3Com 5500-EI PWR Reference Manual Download

Page: 747 / 1314

1-8

Table 1-5

Combined application of ACLs

Combination mode

The acl-rule argument

Apply all the rules of an ACL that is of IP type
(The ACL can be a basic ACL or an advanced
ACL.)

ip-group

acl-number

Apply a rule of an ACL that is of IP type

ip-group

acl-number

rule

rule-id

Apply all the rules of a Layer 2 ACL

link-group

acl-number

Apply a rule of a Layer 2 ACL

link-group acl-number

rule

rule-id

Apply all the rules of a user-defined ACL

user-group

acl-number

Apply a rule of a user-defined ACL

user-group

acl-number

rule

rule-id

Apply a rule of an ACL that is of IP type and a
rule of a Layer 2 ACL

ip-group

acl-number

rule

rule-id

link-group

acl-number

rule

rule-id

Table 1-5

The

ip-group acl-number

keyword specifies a basic or an advanced ACL. The

acl-number

argument ranges from 2000 to 3999.

The

link-group acl-number

keyword specifies a Layer 2 ACL. The

acl-number

argument ranges

from 4000 to 4999.

The

user-group acl-number

keyword specifies a user-defined ACL. The

acl-number

argument

ranges from 5000 to 5999.

The

rule rule-id

keyword specifies a rule of an ACL. The

rule

argument ranges from 0 to 65534. If

you do not specify this argument, all the rules of the ACL are applied.

Description

Use the

packet-filter

command to apply ACL rules on a port to filter packets.

Use the

undo packet-filter

command to remove the application of ACL rules on a port.

Examples

# Apply all rules of basic ACL 2000 on Ethernet 1/0/1 to filter inbound packets. Here, it is assumed that

the ACL and its rules are already configured.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] packet-filter inbound ip-group 2000

[Sysname-Ethernet1/0/1] quit

# Apply rule 1 of Layer 2 ACL 4000 on Ethernet 1/0/2 to filter outbound packets. Here, it is assumed that

the ACL and its rule numbered 1 are already configured.

[Sysname] interface Ethernet 1/0/2

[Sysname-Ethernet1/0/2] packet-filter outbound link-group 4000 rule 1

[Sysname-Ethernet1/0/2] quit

Summary of Contents for 5500-EI PWR

Page 1: ...i Table of Contents 1 CLI Configuration Commands 1 1 CLI Configuration Commands 1 1 command privilege level 1 1 display history command 1 4 super 1 4 super authentication mode 1 5 super password 1 6...

Page 2: ...listed in Table 1 1 Table 1 1 Available CLI views for the view argument CLI view Description acl adv Advanced ACL view acl basic Basic ACL view acl ethernetframe Layer 2 ACL view acl user User defined...

Page 3: ...e VLAN interface view command Command for which the level is to be set Description Use the command privilege level command to set the level of a specified command in a specified view Use the undo comm...

Page 4: ...ting with the keyword ftp such as ftp server acl ftp server enable and ftp timeout will be restored to the default level if you have modified the command level of commands ftp server enable and ftp ti...

Page 5: ...rmerly History commands are those commands that were successfully executed recently and saved in the history command buffer You can set the size of the buffer by the history command max size command W...

Page 6: ...he correct authentication information Related commands super authentication mode super password Examples Switch from the current user level to user level 3 using super password authentication Sysname...

Page 7: ...w to high user level switching the HWTACACS authentication is preferred and the super password authentication mode is the backup z When both the super password authentication and the HWTACACS authenti...

Page 8: ...e cipher text password _ TT8F Y 5SQ Q MAF4 1 corresponds to the plain text password 1234567 Description Use the super password command to set a switching password for a specified user level which will...

Page 9: ...out 1 13 ip http shutdown 1 14 lock 1 15 parity 1 16 protocol inbound 1 16 screen length 1 18 send 1 18 service type 1 19 set authentication password 1 20 shell 1 21 speed 1 22 stopbits 1 22 telnet 1...

Page 10: ...he login VTY users must enter the correct authentication password to log in to the switch z If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords th...

Page 11: ...ame system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 authentication mode password Sysname ui aux0 set authentication password simple aabbcc After th...

Page 12: ...tomatically z The auto execute command command may cause you unable to perform common configuration in the user interface so use it with caution z Before executing the auto execute command command and...

Page 13: ...switch successfully Note that these two commands apply to users logging in through the console port and by means of Telnet Examples Disable copyright information displaying Copyright c 2004 2008 3Com...

Page 14: ...switch operating as the Telnet server That is when the switch operates as the Telnet server the client uses this IP address to log in to the switch z If the source IP address or source interface is s...

Page 15: ...source interface z If no source address or source IP interface is specified for the switch 0 0 0 0 is displayed That is the source IP address of Telnet service packets is that of the outbound interfa...

Page 16: ...Type Tx Rx Modem Privi Auth Int Super F 0 AUX 0 19200 3 N S Current user interface is active F Current user interface is active and work in async mode Idx Absolute index of user interface Type Type an...

Page 17: ...AUX 0 UXXX XXXX User interface type VTY 8 UUUU X 5 character mode users U 8 UI never used X 5 total UI in use Table 1 2 Description on the fields of the display user interface summary command Field De...

Page 18: ...eration user work in async mode Table 1 3 Descriptions on the fields of the display users command Field Description UI The numbers in the left sub column are the absolute user interface indexes and th...

Page 19: ...Level Level of a Web user Login Time Time when a Web user logs in Last Req Time Time when the latest request is made free user interface Syntax free user interface type number View User view Parameter...

Page 20: ...user name and password If a user logs in to the switch through Web the banner text configured will be displayed on the banner page shell Sets the session banner which appears after a session is estab...

Page 21: ...with the header legal command and before login authentication z The banner configured with the header shell command is displayed after a non modem user session is established Examples Configure banne...

Page 22: ...and to set the size of the history command buffer Use the undo history command max size command to revert to the default history command buffer size By default the history command buffer can contain u...

Page 23: ...1 minute Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 idle timeout 1 ip http shutdown Syntax ip http shutdown undo ip http shutdown View...

Page 24: ...event unauthorized operations in the user interface After you execute this command the system prompts you for the password and prompts you to confirm the password The user interface is locked only whe...

Page 25: ...forms odd checks Description Use the parity command to set the check mode of the user interface Use the undo parity command to revert to the default check mode By default no check is performed Example...

Page 26: ...22 will be disabled z If the authentication mode is scheme there are three scenarios when the supported protocol is specified as telnet TCP 23 will be enabled when the supported protocol is specified...

Page 27: ...ew System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 screen length 20 send Syntax send all number type number View User view Parameters all Sends messages to all...

Page 28: ...et Specifies the users to be of Telnet type terminal Makes terminal services available to users logging in through the console port level level Specifies the user level for Telnet users Terminal users...

Page 29: ...mand level Examples Configure commands at level 0 are available to the users logging in using the user name of zbr Sysname system view System View return to User View with Ctrl Z Sysname local user zb...

Page 30: ...4 1 Description Use the set authentication password command to set the local password Use the undo set authentication password command to remove the local password Note that only plain text passwords...

Page 31: ...ui vty0 4 are you sure Y N y speed Syntax speed speed value undo speed View AUX user interface view Parameters speed value Transmission speed in bps This argument can be 300 600 1200 2400 4800 9600 19...

Page 32: ...ue of the switch to a value different from that of the terminal emulation utility does not affect the communication between them Examples Set the stop bits to 2 Sysname system view System View return...

Page 33: ...telnet source interface Syntax telnet source interface interface type interface number undo telnet source interface View System view Parameters interface type interface number Interface type and inter...

Page 34: ...between the specified source IP address and the Telnet server Note that when the telnet source ip command is executed if the IP address specified is not an IP address of the local device your configu...

Page 35: ...em view Parameters ip address Source IP address to be set Description Use the telnet server source ip command to specify the source Telnet server IP address Use the undo telnet server source ip comman...

Page 36: ...nt is not required In this case user interfaces are numbered from 0 to 12 last number User interface number identifying the last user interface to be configured The value of this argument must be larg...

Page 37: ...the entire system and the system supporting modules Services are supported by these commands Commands concerning file system file transfer protocol FTP trivial file transfer protocol TFTP downloading...

Page 38: ...ers Telnetting to the local switch from the current user interface outbound Applies the ACL for the users Telnetting to other devices from the current user interface This keyword is unavailable to Lay...

Page 39: ...ct all Web users by force Sysname free web users all ip http acl Syntax ip http acl acl number undo ip http acl View System view Parameters acl number ACL number ranging from 2000 to 2999 Description...

Page 40: ...gh SNMP You can also optionally use this command to apply an ACL to perform access control for network management users Use the undo snmp agent community command to cancel community related configurat...

Page 41: ...create an SNMP group You can also optionally use this command to apply an ACL to filter network management users Use the undo snmp agent group command to remove a specified SNMP group By default the S...

Page 42: ...acters in plain text a 32 bit hexadecimal number in cipher text if MD5 algorithm is used and a 40 bit hexadecimal number in cipher text if SHA algorithm is used acl number Basic ACL number ranging fro...

Page 43: ...2 6...

Page 44: ...1 1 File Attribute Configuration Commands 1 1 display current configuration 1 1 display current configuration vlan 1 5 display saved configuration 1 6 display startup 1 8 display this 1 9 reset saved...

Page 45: ...n directly input the file name text txt as the file URL File Attribute Configuration Commands display current configuration Syntax display current configuration configuration configuration type interf...

Page 46: ...e beginning of a line For example regular expression user matches lines beginning with user not Auser Ending sign the string to the left of this character appears only at the end of a line For example...

Page 47: ...es Display configuration information about all the interfaces on the current switch Sysname display current configuration interface interface Vlan interface1 ip address 192 168 0 30 255 255 255 0 inte...

Page 48: ...ation include 10 password control login attempt 3 exceed lock time 120 vlan 1 interface Vlan interface1 ip address 192 168 0 30 255 255 255 0 ntp service unicast server 192 168 0 52 ntp service unicas...

Page 49: ...figuration information with line numbers Description Use the display current configuration vlan command to display the current VLAN configuration of the switch Without the vlan id argument specified t...

Page 50: ...ithout a configuration file the system will display that no configuration file exists upon execution of the command z If you have saved configuration after the switch starts up the command displays th...

Page 51: ...net1 0 9 interface Ethernet1 0 10 interface Ethernet1 0 11 interface Ethernet1 0 12 interface Ethernet1 0 13 interface Ethernet1 0 14 interface Ethernet1 0 15 interface Ethernet1 0 16 interface Ethern...

Page 52: ...tion of a switch Note that z If the switch is not a unit of a fabric this command displays the startup configuration file information of the current switch no matter whether you have specified the uni...

Page 53: ...Syntax display this by linenum View Any view Parameters by linenum Displays configuration information with line numbers Description Use the display this command to display the current configuration p...

Page 54: ...set saved configuration command to erase the configuration file saved in the Flash of a switch The following two situations exist z While the reset saved configuration main command erases the configur...

Page 55: ...ion file main Saves the configuration to the main configuration file Description Use the save command to save the current configuration to a configuration file in the Flash When you use this command t...

Page 56: ...n cfgbak backup configuration file containing the original configuration information or and a configuration file with the extension cfgtmp temporary configuration file containing the current configura...

Page 57: ...he main configuration file or the backup configuration file to be used for the next startup of the switch Use the undo startup saved configuration command to specify a switch to use null configuration...

Page 58: ...amed config cfg as the main configuration file to be used for the next startup of the current switch which is not in any fabric Sysname startup saved configuration config cfg main Please wait Done Whe...

Page 59: ...own 1 5 vlan 1 6 Port Based VLAN Configuration Commands 1 7 display port 1 7 port 1 7 port access vlan 1 8 port hybrid pvid vlan 1 9 port hybrid vlan 1 9 port link type 1 10 port trunk permit vlan 1 1...

Page 60: ...ption string to the current VLAN or VLAN interface Use the undo description command to restore the default description string By default the description string of the current VLAN is its VLAN ID such...

Page 61: ...ce Vlan interface 2 Vlan interface2 current state DOWN Line protocol current state DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 000f e207 4101 Internet Address is 10 1 1 1 24 Pr...

Page 62: ...configured IP Address 192 168 0 39 Subnet Mask 255 255 255 0 Description VLAN 0001 Name VLAN 0001 Tagged Ports none Untagged Ports GigabitEthernet1 0 1 GigabitEthernet1 0 2 GigabitEthernet1 0 3 Gigab...

Page 63: ...nter VLAN interface view VLAN interface is a virtual interface in Layer 3 mode used to realize the layer 3 communication between different VLANs Each VLAN has a VLAN interface which can forward packet...

Page 64: ...n undo shutdown View VLAN interface view Parameter None Description Use the shutdown command to disable the VLAN interface Use the undo shutdown command to enable the VLAN interface By default the VLA...

Page 65: ...you want to create and whose view you want to enter This argument ranges from 1 to 4 094 Description Use the vlan command to enter VLAN view If the VLAN identified by the vlan id argument does not exi...

Page 66: ...iew Any view Parameters hybrid Displays hybrid ports trunk Displays trunk ports Description Use the display port command to display the existing hybrid or trunk ports if any Examples Display the exist...

Page 67: ...bitEthernet1 0 2 through GigabitEthernet1 0 4 to VLAN 2 Sysname system view System View return to User View with Ctrl Z Sysname vlan 2 Sysname vlan2 port GigabitEthernet 1 0 2 to GigabitEthernet 1 0 4...

Page 68: ...Description Use the port hybrid pvid vlan command to set the default VLAN ID for the hybrid port Use the undo port hybrid pvid command to restore the default VLAN ID of the port Related commands port...

Page 69: ...se the command multiple times all VLANs specified in the commands will be allowed to pass through the port The VLAN specified by the vlan id argument must exist Otherwise this command is invalid Relat...

Page 70: ...ll View Ethernet port view Parameters vlan id list VLAN range to which the trunk port will be added vlan id list vlan id1 to vlan id2 1 10 where vlan id is in the range of 1 to 4094 and can be discret...

Page 71: ...Sysname system view System View return to User View with Ctrl Z Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 port link type trunk Sysname GigabitEthernet1 0 1 port trunk pvid...

Page 72: ...col type 50 1 ipx raw 80 2 at 100 3 snap etype 0x0abc 100 4 llc dsap 0xac ssap 0xbd display protocol vlan vlan Syntax display protocol vlan vlan vlan id to vlan id all View Any view Parameter vlan id...

Page 73: ...end End protocol index in the range of 0 to 4 Note that this argument must be larger than or equal to the protocol index argument all Specifies all protocol indexes If the all keyword in the port hybr...

Page 74: ...vlan 3 0 to 4 protocol vlan Syntax protocol vlan protocol index at ip ipx ethernetii llc raw snap mode ethernetii etype etype id llc dsap dsap id ssap ssap id snap etype etype id undo protocol vlan p...

Page 75: ...37 Description Use the protocol vlan command to configure the protocol template used for classifying protocol based VLANs Use the undo protocol vlan command to disable the configuration Related comman...

Page 76: ...1 17...

Page 77: ...lay fib ip address 2 2 display fib acl 2 3 display fib 2 4 display fib ip prefix 2 5 display fib statistics 2 5 display icmp statistics 2 6 display ip socket 2 7 display ip statistics 2 8 display tcp...

Page 78: ...r 3 interfaces is displayed Examples Display information about VLAN interface 1 Sysname display ip interface Vlan interface 1 Vlan interface1 current state UP Line protocol current state UP Internet A...

Page 79: ...Total number of packets bytes and multicast packets forwarded and received on the interface TTL invalid packet number Number of received invalid TTL packets ICMP packet input number 0 Echo reply 0 Unr...

Page 80: ...ly down l loopback s spoofing Interface IP Address Physical Protocol Description Vlan interface1 192 168 0 39 up up Vlan inte Table 1 2 Description on the fields of the display ip interface brief comm...

Page 81: ...dress command without any parameter the switch deletes both primary and secondary IP addresses of the interface z The undo ip address ip address mask mask length command is used to delete the primary...

Page 82: ...12 1 1 to VLAN interface 1 with subnet mask 255 255 255 0 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ip address 129 12...

Page 83: ...amples Display all FIB information Sysname display fib Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nextho...

Page 84: ...k2 mask length2 longer longer View Any view Parameters ip address1 ip address2 Destination IP addresses in dotted decimal notation ip address1 and ip address2 together define an address range The FIB...

Page 85: ...Flag TimeStamp Interface 12 158 10 0 24 12 158 10 1 U t 85391 Vlan interface10 Display FIB entry information which has a destination in the range of 12 158 10 0 24 to 12 158 10 6 24 and has a mask len...

Page 86: ...gular expression View Any view Parameters Uses a regular expression to match FIB entries For detailed information about regular expression refer to Configuration File Management Command begin Displays...

Page 87: ...with Ctrl Z Sysname ip ip prefix abc permit 211 71 75 0 24 Sysname display ip ip prefix abc name index conditions ip prefix mask GE LE abc 10 permit 211 71 75 0 24 Display the FIB entries matching IP...

Page 88: ...MP packets Sysname display icmp statistics Input bad formats 0 bad checksum 0 echo 5 destination unreachable 0 source quench 0 redirects 0 echo reply 10 parameter problem 0 timestamp 0 information req...

Page 89: ...ench Number of sent source quench packets redirects Number of sent redirection packets echo reply Number of sent replies parameter problem Number of sent parameter problem packets timestamp Number of...

Page 90: ...92 rcvbuf 8192 sb_cc 0 rb_cc 0 socket option SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE socket state SS_ISCONNECTED SS_PRIV SS_ASYNC Table 2 3 Description on the fields of the display ip s...

Page 91: ...unknown protocol packets Unknown protocol packets are destined to the local device but the upper layer protocol specified in their IP header cannot be processed by the device For example if a switch i...

Page 92: ...isplay tcp statistics command to display the statistics about TCP packets Related commands display tcp status reset tcp statistics Examples Display the statistics about TCP connections Sysname display...

Page 93: ...received offset error Number of offset error packets received short error Number of received packets with length being too small duplicate packets Number of completely duplicate packets received part...

Page 94: ...d Closed connections Number of connections closed in brackets are connections closed accidentally before receiving SYN from the peer and connections closed initiatively after receiving SYN from the pe...

Page 95: ...iption Use the display udp statistics command to display the statistics about UDP packets Related commands reset udp statistics Examples Display the statistics about UDP packets Sysname display udp st...

Page 96: ...ull Number of not delivered packets due to a full socket cache packets input packets missing pcb cache Number of packets without matching PCB cache Sent packets Total Total number of UDP packets sent...

Page 97: ...fault the device is enabled to send ICMP destination unreachable packets Examples Disable the device from sending ICMP destination unreachable packets Sysname system view System View return to User Vi...

Page 98: ...packets You can use the display ip statistics command to view the current IP packet statistics Related commands display ip interface Examples Clear the statistics about IP packets Sysname reset ip st...

Page 99: ...the value ranging from 76 to 3600 Description Use the tcp timer fin timeout command to configure the TCP finwait timer Use the undo tcp timer fin timeout command to restore the default value of the T...

Page 100: ...minated Related commands tcp timer fin timeout tcp window Examples Configure the value of the TCP synwait timer to 80 seconds Sysname system view System View return to User View with Ctrl Z Sysname tc...

Page 101: ...fin timeout tcp timer syn timeout Examples Configure the size of the transmission and receiving buffers of the connection oriented socket to 3 KB Sysname system view System View return to User View w...

Page 102: ...s 1 1 display voice vlan error info 1 1 display voice vlan oui 1 1 display voice vlan status 1 2 display vlan 1 3 voice vlan 1 4 voice vlan aging 1 5 voice vlan enable 1 6 voice vlan legacy 1 7 voice...

Page 103: ...display the ports on which the voice VLAN function fails to be enabled When ACL number applied to a port reaches to its threshold voice VLAN cannot be enabled on this port Examples Display the ports o...

Page 104: ...ffff ff00 0000 H3C Aolynk phone 00d0 1e00 0000 ffff ff00 0000 Pingtel phone 00e0 7500 0000 ffff ff00 0000 Polycom phone 00e0 bb00 0000 ffff ff00 0000 3Com phone display voice vlan status Syntax displ...

Page 105: ...e Current voice vlan enable port mode The ports on which the voice VLAN function is enabled PORT Port number MODE Voice VLAN assignment mode on the port which can be auto or manual COS The CoS precede...

Page 106: ...LAN voice vlan Syntax voice vlan vlan id enable undo voice vlan enable View System view Parameters vlan id Specifies the ID of the VLAN to be enabled with the voice VLAN function in the range of 2 to...

Page 107: ...e the voice VLAN function for other VLANs the system will prompt that your configuration fails Sysname voice vlan 4 enable Can t change voice vlan configuration when other voice vlan is running voice...

Page 108: ...e a port that has not transmitted voice traffic from the voice VLAN timely thus improving network security However this may cause the port to be assigned to or removed from the voice VLAN frequently T...

Page 109: ...VLAN legacy function By default the voice VLAN legacy function is disabled Examples Enable the voice VLAN legacy function on Ethernet1 0 1 Sysname system view System View return to User View with Ctr...

Page 110: ...1 2 Default OUI addresses of a switch Number OUI address Vendor 1 0003 6b00 0000 Cisco phone 2 000f e200 0000 H3C Aolynk phone 3 00d0 1e00 0000 Pingtel phone 4 00e0 7500 0000 Polycom phone 5 00e0 bb0...

Page 111: ...th Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 undo voice vlan mode auto voice vlan qos Syntax voice vlan qos cos value dscp value trust undo voice vlan qos View Ethernet port view P...

Page 112: ...enable command to enable the voice VLAN security mode Use the undo voice vlan security enable command to disable the voice VLAN security mode In security mode the ports in a voice VLAN and with voice...

Page 113: ...Configuration Commands 1 1 display garp statistics 1 1 display garp timer 1 2 garp timer 1 3 garp timer leaveall 1 4 reset garp statistics 1 5 GVRP Configuration Commands 1 6 display gvrp statistics...

Page 114: ...not specified this command displays the GARP statistics on all the ports The switch automatically collects statistics about GVRP packets sent received and dropped on GVRP enabled ports Upon system reb...

Page 115: ...rface list View Any view Parameters interface list Specifies a list of Ethernet ports of which the GARP timer settings are to be displayed In this list you can specify individual ports and port ranges...

Page 116: ...lue Timeout time in centiseconds of the GARP timer Hold Join or Leave to be set Description Use the garp timer command to set a GARP timer that is the Hold timer the Join timer or the Leaver timer for...

Page 117: ...hold by changing the timeout time of the Join timer This upper threshold is less than the timeout time of the LeaveAll timer You can change the threshold by changing the timeout time of the LeaveAll t...

Page 118: ...n networking you are recommended to set the GARP LeaveAll timer to 12000 centiseconds 2 minutes Related commands display garp timer Examples Set the GARP LeaveAll timer to 100 centiseconds Sysname sys...

Page 119: ...the GVRP statistics on the specified ports You need to provide the interface list argument in the format of interface type interface number to interface type interface number 1 10 where the interface...

Page 120: ...xamples Display the global GVRP status Sysname display gvrp status GVRP is enabled The above information indicates that GVRP is enabled globally gvrp Syntax gvrp undo gvrp View System view Ethernet po...

Page 121: ...annot register or deregister VLAN information dynamically It only propagates static VLAN information Besides the port permits only static VLANs that is it propagates only static VLAN information to th...

Page 122: ...s Configure Ethernet1 0 1 to operate in fixed GVRP registration mode Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 gvrp registra...

Page 123: ...rval 1 18 giant frame statistics enable 1 19 interface 1 20 jumboframe enable 1 20 link delay 1 21 loopback 1 22 loopback detection control enable 1 23 loopback detection enable 1 24 loopback detectio...

Page 124: ...o 262143 for a GigabitEthernet port Description Use the broadcast suppression command to limit broadcast traffic allowed to be received on each port in system view or on a specified port in Ethernet p...

Page 125: ...hat can be received per second by the Ethernet 1 0 1 port to 1 000 Sysname Ethernet1 0 1 broadcast suppression pps 1000 copy configuration Syntax copy configuration source interface type interface num...

Page 126: ...pping port rate limiting priority trust mode QoS profile the qos profile port based configuration cannot be copied and so on STP The enable disable state of STP on the port link attribute of the port...

Page 127: ...tion Copying QOS configuration Copying GARP configuration Copying STP configuration Copying speed duplex configuration Copying speed configuration to interface Ethernet1 0 1 failed Copying QoS rate li...

Page 128: ...mmand to display the configured description Examples Set description string home for the Ethernet 1 0 1 port Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet...

Page 129: ...Related commands display interface Examples Display the brief configuration information about the Ethernet 1 0 1 port Sysname display brief interface Ethernet 1 0 1 Interface Eth Ethernet GE GigabitEt...

Page 130: ...r description of the interface command Description Use the display interface command to display port configuration When using this command z If you specify neither port type nor port number the comman...

Page 131: ...red 0 collisions 0 late collisions 0 lost carrier no carrier Table 1 4 Description on the fields of the display interface command Field Description Ethernet1 0 1 current state Current Ethernet port st...

Page 132: ...s Count in packets and in bytes of incoming normal packets on the port including incoming normal packets and normal PAUSE frames The number of normal incoming broadcast packets the number of normal in...

Page 133: ...Output normal packets bytes broadcasts multicasts pauses Count in packets and in bytes of outgoing normal packets on the port including outgoing normal packets and normal Pause frames The number of no...

Page 134: ...ission display link delay Syntax display link delay View Any view Parameters None Description Use the display link delay command to display the information about the ports with the link delay command...

Page 135: ...is running Loopback detection is enabled globally Detection interval time is 30 seconds Time interval for loopback detection is 30 seconds There is no port existing loopback link No loopback port exis...

Page 136: ...d By others Number of packets dropped because of other reasons display storm constrain Syntax display storm constrain interface interface type interface number begin exclude include regular expression...

Page 137: ...rent status of the port which can be normal or control Trap on trap information is output when a type of traffic received on the port exceeds the upper threshold or falls below the lower threshold off...

Page 138: ...Last 300 seconds output 0 packets sec 0 bytes sec Input total 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Input normal packets bytes broadcasts multicasts pauses Input 0 input errors 0 runts...

Page 139: ...he port is in auto negotiation mode Related commands speed Examples Set the Ethernet 1 0 1 port to auto negotiation mode Sysname system view System View return to User View with Ctrl Z Sysname interfa...

Page 140: ...tion and execute the shutdown command or the undo shutdown command on Ethernet 1 0 1 No Up Down log information is output for Ethernet 1 0 1 Sysname Ethernet1 0 1 undo enable log updown Sysname Ethern...

Page 141: ...ured with the flow control no pauseframe sending command can receive and process remote pause frames but cannot send pause frames actively when it is congested By default flow control is disabled on E...

Page 142: ...ation is as follows Last 100 seconds input 0 packets sec 0 bytes sec Last 100 seconds output 0 packets sec 0 bytes sec Related commands display interface Examples Set the interval to perform statistic...

Page 143: ...NULL or VLAN interface interface number Port number in the format of Unit ID slot number port number where Unit ID is in the range of 1 to 8 The slot number is 0 if the port is an Ethernet port the sl...

Page 144: ...ernet 1 0 1 Sysname Ethernet1 0 1 jumboframe enable link delay Syntax link delay delay time undo link delay View Ethernet port view Parameters delay time Port state change delay to be set This argumen...

Page 145: ...he port of the switch The external loop test can locate the hardware failures on the port For 100M port the self loop headers are made from four cores of the 8 core cables for 1000M port the self loop...

Page 146: ...the trunk or hybrid port when loopback is found on the port the system sets the port to the block state where the port cannot forward data packets sends log messages to the terminal and removes the co...

Page 147: ...is removed 2 If a loop is found on a trunk or hybrid port the system merely sends log messages to the terminal but does not set the port to the block state or remove the corresponding MAC forwarding...

Page 148: ...type interface number 1 10 where z interface type is the port type and interface number is the port number z Keyword to is used to specify a range of ports The port number after to must be equal to o...

Page 149: ...l Z Sysname loopback detection interval time 10 loopback detection per vlan enable Syntax loopback detection per vlan enable undo loopback detection per vlan enable View Ethernet port view Parameters...

Page 150: ...ction function refer to loopback detection enable If a loop is found at a port z With the function enabled on the port the system will shut down the port and send log messages to the terminal After th...

Page 151: ...t operating in this mode adjust its MDI mode between MDI and MDI X automatically z An RJ 45 interface can operate in MDI or MDI X mode z To connect two RJ 45 interfaces operating in the same MDI mode...

Page 152: ...ulticast suppression setting on the current port When incoming multicast traffic on the port exceeds the multicast traffic threshold you set the system drops the packets exceeding the threshold to red...

Page 153: ...ared Examples Clear the statistics of Ethernet 1 0 1 Sysname reset counters interface ethernet 1 0 1 reset packet drop interface Syntax reset packet drop interface interface type interface number View...

Page 154: ...3 linkDown portIndex is 4227650 ifAdminStatus is 2 ifOperStatus is 2 Apr 13 23 13 53 807 2000 Sysname L2INF 5 PORT LINK STATUS CHANGE 1 Ethernet1 0 4 is DOWN Apr 13 23 13 53 927 2000 Sysname L2INF 5 V...

Page 155: ...uto Specifies the port speed to the auto negotiation mode Description Use the speed command to set the port speed Use the undo speed command to restore the port speed to the default setting By default...

Page 156: ...to 10 1000 storm constrain Syntax storm constrain broadcast multicast unicast max packets min packets pps kbps undo storm constrain all broadcast multicast unicast View Ethernet port view Parameters b...

Page 157: ...cording to your configuration Related commands display storm constrain storm constrain control storm constrain enable Examples Set the upper and lower thresholds of broadcast traffic on Ethernet 1 0 1...

Page 158: ...type of traffic on the port exceeds the upper threshold If you want to bring up the port again you can execute the undo shutdown command or the undo storm constrain all broadcast multicast unicast com...

