Dell PowerConnect PC5524 Reference Manual Download

Page: 579 / 763

DHCP Snooping and ARP Inspection Commands

579

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\CLI Folders\Dell Contax

CLI\files\DHCP_Snooping.fm

D E L L CO N F I D E N T I A L – P R E L I MI N A RY 5/ 1 5 /1 2 - F O R PR O O F O N LY

ip arp inspection validate

Use the

ip arp inspection validate

Global Configuration mode command to

perform specific checks for dynamic Address Resolution Protocol (ARP)

inspection. Use the

form of this command to restore the default

configuration.

Syntax

ip arp inspection validate
no ip arp inspection validate

Default Configuration

ARP inspection validation is disabled.

Command Mode

Global Configuration mode

User Guidelines

The following checks are performed:

•

Source MAC address

: Compares the source MAC address in the Ethernet

header against the sender MAC address in the ARP body. This check is

performed on both ARP requests and responses.

•

Destination MAC address

: Compares the destination MAC address in the

Ethernet header against the target MAC address in the ARP body. This

check is performed for ARP responses.

•

IP addresses

: Compares the ARP body for invalid and unexpected IP

addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP multicast

addresses.

Example

The following example executes ARP inspection validation.

Console(config)#

ip arp inspection validate

Summary of Contents for PowerConnect PC5524

Page 1: ...w CLI Folders Dell Contax CLI files New Cover_Dell_Contax fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Template Last Updated 03 06 2010 Dell PowerConnect 5500 Series CLI Reference Guide Regulatory Model PC5524 PC5524P PC5548 and PC5548P ...

Page 2: ...ion in the U S and other countries AMD is a registered trademark and AMD Opteron AMD Phenom and AMD Sempron are trademarks of Advanced Micro Devices Inc Microsoft Windows Windows Server MS DOS and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation inthe United States and or other countries Red Hat Enterprise Linux and Enterprise Linux are registered trademarks of...

Page 3: ...INARY 2012 FOR PROOF ONLY Contents 1 Preface 33 2 User Interface Commands 41 enable 41 disable 42 login 42 configure 43 exit Configuration 43 exit EXEC 44 end 45 help 45 history 46 history size 47 terminal history 48 terminal history size 49 terminal datadump 50 debug mode 50 show history 51 show privilege 52 do 52 banner exec 53 ...

Page 4: ... banner motd 57 exec banner 59 login banner 60 motd banner 61 show banner 61 3 Macro Commands 63 macro name 63 macro apply 65 macro description 67 macro global 68 macro global description 69 show parser macro 70 4 System Management Commands 71 ping 71 traceroute 74 telnet 77 resume 81 hostname 82 reload 83 stack master 83 system light 84 switch renumber 84 show switch 85 ...

Page 5: ...s 88 show cpu counters 88 show users 89 show sessions 90 show system 91 show version 94 system resources routing 94 show system resources routings 95 show system tcam utilization 96 show system defaults 97 show tech support 101 system fans always on 102 show system fans 103 asset tag 103 show system id 104 5 Clock Commands 107 clock set 107 clock source 108 clock timezone 108 clock summer time 109...

Page 6: ...le 115 sntp anycast client enable 115 sntp client enable 116 sntp client enable Interface 117 sntp unicast client enable 118 sntp unicast client poll 119 sntp server 119 sntp port 121 show clock 122 show sntp configuration 124 show sntp status 124 6 Configuration Image File Commands 127 copy 127 write memory 132 delete 132 pwd 133 dir 134 more 135 cd 136 rename 137 boot system 138 show running con...

Page 7: ... update 143 boot host dhcp 144 boot host auto save 145 show boot 145 ip dhcp tftp server ip addr 148 ip dhcp tftp server file 149 show ip dhcp tftp server 149 8 Management ACL Commands 151 management access list 151 permit Management 152 deny Management 153 management access class 155 show management access list 155 show management access class 156 9 SNMP Commands 159 snmp server 159 snmp server c...

Page 8: ... snmp server trap authentication 174 snmp server contact 174 snmp server location 175 snmp server set 175 show snmp 176 show snmp engineID 178 show snmp views 179 show snmp groups 179 show snmp filters 180 show snmp users 181 10 RSA and Certificate Commands 183 crypto key generate dsa 183 crypto key generate rsa 184 show crypto key mypubkey 184 crypto certificate generate 185 crypto certificate re...

Page 9: ... http server 195 ip http port 196 ip http timeout policy 196 ip http secure server 197 ip http secure port 198 ip https certificate 199 show ip http 200 show ip https 200 12 Telnet SSH and Slogin Commands 203 ip telnet server 203 ip ssh port 204 ip ssh server 204 ip ssh pubkey auth 205 crypto key pubkey chain ssh 206 user key 207 key string 208 show ip ssh 210 show crypto key pubkey chain ssh 211 ...

Page 10: ...221 login authentication 223 enable authentication 223 ip http authentication 224 show authentication methods 225 password 226 service password recovery 227 enable password 228 username 229 show user accounts 230 aaa accounting login 231 aaa accounting dot1x 233 show accounting 235 passwords min length 235 passwords strength check enable 236 passwords strength minimum character classes 237 passwor...

Page 11: ...active 244 set enable password active 245 show passwords configuration 246 show users login history 247 15 RADIUS Commands 249 radius server host 249 radius server key 251 radius server retransmit 252 radius server source ip 253 radius server source ipv6 254 radius server timeout 255 radius server deadtime 255 show radius servers 256 16 TACACS Commands 259 tacacs server host 259 tacacs server key ...

Page 12: ...ng buffered 268 clear logging 269 logging file 270 clear logging file 270 aaa logging 271 file system logging 272 management logging 273 show logging 273 show logging file 274 show syslog servers 276 18 RMON Commands 277 show rmon statistics 277 rmon collection stats 279 show rmon collection stats 280 show rmon history 281 rmon alarm 284 show rmon alarm table 286 show rmon alarm 287 rmon event 289...

Page 13: ...98 dot1x timeout reauth period 298 dot1x re authenticate 299 dot1x timeout quiet period 300 dot1x timeout tx period 301 dot1x max req 302 dot1x timeout supp timeout 303 dot1x timeout server timeout 304 show dot1x 305 show dot1x users 308 show dot1x statistics 310 clear dot1x statistics 311 dot1x auth not req 312 dot1x host mode 313 dot1x violation mode 314 dot1x guest vlan 315 dot1x guest vlan tim...

Page 14: ...s attributes errors 322 dot1x legacy supp mode 322 show dot1x advanced 323 dot1x system auth control monitor 324 show dot1x monitoring result 325 20 Ethernet Configuration Commands 329 interface 329 interface range 329 description 330 speed 330 duplex 331 negotiation 332 flowcontrol 333 flowcontrol Global 334 show flowcontrol 335 mdix 336 back pressure 337 port jumbo frame 337 clear counters 338 s...

Page 15: ...trol broadcast level kbps 348 storm control include multicast 349 show storm control 350 21 PHY Diagnostics Commands 351 test cable diagnostics tdr 351 show cable diagnostics tdr 352 show cable diagnostics cable length 353 show fiber ports optical transceiver 353 22 Power over Ethernet PoE Commands 357 power inline 357 power inline powered device 358 power inline priority 358 power inline usage th...

Page 16: ...rnet short reach global 379 green ethernet short reach interface 379 green ethernet short reach force 380 green ethernet short reach threshold 381 green ethernet power meter reset 382 25 Port Channel Commands 383 port channel load balance 384 show interfaces port channel 385 26 Address Table Commands 387 bridge multicast filtering 387 bridge multicast address 388 bridge multicast forbidden address...

Page 17: ... routed secure address 398 show mac address table 399 show mac address table count 401 show bridge multicast address table 401 show bridge multicast address table static 405 show bridge multicast filtering 408 show bridge multicast unregistered 409 show ports security 410 show ports security addresses 411 27 Port Monitor Commands 413 port monitor 413 show ports monitor 415 28 sFlow Commands 417 sf...

Page 18: ...p reinit 427 lldp tx delay 428 lldp optional tlv 428 lldp management address 429 lldp notifications 430 lldp notifications interval 431 lldp optional tlv 802 1 432 lldp med enable 433 lldp med notifications topology change 434 lldp med fast start repeat count 435 lldp med network policy global 435 lldp med network policy interface 436 clear lldp table 437 lldp med location 438 show lldp configurat...

Page 19: ...ning tree max age 456 spanning tree priority 457 spanning tree disable 458 spanning tree cost 459 spanning tree port priority 460 spanning tree portfast 460 spanning tree link type 461 spanning tree pathcost method 462 spanning tree bpdu Global 463 spanning tree bpdu Interface 464 spanning tree guard root 465 spanning tree bpduguard 466 clear spanning tree detected protocols 467 spanning tree mst ...

Page 20: ...ree 476 show spanning tree bpdu 491 31 VLAN Commands 493 vlan database 493 vlan 493 interface vlan 494 interface range vlan 495 name 496 switchport protected port 497 switchport community 498 show interfaces protected ports 498 switchport 499 switchport mode 500 switchport access vlan 501 switchport access multicast tv vlan 502 switchport trunk allowed vlan 503 switchport trunk native vlan 504 swi...

Page 21: ...oup vlan 511 private vlan 512 private vlan association 513 switchport private vlan mapping 514 switchport private vlan host association 515 show vlan private vlan 516 ip internal usage vlan 516 show vlan 518 show vlan multicast tv 519 show vlan protocols groups 519 show vlan internal usage 520 show interfaces switchport 521 32 IGMP Snooping Commands 523 ip igmp snooping Global 523 ip igmp snooping...

Page 22: ...ast member query count 533 ip igmp last member query interval 534 ip igmp snooping vlan immediate leave 534 show ip igmp snooping mrouter 535 show ip igmp snooping interface 536 show ip igmp snooping groups 537 show ip igmp snooping multicast tv 538 33 LACP Commands 541 lacp system priority 541 lacp port priority 542 lacp timeout 542 show lacp 543 show lacp port channel 546 34 GVRP Commands 547 gv...

Page 23: ...le 558 voice vlan cos mode 559 voice vlan cos 560 voice vlan aging timeout 560 voice vlan enable 561 voice vlan secure 562 show voice vlan 563 36 DHCP Snooping and ARP Inspection Commands 567 ip dhcp snooping 567 ip dhcp snooping vlan 568 ip dhcp snooping trust 568 ip dhcp snooping information option allowed untrusted 569 ip dhcp snooping verify 570 ip dhcp snooping database 571 ip dhcp snooping d...

Page 24: ...ate 579 ip arp inspection list create 580 ip mac 580 ip arp inspection list assign 581 ip arp inspection logging interval 582 show ip arp inspection 583 show ip arp inspection list 584 show ip arp inspection statistics 584 clear ip arp inspection statistics 585 ip dhcp information option 586 show ip dhcp information option 586 37 iSCSI Commands 589 iscsi enable 589 iscsi target port 590 iscsi cos ...

Page 25: ...2 ip default gateway 603 show ip interface 603 arp 604 arp timeout Global 605 arp timeout 606 ip arp proxy disable 607 ip proxy arp 607 clear arp cache 608 show arp 608 show arp configuration 609 interface ip 610 directed broadcast 611 broadcast address 612 ip helper address 612 show ip helper address 614 source precedence 615 ip domain lookup 616 ip domain name 616 ip name server 617 ip host 619 ...

Page 26: ... icmp error interval 625 show ipv6 icmp error interval 626 ipv6 address 627 ipv6 address link local 628 ipv6 unreachables 629 ipv6 default gateway 630 show ipv6 interface 631 show IPv6 route 633 ipv6 nd dad attempts 634 ipv6 host 635 ipv6 neighbor 636 ipv6 set mtu 637 ipv6 mld version 638 ipv6 mld join group 639 show ipv6 neighbors 640 clear ipv6 neighbors 641 40 Tunnel Commands 643 interface tunn...

Page 27: ...pv6 tunnel 649 41 DHCP Relay Commands 651 ip dhcp relay enable Global 651 ip dhcp relay enable Interface 651 ip dhcp relay address Global 652 ip dhcp relay address Interface 653 show ip dhcp relay 654 ip dhcp information option 655 show ip dhcp information option 656 42 DHCP Server Commands 657 ip dhcp server 657 ip dhcp pool host 657 ip dhcp pool network 658 address DHCP Host 659 address DHCP Net...

Page 28: ...ip dhcp excluded address 672 ip dhcp ping enable 673 ping enable 674 ip dhcp ping count 675 ip dhcp ping timeout 676 clear ip dhcp binding 677 show ip dhcp 677 show ip dhcp excluded addresses 678 show ip dhcp pool host 678 show ip dhcp pool network 680 show ip dhcp binding 681 show ip dhcp server statistics 683 show ip dhcp allocated 684 show ip dhcp declined 686 show ip dhcp expired 687 show ip d...

Page 29: ...96 deny IP 698 ipv6 access list 702 permit IPv6 703 deny IPv6 705 mac access list 708 permit MAC 708 service acl input 710 service acl output 711 service acl input block 712 time range 713 absolute 714 periodic 715 show time range 716 show access lists 717 show interfaces access lists 719 clear access lists counters 719 show interfaces access lists counters 720 45 Quality of Service QoS Commands 7...

Page 30: ... 730 trust 731 set 732 police 733 service policy 735 qos aggregate policer 735 show qos aggregate policer 737 police aggregate 737 wrr queue cos map 738 wrr queue bandwidth 740 priority queue out num of queues 741 traffic shape 742 traffic shape queue 743 rate limit Ethernet 744 qos wrr queue wrtd 744 show qos interface 745 qos wrr queue threshold 748 qos map policed dscp 749 qos map dscp queue 75...

Page 31: ...taxTOC fm DELL CONFIDENTIAL PRELIMINARY 2012 FOR PROOF ONLY qos trust Interface 753 qos cos 754 qos dscp mutation 755 qos map dscp mutation 755 show qos map 756 clear qos statistics 758 qos statistics policer 759 qos statistics aggregate policer 760 qos statistics queues 760 show qos statistics 761 ...

Page 32: ...32 FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files CLI_Dell_ContaxTOC fm DELL CONFIDENTIAL PRELIMINARY 2012 FOR PROOF ONLY ...

Page 33: ... Commands CLI Command Modes To configure devices the CLI is divided into various command modes Each command mode has its own set of specific commands Entering a question mark at the console prompt displays a list of commands available for that particular command mode A specific command which varies from mode to mode is used to navigate from one mode to another The standard order to access the mode...

Page 34: ...nless it has been changed using the hostname command in the Global Configuration mode Privileged EXEC Mode Privileged access is password protected to prevent unauthorized use because many of the privileged commands set operating system parameters The password is not displayed on the screen and is case sensitive Privileged users enter directly into the Privileged EXEC mode Use disable to return to ...

Page 35: ...rt channel is used to enter the Port Channel Interface Configuration mode SSH Public Key Chain Contains commands to manually specify other device SSH public keys The Global Configuration mode command crypto key pubkey chain ssh is used to enter the SSH Public Key chain Configuration mode Interface Contains commands that configure the interface The Global Configuration mode command interface is use...

Page 36: ...n with the quit or exit command When another user is required to log onto the system the login command is entered in the Privileged EXEC command mode This effectively logs off the current user and logs on the new user CLI Command Conventions The following table describes the command syntax conventions Conventions Description In a command line square brackets indicates an optional entry In a comman...

Page 37: ... of a command A list of all valid commands and corresponding help messages are displayed Partial Keyword Lookup A command is incomplete and the character is entered in place of a parameter The matched parameters for this command are displayed The following describes features that assist in using the CLI Terminal Command Buffer Every time a command is entered in the CLI it is recorded on an interna...

Page 38: ...mand To display the history buffer see show history command Negating the Effect of Commands For many configuration commands the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value This guide describes the negation effect for all applicable commands Command Completion If the command entered is incomplete invalid or has missing or invali...

Page 39: ...d Repeat the key sequence to recall successively older commands Down arrow key Returns the most recent commands from the history buffer after recalling commands with the up arrow key Repeating the key sequence will recall successively more recent commands Ctrl A Moves the cursor to the beginning of the command line Ctrl E Moves the cursor to the end of the command line Ctrl Z End Returns back to t...

Page 40: ...40 FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files CLI_Preface fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 41: ...terface Commands enable The enable EXEC mode command enters the Privileged EXEC mode Syntax enable privilege level Parameters privilege level Specifies the privilege level at which to enter the system Range 1 15 Default Configuration The default privilege level is 15 Command Mode EXEC mode Example The following example enters the Privileged EXEC mode Console enable enter password Console ...

Page 42: ...vileged EXEC mode and returns to the User EXEC mode Syntax disable privilege level Parameters privilege level Specifies the privilege level at which to enter the system Range 1 15 Default Configuration The default privilege level is 1 Command Mode Privileged EXEC mode Example The following example returns to the User EXEC mode Console disable Console login The login EXEC mode command changes a use...

Page 43: ...ser Name admin Password Console configure The configure Privileged EXEC mode command enters the Global Configuration mode Syntax configure terminal Parameters terminal Enter the Global Configuration mode with or without the keyword terminal Command Mode Privileged EXEC mode Example The following example enters Global Configuration mode Console configure Console config exit Configuration The exit c...

Page 44: ...s Examples The following examples change the configuration mode from Interface Configuration mode to Privileged EXEC mode Console config if exit Console config exit Console Router config if exit Router config exit Router exit EXEC The exit EXEC mode command closes an active terminal session by logging off the device Syntax exit Command Mode EXEC mode Example The following examples close an active ...

Page 45: ...n and returns to the Privileged EXEC mode Syntax end Command Mode All configuration modes Example The following examples end the Global Configuration mode session and return to the Privileged EXEC mode Console config end Console Router config if end Router help The help command displays a brief description of the Help system Syntax help Command Mode All command modes Example The following example ...

Page 46: ...hen 1 There is a valid command and a help request is made for entering a parameter or argument e g show All possible parameters or arguments for the entered command are then displayed 2 An abbreviated argument is entered and a help request is made for arguments matching the input e g show pr history The history Line Configuration mode command enables the command history function Use the no form of...

Page 47: ... Syntax history size number of commands no history size Parameters number of commands Specifies the number of commands the system records in its history buffer Range 0 256 Default Configuration The default command history buffer size is 10 commands Command Mode Line Configuration mode User Guidelines This command configures the command history buffer size for a particular line Use the terminal his...

Page 48: ... the command history function for the current terminal session Use the no form of this command to disable the command history function Syntax terminal history terminal no history Default Configuration The default configuration for all terminal sessions is defined by the history Line Configuration mode command Command Mode EXEC mode User Guidelines The command enables the command history for the cu...

Page 49: ...s number of commands Specifies the number of commands the system maintains in its history buffer Range 10 256 Default Configuration The default configuration for all terminal sessions is defined by the history size Line Configuration mode command Command Mode EXEC mode User Guidelines The terminal history size EXEC command changes the command history buffer size for the current terminal session Us...

Page 50: ... Dumping is disabled Command Mode EXEC mode User Guidelines By default a More prompt is displayed when the output contains more lines than can be displayed on the screen Pressing the Enter key displays the next line pressing the Spacebar displays the next screen of output The terminal datadump command enables dumping all output immediately after entering the show command This command is relevant o...

