a static VLAN. console(config-vlan)#vlan makestatic 3 vlan protocol group Use the vlan protocol group command in Global Configuration mode to add...
Page 842: Vlan Protocol Group Add Protocol
vlan protocol group add protocol Use the vlan protocol group add protocol command in Global Configuration mode to add a protocol to the protocol-based VLAN groups identified by groupid . A group may have more than one protocol associated with it. Each interface and protocol combination can be associated with one group only.
Page 843: Vlan Protocol Group Name
vlan protocol group name This is a new command for assigning a group name to vlan protocol group id. Syntax groupid groupName vlan protocol group name groupid no vlan protocol group name groupid —The protocol-based VLAN group ID, which is automatically •...
Page 844: Switchport Private-Vlan
groupid — The protocol-based VLAN group ID, which is automatically • generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. Default Configuration This command has no default configuration.
Page 845: Switchport Mode Private-Vlan
Parameter Description Parameter Description host-association Defines VLAN associations for community or host ports. mapping Defines the private VLAN mapping for promiscuous ports. primary-vlan-id Primary VLAN ID of a private VLAN. secondary-vlan-id Secondary (isolated or community) VLAN ID of a private VLAN.
Page 846: Private-Vlan
Parameter Description Parameter Description host-association Configure the interface as a private VLAN host port. Host ports are community or isolated ports, depending on the VLAN to which they belong. promiscuous Configure the interface as a private VLAN promiscuous port. Promiscuous ports are members of the primary VLAN. Default Configuration This command has no default configuration.
Page 847 no private-vlan [association] Parameter Description The command displays the following information: Parameter Description association Defines an association between the primary VLAN and secondary VLANs. primary Specify that the selected VLAN is the primary VLAN. community Specify that the selected VLAN is the community VLAN. isolated Specify that the selected VLAN is the isolated VLAN.
Page 848: Show Vlan Private-Vlan
VLAN 1 cannot be configured in a private VLAN configuration. Examples console# configure terminal console(config)# vlan 10 console(config-vlan)# private-vlan primary console(config-vlan)# exit console(config)# vlan 1001 console(config-vlan)# private-vlan isolated console(config-vlan)# exit console(config)# vlan 1002 console(config-vlan)# private-vlan community console(config-vlan)# exit console(config)# vlan 1003 console(config-vlan)# private-vlan community console(config-vlan)# exit console(config)# vlan 20...
Page 849 Parameter Description The command displays the following information. Parameter Description Primary Primary VLAN ID. Secondary Secondary VLAN ID. Secondary VLAN type. Use the type parameter to display only Type private VLAN ID and its type. Ports Ports that are associated with a private VLAN. Default Configuration This command has no default setting.
Page 850 VLAN Commands...
Page 851: Voice Vlan Commands
Voice VLAN Commands The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.
Page 852: Commands In This Chapter
Commands in this Chapter This chapter explains the following commands: voice vlan voice vlan data priority voice vlan (Interface) show voice vlan voice vlan This command is used to enable the voice vlan capability on the switch. Syntax voice vlan no voice vlan Parameter Ranges Not applicable...
Page 853 Syntax vlanid priority voice vlan { | dot1p | none | untagged | data priority {trust | dscp untrust} | auth { enable | disable} | dscp no voice vlan Parameter Description Parameter Description auth Enables/disables authentication on the voice vlan port. data Observe the priority on received voice vlan traffic (trusted mode).
Page 854: Voice Vlan Data Priority
Example console(config-if-Gi1/0/1)#voice vlan 1 console(config-if-Gi1/0/1)#voice vlan dot1p 1 console(config-if-Gi1/0/1)#voice vlan none console(config-if-Gi1/0/1)#voice vlan untagged voice vlan data priority This command is to either trust or not trust (untrust) the data traffic arriving on the voice VLAN port. Syntax voice vlan data priority {trust | untrust} •...
Page 855 Syntax When the interface parameter is not specified, only the global mode of the voice VLAN is displayed. When the interface parameter is specified, the following is displayed: When the interface parameter is specified: Voice VLAN Mode The admin mode of the voice VLAN on the interface. Voice VLAN ID The voice VLAN ID.
Page 856 Voice VLAN Commands...
Page 857: X Commands
802.1x Commands Local Area Networks (LANs) are often deployed in environments that permit the attachment of unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN through existing equipment. In such environments, the administrator may desire to restrict access to the services offered by the LAN.
Page 858: Mac Authentication Bypass
Whenever an operator configures a port in Dot1x authentication mode and selects the authentication method as internal, then the user credentials received from the Dot1x supplicant is validated against the IDAS by Dot1x component. The Dot1x application accesses the Dot1x user database to check whether the user credentials present in the authentication message corresponds to a valid user or not.
Page 859: Guest Vlan
Guest VLAN The Guest VLAN feature allows a PowerConnect switch to provide a distinguished service to unauthenticated users (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach external network with no ability to surf internal LAN.
Page 860: Radius-Based Dynamic Vlan Assignment
client is authenticated and is undisturbed by the failure condition(s). The reasons for failure are logged and buffered into the local logging database such that the operator can track the failure conditions. Clients authenticated when monitor mode is enabled are always assigned to the default VLAN, regardless of the RADIUS assignment.
Page 861: Dot1X Dynamic-Vlan Enable
dot1x system-auth-control show dot1x authentication- – history 802.1x Advanced Features dot1x guest-vlan dot1x unauth-vlan show dot1x advanced dot1x dynamic-vlan enable Use the dot1x dynamic-vlan enable command in Global Configuration mode to enable the capability of creating VLANs dynamically when a RADIUS–assigned VLAN does not exist in the switch.