Page 159: ...ce Ethernet 1 0 1 Sysname Ethernet1 0 1 undo storm constrain enable log storm constrain interval Syntax storm constrain interval interval value undo storm constrain interval View System view Parameter...

Page 160: ...ppression setting on the port When incoming unknown unicast traffic exceeds the unknown unicast traffic threshold you set the system drops the packets exceeding the threshold to reduce the unknown uni...

Page 161: ...lty point z Pair impedance mismatch z Pair skew z Pair swap z Pair polarity z Insertion loss z Return loss z Near end crosstalk By default the system does not test the cable connected to the Ethernet...

Page 162: ...k aggregation interface 1 1 display link aggregation summary 1 2 display link aggregation verbose 1 3 display lacp system id 1 4 lacp enable 1 5 lacp port priority 1 5 lacp system priority 1 6 link ag...

Page 163: ...command to display the link aggregation details about a specified port or port range Note that as ports in a manual link aggregation groups do not acquire the information about their peers automatica...

Page 164: ...gregation summary Syntax display link aggregation summary View Any view Parameters None Description Use the display link aggregation summary command to display summary information of all aggregation g...

Page 165: ...ACP packet is received the partner ID is displayed as 0x8000 0000 0000 0000 Select Ports Number of the selected ports Unselect Ports Number of the unselected ports Share Type Load sharing type Shar lo...

Page 166: ...Ethernet1 0 2 S 32768 1 Ethernet1 0 3 U 32768 1 Remote Actor Partner Priority Key SystemID Flag Ethernet1 0 2 0 0 0 0x0000 0000 0000 0000 Ethernet1 0 3 0 0 0 0x0000 0000 0000 0000 Table 1 3 Descripti...

Page 167: ...D lacp enable Syntax lacp enable undo lacp enable View Ethernet port view Parameters None Description Use the lacp enable command to enable LACP on the current port Use the undo lacp enable command to...

Page 168: ...o User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 lacp port priority 64 lacp system priority Syntax lacp system priority system priority undo lacp system priority View Syst...

Page 169: ...tion concerning manual and static aggregation groups and their descriptions still exists but that of the dynamic aggregation groups and their descriptions gets lost You can use the display link aggreg...

Page 170: ...k aggregation group agg id undo port link aggregation group View Ethernet port view Parameters agg id Aggregation group ID in the range of 1 to 416 Description Use the port link aggregation group comm...

Page 171: ...Port number to Specifies a port index range with the two interface type interface number argument pairs around it as the two ends Description Use the reset lacp statistics command to clear LACP statis...

Page 172: ...i Table of Contents 1 Port Isolation Configuration Commands 1 1 Port Isolation Configuration Commands 1 1 display isolate port 1 1 port isolate 1 1...

Page 173: ...ame display isolate port Isolated port s on UNIT 1 Ethernet1 0 2 Ethernet1 0 3 Ethernet1 0 4 The information above shows that Ethernet1 0 2 Ethernet1 0 3 and Ethernet1 04 are in the isolation group Ne...

Page 174: ...system view z Assigning an isolated port to an aggregation group causes all the ports in the aggregation group on the local unit to join the isolation group z The Switch 5500 EI supports cross device...

Page 175: ...rity authorization ignore 1 6 port security enable 1 7 port security guest vlan 1 8 port security intrusion mode 1 9 port security max mac count 1 11 port security ntk mode 1 12 port security oui 1 13...

Page 176: ...C address entries For each security MAC address entry the output of the command displays the MAC address the VLAN that the MAC address belongs to state of the MAC address which is always security port...

Page 177: ...isplay mac address security count 6 mac address es found Display the number of security MAC address entries for VLAN 1 Sysname display mac address security vlan 1 count 4 mac address es found in vlan...

Page 178: ...guration Examples Display the global port security configurations and those of all ports Sysname display port security Equipment port security is enabled AddressLearn trap is Enabled Intrusion trap is...

Page 179: ...d The sending of 802 1x user logoff trap messages is enabled Dot1x logfailure trap is Enabled The sending of 802 1x user authentication failure trap messages is enabled RALM logon trap is Enabled The...

Page 180: ...H format interface interface type interface number Specify the port on which the security MAC address is to be added The interface type interface number arguments indicate the port type and port numbe...

Page 181: ...isplay mac address interface Ethernet 1 0 1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 0001 0001 0001 1 Security Ethernet1 0 1 NOAGED 1 mac address es found on port Ethernet1 0 1 port security aut...

Page 182: ...ax port security enable undo port security enable View System view Parameters None Description Use the port security enable command to enable port security Use the undo port security enable command to...

Page 183: ...h a guest VLAN specified fail the authentication the port is added to the guest VLAN and users of the port can access only the resources in the guest VLAN z Multiple users may connect to one port in t...

Page 184: ...ndo port security intrusion mode View Ethernet port view Parameters blockmac Adds the source MAC addresses of illegal packets to the blocked MAC address list As a result the packets sourced from the b...

Page 185: ...ou can only use the display port security command to view blocked MAC addresses Related commands display port security port security timer disableport Examples Configure the intrusion protection mode...

Page 186: ...tion mode on Ethernet 1 0 1 as disableport As a result when intrusion protection is triggered the port will be disconnected permanently Sysname system view System View return to User View with Ctrl Z...

Page 187: ...security max mac count command on the port Examples Set the maximum number of MAC addresses allowed on the port to 100 Sysname system view System View return to User View with Ctrl Z Sysname port secu...

Page 188: ...Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname port security enable Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security ntk mode ntk withbroadc...

Page 189: ...t security port mode Examples Configure an OUI value of 00ef ec00 0000 setting the OUI index to 5 Sysname system view System View return to User View with Ctrl Z Sysname port security oui 00ef ec00 00...

Page 190: ...entication macAddressWithRad ius In this mode MAC address authentication is applied on users trying to access the network mac else userlogin se cure macAddressElseUse rLoginSecure In this mode MAC add...

Page 191: ...ready passed MAC address authentication However users who have already passed 802 1x authentication do not need to go through MAC address authentication In this mode only one 802 1x authenticated user...

Page 192: ...re the port as a reflector port for port mirroring z Configure the port as a Fabric port z Configure link aggregation Related commands display port security Examples Set the security mode of Ethernet...

Page 193: ...rface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security max mac count 4 Sysname Ethernet1 0 1 port security port mode autolearn port security timer disableport Syntax port security timer disableport...

Page 194: ...er guest vlan reauth command to configure the interval at which the switch triggers MAC address authentication after a port is added to its guest VLAN Use the undo port security timer guest vlan reaut...

Page 195: ...authentication Description Use the port security trap command to enable the sending of specified type s of trap messages Use the undo port security trap command to disable the sending of specified typ...

Page 196: ...ion trap is Enabled Disableport Timeout 20 s OUI value Ethernet1 0 1 is link down Port mode is AutoLearn NeedtoKnow mode is needtoknowonly Intrusion mode is disableportTemporarily Max mac address num...

Page 197: ...i Table of Contents 1 Port MAC IP Binding Commands 1 1 Port MAC IP Binding Commands 1 1 am user bind 1 1 display am user bind 1 2...

Page 198: ...ddress MAC address to be bound ip address IP address to be bound interface type Type of the port to be bound interface number Number of the port to be bound Description Use the am user bind command to...

Page 199: ...mation on a specified port interface type Port type interface number Port number ip addr ip addr Displays only the binding information of a specified IP address mac addr mac addr Displays only the bin...

Page 200: ...P Configuration Commands 1 1 DLDP Configuration Commands 1 1 display dldp 1 1 dldp 1 2 dldp authentication mode 1 3 dldp interval 1 4 dldp reset 1 5 dldp unidirectional shutdown 1 5 dldp work mode 1 6...

Page 201: ...play the DLDP configuration of a unit or a port Examples Display information about all DLDP enabled ports on unit 1 Sysname display dldp 1 dldp interval 10 dldp work mode enhance dldp authentication m...

Page 202: ...tive active advertisement probe disable or delaydown dldp link state Port state up or down The neighbor number of the port Number of the neighbor ports neighbor mac address MAC address of a neighbor p...

Page 203: ...ation mode View System view Parameters none Sets the authentication mode on the port to none Performs no authentication on the port simple Sets the authentication mode on the port to plain text simple...

Page 204: ...ending advertisement packets in seconds in the range of 1 to 100 It is 5 by default Description Use the dldp interval command to set the interval between sending advertisement packets for all DLDP ena...

Page 205: ...and to reset the DLDP status of all the ports disabled by DLDP In Ethernet port view Use the dldp reset command to reset the DLDP status of the current port disabled by DLDP After the dldp reset comma...

Page 206: ...By default the DLDP handling mode after a unidirectional link is found is auto Related commands dldp work mode Examples Configure DLDP to automatically disable the corresponding port when a unidirect...

Page 207: ...p delaydown timer Syntax dldp delaydown timer delaydown time undo dldp delaydown timer View System view Parameters delaydown time Delaydown timer to be set in seconds This argument ranges from 1 to 5...

Page 208: ...1 8 Examples Set the delaydown timer to 5 seconds Sysname system view System View return to User View with Ctrl Z Sysname dldp delaydown timer 5...

Page 209: ...nfiguration Commands 1 1 MAC Address Table Management Configuration Commands 1 1 display mac address aging time 1 1 display mac address 1 2 mac address 1 3 mac address aging destination hit enable 1 5...

Page 210: ...ters None Description Use the display mac address aging time command to display the aging time of the dynamic MAC address entries in the MAC address table Related commands mac address mac address time...

Page 211: ...ddress entries specified by related parameters in the command When this keyword is used the command displays only the number of specified MAC address entries rather than related information about thes...

Page 212: ...state of the MAC address entry which can be one of the following z Config static Indicates a manually configured static address entry z Learned Indicates a dynamically learnt address entry z Config dy...

Page 213: ...ber vlan vlan id Removes a specified static dynamic or blackhole MAC address entry interface interface type interface number Removes all the MAC address entries concerning a specified port vlan vlan i...

Page 214: ...address entries for the destination MAC addresses This increases the MAC address table update frequency improves the usability of the MAC address table and reduces broadcasts By default the destinatio...

Page 215: ...n to 600 Sysname system view System View return to User View with Ctrl Z Sysname interface GigabitEthernet 1 0 3 Sysname GigabitEthernet1 0 3 mac address max mac count 600 mac address timer Syntax mac...

Page 216: ...itch to be unable to update its MAC address table in time In this case the MAC address table cannot reflect the position changes of network devices in time Examples Set the aging time of MAC address e...

Page 217: ...mmands 1 1 Auto Detect Configuration Commands 1 1 detect group 1 1 detect list 1 2 display detect group 1 3 ip route static detect group 1 4 option 1 5 retry 1 6 standby detect group 1 6 timer loop 1...

Page 218: ...ew Parameters group number Detected group number ranging from 1 to 25 Description Use the detect group command to create a detected group and enter detected group view Use the undo detect group comman...

Page 219: ...etected and the Auto Detect enabled switch are not on the same network segment the ICMP packets will be forwarded to the specified next hop Description Use the detect list command to add a detected ob...

Page 220: ...next hop 1 202 13 1 55 1 2 3 4 Table 1 1 Description on the fields of the display detect group command Field Description detect group 1 Detected group number 1 detect loop time s Detecting interval in...

Page 221: ...u specify this keyword when executing this command any packet destined for the specified IP address is discarded and the system informs the source that the destination is unreachable blackhole Specifi...

Page 222: ...een the detected objects is and When a detecting operation is being carried out the switch detects each detected object contained in the detected group in turn by their sequence number z If you specif...

Page 223: ...the time waiting for an ICMP Reply configured with the time wait command the switch re sends an ICMP Request until the maximum retry times configured with the retry command is reached If still no ICMP...

Page 224: ...o 15 Description Use the timer loop command to set the detecting interval that is the frequency to perform auto detect operations Use the undo timer loop command to restore the default By default auto...

Page 225: ...ed If still no ICMP Reply is received the destination IP address is considered as unreachable Examples Set a timeout of 3 seconds waiting for an ICMP reply in detected group 10 Sysname system view Sys...

Page 226: ...tected group 10 is unreachable Sysname system view System View return to User View with Ctrl Z Sysname interface vlan interface 1 Sysname Vlan interface1 vrrp vrid 1 track detect group 10 reduced 20 A...

Page 227: ...e diameter 1 16 stp compliance 1 16 stp config digest snooping 1 18 stp cost 1 20 stp dot1d trap 1 21 stp edged port 1 22 stp loop protection 1 23 stp max hops 1 25 stp mcheck 1 25 stp mode 1 27 stp n...

Page 228: ...ii stp transmit limit 1 44 vlan mapping modulo 1 45 vlan vpn tunnel 1 46...

Page 229: ...on change multiple spanning tree protocol MSTP does not recalculate spanning trees immediately after the configuration change it does this only after you activate the new MST region related settings o...

Page 230: ...rrors in the protocol state of the BPDU packets In order to avoid this problem you can enable BPDU dropping on Ethernet ports Once the function is enabled on a port the port will not receive or forwar...

Page 231: ...ted MST regions You can use this command to find the MST region the switch currently belongs to or check to see whether or not the MST region related configuration is correct Related commands instance...

Page 232: ...specified ports in the order of MSTI ID MSTP state information includes 1 Global CIST parameters Protocol operating mode switch priority in the CIST instance MAC address hello time max age forward del...

Page 233: ...z FORWARDING The port learns MAC addresses and forwards user traffic z DISCARDING The port does not learn MAC addresses or forward user traffic z LEARNING The port learns MAC addresses but does not fo...

Page 234: ...d external path cost CIST RegRoot IRPC CIST regional root and internal path cost CIST RootPortId CIST root port ID BPDU Protection Indicates whether BPDU protection is enabled globally TC Protection T...

Page 235: ...he port can send which can be legacy or 802 1s Config indicates the configured value and Active indicates the actual value Port Config Digest Snooping Indicates whether digest snooping is enabled on t...

Page 236: ...locking the port z Root Protected root guard function z Loop Protected loop guard function z Formatcompatibility Protected MSTP BPDU format incompatibility protection function display stp portdown Syn...

Page 237: ...region configuration including the region name region revision level and VLAN to instance mappings configured for the switch Related commands stp region configuration Examples Display the configuratio...

Page 238: ...s of the display stp root command Field Description MSTID MSTI ID in the MST region Root Bridge ID ID of the root bridge ExtPathCost Cost of the external path from the switch to the root bridge The de...

Page 239: ...and all VLANs that are mapped to the specified MSTI are remapped to the CIST By default all VLANs are mapped to the CIST VLAN to instance mappings are recorded in the VLAN to instance mapping table of...

Page 240: ...hello reset stp Syntax reset stp interface interface list View User view Parameters interface list Ethernet port list You can specify multiple Ethernet ports by providing this argument in the form of...

Page 241: ...STP revision level along with MST region name and VLAN to instance mapping table determines the MST region which a switch belongs to When the MST region name and VLAN to instance mapping table are bot...

Page 242: ...s in STP compatible mode RSTP mode or MSTP mode depending on the MSTP mode setting which is configurable with the stp mode command z To control MSTP flexibly you can use the undo stp enable command to...

Page 243: ...implement rapid transition But they resume non edge ports automatically upon receiving configuration BPDUs which causes spanning trees recalculation and network topology jitter Normally no configurati...

Page 244: ...dge diameter command to restore the network diameter to the default value By default the network diameter is 7 After you configure the network diameter of a switched network MSTP adjusts its hello tim...

Page 245: ...to set the mode in which a port recognizes and sends MSTP packets Use the undo stp interface compliance command to restore the default The default mode is auto namely all ports recognize the BPDU form...

Page 246: ...able the digest snooping feature Configured in system view the setting takes effect globally configured in interface view the setting takes effect on the current port only z Use the stp interface conf...

Page 247: ...when your switch is connected to another manufacturer s switches adopting proprietary spanning tree protocols z To enable the digest snooping feature the interconnected switches and another manufactu...

Page 248: ...the proprietary standard selected the path cost of an Ethernet port ranges from 1 to 200000 interface list Ethernet port list You can specify multiple Ethernet ports by providing this argument in the...

Page 249: ...Ethernet 1 0 2 to Ethernet 1 0 4 in MSTI 2 to 400 in system view Sysname system view System View return to User View with Ctrl Z Sysname stp interface Ethernet 1 0 2 to Ethernet 1 0 4 instance 2 cost...

Page 250: ...face number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description z Use the stp edged port enable command...

Page 251: ...ct even if you have configured it on the port Examples Configure Ethernet 1 0 1 as an edge port z Configure Ethernet 1 0 1 as an edge port in Ethernet port view Sysname system view System View return...

Page 252: ...or a certain period the switch selects a new root port the original root port becomes a designated port and the blocked ports turn to the forwarding state This may cause loops in the network The loop...

Page 253: ...guration BPDU And a switch discards the configuration BPDUs whose remaining hops are 0 After a configuration BPDU reaches a root bridge of a spanning tree in a MST region the value of the remaining ho...

Page 254: ...ally But when the STP enabled downstream switch is then replaced by an MSTP enabled switch the port cannot automatically transit to the MSTP mode but still remains in the STP compatible mode In this c...

Page 255: ...to configure an MSTP enabled switch to operate in STP compatible mode z RSTP compatible mode where the ports of a switch send RSTP BPDUs to neighboring devices If RSTP enabled switches exist in a swi...

Page 256: ...their states rapidly The rapid transition feature aims to resolve this problem When a 3Com switch 5500 EI running MSTP is connected in the upstream direction to another manufacture s switch adopting p...

Page 257: ...andard STP uses path costs to indicate the quality of links A smaller path cost indicates a higher link quality The path cost of a port is related to the rate of the link connecting the port The highe...

Page 258: ...ports on the aggregated link which is measured in 100 Kbps You can use the stp cost command to manually configure the path cost of a port in a specified MSTI For details see stp cost Examples Configu...

Page 259: ...by default and so MSTP automatically determines the type of the link connected to the current port The rapid transition feature is not applicable to ports on non point to point links If an Ethernet po...

Page 260: ...port priority command to restore the default port priority of the current port in the specified MSTI z Use the stp interface port priority command to set a port priority for the specified ports in the...

Page 261: ...ystem view Parameters instance instance id Specifies an MSTI ID ranging from 0 to 16 The value of 0 indicates the CIST Description Use the stp portlog command to enable log and trap message output for...

Page 262: ...priority to be set This argument ranges from 0 to 61 440 and must be a multiple of 4 096 such as 0 4 096 and 8 192 There are totally 16 available switch priorities Description Use the stp priority co...

Page 263: ...s of the switch z All VLANs are mapped to the CIST in the VLAN to instance mapping table z The MSTP revision level is 0 You can modify the three parameters after entering MST region view by using the...

Page 264: ...ork by using the stp root primary command The switch will then figure out the following three time parameters hello time forward delay and max age As the hello time figured out by the network diameter...

Page 265: ...ndary root bridges for an MSTI If the switch operating as the root bridge fails or is turned off the secondary root bridge with the least MAC address becomes the root bridge You can specify the networ...

Page 266: ...system view By default the root guard function is disabled Because of configuration errors or malicious attacks the valid root bridge in the network may receive configuration BPDUs with their priorit...

Page 267: ...ection disable command to disable the TC BPDU attack guard function By default the TC BPDU guard attack function is enabled and the MAC address table and ARP entries can be removed for up to six times...

Page 268: ...upon receiving a TC BPDU and triggers a timer set to 10 seconds by default at the same time Before the timer expires the switch only performs the removing operation for limited times up to six times b...

Page 269: ...by the forward delay configured on the root bridge The forward delay setting configured on a root bridge applies to all non root bridges As for the configuration of the three time related parameters n...

Page 270: ...s namely the hello time forward delay and max age parameters the following formulas must be met to prevent frequent network jitter 2 forward delay 1 second max age Max age 2 hello time 1 second You ar...

Page 271: ...nds stp timer forward delay stp timer hello stp bridge diameter Examples Set the max age to 1 000 centiseconds Sysname system view System View return to User View with Ctrl Z Sysname stp timer max age...

Page 272: ...r 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description z Use the stp transmit limit command to set the maximum number of configuration BPDUs...

Page 273: ...system view System View return to User View with Ctrl Z Sysname stp interface Ethernet 1 0 2 to Ethernet 1 0 4 transmit limit 15 vlan mapping modulo Syntax vlan mapping modulo modulo View MST region v...

Page 274: ...p VLANs to MSTIs with the modulo being 16 Sysname system view System View return to User View with Ctrl Z Sysname stp region configuration Sysname mst region vlan mapping modulo 16 vlan vpn tunnel Syn...

Page 275: ...n make sure the links between operator s networks are trunk links z If a fabric port exists on a switch you cannot enable the VLAN VPN function for any port of the switch Examples Enable the VLAN VPN...

Page 276: ...ing table statistics protocol 1 12 2 Static Route Configuration Commands 2 1 Static Route Configuration Commands 2 1 delete static routes all 2 1 ip route static 2 2 3 RIP Configuration Commands 3 1 R...

Page 277: ...4 18 display ospf nexthop 4 21 display ospf peer 4 22 display ospf request queue 4 25 display ospf retrans queue 4 26 display ospf routing 4 27 display ospf vlink 4 28 filter policy export 4 29 filter...

Page 278: ...cost 5 1 apply tag 5 2 display ip ip prefix 5 2 display route policy 5 3 if match acl ip prefix 5 4 if match cost 5 4 if match interface 5 5 if match ip next hop 5 6 if match tag 5 6 ip ip prefix 5 7...

Page 279: ...routing information without the specified character string For details about regular expressions refer to Configuration File Management Operation of this manual Description Use the display ip routing...

Page 280: ...ting Table public net Destination Mask Protocol Pre Cost Nexthop Interface 4 4 4 0 24 DIRECT 0 0 4 4 4 1 Vlan interface4 Display the routing information without the character string interface4 in the...

Page 281: ...ACL 2100 1 rule Acl s step is 1 rule 0 permit source 192 168 1 0 0 0 0 255 For details about the display acl command refer to ACL Command Display the information of routes that match ACL 2100 Sysname...

Page 282: ...iveU Retain Gateway Unicast Age 21 34 13 Cost 0 0 Table 1 2 Description on the fields of the display ip routing table command Field Description Destination Destination address Mask Subnet mask Protoco...

Page 283: ...ise route when advertising routes in accordance with a routing policy NotInstall A NotInstall route cannot be added to the core routing table but may be advertised A route with the highest priority is...

Page 284: ...outing table ip address mask This command only displays the routes exactly matching the specified destination address and mask z display ip routing table ip address longer match This command displays...

Page 285: ...displays the verbose information of both active and inactive routes Without this argument provided this command displays the summary of active routes only Description Use the display ip routing table...

Page 286: ...re Cost Nexthop Interface 10 1 1 0 24 DIRECT 0 0 10 1 1 2 Vlan interface1 10 1 1 2 32 DIRECT 0 0 127 0 0 1 InLoopBack0 For descriptions of the above fields see Table 1 1 Display the detailed informati...

Page 287: ...fied brief information of only the routes in the active state is displayed Description Use the display ip routing table protocol command to display the route information of a specific protocol Example...

Page 288: ...nodes Routes Number of routes display ip routing table statistics Syntax display ip routing table statistics View Any view Parameters None Description Use the display ip routing table statistics comma...

Page 289: ...display ip routing table verbose Syntax display ip routing table verbose View Any view Parameters None Description Use the display ip routing table verbose command to display the detailed information...

Page 290: ...eld Description Holddown Number of suppressed routes Delete Number of deleted routes Hidden Number of hidden routes reset ip routing table statistics protocol Syntax reset ip routing table statistics...

Page 291: ...ng table statistics protocol all Display the routing statistics in the IP routing table Sysname display ip routing table statistics Routing tables Proto route active added deleted DIRECT 4 4 0 0 STATI...

Page 292: ...em view Parameters None Description Use the delete static routes all command to delete all static routes The system will request your confirmation before it deletes all the configured static routes Re...

Page 293: ...r this destination will be discarded and the source host will be informed that the destination is unreachable blackhole Indicates a blackhole route If a static route to a destination is marked with bl...

Page 294: ...the mask are both 0 0 0 0 what you are configuring is a default route All the packets that fail to find a routing entry will be forwarded through this default route z You cannot configure an interface...

Page 295: ...eck for RIP 1 packets By default RIP 1 performs the must be zero field check According to the protocol RFC 1058 specifications some fields in RIP 1 packets must be zero and these fields are called zer...

Page 296: ...from another routing protocol the routes will be redistributed with the default cost specified with the default cost command Related commands import route Examples Redistribute static routes and set...

Page 297: ...packets z on Enabled z off Disabled Default cost Default cost for redistributed routes Summary State of the automatic route summarization function z on Enabled z off Disabled Preference RIP preferenc...

Page 298: ...dress of the interface running RIP You need to use the network command to enable the network segment on which the address resides Interface Name of the interface running RIP The IP address of the inte...

Page 299: ...Description on the fields of the display rip routing command Field Description Destination Mask Destination address Mask Cost Cost NextHop Net hop address Age Time elapsed after the route is advertise...

Page 300: ...oing routing information Use the undo filter policy export command to disable RIP from filtering the outgoing routing information Note that if protocol is specified RIP filters only the outgoing route...

Page 301: ...e the undo filter policy gateway command to disable RIP from filtering the routing information advertised by a specified address Use the filter policy import command to enable RIP to filter the incomi...

Page 302: ...routes are redistributed in the range of 1 to 65535 This argument is valid only for ospf ospf ase and ospf nssa value Cost for redistributed routes in the range of 0 16 If no cost is specified when re...

Page 303: ...P runs only on the interface attached to the specified network For an interface not on the specified network RIP neither receives sends routes on it nor forwards interface route through it Therefore y...

Page 304: ...tination 202 38 165 1 Sysname system view System View return to User View with Ctrl Z Sysname rip Sysname rip peer 202 38 165 1 preference Syntax preference value undo preference View RIP view Paramet...

Page 305: ...Reset the RIP system configuration Sysname system view System View return to User View with Ctrl Z Sysname rip Sysname rip reset Reset RIP s configuration and restart RIP Y N y rip Syntax rip undo ri...

Page 306: ...tipulated by RFC2082 rfc2453 Specifies that MD5 cipher text authentication packets will use the packet format stipulated by RFC2453 key string MD5 cipher text authentication key If it is typed in the...

Page 307: ...cipher text authentication with the authentication key of aaa and the packet format of rfc2453 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 10 Sysna...

Page 308: ...on an interface is added to the routing table the additional metric will be added to the route Therefore if you increase the additional metric the metric of RIP routes received on the interface will...

Page 309: ...tem View return to User View with Ctrl Z Sysname interface Vlan interface 10 Sysname Vlan interface10 rip metricout 2 rip output Syntax rip output undo rip output View Interface view Parameters None D...

Page 310: ...ion needs to be disabled to ensure the correct execution of the protocol So disable the split horizon function only when necessary Examples Disable the split horizon function on the interface VLAN int...

Page 311: ...IP 2 broadcast mode RIP 2 multicast mode Table 3 5 Send mode of RIP packets RIP version RIP 1 broadcast packet RIP 2 broadcast packet RIP 2 multicast packet RIP 1 RIP 2 broadcast mode RIP 2 multicast...

Page 312: ...Vlan interface 10 Sysname Vlan interface10 undo rip work summary Syntax summary undo summary View RIP view Parameters None Description Use the summary command to enable RIP 2 automatic route summariza...

Page 313: ...that of the Period Update timer Adjusting the Period Update timer will affect the Garbage collection timer The modification of RIP timers is validated immediately As specified in RFC 1058 RIP is cont...

Page 314: ...n is disabled When the number of equivalent routes reaches the upper limit z If this function is enabled the newly learned equivalent route replaces the existing equivalent route in the routing table...

Page 315: ...nt is not provided the summary route will be advertised not advertise Specifies not to advertise the summary route Description Use the abr summary command to enable route summarization on an area bord...

Page 316: ...42 0 0 255 255 0 0 area Syntax area area id undo area area id View OSPF view Parameters area id ID of an OSPF area which can be a decimal integer ranging from 0 to 4294967295 or in the form of an IP a...

Page 317: ...he specified network If an NSSA area is configured this command also summarizes the redistributed Type 7 LSAs falling into the specified network If the local router acts as an NSSA ABR this command su...

Page 318: ...tion mode on interfaces When configuring virtual link authentication you can use the authentication mode command to specify the authentication mode as MD5 cipher text or simple text for the backbone a...

Page 319: ...reasonably set the default cost of redistributed routes the default interval for redistributing routes and the limit of routes that can be redistributed at one time Examples Set the default cost inter...

Page 320: ...an NSSA ASBR only when a default route is available on the ASBR can the router generate the default route into the attached area Related commands stub nssa Examples Set area 1 to a Stub area and the c...

Page 321: ...command to generate a default route in the OSPF routing domain Use the undo default route advertise command to disable OSPF from redistributing a default route By default OSPF does not redistribute a...

Page 322: ...Display the information about the OSPF ABRs and ASBRs Sysname display ospf abr asbr OSPF Process 1 with Router ID 1 1 1 1 Routing Table to ABR and ASBR I Intra i Inter A ASBR B ABR S SumASBR Destinati...

Page 323: ...n Description Use the display ospf asbr summary command to display the summary information of OSPF redistributed routes If you do not specify an IP address or subnet mask the summary information of al...

Page 324: ...ters process id OSPF process ID in the range of 1 to 65535 If you do not specify a process ID this command applies to all current OSPF processes Description Use the display ospf brief command to displ...

Page 325: ...iption RouterID Router ID of the router Border Router Whether the router is a border router z Area ABR z AS ASBR z Nssa Area AS NSSA ABR Spf schedule interval Interval of SPF schedule Routing preferen...

Page 326: ...state machine z DOWN No protocol packet is sent or received on the interface z Waiting The interface starts sending and receiving Hello packets and is trying to identify the Backup designated router f...

Page 327: ...lay ospf cumulative OSPF Process 1 with Router ID 1 1 1 1 Cumulations IO Statistics Type Input Output Hello 0 10430 DB Description 0 0 Link State Req 0 0 Link State Update 0 0 Link State Ack 0 0 ASE 0...