Page 51: ...EC mode command lists commands entered in the current session Syntax show history Command Mode EXEC mode User Guidelines The buffer includes executed and unexecuted commands Commands are listed from the first to the most recent command The buffer remains unchanged when entering into and returning from configuration modes Example The following example displays all the commands entered while in the ...

Page 52: ...fer size is 10 show privilege The show privilege EXEC mode command displays the current privilege level Syntax show privilege Command Mode EXEC mode Example The following example displays the current privilege level for the Privileged EXEC mode Console show privilege Current privilege level is 15 do The do command executes an EXEC level command from Global Configuration mode or any configuration s...

Page 53: ...2 2 gi1 0 1 dynamicGvrp Required 10 v0010 gi1 0 1 permanent Not Required 11 V0011 gi1 0 1 gi1 0 13 permanent Required 20 20 gi1 0 1 permanent Required 30 30 gi1 0 1 gi1 0 13 permanent Required 31 31 gi1 0 1 permanent Required 91 91 gi1 0 1 gi1 0 40 permanent Required 4093 guest vlan gi1 0 1 gi1 0 13 permanent Guest console config s banner exec Use the banner exec command to specify and enable a me...

Page 54: ...al Configuration mode User Guidelines Follow this command with one or more blank spaces and a delimiting character of your choice Then enter one or more lines of text terminating the message with the second occurrence of the delimiting character When a user connects to a device the message of the day MOTD banner appears first followed by the login banner and prompts After the user logs in to the d...

Page 55: ... message End with the character bold Session activated bold Enter commands at the prompt When a user logs on to the system the following output is displayed Session activated Enter commands at the prompt banner login Use the banner login command in Global Configuration mode to specify and enable a message to be displayed before the username and password login prompts Use the no form of this comman...

Page 56: ...ter of your choice Then enter one or more lines of text terminating the message with the second occurrence of the delimiting character When a user connects to a device the message of the day MOTD banner appears first followed by the login banner and prompts After the user logs in to the device the EXEC banner is displayed Use tokens in the form of token in the message text to customize the banner ...

Page 57: ...ecuted the user will see the following banner You have entered host123 ourdomain com banner motd Use the banner motd command in Global Configuration mode to specify and enable a message of the day banner Use the no form of this command to delete the existing MOTD banner Syntax banner motd d message text d no banner motd Parameters d Delimiting character of your choice a pound sign for example You ...

Page 58: ...m of token in the message text to customize the banner The tokens are described in the table below Use the no motd banner line configuration command to disable the MOTD banner on a particular line or lines Example The following example sets an MOTD banner that uses tokens The percent sign is used as a delimiting character Note that the token syntax is replaced by the corresponding configuration va...

Page 59: ...ner Upgrade to all devices begins at March 12 exec banner Use the exec banner command in Line Configuration mode to enable the display of exec banners Use the no form of this command to disable the display of exec banners Syntax exec banner no exec banner Parameters This command has no arguments or keywords Default Configuration Disabled Command Mode Line Configuration mode Example console configu...

Page 60: ...le the display of login banners Use the no form of this command to disable the display of login banners Syntax login banner no login banner Parameters This command has no arguments or keywords Default Configuration Enabled Command Mode Line Configuration mode Example console configure console config line console console config line login banner console config line exit console config line telnet c...

Page 61: ... disable the display of MOTD banners Syntax motd banner no motd banner Parameters This command has no arguments or keywords Default Configuration Enabled Command Mode Line Configuration mode Example console configure console config line console console config line motd banner console config line exit console config line telnet console config line motd banner console config line exit console config...

Page 62: ...anner exec Parameters This command has no arguments or keywords Command Mode EXEC mode Examples Device show banner motd Banner MOTD Line SSH Enabled Line Telnet Enabled Line Console Enabled 10000 giga ports switch console console show banner login Banner Login Line SSH Enabled Line Telnet Enabled Line Console Enabled console console show banner exec Banner EXEC Line SSH Enabled Line Telnet Enabled...

Page 63: ...es are case sensitive Default Configuration The command has no default setting Command Mode Global Configuration mode User Guidelines A macro can contain up to 3000 characters and up to 200 lines Enter one macro command per line Use the character to end the macro Use the character at the beginning of a line to enter comment text within the macro You can define mandatory keywords within a macro by ...

Page 64: ...he same name as the existing macro The newer macro overwrites the existing macro Examples The following example shows how to create a macro that defines the duplex mode and speed Switch config macro name dup Enter macro commands one per line End with the character macro description dup duplex full speed auto The following example shows how to create a macro with macro keywords Switch config macro ...

Page 65: ...o the specific interface trace Apply and trace a macro to the specific interface macro name Specify the name of the macro parameter Optional Specify unique parameter values that are specific to the interface You can enter up to three keyword value pairs Parameter keyword matching is case sensitive All matching occurrences of the keyword are replaced with the corresponding value Default Configurati...

Page 66: ...e commands are invalid and are therefore not applied When you apply a macro to an interface the macro name is automatically added to the interface You can display the applied commands and macro names by using the show running configuration interface interface id user EXEC mode command A macro applied to an interface range behaves the same way as a macro applied to a single interface When a macro i...

Page 67: ...ontain up to 160 characters Default Configuration The command has no default setting Command Mode Interface Configuration mode User Guidelines When multiple macros are applied on a single interface the description text is a concatenation of texts from a number of previously applied macros You can verify your setting by entering the show parser macro description privileged EXEC modecommand Example ...

Page 68: ...cro to a switch or to apply and trace a macro configuration on a switch Syntax macro global apply trace macro name parameter value parameter value parameter value Parameters apply Apply a macro to the switch trace Apply and trace a macro to the switch macro name Specify the name of the macro paramete Optional Specify unique parameter values that are specific to the switch You can enter up to three...

Page 69: ...e corresponding value Any full match of a keyword even if it is part of a large string is considered a match and replaced by the corresponding value Some macros might contain keywords that require a parameter value You can use the macro global apply macro name command to display a list of any required values in the macro If you apply a macro without entering the keyword values the commands are con...

Page 70: ...ou can verify your settings by entering the show parser macro description privileged EXEC mode command show parser macro Use the show parser macro User EXEC mode command to display the parameters for all configured macros or for one macro on the switch Syntax show parser macro brief description interface interface id name macro name Parameters brief Optional Display the name of each macro descript...

Page 71: ...6 Use IPv6 to check the network connectivity ipv4 address IPv4 address to ping ipv6 address Unicast or multicast IPv6 address to ping When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the User Guidelines for the interface name syntax hostname Hostname to ping 160 characters Maximum label size 63 packet_size Number of bytes in the pac...

Page 72: ...interface name vlan integer ch integer isatap integer physical port name 0 integer decimal number integer decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example gi1 0 1 When using the ping ipv6 command to check network connectivity of a directly attached host using its link local address the egress interface may be specified in the IPv6Z format If t...

Page 73: ...time 8 ms 64 bytes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 7 8 11 Console ping ip oob 176 16 1 1 Pinging oob 176 16 1 1 with 64 bytes of data 64 bytes from oob 176 16 1 1 icmp_seq 0 time 5 ms 64 bytes from oob 176 16 1 1 icmp_seq 1 time 5 ms 64 bytes from oob 176 16 1 1 icmp_seq 2 time 5 ms 64 byte...

Page 74: ... 3003 33 icmp_seq 2 time 70 ms 64 bytes from 3003 55 icmp_seq 2 time 1050 ms 64 bytes from 3003 11 icmp_seq 3 time 0 ms 64 bytes from 3003 33 icmp_seq 3 time 70 ms 64 bytes from 3003 11 icmp_seq 4 time 0 ms 64 bytes from 3003 55 icmp_seq 3 time 1050 ms 64 bytes from 3003 33 icmp_seq 4 time 70 ms 64 bytes from 3003 55 icmp_sq 4 time 1050 ms FF02 1 PING Statistics 4 packets transmitted 12 packets re...

Page 75: ...ge 1 255 count packet_count The number of probes to be sent at each TTL level The default count is 3 Range 1 10 timeout time_out The number of seconds to wait for a response to a probe packet The default is 3 seconds Range 1 60 source ip address One of the interface addresses of the device to use as a source address for the probes The device will normally pick what it feels is the best source addr...

Page 76: ...ed or when the user interrupts the trace with Esc The traceroute command is not relevant to IPv6 link local addresses Example Router traceroute ip umaxp1 physics lsa umich edu Type Esc to abort Tracing the route to umaxp1 physics lsa umich edu 141 211 101 64 1 i2 gateway stanford edu 192 68 191 83 0 msec 0 msec 0 msec 2 STAN POS calren2 NET 171 64 1 213 0 msec 0 msec 0 msec 3 SUNV STAN POS calren2...

Page 77: ... ip address hostname port keyword Field Description 1 Indicates the sequence number of the router in the path to the host i2 gateway stanford edu Host name of this router 192 68 191 83 IP address of this router 1 msec 1 msec 1 msec Round trip time for each of the probes that are sent Field Description The probe timed out Unknown packet type A Administratively unreachable Usually this output indica...

Page 78: ...nfiguration The default port is the Telnet port 23 on the host By default Telnet is enabled Command Mode EXEC mode User Guidelines Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system specific functions To enter a Telnet sequence press the escape sequence keys Ctrl shift 6 followed by a Telnet command chara...

Page 79: ...ral concurrent Telnet sessions can be opened enabling switching between the sessions To open a subsequent session the current connection has to be suspended by pressing the escape sequence keys Ctrl shift 6 and x to return to the system command prompt Then open a new connection with the telnet EXEC mode command This command lists concurrent Telnet connections to remote hosts that were opened by th...

Page 80: ...CP and other non Telnet protocols Ctrl shift 6 x Returns to the System Command Prompt Keyword Description Port Number BGP Border Gateway Protocol 179 chargen Character generator 19 cmd Remote commands 514 daytime Daytime 13 discard Discard 9 domain Domain Name Service 53 echo Echo 7 exec Exec 512 finger Finger 79 ftp File Transfer Protocol 21 ftp data FTP data connections 20 gopher Gopher 70 hostn...

Page 81: ...e EXEC mode command enables switching to another open Telnet session Syntax resume connection Parameters connection Specifies the connection number Range 1 4 connections pim auto rp PIM Auto RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunrpc Sun Remote Procedure Call 111 syslog Syslog 514 tacacs TAC Access Control System 49 talk T...

Page 82: ...et session number 1 Console resume 1 hostname The hostname Global Configuration mode command specifies or modifies the device host name Use the no form of the command to remove the existing host name Syntax hostname name no hostname Parameters Name specifies The Device Host Name Length 1 160 Characters Maximum label length 63 characters Default Configuration No host name is defined Command Mode Gl...

Page 83: ...aster unit number Range 1 8 If unspecified reloads all the units Example The following example reloads the operating system on all units Console reload This command will reset the whole system and disconnect your current session Do you want to continue y n n stack master The stack master Global Configuration mode command forces a stack master selection Use the no form of this command to restore th...

Page 84: ...tem light EXEC command to light LEDs on a specific unit Syntax system light unit unit number duration seconds system light stop Parameters unit number Specify unit number or all seconds The number of seconds to light the LEDs If unspecified defaults to 5 seconds Range 2 6 stop Stop lighting the LEDs Command Mode EXEC mode switch renumber Use the switch renumber Global Configuration command to chan...

Page 85: ...tch stack member number Parameters stack member number Specifies the unit number Range 1 6 Command Mode EXEC mode Example The following examples display the stack status information Console show switch Unit 1 3 4 5 6 7 8 2 MAC Address 00 00 b0 87 12 11 00 00 b0 87 12 13 00 00 b0 87 12 14 00 00 b0 87 12 15 00 00 b0 87 12 16 00 00 b0 87 12 17 00 00 b0 87 12 18 00 00 b0 87 12 12 SW 3 30 3 30 3 30 3 3...

Page 86: ...tore the default configuration Syntax service cpu utilization no service cpu utilization Default Configuration Measuring CPU utilization is disabled Command Mode Global Configuration mode User Guidelines Use the show cpu utilization Privileged EXEC command to view information on CPU utilization Configured order Unit 1 at Top Unit 2 at bottom Console show switch 1 Unit 1 MAC address 00 00 b0 87 12 ...

Page 87: ... mode command displays information about CPU utilization Syntax show cpu utilization Command Mode Privileged EXEC mode User Guidelines Use the service cpu utilization Global Configuration mode command to enable measuring CPU utilization Example The following example displays CPU utilization information Console show cpu utilization CPU utilization service is on CPU utilization five seconds 5 one mi...

Page 88: ...s Global Configuration mode command enables traffic counting to and from the CPU To disable counting use the no form of this command Syntax service cpu counters no service cpu counters Command Mode Global Configuration mode User Guidelines Use the show cpu counters command to display the CPU traffic counters Example The following example enables counting CPU traffic Console config service cpu coun...

Page 89: ...enable traffic counting to and from the CPU Example The following example displays the CPU traffic counters Console show cpu counters CPU counters are active In Octets 987891 In Unicast Packets 3589 In Multicast Packets 29 In Broadcast Packets 8 Out Octets 972181 Out Unicast Packets 3322 Out Multicast Packets 22 Out Broadcast Packets 8 show users The show users EXEC mode command displays informati...

Page 90: ...he show sessions EXEC mode command displays open Telnet sessions Syntax show sessions Command Mode EXEC mode User Guidelines The command displays Telnet sessions to remote hosts opened by the current Telnet session to the local device It does not display Telnet sessions to remote hosts opened by other Telnet sessions to the local device Console show users Username Bob John Robert Betty Sam Protoco...

Page 91: ...XEC mode command displays system information Syntax show system unit unit Parameters unit unit Specifies the unit number Range 1 8 Command Mode EXEC mode Console show sessions Connection 1 2 Host Remote router 172 16 1 2 Address 172 16 1 1 172 16 1 2 Port 23 23 Byte 89 8 Field Description Connection The connection number Host The remote host to which the device is connected through a Telnet sessio...

Page 92: ...lowing example displays the system information console show system Unit Type 1 PowerConnect 5524 2 PowerConnect 5524 3 PowerConnect 5524 4 PowerConnect 5524 5 PowerConnect 5524 6 PowerConnect 5524 7 PowerConnect 5524 8 PowerConnect 5524 Unit Main Power Supply Redundant Power Supply 1 OK 2 OK 3 OK 4 OK 5 OK 6 OK 7 OK 8 OK NOT OPERATIONAL Unit Fans Status 1 OK 2 OK 3 OK 4 OK 5 IDLE 6 OK 7 OK 8 FAILU...

Page 93: ...OK 3 49 OK 4 36 OK 5 35 OK 6 45 OK 7 40 OK 8 56 OK Unit Up time 1 00 00 31 24 2 00 00 31 19 3 00 00 31 24 4 00 00 31 24 5 00 00 31 24 6 00 00 31 24 7 00 00 31 25 8 00 00 31 25 console show system unit 2 System Type PowerConnect 5548 System Up Time days hour min sec 08 23 03 46 System Contact System Name System Location System MAC Address 00 99 88 66 33 33 System Object ID 1 3 6 1 4 1 674 10895 303...

Page 94: ... Syntax show version unit unit Parameters unit unit Specifies the unit number Range 1 8 Command Mode EXEC mode Example The following example displays system version information console show version Unit SW Version Boot Version HW Version 1 3 131 2 178 1 0 0 2 3 131 2 178 1 0 0 system resources routing The system resources routing Global Configuration mode command configures the routing table maxim...

Page 95: ... directly attached hosts interfaces Specifies the maximum number of IP interfaces Default Configuration Hosts 200 Routes 64 IP Interfaces 32 Command Mode Global Configuration mode User Guidelines The settings are effective after reboot Example The following example configures the routing table maximum size Console system resources routing 20 23 5 show system resources routings The show system reso...

Page 96: ...arameters Current value After reboot Value Hosts 100 100 Routes 32 32 IP Interfaces 32 32 show system tcam utilization The show system tcam utilization EXEC mode command displays the Ternary Content Addressable Memory TCAM utilization Syntax show system tcam utilization unit unit Parameters unit unit Specifies the unit number Range 1 8 Command Mode EXEC mode Example The following example displays ...

Page 97: ...n voice vlan ip addressing network security and qos acl Command Mode EXEC mode Examples console show system defaults System Mode Router Maximum units in stack 8 Management defaults Telnet Enabled Maximum 4 sessions shared with SSH SSH Enabled Maximum 4 sessions shared with Telnet HTTP Enabled port 80 Maximum 27 sessions HTTPS Disabled SNMP Enabled User first SNMP version V3 SNMP Local Engine ID 00...

Page 98: ...console Informational messages Logging to internal buffer Informational messages Logging to file Error messages Logging to remote server Informational messages Maximum no of syslog messages 200 SNTP supported SNTP Port No 123 SNTP Interface Enabled IP Domain Naming System Enabled DHCP Server Enabled DHCP Auto Configuration Enabled DHCP Option 67 Enabled DHCP Option 82 Disabled IPv6 defaults 802 1x...

Page 99: ... Disabled Port Channel Load Balancing Layer 2 Bridging defaults Maximum 16K entries Aging time 5 minutes iSCSI Enabled iSCSI cos 5 with no remark Multicast defaults Multicast filtering Disabled IGMP snooping Disabled IGMP Querier Disabled Multicast TV Vlan Interface disabled Port monitoring defaults Port monitor is not defined Maximum source port 4 Maximum destination ports for mirroring 2 Spannin...

Page 100: ...ip 1 Voice vlan defaults Voice VLAN Disabled Cos 6 with no remark OUI table 00 E0 BB 3COM 00 03 6B Cisco 00 E0 75 Veritel 00 D0 1E Pingtel 00 01 E3 Simens 00 60 B9 NEC Philips 00 0F E2 Huawei 3COM 00 09 6E Avaya Network security defaults DHCP snooping Disabled ARP inspection Disabled ARP inspection Validation Disabled DOS attacks IP addressing defaults No IP interface is defined QOS and ACLs defau...

Page 101: ...Technical Assistance Center when reporting a problem Syntax show tech support config memory Parameters Memory Displays memory and processor state data Config Displays switch configuration within the CLI commands supported on the device Default Configuration By default this command displays the output for technical support related show commands Use keywords to specify the type of information to be ...

Page 102: ...e show tech support command output is continuous it does not display one screen at a time To interrupt the output press Esc If you specify the config keyword the show tech support command displays a list of the commands supported on the device If user specifies the memory keyword the show tech support command displays the output flash info dir if existed or flash mapping show bootvar buffers info ...

Page 103: ...nd Mode Global Configuration mode show system fans Use the show system fans EXEC command to view the fans status Syntax show system fans Command Mode EXEC mode Example console show system fans Unit Temperature Speed Admin state Oper state Celsius RPM 1 30 8000 auto on 2 40 8000 on on asset tag The asset tag Global Configuration mode command assigns an asset tag to a device Use the no form of this ...