Page 862: Dot1X Initialize
dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is auto or mac-based. If the control mode is not auto or mac-based, an error will be returned.
Page 863: Dot1X Max-Req
Command Mode Interface Configuration (Ethernet) mode User Guidelines Authentication of a user via mac-auth-bypass will not occur until the "dot1x time-out guest-vlan-period" timer expires. Example The following example sets MAC Authentication Bypass on interface 1/2: console(config-if-1/0/2)#dot1x mac-auth-bypass dot1x max-req Use the dot1x max-req command in Interface Configuration mode to set the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP)-request frame (assuming that no response is received) to the client before restarting the authentication process.
Page 864: Dot1X Max-Users
Example The following example sets the number of times that the switch sends an EAP-request/identity frame to 6. console(config)# interface gigabitethernet 1/0/16 console(config-if-1/0/16)# dot1x max-req 6 dot1x max-users Use the dot1x max-users command in Interface Configuration mode to set the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port.
Page 865: Dot1X Port-Control
dot1x port-control Use the dot1x port-control command in Interface Configuration mode to enable the IEEE 802.1X operation on the port. Syntax dot1x port-control {force-authorized | force-unauthorized | auto | mac- based} no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client.
Page 866: Dot1X Re-Authenticate
When configuring a port to use MAC-based authentication, the port must be in switchport general mode. Example The following command enables MAC-based authentication on port 1/0/2 console(config)# interface gigabitethernet 1/0/2 console(config-if-1/0/2)# dot1x port-control mac-based dot1x re-authenticate Use the dot1x re-authenticate command in Privileged EXEC mode to enable manually initiating a re-authentication of all 802.1x-enabled ports or the specified 802.1x-enabled port.
Page 867: Dot1X Reauthentication
dot1x reauthentication Use the dot1x reauthentication command in Interface Configuration mode to enable periodic re-authentication of the client. To return to the default setting, use the no form of this command. Syntax dot1x reauthentication no dot1x reauthentication Default Configuration Periodic re-authentication is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines...
Page 868: Dot1X System-Auth-Control Monitor
Default Configuration The default for this command is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables 802.1x globally. console(config)# dot1x system-auth-control dot1x system-auth-control monitor Use the dot1x system-auth-control monitor command in Global Configuration mode to enable 802.1x monitor mode globally.
Page 869: Dot1X Timeout Guest-Vlan-Period
Example The following example enables 802.1x globally. console(config)# dot1x system-auth-control monitor dot1x timeout guest-vlan-period Use the dot1x timeout guest-vlan-period command in Interface Configuration mode to set the number of seconds that the switch waits before authorizing the client if the client is a dot1x unaware client. Use the no form of the command to return the timeout to the default value.
Page 870: Dot1X Timeout Quiet-Period
dot1x timeout quiet-period Use the dot1x timeout quiet-period command in Interface Configuration mode to set the number of seconds that the switch remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password). To return to the default setting, use the no form of this command.
Page 871: Dot1X Timeout Re-Authperiod
dot1x timeout re-authperiod Use the dot1x timeout re-authperiod command in Interface Configuration mode to set the number of seconds between re-authentication attempts. To return to the default setting, use the no form of this command. Syntax seconds dot1x timeout re-authperiod no dot1x timeout re-authperiod seconds —...
Page 872: Dot1X Timeout Supp-Timeout
Syntax seconds dot1x timeout server-timeout no dot1x timeout server-timeout seconds — Time in seconds that the switch waits for a response from the • authentication server. (Range: 1–65535) Default Configuration The period of time is set to 30 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines The actual timeout is this parameter or the product of the Radius...
Page 873: Dot1X Timeout Tx-Period
Default Configuration The period of time is set to 30 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers.
Page 874: Show Dot1X
Command Mode Interface Configuration (Ethernet) mode User Guidelines Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Example The following command sets the number of seconds that the switch waits for a response to an EAP-request/identity frame to 3600 seconds.
Page 875: Show Dot1X Authentication-History
Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines If you do not use the optional parameters, the command displays the global dot1x mode and the VLAN Assignment mode. Field Description Administrative Indicates whether authentication control on the switch is Mode enabled or disabled.
Page 876 Parameter Description The following table explains the output parameters. Parameter Description Time Stamp Exact time at which the event occurs. Interface Physical Port on which the event occurs. MAC-Address Supplicant/Client MAC Address VLAN assigned VLAN assigned to the client/port on authentication. VLAN assigned Type of VLAN ID assigned i.e Guest VLAN, Unauth, Reason...
Page 877: Show Dot1X Clients
due to Guest VLAN Timer Expiry..... console#show dot1x authentication-history all Time Stamp Interface MAC-Address VLANID Auth Status --------------------- --------- ----------------- ------ ---------- Mar 22 2010 01:16:31 gi1/0/2 00:01:02:03:04:05 111 Authorized Mar 22 2010 01:20:33 gi1/0/7 00:00:0D:00:00:00 222 Authorized console#show dot1x authentication-history gi1/0/1 Time Stamp Interface MAC-Address...
Page 878 Parameter Description Parameter Description interface–id Any valid interface. See Interface Naming Conventions interface representation. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The following fields are displayed by this command. Field Description Clients...
Page 879 Field Description Filter ID The Filter ID assigned to the client by the RADIUS server. This field is not applicable when the Filter-ID feature is disabled on the RADIUS server and client. VLAN Assigned The VLAN assigned to the client by the radius server. When VLAN assignments are disabled, RADIUS server does not assign any VLAN to the port, and this field is set to 0.