Page 328: ...ated Number of originated LSAs LSAs Received Number of received LSAs generated by other routers Router Number of all Router LSAs SumNet Number of all Sumnet LSAs SumASB Number of all SumASB LSAs Neigh...

Page 329: ...0 DD unknown LSA type 0 LS ACK neighbor state low 0 LS ACK wrong ack 0 LS ACK duplicate ack 0 LS ACK unknown LSA type 0 LS ACK ACK length wrong 0 LS REQ neighbor state low 0 LS REQ empty request 0 LS...

Page 330: ...neighbor state LS ACK wrong ack Link state acknowledgment packet ack error LS ACK duplicate ack Link state acknowledgment packet ack duplication LS ACK unknown LSA type Link state acknowledgment packe...

Page 331: ...ignated Router 10 110 10 2 Timers Hello 10 Dead 40 Poll 10 Retransmit 5 Transmit Delay 1 Table 4 6 Description on the fields of the display ospf interface command Field Description Cost Cost of the in...

Page 332: ...mmand applies to all current OSPF processes area id OSPF area ID which can be a decimal integer ranging from 0 to 4294967295 or in the form of an IP address brief Displays brief database information a...

Page 333: ...Rtr 1 1 1 1 1 1 1 1 449 36 80000004 0 SpfTree Rtr 3 3 3 3 3 3 3 3 429 36 8000000a 0 Clist Net 10 153 18 89 3 3 3 3 429 32 80000003 0 SpfTree SNet 10 153 17 0 1 1 1 1 355 28 80000003 10 Inter List ASB...

Page 334: ...ea reachable to the attached area z Inter List The LSA is in another area z Sum Infinity The LSA is in an unreachable area z Ase List The LSA is outside the AS and is reachable z Ase Infinity The LSA...

Page 335: ...apability z DC On demand link support z N NSSA external LSA support z P Capability of an NSSA ABR to translate Type 7 LSAs into Type 5 LSAs Net mask Network mask E type Type of external route z 1 Type...

Page 336: ...ace to the next hop display ospf peer Syntax display ospf process id peer brief statistics View Any view Parameters process id OSPF process ID in the range of 1 to 65535 If you do not specify a proces...

Page 337: ...the initial Database Description DD sequence number z Exchange In this state the router is sending DD packets to the neighbor describing its entire link state database z Loading In this state the rout...

Page 338: ...to establish neighbor relation which indicates that OSPF router does not receive the message from a certain neighbor router within a period of time Attempt It is enabled in an NBMA environment such as...

Page 339: ...nd applies to all current OSPF processes Description Use the display ospf request queue command to display the information about the OSPF request queue Examples Display the information about the OSPF...

Page 340: ...ss 200 with Router ID 103 160 1 1 Retransmit List The Router s Neighbors is RouterID 162 162 162 162 Address 103 169 2 2 Interface 103 169 2 5 Area 0 0 0 1 Retrans list Type ASE LSID 129 11 77 0 AdvRo...

Page 341: ...Cost Type NextHop AdvRouter Area 10 110 0 0 16 1 Net 10 110 10 1 10 10 10 1 0 0 0 0 10 10 0 0 16 1 Stub 10 10 0 1 3 3 3 3 0 0 0 0 Total Nets 2 Intra Area 2 Inter Area 0 ASE 0 NSSA 0 Table 4 15 Descri...

Page 342: ...mmand Field Description Virtual link Neighbor id ID of a virtual link neighbor router State State of a neighbor router It can be Down Init Attempt 2 Way Exstart Exchange Loading or Full Cost Route cos...

Page 343: ...nfiguration Description Use the filter policy export command to configure the filtering of outgoing redistributed routes Use the undo filter policy export command to disable such filtering By default...

Page 344: ...n Description Use the filter policy import command to configure the filtering of incoming routes Use the undo filter policy import command to disable such filtering By default no filtering of incoming...

Page 345: ...to 16777214 and defaults to 1 type value Specifies the type of redistributed routes The type value is 1 or 2 and defaults to 2 tag value Specifies the tag of redistributed routes A tag can be used by...

Page 346: ...utput log information when a neighbor changes to the Full state or to the Down state Neighbor states include Down Init Attempt 2 Way Exstart Exchange Loading and Full Examples Enable logging of neighb...

Page 347: ...Use the network command to enable an interface to run the OSPF protocol Use the undo network command to disable an interface from running OSPF By default the interface does not belong to any area To...

Page 348: ...ly when a default route is available on the ASBR can it generate the default route in a Type 7 LSA into the attached area The no import route keyword is usable only on an NSSA ABR that is also the ASB...

Page 349: ...igure area 1 as NSSA area Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 area 1 Sysname ospf 1 area 0 0 0 1 network 36 0 0 0 0 255 255 255 Sysname ospf 1...

Page 350: ...ame ospf 120 ospf authentication mode Syntax ospf authentication mode simple password md5 key id key undo ospf authentication mode simple md5 View Interface view Parameters simple Plain authentication...

Page 351: ...tion Set the authentication key identifier to 15 and the authentication key to abc Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 area 1 Sysname ospf 1 a...

Page 352: ...ority of an interface is 1 The DR election priority of an interface determines the qualification of the interface The interface with a higher priority will be preferred when an election conflict occur...

Page 353: ...View Interface view Parameters None Description Use the ospf mtu enable command to add the interface MTU to the MTU field in DD packets Use the undo ospf mtu enable command to restore the default By d...

Page 354: ...access NBMA If Frame Relay ATM HDLC or X 25 is adopted OSPF defaults the network type to NBMA z Point to Multipoint P2MP OSPF will not default the network type of any link layer protocol to P2MP The...

Page 355: ...Parameters seconds Dead interval of the OSPF neighbor It is in seconds and ranges from 1 to 65535 Description Use the ospf timer dead command to configure the dead interval of the OSPF neighbor Use t...

Page 356: ...or nbma Hello packets are periodically sent to find and maintain neighbors and used for DR BDR election The hello seconds value must be identical on interfaces attached to the same network segment Oth...

Page 357: ...e20 ospf timer poll 130 ospf timer retransmit Syntax ospf timer retransmit interval undo ospf timer retransmit View Interface view Parameters interval Interval in seconds for retransmitting LSA on an...

Page 358: ...1 second Each LSA in the LSDB has an age that is incremented by 1 every second but the age does not change during transmission Therefore it is necessary to add a transmission delay into its age time w...

Page 359: ...nce ase View OSPF view Parameters value OSPF protocol preference in the range of 1 to 255 ase Indicates the preference of a redistributed external route of the AS Description Use the preference comman...

Page 360: ...y z OSPF configuration before the restart will not lose After this command is issued the system will prompt you to confirm whether to re enable OSPF Examples Reset all the OSPF processes Sysname reset...

Page 361: ...the router ID regardless of whether the interfaces are up or down z A new router ID is selected only after the existing router ID is deleted or modified Other cases for example when the interface with...

Page 362: ...erface Examples Disable interface VLAN interface 20 from transmitting OSPF packet Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 silent interface Vlan in...

Page 363: ...fer to the SNMP RMON part in this manual Examples Enable the TRAP function for OSPF process 100 Sysname system view System View return to User View with Ctrl Z Sysname snmp agent trap enable ospf 100...

Page 364: ...efault cost command to configure the default route cost In addition you can specify the no summary argument in the stub command to disable the receiving of Type 3 LSAs by the Stub area connected to th...

Page 365: ...rtually linked peer keyid MD5 authentication key ID It ranges from 1 to 255 It must be equal to the authentication key ID of the virtually linked peer key MD5 authentication key If you use simple text...

Page 366: ...ode The router ID of Router A is 10 1 1 1 and that of Router B is 10 1 1 2 z Configure Router A RouterA system view System View return to User View with Ctrl Z RouterA ospf 1 RouterA ospf 1 area 0 0 0...

Page 367: ...remove the configuration By default no cost is applied to routes satisfying matching rules The apply clause is one that sets a cost for the routes satisfying matching rules in a routing policy Relate...

Page 368: ...amed policy and node 1 with the matching mode being permit Apply the tag 100 to routes matching ACL 2000 Sysname system view System View return to User View with Ctrl Z Sysname route policy policy per...

Page 369: ...imit of subnet mask length of the matched IP address LE Less equal that is upper limit of subnet mask length of the matched IP address display route policy Syntax display route policy route policy nam...

Page 370: ...the range of 2000 to 3999 ip prefix name Name of the IP prefix list used for filtering a string of up to 19 characters Description Use the if match command to match routes permitted by an ACL or IP pr...

Page 371: ...ce of this list Sysname route policy if match cost 8 if match interface Syntax if match interface interface type interface number undo if match interface View Route policy view Parameters interface ty...

Page 372: ...with next hops specified in an ACL or IP prefix list Use the undo if match ip next hop command to remove the matching rule with an ACL Use the undo if match ip next hop ip prefix command to remove th...

Page 373: ...rs It identifies an address prefix list uniquely index number Identifier of an entry in the IP address prefix list in the range 1 to 2047 The entry with a smaller index number will be tested first per...

Page 374: ...tch the prefix ranges of these two parts If you specify network len as 0 0 0 0 0 it matches the default route only To match all the routes use 0 0 0 0 0 less equal 32 Examples Define an ip prefix name...

Page 375: ...clause defines the actions after filtering through this node The filtering relationship between the if match clauses of the node is AND That is all if match clauses of the node must be met The filter...

Page 376: ...mands display memory Syntax display memory unit unit id Mode Any view Parameters unit id Unit ID Description Use the display memory command to display the memory usage Examples Display the current mem...

Page 377: ...ys the current memory limit configuration free memory and state information about connections such as times of disconnection times of reconnection and whether the current state is normal Examples Disp...

Page 378: ...ts value range depends on the free memory of the current switch This value defaults to 4 Description Use the memory limit limit value command to configure the lower limit of the switch free memory Whe...

Page 379: ...a safety value By default when the free memory of the switch recovers to a safety value connections of all the routing protocols will always recover when the free memory of the switch decreases to a l...

Page 380: ...t when the free memory of the switch recovers to a safety value connections of all the routing protocols will always recover when the free memory of the switch decreases to a lower limit the connectio...

Page 381: ...ng packet 1 13 multicast source deny 1 14 reset multicast forwarding table 1 15 reset multicast routing table 1 16 unknown multicast drop enable 1 16 2 IGMP Configuration Commands 2 1 IGMP Configurati...

Page 382: ...source policy 3 19 static rp 3 20 4 MSDP Configuration Commands 4 1 MSDP Configuration Commands 4 1 cache sa enable 4 1 display msdp brief 4 1 display msdp peer status 4 2 display msdp sa cache 4 4 d...

Page 383: ...time 5 10 igmp snooping max response time 5 10 igmp snooping nonflooding enable 5 11 igmp snooping querier 5 12 igmp snooping query interval 5 13 igmp snooping router aging time 5 14 igmp snooping que...

Page 384: ...information in all VLANs count Displays the number of static multicast MAC entries Description Use the display mac address multicast static command to display the information about the multicast MAC a...

Page 385: ...nd displays only those forwarding entries that match the specified multicast address otherwise the command displays all the forwarding entries Description Use the display mpm forwarding table command...

Page 386: ...rd table contains one S G entry display mpm group Syntax display mpm group vlan vlan id View Any view Parameters vlan vlan id Specifies a VLAN With a VLAN specified this command displays the IGMP grou...

Page 387: ...group address Address of the IP multicast group Static host port s Static host ports Dynamic host port s Dynamic host ports MAC group s MAC multicast groups Host port s Member ports of the IP multicas...

Page 388: ...ption Use the display multicast forwarding table command to display the information of multicast forwarding tables As the multicast forwarding table directly guides the forwarding of multicast traffic...

Page 389: ...iew Any view Parameters group address Multicast group address in the range of 224 0 0 0 to 239 255 255 255 With this argument provided the command displays the multicast routing entries for the specif...

Page 390: ...meout in 123 sec Upstream interface Vlan interface1 4 4 4 6 Downstream interface list NULL Matched 3 entries The following table describes the fields in the displayed information Table 1 5 display mul...

Page 391: ...ecified port Related commands multicast source deny Examples Display the multicast source port suppression status of Ethernet 1 0 1 Sysname display multicast source deny interface Ethernet 1 0 1 Ether...

Page 392: ...e0a 0805 and a forwarding port of Ethernet 1 0 1 in VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname mac address multicast 0100 5e0a 0805 interface Ethernet 1 0 1 vlan 1...

Page 393: ...ch the multicast traffic for 192 168 4 1 G flows to the receivers Sysname mtracert 192 168 4 1 Type Ctrl C to quit multicast traceroute facility From last hop router 192 168 2 2 trace reverse path to...

Page 394: ...packets arrive Previous hop router address IP address of the router from which this local device receives multicast packets sent by the source Input packet count on incoming interface Total number of...

Page 395: ...routing table currently contains more entries than configured If you execute this command again the new configuration will overwrite the existing configuration Examples Set the maximum number of entri...

Page 396: ...ding entries after entry creation By default this function is not enabled Examples Enable the multicast packet buffering feature Sysname system view System View return to User View with Ctrl Z Sysname...

Page 397: ...fault the multicast source port suppression feature is disabled on all the ports With the multicast source port suppression feature enabled on a port the port drops all multicast data packets while it...

Page 398: ...Mask length of the multicast group address or multicast source address For a multicast group address this argument is in the range of 4 to 32 for a multicast source address this argument is in the ra...

Page 399: ...st source address this argument is in the range of 0 to 32 The system default is 32 in both cases incoming interface interface type interface number Clears the routing entries that match the specified...

Page 400: ...undo unknown multicast drop enable command to disable the function of dropping unknown multicast packets By default the function of dropping unknown multicast packets is disabled Examples Enable the u...

Page 401: ...isplays the IGMP multicast group information about the specified interface Description Use the display igmp group command to display the IGMP multicast group information Without any parameters provide...

Page 402: ...all interfaces running IGMP Description Use the display igmp interface command to display the IGMP configuration and running information on the specified interface or all interfaces Examples Display...

Page 403: ...ult Value of startup query interval for IGMP in seconds 15 The IGMP startup query interval is 15 seconds default Value of last member query interval for IGMP in seconds 1 The IGMP last member query in...

Page 404: ...face Vlan interface 10 Sysname Vlan interface10 igmp enable igmp group limit Syntax igmp group limit limit undo igmp group limit View Interface view Parameters limit The maximum number of multicast gr...

Page 405: ...ax igmp group policy acl number 1 2 port interface list undo igmp group policy port interface list View Interface view Parameters acl number Basic ACL number defining a multicast group range The value...

Page 406: ...mmand is configured but not other VLAN interfaces Examples Configure a multicast group filter on VLAN interface 10 so that the hosts on the subnet attached to the interface can join only multicast gro...

Page 407: ...n to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit source 225 1 1 1 0 Sysname acl basic 2000 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port access...

Page 408: ...10 Sysname Vlan interface10 igmp host join 225 0 0 1 port Ethernet 1 0 1 igmp host join vlan Syntax igmp host join group address vlan vlan id undo igmp host join group address vlan vlan id View Ethern...

Page 409: ...astmember queryinterval command to configure the IGMP last member query interval namely the interval between IGMP group specific queries the IGMP querier sends upon receiving an IGMP leave message Use...

Page 410: ...face 10 Sysname Vlan interface10 igmp max response time 8 igmp proxy Syntax igmp proxy interface type interface number undo igmp proxy View Interface view Parameters interface type interface number Sp...

Page 411: ...roup specific query messages the switch sends upon receiving an IGMP Leave message The effective range is 2 to 5 Description Use the igmp robust count command to configure the IGMP robustness variable...

Page 412: ...thin the other querier present interval it assumes that the current querier is down and a new querier election process takes place In IGMP version 1 the selection of a querier is determined by the mul...

Page 413: ...mp version 1 2 undo igmp version View Interface view Parameters 1 Specifies IGMP version 1 2 Specifies IGMP version 2 Description Use the igmp version command to specify the version of IGMP to run on...

Page 414: ...nge group mask Mask of the multicast group address 255 255 255 255 by default Description Use the reset igmp group command to clear IGMP multicast group information on the interface The groups removed...

Page 415: ...store the default By default no range limit is configured namely all received messages are considered legal The source keyword in the rule command is translated into BSR address in the bsr policy comm...

Page 416: ...ault no C BSR is configured For the configuration of the candidate BSR the larger bandwidth should be guaranteed because a large amount of information will be exchanged between the BSR and other devic...

Page 417: ...onfigure VLAN interface 10 of the switch as a C RP which will serve multicast groups 225 0 0 0 to 225 255 255 255 after it wins RP election Sysname system view System View return to User View with Ctr...

Page 418: ...ysname pim quit Sysname acl number 3000 Sysname acl adv 3000 rule 0 permit source 1 1 1 1 0 destination 225 1 0 0 0 0 255 255 display pim bsr info Syntax display pim bsr info View Any view Parameters...

Page 419: ...M configuration information on all interfaces Sysname display pim interface PIM information of VLAN interface 2 IP address of the interface is 10 10 1 20 PIM is enabled PIM version is 2 PIM mode is Sp...

Page 420: ...ighbor information With an interface specified the command displays the PIM neighbor information on the specified interface otherwise the command displays the PIM neighbor information on all interface...

Page 421: ...erface Displays multicast routing entries containing the specified incoming interface interface type interface number Specifies an interface by its type and number If you specify null the command disp...

Page 422: ...or PIM DM Flag Flag of S G or G entry in the PIM routing table z SPT The S G entry is on the SPT z RPT The S G or G entry is on the RPT z WC Indicates the G entry z LOC The switch is connected with th...

Page 423: ...RP information Examples Display the RP information about all multicast groups Sysname display pim rp info PIM SM RP SET information BSR is 4 4 4 6 Group MaskLen 224 0 0 0 4 RP 4 4 4 6 Version 2 Priori...

Page 424: ...pim bsr boundary command to configure the current interface as the BSR service boundary namely the PIM SM domain border Use the undo pim bsr boundary command to remove the configured PIM SM domain bo...

Page 425: ...isabled Typically PIM DM should be enabled on all interfaces Before enabling PIM DM you must enable multicast routing first Related commands multicast routing enable Examples Enable PIM DM on VLAN int...

Page 426: ...neighbor policy Syntax pim neighbor policy acl number undo pim neighbor policy View Interface view Parameters acl number Basic ACL number in the range of 2 000 to 2 999 Description Use the pim neighbo...

Page 427: ...disabled Typically PIM SM should be enabled on all interfaces Before enabling PIM SM you must enable multicast routing first Related commands multicast routing enable Examples Enable the PIM SM protoc...

Page 428: ...system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname interface Vlan interface 10 Sysname Vlan interface10 pim timer hello 40 prune delay Syntax prune delay...

Page 429: ...ering register messages Use the undo register policy command to remove a rule for filtering register messages By default no rule for filtering register messages is configured Examples Configure a rule...

Page 430: ...ddress mask Mask of the multicast group address or multicast source address 255 255 255 255 by default mask length Mask length of the multicast group address or multicast source address in the range o...

Page 431: ...the order number of the ACL in the group policy list where order value has an effective range of 1 to the largest order value in the existing group policy list 1 but the value range should not includ...

Page 432: ...y keyword in the spt switch threshold command on a switch that may become an RP namely a static RP or a C RP Examples Disable RPT to SPT switchover on a switch that will never become an RP Sysname sys...

Page 433: ...e and group addresses defined in the ACL rule Use the undo source policy command to remove the configuration If a basic ACL is employed in the command the switch filters all the received multicast dat...

Page 434: ...configure a static RP Use the undo static rp command to remove the static RP configuration A static RP functions as a backup for the dynamically elected RP to improve network robustness When the RP e...

Page 435: ...ism By default the SA message caching mechanism is enabled With the SA message caching mechanism enabled the switch sends no SA request message to the specified MSDP peer upon receiving a Join message...

Page 436: ...as client in connecting state z Shutdown Deactivated z Down Connection failed Up Down time Time passed since MSDP peer connection establishment failure AS Number of the autonomous system where the MSD...

Page 437: ...from this peer 0 SA cache maximum for the peer none Input queue size 0 Output queue size 0 Counters for MSDP message Count of RPF check failure 0 Incoming outgoing SA messages 0 0 Incoming outgoing SA...

Page 438: ...ing SA Requests status Whether enabled to send an SA request message to the designated MSDP peer upon receiving a new Join message Minimum TTL to forward SA with encapsulated data Minimum TTL of multi...

Page 439: ...G entries z If no AS number is specified this command displays the S G entries related to all ASs Examples Display all S G entries in the SA cache Sysname display msdp sa cache MSDP Total Source Acti...

Page 440: ...ured Examples Display the number of S G entries in the SA cache Sysname display msdp sa count Number of cached Source Active entries counted by Peer Peer s Address Number of SA 10 10 10 10 5 Number of...

Page 441: ...the S G entries in this domain that need to be advertised when an MSDP peer creates an SA message Use the undo import source command to cancel the configuration By default an SA message advertise any...

Page 442: ...tracert Syntax msdp tracert source address group address rp address max hops max hops next hop info sa info peer info skip hops skip hops View Any view Parameters source address Specifies a multicast...

Page 443: ...max hops Next Hop info Next Hop Router Address 0 0 0 0 SA info Count of SA messages received for this S G RP 0 Count of encapsulated data packets received for this S G RP 0 SA cache entry uptime 00 30...

Page 444: ...ry will expire in hours minutes seconds Peering Uptime 10 minutes The time of the peering session between the local switch and a Peer RPF neighbor Count of Peering Resets Count of session resets origi...

Page 445: ...o remove an MSDP peering connection If an MSDP peer of the switch is a BGP peer to this switch at the same time the same IP address must be used for both the MSDP peering connection and the BGP peerin...

Page 446: ...ion router CstmrA peer mesh group Syntax peer peer address mesh group name undo peer peer address mesh group View MSDP view Parameters peer address IP address of the MSDP peer to be added into the mes...

Page 447: ...those multicast data packets with a TTL value greater than or equal to 10 can be forwarded to the MSDP peer 110 10 10 1 Sysname system view System View return to User View with Ctrl Z Sysname msdp Sy...

Page 448: ...the specified MSDP peer that the device can cache Use the undo peer sa cache maximum command to restore the default configuration By default the device can cache a maximum of 2 048 S G entries learned...

Page 449: ...ommands peer Examples Configure a filtering rule so that only those SA messages permitted by the ACL 3100 are forwarded to the MSDP peer 125 10 7 6 Sysname system view System View return to User View...

Page 450: ...in the range of 225 1 1 0 24 and ignore all other SA request messages Sysname system view System View return to User View with Ctrl Z Sysname acl number 2001 Sysname acl basic 2001 rule permit source...

Page 451: ...cast group 225 5 4 3 from the SA cache Sysname reset msdp sa cache 225 5 4 3 reset msdp statistics Syntax reset msdp statistics peer address View User view Parameters peer address Address of the MSDP...

Page 452: ...o receive SA messages rp policy ip prefix name Specifies a filtering policy based on RP addresses to filter RPs in SA messages where ip prefix name is the IP address prefix list containing 1 to 19 cha...

Page 453: ...peer ip ip prefix Examples Configure a static RPF peer Sysname system view System View return to User View with Ctrl Z Sysname ip ip prefix list1 permit 130 10 0 0 16 greater equal 16 less equal 32 S...

Page 454: ...z aging time of multicast member ports z non flooding feature status Related commands igmp snooping igmp snooping router aging time igmp snooping max response time igmp snooping host aging time igmp s...

Page 455: ...st static group vlan multicast static router port multicast static router port vlan Examples Display the information about the multicast groups in VLAN 100 Sysname display igmp snooping group vlan 100...

Page 456: ...s MAC multicast group MAC group address Address of a MAC multicast group Host port s Member ports display igmp snooping statistics Syntax display igmp snooping statistics View Any view Parameters None...

Page 457: ...ives z one IGMP general query messages z zero IGMP specific query messages z zero IGMPv1 report messages z three IGMPv2 report messages z zero IGMP leave messages z zero IGMP error packets IGMP Snoopi...

Page 458: ...le IGMP Snooping ok igmp snooping fast leave Syntax igmp snooping fast leave vlan vlan list undo igmp snooping fast leave vlan vlan list View System view Ethernet port view Parameters vlan vlan list S...

Page 459: ...ata for that group Examples Enable fast leave processing on Ethernet 1 0 1 in VLAN 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1...

Page 460: ...oup to replace an existing multicast group with the lowest IP address vlan vlan list Specifies a VLAN list With the vlan list argument you can provide one or more individual VLAN IDs in the form of vl...

Page 461: ...for a multicast group the configuration of the maximum number of multicast groups that can be joined does not take effect on the port Examples Configure to allow Ethernet 1 0 1 in VLAN 2 to join a max...

Page 462: ...ation performed in Ethernet port view takes effect on the port no matter which VLAN it belongs to if no VLAN is specified if one or more VLANs are specified the configuration takes effect on the port...

Page 463: ...0 to 1 000 Description Use the igmp snooping host aging time command to configure the aging time of multicast member ports Use the undo igmp snooping host aging time command to restore the default agi...

Page 464: ...User View with Ctrl Z Sysname igmp snooping max response time 15 igmp snooping nonflooding enable Syntax igmp snooping nonflooding enable undo igmp snooping nonflooding enable View System view Paramet...

Page 465: ...ticast drop enable multicast source deny display multicast source deny Examples Enable IGMP Snooping non flooding after you enable IGMP Snooping globally and disable both port stacking and unknown mul...

Page 466: ...the interval at which the switch sends IGMP general queries Use the undo igmp snooping query interval command to restore the default By default the IGMP query interval is 60 seconds These commands are...

Page 467: ...f the router port to 500 seconds Sysname system view System View return to User View with Ctrl Z Sysname igmp snooping router aging time 500 igmp snooping query pkt deny Syntax igmp snooping query pkt...

Page 468: ...mand to configure the IGMP Snooping version in the current VLAN Use the undo igmp snooping version command to restore the default IGMP Snooping version This command can take effect only if IGMP Snoopi...

Page 469: ...source address only when IGMPv3 Snooping is running in the VLAN port interface list Configures the specified port or ports under the current VLAN interface as simulated member host s for the specifie...

Page 470: ...vlan10 quit Sysname interface Vlan interface 10 Sysname Vlan interface10 igmp host join 225 0 0 1 port Ethernet 1 0 1 igmp host join Syntax igmp host join group address source ip source address vlan v...

Page 471: ...m View return to User View with Ctrl Z Sysname igmp snooping enable Enable IGMP Snooping ok Sysname vlan 1 Sysname vlan1 igmp snooping enable Sysname vlan1 igmp snooping version 3 Sysname vlan1 quit S...

Page 472: ...face view Parameters group address IP address of the multicast group to join in the range of 224 0 0 0 to 239 255 255 255 interface interface list Specifies a port list With the interface list argumen...

Page 473: ...1 to 4094 Description Use the multicast static group vlan command to configure the current port as a static member port for the specified multicast group and specify the VLAN the port belongs to Use...

Page 474: ...face type interface number View VLAN view Parameters interface type interface number Specifies a port by its type and number Description Use the multicast static router port command to configure the s...

Page 475: ...a multicast VLAN nor the specified VLAN the configuration does not take effect z If the current port does not belong to any multicast VLAN but it belongs to the specified VLAN the configuration takes...

Page 476: ...ated from user VLANs this method also enhances the information security z One port belongs to only one multicast VLAN z The port connected to a user terminal must be a hybrid port z The multicast memb...

Page 477: ...5 24 Sysname vlan 2 Sysname vlan2 service type multicast...

Page 478: ...x version check 1 20 reset dot1x statistics 1 21 2 Quick EAD Deployment Configuration Commands 2 1 Quick EAD Deployment Configuration Commands 2 1 dot1x free ip 2 1 dot1x timer acl timeout 2 2 dot1x u...

Page 479: ...ii system guard ip enable 4 5 system guard l3err enable 4 6 system guard tcn enable 4 7 system guard tcn rate threshold 4 7...

Page 480: ...at up to 10 port lists can be provided Description Use the display dot1x command to display 802 1x related information such as configuration information operation information session information and s...

Page 481: ...y logoff checker is disabled Version Check is disabled The port is an authenticator Authentication Mode is Auto Port Control Type is Port based ReAuthenticate is disabled Max number of on line users i...

Page 482: ...it Period Setting of the Transmission period timer the tx period Handshake Period Setting of the handshake period timer the handshake period ReAuth Period Re authentication interval ReAuth MaxTimes Ma...

Page 483: ...isable means the switch does not checks client version z Enable means the switch checks client version The port is an authenticator The port acts as an authenticator system Authentication Mode is Auto...

Page 484: ...port only after 802 1x is enabled both globally and on the port z The settings of 802 1x and MAC address learning limit are mutually exclusive Enabling 802 1x on a port will prevent you from setting t...

Page 485: ...ser names are transmitted rather than passwords Therefore this method is safer In EAP authentication a switch authenticates supplicant systems by encapsulating 802 1x authentication information in EAP...

Page 486: ...Ethernet port view Parameters vlan id VLAN ID of a guest VLAN in the range 1 to 4094 interface list Ethernet port list in the form of interface list interface type interface number to interface type...

Page 487: ...because the switch does not send authentication request packets in this case Examples Configure the switch to operate in the port based authentication mode Sysname system view System View return to Us...

Page 488: ...king function Sysname system view System View return to User View with Ctrl Z Sysname dot1x handshake enable dot1x handshake secure Syntax dot1x handshake secure undo dot1x handshake secure View Ether...

Page 489: ...f the port The string 1 10 means that up to 10 port lists can be provided Description Use the dot1x max user command to set the maximum number of users an Ethernet port can accommodate Use the undo do...

Page 490: ...rt list in the form of interface list interface type interface number to interface type interface number 1 10 in which interface type specifies the type of an Ethernet port and interface number is the...

Page 491: ...based authentication mode the users connected to the port are authenticated separately Thus log off of a user will not affect other users z In port based authentication mode all the users connected to...

Page 492: ...f the user By default the quiet period timer is disabled Related commands display dot1x dot1x timer Examples Enable the quiet period timer Sysname system view System View return to User View with Ctrl...