Page 104: ...e asset tag Default Configuration No asset tag is defined The default unit number is the master unit number Command Mode Global Configuration mode Example The following example assigns the asset tag 2365491870 to the device Console config asset tag 2365491870 show system id The show system id EXEC mode command displays the system identity information Syntax show system id unit unit Parameters unit...

Page 105: ...rs Dell Contax CLI files System_Management fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Example The following example displays the system identity information Console show system id Unit Service tag Serial number Asset tag 1 89788978 8936589782 7843678957 2 3216523877 5621987728 ...

Page 106: ...106 System Management Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files System_Management fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 107: ...h mm ss Specifies the current time in hours military format minutes and seconds Range hh 0 23 mm 0 59 ss 0 59 day Specifies the current day of the month Range 1 31 month Specifies the current month using the first three letters of the month name Range Jan Dec year Specifies the current year Range 2000 2037 Command Mode Privileged EXEC mode User Guidelines The user should enter the local clock time...

Page 108: ...rameters sntp Specifies that an SNTP server is the external clock source Default Configuration There is no external clock source Command Mode Global Configuration mode Example The following example configures an SNTP server as an external time source for the system clock Console config clock source sntp clock timezone Use the clock timezone Global Configuration command to set the time zone for dis...

Page 109: ...ser Guidelines The system internally keeps time in UTC so this command is used only for display purposes and when the time is manually set Example console config clock timezone abc 2 minutes 32 clock summer time Use one of the formats of the clock summer time Global Configuration command to configure the system to automatically switch to summer time daylight saving time Use the no form of this com...

Page 110: ...econd specific date in the command usa The summer time rules are the United States rules eu The summer time rules are the European Union rules week Week of the month Can be 1 4 first last day Day of the week first three letters by name such as Sun characters date Date of the month Range 1 31 month Month first three letters by name such as Feb characters year year no abbreviation Range 2000 2097 hh...

Page 111: ...unday in March End First Sunday in November Time 2 am local time Before 2007 Start First Sunday in April End Last Sunday in October Time 2 am local time Example console config clock summer time abc date apr 1 2010 09 00 aug 2 2010 09 00 EU rule for daylight saving time Start Last Sunday in March End Last Sunday in October Time 1 00 am 01 00 Greenwich Mean Time GMT sntp authentication key The sntp ...

Page 112: ...es The following example defines the authentication key for SNTP Console config sntp authentication key 8 md5 ClkKey Device config sntp authentication key 8 md5 ClkKey Device config sntp trusted key 8 Device config sntp authenticate sntp authenticate The sntp authenticate Global Configuration mode command enables authentication for received Simple Network Time Protocol SNTP traffic from servers Us...

Page 113: ... trusted key 8 Device config sntp authenticate sntp trusted key The sntp trusted key Global Configuration mode command authenticates the system identity with which Simple Network Time Protocol SNTP synchronizes Use the no form of this command to disable system identity authentication Syntax sntp trusted key key number no sntp trusted key key number Parameters key number Specifies the key number of...

Page 114: ... timer The sntp client poll timer Global Configuration mode command sets the polling time for the Simple Network Time Protocol SNTP client Use the no form of this command to restore the default configuration Syntax sntp client poll timer seconds no sntp client poll timer Parameters seconds Specifies the polling interval in seconds Range 60 86400 Default Configuration The default polling interval i...

Page 115: ... sntp broadcast client enable Default Configuration The SNTP broadcast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp client enable Interface Configuration mode command to enable the SNTP client on a specific interface Example The following example enables the SNTP broadcast clients s Console config sntp broadcast client enable sntp anycast client enable The...

Page 116: ...ient on a specific interface Example The following example enables SNTP anycast clients Console config sntp anycast client enable sntp client enable The sntp client enable Global Configuration mode command enables the Simple Network Time Protocol SNTP broadcast and anycast client on an interface Use the no form of this command to disable the SNTP client Syntax sntp client enable interface id no sn...

Page 117: ...le Interface To enable the Simple Network Time Protocol SNTP broadcast and anycast client on an interface use the sntp client enable Interface Configuration command Use the no form of this command to disable the SNTP client The sntp client enable Interface Configuration Ethernet Port channel VLAN mode command enables the Simple Network Time Protocol SNTP broadcast and anycast client on an interfac...

Page 118: ...he sntp unicast client enable Global Configuration mode command enables the device to use Simple Network Time Protocol SNTP predefined unicast clients Use the no form of this command to disable the SNTP unicast clients Syntax sntp unicast client enable no sntp unicast client enable Default Configuration The SNTP unicast client is disabled Command Mode Global Configuration mode User Guidelines Use ...

Page 119: ...t Configuration Polling is disabled Command Mode Global Configuration mode User Guidelines Polling time is configured with the sntp client poll timer Global Configuration mode command Example The following example enables polling for SNTP predefined unicast clients Console config sntp unicast client poll sntp server The sntp server Global Configuration mode command configures the device to use the...

Page 120: ...tgoing interface name The interface name has the format vlan integer ch integer isatap integer physical port name The subparameter integer has the format decimal digit integer decimal digit Range for the decimal digit 0 9 hostname Specifies the server hostname Only translation to IPv4 addresses is supported Length 1 158 characters Maximum label length 63 characters poll Enables polling key keyid S...

Page 121: ...ed port number for example gi1 0 16 If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface Example The following example configures the device to accept SNTP traffic from the server on 192 1 1 1 Console config sntp server 192 1 1 1 sntp port The sntp port Global Configuration mode command specifies a Simpl...

Page 122: ... is the UDP port Console config sntp port 321 show clock The show clock EXEC mode command displays the time and date from the system clock Syntax show clock detail Parameters detail Displays the TimeZone and SummerTime configuration Command Mode EXEC mode Example The following example displays the system time and date Console show clock 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Console sh...

Page 123: ...rst Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes DHCP timezone Disabled Device show clock detail 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Timezone DHCP Acronym is PST Offset is UTC 8 Timezone static Acronym is PST Offset is UTC 8 Summertime Static Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of Octo...

Page 124: ...mode Example The following example displays the device s current SNTP configuration console show sntp configuration SNTP port 123 Polling interval 1024 seconds No MD5 authentication keys Authentication is not required for synchronization No trusted keys Unicast Clients Enabled Unicast Clients Polling Enabled Server Polling Encryption Key 1 1 1 121 Disabled Disabled Broadcast Clients disabled Anyca...

Page 125: ... 70597B34 00 10 22 438 PDT Jul 5 1993 Console show sntp status Clock is synchronized stratum 4 reference is 176 1 1 8 unicast Reference time is AFE2525E 70597B34 00 10 22 438 PDT Jul 5 1993 Unicast servers Server 176 1 1 8 Status Up Last response 19 58 22 289 PDT Feb 19 2005 Offset mSec 7 33 Delay mSec 117 79 176 1 8 17 Unknown 12 17 17 987 PDT Feb 19 2005 8 98 189 19 Anycast server Server 176 1 1...

Page 126: ...126 Clock Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files Clock fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 127: ...Length 1 160 characters destination url Specifies the destination file URL or destination file reserved keyword Length 1 160 characters snmp Specifies that the destination source file is in SNMP format Used only when copying from to startup config The following table displays URL options Keyword Source or Destination flash Source or destination URL for flash memory This is the default URL If a URL...

Page 128: ... Link Local address boot Boot file tftp Source or destination URL for a TFTP network server The syntax for this alias is tftp host directory filename The host can be either an IP address or a host name usb Copy to a file on the USB device The syntax is usb directory filename xmodem Source for the file from a serial connection that uses the Xmodem protocol unit member i mage Image file on one of th...

Page 129: ... file xmodem is the destination file The source file can be copied to image boot and null only tftp is the source file and destination file on the same copy prv files cannot be copied The source or destination is a slave unit except for image and boot files mirror config cannot be used as a destination The following table describes the copy characters Copying an Image File from a Server to Flash M...

Page 130: ...uration file The startup configuration file is replaced by the copied configuration file Storing the Running or Startup Configuration on a Server Use the copy running config destination url command to copy the current configuration file to a network server using TFTP Use the copy startup config destination url command to copy the startup configuration file to a network server Saving The Running Co...

Page 131: ...Loading file1 from 172 16 101 101 OK Copy took 0 01 11 hh mm ss Copying an Image from a Server to Flash Memory The following example copies a system image named file1 from the TFTP server with an IP address of 172 16 101 101 to a non active image file Router copy tftp 172 16 101 101 file1 image Accessing file file1 on 172 16 101 101 Loading file1 from 172 16 101 101 OK Copy took 0 01 11 hh mm ss ...

Page 132: ... has no arguments or keywords Command Mode Privileged EXEC mode Examples The following example copies system image file1 from the TFTP server 172 16 101 101 to a non active image file Console write memory Overwrite file startup config Yes press any key for no 15 Sep 2010 11 27 48 COPY I FILECPY Files Copy source URL running config destination URL flas h startup config 15 Sep 2010 11 27 50 COPY N T...

Page 133: ...e User Guidelines sys prv image 1 and image 2 files cannot be deleted Example The following example deletes the file called test from the flash memory Console delete flash test Delete flash test confirm pwd Use the pwd Privileged EXECmode command to display a full clarified path to the current directory Parameters This command has no arguments or keywords Command Mode EXEC mode Keyword Source or D...

Page 134: ...le system Total size of flash 33292288 bytes Free size of flash 20708893 bytes console dir Directory of flash File Name Permission Size Data Size Modified Flash tmp rw 524288 104 01 Jan 2010 05 35 04 image 1 rw 10485760 10485760 01 Jan 2010 06 10 23 image 2 rw 10485760 10485760 01 Jan 2010 05 43 54 dhcpsn prv 262144 01 Jan 2010 05 25 07 sshkeys prv 262144 04 Jan 2010 06 05 00 syslog1 sys r 524288 ...

Page 135: ...le displays options for the URL parameter Command Mode Privileged EXEC mode User Guidelines Files are displayed in ASCII format except for the images which are displayed in a hexadecimal format prv files cannot be displayed Example The following example displays the running configuration file contents Keyword Source or Destination flash Source or destination URL for flash memory If a URL is specif...

Page 136: ...he current directory cd new directory Parameters new directory The new directory The new directory path may be specificed as either a Full Clarified Path or a Relative Path Command Mode Privileged EXEC mode User Guidelines When command cd changes the current file system the current directory of the previous file system is saved and when the command specifying only the file system for example cd us...

Page 137: ...me Privileged EXEC mode command renames a file Syntax rename url new url Parameters url Specifies the file location URL Length 1 160 characters new url Specifies the file s new URL Length 1 160 characters The following table displays options for the URL parameter Command Mode Privileged EXEC mode User Guidelines sys and prv files cannot be renamed Keyword Source or Destination flash URL for flash ...

Page 138: ... loaded by the device at startup Syntax boot system image 1 image 2 switch number all Parameters switch number Specifies the unit number If unspecified defaults to the master unit number image 1 Specifies that image 1 is loaded as the system image during the next device startup image 2 Specifies that image 2 is loaded as the system image during the next device startup Default Configuration This co...

Page 139: ...ystem image 1 show running config The show running config Privileged EXEC mode command displays the current running configuration file contents Syntax show running config Parameters This command has no arguments or keywords Command Mode Privileged EXEC mode Example The following example displays the running configuration file contents Console show running config no spanning tree interface range gi...

Page 140: ...n file contents Syntax show startup config Command Mode Privileged EXEC mode Example The following example displays the startup configuration file contents Console show startup config no spanning tree interface range gi1 0 1 48 speed 1000 exit no lldp run interface vlan 1 ip address 1 1 1 1 255 0 0 0 exit line console exec timeout 0 exit console show bootvar The show bootvar EXEC mode command disp...

Page 141: ...ber Command Mode EXEC mode Example The following example displays the active system image file that is loaded by the device at startup Console show bootvar Unit 1 Image 1 Filename file1 Version 3 1 31 Date 23 Jul 2002 17 34 19 Status Active 1 2 file2 3 2 19 22 Jan 2003 19 22 32 Not active 2 1 file1 3 1 31 23 Jul 2002 17 34 19 Not active 2 2 file2 3 2 19 22 Jan 2003 19 22 32 Active Designates that ...

Page 142: ...142 Configuration Image File Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files Configuration_Image fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 143: ...nd to enable the support of auto configuration via DHCP Use the no form of this command to disable DHCP auto configuration Syntax boot host auto config no boot host auto config Parameters This command has no arguments or key words Command Mode Global Configuration mode Default Configuration Enabled by default boot host auto update Use the boot host auto update Global Configuration mode command to ...

Page 144: ...figuration mode Default Configuration Enabled by default boot host dhcp Use the boot host dhcp Global Configuration mode command to force the mechanism used to download a configuration file at the next system startup Use the no form of this command to restore the host configuration file to the default Syntax boot host dhcp no boot host dhcp Parameters This command has no arguments or key words Com...

Page 145: ...nning in Startup after download Use the no form of this command restore default behavior Syntax boot host auto save no boot host auto save Parameters This command has no arguments or key words Command Mode Global Configuration mode Default Configuration Disable show boot Use the show boot Privilege EXEC mode command to show the status of the IP DHCP Auto Config process Syntax show boot Parameters ...

Page 146: ...shed TFTP Server IP address 1 2 20 2 Configuration filename config configfile1 cfg Auto Update Image Download via DHCP enabled console show boot Auto Config Config Download via DHCP enable Next Boot Config Download via DHCP default Auto Config State Opening hostname config file Auto Update Image Download via DHCP enabled Example 3 console show boot Auto Config Config Download via DHCP enable Next ...

Page 147: ...Config State Searching hostname in indirect configuration file Auto Update Image Download via DHCP enabled console show boot Auto Config Config Download via DHCP enable Next Boot Config Download via DHCP default Auto Config State Quit failed all steps of finding existing configuration file Auto Update Image Download via DHCP enabled console show boot Auto Config Config Download via DHCP enable Nex...

Page 148: ... Config Config Download via DHCP enable Next Boot Config Download via DHCP default Auto Config State Finished TFTP Server IP address 1 2 20 2 Configuration filename config configfile1 cfg Auto Update Image Download via DHCP enabled Auto Update State Downloading image file ip dhcp tftp server ip addr Use the ip dhcp tftp server ip addr Global Configuration mode command to set the TFTP server s IP a...

Page 149: ...p server file Global Configuration mode command to set the full file name on the TFTP server by a switch when it has not been received from the DHCP server Use the no form of this command to remove the name Syntax ip dhcp tftp server file file path no ip dhcp tftp server file Parameters file path full file name on TFTP server Default Configuration No file name Command Mode Global Configuration mod...

Page 150: ...ew CLI Folders Dell Contax CLI files Auto Update fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Command Mode EXEC Example console show ip dhcp tftp server tftp server address active 1 1 1 1 from sname manual 2 2 2 2 file path on tftp server active conf conf file from option 67 ...

Page 151: ...cess list name no management access list name Parameters name Specifies the access list name Length 1 32 characters Command Mode Global Configuration mode User Guidelines Use this command to configure a management access list This command enters the Management Access List Configuration mode where the denied or permitted access conditions are defined with the deny and permit commands If no match cr...

Page 152: ... 0 1 Console config macl permit gi1 0 9 Console config macl exit Console config management access class mlist The following example creates a management access list called mlist configures all interfaces to be management interfaces except gigabitethernet interfaces 1 0 1 and 1 0 9 and makes the new access list the active list Console config management access list mlist Console config macl deny gig...

Page 153: ...sh The parameter is optional mask mask Specifies the source IPv4 address network mask This parameter is relevant only to IPv4 addresses mask prefix length Specifies the number of bits that comprise the source IPv4 address prefix The prefix length must be preceded by a forward slash This parameter is relevant only to IPv4 addresses Range 0 32 Command Mode Management Access List Configuration mode U...

Page 154: ...ipv6 prefix length Specifies the source IPv6 address and source IPv6 address prefix length The prefix length must be preceded by a forward slash The parameter is optional mask mask Specifies the source IPv4 address network mask The parameter is relevant only to IPv4 addresses mask prefix length Specifies the number of bits that comprise the source IPv4 address prefix The prefix length must be prec...

Page 155: ...ss class console only name no management access class Parameters console only Specifies that the device can be managed only from the console name Specifies the access list name to be used Length 1 32 characters Default Configuration The default configuration is no management connection restrictions Command Mode Global Configuration mode Example The following example defines an access list called m...

Page 156: ...Privileged EXEC mode Example The following example displays the mlist management access list Console show management access list mlist console only deny Note all other access implicitly denied mlist permit gi1 0 1 permit gi1 0 9 Note all other access implicitly denied console show management access class The show management access class Privileged EXEC mode command displays information about the a...

Page 157: ...Folders Dell Contax CLI files Management_ACL fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Example The following example displays the active management access list information Console show management access class Management access class is enabled using access list mlist ...

Page 158: ...158 Management ACL Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files Management_ACL fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 159: ...evice to be configured by SNMP Use the no form of this command to disable this function Syntax snmp server server no snmp server server Parameters This command has no arguments or keywords Default Enabled Command Mode Global Configuration mode Example snmp server server console config snmp server server snmp server community Use the snmp server community Global Configuration mode command to set up...

Page 160: ...be configured using the command snmp server view no specific order of the command configurations is imposed on the user The view defines the objects available to the community It is not relevant for su which has access to the whole MIB If unspecified all the objects except the community table and SNMPv3 user and access tables are available Range 1 30 characters ipv4 address Management station IPv4...

Page 161: ...l Configuration mode User Guidelines You can t specify view name for su which has access to the whole MIB You can use the view name to restrict the access rights of a community string The logical key of the command is the pair community ip address If ip address is omitted then the key is community All Ips By specifying the view name parameter the software Generates an internal security name Maps t...

Page 162: ... 0 0 0 console config snmp server community group tom abcd 1 1 1 122 prefix 8 snmp server view The snmp server view Global Configuration mode command creates or updates a Simple Network Management Protocol SNMP server view entry Use the no form of this command to remove an SNMP server view entry Syntax snmp server view view name oid tree included excluded no snmp server view view name oid tree Par...

Page 163: ...re use and cannot be deleted or modified Example The following example creates a view that includes all objects in the MIB II system group except for sysServices System 7 and all objects for interface 1 in the MIB II interface group Console config snmp server view user view system included Console config snmp server view user view system 7 excluded Console config snmp server view user view ifEntry...

Page 164: ...del priv Specifies packet authentication with encryption Applicable only to the SNMP Version 3 security model notify notifyview Specifies the view name that enables specifying an inform or a trap Applicable only to the SNMP Version 3 security model Length 1 30 characters read readview Specifies the view name that enables viewing only the agent contents Length 1 30 characters write writeview Specif...

Page 165: ...ead user view snmp server user Use the snmp server user Global Configuration mode command to configure a new SNMP Version 3 user Use the no form of the command to remove a user Syntax snmp server user username groupname v1 v2c remote host v3 encrypted auth md5 sha auth password no snmp server user username remote host Parameters username The name of the user on the host that connects to the agent ...

Page 166: ...bled for the user When you enter a show running config command you do not see a line for this user To see if this user has been added to the configuration type the show snmp user command An SNMP EngineID should be defined in order to add users to the device Changing or removing the value of snmpEngineID deletes the SNMPv3 users database The logical key of the command is Username Configuring a remo...