Page 880: Show Dot1X Interface
Session Termination Action..... Default show dot1x interface This command shows the status of MAC Authentication Bypass. This feature is an extension of Dot1x Option 81 feature added in Power Connect Release 2.1. to accept a VLAN name as an alternative to a number when RADIUS indicates the Tunnel-Private-Group-ID for a supplicant.
Page 881: Show Dot1X Interface Statistics
Transmit Period........ 30 Maximum Requests....... 2 Max Users........16 VLAN Assigned........Supplicant Timeout......30 Guest-vlan Timeout......30 Server Timeout (secs)......30 MAB mode (configured)......Disabled MAB mode (operational)......Disabled Authenticator PAE State......Initialize Backend Authentication State....Initialize show dot1x interface statistics Use the show dot1x interface statistics command in Privileged EXEC mode to display 802.1x statistics for the specified interface.
Page 882 EAPOL Frames Received......0 EAPOL Frames Transmitted....... 0 EAPOL Start Frames Received....0 EAPOL Logoff Frames Received....0 Last EAPOL Frame Version....... 0 Last EAPOL Frame Source......0000.0000.0000 EAP Response/Id Frames Received....0 EAP Response Frames Received....0 EAP Request/Id Frames Transmitted....0 EAP Request Frames Transmitted....
Page 883: Show Dot1X Users
Field Description InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized. EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid.
Page 884: Clear Dot1X Authentication–History
--------- --------- 1/0/1 1/0/2 John Switch# show dot1x users username Bob Port Username --------- --------- 1/0/1 The following table describes the significant fields shown in the display: Field Description Username The username representing the identity of the Supplicant. Port The port that the user is using. clear dot1x authentication–history Use the clear dot1x authentication–history command in Privileged EXEC mode to clear the authentication history table captured during successful and...
Page 885: Dot1X Guest-Vlan
User Guidelines This command has no user guidelines. Example console#clear dot1x authentication-history Purge all entries from the log. console#clear dot1x authentication-history gi1/0/1 Purge all entries for the specified interface from the log. 802.1x Advanced Features dot1x guest-vlan Use the dot1x guest-vlan command in Interface Configuration mode to set the guest VLAN on a port.
Page 886: Dot1X Unauth-Vlan
Example The following example sets the guest VLAN on port 1/0/2 to VLAN 10. console(config-if-1/0/2)#dot1x guest-vlan 10 dot1x unauth-vlan Use the dot1x unauth-vlan command in Interface Configuration mode to specify the unauthenticated VLAN on a port. The unauthenticated VLAN is the VLAN to which supplicants that fail 802.1X authentication are assigned.
Page 887 Multiple Hosts column and add an Unauthenticated VLAN column, which indicates whether an unauthenticated VLAN is configured on a port. The command has also been updated to show the Guest VLAN ID (instead of the status) since it is now configurable per port. Syntax show dot1x advanced [{gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port}]...
Page 888 console#show dot1x advanced gigabitethernet 1/0/2 Port Guest Unauthenticated VLAN Vlan --------- --------- --------------- 1/0/2 802.1x Commands...
Page 889: Layer 3 Commands
Layer 3 Commands The chapters that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 commands perform a series of exchanges over various data links to deliver data between any two nodes in a network.
Page 890 Layer 3 Commands...
Page 891: Arp Commands
ARP Commands When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.
Page 892: Arp Aging
ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests.
Page 893: Arp Cachesize
Syntax ip-address hardware-address ip-address no arp ip-address — IP address of a device on a subnet attached to an existing • routing interface. hardware-address — A unicast MAC address for that device. • Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines...
Page 894: Arp Dynamicrenew
Default Configuration The default value is 6144. Command Mode Global Configuration mode User Guidelines The ARP cache size is dependant on the switching hardware used. Values different from the default given above may exist in a given switch model. Example The following example defines an arp cachesize of 500.
Page 895: Arp Purge
request to the neighbor. If the neighbor responds, the age of the ARP cache entry is reset to 0 without removing the entry from the hardware. Traffic to the host continues to be forwarded in hardware without interruption. If the entry is not being used to forward data packets, then the entry is deleted from the ARP cache, unless the dynamic renew option is enabled.
Page 896: Arp Resptime
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.10 arp resptime Use the arp resptime command in Global Configuration mode to configure the ARP request response time-out.
Page 897: Arp Retries
arp retries Use the arp retries command in Global Configuration mode to configure the ARP count of maximum requests for retries. To return to the default value, use the no form of this command. Syntax integer arp retries no arp retries integer —...
Page 898: Clear Arp-Cache
Default Configuration The default value is 1200 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout. console(config)#arp timeout 900 clear arp-cache Use the clear arp-cache command in Privileged EXEC mode to remove all ARP entries of type dynamic from the ARP cache.
Page 899: Clear Arp-Cache Management
console#clear arp-cache gateway clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command. Syntax clear arp-cache management Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 900: Ip Local-Proxy-Arp
console#clear arp-cache management ip local-proxy-arp Use the ip local proxy-arp command in Interface Configuration mode to enable proxying of ARP requests. This allows the switch to respond to ARP requests within a subnet where routing is not enabled. Syntax ip local-proxy-arp no ip local-proxy-arp Default Configuration Proxy arp is disabled by default.