Page 493: ...ax retry version value Maximum number of times that a switch sends version request packets to a user This argument ranges from 1 to 10 Description Use the dot1x retry version max command to set the ma...

Page 494: ...d Description Use the dot1x re authenticate command to enable 802 1x re authentication on specific ports or on all ports of the switch Use the undo dot1x re authenticate command to disable 802 1x re a...

Page 495: ...face number 1 10 in which interface type specifies the type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Descriptio...

Page 496: ...client to ask the latter to disable the use of multiple network adapters proxies and IE proxy after the user passes the authentication z The 802 1x proxy checking function needs the cooperation of H3C...

Page 497: ...ket if it does not receive the response from the RADIUS server when this timer times out The server timeout value argument ranges from 100 to 300 in seconds By default the RADIUS server timer is set t...

Page 498: ...ired way you can use the dot1x timer command to set the timers as needed This may be necessary in some special situations or in tough network environments Normally the defaults are recommended Note th...

Page 499: ...x version check command to enable 802 1x client version checking for specified Ethernet ports Use the undo dot1x version check command to disable 802 1x client version checking for specified Ethernet...

Page 500: ...ption Use the reset dot1x statistics command to clear 802 1x related statistics To retrieve the latest 802 1x related statistics you can use this command to clear the existing 802 1x related statistic...

Page 501: ...in the range 0 to 32 Description Use the dot1x free ip command to configure a free IP range A free IP range is an IP range that users can access before passing 802 1x authentication Use the undo dot1...

Page 502: ...ot1x configuration commands Examples Set the ACL timeout period to 40 minutes Sysname system view System View return to User View with Ctrl Z Sysname dot1x timer acl timeout 40 dot1x url Syntax dot1x...

Page 503: ...2 3 System View return to User View with Ctrl Z Sysname dot1x url http 192 168 19 23...

Page 504: ...ion HABP Mode Server Sending HABP request packets every 20 seconds Bypass VLAN 2 Table 3 1 Description on the fields of the display habp command Field Description HABP Mode Indicates the HABP mode of...

Page 505: ...splay habp table command Field Description MAC MAC addresses contained in the HABP MAC address table Holdtime Hold time of the entries in the HABP MAC address table An entry is removed from the table...

Page 506: ...ts with version errors Sent failed Number of the HABP packets that failed to be sent habp enable Syntax habp enable undo habp enable View System view Parameters None Description Use the habp enable co...

Page 507: ...enabled the habp server vlan command cannot take effect Examples Specify the switch to operate as an HABP server and the HABP packets to be broadcast in VLAN 2 Assume that HABP is enabled Sysname syst...

Page 508: ...3 5 Examples Configure the switch to send HABP request packets once in every 50 seconds Sysname system view System View return to User View with Ctrl Z Sysname habp timer 50...

Page 509: ...d times of aging time 3 Number of suspicious hosts that can be detected 30 Number of suspicious hosts detected 0 Table 4 1 Description on the fields of the display system guard ip state command Field...

Page 510: ...tem guard ip record M Master port of link aggregation Index Source IP Destination IP Port 1 000 000 000 000 000 000 000 000 0 0 0 2 000 000 000 000 000 000 000 000 0 0 0 3 000 000 000 000 000 000 000...

Page 511: ...Description Use the display system guard tcn state command to view the status of TCN Examples View the status of TCN System Guard Sysname display system guard tcn state System guard TCN state enabled...

Page 512: ...e range of 1 to 100 record times threshold Maximum number of times an IP address must be hit before an action can be taken in the range of 1 to 10 isolate time Isolation time in the range of 3 to 100...

Page 513: ...ress aging time Sysname system view System View return to User View with Ctrl Z Sysname system guard ip detect threshold 50 3 5 system guard ip enable Syntax system guard ip enable undo system guard i...

Page 514: ...yer 3 error control feature disabled the switch delivers all Layer 3 packets which the switch considers to be error packets including IP packets with the options field to the CPU for further processin...

Page 515: ...RP entries from being frequently deleted by STP or RSTP in addition when the TCN TC packet rate exceeds the preset threshold proper measures can be taken based on the output trap and log information B...

Page 516: ...trap or log information by default if more than 10 TCN TC packets are received within 10 seconds If the TCN TC packet receiving rate is lower than the set threshold within a 10 second monitoring cycle...

Page 517: ...r 1 15 idle cut 1 16 level 1 17 local user 1 18 local user password display mode 1 19 messenger 1 20 name 1 20 password 1 21 radius scheme 1 22 scheme 1 23 self service url 1 24 service type 1 25 stat...

Page 518: ...se timeout 1 58 user name format 1 59 HWTACACS Configuration Commands 1 60 data flow format 1 60 display hwtacacs 1 61 display stop accounting buffer 1 62 hwtacacs nas ip 1 62 hwtacacs scheme 1 63 key...

Page 519: ...iii...

Page 520: ...ISP domain The max user number argument ranges from 1 to 2 072 Description Use the access limit command to set the maximum number of access users that can be contained in current ISP domain Use the u...

Page 521: ...nt ISP domain Use the undo accounting command to cancel the accounting scheme configuration for current ISP domain By default no separate accounting scheme is configured for an ISP domain When you use...

Page 522: ...it will not disconnect the user as long as the accounting optional command has been executed z The accounting optional command is commonly used in the cases where only authentication is needed and acc...

Page 523: ...ng the user to a remote port you must use nas ip ip address to specify a remote access server IP address When binding the user to a local port you need not use nas ip ip address port port number Sets...

Page 524: ...name local command the local scheme is used as the secondary authentication scheme in case no RADIUS server is available That is if the communication between the switch and a RADIUS server is normal n...

Page 525: ...ntication radius scheme rd local authentication super Syntax authentication super hwtacacs scheme hwtacacs scheme name undo authentication super View ISP domain view Parameters hwtacacs scheme name Na...

Page 526: ...hwtacacs scheme ht authorization Syntax authorization none hwtacacs scheme hwtacacs scheme name undo authorization View ISP domain view Parameters none Specifies not to use any authorization scheme h...

Page 527: ...s the VLAN descriptor Description Use the authorization vlan command to specify an authorized VLAN for a local user A user passing the authentication of the local RADIUS server can access network reso...

Page 528: ...number ip ip address Cuts down all user connections with a specified IP address mac mac address Cuts down the user connection with a specified MAC address Here mac address is in H H H format radius s...

Page 529: ...form of H H H radius scheme radius scheme name Displays all user connections using a specified RADIUS scheme Here radius scheme name is a string of up to 32 characters hwtacacs scheme hwtacacs scheme...

Page 530: ...00 04 03 02 52 22 Online 00h00m29s On Unit 1 Total 1 connections matched 1 listed Total 1 connections matched 1 listed Here Port NO 0x10003001 means by the binary bits Table 1 1 Description of the Por...

Page 531: ...r block Scheme AAA scheme that the domain uses Access Limit Maximum number of local user connections in the domain Vlan assignment mode VLAN assignment mode which can be Integer or String Domain User...

Page 532: ...can specify one of the following user types ftp lan access generally this type of users are Ethernet access users for example 802 1x users ssh telnet and terminal this type of user is a terminal user...

Page 533: ...Current AccessNum Number of current access users Bind location Whether or not bound to a port Vlan ID VLAN of the user Authorization VLAN Authorized VLAN of the user IP address IP address of the user...

Page 534: ...u execute the domain command the system creates a new ISP domain if the specified ISP domain does not exist Once an ISP domain is created it is in the active state You can manually specify an ISP doma...

Page 535: ...e that contains multiple the first will be used as the domain delimiter z If you have configured to use as the delimiter the must not appear more than once in the username If is the delimiter the user...

Page 536: ...me domain aabbcc net New Domain added Sysname isp aabbcc net idle cut enable 50 500 level Syntax level level undo level View Local user view Parameters level Privilege level to be set for the user It...

Page 537: ...t be longer than 128 characters If the username includes one or more characters and the last is followed by numerals it must be followed by at least five numerals to avoid confusion This is because an...

Page 538: ...ce Adopts the forcible cipher mode so that all local users the passwords will be displayed in cipher text auto Adopts the automatic mode so that each local user s password will be displayed in the mod...

Page 539: ...le of 5 Description Use the messenger time enable command to enable the messenger function and set the related parameters Use the messenger time disable command to disable the messenger function Use t...

Page 540: ...ame of VLAN 100 to test Sysname system view System View return to User View with Ctrl Z Sysname vlan 100 Sysname vlan100 name test password Syntax password simple cipher password undo password View Lo...

Page 541: ...s a password in plain text Related commands display local user Examples Set the password of user1 to 20030422 and specify to display the password in plain text Sysname system view System View return t...

Page 542: ...reference a RADIUS scheme in current ISP domain the referenced RADIUS scheme must already exist z If you execute the scheme radius scheme radius scheme name local command the local scheme is used as t...

Page 543: ...k If the actual URL of the self service server contains a question mark you should change it to an elect bar Description Use the self service url enable command to enable the self service server locat...

Page 544: ...is an FTP user lan access Specifies that this is a LAN access user who is generally an Ethernet access user for example 802 1x user telnet Authorizes the user to access the Telnet service ssh Authoriz...

Page 545: ...rrent local user in local user view By default an ISP domain local user is in the active state once it is created After an ISP domain is set to the block state except for online users users in this do...

Page 546: ...teger If the RADIUS authentication server assigns integer type of VLAN IDs you can set the VLAN assignment mode to integer on the switch this is also the default mode on the switch Then upon receiving...

Page 547: ...VLAN ID assigned by the RADIUS server is a character string containing only digits for example 1024 the switch first regards it as an integer VLAN ID the switch transforms the string to an integer val...

Page 548: ...er when it performs accounting for an online user it will not disconnect the user as long as the accounting optional command has been executed This command is commonly used in the cases where only aut...

Page 549: ...ion at restart function is disabled The purpose of this function is to solve this problem users cannot re log into the switch after the switch restarts because they are regarded as already online Afte...

Page 550: ...ge any more z After configuring the accounting on enable command you need to execute the save command so that the command can take effect when the switch restarts z This function requires the cooperat...

Page 551: ...in uppercase Sysname system view System View return to User View with Ctrl Z Sysname radius scheme system Sysname radius system calling station id mode mode2 uppercase data flow format Syntax data flo...

Page 552: ...adius scheme Sysname radius radius1 data flow format data kilo byte packet kilo packet display local server statistics Syntax display local server statistics View Any view Parameters None Description...

Page 553: ...1813 Auth Server Encryption Key Not configured Acct Server Encryption Key Not configured Accounting method required Accounting On packet enable send times 15 interval 3s TimeOutValue in second 3 Retry...

Page 554: ...e timeout time RetryTimes Maximum number of transmission attempts of a RADIUS request RealtimeACCT in minute Real time accounting interval in minutes Permitted send realtime PKT failed counts maximum...

Page 555: ...ine 0 Stop 0 StateErr 0 Received and Sent packets statistic Unit 1 Sent PKT total 0 Received PKT total 0 RADIUS received packets statistic Code 2 Num 0 Err 0 Code 3 Num 0 Err 0 Code 5 Num 0 Err 0 Code...

Page 556: ...er name user name View Any view Parameters radius scheme radius scheme name Displays the buffered stop accounting requests of a specified RADIUS scheme Here radius scheme name is a string of up to 32...

Page 557: ...e request and transmit the buffered one until the maximum number of transmission attempts set by the retry stop accounting command is reached Related commands reset stop accounting buffer stop account...

Page 558: ...he accounting shared key you set on the switch must be respectively consistent with the shared key on the authentication authorization server and the shared key on the accounting server Related comman...

Page 559: ...IUS services Sysname system view System View return to User View with Ctrl Z Sysname local server enable local server nas ip Syntax local server nas ip ip address key password undo local server nas ip...

Page 560: ...u cannot set the 802 1x authentication method as eap by using the dot1x authentication method eap command Related commands radius scheme state local server enable Examples Allow the local RADIUS serve...

Page 561: ...1 primary accounting Syntax primary accounting ip address port number undo primary accounting View RADIUS scheme view Parameters ip address IP address of the primary accounting server to be used in d...

Page 562: ...ault IP address and port number of the primary RADIUS authentication authorization server which are 0 0 0 0 and 1812 respectively In the system default RADIUS scheme system the default IP address of t...

Page 563: ...Use the radius client enable command to enable RADIUS authentication and accounting ports Use the undo radius client command to disable RADIUS authentication and accounting ports By default RADIUS aut...

Page 564: ...w and the configuration in RADIUS scheme view takes precedence over that in system view Note that z You can set the source IP address of outgoing RADIUS messages to avoid messages returned from RADIUS...

Page 565: ...nt to interact with the RADIUS servers You should first create a RADIUS scheme and enter its view before performing RADIUS protocol configurations z A RADIUS scheme can be referenced by multiple ISP d...

Page 566: ...ng server turns down By default this function is disabled This configuration takes effect on all RADIUS scheme The switch considers a RADIUS server as being down if it has tried the configured maximum...

Page 567: ...ated within a specified time period Here start time is the start time of the time period stop time is the end time of the time period and both are in the format of hh mm ss mm dd yyyy or hh mm ss yyyy...

Page 568: ...if it gets no response from the RADIUS server after the server response timeout timer expires If the switch gets no answer after it has tried the maximum number of times to transmit a RADIUS request t...

Page 569: ...ltiple times in an accounting attempt the maximum number of transmission attempts is set by the retry command in RADIUS scheme view If no response is received after the switch tries the maximum number...

Page 570: ...cal to billing and will eventually affect the charges of users they are important to both users and ISPs Therefore the switch should do its best to transmit them to RADIUS accounting servers When gett...

Page 571: ...address and UDP port number of the secondary accounting server for RADIUS scheme radius1 to 10 110 1 1 and 1813 respectively Sysname system view System View return to User View with Ctrl Z Sysname ra...

Page 572: ...support H3C s RADIUS server which is generally a CAMS that is use the procedure and message format of private RADIUS protocol to interact with an H3C s RADIUS server standard Specifies to support sta...

Page 573: ...dary servers authentication authorization servers or accounting servers in a RADIUS scheme note that z When the switch fails to communicate with the primary server due to some server trouble the switc...

Page 574: ...billing and will eventually affect the charges they are important to both users and ISPs Therefore the switch should do its best to transmit them to RADIUS accounting servers When getting no response...

Page 575: ...IUS servers and the corresponding timer in the switch system is called the response timeout timer of RADIUS servers You can use the timer command to set the timeout time of this timer and if the switc...

Page 576: ...with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 timer quiet 10 timer realtime accounting Syntax timer realtime accounting minutes undo timer realtime accounting View...

Page 577: ...try realtime accounting radius scheme Examples Set the real time accounting interval of RADIUS scheme radius1 to 51 minutes Sysname system view System View return to User View with Ctrl Z Sysname radi...

Page 578: ...system view System View return to User View with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 timer response timeout 5 user name format Syntax user name format with d...

Page 579: ...s from the usernames to be sent to RADIUS server in RADIUS scheme radius1 Sysname system view System View return to User View with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius...

Page 580: ...tatistics View Any view Parameters hwtacacs scheme name HWTACACS scheme name a string of 1 to 32 characters This name is case insensitive If this argument is not specified the system displays informat...

Page 581: ...ounting buffer hwtacacs scheme hwtacacs scheme name View Any view Parameters hwtacacs scheme hwtacacs scheme name Displays the buffered stop accounting requests of a specified HWTACACS scheme Here hwt...

Page 582: ...l interface trouble It is recommended to use a Loopback interface address as the source IP address z You can specify only one source IP address by using this command When you re execute this command a...

Page 583: ...n Sets a shared key for HWTACACS authentication messages authorization Sets a shared key for HWTACACS authorization messages string Shared key to be set a string of up to 16 characters Description Use...

Page 584: ...server from being unable to reach their destination due to physical interface trouble It is recommended to use a Loopback interface address as the source IP address z You can set only one source IP a...

Page 585: ...z You are not allowed to set the same IP address for both primary and secondary accounting servers If you do this your setting will fail z If you re execute the command the new setting will overwrite...

Page 586: ...ng will fail z If you re execute the command the new setting will overwrite the old one z You can remove an authentication server setting only when there is no active TCP connection that is sending au...

Page 587: ...CP connection that is sending authorization messages to the server Related commands display hwtacacs Examples Set the IP address and UDP port number of the primary authorization server for HWTACACS sc...

Page 588: ...racters Description Use the reset stop accounting buffer command to clear stop accounting requests that are buffered on the switch due to getting no response Related commands stop accounting buffer en...

Page 589: ...ng ip address port undo secondary accounting View HWTACACS scheme view Parameters ip address IP address of the secondary accounting server to be used a valid unicast address in dotted decimal notation...

Page 590: ...d port number of the secondary HWTACACS authentication server to be used by the current scheme Use the undo secondary authentication command to restore the default IP address and port number of the se...

Page 591: ...fault IP address and port number of the secondary HWTACACS authorization server which are 0 0 0 0 and 49 respectively Note that z You are not allowed to set the same IP address for both primary and se...

Page 592: ...ait 10 minutes before it tries to restore the status of the primary server to active Sysname system view System View return to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1...

Page 593: ...as possible when the number of users is relatively great 1000 The following table lists the recommended intervals for different numbers of users Table 1 7 Numbers of users and recommended intervals Nu...

Page 594: ...0 user name format Syntax user name format with domain without domain View HWTACACS scheme view Parameters with domain Specifies to include ISP domain names in the usernames to be sent to TACACS serve...

Page 595: ...in more than one ISP domain Otherwise such errors may occur the TACACS server regards two different users having the same name but belonging to different ISP domains as the same user because the usern...

Page 596: ...ve one specified or all security policy server address settings You can configure up to eight security policy server addresses in each RADIUS scheme The switch only responds to those session control m...

Page 597: ...2 2 security policy server 192 168 0 1 user name format without domain...

Page 598: ...tication authmode usernameasmacaddress 1 6 mac authentication authmode usernamefixed 1 6 mac authentication authpassword 1 7 mac authentication authusername 1 8 mac authentication domain 1 8 mac authe...

Page 599: ...ultiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 p...

Page 600: ...ed Authentication mode Username type used in the MAC address authentication z UsernameFixed Uses the fixed username for authentication z UsernameAsMacAddress Uses the MAC address of a user as the user...

Page 601: ...the switch sets the user to be in quiet state During quiet period the switch does not process the authentication request of this user Ethernet1 0 1 is link up The link connected to Ethernet1 0 1 port...

Page 602: ...ing executed in Ethernet port view the mac authentication command enables MAC address authentication on the current port To make the MAC address authentication take effect you must enable MAC address...

Page 603: ...By default MAC address authentication is disabled on a port z This command is essential for MAC address authentication to work on a port or on particular ports after MAC address authentication is glo...

Page 604: ...password for MAC address authentication as the specified fixed password instead of user MAC addresses password is a string of 1 to 63 characters Description Use the mac authentication authmode usernam...

Page 605: ...mac authentication authmode usernamefixed mac authentication authpassword Syntax mac authentication authpassword password undo mac authentication authpassword View System view Parameters password Pass...

Page 606: ...e system view System View return to User View with Ctrl Z Sysname mac authentication authusername vipuser mac authentication domain Syntax mac authentication domain isp name undo mac authentication do...

Page 607: ...0 After a user fails to pass the authentication performed by a switch the switch quiets for a specific period the quiet period before it authenticates the user again server timeout value Server timeou...

Page 608: ...ation Enhanced Function Configuration Commands mac authentication guest vlan Syntax mac authentication guest vlan vlan id undo mac authentication guest vlan View Ethernet port view Parameters vlan id...

Page 609: ...hentication cannot be enabled for a port configured with a Guest VLAN z The Guest VLAN function for MAC address authentication does not take effect when port security is enabled Related commands mac a...

Page 610: ...mum number of MAC address authentication users allowed to access Ethernet 1 0 2 to 100 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet...

Page 611: ...es Configure the switch to re authenticate users in Guest VLANs at the interval of 60 seconds Sysname system view System View return to User View with Ctrl Z Sysname mac authentication timer guest vla...

Page 612: ...tication connection 1 2 web authentication customize 1 3 web authentication cut connection 1 5 web authentication enable 1 6 web authentication free ip 1 6 web authentication free user 1 7 web authent...

Page 613: ...ntication configuration information Sysname display web authentication configuration Status enabled Web Server IP 30 1 1 2 Port 80 Idle cut time 900 sec Max online time 1800 sec Max connection of devi...

Page 614: ...e user information Interface Configuration Configuration information about Web authentication enabled ports Interface_number Index of a Web authentication enabled port method User access method on the...

Page 615: ...rm name file all View System view Parameters corp name Specifies the company name to be displayed on Web authentication pages corporation text Company name a string of 1 to 64 characters that can cont...

Page 616: ...eb authentication pages Examples Customize information to be displayed on Web authentication pages as follows z Company name 3Com Corporation z E mail mailto relations 3com com z Phone number 1 800 87...

Page 617: ...ecifies an user by the user s MAC address user name user name Specifies a user by the user s name which is a string of 1 to 184 characters interface type interface number Specifies all users on a port...

Page 618: ...eatures is enabled and vice versa 802 1x MAC authentication port security port aggregation and XRN Examples Enable Web authentication globally Sysname system view System View return to User View with...

Page 619: ...free ip 10 1 1 0 24 web authentication free user Syntax web authentication free user ip ip address mac mac address undo web authentication free user ip ip address mac mac address all View System view...

Page 620: ...ximum number of online Web authentication users on the port in the range of 1 to 128 Description Use the web authentication max connection command to set the maximum number of online Web authenticatio...

Page 621: ...Web authentication users to be online at the same time z designated In this mode the port allows only one Web authentication user to be online at a time This configuration takes effect only when Web a...

Page 622: ...e system logs off the user You are recommended to set the interval to a value that is greater than half of the MAC address entry aging time but less than the MAC address entry aging time Examples Set...

Page 623: ...umber Port number of the Web authentication server It ranges from 1 to 50000 with 80 as the default Description Use the web authentication web server ip command to set the IP address and port number o...

Page 624: ...tatistics 1 3 reset vrrp statistics 1 4 vrrp method 1 5 vrrp ping enable 1 6 vrrp vlan interface vrid track 1 6 vrrp vrid authentication mode 1 7 vrrp vrid preempt mode 1 8 vrrp vrid priority 1 9 vrrp...

Page 625: ...verbose command to display the detailed VRRP state information refer to Table 1 2 for details z If you do not specify a VLAN interface or a VRRP group the command will display the state information of...

Page 626: ...lay vrrp verbose Run Method VIRTUAL MAC Virtual Ip Ping Disable Interface Vlan interface1 VRID 1 Adver Timer 1 Admin Status UP State Master Config Pri 100 Run Pri 100 Preempt Mode YES Delay Time 0 Aut...

Page 627: ...on Use the display vrrp statistics command to display the VRRP statistics information of VRRP group s Refer to Table 1 3 for the displayed information z If neither a VLAN interface nor a VRRP group is...

Page 628: ...ntication types Auth Type Mismatch Number of mismatched authentication types Packet Length Errors Number of VRRP packet length errors Address List Errors Number of the virtual IP address list errors B...

Page 629: ...mac undo vrrp method View System view Parameters real mac Maps the real MAC address of the switch to the virtual IP address of the VRRP group virtual mac Maps the virtual MAC address of the VRRP grou...

Page 630: ...nfigured before any VRRP group is created If a VRRP group already exists on the switch you are not allowed to execute the command Examples Enable a VRRP group to respond to ping packets destined for i...

Page 631: ...ing function configured on the IP address owner cannot take effect z The port to be tracked can be in the VLAN whose VLAN interface has the VRRP group configured z Up to eight ports can be tracked sim...

Page 632: ...all the VRRP groups on an interface This is determined by the protocol which defines that all the VRRP groups on an interface share the same authentication type and authentication key Besides all the...

Page 633: ...RRP group Setting a preemption delay period aims at z In an unstable network backups in a VRRP group possibly cannot receive VRRP advertisements from the master in time due to network congestions This...

Page 634: ...it can work properly Examples Set the priority to 120 on VLAN interface 2 for the switch in the VRRP group Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interf...

Page 635: ...es This argument ranges from 1 to 255 and defaults to 10 Description Use the vrrp vrid track interface command to set a VLAN interface to be tracked Use the undo vrrp vrid track interface command to d...

Page 636: ...rity decreases This argument ranges from 1 to 255 and defaults to 10 Description Use the vrrp vrid track detect group command to enable the auto detect function when employing VRRP Use the undo vrrp v...

Page 637: ...red Description Use the vrrp vrid virtual ip command to create a VRRP group and configure the virtual IP address for the VRRP group or add a virtual IP address to the virtual IP address list of an exi...

Page 638: ...m View return to User View with Ctrl Z Sysname interface Vlan interface 2 Sysname Vlan interface2 vrrp vrid 1 virtual ip 10 10 10 10 Add a virtual IP address to an existing VRRP group Sysname Vlan int...

Page 639: ...rp detection enable 2 1 arp detection trust 2 2 arp filter source 2 3 arp filter binding 2 3 arp max learning num 2 4 arp protective down recover enable 2 5 arp protective down recover interval 2 5 ar...

Page 640: ...he undo arp check enable command to disable the ARP entry checking function With the ARP entry checking function enabled the switch cannot learn any ARP entry with a multicast MAC address Configuring...

Page 641: ...iodically you need to create the VRRP backup group and perform corresponding configurations Refer to the part discussing VRRP in this manual for details Examples Enable the master switch of the VRRP b...

Page 642: ...uments must belong to the VLAN z Currently static ARP entries cannot be configured on the ports of an aggregation group Related commands reset arp display arp Examples Create a static ARP mapping entr...

Page 643: ...splay all the ARP entries Sysname display arp Type S Static D Dynamic IP Address MAC Address VLAN ID Port Name AL ID Aging Type 10 2 72 162 000a 000a 0aaa N A N A N A S 192 168 0 77 0000 e8f5 6a4a 1 E...

Page 644: ...ries to be displayed For detailed information about regular expressions refer to Configuration File Management Command in this manual begin Displays the first ARP entry containing the specified string...

Page 645: ...t Command in this manual begin Displays the number of ARP entries counted from the first one containing the specified string exclude Displays the number of ARP entries that do not contain the specifie...

Page 646: ...arp period resending enable command to disable this function By default this function is enabled the gratuitous ARP packets are sent at an interval of 30 seconds After you enable a VLAN interface to...

Page 647: ...earning enable command to disable the gratuitous ARP packet learning function By default the gratuitous ARP packet learning function is enabled Examples Enable the gratuitous ARP packet learning funct...

Page 648: ...1 9 Examples Clear static ARP entries Sysname reset arp static...

Page 649: ...p anti attack valid check enable command to enable ARP source MAC address consistency check Use the undo arp anti attack valid check enable command to disable this function By default ARP source MAC a...

Page 650: ...VLAN By default ARP attack detection is disabled on the switch Examples Enable ARP attack detection on all ports in VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname vlan...

Page 651: ...e command to remove the configuration By default ARP packet filtering based on the gateway s IP address is disabled Note that z This command should be configured on a port directly connected to hosts...

Page 652: ...net 1 0 2 Sysname system view Sysname interface ethernet1 0 2 Sysname Ethernet1 0 2 arp filter binding 192 168 100 1 000d 88f8 528c arp max learning num Syntax arp max learning num number undo arp max...

Page 653: ...very function is disabled Examples Enable the port state auto recovery function of the switch Sysname system view System View return to User View with Ctrl Z Sysname arp protective down recover enable...

Page 654: ...0 arp rate limit Syntax arp rate limit rate undo arp rate limit View Ethernet port view Parameters rate Maximum ARP packet receiving rate on the port in the range of 10 to 1 024 pps Description Use th...

Page 655: ...imit function on Ethernet 1 0 11 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 11 Sysname Ethernet1 0 11 arp rate limit enable arp restricted forwardin...

Page 656: ...RP trusted port state and discarded invalid ARP packets those failed to pass ARP attack detection on the specified port If ARP attack detection is disabled the statistics of ARP trusted port state and...

Page 657: ...ses both static and dynamic IP addresses and MAC addresses of authenticated 802 1x clients and uses the mappings for ARP attack detection after IP to MAC static bindings and DHCP snooping entries are...

Page 658: ...he undo arp proxy enable command to disable common proxy ARP on the VLAN interface By default common proxy ARP is disabled on the VLAN interfaces of a switch Related commands display arp proxy Example...

Page 659: ...p proxy Interface Vlan interface1 Proxy ARP status enabled Local Proxy ARP status disabled Interface Vlan interface2 Proxy ARP status enabled Local Proxy ARP status disabled Interface Vlan interface3...

Page 660: ...N interface Use the undo local proxy arp enable command to disable local proxy ARP on the VLAN interface By default local proxy ARP is disabled on the VLAN interfaces of a switch Examples Enable local...

Page 661: ...t can transmit Resilient ARP packets If the unit id argument is not specified this command is to display the Resilient ARP state information of all units If the unit id argument is specified this comm...

Page 662: ...enable resilient arp interface vlan interface Syntax resilient arp interface Vlan interface vlan id undo resilient arp interface Vlan interface vlan id View System view Parameters vlan id VLAN interf...

Page 663: ...4 3 Sysname resilient arp interface vlan interface 2...

Page 664: ...1 16 dhcp server option 1 17 dhcp server ping 1 18 dhcp server relay information enable 1 18 dhcp server static bind 1 19 dhcp server tftp server domain name 1 20 dhcp server tftp server ip address 1...

Page 665: ...nooping 3 1 dhcp snooping information enable 3 1 dhcp snooping information format 3 2 dhcp snooping information packet format 3 3 dhcp snooping information remote id 3 3 dhcp snooping information stra...

Page 666: ...iii ip address dhcp alloc 5 2 BOOTP Client Configuration Commands 5 3 display bootp client 5 3 ip address bootp alloc 5 4...

Page 667: ...HCP address pool view Parameters domain name Name of a domain a string of 1 to 24 characters You can use the domain command to create a domain Description Use the accounting domain command to enable t...

Page 668: ...bims server command to remove specified BIMS server information from the DHCP global address pool By default the related information of the BIMS server is not specified If you execute the bims server...