Page 167: ...ve domain Do you wish to continue Y N y The SNMPv3 database will be erased Do you wish to continue Y N y console config snmp server user tom acbd v3 snmp server filter The snmp server filter Global Configuration mode command creates or updates a Simple Network Management Protocol SNMP server filter entry Use the no form of this command to remove the specified SNMP server filter entry Syntax snmp s...

Page 168: ...tion mode User Guidelines This command can be entered multiple times for the same filter record If an object identifier is included in two or more lines later lines take precedence The command s logical key is the pair filter name oid tree Example The following example creates a filter that includes all objects in the MIB II system group except for sysServices System 7 and all objects for interfac...

Page 169: ...e name syntax hostname Hostname of the host Range 1 158 characters Maximum label size 63 trap Sends SNMP traps to this host default informs Sends SNMP informs to this host Not applicable to SNMPv1 1 SNMPv1 traps are used 2c SNMPv2 traps are used 3 SNMPv2 traps are used community string Password like community string sent with the notification operation Range 1 20 characters noauth Specifies no aut...

Page 170: ...ifications recipient the software would automatically generate a notification view for that recipient for all the MIB For SNMPv3 the software doesn t automatically create a user nor a notify view Use the commands snmp server user snmp server group and snmp server view in Global Configuration mode to create a user a group or a notify group respectively The format of an IPv6Z address is ipv6 link lo...

Page 171: ... hexadecimal digits Bytes are separated by a period or colon If an odd number of hexadecimal digits are entered the system automatically prefixes the digit 0 to the string Length 5 32 characters 9 64 hexadecimal digits default Specifies that the engine ID is created automatically based on the device MAC address Default Configuration The engine ID is not configured If SNMPv3 is enabled using this c...

Page 172: ...bles SNMPv3 on the device and sets the device local engine ID to the default value Console config snmp server engineID local default snmp server engineID remote To specify the Simple Network Management Protocol SNMP engine ID of a remote SNMP device use the snmp server engineID remote Global Configuration mode command Use the no form of this command to remove the configured engine ID Syntax snmp s...

Page 173: ...n mode User Guidelines A remote engine ID is required when an SNMP version 3 inform is configured The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host snmp server enable traps Use the snmp server enable traps Global Configuration mode command to enable the device to send SNMP traps Use the no form of the command to ...

Page 174: ...p authentication no snmp server trap authentication Default Configuration SNMP failed authentication traps are enabled Command Mode Global Configuration mode Example The following example enables SNMP failed authentication traps Console config snmp server trap authentication snmp server contact Use the snmp server contact Global Configuration mode command to configure the system contact sysContact...

Page 175: ...he snmp server location Global Configuration mode command to configure the system location string Use the no form of this command to remove the location string Syntax snmp server location text no snmp server location Parameters text Specifies a string describing system location information Length 1 160 characters Command Mode Global Configuration mode Example The following example defines the devi...

Page 176: ...case of an entry in a table there is at least one name value pair followed by one or more fields Command Mode Global Configuration mode User Guidelines Although the CLI can set any required configuration there might be a situation where an SNMP user sets a MIB variable that does not have an equivalent command To generate configuration files that support those situations use the snmp server set com...

Page 177: ... DefaultSuper IP Address All 172 16 1 1 1 0 172 16 1 1 Type Router Router Router Community string public Group name user group IP address All Type Router Traps are enabled Authentication trap is enabled Version 1 2 notifications Target Address 192 122 173 42 192 122 173 42 Type Trap Info rm Community public public Version 2 2 UDP Port 162 162 Filter name TO Sec 15 15 Retries 3 3 Version 3 notifica...

Page 178: ...e The following example displays the SNMP engine ID Console show snmp engineID Local SNMP engineID 08009009020C0B099C075878 Editor If snmp server engineID remote command is supported add the following line IP address Remote SNMP engineID 172 16 1 1 08009009020C0B099C075879 Field Description Community string The community access string permitting access to the SNMP protocol Community access The acc...

Page 179: ...s viewname Parameters viewname Specifies the view name Length 1 30 characters Command Mode Privileged EXEC mode Example The following example displays the configured SNMP views show snmp groups Use the show snmp groups Privileged EXEC mode command to display the configured SNMP groups Syntax show snmp groups groupname Parameters groupname Specifies the group name Length 1 30 characters Console sho...

Page 180: ...nfigured SNMP filters Console show snmp groups Name Security Views user group managers group Model V3 V3 Level priv priv Read Default Default Write Default Notify Field Description Name Group name Security Model SNMP model in use v1 v2 or v3 Security Level Packet authentication with encryption Applicable to SNMP v3 security only Views Read View name enabling viewing the agent contents If unspecifi...

Page 181: ...rivileged EXEC mode Example The following example displays the configured SNMP filters show snmp users Use the show snmp users Privileged EXEC mode command to display the configured SNMP users Syntax show snmp users username Parameters username Specifies the user name Length 1 30 characters Command Mode Privileged EXEC mode Console show snmp filters Name OID Tree Type user filter user filter user ...

Page 182: ...ers Dell Contax CLI files SNMP fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Example The following example displays the configured SNMP users Console show snmp users Name John John Group name user group user group Auth Method md5 md5 Remote 08009009020C0B099C075879 ...

Page 183: ...iguration DSA key pairs do not exist Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs one public DSA key and one private DSA key If the device already has DSA keys a warning is displayed with a prompt to replace the existing keys with new keys This command is not saved in the router configuration However the keys generated by this command are saved in the priv...

Page 184: ... keys are generated in pairs one public RSA key and one private RSA key If the device already has RSA keys a warning is displayed with a prompt to replace the existing keys with new keys This command is not saved in the router configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device Example T...

Page 185: ...A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint Hex 77 C7 19 85 98 19 27 96 C9 CC 83 C5 78 89 F8 86 Fingerprint Bubble Babble yteriuwt jgkljhglk yewiury hdskjfryt gfhkjglk crypto certificate generate The crypto certificate generate Global Configuration mode command generates a self signed certificate for HTTPS Syntax crypto certificate number generate key generate length passphrase s...

Page 186: ... Configuration The default certificate number is 1 The default SSL s RSA key length is 1024 If passphrase string is not specified the certificate is not exportable If cn common name is not specified it defaults to the device s lowest static IPv6 address when the certificate is generated or to the device s lowest static IPv4 address if there is no static IPv6 address or to 0 0 0 0 if there is no st...

Page 187: ...n loc location st state cu country Parameters number Specifies the certificate number Range 1 2 common name Specifies the device s fully qualified URL or IP address Length 1 64 characters ou organization unit Specifies the organization unit or department name Length 1 64 characters or organization Specifies the organization name Length 1 64 characters loc location Specifies the location or city na...

Page 188: ...ertificate request for HTTPS Console crypto certificate 1 request BEGIN CERTIFICATE REQUEST MIwTCCASoCAQAwYjELMAkGA1UEBhMCUFAxCzAJBgNVBAgTAkNDMQswCQYDVQQH EwRDEMMAoGA1UEChMDZGxkMQwwCgYDVQQLEwNkbGQxCzAJBgNVBAMTAmxkMRAw DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ecwQ HdML0831i0fh F0MV Kib6Sz5p 3nUUenbfHp igVPmFM 1nbqTDekb2ymCu6K aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW wzDLvW2rsy5NPmH1QVl 8Ub...

Page 189: ...ificate imported by this command is saved in the private configuration which is never displayed to the user or backed up to another device Example The following example imports a certificate signed by Certification Authority for HTTPS Console config crypto certificate 1 import BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1Ga...

Page 190: ...t pkcs12 command creates a PKCS 12 file that contains the certificate and an RSA key pair The passphrase for the export is determined when the key is generated The certificate and key pair are exported in a standard PEM format PKCS12 file This format can be converted to and from the binary PFX file used by Windows and Linux by using the openssl command line tool See an open source OpenSSL user man...

Page 191: ...4 Key Attributes No Attributes BEGIN RSA PRIVATE KEY Proc Type 4 ENCRYPTED DEK Info DES EDE3 CBC 085DCBF3A41D2669 dac0m9jqEp1DM50sIDb8Jq1jxW 1P0kqSxuMhc25OdBE 1fPBg9VSvV1ARaYt16W bX67UyJ8t7HHF3AowjcWzElQ5GJgSQ0VemsqsRQzjpCTb090rx cNwVfIvjoedgQ Mtl5 fKIAcqsfEgEGJNXQ4jEzsXAkwfQLFfgt47O3IpkUn0AxrQzutJDOcC28Uxp raMVTVSlSkJIvaPuXJxdZ279tDMwZffILBfKCJGACT5V5 4WEqDkrF uuF9 oxm2 5SVL8TvUmXB 3hX4UoaXtxAhuy...

Page 192: ...vcNAQEEBQAwSTELMAkGA1UEBhMCdXMxCjAIBgNV BAgTASAxCjAIBgNVBAcTASAxCjAIBgNVBAMTASAxCjAIBgNVBAoTASAxCjAIBgNV BAsTASAwHhcNMDQwMjA3MTU1NDQ4WhcNMDUwMjA2MTU1NDQ4WjBJMQswCQYDVQQG EwJ1czEKMAgGA1UECBMBIDEKMAgGA1UEBxMBIDEKMAgGA1UEAxMBIDEKMAgGA1UE ChMBIDEKMAgGA1UECxMBIDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCZXP tk3e jrulfZw8q8T2oS5ymrEIes sRJE8uahTBJqKu1VHqRYJR3VYa 03HSJ741w5MzPI iuWZzrbbuXAxAgMBAAEwDQYJKoZIhvcNAQEE...

Page 193: ...cates Syntax show crypto certificate mycertificate number Parameters number Specifies the certificate number Range 1 2 Command Mode Privileged EXEC mode Example The following example displays SSL certificate 1 present on the device Console show crypto certificate mycertificate 1 BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1...

Page 194: ...cate Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files RSA_and_Certificates fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Finger print DC789788 DC88A988 127897BC BB789788 ...

Page 195: ... 12 FOR PROOF ONLY 11 Web Server Commands ip http server The ip http server Global Configuration mode command enables configuring and monitoring the device from a web browser Use the no form of this command to disable this function Syntax ip http server no ip http server Default Configuration HTTP server is enabled Command Mode Global Configuration mode ...

Page 196: ...m of this command to restore the default configuration Syntax ip http port port number no ip http port Parameters port numberPort number For use by the HTTP server Range 0 65534 Default Configuration The default port number is 80 Command Mode Global Configuration mode Example The following example configures the http port number as 100 Console config ip http port 100 ip http timeout policy Use the...

Page 197: ... Global Configuration mode User Guidelines This command also configures the timeout policy for HTTPS To specify no timeout enter the ip http timeout policy 0 command Example The following example configures the http port number as 100 Console config ip http timeout policy 0 ip http secure server Use the ip http secure server Global Configuration mode command to enable the device to be configured s...

Page 198: ...te generate command to generate an HTTPS certificate Example console config ip http secure server ip http secure port To specify the TCP port to be used by the secure web browser interface use the ip http secure port Global Configuration mode command To use the default port use the no form of this command Syntax ip http secure port port number no ip http secure port Parameters port number Port num...

Page 199: ...active certificate for HTTPS Use the no form of this command to restore the default configuration Syntax ip https certificate number no ip https certificate Parameters number Specifies the certificate number Range 1 2 Default Configuration The default certificate number is 1 Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate command to generate a HTTPS certi...

Page 200: ... Syntax show ip http Command Mode EXEC mode Example The following example displays the HTTP server configuration Console show ip http HTTP server enabled Port 80 Interactive timeout 10 minutes show ip https The show ip https Privileged EXEC mode command displays the HTTPS server configuration Syntax show ip https Command Mode Privileged EXEC mode Example The following example displays the HTTPS se...

Page 201: ... Follows the HTTP interactive timeout 10 minutes Certificate 1 is active Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by self signed Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print 1873B936 88DC3411 BC8932EF 78213...

Page 202: ...202 Web Server Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files Web_Server fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 203: ...e to be configured from a Telnet server Use the no form of this command to disable the device configuration from a Telnet server Syntax ip telnet server no ip telnet server Default Configuration Device configuration from a Telnet server is enabled Command Mode Global Configuration mode User Guidelines To control the device configuration by SSH use the ip ssh server Global Configuration mode comman...

Page 204: ...h port port number no ip ssh port Parameters port number Specifies the port number to be used by the SSH server Range 1 65535 Default Configuration The default port number is 22 Command Mode Global Configuration mode Example The following example specifies that port number 8080 is used by the SSH server Console config ip ssh port 8080 ip ssh server The ip ssh server Global Configuration mode comma...

Page 205: ...SSH server keys use the crypto key generate dsa and crypto key generate rsa Global Configuration mode commands Example The following example enables configuring the device from a SSH server Console config ip ssh server ip ssh pubkey auth The ip ssh pubkey auth Global Configuration mode command enables public key authentication of incoming SSH sessions Use the no form of this command to disable thi...

Page 206: ...ly specify other device public keys such as SSH client public keys Syntax crypto key pubkey chain ssh Default Configuration Keys do not exist Command Mode Global Configuration mode User Guidelines Use this command when you want to manually specify SSH client s public keys Example The following example enters the SSH Public Key chain Configuration mode and manually configures the RSA key pair for S...

Page 207: ...4 13 b9 33 e9 user key The user key SSH Public Key string Configuration mode command specifies which SSH public key is manually configured Use the no form of this command to remove an SSH public key Syntax user key username rsa dsa no user key username Parameters username Specifies the remote SSH client username Length 1 48 characters rsa Specifies that the RSA key pair is manually configured dsa ...

Page 208: ...n user key bob rsa Console config pubkey key key string row AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl key string The key string SSH Public Key string Configuration mode command manually specifies an SSH public key Syntax key string row key string Parameters row Specifies the SSH public key row by row key string Specifies the key in UU encoded DER format UU encoded DER format is the same format as in...

Page 209: ...trings for SSH public key client bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNXfZSkvHG QusIZ 76ILmFT34v7u7ChFAE Vu4GRfpSwoQUvV35LqJJk67IOU zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX2IExQWu08licglk02LYciz Z4TrEU 9FJxwPiVQOjc KBXu...

Page 210: ...e Privileged EXEC mode Example The following example displays the SSH server configuration The following table describes the significant fields shown in the display Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address 172 16 0 1 SSH username John Brown Version 1 5 Cipher 3DES Auth...

Page 211: ...e Specifies the remote SSH client username Length 1 48 characters fingerprint bubble babble hex Specifies the fingerprint display format The possible values are bubble babble Specifies that the fingerprint is displayed in Bubble Babble format hex Specifies that the fingerprint is displayed in hexadecimal format Default Configuration The default fingerprint format is hexadecimal Command Mode Privil...

Page 212: ...15 12 FOR PROOF ONLY bob john Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 98 F7 6E 28 F2 79 87 C8 18 F8 88 CC F8 89 87 C8 Console show crypto key pubkey chain ssh username bob Username bob Key 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 ...

Page 213: ...he Line Configuration command mode Syntax line console telnet ssh Parameters console Enters the console terminal line mode telnet Configures the device as a virtual terminal for remote console access Telnet ssh Configures the device as a virtual terminal for secured remote console access SSH Command Mode Global Configuration mode Example The following example configures the device as a virtual ter...

Page 214: ...le values are 2400 4800 9600 19200 38400 57600 and 115200 Default Configuration The default speed is 9600 bps Command Mode Line Configuration console mode User Guidelines The configured speed is applied when Autobaud is disabled This configuration applies to the current session only Example The following example configures the line baud rate as 9600 bits per second Console config line speed 9600 a...

Page 215: ...e enables autobaud Console config line console Console config line autobaud exec timeout The exec timeout Line Configuration mode command sets the session idle time interval during which the system waits for user input before automatic logoff Use the no form of this command to restore the default configuration Syntax exec timeout minutes seconds no exec timeout Parameters minutes Specifies the num...

Page 216: ... 20 minutes Console config line console Console config line exec timeout 20 show line The show line EXEC mode command displays line parameters Syntax show line console telnet ssh Parameters console Displays the console configuration telnet Displays the Telnet configuration ssh Displays the SSH configuration Default Configuration If the line is not specified all line configuration parameters are di...

Page 217: ... CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Interactive timeout Disabled History 10 Baudrate 9600 Databits 8 Parity none Stopbits 1 Telnet configuration Telnet is enabled Interactive timeout 10 minutes 10 seconds History 10 SSH configuration SSH is enabled Interactive timeout 10 minutes 10 seconds History 10 ...

Page 218: ...218 Line Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files Line fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 219: ...that follow this argument as the default method list when a user logs in list name Specifies a name for a list of authentication methods activated when a user logs in Length 1 12 characters method method2 Specifies a list of methods that the authentication algorithm tries in the given sequence The additional authentication methods are used only if the previous method returns an error not if it fai...

Page 220: ... Create a list by entering the aaa authentication login list name method command for a particular protocol where list name is any character string used to name this list The method argument identifies the list of methods that the authentication algorithm tries in the given sequence The additional methods of authentication are used only if the previous method returns an error not if it fails Specif...

Page 221: ... for the list of authentication methods activated when a user accesses higher privilege levels Length 1 12 characters method method2 Specifies a list of methods that the authentication algorithm tries in the given sequence The additional authentication methods are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that t...

Page 222: ... are used with the enable authentication command All aaa authentication enable default requests sent by the device to a RADIUS or TACACS server include the username enabx where x is the requested privilege level Create a list by entering the aaa authentication enable list name method command where list name is any character string used to name this list The method argument identifies the list of m...

Page 223: ... created with the aaa authentication login command list name Uses the specified list created with the aaa authentication login command Length 1 12 characters Default Configuration The default is the aaa authentication login command default Command Mode Line Configuration mode Example The following example specifies the login authentication method for a console session Console config line console C...

Page 224: ...mmand Mode Line Configuration mode Example The following example specifies the authentication method when accessing a higher privilege level from a console Console config line console Console config line enable authentication default ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for HTTP server access Use the no form of this co...

Page 225: ...ines The command is relevant for HTTP and HTTPS server users The additional methods of authentication are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error Example The following example specifies the HTTP access authentication methods Console config ip...

Page 226: ... mode command specifies a password on a line also known as access method such as a console or Telnet Use the no form of this command to return to the default password Console show authentication methods Login Authentication Method Lists Default Radius Local Line Console_Login Line None Enable Authentication Method Lists Default Radius Enable Console_Enable Enable None Line Console Telnet SSH Login...

Page 227: ...Default Configuration No password is defined Command Mode Line Configuration mode Example The following example specifies the password secret on a console Console config line console Console config line password secret service password recovery Use the service password recovery global configuration mode command to enable full functionality of the password recovery mechanism Use the no service pass...

Page 228: ...ation files and user files are kept If password recovery is disabled the user still can access the boot menu and trigger the password recovery in the boot menu However the configuration files and user files are removed and the following log message is generated to the terminal All the configuration and user files were removed Example The following command disables password recovery console no serv...

Page 229: ...5 Range 1 15 password Password for this level Range 0 159 chars encrypted password Encrypted password you enter copied from another device configuration Default Default for level is 15 Command Mode Global Configuration mode Example console config enable password level 15 let me in username Use the username Global Configuration mode command to establish a username based authentication system Use th...