Page 901: Show Arp
Default Configuration Enabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines The ip proxy-arp command is not available in interface range mode. Example The following example enables proxy arp for VLAN 15. (config)#interface vlan 15 console(config-if-vlan15)#ip proxy-arp show arp Use the show arp command in Privileged EXEC mode to display all entries in the Address Resolution Protocol (ARP) cache.
Page 902 User Guidelines The show arp command will display static (user-configured) ARP entries regardless of whether they are reachable over an interface or not. Example The following example shows show arp command output. console#show arp Static ARP entries are only active when the IP address is reachable on a local subnet Age Time (seconds)......
Page 903: Dhcp Server And Relay Agent Commands
DHCP Server and Relay Agent Commands DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client.
Page 904: Ip Dhcp Pool
• Internet access cost is greatly reduced by using automatic assignment as Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses. • Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place.
Page 905 Syntax pool-name ip dhcp pool [ pool-name no ip dhcp pool [ Parameter Description Parameter Description pool-name The name of an existing or new DHCP address pool. The pool name can be up to 31 characters in length and can contain the following characters: a-z, A-Z, 0-9, ’-’, ’_’, ’...
Page 906 • Client DNS server – dns-server • NetBIOS WINS Server – netbios-name-server • NetBIOS Node Type – netbios-node-type • Client default router – default-router • Client address lease time – lease Administrators may also configure manual bindings for clients using the host command in DHCP Pool Configuration mode.
Page 907: Bootfile
console(config-dhcp-pool)#netbios-name-server 192.168.22.2 192.168.23.2 console(config-dhcp-pool)#netbios-node-type h-node console(config-dhcp-pool)#lease 2 12 console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.1 bootfile Use the bootfile command in DHCP Pool Configuration mode to set the name of the image for the DHCP client to load. Use the no form of the command to remove the bootfile configuration.
Page 908: Clear Ip Dhcp Binding
clear ip dhcp binding Use the clear ip dhcp binding command in Privileged EXEC mode to remove automatic DHCP server bindings. Syntax clear ip dhcp binding {ip-address | *} Parameter Description Parameter Description Clear all automatic dhcp bindings. ip-address Clear a specific binding. Default Configuration The command has no default configuration.
Page 909: Client-Identifier
Parameter Description Parameter Description Clear all dhcp conflicts. ip-address Clear a specific address conflict. Default Configuration The command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#clear ip dhcp conflict * client-identifier Use the client-identifier command in DHCP Pool Configuration mode to identify a Microsoft DHCP client to be manually assigned an address.
Page 910: Client-Name
Default Configuration This command has no default configuration. Command Mode DHCP Pool Configuration mode User Guidelines For Microsoft DHCP clients, the identifier consists of the media type followed by the MAC address of the client. The media type 01 indicates Ethernet media.
Page 911: Default-Router
Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The client name should not include the domain name as it is specified separately by the domain-name (IP DHCP Pool Config) command.
Page 912: Dns-Server (Ip Dhcp Pool Config)
Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.1 dns-server (IP DHCP Pool Config) Use the dns-server command in IP DHCP Pool Configuration mode to set the IP DNS server address which is provided to a DHCP client by the DHCP server.
Page 913: Hardware-Address
domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server. The DNS name is an alphanumeric string up to 255 characters in length.
Page 914: Host
Default Configuration There are no default MAC address manual bindings. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. It may be necessary to use the no host command prior to executing the no hardware-address command.
Page 915: Ip Dhcp Bootp Automatic
Default Configuration The default is a 1 day lease. Command Mode DHCP Pool Configuration mode User Guidelines Use the client-identifier hardware-address command prior to using this command for an address pool. Use the show ip dhcp pool command to display pool configuration parameters.
Page 916: Ip Dhcp Conflict Logging
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp bootp automatic ip dhcp conflict logging Use the ip dhcp conflict logging command in Global Configuration mode to enable DHCP address conflict detection. Use the no form of the command to disable DHCP conflict logging.
Page 917: Ip Dhcp Excluded-Address
ip dhcp excluded-address Use the ip dhcp excluded-address command in Global Configuration mode to exclude one or more DHCP addresses from automatic assignment. Use the no form of the command to allow automatic address assignment for the specified address or address range. Syntax low-address high-address...
Page 918: Ip Dhcp Ping Packets
ip dhcp ping packets Use the ip dhcp ping packets command in Global Configuration mode to configure the number of pings sent to detect if an address is in use prior to assigning an address from the DHCP pool. If neither ping is answered, the DHCP server presumes the address is not in use and assigns the selected IP address.
Page 919: Lease
lease Use the lease command in DHCP Pool Configuration mode to set the period for which a dynamically assigned DHCP address is valid. Use the infinite parameter to indicate that addresses are to be automatically assigned. Use the no form of the command to return the lease configuration to the default. Use show ip dhcp pool command to display pool configuration parameters.
Page 920: Netbios-Name-Server
Example console(config-dhcp-pool)#lease 1 12 59 netbios-name-server Use the netbios-name-server command in DHCP Pool Configuration mode to configure the IPv4 address of the Windows Internet Naming Service (WINS) for a Microsoft DHCP client. Use the no form of the command to remove the NetBIOS name server configuration.
Page 921: Netbios-Node-Type
netbios-node-type Use the netbios-node-type command in DHCP Pool Configuration mode to set the NetBIOS node type for a Microsoft DHCP client. Use the no form of the command to remove the netbios node configuration. Syntax type netbios-node-type no netbios-node-type Parameter Description Parameter Description type...