Page 669: ...write the previous one Examples Specify the bootfile name aaa cfg in DHCP global address pool 0 for the client Sysname system view Enter system view return to user view with Ctrl Z Sysname dhcp server...

Page 670: ...system view Sysname system view System View return to User View with Ctrl Z Enable DHCP Sysname dhcp enable dhcp select global Syntax VLAN interface view dhcp select global undo dhcp select System vie...

Page 671: ...client Sysname dhcp select global interface vlan interface 1 to vlan interface 3 Configure all interfaces to operate in global DHCP address pool mode so that when a DHCP packet is received from a DHC...

Page 672: ...d The corresponding implementation is as follows z After a DHCP interface address pool is created by executing the dhcp select interface command UDP 67 and UDP 68 ports used by DHCP are enabled z Afte...

Page 673: ...terface number keyword and argument combination specifies a port range all Specifies all ports Description Use the dhcp server bims server command to specify the IP address port number and shared key...

Page 674: ...number argument specifies an interface number Description Use the dhcp server bootfile name command to specify the bootfile name in interface address pool for the client Use the undo dhcp server bootf...

Page 675: ...ver dns list Syntax In VLAN interface view use the following commands to specify the DNS server IP address in the current DHCP interface address pool for the client dhcp server dns list ip address 1 8...

Page 676: ...er system view Sysname system view System View return to User View with Ctrl Z Enter VLAN interface 1 view Sysname interface Vlan interface 1 Configure the DNS server IP address 1 1 1 254 for the DHCP...

Page 677: ...o dhcp server domain name command to remove the configured domain name suffix By default no domain name suffix is configured for the DHCP client Related commands domain name Examples Enter system view...

Page 678: ...fies an interface number the interface interface type interface number to interface type interface number keyword and argument combination specifies an interface range all Specifies all interface addr...

Page 679: ...er forbidden ip command to cancel the forbiddance By default all IP addresses in an address pool are allowed to be automatically assigned Related commands dhcp server ip pool network static bind ip ad...

Page 680: ...following functions z UDP 67 and UDP 68 ports used by DHCP are enabled only when DHCP is enabled z UDP 67 and UDP 68 ports are disabled when DHCP is disabled The corresponding implementation is as fol...

Page 681: ...ber argument specifies an interface number the interface interface type interface number to interface type interface number keyword and argument combination specifies an interface range all In compari...

Page 682: ...fies the m typed node Nodes of this type are p nodes with some broadcasting features h node Specifies the h typed node Nodes of this type are b nodes with peer to peer communicating features interface...

Page 683: ...ii ascii string Specifies a string that is of 1 to 63 characters Note that each character of the string must be an ASCII character hex hex string 1 10 Specifies strings each of which comprises 1 to 8...

Page 684: ...ranges from 0 to 10 and defaults to 2 Value 0 means no ping operation will be performed timeout milliseconds Specifies the timeout time in milliseconds the device waits for an echo response The millis...

Page 685: ...ess mac address View VLAN interface view Parameters ip address IP address to be statically bound Note that the specified IP address must belong to the same network segment as that of the current VLAN...

Page 686: ...s 10 1 1 2 to the MAC address 0000 e03f 0305 Assume that the DHCP interface address pool of VLAN interface 1 already exists and the IP address belongs to the address pool Sysname Vlan interface1 dhcp...

Page 687: ...Sysname interface Vlan interface 1 Sysname Vlan interface1 dhcp server tftp server domain name domain1 dhcp server tftp server ip address Syntax In VLAN interface view use the following commands to sp...

Page 688: ...l for the client dhcp server voice config ncp ip ip address as ip ip address voice vlan vlan id enable disable fail over ip address dialer string undo dhcp server voice config ncp ip as ip voice vlan...

Page 689: ...herwise other sub options do not take effect By default a DHCP server interface address pool does not assign Option 184 and the corresponding sub options to the client Related commands voice config Ex...

Page 690: ...interface interface type interface number all View Any view Parameters ip ip address Specifies an IP address pool pool name Specifies a global address pool The pool name argument a string of 1 to 35...

Page 691: ...e expired IP addresses of global address pools Interface pool The information about the expired IP addresses of interface address pools IP address Bound IP addresses Client identifier Hardware address...

Page 692: ...erface this command applies to all VLAN interfaces all Specifies all address pools Description Use the display dhcp server ip in use command to display the address binding information of one IP addres...

Page 693: ...se expiration Time when the lease expires Type Address binding type display dhcp server statistics Syntax display dhcp server statistics View Any view Parameters None Description Use the display dhcp...

Page 694: ...e 0 Dhcp Release 1 Dhcp Inform 0 Statistics about the DHCP packets received from DHCP clients Boot Reply 4 Dhcp Offer 1 Dhcp Ack 3 Dhcp Nak 0 Statistics about the DHCP packets sent to DHCP clients Bad...

Page 695: ...ield Description Global pool Information about global address pools Interface pool Information about interface address pools Pool name Address pool name network Assignable IP address range Child node...

Page 696: ...dns list command to configure one or multiple DNS server IP addresses in a DHCP global address pool for the DHCP client Use the undo dns list command to remove one or all DNS server IP addresses confi...

Page 697: ...he DHCP global address pool 0 for the DHCP client Sysname dhcp server ip pool 0 Sysname dhcp pool 0 domain name mydomain com expired Syntax expired day day hour hour minute minute unlimited undo expir...

Page 698: ...ore than one IP address separate two neighboring IP addresses with a space all Specifies all configured gateway IP addresses Description Use the gateway list command to configure one or multiple gatew...

Page 699: ...NS server IP addresses configured for the DHCP client By default no WINS server IP address is configured If you execute the nbns list command repeatedly the new configuration overwrites the previous o...

Page 700: ...Examples Enter system view Sysname system view System View return to User View with Ctrl Z Specify b node as the NetBIOS node type in the DHCP global address pool 0 for the clients Sysname dhcp server...

Page 701: ...haracter hex hex string 1 10 Specifies strings each of which comprises of 1 to 8 hexadecimal digits The 1 10 means that you can provide up to 10 such strings When entering more than one strings separa...

Page 702: ...ip in use all interface interface type interface number ip ip address pool pool name View User view Parameters all Clears the dynamic address binding information about all IP addresses interface inter...

Page 703: ...packets request packets response packets Related commands display dhcp server statistics Examples Clear the statistics on a DHCP server Sysname reset dhcp server statistics static bind client identifi...

Page 704: ...me dhcp server ip pool 0 Sysname dhcp pool 0 static bind ip address 10 1 1 1 mask 255 255 255 0 Sysname dhcp pool 0 static bind client identifier aaaa bbbb static bind ip address Syntax static bind ip...

Page 705: ...host to which the IP address is to be bound You need to provide this argument in the form of H H H Description Use the static bind mac address command to specify a MAC address to which an IP address...

Page 706: ...name in a global address pool for the DHCP client Use the undo tftp server domain name command to remove the TFTP server name from a global address pool By default no TFTP server name is specified Usi...

Page 707: ...onfig ncp ip as ip voice vlan fail over View DHCP address pool view Parameters ncp ip ip address Specifies the IP address of the primary network calling processor as ip ip address Specifies the IP add...

Page 708: ...184 in global address pool 123 The NCP IP address is 1 1 1 1 and the IP address of the alternate server is 2 2 2 2 The voice VLAN is enabled with the ID being 3 The fail over IP address is 3 3 3 3 an...

Page 709: ...resses match a binding on the DHCP relay agent if not the client cannot access outside networks via the DHCP relay agent Use the address check disable command to disable IP address match checking on t...

Page 710: ...dshake function is enabled Note that Currently the DHCP relay agent handshake function on a S5500 EI series switch can only interoperate with a Windows 2000 DHCP server Examples Disable the DHCP relay...

Page 711: ...p replace undo dhcp relay information strategy View System view Parameters drop Specifies to drop messages containing Option 82 keep Specifies to forward messages containing Option 82 without any chan...

Page 712: ...se the dhcp security static command to configure a static DHCP address binding entry Use the undo dhcp security command to remove one or all address binding entries or all address binding entries of a...

Page 713: ...amic binding entries to 60 seconds Sysname dhcp security tracker 60 dhcp server Syntax dhcp server groupNo undo dhcp server View VLAN interface view Parameters groupNo DHCP server group number This ar...

Page 714: ...and DHCP services are disabled At the same time UDP 67 and UDP 68 ports used by DHCP are disabled Examples Enter system view Sysname system view System View return to User View with Ctrl Z Enter VLAN...

Page 715: ...separated by a space Description Use the dhcp server ip command to configure the DHCP server IP address es in a specified DHCP server group Use the undo dhcp server command to remove all DHCP server...

Page 716: ...1 1 1 0001 0001 0001 Static 192 168 10 2 000d 88f7 b090 Dynamic_ack 2 dhcp security item s found Table 2 1 Description on the fields of the display dhcp security command Field Description IP Address I...

Page 717: ...d Description IP address of DHCP server group 0 DHCP server IP addresses of DHCP server group 0 Messages from this server group Number of the packets the DHCP relay receives from the DHCP server group...

Page 718: ...terface command to display information about the DHCP server group to which a VLAN interface is mapped Related commands dhcp server display dhcp server Examples Display information about the DHCP serv...

Page 719: ...2 11 Related commands dhcp server display dhcp server Examples Clear the statistics information of DHCP server group 2 Sysname reset dhcp server 2...

Page 720: ...er without recording the IP to MAC bindings of the DHCP clients By default the DHCP snooping function is disabled Note that z You need to disable DHCP relay agent before enabling DHCP snooping on the...

Page 721: ...n format Syntax dhcp snooping information format hex ascii View System view Parameters hex Specifies the storage format of Option 82 as HEX namely hexadecimal string ascii Specifies the storage format...

Page 722: ...s the extended or standard one By default the padding format for Option 82 is the extended one Examples Configure the padding format for Option 82 as the standard one Sysname system view System View r...

Page 723: ...cket keep If a packet contains Option 82 DHCP snooping keeps and forwards this packet replace If a packet contains Option 82 DHCP snooping replaces the original Option 82 field with the Option 82 fiel...

Page 724: ...sub option string Content of the circuit ID sub option a string of 3 to 63 ASCII characters Description Use the dhcp snooping information vlan circuit id command to configure the content of the circu...

Page 725: ...e content of the remote ID in Option 82 Use the undo dhcp snooping information remote id command to restore the default remote ID in Option 82 With vlan vlan id specified the customized remote ID sub...

Page 726: ...re an Ethernet port to a DHCP snooping untrusted port By default with the DHCP snooping enabled all the ports of a switch are untrusted ports Note that After DHCP snooping is enabled you need to speci...

Page 727: ...Sysname display dhcp snooping DHCP Snooping is enabled The client binding table for all untrusted ports Type D Dynamic S Static Unit ID 1 Type IP Address MAC Address Lease VLAN Interface D 10 1 1 1 00...

Page 728: ...ured If you specify a VLAN all the IP static binding entries for the specified VLAN will be displayed If you specify a port all the IP static binding entries for the specified port will be displayed E...

Page 729: ...ess Enables IP filtering based on source MAC addresses of the packets Description Use the ip check source ip address command to enable IP filtering based on the DHCP snooping table and the IP static b...

Page 730: ...rce MAC address and the port By default no binding among source IP address source MAC address and the port number is configured To create a static binding after IP filtering is enabled with the mac ad...

Page 731: ...eset dhcp snooping command to remove DHCP snooping entries from a switch If no ip address is specified all DHCP snooping entries are removed Examples Remove all DHCP snooping entries from the switch S...

Page 732: ...disable port state auto recovery With the port state auto recovery function a port that is shut down because the DHCP traffic rate limit configured on it is exceeded can automatically be brought up a...

Page 733: ...t are shut down after the dhcp protective down recover interval command is last executed Examples Set the port state auto recovery interval to 30 seconds Sysname system view System View return to User...

Page 734: ...tion to limit DHCP traffic for an Ethernet port You can use this command to limit the DHCP traffic passing through an Ethernet port When the number of DHCP packets received on the port per second exce...

Page 735: ...s that operate as DHCP clients support a maximum lease duration of 24 days currently Examples Display the information about the address allocation of DHCP clients Sysname display dhcp client verbose D...

Page 736: ...ase period Server IP IP address of the DHCP server selected Transaction ID Transaction ID Default router Gateway address Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds The timer e...

Page 737: ...h DHCP Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ip address dhcp alloc BOOTP Client Configuration Commands display boot...

Page 738: ...s bootp alloc undo ip address bootp alloc View VLAN interface view Parameters None Description Use the ip address bootp alloc command to configure a VLAN interface to obtain an IP address through BOOT...

Page 739: ...cription 1 2 display acl 1 3 display drv qacl_resource 1 4 display packet filter 1 5 display time range 1 6 packet filter 1 7 packet filter vlan 1 9 rule for Basic ACLs 1 10 rule for Advanced ACLs 1 1...

Page 740: ...user defined ACL match order Specifies the match order for ACL rules Following two match orders exist z auto Specifies to match ACL rules according to the depth first rule z config Specifies to match...

Page 741: ...255 255 rule 1 permit source 1 0 0 0 0 255 255 255 As shown in the output information the switch sorts the rules of ACL 2000 in the depth first order a rule with more zeros in the source IP address w...

Page 742: ...display acl Syntax display acl all acl number View Any view Parameters all Displays all ACLs acl number Number of the ACL to be displayed in the range of 2000 to 5999 Description Use the display acl...

Page 743: ...rce 3 3 3 0 0 0 0 255 Detailed information of a rule display drv qacl_resource Syntax display drv qacl_resource View Any view Parameters None Description Use the display drv qacl_resource to display t...

Page 744: ...e used rules spare mask Number of the remaining masks spare rule Number of the remaining rules Apply ACL 2001 to port GigabitEthernet 1 0 49 Sysname system view System View return to User View with Ct...

Page 745: ...Table 1 3 Description on the fields of the display packet filter command Field Description Ethernet1 0 1 Port on which packet filtering is performed Inbound Direction of the packet filtering Inbound o...

Page 746: ...Field Description Current time is 17 01 34 May 21 2007 Monday Current system time Time range Name of the time range Active Status of the time range which can be z Active The time range is active curre...

Page 747: ...rom 4000 to 4999 z The user group acl number keyword specifies a user defined ACL The acl number argument ranges from 5000 to 5999 z The rule rule id keyword specifies a rule of an ACL The rule argume...

Page 748: ...packet filter vlan vlan id inbound outbound acl rule View System view Parameters vlan id VLAN ID inbound Specifies to filter packets received by the ports in the VLAN outbound Specifies to filter pack...

Page 749: ...ACL 4000 on all ports in VLAN 40 to filter inbound packets Here it is assumed that the ACLs and their rules and the VLAN are already configured Sysname packet filter vlan 40 inbound ip group 3000 rule...

Page 750: ...by using the display acl command fragment Removes the settings concerning non tail fragments in the ACL rule source Removes the settings concerning source address in the ACL rule time range Removes t...

Page 751: ...er 2000 Sysname acl basic 2000 rule 1 deny source 192 168 0 1 0 Sysname acl basic 2000 quit Create basic ACL 2001 and define rule 1 to deny packets that are non tail fragments Sysname acl number 2001...

Page 752: ...oviding 0 for the sour wildcard argument The any keyword specifies any source address destination dest addr dest wildcard any Destination address Specifies the destination address information for the...

Page 753: ...r example you need to input 0 0 255 255 to specify the subnet mask 255 255 0 0 If you specify the dscp keyword you can directly input a value ranging from 0 to 63 or input one of the keywords listed i...

Page 754: ...n binary routine 0 000 priority 1 001 immediate 2 010 flash 3 011 flash override 4 100 critical 5 101 internet 6 110 network 7 111 If you specify the tos keyword you can directly input a value ranging...

Page 755: ...numerals the value range is 0 to 65535 With the range operator the value of port2 does not need to be greater than that of port1 because the switch can automatically judge the value range If the valu...

Page 756: ...1 13 Table 1 13 ICMP specific ACL rule information Parameters Type Function Description icmp type icmp type icmp code Type and message code information of ICMP packets Specifies the type and message c...

Page 757: ...o TCP or UDP icmp type Removes the settings concerning the ICMP type and message code in the ACL rule This keyword is only available to the ACL rules with their protocol type set to ICMP precedence Re...

Page 758: ...with the source IP address of 192 168 0 1 and DSCP priority of 46 Sysname system view System View return to User View with Ctrl Z Sysname acl number 3000 Sysname acl adv 3000 rule 1 deny ip source 192...

Page 759: ...format of H H H vlan id Source VLAN ID in the range of 1 to 4 094 dest dest mac addr dest mac mask Destination MAC address information Specifies the destination MAC address range for the ACL rule des...

Page 760: ...atically If the ACL has no rules the rule is numbered 0 otherwise the number of the rule will be the greatest rule number plus one If the current greatest rule number is 65534 however the system will...

Page 761: ...ytes when the rule string contains four hexadecimal numerals the maximum value of offset is 78 bytes and so on z The valid length of the mask offset is 128 hexadecimal numerals 64 bytes For example as...

Page 762: ...you modify the rule string rule mask offset combinations however the new combinations will replace all of the original ones z If you do not specify the rule id argument when creating an ACL rule the r...

Page 763: ...ackets sourced from 192 168 0 1 it is assumed that no port is enabled with the VLAN VPN function In the following rule command line 0806 is the protocol number of ARP 16 is the offset of the protocol...

Page 764: ...ring does not comply with the rule that a user defined rule string can contain up to eight mask offset units and any two offset units cannot belong to the same offset group The ACL cannot be assigned...

Page 765: ...nd time days of the week from start time start date to end time end date from start time start date to end time end date to end time end date View System view Parameters all Removes all the time range...

Page 766: ...d in a time range the time range is active only when the system time is within the defined absolute time section If multiple absolute time sections are defined in a time range the time range is active...

Page 767: ...1 28 From 12 00 Jan 1 2008 to 12 00 Jun 1 2008...

Page 768: ...lay qos interface traffic statistic 1 10 display queue scheduler 1 11 line rate 1 12 mirrored to 1 13 priority 1 15 priority trust 1 16 protocol priority protocol type 1 17 qos cos local precedence ma...

Page 769: ...esent z High speed traffic is forwarded over a low speed link or traffic received from multiple interfaces at the same speed is forwarded through an interface at the same speed By enabling the burst f...

Page 770: ...rities for certain protocol packets generated by it The supported protocols are Telnet SNMP ICMP and OSPF Depending on your configuration the IP or DSCP precedence is displayed for a specified protoco...

Page 771: ...lay qos cos local precedence map command to display the 802 1p priority to local precedence mapping illustrated by an 802 1p priority to local precedence mapping table as shown in the following exampl...

Page 772: ...ways 1 The unit ID ranges from 1 to 8 depending on the unit ID of the switch in the fabric For example if two switches form a fabric with the unit IDs being 3 and 5 respectively the unit IDs of the tw...

Page 773: ...weight of queue 2 3 weight of queue 3 4 weight of queue 4 5 weight of queue 5 9 weight of queue 6 13 weight of queue 7 15 Ethernet1 0 1 traffic remark vlanid Inbound Matches Acl 2000 rule 0 running R...

Page 774: ...Sets IP precedence for packets z local precedence Sets local precedence for packets Redirected to z interface indicates that the packets are redirected to the port z cpu indicates that the packets are...

Page 775: ...Kbps Burst bucket size 16 Kbyte Refer to Table 1 3 for the description on the output fields display qos interface mirrored to Syntax display qos interface interface type interface number unit id mirro...

Page 776: ...e value range for the unit id argument refer to Table 1 2 Description Use the display qos interface traffic limit command to display the traffic policing configuration of a port or a unit Related comm...

Page 777: ...1 0 1 traffic priority Ethernet1 0 1 traffic priority Inbound Matches Acl 2000 rule 0 running Priority action dscp ef Refer to Table 1 3 for the description on the output fields display qos interface...

Page 778: ...configuration is to be displayed unit id Unit ID of the switch whose VLAN mapping configuration is to be displayed For the value range for the unit id argument refer to Table 1 2 Description Use the d...

Page 779: ...ic statistic Examples Display the traffic accounting configuration and traffic statistics of Ethernet 1 0 1 Sysname display qos interface Ethernet1 0 1 traffic statistic Ethernet1 0 1 traffic statisti...

Page 780: ...he range of this argument varies with port type as follows z Fast Ethernet port 64 to 99 968 z GigabitEthernet port 64 to 1 000 000 The granularity of port rate limit is 64 kbps Assume that the value...

Page 781: ...8 Kbps Burst bucket size 32 Kbyte mirrored to Syntax mirrored to inbound outbound acl rule monitor interface cpu undo mirrored to inbound outbound acl rule View Ethernet port view Parameters inbound D...

Page 782: ...ckets to the CPU Description Use the mirrored to command to configure traffic mirroring Use the undo mirrored to command to cancel the configuration Traffic monitoring provides a finer mirroring granu...

Page 783: ...splay the traffic mirroring configuration of Ethernet 1 0 1 and Ethernet 1 0 2 Sysname display qos interface Ethernet 1 0 1 mirrored to Ethernet1 0 1 mirrored to Inbound Matches Acl 2000 rule 0 runnin...

Page 784: ...Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 priority 6 priority trust Syntax priority trust undo priority View Ethernet port view Parameters None Description Use the priority trust command...

Page 785: ...pecifies the protocol type which could be Telnet SNMP ICMP or OSPF ip precedence ip precedence Specifies an IP precedence in digits for the specified protocol in the range 0 to 7 Alternatively you can...

Page 786: ...cs3 24 cs4 32 cs5 40 cs6 48 cs7 56 ef 46 Description Use the protocol priority command to set the global IP precedence or DSCP precedence for the specified type of protocol packets generated by the cu...

Page 787: ...local prec cos1 map local prec cos2 map local prec cos3 map local prec cos4 map local prec cos5 map local prec cos6 map local prec cos7 map local prec undo qos cos local precedence map View System vi...

Page 788: ...ing Table 1 8 The default 802 1p priority to local precedence mapping 802 1p priority Local precedence 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 Related commands display qos cos local precedence map Examples Co...

Page 789: ...h queue5 width queue6 width queue7 width Customizes the bandwidth values to be allocated for queues 0 through 7 in kbps In system view the bandwidth ranges from 0 to 99968 The bandwidth varies with th...

Page 790: ...you configure queues 0 and 2 to adopt SP and queues 3 through 7 to adopt WRR in system view you can modify the weights of queues 3 through 7 in port view but cannot modify the queue scheduling algorit...

Page 791: ...ue 0 through queue 7 to 1 2 3 4 5 6 7 and 8 Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 queue scheduler wrr 1 2 3 4 5 6 7 8 Display the global queue scheduling configuration Sysname Etherne...

Page 792: ...ches Acl 2008 rule 0 running 13775 packets inprofile 2061 packets outprofile Matches Acl 4008 rule 0 running 2606 packets inprofile 0 packet outprofile Clear the statistics about inbound packets match...

Page 793: ...he ACL rules referenced must be those defined with the permit keyword union effect Specifies that all the ACL rules including those identified by the acl rule argument in this command and those applie...

Page 794: ...pped egress port interface type interface number Enables traffic policing for the outbound packets of the port identified by interface type interface number The interface type interface number argumen...

Page 795: ...policing for packets matching specific ACL rules Related commands display qos interface traffic limit Examples Configure traffic policing for inbound packets sourced from VLAN 200 on Ethernet 1 0 1 se...

Page 796: ...pre value argument or in words as shown in Table 1 10 Alternatively you can specify the from ipprec keyword for the switch to extract the IP precedence for the 802 1p priority Table 1 10 802 1p prior...

Page 797: ...etframe 4000 rule permit cos 5 Sysname acl ethernetframe 4000 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 traffic priority inbound link group 4000 cos 1 Set the DSCP precedence of inbo...

Page 798: ...can also provide one of the keywords listed in Table 1 7 for the dscp value argument ip precedence pre value from cos Sets the IP precedence You can assign a value in digits in the range of 0 to 7 for...

Page 799: ...ethernetframe 4000 quit Sysname traffic priority vlan 2 inbound link group 4000 cos 1 traffic redirect Syntax traffic redirect inbound outbound acl rule cpu interface interface type interface number...

Page 800: ...for information about Combo ports z If the traffic is configured to be redirected to an aggregation group the traffic is redirected to the master port of the aggregation group Refer to Link Aggregatio...

Page 801: ...are to be mapped Description Use the traffic remark vlanid command to enable VLAN mapping and set the target VLAN ID for packets matching specific ACL rules Use the undo traffic remark vlanid command...

Page 802: ...nterface traffic statistic reset traffic statistic Examples Enable traffic accounting on Ethernet 1 0 1 for the inbound packets sourced from the IP network segment 1 1 1 0 24 Sysname system view Syste...

Page 803: ...to enable the WRED function Use the undo wred command to restore the default By default the WRED function is disabled Examples Enable the WRED function for queue 2 on Ethernet 1 0 1 specifying to drop...

Page 804: ...t of Ethernet ports You can specify multiple Ethernet ports by providing this argument in the form of interface type interface number to interface type interface number Description Use the apply qos p...

Page 805: ...a string of 1 to 184 characters and in the form of aa cc with aa for user name and cc for domain name Description Use the display qos profile command to display the configuration of a QoS profile or...

Page 806: ...ofile packet filter inbound ip group 2000 rule 0 Filter the inbound packets matching rule 0 of ACL 2000 traffic limit inbound ip group 3000 rule 0 64 Limit the rate of the inbound packets matching rul...

Page 807: ...e packet filtering action to a QoS profile Use the undo packet filter command to remove the packet filtering action from a QoS profile Examples Add the packet filtering action to the QoS profile named...

Page 808: ...profile is applied to the port manually use the undo apply qos profile command to remove the QoS profile from the port z If the QoS profile is applied to the port dynamically log off the user connect...

Page 809: ...ets received through the interface acl rule ACL rules to be applied for traffic classification This argument can be the combination of multiple ACLs For more information about this argument refer to T...

Page 810: ...outbound packets of the port identified by interface type interface number If you specify this keyword this command applies to the outbound unicast packets that pass the port and match the ACL rules z...

Page 811: ...ffic priority inbound outbound acl rule View QoS profile view Parameters inbound Performs priority marking on the inbound packets outbound Performs priority marking on the outbound packets acl rule AC...

Page 812: ...l precedence automatically If local precedence marking is also configured there will be two local precedence values for the traffic resulting in conflict In this case the device will display an error...

Page 813: ...ds 1 1 display mirroring group 1 1 mirroring group 1 3 mirroring group mirroring port 1 3 mirroring group monitor port 1 4 mirroring group reflector port 1 5 mirroring group remote probe vlan 1 6 mirr...

Page 814: ...ay the parameter settings of the destination groups for remote mirroring remote source Specifies to display the parameter settings of the source groups for remote mirroring Description Use the display...

Page 815: ...roup which can be active or inactive mirroring port Source port in port mirroring This field is available only for local mirroring groups or remote source mirroring groups both inbound outbound The di...

Page 816: ...the undo mirroring group command to remove a port mirroring group The mirroring group you created can take effect only after you configure other parameters for it Note that a Switch 5500 EI supports...

Page 817: ...oring group mirroring port command to configure the source ports for a local mirroring group or a remote source mirroring group Use the undo mirroring group mirroring port command to remove the source...

Page 818: ...an existing mirroring group a member port of an aggregation group a fabric port or a port enabled with LACP or STP as the destination port z Before configuring a destination port for a local mirroring...

Page 819: ...tection packet filtering QoS port security and so on z When a port is configured as a reflector port the switch configures its link state as up duplex mode as full and port rate as the maximum rate su...

Page 820: ...ysname system view System View return to User View with Ctrl Z Sysname vlan 100 Sysname vlan100 remote probe vlan enable Sysname vlan100 quit Sysname mirroring group 1 remote source Sysname mirroring...

Page 821: ...e Ethernet 1 0 1 as the source port and mirror all packets received on and sent from this port Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname...

Page 822: ...Ethernet 1 0 4 as a destination port in Ethernet port view Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 4 Sysname Ethernet1 0 4 monitor port remote p...

Page 823: ...commands mirroring group remote probe vlan Examples Configure VLAN 5 as the remote probe VLAN Sysname system view System View return to User View with Ctrl Z Sysname vlan 5 Sysname vlan5 remote probe...

Page 824: ...i Table of Contents 1 Web Cache Redirection Configuration Commands 1 1 Web Cache Redirection Configuration Commands 1 1 display webcache 1 1 webcache address 1 2 webcache redirect vlan 1 4...

Page 825: ...lay Web cache redirection configuration and the status of Web cache Sysname display webcache webcache IP address 1 1 1 1 webcache MAC address 000f e20f 0000 webcache port Ethernet1 0 1 webcache VLAN 1...

Page 826: ...ion function is enabled but Web cache detection is not started z Enable and detecting Indicates that the redirection function is enabled and the system is detecting the Web cache device z Enable but h...

Page 827: ...will not take effect z The VLAN interface of the VLAN which the Web cache server belongs to must be up otherwise the Web cache redirection function will not take effect z If you configured both the We...

Page 828: ...efore configuring a VLAN as a redirected VLAN you need to create the VLAN interface for the VLAN z You can configure multiple redirected VLANs by executing the webcache redirect vlan command repeatedl...

Page 829: ...upply 1 4 display poe temperature protection 1 5 poe disconnect 1 6 poe enable 1 6 poe legacy enable 1 7 poe max power 1 7 poe mode 1 8 poe power management 1 9 poe priority 1 9 poe temperature protec...

Page 830: ...connect The PoE disconnect mode is AC display poe interface Syntax display poe interface interface type interface number View Any view Parameters interface type interface number Port type and port num...

Page 831: ...PoE status on the port z user command set port to off PoE to the port is turned off by the user z Standard PD was detected A standard PD is detected z detection is in process PDs are being detected Po...

Page 832: ...Power status on the port ON OFF ENABLE PoE enabled disabled status on the port MODE PoE mode on the port z signal PoE through the signal cable z spare PoE through the spare cable PRIORITY PoE priorit...