Page 230: ...Range 1 159 password encrypted Encrypted password you enter copied from another device configuration privilege privilege level Privilege level for which the password applies If not specified the level is 15 Range 1 15 Default No user is defined Command Mode Global Configuration mode Example console config username tom privilege 15 password 1234 show user accounts The show user accounts Privileged ...

Page 231: ...gin Use the aaa accounting login command in Global Configuration mode to enable accounting of device management sessions Use the no form of this command to disable accounting Syntax aaa accounting login start stop group radius no aaa accounting login start stop group radius Parameters This command has no arguments or keywords Default Disabled Command Mode Global Configuration mode Console show use...

Page 232: ...llowing table describes the supported Radius accounting Attributes Values and when they are sent by the switch Example console config aaa accounting login start stop group radius Name Start Stop Description User Name 1 Yes Yes User s identity NAS IP Address 4 Yes Yes The switch IP address that is used for the session with the Radius server Class 25 Yes Yes Arbitrary value is included in all accoun...

Page 233: ...ines This command enables the recording of 802 1x sessions If accounting is activated the device sends a start stop messages to a Radius server when a user logs in logs out to the network respectively The device uses the configured priorities of the available Radius servers in order to select the Radius server If a new replaces an old supplicant even if the port state remains authorized the softwa...

Page 234: ...scription User Name 1 Yes Yes Supplicant s identity NAS IP Address 4 Yes Yes The switch IP address that is used for the session with the Radius server NAS Port 5 Yes Yes The switch port from where the supplicant has logged in Class 25 Yes Yes Arbitrary value is included in all accounting packets for a specific session Called Station ID 30 Yes Yes The switch MAC address Calling Station ID 31 Yes Ye...

Page 235: ...ple displays information about the accounting status Console show accounting Login Radius 802 1x Disabled passwords min length The passwords min length Global Configuration mode command configures the minimal password length in the local database Use the no form of this command to remove the restriction Syntax passwords min length length no passwords min length Parameters length Specifies the mini...

Page 236: ...crypted format the minimum length requirement is checked during user login only Passwords that were defined before defining the minimum length requirement are only checked during user login Example The following example configures the minimal required password length to 8 characters Console config passwords min length 8 passwords strength check enable Use the passwords strength check enable Global...

Page 237: ...y The user can control the above attributes of password strength with specific commands Example The following example enables password strength and configures the character classes to 3 Console config passwords strength check enable Console config passwords strength minimum character classes 3 passwords strength minimum character classes Use the passwords strength minimum character classes Global ...

Page 238: ...case letters lower case letters numbers and special characters passwords strength max limit repeated characters Use the passwords strength max limit repeated characters Global Configuration mode command to configure the maximum number of characters in the new password that can be repeated consecutively Use the no form to remove the requirement Syntax passwords strength max limit repeated character...

Page 239: ...passwords aging Global Configuration mode command to enforce password aging Use the no form of this command to return to default Syntax passwords aging days no passwords aging Parameters days Specifies the number of days before a password change is forced You can use 0 to disable aging Range 0 365 Default Disabled Command Mode Global Configuration mode User Guidelines Aging is relevant only to use...

Page 240: ...r Specifies the number of password changes required before a password can be reused Range 1 8 Default Configuration Password history is disabled Command Mode Global Configuration mode User Guidelines The setting is relevant to local users passwords line passwords and enable passwords Password history is not checked during a configuration download The password history is kept even if the password h...

Page 241: ...me days no passwords history hold time Parameters days Specifies the number of days a password is relevant for tracking passwords history Range 1 365 Default Configuration Command Mode Global Configuration mode User Guidelines The setting is relevant to local users passwords line passwords and enable passwords The passwords are not deleted from the history database when they are not relevant for t...

Page 242: ...ntication failures before the user account is locked out Range 1 5 Default Configuration Lockout is disabled Command Mode Global Configuration mode User Guidelines The setting is relevant to local users passwords line passwords and enable passwords The account is not locked out for access from the local console A user with privilege level 15 can release accounts that are locked out by using the se...

Page 243: ...nd enables writing to the login history file Use the no form of this command to disable writing to the login history file Syntax aaa login history file no aaa login history file Default Configuration Writing to the login history file is enabled Command Mode Global Configuration mode User Guidelines The login history is stored in the device internal buffer Example The following example enables writ...

Page 244: ...nd Mode Privileged EXEC mode Example The following example reactivates user Bob Console config set username Bob active set line active The set line active Privileged EXEC mode command reactivates a locked out line Syntax set line console telnet ssh active Parameters console Reactivates the console terminal line telnet Reactivates the virtual terminal for remote Telnet console access ssh Reactivate...

Page 245: ... telnet active set enable password active The set enable password active Privileged EXEC mode command reactivates a locked out local password Syntax set enable password level active Parameters level Specifies the privilege level to which the password applies Range 1 15 Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Example The following e...

Page 246: ...on about the password management configuration Syntax show passwords configuration Parameters Command Mode Privileged EXEC mode Example Console show passwords configuration Passwords aging is enabled with aging time 180 days Minimal length 8 Minimum character classes 4 Maximal number of repeated characters 2 History 10 History hold time 365 days Lockout control Disabled Enable Passwords Level Lock...

Page 247: ...ers special characters integers and so on required to be part of the password Maximumnumber of repeated characters The maximum number of times a singe character can be repeated in the password History The number of password changes required before a password in the local database can be reused History hold time The duration that a password is relevant for tracking password history Lockout control ...

Page 248: ...following example displays information about the users login history Console show users login history File save Enabled Login Time Jan 18 2004 23 58 17 Jan 19 2004 07 59 23 Jan 19 2004 08 23 48 Jan 19 2004 08 29 29 Jan 19 2004 08 42 31 Jan 19 2004 08 49 52 Username Robert Robert Bob Robert John Betty Protocol HTTP HTTP Serial HTTP SSH Telnet Location 172 16 1 8 172 16 0 8 172 16 0 8 172 16 0 1 172...

Page 249: ...y string source ipv4 address ipv6 address priority priority usage login 802 1x all no radius server host ipv4 address ipv6 address hostname Parameters ipv4 address Specifies the RADIUS server host IPv4 address ipv6 address Specifies the RADIUS server host IPv6 address ipv6z address Specifies the RADIUS server host IPv6Z address The IPv6Z address format is ipv6 link local address interface name The...

Page 250: ...ons between the device and the RADIUS server This key must match the encryption used on the RADIUS daemon To specify an empty string enter Length 0 128 characters source ipv4 address ipv6 address Specifies the source IPv4 or IPv6 address to use for communication 0 0 0 0 is interpreted as a request to use the IP address of the outgoing IP interface priority priority Specifies the order in which ser...

Page 251: ...tries deadtime or key string values are specified the global values apply to each RADIUS server host The source parameter address type must be the same as that of the host parameter Example The following example specifies a RADIUS server host with IP address 192 168 10 1 authentication request port number 20 and a 20 second timeout period Console config radius server host 192 168 10 1 auth port 20...

Page 252: ...ple The following example defines the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon Console config radius server key enterprise server radius server retransmit Use the radius server retransmit Global Configuration mode command to specify the number of times the software searches the list of RADIUS server hosts Use the no form of this comma...

Page 253: ...ADIUS servers Use the no form of this command to restore the default configuration Syntax radius server source ip source no radius server source ip source Parameters source Specifies the source IP address Default Configuration The source IP address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines If there is no available IP interface of the conf...

Page 254: ...ource ipv6 source no radius server source ipv6 source Parameters source Specifies the source IPv6 address Default Configuration The source IP address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines If there is no available IP interface of the configured IP source address an error message is issued when attempting to communicate with the IP addr...

Page 255: ...out Specifies the timeout value in seconds Range 1 30 Default Configuration The default timeout value is 3 seconds Command Mode Global Configuration mode Example The following example sets the timeout interval on all RADIUS servers to 5 seconds Console config radius server timeout 5 radius server deadtime Use the radius server deadtime Global Configuration mode command to configure the time interv...

Page 256: ...erver is skipped over by transaction requests Range 0 2000 Default Configuration The default deadtime interval is 0 Command Mode Global Configuration mode Example The following example sets all RADIUS server deadtimes to 10 minutes Console config radius server deadtime 10 show radius servers Use the show radius servers Privileged EXEC mode command to display the RADIUS server settings Syntax show ...

Page 257: ...ROOF ONLY Example The following example displays RADIUS server settings Console show radius servers IP address 172 16 1 1 172 16 1 2 Port Auth 1812 1812 Port Acct 1813 1813 Time Out Global 11 Retrans mit Global 8 Dead time Global Global Source IP Global Global Priority 1 2 Usage All All Global values TimeOut 3 Retransmit 3 Deadtime 0 Source IP 172 16 8 1 ...

Page 258: ...258 RADIUS Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files Radius fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 259: ...ACS server host IP address hostname Specifies the TACACS server host name Length 1 158 characters Maximum label length 63 characters single connection Specifies that a single open connection is maintained between the device and the daemon instead of the device opening and closing a TCP connection to the daemon each time it communicates port port number Specifies the server port number If the port ...

Page 260: ...e is used If key string is not specified the global value is used If source is not specified the global value is used Command Mode Global Configuration mode User Guidelines Multiple tacacs server host commands can be used to specify multiple hosts If no host specific timeout key or source values are specified the global values apply to each host Example The following example specifies a TACACS hos...

Page 261: ...mmand Mode Global Configuration mode Example The following example sets Enterprise as the authentication encryption key for all TACACS servers Console config tacacs server key enterprise tacacs server timeout Use the tacacs server timeout Global Configuration mode command to set the interval during which the device waits for a TACACS server to reply Use the no form of this command to restore the d...

Page 262: ...CACS servers Use the no form of this command to restore the default configuration Syntax tacacs server source ip source no tacacs server source ip source Parameters source Specifies the source IP address Range Valid IP address Default Configuration The default source IP address is the outgoing IP interface address Command Mode Global Configuration mode User Guidelines If the configured IP source a...

Page 263: ...show tacacs ip address Parameters ip address Specifies the TACACS server name or IP address Default Configuration If ip address is not specified information for all TACACS servers is displayed Command Mode Privileged EXEC mode Example The following example displays configuration and statistical information for all TACACS servers Console show tacacs IP address 172 16 1 1 Status Connected Port 49 Si...

Page 264: ...264 TACACS Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files TACACS fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 265: ...he messages Use the no form of this command to disable the logging process Syntax logging on no logging on Default Configuration Message logging is enabled Command Mode Global Configuration mode User Guidelines The logging process controls the logging messages distribution at various destinations such as the logging buffer logging file or syslog server Logging on and off at these destinations can ...

Page 266: ...ipv6 address Pv6 address of the host to be used as a syslog server When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the User Guidelines for the interface name syntax hostname Hostname of the host to be used as a syslog server Only translation to IPv4 addresses is supported Range 1 158 characters Maximum label size 63 port Port numbe...

Page 267: ...e 0 integer decimal number integer decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example 1 0 16 If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface Examples console config logging host 1 1 1 121 console config logging host 3000 100 logging console Use th...

Page 268: ...e to messages with severity level errors Console config logging console errors logging buffered Use the logging buffered Global Configuration mode command to limit the syslog message display from an internal buffer to messages with a specific severity leve and to define the buffer sizel Use the no form of this command to cancel using the buffer and returning the buffer size to defult Syntax loggin...

Page 269: ...l buffer This command limits the messages displayed to the user Example The following example limits the syslog message display from an internal buffer to messages with severity level debugging Console config logging buffered debugging clear logging Use the clear logging Privileged EXEC mode command to clear messages from the internal logging buffer Syntax clear logging Command Mode Privileged EXE...

Page 270: ...el no logging file Parameters level Specifies the severity level of syslog messages sent to the logging file The possible values are emergencies alerts critical errors warnings notifications informational and debugging Default Configuration The default severity level is errors Command Mode Global Configuration mode Example The following example limits syslog messages sent to the logging file to me...

Page 271: ...le logging AAA login events Use the no form of this command to disable logging AAA login events Syntax aaa logging login no aaa logging login Parameters login Enables logging messages related to successful AAA login events unsuccessful AAA login events and other AAA login related events Default Configuration Logging of AAA login events is enabled Command Mode Global Configuration mode User Guideli...

Page 272: ...logging of file system events Use the no form of this command to disable logging file system events Syntax file system logging copy delete rename no file system logging copy delete rename Parameters copy Specifies logging messages related to file copy operations delete rename Specifies logging messages related to file deletion and renaming operations Default Configuration Logging file system event...

Page 273: ...logging deny no management logging deny Parameters deny Enables logging messages related to management ACL deny actions Default Configuration Logging management ACL deny events is enabled Command Mode Global Configuration mode User Guidelines Other management ACL events are not subject to this command Example The following example enables logging messages related to management ACL deny actions Con...

Page 274: ... 200 Max File Logging Level error File Messages 898 Logged 64 Dropped 4 messages were not logged Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabled Aggregation Disabled Aggregation aging time 300 Sec 01 Jan 2010 05 29 46 INIT I Startup Warm Startup 01 Jan 2010 05 29 02 LINK I Up Vlan 1 01 J...

Page 275: ...r Logging Level info Buffer Messages 61 Logged 61 Displayed 200 Max File Logging Level error File Messages 898 Logged 64 Dropped 4 messages were not logged Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabled Aggregation Disabled Aggregation aging time 300 Sec 01 Jan 2010 05 57 00 SSHD E ERRO...

Page 276: ...E ERROR SSH error key_from_blob invalid key type 01 Jan 2010 05 56 34 SSHD E ERROR SSH error bad sigbloblen 58 SIGBLOB_LEN console show syslog servers Use the show syslog servers Privileged EXEC mode command to display the syslog server settings Syntax show syslog servers Command Mode Privileged EXEC mode Example The following example displays the syslog server settings console show syslog servers...

Page 277: ...mon statistics interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays RMON Ethernet statistics for gigabitethernet port 1 0 1 console show rmon statistics gi1 0 1 Port gi1 0 1 Dropped 0 Octets 0 Packets 0 Broadcast 0 Multicast 0 CRC Align Errors 0 C...

Page 278: ...eceived Broadcast The total number of good packets received and directed to the broadcast address This does not include multicast packets Multicast The total number of good packets received and directed to a multicast address This number does not include packets directed to the broadcast address CRC Align Errors The total number of packets received with a length excluding framing bits but includin...

Page 279: ...s The total number of packets including bad packets received that are 64 octets in length excluding framing bits but including FCS octets 65 to 127 Octets The total number of packets including bad packets received that are between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets 128 to 255 Octets The total number of packets including bad packets received that a...

Page 280: ... is an empty string Range Valid string buckets bucket number A value associated with the number of buckets specified for the RMON collection history group of statistics If unspecified defaults to 50 Range 1 50 interval seconds The number of seconds in each polling cycle If unspecified defaults to 1800 Range 1 3600 Command Mode Interface Configuration Ethernet Port channel mode Cannot be configured...

Page 281: ...how rmon history index throughput errors other period seconds Parameters index Specifies the set of samples to display Range 1 65535 throughput Displays throughput counters Console show rmon collection stats Index 1 2 Interface gi1 0 1 gi1 0 1 Interval 30 1800 Requested Samples 50 50 Granted Samples 50 50 Owner CLI Manager Field Description Index An index that uniquely identifies the entry Interfa...

Page 282: ...tistics for index 1 Console show rmon history 1 throughput Sample Set 1 Interface gi1 0 1 Requested samples 50 Owner CLI Interval 1800 Granted samples 50 Maximum table size 500 Time Jan 18 2005 21 57 00 Jan 18 2005 21 57 30 Octets 303595962 287696304 Packets 357568 275686 Broadcast 3289 2789 Multicast 7287 5878 Util 19 20 Console show rmon history 1 errors Sample Set 1 Interface gi1 0 1 Requested ...

Page 283: ...The number of good packets received during this sampling interval that were directed to the broadcast address Multicast The number of good packets received during this sampling interval that were directed to a multicast address This number does not include packets addressed to the broadcast address Utilization The best estimate of the mean physical layer network utilization on this interface durin...

Page 284: ...luding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error It is normal for etherHistoryFragments to increment because it counts both runts which are normal occurrences due to collisions and noise hits Jabbers The number of packets received during this sampl...

Page 285: ...le values are absolute Specifies that the selected variable value is compared directly with the thresholds at the end of the sampling interval delta Specifies that the selected variable value of the last sample is subtracted from the current value and the difference is compared with the thresholds startup rising rising falling falling Specifies the alarm that may be sent when this entry becomes va...

Page 286: ...ration mode Example The following example configures an alarm with index 1000 MIB object ID D Link sampling interval 360000 seconds 100 hours rising threshold value 1000000 falling threshold value 1000000 rising threshold event index 10 falling threshold event index 10 absolute method type and rising falling alarm console config rmon alarm 1000 1 3 6 1 2 1 2 2 1 10 1 360000 1000000 1000000 10 20 s...

Page 287: ...e the show rmon alarm EXEC mode command to display alarm configuration Syntax show rmon alarm number Parameters number Specifies the alarm index Range 1 65535 Command Mode EXEC mode Example The following example displays RMON 1 alarms Console show rmon alarm table Index 1 2 3 OID 1 3 6 1 2 1 2 2 1 10 1 1 3 6 1 2 1 2 2 1 10 1 1 3 6 1 2 1 2 2 1 10 9 Owner CLI Manager CLI Field Description Index An i...

Page 288: ... the statistic during the last sampling period For example if the sample type is delta this value is the difference between the samples at the beginning and end of the period If the sample type is absolute this value is the sampled value at the end of the period Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds Sample Type The metho...

Page 289: ... equal to the rising threshold and startup alarm is equal to rising or rising falling then a single rising alarm is generated If the first sample is less than or equal to the falling threshold and startup alarm is equal falling or rising falling then a single falling alarm is generated Rising Threshold The sampled statistic rising threshold When the current sampled value is greater than or equal t...

Page 290: ... which an SNMP trap is sent Octet string length 0 127 characters description text Specifies a comment describing this event Length 0 127 characters owner name Specifies the name of the person who configured this event Valid string Default Configuration If the owner name is not specified it defaults to an empty string Command Mode Global Configuration mode Example The following example configures a...

Page 291: ...roadcast Log Trap Router Manager Jan18 2006 23 59 48 Field Description Index A unique index that identifies this event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to...

Page 292: ...se the rmon table size Global Configuration mode command to configure the maximum size of RMON tables Use the no form of this command to return to the default configuration Syntax rmon table size history entries log entries no rmon table size history log Parameters history entries Specifies the maximum number of history table entries Range 20 270 Console show rmon log Maximum table size 500 800 af...

Page 293: ...f log table entries Range 20 100 Default Configuration The default history table size is 270 entries The default log table size is 200 entries Command Mode Global Configuration mode User Guidelines The configured table size takes effect after the device is rebooted Example The following example configures the maximum size of RMON history tables to 100 entries Console config rmon table size history...