Page 922: Network
network Use the network command in IP DHCP Pool Configuration mode to define a pool of IPv4 addresses for distributing to clients. Syntax network-number mask prefix-length network Parameter Description Parameter Description network-number A valid IPv4 address mask A valid IPv4 network mask with contiguous left-aligned bits. prefix-length An integer indicating the number of leftmost bits in the network-number to use as a prefix for allocating cells.
Page 923: Option
Parameter Description Parameter Description ip-address The IPv4 address of the TFTP server to use during auto- configuration. Default Configuration There is no default IPv4 next server configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
Page 924 Parameter Description Parameter Description code The DHCP TLV option code. ascii string1 An ASCII character string. Strings with embedded blanks must be wholly contained in quotes. hex string1 A hexadecimal string containing the characters [0-9A-F]. The string should not begin with 0x. A hex string consists of two characters which are parsed to fill a single byte.
Page 925 (continued) Figure 42-1. Option Codes and Lengths Option Code Fixed Length Minimum Length Multiple Of 10 (Impress Server) – 11 (Resource Location – Server) 12 (Host Name) – – 13 (Boot File Size) – – 14 (Merit File Dump) – –...
Page 926 (continued) Figure 42-1. Option Codes and Lengths Option Code Fixed Length Minimum Length Multiple Of 34 (Trailer – – Encapsulation) 35 (ARP Cache Timeout) 4 – – 36 (Ethernet – – Encapsulation) 37 (TCP TTL) – – 38 (TCP Keepalive –...
Page 927: Service Dhcp
(continued) Figure 42-1. Option Codes and Lengths Option Code Fixed Length Minimum Length Multiple Of 68 (Mobile IP Home – Agent) 69 (SMTP Server) – 70 (POP3 Server) – 71 (NNTP Server) – 72 (WWW Server) – 73 (Finger Server) –...
Page 928: Sntp
Default Configuration The service is disabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. sntp Use the sntp command in DHCP Pool Configuration mode to set the IPv4 address of the NTP server to be used for time synchronization of the client. Use the no form of the command to remove the NTP server configuration.
Page 929: Show Ip Dhcp Binding
Example console(config-dhcp-pool)#sntp 192.168.21.2 show ip dhcp binding Use the show ip dhcp binding command in Privileged EXEC mode to display the configured DHCP bindings. Syntax show ip dhcp binding [address] Parameter Description Parameter Description address A valid IPv4 address Default Configuration The command has no default configuration.
Page 930: Show Ip Dhcp Conflict
show ip dhcp conflict Use the show ip dhcp conflict command in User EXEC mode to display DHCP address conflicts for all relevant interfaces or a specified interface. If an interface is specified, the optional statistics parameter is available to view statistics for the specified interface.
Page 931: Show Ip Dhcp Pool
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics show ip dhcp pool Use the show ip dhcp pool command in User EXEC or Privileged EXEC mode to display the configured DHCP pool or pools.
Page 932: Show Ip Dhcp Server Statistics
show ip dhcp server statistics Use the show ip dhcp server statistics command in Privileged EXEC mode to display the DHCP server binding and message counters. Syntax show ip dhcp server statistics Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
Page 933 DHCP RELEASE........32 DHCP INFORM........0 Messages Sent ---------- ------ DHCP OFFER........132 DHCP ACK........132 DHCP NACK........0 DHCP Server and Relay Agent Commands...
Page 934 DHCP Server and Relay Agent Commands...
Page 935: Dhcpv6 Commands
DHCPv6 Commands This chapter explains the following commands: clear ipv6 dhcp service dhcpv6 dns-server (IPv6 DHCP Pool Config) show ipv6 dhcp domain-name (IPv6 DHCP Pool Config) show ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp interface (User EXEC) ipv6 dhcp relay show ipv6 dhcp interface (Privileged EXEC) ipv6 dhcp server...
Page 936: Dns-Server (Ipv6 Dhcp Pool Config)
Examples The following examples clears DHCPv6 statistics for VLAN 11. console#clear ipv6 dhcp interface vlan 11 statistics\ dns-server (IPv6 DHCP Pool Config) Use the dns-server command in IPv6 DHCP Pool Configuration mode to set the IPv6 DNS server address which is provided to a DHCPv6 client by the DHCPv6 server.
Page 937: Ipv6 Dhcp Pool
Syntax domain domain-name domain no domain-name domain — DHCPv6 domain name. (Range: 1–255 characters) • Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines DHCPv6 pool can have multiple number of domain names with maximum of Example The following example sets the DNS domain name "test", which is provided to a DHCPv6 client by the DHCPv6 server.
Page 938: Ipv6 Dhcp Relay
pool-name — DHCPv6 pool name. (Range: 1-31 characters) • Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters IPv6 DHCP Pool Configuration mode. console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)# ipv6 dhcp relay...
Page 939: Ipv6 Dhcp Server
Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines relay-address relay-interface is an IPv6 global address, then is not required. relay-address relay-interface is a link-local or multicast address, then relay-address required. Finally, a value for is not specified, then a value for relay-interface must be specified and the DHCPV6-ALLAGENTS multicast...
Page 940: Prefix-Delegation
pref-value — Preference value • used by clients to determine preference — between multiple DHCPv6 servers. (Range: 0-4294967295) Default Configuration The default preference value is 20. Rapid commit is not enabled by default. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines An IP interface (VLAN) can be configured in DHCP relay mode or DHCP server mode.
Page 941 Parameter Description Parameter Description prefix/prefix-length Delegated IPv6 prefix. client-DUID Client DUID (e.g. 00:01:00:09:f8:79:4e:00:04:76:73:43:76'). hostname Client hostname used for logging and tracing. (Range: 0-31 characters.) The command allows spaces in the host name when specified in double quotes. For example, console(config)#snmp-server host "host name"...