Page 833: ...oe interface power PORT INDEX POWER mW PORT INDEX POWER mW Ethernet1 0 1 0 Ethernet1 0 2 0 Ethernet1 0 3 0 Ethernet1 0 4 0 Ethernet1 0 5 0 Ethernet1 0 6 0 Ethernet1 0 7 0 Ethernet1 0 8 0 Ethernet1 0 9...

Page 834: ...Version Version of the PSE complex programmable logical device CPLD PSE Power Management mode PoE management mode on the port when the PSE is overloaded z The auto keyword indicates that the auto mod...

Page 835: ...and to restore the default The default PD disconnection detection mode is AC Note that change to the PD disconnection detection mode may lead to power off of some PDs Examples Set the PD disconnection...

Page 836: ...tem view Parameters None Description Use the poe legacy enable command to enable the PD compatibility detection function Use the undo poe legacy enable command to disable the PD compatibility detectio...

Page 837: ...display poe interface power commands to display the power supply information of a port Examples Set the maximum power supplied by Ethernet 1 0 3 to 15000 mW Sysname system view System View return to...

Page 838: ...ing Use the undo poe power management command to restore the default mode By default the PoE management mode on port is auto You can use the poe priority command to set the PoE priority of a port Exam...

Page 839: ...ailable power of the whole switch is less than 18 8 W and there is no port with low priority the port with the inserted PD cannot supply power Examples Set the PoE priority of Ethernet 1 0 3 to critic...

Page 840: ...PSE completely and then reload the PoE processing software filename Update file name with a length of 1 to 64 characters and with the extension s19 Description Use the poe update command to update the...

Page 841: ...tware of the fabric switch remotely on any device in the fabric Examples Upgrade the PSE processing software poe2046 s19 in the flash of unit 2 to upgrade the PSE processing software of all the units...

Page 842: ...iew Parameters profile name Name of a PoE profile a string of 1 to 15 characters It starts with a letter from a to z or from A to Z and it cannot be any of reserved keywords like all interface user un...

Page 843: ...o query which PoE profile is applied to a port However the command cannot be used to query which PoE features in a PoE profile are applied successfully Examples Apply the existing PoE profile profile...

Page 844: ...Description Use the poe profile command to create a PoE profile and then enter PoE profile view If the PoE profile is already created you will enter PoE profile view directly Use the undo poe profile...

Page 845: ...nge unit id 1 2 display ftm 1 4 display xrn fabric 1 7 fabric member auto update software enable 1 7 fabric save unit id 1 8 fabric port enable 1 10 ftm fabric vlan 1 12 xrn fabric authentication mode...

Page 846: ...D of the current switch note the following z If the modified unit ID is not used in the XRN fabric the system sets its priority to 5 and saves it in the Flash memory of the current switch z If the mod...

Page 847: ...mbering mode Description Use the change unit id command to configure the unit ID of a specified switch in an XRN fabric to a new value By default when a switch is added to an XRN fabric it uses the au...

Page 848: ...0f e20f 5132 10 Left 1 A 3 000f e20f 5252 10 Right 1 A 4 000f e20f 8922 10 Left 1 A 5 000f cbb7 2142 10 Right 1 A 6 000f cbb7 3264 10 Left 1 A 7 000f cbb7 2260 10 Right 1 A 8 000f cbb7 2734 10 Left 1...

Page 849: ...atistics topology database Displays the topology database information of the fabric Description Use the display ftm command to display the protocol information or the topology database information of...

Page 850: ...name of the fabric are different z Isolated different version The software version of the directly connected device and that of the current device are different z Isolated auth failure The XRN fabric...

Page 851: ...D A M 1 000f e20f 5002 10 Left Right 1 A 2 000f e20f 5132 10 Left Right 1 A 3 000f e20f 5252 10 Left Right 1 A 4 000f cbb7 3264 5 Left Right 1 M 5 000f cbb7 2142 10 Left Right 1 A 6 000f e20f 8922 10...

Page 852: ...t 1 Second 2 From the above example you can see the following z The name of the fabric is Sysname z The system operation mode is Layer 3 forwarding z The current device is 1 marked by z The name of th...

Page 853: ...le the candidate switch to download software and discovery neighbors and thus be added to the fabric normally z If the candidate switch is going to download software from a unit in an XRN fabric you a...

Page 854: ...Left 1 A 5 000f cbb7 2142 10 Right 1 A 6 000f cbb7 3264 10 Left 1 A 7 000f cbb7 2260 10 Right 1 A 8 000f cbb7 2734 10 Left 1 A Save the unit IDs of all the units in an XRN fabric to the unit Flash mem...

Page 855: ...cessfully Unit 4 removed unit ID successfully Unit 5 removed unit ID successfully Unit 6 removed unit ID successfully Unit 7 removed unit ID successfully Unit 8 removed unit ID successfully Display th...

Page 856: ...the second group Only one group of ports can be configured as fabric ports at a time Given a group either GigabitEthernet 1 0 25 49 or GigabitEthernet 1 0 27 51 can be configured as the left fabric po...

Page 857: ...it XRN data among devices avoiding packets being sent to non fabric ports You need to specify the XRN fabric VLAN before the XRN fabric is established Because after the fabric is established the VLAN...

Page 858: ...on mode simple hello port link type xrn fabric Syntax port link type xrn fabric View Ethernet port view Parameters None Description Use the port link type command to configure an Ethernet port as the...

Page 859: ...name reset ftm statistics set unit name Syntax set unit unit id name unit name View System view Parameters unit id Unit ID of a device unit name Name of the specified unit a string of 1 to 64 characte...

Page 860: ...sysname command to restore the default fabric name Before a new device is added into a fabric make sure that the fabric name of the device and the fabric name of the devices in the fabric are consist...

Page 861: ...timer port delay 1 12 Cluster Configuration Commands 1 13 add member 1 13 administrator address 1 13 auto build 1 14 build 1 16 cluster 1 18 cluster enable 1 18 cluster switch to 1 19 cluster mac 1 2...

Page 862: ...black list 1 39 display cluster base members 1 40 display cluster base topology 1 40 display cluster black list 1 41 display cluster current topology 1 42 display ntdp single device mac address 1 43...

Page 863: ...operating information including the global NDP status the interval to send NDP packets the holdtime of NDP information and the NDP status and neighbor information on all ports If executed with the in...

Page 864: ...Timer Interval for the switch to send NDP packets which is configured through the ndp timer hello command Aging Timer Holdtime for neighbors to keep the NDP information of the switch which is configur...

Page 865: ...and in system view without the interface keyword specified NDP will be enabled globally if you specify the interface keyword in the command NDP will be enabled on the specified ports In Ethernet port...

Page 866: ...in instability of the NDP port neighbor table Examples Set the holdtime of the NDP information sent by the switch to 60 seconds Sysname system view System View return to User View with Ctrl Z Sysname...

Page 867: ...e NDP statistics on specific ports When executing the command if you specify the interface keyword the command will clear NDP statistics on the specified ports if you do not specify the interface keyw...

Page 868: ...e 1 2 Description on the fields of the display ntdp command Field Description NTDP is running NTDP is enabled globally on this device Hops Hop count for topology collection which is configured through...

Page 869: ...ce list command Field Description MAC MAC address of a device collected by NTDP HOP Hops from this device to the collected device IP IP address and mask length of the management VLAN interface on the...

Page 870: ...n Hostname System name of a device collected by NTDP MAC MAC address of the collected device Hop Hops from this device to the collected device Platform Software platform of the collected device IP IP...

Page 871: ...1 ntdp enable ntdp explore Syntax ntdp explore View User view Parameters None Description Use the ntdp explore command to manually start a topology collection process NTDP is able to periodically coll...

Page 872: ...he range of topology collection by setting the maximum hops from the collecting device to the collected devices For example if you set the maximum hops to two the switch initiating the topology collec...

Page 873: ...up the management switch will collect the topology information of the network at the topology collection interval you set and automatically add the candidate switches it discovers into the cluster z...

Page 874: ...n Use the ntdp timer port delay command to configure the topology request forwarding delay between two ports that is the interval at which the device forwards the topology requests through the NTDP en...

Page 875: ...to the cluster You can only use this command on the management device of a cluster If you do not specify the member number when adding a new cluster member the management device assigns the next avai...

Page 876: ...device Setting the management device MAC address on a device can add the device to the cluster and enable the device to identify the management device even if it restarts You can add a device to a clu...

Page 877: ...ce the device cannot be added to the cluster z After a cluster is built automatically ACL 3998 and ACL 3999 will automatically generate a rule respectively to prohibit packets whose source and destina...

Page 878: ...37 863 2000 aaa_0 Sysname CLST 5 LOG 1 Member 000f e200 2420 is joined in cluster aaa Apr 3 08 12 37 996 2000 aaa_0 Sysname CLST 5 LOG 1 Member 000f e202 2180 is joined in cluster aaa Apr 3 08 12 38 1...

Page 879: ...g functions are implemented as follows z When you create a cluster by using the build or auto build command UDP port 40000 is opened at the same time z When you remove a cluster by using the undo buil...

Page 880: ...00 12 a9 90 22 40 role change NTDPIndex 0 00 00 00 00 00 12 a9 90 22 40 Role 1 aaa_0 Sysname cluster cluster Syntax cluster View System view Parameters None Description Use the cluster command to ent...

Page 881: ...Sysname cluster enable cluster switch to Syntax cluster switch to member number mac address H H H administrator View User view Parameters member number Member number of a member device ranging from 1...

Page 882: ...tching Examples Switch from the management device to number 6 member device and then switch back to the management device aaa_0 Sysname cluster switch to 6 aaa_6 Sysname quit aaa_0 Sysname cluster mac...

Page 883: ...c syn interval command to set the interval for the management device to send HGMP V2 multicast MAC synchronization packets periodically You can only use this command on a management device By default...

Page 884: ...n Therefore to remove a device from a cluster permanently you can use the following methods z Use the delete member command with the to black list keyword specified to remove a device and add the devi...

Page 885: ...he cluster cluster status holdtime and interval to send handshake packets Executing this command on a device that does not belong to any cluster will display an error Examples Display cluster informat...

Page 886: ...he management device display cluster candidates Syntax display cluster candidates mac address H H H verbose View Any view Parameters mac address H H H Specifies a candidate device by its MAC address H...

Page 887: ...dates command Field Description MAC MAC address of the candidate device Hop Hops from the management device to the candidate device IP IP address of the candidate device Platform Platform of the candi...

Page 888: ...rmation about all the devices in a cluster Description Use the display cluster members command to display information about one specific or all devices in a cluster This command is only applicable to...

Page 889: ...16 1 1 11 24 Version 3Com Corporation Switch 5500 EI Software Version 3Com OS V3 03 02s56e Copyright c 2004 2008 3Com Corporation and its licensors All rights reserved Switch 5500 EI Switch 5500 EI O...

Page 890: ...vice You can use the ftp server command on the management device to configure the shared FTP server of the cluster which is used for software version update and configuration file backup of the cluste...

Page 891: ...n the management device takes effect on the management device only and will not be applied to the member devices through the cluster management packets After the IP address of the shared FTP server is...

Page 892: ...vice receives NDP information form a member device within the holdtime the member device stays in the normal state and does not need to be added to the cluster again z Note that you need only execute...

Page 893: ...User View with Ctrl Z Sysname cluster Sysname cluster ip pool 10 200 0 1 20 logging host Syntax logging host ip address undo logging host View Cluster view Parameters ip address IP address of the devi...

Page 894: ...t already joins a cluster If you want to change the management VLAN on a device where a cluster has already been created you must first remove the cluster configuration on the device then re specify a...

Page 895: ...yntax reboot member member number mac address H H H eraseflash View Cluster view Parameters member number Member number of a member device ranging from 1 to 255 mac address H H H Specifies the MAC add...

Page 896: ...shared SNMP NMS setting By default no shared SNMP NMS is configured After setting the IP address of an SNMP NMS for the cluster the member devices in the cluster can send trap messages to the SNMP NM...

Page 897: ...ghts and directory configuration refer to the user guide of the TFTP server software Related commands tftp put tftp server z You need to specify the cluster keyword completely in the command z For des...

Page 898: ...address undo tftp server View Cluster view Parameters ip address IP address of a TFTP server to be configured for the cluster Description Use the tftp server command to configure a shared TFTP server...

Page 899: ...al By default the interval between sending handshake packets is 10 seconds In a cluster the management device keeps connections with the member devices through handshake packets Through the periodic h...

Page 900: ...onding ARP entry but the corresponding MAC address of the IP address does not exist in the MAC address table the trace of the device fails z To trace a specific device using the tracemac command make...

Page 901: ...so that all devices or the device with the specified MAC address can join the cluster By default no MAC address is added to the cluster blacklist You can only use this command on the cluster administ...

Page 902: ...ster base members SN Device MAC Adress Status 0 aaa_0 Sysname 000f e200 30a0 UP 1 aaa_1 5500 EI 000f e200 86e4 UP Table 1 10 Description on the fields of display cluster base members Field Description...

Page 903: ...e topology PeerPort ConnectFlag NativePort SysName DeviceMac aaa_0 3Com 000f e202 2180 P_0 40 P_0 6 Sysname 000f e200 2200 P_0 28 P_3 0 1 Sysname 000f e200 1774 P_0 22 P_1 0 2 aaa_5 3Com 000f e200 511...

Page 904: ...display cluster current topology Syntax display cluster current topology mac address mac address1 to mac address mac address2 member id member id1 to member id member id2 View Any view Parameters mac...

Page 905: ...opology of the current cluster aaa_0 Sysname display cluster current topology PeerPort ConnectFlag NativePort SysName DeviceMac ConnectFlag normal connect odd connect in blacklist lost device new devi...

Page 906: ...le device mac address 000f e200 3956 Hostname 3Com MAC 000f e200 3956 Hop 0 Platform Switch 5500 EI IP Version 3Com Corporation Switch 5500 EI Software Version 3Com OS V3 03 02s56e Copyright c 2004 20...

Page 907: ...address mac address Accepts adding the device with the specified MAC address to the standard topology of the cluster member id member id Accepts adding the device with the specified member ID to the...

Page 908: ...ash View Cluster view Parameters local flash Restores the standard topology of the cluster from the local Flash memory Description Use the topology restore from command to restore the standard topolog...

Page 909: ...topology is topology top Do not modify the file name This command is applicable to only the management device of a cluster Related commands topology restore from Examples Enter Cluster view aaa_0 Sysn...

Page 910: ...p agent local engineid 1 16 snmp agent log 1 16 snmp agent mib view 1 17 snmp agent packet max size 1 19 snmp agent sys info 1 19 snmp agent target host 1 21 snmp agent trap enable 1 22 snmp agent tra...

Page 911: ...an SNMP agent By default each device has a default engine ID You should ensure that each engine ID is unique within an SNMP domain The creation of username and generation of cipher text password are r...

Page 912: ...NMP Agent disabled To display the current configuration username information of SNMPv3 use the display snmp agent usm user command Examples Display the information about all the existing SNMPv1 SNMPv2...

Page 913: ...the information about an SNMP group including group name security mode related views and storage mode A group is used to define security mode and related views Users in the same group have the common...

Page 914: ...ed z permanent Modification is permitted but deletion is forbidden z readOnly Read only that is no modification no deletion z other Other storage types display snmp agent mib view Syntax display snmp...

Page 915: ...Volatile View Type excluded View status active The above output information indicates that MIB view ViewDefault includes all MIB objects under the ISO MIB subtree except snmpUsmMIB snmpVacmMIB and snm...

Page 916: ...tatistics command output description Field Description Messages delivered to the SNMP entity The total number of messages delivered to the SNMP entity from the transport service Messages which were fo...

Page 917: ...Request PDUs which have been accepted and processed by the SNMP protocol entity GetNextRequest PDU accepted and processed The total number of SNMP Get Next PDUs which have been accepted and processed...

Page 918: ...NMP running in the system Description Use the display snmp agent sys info command to display the system SNMP information about the current device including contact information geographical location of...

Page 919: ...nction is enabled on the modules Sysname display snmp agent trap list configuration trap enable flash trap enable ospf trap enable standard trap enable system trap enable vrrp trap enable Enable traps...

Page 920: ...nd SNMP agent can be ensured by configuring whether to perform authentication and privacy or not You can configure whether to perform authentication and privacy when you create an SNMPv3 group and con...

Page 921: ...rate port interface linkUp linkDown traps when the state of the port interface changes To enable this function on a port interface use the enable snmp trap updown command to enable this function globa...

Page 922: ...e SNMP agent closes UDP ports used by SNMP agents and SNMP trap as well snmp agent calculate password Syntax snmp agent calculate password plain password mode md5 sha local engineid specified engineid...

Page 923: ...agent calculate password aaaa mode md5 local engineid The result of the password is B02A2E48346E2CBFFCE809C99CF1F6C snmp agent community Syntax snmp agent community read write community name acl acl n...

Page 924: ...read write permission to MIB objects Sysname snmp agent community write mgr Remove the community named comaccess Sysname undo snmp agent community comaccess snmp agent group Syntax 1 Version 1 and ver...

Page 925: ...groups created using the snmp agent group v3 command do not authenticate or encrypt packets Related commands snmp agent mib view snmp agent usm user Examples Create an SNMPv1 group named v1group Sysn...

Page 926: ...an SNMP entity is formed by appending the device information to the enterprise number The device information can be determined according to the device which can be an IP address a MAC address or a use...

Page 927: ...f the information center set the output destinations of SNMP logs will be decided z The severity level of SNMP logs is informational that is the logs are taken as general prompt information of the dev...

Page 928: ...ust be the same as the sub OID at the corresponding position of the MIB subtree OID 0 indicates fuzzy matching meaning the OID of the node to be accessed is not necessarily the same as the sub OID at...

Page 929: ...from 484 to 17 940 Description Use the snmp agent packet max size command to set the maximum SNMP packet size allowed by an agent Use undo snmp agent packet max size command to restore the default max...

Page 930: ...er according to the system information The SNMP versions of the device and the NMS must be consistent otherwise data exchange cannot be completed The device processes the SNMP messages of the correspo...

Page 931: ...ticate the packets without encryption privacy Configures to authenticate and encrypt the packets Description Use snmp agent target host command to set a destination host to receive the SNMP traps gene...

Page 932: ...cases of authentication failures coldstart Specifies to send SNMP cold start traps when the device is rebooted linkdown Specifies to send SNMP linkDown traps when a port becomes down linkup Specifies...

Page 933: ...link is down Apr 2 05 53 15 883 2000 3Com L2INF 2 PORT LINK STATUS CHANGE 1 Trap 1 3 6 1 6 3 1 1 5 3 linkDown portIndex is 4227634 ifAdminStatus is 2 ifOperStatus is 2 Apr 2 05 53 16 094 2000 3Com IFN...

Page 934: ...NMP trap queue Related commands snmp agent trap enable snmp agent target host Examples Set the SNMP trap aging time to 60 seconds Sysname system view System View return to User View with Ctrl Z Sysnam...

Page 935: ...f this interface Description Use the snmp agent trap source command to configure the source address for the SNMP traps sent Use the undo snmp agent trap source command to cancel the configuration By d...

Page 936: ...ent usm user v1 v2c command to add a user to an SNMP group Use the undo snmp agent usm user v1 v2c command to remove a user from an SNMP group This command is applicable to SNMPv1 and SNMPv2c and is e...

Page 937: ...undo snmp agent usm user v3 user name group name local engineid engineid string View System view Parameters user name Username a string of 1 to 32 characters group name Name of the group correspondin...

Page 938: ...he original engine ID becomes invalid Note that z If the password is in cipher text the pri password argument can be obtained by the snmp agent calculate password command To make the calculated cipher...

Page 939: ...authentication and privacy passwords should be in cipher text Set the security mode to authentication with privacy the authentication algorithm to md5 the privacy algorithm to des56 the authentication...

Page 940: ...last sampled value Related commands rmon alarm Examples Display the configuration of all the alarm entries Sysname display rmon alarm Alarm table 1 owned by user1 is VALID Samples type absolute Variab...

Page 941: ...rm is triggered when the falling threshold is reached Latest value The value of the latest sample display rmon event Syntax display rmon event event entry View Any view Parameters event entry RMON eve...

Page 942: ...isplayed Description Use the display rmon eventlog command to display the log of an RMON event On creating an RMON event you can configure to record the event information into the logbuffer when an ev...

Page 943: ...The sampling type is absolute display rmon history Syntax display rmon history interface type interface number unit unit number View Any view Parameters interface type Interface type interface number...

Page 944: ...tem collects statistics of the port at this interval buckets Number of the records in the history control table Latest sampled values Latest sampled values dropevents Number of the packet dropping eve...

Page 945: ...ype absolute Variable formula 1 3 6 1 2 1 16 1 1 1 4 1 100 Description Sampling interval 10 sec Rising threshold 10000 linked with event 1 Falling threshold 2000 linked with event 1 When startup enabl...

Page 946: ...splay rmon statistics interface type interface number unit unit number View Any view Parameters interface type Interface type interface number Interface number unit unit number Specifies a unit number...

Page 947: ...ts received etherStatsBroadcastPkts Number of broadcast packets received etherStatsMulticastPkts Number of multicast packets received etherStatsUndersizePkts Number of undersize packets received ether...

Page 948: ...1 to 127 characters Description Use the rmon alarm command to add an alarm entry to the alarm table If you do not specify the owner text keyword argument combination the owner of the entry is display...

Page 949: ...t identifies event 1 z Lower threshold 5 z The event entry2 argument identifies event 2 z Owner user1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 S...

Page 950: ...try to an event table you need to specify the event index You need also to specify the corresponding actions including logging the event sending traps to the NMS and the both for the network device to...

Page 951: ...history control entry numbered 15 Sysname Ethernet1 0 1 undo rmon history 15 rmon prialarm Syntax rmon prialarm entry number prialarm formula prialarm des sampling timer delta absolute changeratio ris...

Page 952: ...event command z You can define up to 50 extended alarm entries With an extended alarm entry defined in an extended alarm group the device performs the following operations accordingly z Sampling the a...

Page 953: ...statistics Syntax rmon statistics entry number owner text undo rmon statistics entry number View Ethernet port view Parameters entry number Statistics entry Index in the range 1 to 65535 owner text Sp...

Page 954: ...tics entry with a different index for the port You can use the display rmon statistics command to display the information about the statistics entry Examples Add the statistics entry numbered 20 to ta...

Page 955: ...Helper Configuration Commands 1 1 UDP Helper Configuration Commands 1 1 display udp helper server 1 1 reset udp helper packet 1 1 udp helper enable 1 2 udp helper port 1 2 udp helper server 1 4 udp h...

Page 956: ...cified VLAN interface is displayed Examples Display the UDP broadcast relay forwarding information on VLAN interface 1 Sysname display udp helper server interface Vlan interface 1 Interface name Serve...

Page 957: ...destination server Use the undo udp helper enable command to disable UDP Helper function By default UDP Helper is disabled Note that On an S5500 EI Series Ethernet Switch the reception of directed br...

Page 958: ...port numbers 53 138 137 49 69 and 37 Note that z You need to enable the UDP Helper function before specifying any UDP port otherwise the system prompts error information When the UDP helper function...

Page 959: ...helper server command without specifying the ip address argument removes all the destination servers configured on the current interface z You can specify up to 20 destination server IP addresses on a...

Page 960: ...by one Use the undo udp helper ttl keep enable command to restore the default By default the UDP Helper TTL keep function is disabled Note that you need to enable UDP Helper before enabling the TTL k...

Page 961: ...authentication enable 1 6 ntp service authentication keyid 1 7 ntp service broadcast client 1 7 ntp service broadcast server 1 8 ntp service in interface disable 1 8 ntp service max dynamic sessions 1...

Page 962: ...t and ntp service multicast server commands enables the NTP feature and opens UDP port 123 at the same time z Execution of the undo form of one of the above six commands disables all implementation mo...

Page 963: ...ock is the clock of another switch on the network the value of this field will be the IP address of that switch stra Stratum of the clock of the synchronization source reach Reachability count of the...

Page 964: ...TP services Examples View the status of the NTP service of the local switch Sysname display ntp service status Clock status synchronized Clock stratum 4 Reference clock ID 1 1 1 11 Nominal frequency 1...

Page 965: ...dispersion of the remote NTP server in milliseconds Reference time Reference timestamp display ntp service trace Syntax display ntp service trace View Any view Parameters None Description Use the disp...

Page 966: ...led control query refers to query of state of the NTP service including alarm information authentication status clock source information and so on synchronization Synchronization right This level of r...

Page 967: ...eer 2076 Configure the access right from the remote device in ACL 2028 to the local NTP server as server Sysname system view System View return to User View with Ctrl Z Sysname ntp service access serv...

Page 968: ...he Message Digest 5 MD5 algorithm After configuring the NTP authentication key you need to use the ntp service reliable authentication keyid command to specify the authentication key as a trusted key...

Page 969: ...figure authentication keyid key id if authentication is not required version number Specifies the NTP version number The number argument ranges from 1 to 3 and defaults to 3 Description Use the ntp se...

Page 970: ...ssions Syntax ntp service max dynamic sessions number undo ntp service max dynamic sessions View System view Parameters number Maximum number of the dynamic NTP sessions that can be established locall...

Page 971: ...the multicast IP address being 224 0 1 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ntp service multicast client 224 0...

Page 972: ...ntp service reliable authentication keyid key id undo ntp service reliable authentication keyid key id View System view Parameters key id Authentication key ID in the range of 1 to 4294967295 Descript...

Page 973: ...s way the IP address of the interface is the source IP address of all NTP packets sent by the local device Examples Specify the source IP addresses of all sent NTP packets as the IP address of VLAN in...

Page 974: ...the clock of local Ethernet switch and that of the remote device can be synchronized to each other Examples Configure the local switch to obtain time information from the peer with the IP address 128...

Page 975: ...scription Use the ntp service unicast server command to configure an Ethernet switch to operate in the NTP client mode Use the undo ntp service unicast server command to remove the configuration By de...

Page 976: ...rt dsa 1 15 public key peer 1 17 public key peer import sshkey 1 18 public key code begin 1 19 public key code end 1 20 rsa local key pair create 1 21 rsa local key pair destroy 1 22 rsa peer public k...

Page 977: ...pair rsa Displays the public keys of the current switch s RSA key pairs Description Use the display public key local command to display the public key information of the current switch s key pairs Th...

Page 978: ...013082011F02818100D757262C4584C44C211F18BD96E5F061C4F0A4 23F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE65BE6C265854889DC1EDBD13EC8B274DA9F75BA26CCB987 723602787E922BA84421F22C3C89CB9B06FD60FE01941DDD77FE6B...

Page 979: ...y generated key pair may have 1024 or 1023 bits You can configure an SSH peer s public key on the current switch by using the public key peer command or the public key peer import sshkey command Relat...

Page 980: ...c keys of the current switch s RSA key pairs Sysname display rsa local key pair public Time of Key pair created 20 08 35 2000 04 02 Key name Sysname_Host Key type RSA encryption Key Key code 3047 0240...

Page 981: ...the public keys of all SSH peers keyname Specifies a key by its name which is a string of 1 to 64 characters Description Use the display rsa peer public key command to display information about the l...

Page 982: ...394276CE5AAF5AF01DA8B0F33E0 8335E0C3820911B90BF4D19085CADCE0B50611B9F6696D31930203010001 display ssh server Syntax display ssh server session status View Any view Parameters session Displays SSH sessi...

Page 983: ...ts Sysname display ssh server session Conn Ver Encry State Retry SerType Username VTY 0 2 0 AES started 0 stelnet kk VTY 1 2 0 AES started 0 sFTP abc Table 1 1 Description on the fields of the display...

Page 984: ...It cannot contain any of these characters slash backslash colon asterisk question mark less than sign greater than sign and the vertical bar sign In addition the sign can appear up to once the userna...

Page 985: ...test sftp display ssh2 source ip Syntax display ssh2 source ip View Any view Parameters None Description Use the display ssh2 source ip command to display the current source IP address or the IP addr...

Page 986: ...ed is 192 168 1 1 peer public key end Syntax peer public key end View Public key view Parameters None Description Use the peer public key end command to return from public key view to system view Rela...

Page 987: ...interface by using the authentication mode scheme command z For a user interface if you have executed the authentication mode password or authentication mode none command the protocol inbound ssh comm...

Page 988: ...mples Create local RSA key pairs Sysname system view System View return to User View with Ctrl Z Sysname public key local create rsa The range of public key size is 512 2048 NOTES If the key modulus i...

Page 989: ...ation of the local DSA key pair Sysname display public key local dsa public Time of Key pair created 03 17 33 2000 04 06 Key name Key type DSA encryption Key Key code 3081F03081A806072A8648CE380401308...

Page 990: ...roy these keys Y N y public key local export rsa Syntax public key local export rsa openssh ssh1 ssh2 filename View System view Parameters rsa Specifies the host public key of the current switch s RSA...

Page 991: ...Input the bits in the modulus default 1024 Generating keys Display the host public key in the OpenSSH format Sysname public key local export rsa openssh ssh rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgMSPi xIkH...

Page 992: ...the SSH2 format use the public key local export dsa ssh2 filename command z The host public key displayed on the screen is in a format that is not transformed and cannot be used as the public key data...

Page 993: ...me of the public key a string of 1 to 64 characters Description Use the public key peer command to enter public key view Use the undo public key peer command to delete the configuration of peer public...

Page 994: ...sue this command the system will automatically identify the format of the public key transforms the public key into the PKCS format and saves the public key locally This public key configuration metho...

Page 995: ...iew and use the public key code begin command to enter the public key edit view Then you can input the key by pasting the copied characters or pressing the keys on the keyboard It must be a hexadecima...

Page 996: ...ded z If the key is valid it is saved in the local public key list Related commands rsa peer public key public key peer public key code begin Examples Exit public key edit view and save the public key...

Page 997: ...pair public command displays two public keys the host public key and server public key when the switch is working in SSH1 compatible mode but only one public key the host public key when the switch is...

Page 998: ...ver Key type RSA encryption Key Key code 3067 0260 C9BEF5C8 1AF3E457 AD007039 DDB21785 28B0204F A9ED61A6 AD381860 9491B700 0286568F 4CAF27B1 1B17B1A2 0D516E74 8DAFA6C1 0F71624B B8BE6FB2 F550E7B9 BABD5...