Page 294: ...294 RMON Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files RMON fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 295: ... the no form of this command to restore the default configuration Syntax aaa authentication dot1x default method method2 no aaa authentication dot1x default Parameters method method2 Specify at least one method from the following list Default Configuration The default method is Radius Command Mode Global Configuration mode User Guidelines Additional methods of authentication are used only if the p...

Page 296: ...auth control Use the dot1x system auth control Global Configuration mode command to enable 802 1x globally Use the no form of this command to restore the default configuration Syntax dot1x system auth control no dot1x system auth control Default Configuration All the ports are in FORCE_AUTHORIZED state Command Mode Global Configuration mode Example The following example enables 802 1x globally Con...

Page 297: ...l traffic without 802 1x based client authentication force unauthorized Denies all access through this interface by forcing the port to transition to the unauthorized state and ignoring all attempts by the client to authenticate The device cannot provide authentication services to the client through the interface Default Configuration The port is in the force authorized state Command Mode Interfac...

Page 298: ...reauthentication no dot1x reauthentication Parameters This command has no arguments or keywords Default Periodic re authentication is disabled Command Mode Interface configuration Ethernet Example console config interface gigabitethernet 1 0 1 console config if dot1x reauthentication dot1x timeout reauth period Use the dot1x timeout reauth period Interface Configuration mode command to set the num...

Page 299: ... 1 0 1 console config if dot1x timeout reauth period 5000 dot1x re authenticate The dot1x re authenticate Privileged EXEC mode command manually initiates re authentication of all 802 1x enabled ports or the specified 802 1x enabled port Syntax dot1x re authenticate interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC ...

Page 300: ...e interval in seconds that the device remains in a quiet state following a failed authentication exchange with the client Range 0 65535 seconds Default Configuration The default quiet period is 60 seconds Command Mode Interface Configuration Ethernet mode User Guidelines During the quiet period the device does not accept or initiate authentication requests The default value of this command should ...

Page 301: ...t1x timeout tx period seconds no dot1x timeout tx period Parameters seconds Specifies the time interval in seconds during which the device waits for a response to an EAP request identity frame from the client before resending the request Range 1 65535 seconds Default Configuration The default timeout period is 30 seconds Command Mode Interface Configuration Ethernet mode User Guidelines The defaul...

Page 302: ...x dot1x max req count no dot1x max req Parameters count Specifies the maximum number of times that the device sends an EAP request identity frame before restarting the authentication process Range 1 10 Default Configuration The default maximum number of attempts is 2 Command Mode Interface Configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjus...

Page 303: ...ters seconds Specifies the time interval in seconds during which the device waits for a response to an EAP request frame from the client before resending the request Range 1 65535 seconds Default Configuration The default timeout period is 30 seconds Command Mode Interface Configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjust to unusual circ...

Page 304: ...g which the device waits for a response from the authentication server Range 1 65535 seconds Default Configuration The default timeout period is 30 seconds Command Mode Interface Configuration Ethernet mode User Guidelines The actual timeout period can be determined by comparing the value specified by the dot1x timeout server timeout command to the result of multiplying the number of retries speci...

Page 305: ... interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode Example The following examples display the status of 802 1x enabled Ethernet ports Console show dot1x 802 1x is enabled Port gi1 0 1 gi1 0 2 gi1 0 3 gi1 0 4 gi1 0 5 Admin Mode Auto Auto Auto Force auth Force auth Oper Mode Authorized Authorized Unauthorized Authorized Unauthorized Reauth Control Ena Ena Ena D...

Page 306: ...nt timeout 60 Seconds 30 Seconds 2 30 Seconds Server timeout Session Time HH MM SS MAC Address Authentication Method Termination Cause 30 Seconds 08 19 17 00 08 78 32 98 78 Remote Supplicant logoff Authenticator State Machine State HELD Backend State Machine State Authentication success Authentication fails IDLE 9 1 Field Description Port The port number Admin mode The port admin mode Possible val...

Page 307: ... times that the device sends an EAP request frame assuming that no response is received to the client before restarting the authentication process Supplicant timeout The number of seconds that the device waits for a response to an EAP request frame from the client before resending the request Server timeout The number of seconds that the device waits for a response from the authentication server b...

Page 308: ...NTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY show dot1x users Use the show dot1x users Privileged EXEC mode command to display active 802 1x authenticated users for the device Syntax show dot1x users username username Parameters username Specifies the supplicant username Length 1 160 characters Command Mode Privileged EXEC mode ...

Page 309: ...MAC VLAN Filter Time Method Address gi1 0 1 Bob 1d 09 07 38 Remote 0008 3b79 8787 3 OK gi1 0 1 Bernie 03 08 58 Remote 0008 3b79 3232 9 OK gi1 0 2 John 08 19 17 Remote 0008 3b89 3127 2 gi1 0 3 Paul 02 12 48 Remote 0008 3b89 8237 8 Warning Switch show dot1x users username Bob Port Username Session Auth MAC VLAN Filter Time Method Address gi1 0 1 Bob 1d 09 07 38 Remote 0008 3b79 8787 3 OK Filter ID 1...

Page 310: ...ce id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode Example The following example displays 802 1x statistics for gigabitethernet port 1 0 1 Console show dot1x statistics interface gigabitethernet 1 0 1 EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 1 EapolLogoffFramesRx 1 EapolRespIdFramesRx 3 EapolRespFramesRx 6...

Page 311: ...by this Authenticator EapolRespIdFramesRx The number of EAP Resp Id frames that have been received by this Authenticator EapolRespFramesRx The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator EapolReqIdFramesTx The number of EAP Req Id frames that have been transmitted by this Authenticator EapolReqFramesTx The number of EAP Request frames...

Page 312: ...ng example displays how to clear 802 1x statistics on all ports Console clear dot1x statistics dot1x auth not req Use the dot1x auth not req Interface Configuration VLAN mode command to enable unauthorized devices access to the VLAN Use the no form of this command to disable access to the VLAN Syntax dot1x auth not req no dot1x auth not req Default Configuration Access is enabled Command Mode Inte...

Page 313: ...sts on an IEEE 802 1x authorized port Use the no form of this command to return to the default setting Syntax dot1x host mode multi host single host multi sessions Parameters multi host Enable multiple hosts mode single host Enable single hosts mode multi sessions Enable multiple sessions mode Default Default mode is multi host Command Mode Interface Configuration Ethernet mode User Guidelines In ...

Page 314: ...st console config if dot1x host mode multi sessions dot1x violation mode Use the dot1x violation mode Interface Configuration Ethernet mode command to configure the action to be taken when a station whose MAC address is not the supplicant MAC address attempts to access the interface Use the no form of this command to return to default Syntax dot1x violation mode restrict protect shutdown no dot1x ...

Page 315: ...successful 802 1X authentication this command might not be useful in this mode BPDU message whose MAC address is not the supplicant MAC address wouldn t be discarded in the protect mode BPDU message whose MAC address is not the supplicant MAC address would cause a shutdown in the shutdown mode Example console config interface gigabitethernet gi1 0 1 console config if dot1x violation mode protect d...

Page 316: ...or leave the guest VLAN the port should not be a static member of the guest VLAN Example The following example defines VLAN 2 as a guest VLAN Console configure Console config interface vlan 2 Console config if dot1x guest vlan dot1x guest vlan timeout Use the dot1x guest vlan timeout Global Configuration mode command to set the time delay between enabling 802 1x or port up and adding a port to the...

Page 317: ...etween enabling 802 1x and adding a port to a guest VLAN to 60 seconds Console config dot1x guest vlan timeout 60 dot1x guest vlan enable Use the dot1x guest vlan enable Interface Configuration Ethernet mode command to enable unauthorized users on the interface access to the guest VLAN Use the no form of this command to disable access Syntax dot1x guest vlan enable no dot1x guest vlan enable Defau...

Page 318: ...s command to disable access Syntax dot1x mac authentication mac only mac and 802 1x no dot1x mac authentication Parameters mac only Enables authentication based on the station s MAC address only 802 1X frames are ignored mac and 802 1x Enables 802 1X authentication and MAC address authentication on the interface Default Configuration Authentication based on the station s MAC address is disabled Co...

Page 319: ... command to enable sending traps when a MAC address is successfully authenticated by the 802 1X mac authentication access control Use the no form of this command to disable the traps Syntax dot1x traps mac authentication success no dot1x traps mac authentication success Parameters This command has no arguments or keywords Default Default is disabled Command Mode Global Configuration mode dot1x tra...

Page 320: ...ommand Mode Global Configuration mode dot1x radius attributes vlan Use the dot1x radius attributes vlan Interface Configuration mode command to enable user based VLAN assignment Use the no form of this command to disable user based VLAN assignment Syntax dot1x radius attributes vlan no dot1x radius attributes vlan Parameters This command has no arguments or keywords Default Disabled Command Mode I...

Page 321: ...er in the unauthenticated VLANs and in the Guest VLAN Other static VLAN configuration is not applied on the port If the supplicant VLAN does not exist on the switch the supplicant is rejected Example console config interface gi1 0 1 console config if dot1x radius attributes vlan dot1x radius attributes filter id Use the dot1x radius attributes filter id Interface Configuration mode command to enab...

Page 322: ...ius attributes errors filter id resources accept reject no dot1x radius attributes errors filter id resources Parameters accept If the Filter ID cannot be allocated for resource allocation reasons the user is accepted If the Filter ID canot be allocated for other reasons the user is rejected reject If the Filter ID cannot be assigned the user is rejected Default Reject Command Mode Global Configur...

Page 323: ...l EAP request identity frame from the authenticator switch each tx period automatically when in multiple session mode The command should be activated onlywhen all devices connected to that port do not follow 802 1x standard behavior to send EAPOL start packets when the client link goes up for example some Windows OS with pre Service Pack 3 show dot1x advanced Use the show dot1x advanced Privileged...

Page 324: ... no dot1x system auth control monitor console show dot1x advanced Guest VLAN 3978 Unauthenticated VLANs 91 92 Interface Multiple Guest MAC VLAN Legacy Policy Hosts VLAN Authentication Assignment supp Mode Assignment gi1 0 1 Disabled Enabled MAC and 802 1X Enabled Enable Disabled gi1 0 2 Enabled Disabled Disabled Enabled Enable Disabled Switch show dot1x advanced gigabitethernet 1 0 1 Interface Mul...

Page 325: ... User Guidelines The 802 1x Monitoring VLAN cannot be deleted manually show dot1x monitoring result Use the show dot1x monitoring result Privileged EXEC mode command to display the captured information of each interface host on the switch stack Syntax show dot1x monitoring result username username Parameters username username Specifies supplicant username Range 1 80 characters Command Mode Privile...

Page 326: ...dius due wrong user name or password in Radius server FLTR ERR Radius accept message contains more than 2 filter id FRS MTH DENY First method is deny IPv6WithMAC Radius accept message contains filter with IPv6 DIP and MAC addresses IPV6WithNotIP Radius accept message contains IPv6 and not IP simultaneously POL BasicMode Policy Map is not supported in the QoS basic mode POL DEL Policy Map was delet...

Page 327: ...129 SERV ERR 09 20 11 Example 2 Switch show dot1x monitoring Bob Username Bob Port gi1 0 1 Quiet period 60 Seconds Tx period 30 Seconds Max req 2 Supplicant timeout 30 Seconds Server timeout 30 Seconds Session Time HH MM SS 08 19 17 MAC Address 00 08 78 32 98 78 Authentication Method Remote Assigned VLAN 207 Reason for Failure Radius server rejected authentication because username password mismatc...

Page 328: ...5 12 FOR PROOF ONLY Switch show dot1x monitoring Tom Username Tom Port gi1 0 1 Quiet period 60 Seconds Tx period 30 Seconds Max req 2 Supplicant timeout 30 Seconds Server timeout 30 Seconds Session Time HH MM SS 08 19 17 MAC Address 00 08 78 32 98 78 Authentication Method Remote Assigned VLAN 207 Reason for Failure VLAN was not defined on Switch ...

Page 329: ...terface ID The interface ID can be one of the following types Ethernet port or Port channel interface range Use the interface range command to execute a command on multiple ports at the same time Syntax interface range interface id list Parameters interface id list Specify list of interface IDs The interface ID can be one of the following types Ethernet port or Port channel User Guidelines Command...

Page 330: ... the description Syntax description string no description Parameters string Specifies a comment or a description of the port to assist the user Length 1 64 characters Default Configuration The interface does not have a description Command Mode Interface Configuration Ethernet Port channel mode Example The following example adds the description SW 3 to gigabitethernet port 1 0 5 Console config inte...

Page 331: ...he port operates at its maximum speed capability Command Mode Interface Configuration Ethernet Port channel mode User Guidelines The no speed command in a Port channel context returns each port in the Port channel to its maximum capability Example The following example configures the speed of gigabitethernet port 1 0 5 to 100 Mbps operation Console config interface gigabitethernet 1 0 5 Console co...

Page 332: ...nel mode Example The following example configures gigabitethernet port 1 0 5 to operate in full duplex mode Console config interface gigabitethernet 1 0 5 Console config if duplex full Console config if negotiation Use the negotiation Interface Configuration Ethernet Port channel mode command to enable auto negotiation operation for the speed and duplex parameters and master slave mode of a given ...

Page 333: ...e preference Default Configuration Auto negotiation is enabled and preferred default mode is master mode Command Mode Interface Configuration Ethernet Port channel mode Example The following example enables auto negotiation on gigabitethernet port 1 0 5 Console config interface gigabitethernet 1 0 5 Console config if negotiation Console config if flowcontrol Use the flowcontrol Interface Configura...

Page 334: ...e The following example enables Flow Control on port gi1 0 1 Console config interface gigabitethernet 1 0 1 Console config if flowcontrol on flowcontrol Global Use the flowcontrol Global Configuration mode command to configure the Flow Control global mode Syntax flowcontrol receive only send receive Parameters receive only The interfaces with enabled Flow Control will receive pause frames but will...

Page 335: ...c interfaces required they are enabled by default Example The following example enables Flow Control in the mode of only receiving pause frames and not sending them Console config flowcontrol receive only show flowcontrol Use the show flowcontrol Exec mode command to display the Flow Control global mode Syntax show flowcontrol Parameters N A Default Configuration N A Command Mode Exec mode Example...

Page 336: ...s command to disable cable crossover Syntax mdix on auto no mdix Parameters on Enables manual MDIX auto Enables automatic MDI MDIX Default Configuration The default setting is On Command Mode Interface Configuration Ethernet mode Example The following example enables automatic crossover on port 1 5 Console config interface gi1 0 1 5 Console config if mdix auto The following example enables automat...

Page 337: ...essure Syntax back pressure no back pressure Default Configuration Back pressure is enabled Command Mode Interface Configuration Ethernet mode Example The following example enables back pressure on port gi1 0 5 Console config interface gigabitethernet 1 0 5 Console config if back pressure port jumbo frame Use the port jumbo frame Global Configuration mode command to enable jumbo frames on the devi...

Page 338: ...umbo frame clear counters Use the show interfaces counters EXEC mode command to display traffic seen by all the physical interfaces or by a specific interface Syntax show interfaces counters interface id detailed Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel detailed Displays information for non present ports in a...

Page 339: ...et port or Port channel Command Mode EXEC mode User Guidelines This command is used to activate interfaces that were configured to be active but were shut down by the system Example The following example reactivates gigabitethernet port 1 0 1 Console set interface active gigabitethernet 1 0 1 show interfaces configuration Use the show interfaces configuration EXEC mode command to display the confi...

Page 340: ... 0 1 1G Copper Full 10000 Disabled Off Up Disabled Off gi1 0 2 1G Copper Full 1000 Disabled Off Up Disabled Off Flow Admin Ch Type Speed Neg Control State Po1 Disabled Off Up show interfaces status Use the show interfaces status EXEC mode command to display the status of all configured interfaces or of a specific interface Syntax show interfaces status interface id detailed Parameters interface id...

Page 341: ...ure Mode gi1 0 1 1G Copper Full 1000 Disabled Off Up Disabled Off gi1 0 2 1G Copper Down Flow Link Ch Type Duplex Speed Neg ctrl State Po1 1G Full 10000 Disabled Off Up show interfaces advertise Use the show interfaces advertise EXEC mode command to display auto negotiation advertisement information for all configured interfaces or for a specific interface Syntax show interfaces advertise interfac...

Page 342: ...es an interface ID The interface ID can be one of the following types Ethernet port or Port channel Console show interfaces advertise Port gi1 0 1 gi1 0 2 Type 1G Copper 1G Copper Neg Enable Enable Operational Link Advertisement 1000f 100f 10f 10h 1000f Console show interfaces advertise gigabitethernet 1 0 1 Port gi1 0 1 Type 1G Copper Link state Up Auto Negotiation enabled Admin Local link Advert...

Page 343: ...nters Use the show interfaces counters EXEC mode command to display traffic seen by all the physical interfaces or by a specific interface Syntax show interfaces counters interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Console show interfaces description Port gi1 0 1 gi1 0 1 gi1 0...

Page 344: ...nterfaces counters gigabitethernet 1 0 Port InUcastPkts InMcastPkts InBcastPkts InOctets gi1 0 1 0 0 0 0 Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets gi1 0 1 0 1 35 7051 Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Carrier Sense Errors 0 Oversize Packets 0 Internal ...

Page 345: ...CS check Single Collision Frames The number of frames that are involved in a single collision and are subsequently transmitted successfully Multiple Collision Frames The number of frames that are involved in more than one collision and are subsequently transmitted successfully SQE Test Errors The number of times that the SQE TEST ERROR is received The SQE TEST ERROR is set in accordance with the r...

Page 346: ...ce Console show port jumbo frame Jumbo frames are disabled Jumbo frames will be enabled after reset show errdisable interfaces Use the show errdisable interfaces EXEC mode command to display the Err Disable state of all interfaces or of a specific interface Internal MAC Rx Errors The number of frames for which reception fails due to an internal MAC sublayer receive error Received Pause Frames The ...

Page 347: ...EXEC mode Example The following example displays the Err Disable state of all interfaces Console show errdisable interfaces Interface Reason gi1 1 50 stp bpdu guard storm control broadcast enable Use the storm control broadcast enable Interface Configuration mode command to enable storm control Use the no form of this command to disable storm control Syntax storm control broadcast enable no storm ...

Page 348: ... and optionally unknown unicast packets in the storm control calculation Example console config interface gigabitethernet 1 0 1 console config if storm control broadcast enable storm control broadcast level kbps Use the storm control broadcast levelInterface Configuration mode command to configure the maximum rate of broadcast Use the no form of this command to return to default Syntax storm contr...

Page 349: ...rnet 1 0 1 console config if storm control broadcast level kbps 12345 storm control include multicast Use the storm control include multicast Interface Configuration mode command to count multicast packets in the broadcast storm control Use the no form of this command to disable counting of multicast packets in the broadcast storm control Syntax storm control include multicast no storm control inc...

Page 350: ... console show storm control Port State Rate Kbits Sec Included gi1 0 1 Enabled 12345 Broadcast Multicast Unknown unicast gi1 0 2 Disabled 100000 Broadcast User Guidelines Use the storm control broadcast enable Interface Configuration command to enable storm control The calculated rate includes the 20 bytes of Ethernet framing overhead preamble SFD IPG If the suppression level in percentage is tran...