Page 942: Service Dhcpv6
The following example defines a unique local address prefix with the MAC address 00:1D:BA:06:37:64 converted to EUI-64 format and a preferred lifetime of 5 days. console(config-dhcp6s-pool)#prefix-delegation fc00::/7 00:1D:BA:FF:FE:06:37:64 preferred-lifetime 43200 service dhcpv6 Use the service dhcpv6 command in Global Configuration mode to enable local IPv6 DHCP server on the switch.
Page 943: Show Ipv6 Dhcp
show ipv6 dhcp Use the show ipv6 dhcp command in Privileged EXEC mode to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Syntax Description This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines...
Page 944: Show Ipv6 Dhcp Interface (User Exec)
ipv6-address — Valid IPv6 address. • Default Configuration This command has no default configuration. Command Mode Privileged EXEC and User EXEC modes, Config mode and all Config sub- modes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool based on the entered IPv6 address.
Page 945 Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub- modes User Guidelines Statistics are shown depending on the interface mode (relay, server, or client). Examples The following examples display DHCPv6 information for VLAN 11 when configured in relay mode.
Page 946: Show Ipv6 Dhcp Interface (Privileged Exec)
DHCPv6 Inform Packets Received....0 DHCPv6 Relay-forward Packets Received..0 DHCPv6 Relay-reply Packets Received.... 0 DHCPv6 Malformed Packets Received....0 Received DHCPv6 Packets Discarded....0 Total DHCPv6 Packets Received....0 DHCPv6 Advertisement Packets Transmitted..0 DHCPv6 Reply Packets Transmitted....0 DHCPv6 Reconfig Packets Transmitted....
Page 947 Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command shows the DHCP status. Information displayed depends on the mode. The command output provides the following information for an interface configured in client mode. Not all fields will be shown for an inactive client. Term Description Mode...
Page 948 Term Description Expiry Time The time (in seconds) when the DHCPv6 leased address expires. Example The following example shows the output from this command when the device has leased an IPv6 address from the DHCPv6 server on interface 1/0/1. NOTE: Note that the interface is in client mode. console#show ipv6 dhcp interface vlan 2 IPv6 Interface.........
Page 949 Server Preference......20 Option Flags........console#show ipv6 dhcp interface vlan 10 statistics DHCPv6 Server Interface Vl10 Statistics DHCPv6 Solicit Packets Received....0 DHCPv6 Request Packets Received....0 DHCPv6 Confirm Packets Received....0 DHCPv6 Renew Packets Received....0 DHCPv6 Rebind Packets Received....0 DHCPv6 Release Packets Received....
Page 950: Show Ipv6 Dhcp Pool
Total DHCPv6 Packets Transmitted...... 0 show ipv6 dhcp pool Use the show ipv6 dhcp pool command in Privileged EXEC mode to display the configured DHCP pool. Syntax poolname show ipv6 dhcp pool poolname — Name of the pool. (Range: 1-32 characters) •...
Page 951 Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the DHCPv6 server name and status. console> show ipv6 dhcp statistics DHCPv6 Interface Global Statistics ------------------------------------ DHCPv6 Solicit Packets Received....
Page 952 DHCPv6 Relay-forward Packets Transmitted..0 Total DHCPv6 Packets Transmitted....0 DHCPv6 Commands...
Page 953: Dvmrp Commands
DVMRP Commands Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet. DVMRP assumes that all hosts are part of a multicast group until it is informed of multicast group changes.
Page 954: Ip Dvmrp Metric
Default Configuration Disabled is the default configuration. Command Mode Global Configuration Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets VLAN 15’s administrative mode of DVMRP to active. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp ip dvmrp metric Use the ip dvmrp metric command in Interface Configuration mode to configure the metric for an interface.
Page 955: Show Ip Dvmrp
User Guidelines This command has no user guidelines. Example The following example configures a metric of 5 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command in Privileged EXEC mode to display the system-wide information for DVMRP .
Page 956: Show Ip Dvmrp Interface
DVMRP INTERFACE STATUS Interface Interface Mode Protocol State --------- -------------- -------------- show ip dvmrp interface Use the show ip dvmrp interface command in Privileged EXEC mode to display the interface information for DVMRP on the specified interface. Syntax vlan-id show ip dvmrp interface vlan vlan-id —...
Page 957: Show Ip Dvmrp Nexthop
Default Configuration This command has no default condition. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP . console(config)#show ip dvmrp neighbor No neighbors available.
Page 958: Show Ip Dvmrp Prune
Example The following example displays the next hop information on outgoing interfaces for routing multicast datagrams. console(config)#show ip dvmrp nexthop Next Hop Source IP Source Mask Interface Type -------------- -------------- --------- ------ show ip dvmrp prune Use the show ip dvmrp prune command in Privileged EXEC mode to display the table that lists the router’s upstream prune information.
Page 959: Show Ip Dvmrp Route
show ip dvmrp route Use the show ip dvmrp route command in Privileged EXEC mode to display the multicast routing information for DVMRP. Syntax show ip dvmrp route Default Configuration This command has no default condition. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
Page 960 DVMRP Commands...
Page 961: Gmrp Commands
GMRP Commands The GARP Multicast Registration Protocol provides a mechanism that allows networking devices to dynamically register (and de-register) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
Page 962: Gmrp Enable
The registration and de-registration of membership results in the multicast table being updated with a new entry or the existing entry modified. This ensures that the networking device receives multicast frames from all ports but forwards them through only those ports for which GMRP has created Group registration entry (for that multicast address).