Page 999: ...mmand to enter public key view Use the undo rsa peer public key command to remove the setting After using this command you can use the public key code begin command to configure the peer public key Th...

Page 1000: ...key file from the peer through FTP TFTP z Only public key files in the format of SSH1 or SSH2 are supported z Currently only public keys with the modulues being in the range 512 to 2048 bits can be im...

Page 1001: ...cation mode is specified by using the ssh user authentication type command Use the undo ssh authentication type default command to remove the specified default authentication mode That is no default a...

Page 1002: ...ameters server ip IP address of the server server name Name of the server a string of 1 to 184 characters keyname Name of the public key of the server a string of 1 to 64 characters Both the publickey...

Page 1003: ...r View with Ctrl Z Sysname ssh client 192 168 0 1 assign publickey pub ppk ssh client first time enable Syntax ssh client first time enable undo ssh client first time View System view Parameters None...

Page 1004: ...View System view Parameters times Authentication retry times in the range of 1 to 5 Description Use the ssh server authentication retries command to set the authentication retry times for SSH connect...

Page 1005: ...les Configure the server to be compatible with SSH1 x clients Sysname system view System View return to User View with Ctrl Z Sysname ssh server compatible ssh1x enable ssh server rekey interval Synta...

Page 1006: ...nds Authentication timeout time ranging from 1 to 120 in seconds Description Use the ssh server timeout command to set the authentication timeout time for SSH connections Use the undo ssh server timeo...

Page 1007: ...it tears down the connection An SSH user created with this command uses the default authentication type specified by the ssh authentication type default command If no default authentication type is sp...

Page 1008: ...h user assign command to assign an existing public key to a specified SSH user on the SSH server side Use the undo ssh user assign command to remove the association The public key of the client is sub...

Page 1009: ...and publickey publickey Specifies the authentication mode for the SSH user as publickey RSA key or DSA key authentication rsa Specifies the authentication mode for the SSH user as publickey RSA key o...

Page 1010: ...ion for SSH users Sysname system view System View return to User View with Ctrl Z Sysname ssh user kk authentication type publickey Display the SSH user information Sysname display ssh user informatio...

Page 1011: ...e_group prefer_ctos_cipher 3des des aes128 prefer_stoc_cipher 3des des aes128 prefer_ctos_hmac sha1 sha1_96 md5 md5_96 prefer_stoc_hmac sha1 sha1_96 md5 md5_96 View System view Parameters host ip Serv...

Page 1012: ...blish a connection with an SSH server and at the same time specify the preferred key exchange algorithm encryption algorithms and HMAC algorithms between the server and client Note that when logging i...

Page 1013: ...he SSH client Sysname system view System View return to User View with Ctrl Z Sysname ssh2 source interface Vlan interface 1 ssh2 source ip Syntax ssh2 source ip ip address undo ssh2 source ip View Sy...

Page 1014: ...the SSH clients can only access the SSH server using the IP address of the specified interface as the destination This improves the service manageability when the SSH server has multiple IP addresses...

Page 1015: ...can only access the SSH server using the specified IP address as the destination This improves the service manageability when the SSH server has multiple IP addresses Examples Specify source IP addre...

Page 1016: ...ename 1 12 reset recycle bin 1 12 rmdir 1 15 undelete 1 15 update fabric 1 16 File Attribute Configuration Commands 1 17 boot attribute switch 1 17 boot boot loader 1 18 boot boot loader backup attrib...

Page 1017: ...tarting with flash For example the URL of file text txt in the root directory of the Flash on the current unit is flash text txt z To access a file in the current directory enter the path name or file...

Page 1018: ...ame of the target file Description Use the copy command to copy a file If the fileurl dest argument identifies an existing file the existing file will be overwritten after the command is executed succ...

Page 1019: ...the specified file is removed to the recycle bin and you can use the undelete command to restore it You can delete files based on file attribute z If you execute the delete running files command all t...

Page 1020: ...test test txt Y N y Delete file unit1 flash test test txt Done Delete all the main Web files on the local unit Sysname delete running files Delete all the running files Y N n Delete the running image...

Page 1021: ...bric If executed without the fabric keyword the command will display information about files and folders in the root directory of the current device z If executed with the file url argument the comman...

Page 1022: ...rwh 4 Apr 01 2000 23 55 24 snmpboots 1 rw 4724347 Apr 01 2000 23 59 45 test bin 2 rw 1475 Apr 01 2000 23 59 53 config cfg 3 rw 1737 Apr 02 2000 00 46 21 cfg cfg 4 rw 279296 Apr 02 2000 00 21 55 love...

Page 1023: ...ration command after this command is configured successfully otherwise this command may not be executed correctly Examples Execute the batch file named test bat under the directory flash Sysname syste...

Page 1024: ...be displayed when you delete a file Sysname delete unit1 flash te txt Delete file unit1 flash te txt Done Examples Set the prompt mode to quiet for file related operations Sysname system view System...

Page 1025: ...sname format unit1 flash All data on unit1 flash will be lost proceed with format Y N y Format unit1 flash completed mkdir Syntax mkdir directory View User view Parameters directory Name of a director...

Page 1026: ...of a file in the Flash memory Description Use the more command to display the contents of a specified file Currently the file system only supports to display the contents of text files Examples Displ...

Page 1027: ...is used as the target file name by default Examples Move the file 1 txt from flash to flash a within unit1 with the name unchanged Sysname move unit1 flash 1 txt unit1 flash a Move unit1 flash 1 txt...

Page 1028: ...Target path name or file name Description Use the rename command to rename a file or a directory If the target file name or directory name is the same with any existing file name or directory name yo...

Page 1029: ...l not ask for your confirmation Use the reset recycle bin fabric command to permanently delete files in the recycle bin of all the devices in the fabric The system will not prompt you to confirm delet...

Page 1030: ...cfg 2 rw 4036197 May 14 2000 10 13 18 main bin 3 rw 2386 Apr 26 2000 13 30 30 back cfg 4 drw May 08 2000 09 49 25 test 5 rwh 716 Apr 24 2007 16 17 30 hostkey 6 rwh 572 Apr 24 2007 16 17 44 serverkey...

Page 1031: ...unit1 flash dd undelete Syntax undelete file url View User view Parameters file url Path name or file name of a file in the Flash memory Description Use the undelete command to restore a deleted file...

Page 1032: ...he file used for upgrading will be copied to the root directories of other units in the fabric z When you execute the update fabric command the system first collects the free space information of each...

Page 1033: ...to set test bin to be running agent next time to boot Y N y The test bin is configured successfully File Attribute Configuration Commands boot attribute switch Syntax boot attribute switch all app co...

Page 1034: ...e in the fabric to be with the main attribute The app file specified by this command becomes the main startup file when the device starts up next time If you execute the boot boot loader command witho...

Page 1035: ...ion applies to the local unit only Before configuring the main or backup attribute for a file in the fabric make sure the file already exists on all devices in the fabric This is because Ethernet swit...

Page 1036: ...named boot web to be with the main attribute Sysname boot web package boot web main display boot loader Syntax display boot loader unit unit id View Any view Parameters unit unit id Specifies the uni...

Page 1037: ...b package is flash http3 1 5 0040 web The main web package is unit1 flash http3 1 5 0040 web The backup web package is unit1 flash startup bootrom access enable Syntax startup bootrom access enable un...

Page 1038: ...of a TFTP server dest hostname Host name of a TFTP server filename cfg Name of the configuration file to which the current configuration will be backed up a string of 5 to 56 characters including the...

Page 1039: ...e fabric system source addr IP address of a TFTP server source hostname Host name of a TFTP server filename cfg Name of the configuration file to be restored to a string of 5 to 56 characters includin...

Page 1040: ...name restore fabric startup configuration from 1 1 1 253 bbb cfg Restore startup configuration from 1 1 1 253 Please wait File will be transferred in binary mode Downloading file from remote tftp serv...

Page 1041: ...ion Commands 1 7 ascii 1 7 binary 1 8 bye 1 8 cd 1 9 cdup 1 9 close 1 10 delete 1 10 dir 1 11 disconnect 1 12 display ftp source ip 1 12 ftp 1 13 ftp cluster remote server source interface 1 13 ftp cl...

Page 1042: ...32 quit 1 33 remove 1 33 rename 1 34 rmdir 1 34 sftp 1 35 sftp source interface 1 36 sftp source ip 1 37 2 TFTP Configuration Commands 2 1 TFTP Configuration Commands 2 1 display tftp source ip 2 1 t...

Page 1043: ...Examples Display the FTP server related settings of the switch assuming that the switch is operating as an FTP server Sysname display ftp server FTP server is running Max user number 1 User count 0 T...

Page 1044: ...nly use this address as the destination address to connect to the FTP server z If neither source interface nor source IP address is specified 0 0 0 0 will be displayed In this case the FTP client can...

Page 1045: ...s characters behind the tenth will be displayed in the second line with a left aligning mode Take username username test for example the result is Sysname display ftp user UserName HostIP Port Idle Ho...

Page 1046: ...152 1029 0 flash Disconnect the user named admin from the FTP server Sysname system view System View return to User View with Ctrl Z Sysname ftp disconnect admin The user connection will be disconnec...

Page 1047: ...timeout time of an FTP client When the idle time of the FTP client exceeds this timeout time the FTP server terminates the connection with the FTP client Use the undo ftp timeout command to restore t...

Page 1048: ...no source interface is specified for an FTP server and an FTP client can use any reachable interface address on the FTP server as the destination address to connect to the FTP server Related commands...

Page 1049: ...omitted to avoid repetition For the configuration of the command for entering FTP client view refer to ftp z When executing the FTP client configuration commands in this section confirm whether the c...

Page 1050: ...Related commands ascii Examples Specify to transfer files in binary mode ftp binary 200 Type set to I bye Syntax bye View FTP client view Parameters None Description Use the bye command to terminate t...

Page 1051: ...cd flash temp Display the current working directory ftp pwd 257 flash temp is current directory cdup Syntax cdup View FTP client view Parameters None Description Use the cdup command to exit the curre...

Page 1052: ...w This command has the same effect as that of the disconnect command Examples Terminate the FTP connection without quitting FTP client view ftp close 221 Server closing ftp delete Syntax delete remote...

Page 1053: ...mand Related commands pwd Examples Display the information about all the files in the current directory on the remote FTP server ftp dir 227 Entering Passive Mode 192 168 0 152 4 0 125 ASCII mode data...

Page 1054: ...eived in 5 818 second s 11 00 byte s sec disconnect Syntax disconnect View FTP client view Parameters None Description Use the disconnect command to terminate an FTP connection without quitting FTP cl...

Page 1055: ...View User view Parameters cluster Connects to the configured FTP server of a cluster For the configuration of the FTP server of a cluster refer to the Cluster part of this manual remote server Host n...

Page 1056: ...e interface to connect to the FTP server whose IP address is 192 168 8 8 Sysname ftp 192 168 8 8 source interface Vlan interface 1 ftp cluster remote server source ip Syntax ftp cluster remote server...

Page 1057: ...em decides which interface will be used for accessing FTP servers By default the switch uses the IP address of the outbound interface in the local routing table as the source IP address for connecting...

Page 1058: ...witch uses every time it connects to an FTP server Sysname system view System View return to User View with Ctrl Z Sysname ftp source ip 192 168 0 1 get Syntax get remotefile localfile View FTP client...

Page 1059: ...nt to modify the local working directory you need to terminate the connection with the FTP server quit FTP client view execute the cd command in user view and reconnect to the FTP server Examples Disp...

Page 1060: ...125 ASCII mode data connection already open transfer starting for s3r01 btm s3r01_15 btm config cfg default diag test test txt mytest bak a txt myopenssh public temp c swithc001 226 Transfer complete...

Page 1061: ...a control connection with an FTP server If you have connected to an FTP server you cannot use the open command to connect to another server and you need to terminate the connection with the current FT...

Page 1062: ...e firewall may block the connection request because the FTP server initiates the connection with Port1 through an external network and thus data transmission will be affected Therefore you are recomme...

Page 1063: ...flash temp is current directory quit Syntax quit View FTP client view Parameters None Description Use the quit command to terminate FTP control connection and FTP data connection and return to user v...

Page 1064: ...whether the FTP server provides help information about FTP protocol commands Examples Display the syntax of the user command ftp remotehelp user 214 Syntax USER sp username rename Syntax rename remot...

Page 1065: ...on the FTP server Assume that the directory is empty ftp rmdir flash temp1 200 RMD command successful user Syntax user username password View FTP client view Parameters username Username used to log i...

Page 1066: ...nished successfully FTP 100 byte s received in 5 109 second s 20 00 byte s sec Disable the verbose function ftp undo verbose Download the file with name test cfg ftp get test cfg FTP 1740 byte s recei...

Page 1067: ...meout time out value undo sftp timeout View System view Parameters time out value Timeout time in the range 1 to 35 791 in minutes The default value is 10 Description Use the sftp timeout command to s...

Page 1068: ...amples Terminate the connection with the remote SFTP server sftp client bye Bye Sysname cd Syntax cd remote path View SFTP client view Parameters remote path Path of the target directory on the remote...

Page 1069: ...y Examples Change the working path and return to the parent directory sftp client cdup Received status Success Current Directory is delete Syntax delete remote file 1 10 View SFTP client view Paramete...

Page 1070: ...specified directory on the remote SFTP server If a or l is not specified the command displays details about the files and folders in the specified directory in a list If no remote path is specified t...

Page 1071: ...face otherwise this command displays the IP address 0 0 0 0 Examples Display the source IP address for the current SFTP client Sysname display sftp source ip The source IP you specified is 192 168 1 1...

Page 1072: ...tt txt This operation may take a long time please wait Remote file tt bak Local file tt txt Received status End of file Received status Success Downloading file successfully ended help Syntax help all...

Page 1073: ...iles in the current working directory This command has the same effect as that of the dir command Examples Display the files in the current directory sftp client ls rwxrwxrwx 1 noone nogroup 1759 Aug...

Page 1074: ...By default the local file name is used for the remote file if no remote file name is specified Examples Upload the file named config cfg to the remote SFTP server and save it as 1 txt sftp client put...

Page 1075: ...Bye Sysname remove Syntax remove remote file 1 10 View SFTP client view Parameters remote file 1 10 Name of a file on the server 1 10 indicates that up to ten file names can be input These file names...

Page 1076: ...txt sftp client rename temp bat temp txt File successfully renamed rmdir Syntax rmdir remote path 1 10 View SFTP client view Parameters remote path 1 10 Name of a directory on the remote SFTP server...

Page 1077: ...nge algorithm diffie hellman group1 sha1 It is the default key exchange algorithm z dh_exchange_group Key exchange algorithm diffie hellman group exchange sha1 prefer_ctos_cipher Preferred client to s...

Page 1078: ...ou want to save the server s public key Y N y Enter password sftp client sftp source interface Syntax sftp source interface interface type interface number undo sftp source interface View System view...

Page 1079: ...d IP address is not the IP address of the local device the system prompts that the configuration fails Use the undo sftp source ip command to remove the specified source IP address Then the client acc...

Page 1080: ...s displayed If neither source IP address nor source interface is specified for the TFTP client 0 0 0 0 is displayed Related commands tftp source ip tftp source interface Examples Display the source IP...

Page 1081: ...d or specified on a TFTP client To enter another working directory you need to modify the working directory on the TFTP server and relog in The 3com switch 5500 EI supports the TFTP file size negotiat...

Page 1082: ...ver IP address or the host name of a TFTP server a string of 1 to 20 characters If the switch belongs to a cluster the value cluster means to connect to the TFTP server of the cluster For the configur...

Page 1083: ...File name used when a file is downloaded and saved to the switch put Specifies to upload a file to the TFTP server source file url Path and name of the file to be uploaded to the TFTP server dest file...

Page 1084: ...mpt appears to show the command fails to be executed Examples Connect to the remote TFTP server whose IP address is 192 168 8 8 through the source IP address 192 168 0 1 and download the file named te...

Page 1085: ...ise a prompt appears to show the configuration fails Use the undo tftp source ip command to cancel the source IP address setting The switch uses the IP address of the outbound interface in the local r...

Page 1086: ...ed for the connection between a TFTP client and a TFTP server Use the undo tftp server acl command to cancel all ACLs adopted Examples Specify to adopt ACL 2000 on the TFTP client Sysname system view...

Page 1087: ...center enable 1 7 info center logbuffer 1 8 info center loghost 1 9 info center loghost source 1 10 info center monitor channel 1 10 info center snmp channel 1 11 info center source 1 12 info center...

Page 1088: ...ffer logbuffer snmpagent channel6 channel7 channel8 channel9 Description Use the display channel command to display the settings of an information channel If no argument is specified in the command th...

Page 1089: ...0 channel name console Monitor channel number 1 channel name monitor SNMP Agent channel number 5 channel name snmpagent Log buffer enabled max buffer size 1024 current buffer size 512 current message...

Page 1090: ...debugging information XRN SWITCH OF Device Unit 1 Information about the information output state of the device enabled or disabled showing whether the log trap and debugging information output are en...

Page 1091: ...log buffer Examples Display the status of the log buffer and the records in the log buffer Sysname display logbuffer Logging buffer configuration and contents enabled Allowed max buffer size 1024 Act...

Page 1092: ...ics of the log buffer Examples Display the summary of the log buffer Sysname display logbuffer summary EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG 0 0 0 0 94 0 1 0 The above information indicates tha...

Page 1093: ...us is 1 ifOperStatus is 1 Omitted info center channel name Syntax info center channel channel number name channel name undo info center channel channel number View System view Parameters channel numbe...

Page 1094: ...annel9 Description Use the info center console channel command to set the channel through which information is output to the console Use the undo info center console channel command to restore the def...

Page 1095: ...ffersize undo info center logbuffer channel size View System view Parameters channel Sets the channel through which information outputs to the log buffer channel number Channel number ranging from 0 t...

Page 1096: ...r snmpagent channel6 channel7 channel8 channel9 facility local number The logging facility of the log host The local number argument ranges from local0 to local7 with the corresponding value ranging f...

Page 1097: ...ommand to configure the source interface through which information is sent to the log host Use the undo info center loghost source command to cancel the source interface configuration Related commands...

Page 1098: ...0 Sysname system view System View return to User View with Ctrl Z Sysname info center monitor channel 0 info center snmp channel Syntax info center snmp channel channel number channel name undo info c...

Page 1099: ...rules By default the output rules for the system information are listed in Table 1 4 This command can be used to set the filter and redirection rules of log trap and debugging information For example...

Page 1100: ...llowed Enabled disabled Severity Enabled disabled Severity Enabled disabled Severity Console default all modules Enabled warnings Enabled debuggin g Enabled debuggin g Monitor terminal default all mod...

Page 1101: ...ion are echoed after the output note that the command prompt is echoed in command edit state but is not echoed in interactive state Use the undo info center synchronous command to disable synchronous...

Page 1102: ...g information output is enabled and log and trap information output is disabled for the master switch in the fabric Debugging log and trap information output for other switches in the fabric is disabl...

Page 1103: ...r example 7 z hh mm ss sss The local time with hh ranging from 00 to 23 mm and ss ranging from 00 to 59 and sss ranging from 0 to 999 z yyyy Represents the year none Specifies not to include time stam...

Page 1104: ...ystem View return to User View with Ctrl Z Sysname info center timestamp loghost no year date info center timestamp utc Syntax info center timestamp utc undo info center timestamp utc View System view...

Page 1105: ...es 0 overwritten messages 0 Information timestamp setting with utc log date trap date debug boot XRN SWITCH OF Device Unit 1 LOG disable TRAP disable DEBUG enable If you configure to add the UTC time...

Page 1106: ...command takes effect only after the information center function is enabled Related commands info center enable display info center Examples Enable the system to output trap information to the trap buf...

Page 1107: ...to enable debugging terminal display Use the undo terminal debugging command to disable debugging terminal display By default debugging terminal display is disabled You can execute the terminal debug...

Page 1108: ...le users and terminal users This command works only on the current terminal The debugging log trap information can be output on the current terminal only after this command is executed in user view z...

Page 1109: ...Use the terminal trapping command to enable trap terminal display Use the undo terminal trapping command to disable trap terminal display By default trap terminal display is enabled Examples Enable t...

Page 1110: ...vity Test Commands 2 1 Network Connectivity Test Commands 2 1 ping 2 1 tracert 2 3 3 Device Management Commands 3 1 Device Management Commands 3 1 boot boot loader 3 1 boot bootrom 3 1 display boot lo...

Page 1111: ...ii xmodem get 3 18...

Page 1112: ...from 2000 to 2099 MM represents month ranging from 1 to 12 and DD represents day ranging from 1 to 31 Description Use the clock datetime command to set the current date and time of the Ethernet switch...

Page 1113: ...ption Use the clock summer time command to set the summer time including the name time range and time offset After the setting you can use the display clock command to check the results Examples Set t...

Page 1114: ...k timezone command to restore the local time zone to the default UTC time zone After the setting you can use the display clock command to check the setting The log information time and the debugging i...

Page 1115: ...sname Return to system view from Ethernet port view Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 quit Sysname return Syntax re...

Page 1116: ...he system name will affect the CLI prompt For example if the system name of the switch is 3Com the prompt for user view is 3Com Examples Set the system name of the Ethernet switch to LSW Sysname syste...

Page 1117: ...the system Sysname display clock 18 36 31 beijing Sat 2002 02 02 Time Zone beijing add 01 00 00 Summer Time bj one off 01 00 00 2003 01 01 01 00 00 2003 08 08 01 00 00 Table 1 1 Description on the fie...

Page 1118: ...on display version Syntax display version View Any view Parameters None Description Use the display version command to display the version information about the switch system Specifically you can use...

Page 1119: ...ing information and thus will affect the efficiency of the system Therefore it is recommended not to enable debugging for multiple functions at the same time To disable all debugging at a time you can...

Page 1120: ...t the file name diag flash default diag The file is already existing overwrite it Y N y Output information to file flash default diag Please wait After saving the information you can use the more defa...

Page 1121: ...l monitor command you will disable the monitoring of the log trap and debugging information on the current terminal Thereby no log trap or debugging information will be displayed on the terminal z The...

Page 1122: ...sending interface by its type and number With the interface specified the TTL of packets are set to 1 automatically to test the directly connected device the IP address of the device is in the same ne...

Page 1123: ...packet including the number of bytes packet sequence number TTL and response time of the response packet if the response packet is received within the timeout time If no response packet is received wi...

Page 1124: ...r of packets to be sent each time The num packet argument ranges from 0 to 65 535 and defaults to 3 w timeout Specifies the timeout time to wait for ICMP error packets The timeout argument ranges from...

Page 1125: ...ms 19 ms 19 ms 4 128 32 136 23 128 32 136 23 19 ms 39 ms 39 ms 5 128 32 168 22 128 32 168 22 20 ms 39 ms 39 ms 6 128 32 197 4 128 32 197 4 59 ms 119 ms 39 ms 7 131 119 2 5 131 119 2 5 59 ms 59 ms 39...

Page 1126: ...it NO flash which is used to indicate that the specified file is stored in the Flash memory of a specified switch Description Use the boot boot loader command to specify the host software that will be...

Page 1127: ...d display boot loader Syntax display boot loader unit unit id View Any view Parameters unit id Unit ID of a switch Description Use the display boot loader command to display the host software app file...

Page 1128: ...utes Table 3 2 Description on the fields of the display cpu command Field Description CPU busy status CPU usage status 12 in last 5 seconds 12 in last 1 minute 12 in last 5 minutes The CPU usage in th...

Page 1129: ...omVer AddrLM Type State 0 0 24 REV C NULL 001 510 IVL MAIN Normal 0 1 4 REV C NULL 001 NULL IVL 4 GE Normal Table 3 3 Description on the fields of the display device command Field Description SlotNo S...

Page 1130: ...sage of a specified switch Examples Display the memory usage of this switch Sysname display memory Unit 1 System Available Memory bytes 30045312 System Used Memory bytes 15698468 Used Rate 52 Table 3...

Page 1131: ...eboot Syntax display schedule reboot View Any view Parameters None Description Use the display schedule reboot command to display information about scheduled reboot Related commands schedule reboot at...

Page 1132: ...Temperature is high Temp low Temperature is low Voltage high Voltage is high Voltage low Voltage is low Transceiver info I O error Transceiver information read and write error Transceiver info checks...

Page 1133: ...ault WIS WAN Interface Sublayer local fault Receive optical power fault Receive optical power fault PMA PMD receiver local fault PMA PMD Physical Medium Attachment Physical Medium Dependent receiver l...

Page 1134: ...nformation Current alarm information of the transceiver TX fault TX fault display transceiver diagnosis interface Syntax display transceiver diagnosis interface interface type interface number View An...

Page 1135: ...ion to 0 01 dBM TX power dBM Digital diagnosis parameter TX power in dBM with the precision to 0 01 dBM display transceiver interface Syntax display transceiver interface interface type interface numb...

Page 1136: ...vers If the transceiver supports multiple transfer medium every two values of the transfer distance are separated by a comma The corresponding transfer medium is included in the bracket following the...

Page 1137: ...nfo interface Field Description Manu Serial Number Serial number generated during debugging and testing Manufacturing Date Debugging and testing date The date takes the value of the system clock of th...

Page 1138: ...nge If yes it prompts whether or not to proceed This prevents the system from losing the configurations in case of shutting down the system without saving the configurations Examples Directly restart...

Page 1139: ...n of one minute that is the switch will reboot within one minute after the specified reboot date and time Note that z After you execute the schedule reboot at command with a specified future date the...

Page 1140: ...ote that z The switch timer is precise to one minute When the reboot time reaches the switch will reboot in one minute at most z You can set the reboot delay in two formats the hour minute format and...

Page 1141: ...egularity command to cancel the configured reboot period By default the reboot period of the switch is not configured The switch timer can be set to a precision of one minute that is the switch will r...

Page 1142: ...sis and solution of the problems of the device By default real time monitoring of the running status of the system is enabled Enabling of this function consumes some amounts of CPU resources Therefore...

Page 1143: ...ed on unit 2 successfully Do you want to set s5500 app to be running agent next time to boot Y N y The s5500 app is configured successfully xmodem get Syntax xmodem get file url device name View User...

Page 1144: ...3 19 WARNING xmodem is a slow transfer protocol limited to the current speed settings of the auxiliary ports During the course of the download no exec input output will be available...

Page 1145: ...vlan vpn inner cos trust 1 4 vlan vpn priority 1 4 vlan vpn tpid 1 6 2 Selective QinQ Configuration Commands 2 1 Selective QinQ Configuration Commands 2 1 mac address mapping 2 1 raw vlan id inbound 2...

Page 1146: ...lan vpn Ethernet1 0 6 VLAN VPN status enabled VLAN VPN VLAN 1 VLAN VPN inner cos trust status disable VLAN VPN TPID 8100 Table 1 1 Description on the fields of the display port vlan vpn command Field...

Page 1147: ...By default transparent IGMP message transmission is disabled on a port For a VLAN VPN disabled port the switch can transmit an IGMP message received on the port within the VLAN that the IGMP message...

Page 1148: ...acket already carries a VLAN tag the packet becomes a dual tagged packet z Otherwise the packet becomes a packet carrying the default VLAN tag of the port If XRN fabric is enabled on a device the VLAN...

Page 1149: ...the outer tag priority of packets For descriptions on receiving port priority refer to QoS QoS Profile Operation Note that z This feature can be enabled only on VLAN VPN enabled ports z This command...

Page 1150: ...n outer tag that has the corresponding priority Use the undo vlan vpn priority command to remove the configuration By default no mapping between the inner tag priority and the outer tag priority is co...

Page 1151: ...TPID value The default TPID value is 0x8100 For the position and function of the TPID field in a packet refer to VLAN Operation The TPID field in an Ethernet frame has the same position with the prot...

Page 1152: ...1 7 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 vlan vpn tpid 9100...

Page 1153: ...he range 1 to 4094 all Removes all the inter VLAN MAC address replicating configurations created on the current port Description Use the mac address mapping command to configure the inter VLAN MAC add...

Page 1154: ...aw vlan id inbound all vlan id list View QinQ view Parameters vlan id list Lists of VLAN IDs After receiving packets of these VLANs the switch will encapsulate the packets with the specified outer VLA...

Page 1155: ...l Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 vlan vpn vid 20 Sysname Ethernet1 0 1 vid 20 raw vlan id inbound 8 to 15 vlan vpn vid Syntax vlan vpn vid vlan id undo vlan vpn vid vlan id V...

Page 1156: ...ich VLANs packets will be encapsulated with the specified outer VLAN tag Otherwise the configuration of the outer VLAN tag is of no use Related commands raw vlan id inbound Examples Specify Ethernet 1...

Page 1157: ...le BPDU tunnel for link aggregation control protocol LACP pagp Enable Disable BPDU tunnel for port aggregation protocol PAGP pvst Enable Disable BPDU tunnel for per VLAN spanning tree PVST stp Enable...

Page 1158: ...ork cannot be transparently transmitted properly z If XRN fabric is enabled on one port of a device the BPDU tunnel feature cannot be enabled on any port of the device Examples Enable BPDU tunnel for...

Page 1159: ...e266 c3ab Sysname system view System View return to User View with Ctrl Z Sysname bpdu tunnel tunnel dmac 010f e266 c3ab display bpdu tunnel Syntax display bpdu tunnel View Any view Parameters None De...

Page 1160: ...ion 1 18 history keep time 1 19 history record enable 1 20 history records 1 20 http operation 1 21 http string 1 22 remote ping 1 22 remote ping agent clear 1 23 remote ping agent enable 1 23 remote...

Page 1161: ...ii ttl 1 37 username 1 38 remote ping Server Commands 1 39 remote ping server enable 1 39 remote ping server tcpconnect 1 40 remote ping server udpecho 1 40...

Page 1162: ...igure the advantage factor which is used to count Mos and ICPIF value in a jitter voice test Use the undo adv factor command to restore the default This command applies only to jitter voice test Examp...