Page 351: ...cable attached to a port Syntax test cable diagnostics tdr interface interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode User Guidelines The port to be tested should be shut down during the test unless it is a combination port with fiber port active The maximum length of cable for the TDR test is 120 meters Exam...

Page 352: ...pper ports or on a specific copper port Syntax show cable diagnostics tdr interface interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode User Guidelines The maximum length of cable for the TDR test is 120 meters Example The following example displays information on the last TDR test performed on all copper ports Console sho...

Page 353: ...tics cable length interface interface id Parameters interface id Specify an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode User Guidelines The port must be active and working at 100 M or 1000 M Example The following example displays the estimated copper cable length attached to all ports show fiber ports optical transceiver Use the show fiber ports optical transceive...

Page 354: ...iled diagnostics Command Mode EXEC mode Example The following examples display the optical transceiver diagnostics results console show fiber ports optical transceiver Port Temp Voltage Current Output Input LOS Power Power gi1 0 1 W OK OK OK OK OK gi1 0 2 OK OK OK E OK OK Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Ou...

Page 355: ... Current Output Input LOS C Volt mA Power Power mWatt mWatt gi0 1 Copper gi0 26 Copper gi0 27 28 3 32 7 26 3 53 3 68 No gi0 28 29 3 33 6 50 3 53 3 71 No Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signa...

Page 356: ...356 PHY Diagnostics Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files Phy_Diagnostics fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 357: ... administrative mode on an interface Syntax power inline auto never Parameters auto Turns on the device discovery protocol and applies power to the device never Turns off the device discovery protocol and stops supplying power to the device Default Configuration The default configuration is set to auto Command Mode Interface Configuration Ethernet mode Example The following example turns on the de...

Page 358: ...ment or a description to assist in recognizing the type of the powered device attached to this interface Length 1 24 characters Default Configuration There is no description Command Mode Interface Configuration Ethernet mode Example The following example adds the description ip phone of the device connected to port 4 Console config interfacegigabitethernet 1 0 4 Console config if power inline powe...

Page 359: ...ow priority Command Mode Interface Configuration Ethernet mode Example The following example sets the inline power management priority of gigabitethernet port 4 to High Console config interfacegigabitethernet 1 0 4 Console config if power inline priority high power inline usage threshold Use the power inline usage threshold Global Configuration mode command to configure the threshold for initiatin...

Page 360: ...ld for initiating inline power usage alarms to 90 percent Console config power inline usage threshold 90 power inline traps enable Use the power inline traps enable Global Configuration mode command to enable inline power traps Use the no form of this command to disable traps Syntax power inline traps enable no power inline traps enable Default Configuration Inline power traps are disabled Command...

Page 361: ...er inline limit Parameters power States the port power consumption limit in Milliwatts Range 0 15400 Default Configuration The default value is the maximum power allowed in the specific working mode 15 4W Command Mode Interface Configuration Ethernet mode Example The following example sets inline power on a port console config interface gi1 0 1 console config if power inline limit 2222 show power ...

Page 362: ...ollowing example displays information about the inline power console config show power inline Port based power limit mode Unit Power Nominal Consumed Usage Traps Power Power Threshold 1 On 500 Watts 100 Watts 20 95 Disable 2 Off 1 Watts 0 Watts 0 95 Disable 3 Off 1 Watts 0 Watts 0 95 Disable 4 Off 1 Watts 0 Watts 0 95 Disable 5 Off 1 Watts 0 Watts 0 95 Disable 6 Off 1 Watts 0 Watts 0 95 Disable 7 ...

Page 363: ...y Field Description Power The inline power sourcing equipment operational status Nominal Power The inline power sourcing equipment nominal power in Watts Consumed Power The measured usage power in Watts Usage Threshold The usage threshold expressed in percent for comparing the measured power and initiating an alarm if threshold is exceeded Traps Indicates if inline power traps are enabled Port The...

Page 364: ...ocess Port is off non 802 3af powered device Port is off Overload Underload states Port is off Underload state Port is off Overload state Port is off power budget exceeded Port is off internal hardware fault Port is off voltage injection into the port Port is off improper Capacitor Detection results Port is off discharged load Port fails Capacitor Port is on detection regardless Force On Classific...

Page 365: ...erature at the port Port is off device is too hot Unknown device port status Force Power Error Short Circuit Force Power Error Channel Over Temperature Force Power Error Chip Over Temperature Power Management Static Power Management Static ovl Force Power Error Management Static Force Power Error Management Static ovl High power port is ON Chip Over Power Force Power Error Chip Over Power show pow...

Page 366: ...nformation about the inline power consumption show power inline version Use the show power inline version EXEC mode command to display the power inline microcontroller s software version for all the stacking units or for a specific unit Syntax show power inline version unit unit Parameters unit unit Specifies the stacking unit number Default Configuration There is no default configuration for this...

Page 367: ...ut_new CLI Folders Dell Contax CLI files PoE fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Command Mode EXEC mode Example The following example displays information about the inline power consumption Console show power inline version Unit 1 2 Software version 1 12 1 12 ...

Page 368: ...368 Power over Ethernet PoE Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files PoE fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 369: ...nd to disable the mode Syntax eee enable no eee enable Default Configuration EEE is enabled Command Mode Global Configuration mide User Guidelines Since EEE uses the Auto Negotiation to negotiate the EEE support on both sides of the link if Auto Negotiation is not enabled on the port the EEE Operational status is disabled eee enable interface Use the eee enable Interface Configuration command to e...

Page 370: ...tion is not enabled on the port the EEE Operational status is disabled eee lldp enable Use the eee lldp enable Interface Configuration command to enable EEE support by LLDP on an Ethernet port Use the no format of the command to disable the support Syntax eee lldp enable no eee lldp enable Default Configuration Enabled Command Mode Interface Configuration mode Ethernet User Guidelines Enabling EEE...

Page 371: ...dministrate status is enabled on ports gi1 0 1 6 gi1 0 12 EEE Operational status is enabled on ports gi1 0 1 gi1 0 3 6 gi1 0 12 gi1 0 15 EEE LLDP Administrate status is enabled on ports gi1 0 1 10 EEE LLDP Operational status is enabled on ports gi1 0 3 5 Example 2 Port in state notPresent no information if port supports EEE Switch show eee gi1 0 10 Port Status notPresent EEE Administrate status en...

Page 372: ... UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Speed 10G EEE not supported Current port speed 1Gbps EEE Administrate status enabled EEE LLDP Administrate status enabled Example 5 Neighbor does not support EEE Switch show eee gi1 0 15 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Speed 10...

Page 373: ...d Current port speed 1Gbps EEE Administrate status disabled EEE Operational status disabled EEE LLDP Administrate status enabled EEE LLDP Operational status disabled Example 7 EEE is running on the port EEE LLDP is disabled Switch show eee gi1 0 12 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Speed 10G EEE not supported Current port sp...

Page 374: ...ed Speed 1G EEE supported Speed 10G EEE not supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EEE Operational status enabled EEE LLDP Administrate status enabled EEE LLDP Operational status enabled Resolved Tx Timer 10usec Local Tx Timer 10 usec Remote Rx Timer 5 usec Resolved Timer 25 usec Local Rx Timer 20 usec Remote Tx Timer 25 usec Example 9 EEE is r...

Page 375: ... status disabled Resolved Tx Timer 64 Local Tx Timer 64 Resolved Rx Timer 16 Local Rx Timer 16 Example 10 EEE and EEE LLDP are running on the port Switch show eee gi1 0 3 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Speed 10G EEE not supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EEE Operat...

Page 376: ...EEE Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files 750_EEE fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Local Rx Timer 20 usec Remote Tx Timer 25 usec ...

Page 377: ... green ethernet interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Parameters Range Default When no interface is specified this command shows information for all interfaces Command Mode Privileged EXEC mode User Guidelines The following describes all possible reasons the show command displays and their descriptions If there are a several reason...

Page 378: ...able length threshold 50m Port Energy Detect Short Reach VCT Cable Admin Oper Reason Admin Force Oper Reason Length gi1 0 1 on on off off off gi1 0 2 on off LU on off off 50 gi1 0 3 on off LU off off off 1 NP Port is not present 2 LT Link Type is not supported fiber auto media select 3 LU Port Link is up NA Short Reach Non operational Reasons Priority Reason Description 1 NP Port is not present 2 ...

Page 379: ...x green ethernet short reach no green ethernet short reach Parameters This command has no arguments or keywords Default Configuration EEE is enabled Command Mode Global Configuration mode Example console config green ethernet short reach green ethernet short reach interface Use the green ethernet short reach Interface Configuration mode command to enable green ethernet short reach mode on an inter...

Page 380: ...ch mode is not forced by green ethernet short reach force short reach mode is not applied When the interface is set to enhanced mode after the VCT length check has completed and set the power to low an active monitoring for errors is done continuously In the case of errors crossing a certain threshold the PHY will be reverted to long reach Example console config interface gi1 0 1 console config if...

Page 381: ...h for applying short reach Use the no form of this command to return to default Syntax green ethernet short reach threshold cable length no green ethernet short reach threshold Parameters cable length Specifies the maximum cable length in meters measured by VCT that allows applying short reach mode cable length 0 70 meters Default Configuration The default length is 40 meters Command Mode Global C...

Page 382: ...t link partner can operate error free with an up to 80 m cable cat 5e The user may choose to change the threshold parameter under certain circumstances Setting the threshold to 0 meters basically results in the short reach feature always being disabled because the threshold will always be exceeded green ethernet power meter reset Use the green ethernet power meter reset Privileged EXEC mode comman...

Page 383: ... channel mode on auto no channel group Parameters port channel Specifies the port channel number for the current port to join mode on auto Specifies the mode of joining the port channel The possible values are on Forces the port to join a channel without an LACP operation auto Forces the port to join a channel as a result of an LACP operation Default Configuration The port is not assigned to a por...

Page 384: ...st ip src dst mac ip no port channel load balance Parameters src dst mac Port channel load balancing is based on the source and destination MAC address src dst ip Port channel load balancing is based on the source and destination IP address src dst mac ip Port channel load balancing is based on the source and destination of MAC and IP addresses Default Configuration src dst mac is the default opti...

Page 385: ...play port channel information for all port channels or for a specific port channel Syntax show interfaces port channel interface id Parameters interface id Specify an interface ID The interface ID must be a Port Channel Command Mode EXEC mode Example The following example displays information on all port channels console console show interfaces port channel Load balancing src dst mac Gathering inf...

Page 386: ...king VLANs Enabled 1 2 4094 Inactive General PVID 1 General VLANs Enabled none General Egress Tagged VLANs Enabled none General Forbidden VLANs none General Ingress Filtering enabled General Acceptable Frame Type all General GVRP status disabled Customer Mode VLAN none Private vlan promiscuous association primary VLAN none Private vlan promiscuous association Secondary VLANs Enabled none Private v...

Page 387: ...cast filtering no bridge multicast filtering Default Configuration Multicast address filtering is disabled All multicast addresses are flooded to all ports Command Mode Global Configuration mode User Guidelines If multicast devices exist on the VLAN do not change the unregistered multicast addresses states to drop on the device ports If multicast devices exist on the VLAN and IGMP snooping is not ...

Page 388: ...dress Specifies the group MAC multicast address add Adds ports to the group remove Removes ports from the group ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a range of ports port channel port channel list Specifies a list of port channels Separate nonconsecutive port channels with a comma and ...

Page 389: ... 00 5e 02 02 03 add gi1 0 1 2 bridge multicast forbidden address Use the bridge multicast forbidden address Interface Configuration VLAN mode command to forbid adding or removing a specific multicast address to or from specific ports Use the no form of this command to restore the default configuration Syntax bridge multicast forbidden address mac multicast address add remove ethernet interface lis...

Page 390: ...egistered You can execute the command before the VLAN is created Example The following example forbids MAC address 0100 5e02 0203 on port 2 9 within VLAN 8 Console config interface vlan 8 Console config if bridge multicast address 0100 5e 02 0203 Console config if bridge multicast forbidden address 0100 5e02 0203 add gi1 0 9 bridge multicast unregistered Use the bridge multicast unregistered Inter...

Page 391: ...24 0 0 x range You can execute the command before the VLAN is created Example The following example specifies that unregistered multicast packets are filtered on gigabitethernet port 1 0 1 Console config interface gi1 0 1 Console config if bridge multicast unregistered filtering bridge multicast forward all Use the bridge multicast forward all Interface Configuration VLAN mode command to enable fo...

Page 392: ...ast packets is disabled Command Mode Interface Configuration VLAN mode Example The following example enables all multicast packets on port gi1 0 8 to be forwarded Console config interface vlan 2 Console config if bridge multicast forward all add gi1 0 8 bridge multicast forbidden forward all Use the bridge multicast forbidden forward all Interface Configuration VLAN mode command to forbid a port t...

Page 393: ...s Command Mode Interface Configuration VLAN mode User Guidelines Use this command to forbid a port to dynamically join by IGMP for example a multicast group The port can still be a multicast router port Example The following example forbids forwarding of all multicast packets to gi1 0 1 within VLAN 2 Console config interface vlan 2 Console config if bridge multicast forbidden forward all add ether...

Page 394: ...dress is deleted after reset delete on timeout The address is deleted after aged out secure The address is deleted after the port changes mode to unlock learning no port security command Available only when the port is in learning locked mode Default Configuration No static addresses are defined The default mode for an added address is permanent Command Mode Global Configuration mode Example conso...

Page 395: ...t channel Command Mode Privileged EXEC mode Example console clear mac address table dynamic mac address table aging time Use the mac address table aging time global configuration command to set the aging time of the address table Use the no form of this command to restore the default Syntax mac address table aging time seconds no mac address table aging time Parameters seconds Time is number of se...

Page 396: ... but does not learn the address discard Discards packets with unlearned source addresses discard shutdown Discards packets with unlearned source addresses and shuts down the port trap seconds Sends SNMP traps and specifies the minimum time interval in seconds between consecutive traps Range 1 1000000 Default Configuration The feature is disabled The default mode is discard Command Mode Interface C...

Page 397: ...ses Deletes the current dynamic MAC addresses associated with the port and learns up to the maximum number of addresses allowed on the port Relearning and aging are enabled Default Configuration The default port security mode is lock Command Mode Interface Configuration Ethernet port channel mode Example The following example sets the port security mode to dynamic for gigabitethernet interface 1 0...

Page 398: ...nfiguration Ethernet Port channel mode User Guidelines This command is relevant in port security max addresses mode only Example Console config interface gigabitethernet 1 0 1 Console config if port security max 20 port security routed secure address Use the port security routed secure address Interface Configuration Ethernet Port channel mode command to add a MAC layer secure address to a routed ...

Page 399: ... the port exits the security mode or is not a routed port This command is required because the bridge address command cannot be executed on internal VLANs Example The following example adds the MAC layer address 66 66 66 66 66 66 to gigabitethernet port 1 0 1 Console config interface gigabitethernet 1 0 1 Console config if port security routed secure address 66 66 66 66 66 66 show mac address tabl...

Page 400: ...ress Default Command Mode EXEC mode User Guidelines Internal usage VLANs VLANs that are automatically allocated on routed ports are presented in the VLAN column by a port number and not by a VLAN ID Example Console show mac address table Aging time is 300 sec VLAN MAC Address Port Type 1 00 00 26 08 13 23 0 self 1 00 3f bd 45 5a b1 gi1 0 1 static 1 00 a1 b0 69 63 f3 gi1 0 24 dynamic 2 00 a1 b0 69 ...

Page 401: ...c address table count vlan vlan interface interface id Parameters vlan Specifies VLAN interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or port channel Command Mode EXEC mode Example Console show mac address table count Capacity 8192 Free 8083 Used 109 Static addresses 2 Secure addresses 1 Dynamic addresses 97 Internal addresses 9 show bridge m...

Page 402: ...ddress ipv6 multicast address Specifies the IPv6 multicast address format ip mac Specifies the multicast address format The possible values are ip Specifies that the multicast address is an IP address mac Specifies that the multicast address is a MAC address Default Configuration If the format is not specified it defaults to mac Command Mode EXEC mode User Guidelines A MAC address can be displayed...

Page 403: ... 1 2 Forbidden ports for multicast addresses Vlan MAC Address Ports 8 01 00 5e 02 02 03 gi1 0 9 Multicast address table for VLANs in IPv4 GROUP bridging mode Vlan MAC Address Type Ports 1 224 0 0 251 Dynamic gi1 0 12 Forbidden ports for multicast addresses Vlan MAC Address Ports 1 232 5 6 5 1 233 22 2 6 Multicast address table for VLANs in IPv4 SRC GROUP bridging mode Vlan Group Address Source add...

Page 404: ...P bridging mode VLAN IP MAC Address Type Ports 8 ff02 4 4 4 Static gi1 0 1 2 gi1 0 7 Po1 Forbidden ports for multicast addresses VLAN IP MAC Address Ports 8 ff02 4 4 4 gi1 0 9 Multicast address table for VLANs in IPv6 SRC GROUP bridging mode Vlan Group Address Source address Type Ports 8 ff02 4 4 4 Static gi1 0 1 2 gi1 0 7 Po1 8 ff02 4 4 4 fe80 200 7ff Static fe00 200 Forbidden ports for multicast...

Page 405: ...id Specifies the VLAN ID address mac multicast address ipv4 multicast address ipv6 multicast address Specifies the multicast address The possible values are mac multicast address Specifies the MAC multicast address ipv4 multicast address Specifies the IPv4 multicast address ipv6 multicast address Specifies the IPv6 multicast address source ipv4 source address ipv6 source address Specifies the sour...

Page 406: ... multicast addresses Console show bridge multicast address table static MAC GROUP table Vlan 1 MAC Address 0100 9923 8787 Ports gi1 0 1 gi1 0 2 Forbidden ports for multicast addresses Vlan MAC Address Ports IPv4 GROUP Table Vlan 1 19 19 IP Address 231 2 2 3 231 2 2 8 231 2 2 8 Ports gi1 0 1 gi1 0 2 gi1 0 1 8 gi1 0 9 11 Forbidden ports for multicast addresses Vlan 1 19 IP Address 231 2 2 3 231 2 2 ...

Page 407: ...an Group Address Source address Ports Forbidden ports for multicast addresses Vlan Group Address Source address Ports IPv6 GROUP Table Vlan 191 IP Address FF12 8 Ports gi1 0 1 8 Forbidden ports for multicast addresses Vlan 11 191 IP Address FF12 3 FF12 8 Ports gi1 0 8 gi1 0 8 IPv6 SRC GROUP Table Vlan 192 Group Address FF12 8 Source address FE80 201 C9A9 FE40 8988 Ports gi1 0 1 8 ...

Page 408: ... bridge multicast filtering Use the show bridge multicast filtering EXEC mode command to display the multicast filtering configuration Syntax show bridge multicast filtering vlan id Parameters vlan id Specifies the VLAN ID Range Valid VLAN Command Mode EXEC mode Forbidden ports for multicast addresses Vlan 192 Group Address FF12 3 Source address FE80 201 C9A9 FE40 8988 Ports gi1 0 8 ...