Page 963: Show Gmrp Configuration
User Guidelines IGMP snooping is incompatible with GMRP and must be disabled on any VLANs running GMRP . Example In this example, GMRP is globally enabled. console(config)#gmrp enable show gmrp configuration Use the show gmrp configuration command in Global Configuration mode and Interface Configuration mode to display GMRP configuration.
Page 964 Interface Timer Timer Timer GMRP Mode (centisecs) (centisecs) (centisecs) ----------- ----------- ----------- ----------- ------- ---- Gi1/0/1 1000 Disabled Gi1/0/2 1000 Disabled Gi1/0/3 1000 Disabled Gi1/0/4 1000 Disabled Gi1/0/5 1000 Disabled Gi1/0/6 1000 Disabled GMRP Commands...
Page 965: Igmp Commands
IGMP Commands Internet Group Management Protocol (IGMP) is the multicast group membership discovery protocol used for IPv4 multicast groups. Three versions of IGMP exist. Versions one and two are widely deployed. Since IGMP is used between end systems (often desktops) and the multicast router, the version of IGMP required depends on the end-user operating system being supported.
Page 966: Commands In This Chapter
IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message. Receipt of this message causes the Querier possibly to reduce the remaining lifetime of its state for the group, and to send a group- specific IGMP Query message to the multicast group.The Leave Group message is not used with IGMPv3, since the source address filtering...
Page 967: Ip Igmp Last-Member-Query-Count
Syntax ip igmp no ip igmp Default Configuration Disabled is the default state. Command Mode Global Configuration mode User Guidelines A multicast routing protocol (e.g. PIM) should be enabled whenever IGMP is enabled. L3 IP multicast must be enabled for IGMP to operate. Example The following example globally enables IGMP .
Page 968: Ip Igmp Last-Member-Query-Interval
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets 10 as the number of VLAN 2 Group-Specific Queries. console#configure console(config)#interface vlan 2 console(config-if-vlan2)#ip igmp last-member-query-count 10 console(config-if-vlan2)#no ip igmp last-member-query-count ip igmp last-member-query-interval Use the ip igmp last-member-query-interval command in Interface Configuration mode to configure the Maximum Response Time inserted in...
Page 969: Ip Igmp Query-Interval
Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp last-member-query-interval 20 ip igmp query-interval Use the ip igmp query-interval command in Interface Configuration mode to configure the query interval for the specified interface. The query interval determines how fast IGMP Host-Query packets are transmitted on this interface.
Page 970: Ip Igmp Query-Max-Response-Time
ip igmp query-max-response-time Use the ip igmp query-max-response-time command in Internet Configuration mode to configure the maximum response time interval for the specified interface. It is the maximum query response time advertised in IGMPv2 queries on this interface. The time interval is specified in seconds. Syntax seconds ip igmp query-max-response-time...
Page 971: Ip Igmp Startup-Query-Count
Syntax robustness ip igmp robustness no ip igmp robustness robustness — Robustness variable. (Range: 1-255) • Default Configuration The default robustness value is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a robustness value of 10 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp robustness 10 ip igmp startup-query-count...
Page 972: Ip Igmp Startup-Query-Interval
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets for VLAN 15 the number of queries sent out on startup at 10. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-count 10 ip igmp startup-query-interval Use the ip igmp startup-query-interval command in Interface Configuration mode to set the interval between general queries sent at startup on the interface.
Page 973: Ip Igmp Version
Example The following example sets at 10 seconds the interval between general queries sent at startup for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-interval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface.
Page 974: Show Ip Igmp Groups
Syntax show ip igmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays system-wide IGMP information. console#show ip igmp IGMP Admin Mode......
Page 975: Show Ip Igmp Interface
Syntax show ip igmp groups [interface-type interface-number] [detail] Syntax Description Parameter Description interface-type Interface type of VLAN and a valid VLAN ID. interface-number Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
Page 976: Syntax Description
Syntax Description Parameter Description interface-type Interface type of VLAN and a valid VLAN ID. interface-number Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays IGMP information for VLAN 11.
Page 977: Show Ip Igmp Membership
show ip igmp membership Use the show ip igmp membership command in Privileged EXEC mode to display the list of interfaces that have registered in the multicast group. If detail is specified, this command displays detailed information about the listed interfaces. Syntax groupaddr ] [detail] show ip igmp membership [...
Page 978: Ip Igmp Router-Alert-Check
vlan-id — Valid VLAN ID • Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Examples The following example displays the IGMP statistical information for VLAN 7. console#show ip igmp interface stats vlan 7 Querier Status.......
Page 979 Default Value The Router-Alert option is not required by default. Command Mode Global Configuration Usage Guidelines If the router alert check is enabled, IGMP frames without the router-alert option in the IP header are discarded early in the processing of IGMP packets. If all the multicast hosts in the network include the router alert option as required by RFC 2236 and RFC 3376, then enabling this check can reduce the load on the system.
Page 980 IGMP Commands...
Page 981: Igmp Proxy Commands
IGMP Proxy Commands IGMP Proxy is used by the router on IPv4 systems to enable the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP router interfaces, thus acting as proxy to all its hosts residing on its router interfaces.
Page 982: Ip Igmp-Proxy Reset-Status
Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example enables the IGMP Proxy on the VLAN 15 router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp-proxy ip igmp-proxy reset-status Use the ip igmp-proxy reset-status command in Interface Configuration mode to reset the host interface status parameters of the IGMP Proxy router.