Page 1163: ...cmp test type icmp Sysname remote ping administrator icmp count 10 datafill Syntax datafill string undo datafill View remote ping test group view Parameters string Data for padding test packets It is...

Page 1164: ...None First 68 bytes jitter G 711 A Law First 16 bytes jitter G 711 muHmm Law First 16 bytes jitter G 729 A Law First 16 bytes Examples Configure a packet padding string 12 ab cd Sysname system view Sy...

Page 1165: ...administrator icmp test type icmp Sysname remote ping administrator icmp datasize 50 description Syntax description string undo description View remote ping test group view Parameters string Brief de...

Page 1166: ...it must be an IP address Examples Set the destination IP address of an ICMP test to 169 254 10 3 Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator icmp...

Page 1167: ...te ping administrator tcp destination port 9000 display remote ping Syntax display remote ping results history jitter administrator name operation tag View Any view Parameters results Displays results...

Page 1168: ...estination IP address Send operation times Number of probes made Receive response times Number of received response packets Min Max Average Round Trip Time Minimum maximum average roundtrip time in mi...

Page 1169: ...ived 2 unknown Unknown error 3 internalError System internal error 4 requestTimeOut Request timed out 5 unknownDestinationAddress Unknown destination address 6 noRouteToTarget Destination unreachable...

Page 1170: ...ult command Field Description DNS Resolve Time Time used for a DNS resolution HTTP Operation Time Total time used to establish an HTTP connection DNS Resolve Min Time Minimal time used for a DNS resol...

Page 1171: ...umber 25 Positive SD Sum 85 Positive DS Sum 42 Positive SD average 2 Positive DS average 1 Positive SD Square Sum 267 Positive DS Square Sum 162 Min Negative SD 1 Min Negative DS 1 Max Negative SD 6 M...

Page 1172: ...the source to the destination Max Negative DS Maximum absolute value of negative jitter delays from the destination to the source Negative SD Number Number of negative jitter delays from the source to...

Page 1173: ...lt DNS Resolve Current Time 10 DNS Resolve Min Time 6 DNS Resolve Times 10 DNS Resolve Max Time 10 DNS Resolve Timeout Times 0 DNS Resolve Failed Times 0 Table 1 6 Description on the fields of the dis...

Page 1174: ...Trip Time 0 Packet lost in test 0 Disconnect operation number 0 Operation timeout number 0 System busy operation number 0 Connection fail number 0 Operation sequence errors 0 Drop operation number 0...

Page 1175: ...tter value from source to destination destination to source is the minimum of positive value Max Positive SD DS The jitter value from source to destination destination to source is the maximum of posi...

Page 1176: ...address is configured z This command applies to DNS and HTTP tests only z For an HTTP test if configuring the destination address as the host name you must configure the IP address of the DNS server t...

Page 1177: ...em view System View return to User View with Ctrl Z Sysname remote ping administrator dns Sysname remote ping administrator dns test type dns Sysname remote ping administrator dns dns resolve target w...

Page 1178: ...ote ping test group view Parameters size File size in the range 1 to 10000 Kbytes Description Use the filesize command to configure the size of the file to be uploaded in an FTP test Use the undo file...

Page 1179: ...by default Related commands count z The frequency command does not apply to DHCP tests z The frequency command supports fabric only when the test type of this test group is ICMP With fabric enabled yo...

Page 1180: ...FTP test Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator ftp Sysname remote ping administrator ftp test type ftp Sysname remote ping administrator ft...

Page 1181: ...history record as needed z If you need to save history record enable it z If you disable the history record after enabling it the saved history record will be deleted and the maximum number of the hi...

Page 1182: ...with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp test type icmp Sysname remote ping administrator icmp history records 10 http operation Syntax http operation...

Page 1183: ...g command to configure the HTTP operation string and HTTP version Use the undo http string command to remove the configured HTTP operation string and version By default no HTTP operation string and HT...

Page 1184: ...group Examples Create an remote ping test group of which the administrator name is administrator and operation tag is icmp Sysname system view System View return to User View with Ctrl Z Sysname remot...

Page 1185: ...remote ping client Sysname system view System View return to User View with Ctrl Z Sysname remote ping agent enable remote ping agent max requests Syntax remote ping agent max requests max number und...

Page 1186: ...erval between sending jitter test packets Use the undo jitter interval command to restore the default By default the interval between sending jitter test packets is 20 milliseconds Related commands ji...

Page 1187: ...ets in a probe for a jitter test Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator jitter Sysname remote ping administrator jitter test type jitter Sysn...

Page 1188: ...failtimes View remote ping test group view Parameters times Number of consecutive failed probes in the range of 1 to 15 Description Use the probe failtimes command to configure the number of consecuti...

Page 1189: ...command to disable debugging for a trap By default no trap is output Examples Send a trap message after an ICMP test is finished Sysname system view System View return to User View with Ctrl Z Sysnam...

Page 1190: ...ace View remote ping test group view Parameters interface type interface number Interface type and interface number Description For ICMP tests use the source interface command to specify a source inte...

Page 1191: ...ce z The interface to be specified must be Up otherwise the test will fail Examples Configure the source interface that sends test packets in DHCP tests as VLAN interface 1 Sysname system view System...

Page 1192: ...sname remote ping administrator icmp source ip 169 254 10 2 source port Syntax source port port number undo source port View remote ping test group view Parameters port number Protocol source port num...

Page 1193: ...r configuration and restore the default By default the statistics interval for a test is once every 60 minutes and up to two groups of statistics information can be retained Delete all statistics info...

Page 1194: ...e range 1 to 2147483647 in seconds Description Use the test time begin command to configure the start time and the lasting time of a test Use the undo test time command to stop the test and remove the...

Page 1195: ...delay change of UDP packet transmission z snmpquery Indicates an SNMP test z tcpprivate Indicates a TCP test on a specified unknown port z tcppublic Indicates a TCP test on port 7 z udpprivate Indicat...

Page 1196: ...mote ping test Related commands display remote ping The result of the remote ping test cannot be displayed automatically and you need to use the display remote ping command to display the test result...

Page 1197: ...for three consecutive times Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp test type icmp Sysname remote...

Page 1198: ...acket header in the range of 0 to 255 Description Use the tos command to configure the ToS value in a remote ping test packet header Use the undo tos command to remove the ToS value in a remote ping t...

Page 1199: ...P and tracert tests z The sendpacket passroute command voids the ttl command Examples Set the TTL of remote ping ICMP test packets to 16 Sysname system view System View return to User View with Ctrl Z...

Page 1200: ...tor remote ping Server Commands z A remote ping server is required for only jitter TCP and UDP tests z You are not recommended to configure remote ping jitter UDP TCP servers on ports 1 through 1023 w...

Page 1201: ...for fixed functions such as port 1701 Otherwise the remote ping test may fail Description Use the remote ping server tcpconnect command to create a TCP listening service on the remote ping server Use...

Page 1202: ...cho command to enable UDP listening on a remote ping server Use the undo remote ping server udpecho command to disable UDP listening When performing a jitter test or a UDP connection test on a specifi...

Page 1203: ...ommands 1 1 DNS Configuration Commands 1 1 display dns domain 1 1 display dns dynamic host 1 1 display dns server 1 2 display ip host 1 3 dns domain 1 4 dns resolve 1 5 dns server 1 5 ip host 1 6 nslo...

Page 1204: ...protocols Description Use the display dns domain command to display the DNS suffixes Related commands dns domain Examples Display DNS suffixes Sysname display dns domain No Domain name 0 aaa com Table...

Page 1205: ...ame Domain name Ipaddress IP address of the corresponding domain name TTL Time for which an entry is cached in seconds Alias Alias for the domain name There can be four aliases at most DNS resolution...

Page 1206: ...er which is assigned automatically by the system and starts from 1 display ip host Syntax display ip host View Any view Parameters None Description Use the display ip host command to display mappings...

Page 1207: ...omain name you entered for resolution Use the undo dns domain command to delete the configured DNS suffix No DNS suffix is configured by default You can configure a maximum of 10 DNS suffixes You must...

Page 1208: ...ew System View return to User View with Ctrl Z Sysname dns resolve dns server Syntax dns server ip address undo dns server ip address View System view Parameters ip address IP address of the DNS Serve...

Page 1209: ...to remove the mapping No mappings are created by default Each host name can correspond to only one IP address When IP addresses are configured for the same host for multiple times only the IP address...

Page 1210: ...ost com Address 192 168 3 2 Display the corresponding IP address for www host com Sysname nslookup type a www host com Trying DNS server 10 72 66 36 Name www host com Address 192 168 3 2 reset dns dyn...

Page 1211: ...vlan 1 3 link aggregation group 1 3 port 1 4 port smart link group 1 5 reset smart link packets counter 1 6 smart link flush enable 1 6 smart link group 1 7 2 Monitor Link Configuration Commands 2 1 M...

Page 1212: ...ved 000f e20f 5566 Device ID of last flush packet received 000f e20f 5566 Control VLAN ID of last flush packet received 1 Table 1 1 Description on the fields of the display smart link flush command Fi...

Page 1213: ...ormation about smart link group 1 Sysname display smart link group 1 Smart Link Group 1 information Device ID 000f e212 3456 Control VLAN ID 1 Member Role State Flush count Last flush time Ethernet1 0...

Page 1214: ...th Ctrl Z Sysname smart link group 1 Sysname smlk group1 flush enable control vlan 1 link aggregation group Syntax link aggregation group group id master slave undo link aggregation group group id Vie...

Page 1215: ...r master Specifies the specified port as the master port of the smart link group slave Specifies the specified port as the slave port of the smart link group Description Use the port command to assign...

Page 1216: ...smart link group Use the undo port smart link group command to remove the current port from the specified smart link group The port where you configure the command cannot be a link aggregation group m...

Page 1217: ...interface number undo smart link flush enable port interface type interface number to interface type interface number View Ethernet port view system view Parameters vlan id Control VLAN ID in the ran...

Page 1218: ...ush messages received from control VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname smart link flush enable control vlan 1 port Ethernet 1 0 5 to Ethernet 1 0 10 smart li...

Page 1219: ...o members before executing the undo smart link group command Examples Create a smart link group Sysname system view System View return to User View with Ctrl Z Sysname smart link group 1 New Smart Lin...

Page 1220: ...group 1 Sysname display monitor link group 1 Monitor link group 1 information Member Role Status Last up time Last down time SMLK 2 UPLINK UP 16 37 20 2006 4 21 16 37 20 2006 4 20 AGG 1 DOWNLINK UP T...

Page 1221: ...oup member can be a single port a manual or static link aggregation group but not a dynamic link aggregation group Uplink port can also be a smart link group Use this command only on the link aggregat...

Page 1222: ...cuting the undo monitor link group command Examples Create a monitor link group Sysname system view System View return to User View with Ctrl Z Sysname monitor link group 1 New Monitor Link Group has...

Page 1223: ...trl Z Sysname monitor link group 1 Sysname mtlk group1 port Ethernet 1 0 7 downlink port monitor link group Syntax port monitor link group group id uplink downlink undo port monitor link group group i...

Page 1224: ...ink group group id uplink undo smart link group group id View Monitor link group view Parameters group id Smart link group ID ranging 1 to 24 uplink Specifies the specified smart link group as the upl...

Page 1225: ...i Table of Contents 1 Access Management Configuration Commands 1 1 Access Management Configuration Commands 1 1 am enable 1 1 am ip pool 1 1 am trap enable 1 2 display am 1 3...

Page 1226: ...able command to disable the function By default Access management function is disabled Before enabling access management you are recommended to cancel the static ARP configuration to ensure that the b...

Page 1227: ...Note that z Before configuring the access management IP address pool of a port you need to configure the interface IP address of the VLAN to which the port belongs and the IP addresses in the access...

Page 1228: ...he format of interface type interface number to interface type interface number 1 10 where interface type is port type interface number is port number and 1 10 means that you can specify up to ten por...

Page 1229: ...ess Management state of a port enabled or disabled IP Pools Access management IP pools NULL means the access management IP pool is not configured Each IP address range is represented as X X X X number...

Page 1230: ...g 1 14 lldp admin status 1 15 lldp check change interval 1 16 lldp compliance admin status cdp 1 17 lldp compliance cdp 1 17 lldp enable 1 18 lldp encapsulation snap 1 18 lldp fast count 1 19 lldp hol...

Page 1231: ...ring devices through a port If no keyword or argument is specified this command displays all the LLDP information to be sent including the global LLDP information and the LLDP information about the LL...

Page 1232: ...LAN name of VLAN 1 VLAN 0001 Auto negotiation supported Yes Auto negotiation enabled Yes OperMau speed 1000 duplex Full PoE supported No Link aggregation supported Yes Link aggregation enabled No Aggr...

Page 1233: ...ier Asset tracking ID LLDP local information of port number interface type interface number LLDP information about a port Port ID subtype Port ID type Port ID Port ID Port description Port description...

Page 1234: ...aggregation is enabled Aggregation port ID Aggregation group ID which is 0 if link aggregation is not enabled Maximum frame Size Maximum frame size supported MED information MED LLDP information Medi...

Page 1235: ...received through a port With no keyword argument specified this command displays the LLDP information received through all the ports Examples Display the LLDP information received through all the por...

Page 1236: ...tion Class 0 Link aggregation supported Yes Link aggregation enabled No Aggregation port ID 0 Maximum frame Size 1536 Neighbor index 2 Update time 0 days 0 hours 1 minutes 1 seconds Chassis type MAC a...

Page 1237: ...ximum frame Size 1536 Table 1 2 display lldp neighbor information command output description Field Description LLDP neighbor information LLDP information about a neighboring device LLDP neighbor infor...

Page 1238: ...rrently enabled Management address type Management address type Management address Management address Management address interface type Type of the interface identified by the management address Manag...

Page 1239: ...re LLDP enabled are of this type z Class indicating a media terminal device A device of this type is media capable That is besides the capabilities of a normal terminal device it also supports media s...

Page 1240: ...type which can be z Primary indicating a primary power supply z Backup indicating a backup power supply PoE service type PoE service type Port PSE Priority Port PSE priority which can be z Unknown z...

Page 1241: ...The number of LLDP frames discarded 0 The number of LLDP error frames 0 The number of LLDP TLVs discarded 0 The number of LLDP TLVs unrecognized 0 The number of LLDP neighbor information aged out 0 T...

Page 1242: ...s transmitted on the port The number of CDP frames received Total number of the CDP frames received on the port The number of CDP frames discarded Total number of the CDP frames dropped on the port Th...

Page 1243: ...alization delay Transmit delay Delay period to send LLDPDUs Trap interval Interval to send traps Fast start times Number of the LLDPDUs to be sent successively when a new neighboring device is detecte...

Page 1244: ...through a port If no port is specified this command displays all the TLVs that are currently sent through all the ports Examples Display all the TLVs that are currently sent through all the ports Sys...

Page 1245: ...System name TLV z System description TLV z System capabilities TLV z Management address TLV IEEE 802 1 extended TLV IEEE 802 1 extended TLVs including z Port VLAN ID TLV z Port and protocol VLAN ID T...

Page 1246: ...sname Ethernet1 0 1 lldp admin status rx lldp check change interval Syntax lldp check change interval value undo lldp check change interval View Ethernet interface view Parameters value LLDP polling i...

Page 1247: ...configure CDP compatible LLDP to work in TxRx mode on the specified port s Examples Configure CDP compatible LLDP to operate in TxRx mode on Ethernet 1 0 1 Sysname system view Sysname interface ether...

Page 1248: ...dp enable command to enable LLDP Use the undo lldp enable command to disable LLDP By default LLDP is disabled globally and is enabled on a port Note that LLDP takes effect on a port only when it is en...

Page 1249: ...ew Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 lldp encapsulation snap lldp fast count Syntax lldp fast count value undo lldp fast count View System view Parameters value Number of the LLDP...

Page 1250: ...ocal device information by configuring the TTL multiplier Note that the TTL can be up to 65535 seconds TTLs longer than it will be rounded off to 65535 seconds To enable local device information to be...

Page 1251: ...me interface ethernet 1 0 1 Sysname Ethernet1 0 1 lldp management address tlv 192 6 0 1 lldp notification remote change enable Syntax lldp notification remote change enable undo lldp notification remo...

Page 1252: ...ation interval 8 lldp timer reinit delay Syntax lldp timer reinit delay value undo lldp timer reinit delay View System view Parameters value Initialization delay period to be set in the range 1 to 10...

Page 1253: ...l to send LLDPDUs Use the undo lldp timer tx interval command to restore the default By default the interval to send LLDPDUs is 30 seconds To enable local device information to be updated on neighbori...

Page 1254: ...nt This argument defaults to the least protocol VLAN ID dot3 tlv Sends IEEE 802 3 defined LLDP TLVs link aggregation Sends link aggregation group TLVs mac physic Sends MAC PHY configuration status TLV...

Page 1255: ...LLDP TLV z To disable MAC PHY configuration status TLV sending you need to disable LLDP MED capabilities TLV sending first z Specifying the all keyword for basic LLDP TLVs and organization defined LLD...

Page 1256: ...ging 1 4 password control length 1 4 password control login attempt 1 5 password control history 1 6 password control alert before expire 1 6 password control authentication timeout 1 7 password contr...

Page 1257: ...on Enabled 1 type s 1 character s per type Password history Enabled Max history record 4 Password alert before expire 7 days Password authentication timeout 60 seconds Password attempt times 3 times P...

Page 1258: ...lacklist command to display the information about one or all users who have been added to the blacklist because of password attempt failure Example Display the information about all the users who have...

Page 1259: ...ination of characters from the following four types letters A to Z a to z numbers 0 to 9 and 32 special characters including the space and _ z The password must conform to the related configuration of...

Page 1260: ...ce z If both global and local settings are available the local settings take effect Example Set the global password aging time to 100 days Sysname system view System View return to User View with Ctrl...

Page 1261: ...to 10 exceed Specifies the processing mode used after login failure lock A processing mode In this mode a user who fails to log in is added to the blacklist and cannot log in the device until the adm...

Page 1262: ...mber undo password control history View System view Parameter max record number Maximum number of history records allowed for each user The effective range is 2 to 15 Description Use the password cont...

Page 1263: ...authentication timeout Syntax password control authentication timeout authentication timeout undo password control authentication timeout View System view Parameter authentication timeout Timeout tim...

Page 1264: ...and password composition check functions are all enabled Using any of the password control aging enable password control length enable and password control history enable commands you can enable the p...

Page 1265: ...password length Sysname undo password control length enable Password minimum length disabled for all users Disable the password aging feature This operation also disables the password control feature...

Page 1266: ...specify the type length type length keyword argument combination the global setting is adopted Example Configure a global password composition policy a password must contain at least three character...

Page 1267: ...osition type number policy type type length type length undo password control super composition View System view Parameter type number policy type Sets the minimum number of character types that a sup...

Page 1268: ...ed Description Use the reset password control history record command to delete the history password records of all users Use the reset password control history record user name user name command to de...

Page 1269: ...l 2 Sysname reset password control history record super level 2 Are you sure to delete super s history records of level 2 Y N If you input Y the system deletes the history records of the super passwor...

Page 1270: ...st Sysname reset password control blacklist user name test Are you sure to delete the specified user in blacklist Y N y Check the current user information in the blacklist as you can see the user test...

Page 1271: ...6 ACL Command 1 1 active region configuration 16 MSTP Command 1 1 add member 32 Cluster Command 1 13 address check 25 DHCP Commands 2 1 administrator address 32 Cluster Command 1 13 adv factor 42 Remo...

Page 1272: ...arp send gratuitous enable vrrp 24 ARP Commands 1 2 arp static 24 ARP Commands 1 2 arp timer aging 24 ARP Commands 1 3 asbr summary 17 Routing Protocol Command 4 2 ascii 38 FTP SFTP TFTP Command 1 7...

Page 1273: ...mmand 3 2 broadcast suppression 08 Port Basic Configuration Command 1 1 bsr policy 18 Multicast Command 3 1 build 32 Cluster Command 1 16 burst mode enable 27 QoS QoS Profile Command 1 1 bye 38 FTP SF...

Page 1274: ...System Management Command 1 2 copy configuration 08 Port Basic Configuration Command 1 2 copyright info enable 02 Login Command 1 4 count 42 Remote ping Command 1 1 c rp 18 Multicast Command 3 2 crp p...

Page 1275: ...protective down recover enable 25 DHCP Commands 4 1 dhcp protective down recover interval 25 DHCP Commands 4 1 dhcp rate limit 25 DHCP Commands 4 2 dhcp rate limit enable 25 DHCP Commands 4 3 dhcp re...

Page 1276: ...CP Commands 2 7 dhcp snooping 25 DHCP Commands 3 1 dhcp snooping information enable 25 DHCP Commands 3 1 dhcp snooping information format 25 DHCP Commands 3 2 dhcp snooping information packet format 2...

Page 1277: ...luster 32 Cluster Command 1 22 display cluster base members 32 Cluster Command 1 40 display cluster base topology 32 Cluster Command 1 40 display cluster black list 32 Cluster Command 1 41 display clu...

Page 1278: ...ng Command 1 8 display dldp 13 DLDP Command 1 1 display dns domain 43 DNS Command 1 1 display dns dynamic host 43 DNS Command 1 1 display dns server 43 DNS Command 1 2 display domain 20 AAA Command 1...

Page 1279: ...lay icmp statistics 05 IP Address and Performance Optimization Command 2 6 display igmp group 18 Multicast Command 2 1 display igmp interface 18 Multicast Command 2 2 display igmp snooping configurati...

Page 1280: ...Command 1 4 display link aggregation interface 09 Link Aggregation Command 1 1 display link aggregation summary 09 Link Aggregation Command 1 2 display link aggregation verbose 09 Link Aggregation Co...

Page 1281: ...t forwarding table 18 Multicast Command 1 4 display multicast routing table 18 Multicast Command 1 6 display multicast source deny 18 Multicast Command 1 8 display ndp 32 Cluster Command 1 1 display n...

Page 1282: ...uting table 18 Multicast Command 3 7 display pim rp info 18 Multicast Command 3 8 display poe disconnect 30 PoE PoE Profile Command 1 1 display poe interface 30 PoE PoE Profile Command 1 1 display poe...

Page 1283: ...and 1 36 display remote ping 42 Remote ping Command 1 6 display remote ping statistics 42 Remote ping Command 1 12 display resilient arp 24 ARP Commands 4 1 display rip 17 Routing Protocol Command 3 2...

Page 1284: ...on 36 SSH Command 1 8 display ssh2 source ip 36 SSH Command 1 9 display ssh server source ip 36 SSH Command 1 9 display startup 03 Configuration File Management Command 1 8 display stop accounting buf...

Page 1285: ...Maintenance and Debugging Command 3 11 display trapbuffer 39 Information Center Command 1 5 display udp statistics 05 IP Address and Performance Optimization Command 2 13 display udp helper server 34...

Page 1286: ...s server 43 DNS Command 1 5 dns list 25 DHCP Commands 1 30 dns server 42 Remote ping Command 1 15 domain 20 AAA Command 1 14 domain delimiter 20 AAA Command 1 15 domain name 25 DHCP Commands 1 30 dot1...

Page 1287: ...n Command 1 16 enable snmp trap updown 33 SNMP RMON Command 1 11 execute 37 File System Management Command 1 6 exit 38 FTP SFTP TFTP Command 1 29 expired 25 DHCP Commands 1 31 F fabric member auto upd...

Page 1288: ...and 1 3 ftp server enable 38 FTP SFTP TFTP Command 1 4 ftp source interface 38 FTP SFTP TFTP Command 1 15 ftp source ip 38 FTP SFTP TFTP Command 1 15 ftp timeout 38 FTP SFTP TFTP Command 1 5 ftp opera...

Page 1289: ...ping Command 1 21 http string 42 Remote ping Command 1 22 hwtacacs nas ip 20 AAA Command 1 62 hwtacacs scheme 20 AAA Command 1 63 I icmp redirect send 05 IP Address and Performance Optimization Comman...

Page 1290: ...ulticast Command 5 5 igmp snooping general query source ip 18 Multicast Command 5 6 igmp snooping group limit 18 Multicast Command 5 7 igmp snooping group policy 18 Multicast Command 5 8 igmp snooping...

Page 1291: ...mmand 1 16 info center timestamp loghost 39 Information Center Command 1 16 info center timestamp utc 39 Information Center Command 1 17 info center trapbuffer 39 Information Center Command 1 18 insta...

Page 1292: ...FTP TFTP Command 1 17 level 20 AAA Command 1 17 line rate 27 QoS QoS Profile Command 1 12 link aggregation group 44 Smart Link Monitor Link Command 1 3 link aggregation group 44 Smart Link Monitor Lin...

Page 1293: ...mmand 1 31 log peer change 17 Routing Protocol Command 4 32 loopback 08 Port Basic Configuration Command 1 22 loopback detection control enable 08 Port Basic Configuration Command 1 23 loopback detect...

Page 1294: ...Command 1 10 mac authentication interface 21 MAC Address Authentication Command 1 5 mac authentication max auth num 21 MAC Address Authentication Command 1 11 mac authentication timer 21 MAC Address A...

Page 1295: ...roup vlan 18 Multicast Command 5 20 multicast static router port 18 Multicast Command 5 21 multicast static router port vlan 18 Multicast Command 5 21 multicast storing enable 18 Multicast Command 1 1...

Page 1296: ...NTP Command 1 7 ntp service broadcast client 35 NTP Command 1 7 ntp service broadcast server 35 NTP Command 1 8 ntp service in interface disable 35 NTP Command 1 8 ntp service max dynamic sessions 35...

Page 1297: ...nd 1 16 passive 38 FTP SFTP TFTP Command 1 19 password 20 AAA Command 1 21 password 42 Remote ping Command 1 26 password 47 Password Control Command 1 3 password control aging 47 Password Control Comm...

Page 1298: ...olicy 18 Multicast Command 3 12 pim sm 18 Multicast Command 3 13 pim timer hello 18 Multicast Command 3 13 ping 40 System Maintenance and Debugging Command 2 1 poe disconnect 30 PoE PoE Profile Comman...

Page 1299: ...le 11 Port Security Command 1 7 port security guest vlan 11 Port Security Command 1 8 port security intrusion mode 11 Port Security Command 1 9 port security max mac count 11 Port Security Command 1 1...

Page 1300: ...port rsa 36 SSH Command 1 14 public key peer 36 SSH Command 1 17 public key peer import sshkey 36 SSH Command 1 18 public key code begin 36 SSH Command 1 19 public key code end 36 SSH Command 1 20 put...

Page 1301: ...42 Remote ping Command 1 23 remote ping agent max requests 42 Remote ping Command 1 24 remote ping server enable 42 Remote ping Command 1 39 remote ping server tcpconnect 42 Remote ping Command 1 40 r...

Page 1302: ...MAC Address Authentication Command 1 9 reset msdp peer 18 Multicast Command 4 16 reset msdp sa cache 18 Multicast Command 4 17 reset msdp statistics 18 Multicast Command 4 17 reset multicast forwardi...

Page 1303: ...nd 1 4 resilient arp enable 24 ARP Commands 4 1 resilient arp interface vlan interface 24 ARP Commands 4 2 restore startup configuration 37 File System Management Command 1 23 retry 15 Auto Detect Com...

Page 1304: ...pair destroy 36 SSH Command 1 22 rsa peer public key 36 SSH Command 1 23 rsa peer public key import sshkey 36 SSH Command 1 24 rule for Advanced ACLs 26 ACL Command 1 12 rule for Basic ACLs 26 ACL Co...

Page 1305: ...20 set unit name 31 XRN Fabric Command 1 14 sftp 38 FTP SFTP TFTP Command 1 35 sftp server enable 38 FTP SFTP TFTP Command 1 24 sftp source interface 38 FTP SFTP TFTP Command 1 36 sftp source ip 38 FT...

Page 1306: ...mmand 1 24 snmp agent trap queue size 33 SNMP RMON Command 1 24 snmp agent trap source 33 SNMP RMON Command 1 25 snmp agent usm user 02 Login Command 2 4 snmp agent usm user v1 v2c 33 SNMP RMON Comman...

Page 1307: ...ct group 15 Auto Detect Command 1 6 startup bootrom access enable 37 File System Management Command 1 21 startup saved configuration 03 Configuration File Management Command 1 13 state 20 AAA Command...

Page 1308: ...eement check 16 MSTP Command 1 27 stp pathcost standard 16 MSTP Command 1 29 stp point to point 16 MSTP Command 1 30 stp port priority 16 MSTP Command 1 32 stp portlog 16 MSTP Command 1 33 stp portlog...

Page 1309: ...System Guard Command 4 7 system guard tcn rate threshold 19 802 1x and System Guard Command 4 7 system monitor enable 40 System Maintenance and Debugging Command 3 17 system view 40 System Maintenance...

Page 1310: ...ommand 2 5 tftp source ip 38 FTP SFTP TFTP Command 2 6 tftp tftp server source interface 38 FTP SFTP TFTP Command 2 4 tftp tftp server source ip 38 FTP SFTP TFTP Command 2 4 tftp server 32 Cluster Com...

Page 1311: ...ffic priority vlan 27 QoS QoS Profile Command 1 30 traffic redirect 27 QoS QoS Profile Command 1 31 traffic remark vlanid 27 QoS QoS Profile Command 1 33 traffic share across interface 17 Routing Prot...

Page 1312: ...n vpn enable 41 VLAN VPN Command 1 3 vlan vpn inner cos trust 41 VLAN VPN Command 1 4 vlan vpn priority 41 VLAN VPN Command 1 4 vlan vpn tpid 41 VLAN VPN Command 1 6 vlan vpn tunnel 16 MSTP Command 1...

Page 1313: ...5 web authentication enable 22 Web Authentication Command 1 6 web authentication free ip 22 Web Authentication Command 1 6 web authentication free user 22 Web Authentication Command 1 7 web authentica...

Page 1314: ...A 44 Z...

Search results

Summary of Contents for 5500-EI PWR

Reviews:

Related manuals for 5500-EI PWR

Brands by name

Popular brands

3Com 5500-EI PWR, Reference Manual

Search results

Summary of Contents for 5500-EI PWR

Reviews:

Related manuals for 5500-EI PWR

Brands by name

Popular brands