Page 983: Ip Igmp-Proxy Unsolicit-Rprt-Interval
Example The following example resets the host interface status parameters of the IGMP Proxy router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp-proxy reset-status ip igmp-proxy unsolicit-rprt-interval Use the ip igmp-proxy unsolicit-rprt-interval command in Interface Configuration mode to set the unsolicited report interval for the IGMP Proxy router.
Page 984: Show Ip Igmp-Proxy
show ip igmp-proxy Use the show ip igmp-proxy command in Privileged EXEC mode to display a summary of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines...
Page 985: Show Ip Igmp-Proxy Interface
Proxy Start Frequency......1 show ip igmp-proxy interface Use the show ip igmp-proxy interface command in Privileged EXEC mode to display a detailed list of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy interface Default Configuration...
Page 986: Show Ip Igmp-Proxy Groups
show ip igmp-proxy groups Use the show ip igmp-proxy groups command in Privileged EXEC mode to display a table of information about multicast groups that IGMP Proxy reported. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy groups Default Configuration This command has no default configuration.
Page 987 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays complete information about multicast groups that IGMP Proxy has reported. console#show ip igmp-proxy groups detail Interface Index........
Page 988 IGMP Proxy Commands...
Page 989: Ip Helper/Dhcp Relay Commands
IP Helper/DHCP Relay Commands The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address. This allows applications to reach servers on non-local subnets. This is possible even when the application is designed to assume a server is always on a local subnet or when the application uses broadcast packets to reach the server (with the limited broadcast address 255.255.255.255, or a network directed broadcast address).
Page 990 Protocol UDP Port Number NetBIOS Name Server NetBIOS Datagram Server TACACS Server Time Service DHCP Trivial File Transfer Protocol Certain preexisting configurable DHCP relay options do not apply to relay of other protocols. These options are unchanged. The user may optionally set a DHCP maximum hop count or minimum wait time.
Page 991: Bootpdhcprelay Maxhopcount
• The protocol field in the IP header must be UDP (17). • The destination UDP port must match a configured relay entry. DHCP relay cannot be enabled and disabled globally. IP helper can be enabled or disabled globally. Enabling IP helper enables DHCP relay. Commands in this Chapter This chapter explains the following commands: bootpdhcprelay maxhopcount...
Page 992: Bootpdhcprelay Minwaittime
Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example defines a maximum hopcount of 6. console(config)#bootpdhcprelay maxhopcount 6 bootpdhcprelay minwaittime Use the bootpdhcprelay minwaittime command in Global Configuration mode to configure the minimum wait time in seconds for BootP/DHCP Relay on the system.
Page 993: Clear Ip Helper Statistics
Example The following example defines a minimum wait time of 10 seconds. console(config)#bootpdhcprelay minwaittime 10 clear ip helper statistics Use the clear ip helper statistics command to reset to 0 the statistics displayed in show ip helper statistics. Syntax clear ip helper statistics Default Configuration There is no default configuration for this command.
Page 994: Ip Dhcp Relay Information Check-Reply
Parameter Description This command has no arguments or keywords. Default Configuration This is enabled by default for a DHCP relay agent. Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Interface configuration takes precedence over global configuration. However if there is no interface configuration then global configuration is followed.
Page 995: Ip Dhcp Relay Information Option
Parameter Description Parameter Description none (Optional) Disables the command function. Default Configuration This check is enabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Enable DHCP Relay using the ip helper enable command. Use the global configuration command ip dhcp relay information option command to enable processing of DHCP circuit ID and remote agent ID options.
Page 996: Ip Dhcp Relay Information Option-Insert
Default Configuration Disabled is the default configuration. Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example enables the circuit ID and remote agent ID options. console(config)#ip dhcp relay information option ip dhcp relay information option-insert Use the ip dhcp relay information option-insert command in Interface Configuration mode to enable the circuit ID option and remote agent ID...
Page 997: Ip Helper-Address (Global Configuration)
Command Mode Interface (VLAN) Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. The interface configuration always takes precedence over global configuration. However, if there is no interface configuration, then global configuration is followed. Example The following example enables the circuit ID and remote agent ID options on vlan 10.
Page 998 (port 53), isakmp (port 500), mobile-ip (port 434), nameserver (port 42), netbios-dgm (port 138), netbios-ns (port 137), ntp (port 123), pim-auto- rp (port 496), rip (port 520), tacacs (port 49), tftp (port 69), and time (port 37). Other ports must be specified by number. Default Configuration No helper addresses are configured.
Page 999: Ip Helper-Address (Interface Configuration)
ip helper-address (interface configuration) Use the ip helper-address (interface configuration) command to configure the relay of certain UDP broadcast packets received on a specific interface. To delete a relay entry on an interface, use the no form of this command. Syntax ip helper-address {server-address | discard} [dest-udp-port | dhcp | domain | isakmp | mobile ip | nameserver | netbios-dgm | netbios-ns | ntp | pim-...
Page 1000 User Guidelines This command can be invoked multiple times on routing interface, either to specify multiple server addresses for a given port number or to specify multiple port numbers handled by a specific server. The command no ip helper-address with no arguments clears all helper addresses on the interface.

This manual is also suitable for:

Powerconnect pc7024 Powerconnect pc7024p Powerconnect pc7024f Powerconnect pc7048 Powerconnect pc7048p Powerconnect pc7048r ... Show all

Dell Networking 7048 Reference Manual

Quick Links

CLI Reference Guide

Chapters

Related Manuals for Dell Networking 7048

Summary of Contents for Dell Networking 7048