Page 409: ...e the show bridge multicast unregistered EXEC mode command to display the unregistered multicast filtering configuration Syntax show bridge multicast unregistered interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Console show bridge multicast filtering 1 Filtering Enabled VLAN 1 Por...

Page 410: ...port lock status Syntax show ports security interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Example The following example displays the port lock status of all ports console show ports security Port Status Learning Action Max Trap Frequency gi1 0 1 Enabled Max Discard 3 ...

Page 411: ...d ports Syntax show ports security addresses interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Field Description Port The port number Status The port security status The possible values are Enabled or Disabled Mode The port security mode Action The action taken on violati...

Page 412: ...Table fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Example The following example displays dynamic addresses in all currently locked ports Console show ports security addresses Port gi1 0 1 gi1 0 2 gi1 0 3 Status Enabled Disabled Enabled Learning Max addresses Max addresses Lock Current 2 NA Maximum 3 128 NA ...

Page 413: ...a port monitoring session Syntax port monitor src interface id rx tx no port monitor src interface id Parameters rx Monitors received packets only If no option is specified it monitors both rx and tx tx Monitors transmitted packets only If no option is specified it monitors both rx and tx src interface id Specifies an interface ID The interface ID must be and Ethernet port Default Configuration Mo...

Page 414: ...pply to ports that are configured to be monitor ports The port can t be source port The port isn t member in port channel IP interface is not configured on the port GVRP is not enabled on the port The port is not a member in any VLAN except for the default VLAN will be automatically removed from the default VLAN L2 protocols are not active on the copy dest Port LLDP LBD STP LACP The following rest...

Page 415: ...rization is done 3 Mirrored traffic is exposed to STP state i e if the port is in STP blocking it will not egress any mirrored traffic Example The following example copies traffic for both directions Tx and Rx from the source port 1 8 to destination port 1 1 Console config interface gi1 0 1 Console config if port monitor gi1 0 8 Console config interface gigabitethernet 1 0 1 Console config if port...

Page 416: ...ommands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files Port_Monitor fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY gi1 0 2 gi1 0 1 RX TX Active gi1 0 18 gi1 0 1 Rx Active gi1 0 ...

Page 417: ...x of the receiver Range 1 8 ipv4 address Pv4 address of the host to be used as an sFlow Collector ipv6 address IPv6 address of the host to be used as an sFlow Collector When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the User Guidelines for the interface name syntax hostname Hostname of the host to be used as an sFlow Collector Onl...

Page 418: ... Use the no form of this command to disable Flow sampling Syntax sflow flow sampling rate receiver index max header size bytes no sflow flow sampling Parameters rate Specifies the average sampling rate Range 1 1024 1073741823 receiver index Index of the receiver collector Range 1 8 bytes Specifies the maximum number of bytes that would be copied from the sampled packet If unspecified defaults to 1...

Page 419: ...ters sampling Syntax sflow counters sampling interval receiver index no sflow counters sampling Parameters interval Specifies the maximum number of seconds between successive samples of the interface counters Range 1 15 86400 receiver index Index of the receiver collector Range 1 8 Default Disabled Command Mode Interface Configuration Ethernet mode clear sflow statistics Use the clear sFlow statis...

Page 420: ...ce show sflow configuration Use the show sflow configuration EXEC mode command to display the sFlow configuration for ports that are enabled for Flow sampling or Counters sampling Syntax show sflow configuration interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode Example Console show sflow configuration Receivers Index IP ...

Page 421: ... 2 1 4096 Disabled 128 0 2 show sflow statistics Use the show sflow statistics EXEC mode command to display the sFlow statistics for ports that are enabled for Flow sampling or Counters sampling Syntax show sflow statistics interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode Example Console show sflow statistics Total sFlo...

Page 422: ...422 sFlow Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files 750_sFlow fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY 1 1 0 10 1 2 0 0 ...

Page 423: ...Discovery Protocol LLDP To disable LLDP use the no form of this command Syntax lldp run no lldp run Parameters This command has no arguments or keywords Default Enabled Command Mode Global Configuration mode Example console config lldp run lldp transmit Use the lldp transmit Interface Configuration mode command to enable transmitting Link Layer Discovery Protocol LLDP on an interface Use the no fo...

Page 424: ...nds separate advertisements on each port in a LAG LLDP operation on a port is not dependent on the STP state of a port I e LLDP frames are sent on blocked ports If a port is controlled by 802 1X LLDP would operate only if the port is authorized Example console config interface gigabitethernet 1 0 1 console config if lldp transmit lldp receive Use the lldp receive Interface Configuration mode comma...

Page 425: ...port is not dependent on the STP state of a port I e LLDP frames are received on blocked ports If a port is controlled by 802 1X LLDP would operate only if the port is authorized Example console config interface gigabitethernet 1 0 1 console config if lldp receive lldp timer Use the lldp timer Global Configuration mode command to specify how often the software sends Link Layer Discovery Protocol L...

Page 426: ...obal Configuration mode command to set the time interval during which the receiving device holds a Link Layer Discovery Protocol LLDP packet before discarding it Use the no form of this command to restore the default configuration Syntax lldp hold multiplier number no lldp hold multiplier Parameters number Specifies the LLDP packet hold time interval as a multiple of the LLDP timer value Range 2us...

Page 427: ...le sets the LLDP packet hold time interval to 90 seconds Console config lldp timer 30 Console config lldp hold multiplier 3 lldp reinit Use the lldp reinit Global Configuration mode command to specify the minimum time an LLDP port waits before reinitializing LLDP transmission Use the no form of this command to revert to the default setting Syntax lldp reinit seconds no lldp reinit Parameters secon...

Page 428: ...es the delay in seconds between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB Range 1 8192 seconds Default Configuration The default LLDP frame transmission delay is 2 seconds Command Mode Global Configuration mode User Guidelines It is recommended that the tx delay be less than 0 25 of the LLDP timer interval Example The following example sets...

Page 429: ...et mode Example The following example specifies that the port description TLV is transmitted on gigabitethernet port 1 0 2 Console config interface gigabitethernet 1 0 2 Console config if lldp optional tlv port desc lldp management address Use the lldp management address Interface Configuration Ethernet mode command to specify the management address advertised from an interface Use the no form of ...

Page 430: ...e dynamic IP addresses of the interface If there are no dynamic addresses the software chooses the lowest IP address among the static IP addresses of the interface The interface ID can be one of the following types Ethernet port Port channel or VLAN Note that if the port or port channel are members in a VLAN that has an IP address that address is not included because the address is associated with...

Page 431: ...LLDP notifications Default Configuration Sending LLDP notifications is disabled Command Mode Interface Configuration Ethernet mode Example The following example enables sending LLDP notifications on gigabitethernet port 1 0 5 Console config interface gigabitethernet 1 0 5 Console config lldp notifications 10 lldp notifications interval Use the lldp notifications interval Global Configuration mode ...

Page 432: ... optional tlv Interface Configuration mode command to specify which optional TLVs from the basic set to transmit Use the no form of this command revert to the default setting Syntax lldp optional tlv 802 1 pvid no lldp optional tlv 802 1 pvid lldp optional tlv 802 1 ppvid add ppvid lldp optional tlv 802 1 ppvid remove ppvid lldp optional tlv 802 1 vlan name add vlan id lldp optional tlv 802 1 vlan...

Page 433: ...e the lldp med enable Interface Configuration Ethernet mode command to enable Link Layer Discovery Protocol LLDP Media Endpoint Discovery MED on an interface Use the no form of this command to disable LLDP MED on an interface Syntax lldp med enable tlv tlv4 no lldp med enable Parameters tlv Specifies the TLV that should be included Available TLVs are network policy location and poe pse inventory T...

Page 434: ...tions Use the no form of this command to restore the default configuration Syntax lldp med notifications topology change enable disable no lldp med notifications topology change Parameters enable Enables sending LLDP MED topology change notifications disable Disables sending LLDP MED topology change notifications Default Configuration Disable is the default Command Mode Interface Configuration Eth...

Page 435: ...yntax lldp med fast start repeat count number no lldp med fast start repeat count Parameters number Specifies the number of times the fast start LLDPDU is being sent during the activation of the fast start mechanism Default 3 Command Mode Global Configuration mode Example console config lldp med fast start repeat count 4 lldp med network policy global Use the lldp med network policy Global Configu...

Page 436: ... is using a Tagged or an Untagged VLAN up priority User Priority Layer 2 priority to be used for the specified application dscp value DSCP value to be used for the specified application Default No Network policy is defined Command Mode Global Configuration mode User Guidelines Use the lldp med network policy Interface Configuration command to attach a network policy to a port Up to 32 network poli...

Page 437: ...om the interface Default Configuration No network policy is attached to the interface Command Mode Interface Configuration Ethernet mode User Guidelines For each port only one network policy per application voice voice signaling etc can be defined Example The following example attaches LLDP MED network policy 1 to gigabitethernet port 1 0 1 Console config interface gigabitethernet 1 0 1 Console co...

Page 438: ...orm of this command to delete location information for an interface Syntax lldp med location coordinate data civic address data ecs elin data no lldp med location coordinate civic address ecs elin Parameters coordinate Specifies the location data as coordinates civic address Specifies the location data as a civic address ecs elin Specifies the location data as an Emergency Call Service Emergency L...

Page 439: ...ss 616263646566 show lldp configuration Use the show lldp configuration Privileged EXEC mode command to display the Link Layer Discovery Protocol LLDP configuration for all interfaces or for a specific interface Syntax show lldp configuration interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode Example The follow...

Page 440: ...D SC automatic Disabled gi1 0 6 RX TX PD SN SD SC auto vlan 1 Disabled gi1 0 7 RX TX PD SN SD SC auto g1 Disabled gi1 0 8 RX TX PD SN SD SC auto ch1 Disabled Switch show lldp configuration gi1 0 1 State Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds Notifications interval 5 seconds LLDP packets handling Filtering Port State Optional TLVs Address Notifications ...

Page 441: ...Ethernet port Field Description Timer The time interval between LLDP updates Hold multiplier The amount of time as a multiple of the timer interval that the receiving device holds a Link Layer Discovery Protocol LLDP packet before discarding it Reinit timer The minimum time interval an LLDP port waits before re initializing an LLDP transmission Tx delay The delay between successive LLDP frame tran...

Page 442: ...ole show lldp med configuration Fast Start Repeat Count 4 Network policy 1 Application type voiceSignaling VLAN ID 1 untagged Layer 2 priority 0 DSCP 0 Port Capabilities Network Location Notifications Inventory policy gi1 0 1 Yes Yes Yes Enabled Yes gi1 0 2 Yes Yes No Enabled No gi1 0 3 No No No Enabled No console show lldp med configuration gigabitethernet 1 0 1 Port Capabilities Network policy L...

Page 443: ...ecifies an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode User Guidelines The command calculates the overloading status of the current LLDP configuration and not for the last LLDP packet that was sent Example Switch show lldp local tlvs overloading Ports with LLDP TLV overloading are gi1 0 1 gi1 0 9 Switch show lldp local tlvs overloading No LLDP TLV overloading Swit...

Page 444: ... Mode Privileged EXEC mode Example The following examples display LLDP information that is advertised from gigabitethernet ports 1 0 1 and 1 0 2 Switch show lldp local gi1 0 1 Device ID 0060 704C 73FF Port ID gi1 0 1 Capabilities Bridge System Name ts 7800 1 System description Port description Management address 172 16 1 8 802 3 MAC PHY Configuration Status Auto negotiation support Supported Auto ...

Page 445: ...rted enabled 802 1 VLAN 2 VLAN2 802 1 Protocol 88 8E 01 LLDP MED capabilities Network Policy Location Identification LLDP MED Device type Network Connectivity LLDP MED Network policy Application type Voice Flags Tagged VLAN VLAN ID 2 Layer 2 priority 0 DSCP 0 LLDP MED Power over Ethernet Device Type Power Sourcing Entity Power source Primary Power Source Power priority High Power value 9 6 Watts L...

Page 446: ...bout neighboring devices discovered using Link Layer Discovery Protocol LLDP The information can be displayed for all interfaces or for a specific interface Syntax show lldp neighbors interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Command Mode Privileged EXEC mode User Guidelines There are no guidelines for this command A TLV value that can...

Page 447: ... show lldp neighbors gi1 0 1 Device ID 00 00 00 11 11 11 Port ID gi1 0 System Name ts 7800 2 Capabilities B System description Port description Management address 172 16 1 1 Time To Live 90 seconds 802 3 MAC PHY Configuration Status Auto negotiation support Supported Auto negotiation status Enabled Auto negotiation Advertised Capabilities 100BASE TX full duplex 1000BASE T full duplex Operational M...

Page 448: ...te Tx 25 usec Remote Rx 30 usec Local Tx Echo 30 usec Local Rx Echo 25 usec 802 1 PVID 1 802 1 PPVID 2 supported enabled 802 1 VLAN 2 VLAN2 802 1 Protocol 88 8E 01 LLDP MED capabilities Network Policy LLDP MED Device type Endpoint class 2 LLDP MED Network policy Application type Voice Flags Unknown policy VLAN ID 0 Layer 2 priority 0 DSCP 0 LLDP MED Power over Ethernet Device Type Power Device Pow...

Page 449: ...nfigured ID name or MAC address Port ID The neighbor device s port ID System name The neighbor device s administratively assigned name Capabilities The capabilities discovered on the neighbor device Possible values are B Bridge R Router W WLAN Access Point T Telephone D DOCSIS cable device H Host r Repeater O Other System description The neighbor device s system description Port description The ne...

Page 450: ...unknown Tagged VLAN The specified application type is using a Tagged VLAN Untagged VLAN The specified application type is using an Untagged VLAN VLAN ID The VLAN identifier for the application Layer 2 priority The Layer 2 priority used for the specified application DSCP The DSCP value used for the specified application LLDP MED Power Over Ethernet Power type The device power type The possible valu...

Page 451: ...ifies an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode Example Switch show lldp statistics Contax config if do show lldp statistics Tables Last Change Time 14 Oct 2010 32 08 18 Tables Inserts 26 Tables Deletes 2 Tables Dropped 0 Tables Ageouts 1 Power value The total power in watts required by a PD device from a PSE device or the total power a PSE device is capable ...

Page 452: ... FOR PROOF ONLY TX Frames RX Frames RX TLVs RX Ageouts Port Total Total Discarded Errors Discarded Unrecognized Total gi1 0 1 730 850 0 0 0 0 0 gi1 0 2 0 0 0 0 0 0 0 gi1 0 3 730 0 0 0 0 0 0 gi1 0 4 0 0 0 0 0 0 0 gi1 0 5 0 0 0 0 0 0 0 gi1 0 6 8 7 0 0 0 0 1 gi1 0 7 0 0 0 0 0 0 0 gi1 0 8 0 0 0 0 0 0 0 gi1 0 9 730 0 0 0 0 0 0 gi1 0 10 0 0 0 0 0 0 0 ...

Page 453: ...nality Use the no form of this command to disable the spanning tree functionality Syntax spanning tree no spanning tree Default Configuration Spanning tree is enabled Command Mode Global Configuration mode Example The following example enables spanning tree functionality Console config spanning tree spanning tree mode Use the spanning tree mode Global Configuration mode command to configure the sp...

Page 454: ...RSTP Command Mode Global Configuration mode User Guidelines In RSTP mode the device uses STP when the neighbor device uses STP In MSTP mode the device uses RSTP when the neighbor device uses RSTP and uses STP when the neighbor device uses STP Example The following example configures the spanning tree protocol as RSTP console config spanning tree mode mstp spanning tree forward time Use the spannin...

Page 455: ...ode Global Configuration mode User Guidelines When configuring the forwarding time the following relationship should be maintained 2 Forward Time 1 Max Age Example The following example configures the spanning tree bridge forwarding time to 25 seconds Console config spanning tree forward time 25 spanning tree hello time Use the spanning tree hello time Global Configuration mode command to configur...

Page 456: ...uidelines When configuring the Hello time the following relationship should be maintained Max Age 2 Hello Time 1 Example The following example configures the spanning tree bridge hello time to 5 seconds Console config spanning tree hello time 5 spanning tree max age Use the spanning tree max age Global Configuration mode command to configure the spanning tree bridge maximum age Use the no form of ...

Page 457: ... Time 1 Example The following example configures the spanning tree bridge maximum age to 10 seconds Console config spanning tree max age 10 spanning tree priority Use the spanning tree priority Global Configuration mode command to configure the device spanning tree priority which is used to determine which bridge is selected as the root bridge Use the no form of this command to restore the default...

Page 458: ...8 Console config spanning tree priority 12288 spanning tree disable Use the spanning tree disable Interface Configuration Ethernet port channel mode command to disable the spanning tree on a specific port Use the no form of this command to enable the spanning tree on a port Syntax spanning tree disable no spanning tree disable Default Configuration Spanning tree is enabled on all ports Command Mod...

Page 459: ... tree cost cost no spanning tree cost Parameters cost Specifies the port path cost Range 1 200000000 Default Configuration Default path cost is determined by port speed and path cost method long or short as shown below Command Mode Interface Configuration Ethernet port channel mode Example The following example configures the spanning tree cost on gigabitethernet port 1 0 15 to 35000 Console confi...

Page 460: ... Configuration The default port priority for IEEE Spanning Tree Protocol STP is 128 Command Mode Interface Configuration Ethernet port channel mode User Guidelines The priority value must be a multiple of 16 Example The following example configures the spanning priority on gigabitethernet port 1 0 15 to 96 Console config interface gigabitethernet 1 0 15 Console config if spanning tree port priorit...

Page 461: ...nnel mode Example The following example enables the PortFast mode on gigabitethernet port 1 0 15 Console config interface gigabitethernet 1 0 15 Console config if spanning tree portfast spanning tree link type Use the spanning tree link type Interface Configuration Ethernet port channel mode command to override the default link type setting determined by the port duplex mode and enable Rapid Spann...

Page 462: ...e The following example enables shared spanning tree on gigabitethernet port 1 0 15 Console config interface gigabitethernet 1 0 15 Console config if spanning tree link type shared spanning tree pathcost method Use the spanning tree pathcost method Global Configuration mode command to set the default path cost method Use the no form of this command to return to the default configuration Syntax spa...

Page 463: ...mple sets the default path cost method to Long Console config spanning tree pathcost method long spanning tree bpdu Global Use the spanning tree bpdu Global Configuration mode command to define BPDU handling when the spanning tree is disabled globally or on a single interface Use the no form of this command to restore the default configuration Syntax spanning tree bpdu filtering flooding no spanni...

Page 464: ...ed on an interface Console config spanning tree bpdu flooding spanning tree bpdu Interface Use the spanning tree bpdu Interface Configuration Ethernet Port channel mode command to define BPDU handling when the spanning tree is disabled on a single interface Use the no form of this command to restore the default configuration Syntax spanning tree bpdu filtering flooding no spanning tree bpdu Parame...

Page 465: ...nfig interface gigabitethernet 1 0 3 Console config if spanning tree bpdu flooding spanning tree guard root use the spanning tree guard root Interface Configuration Ethernet Port channel mode command to enable root guard on all spanning tree instances on the interface Root guard prevents the interface from becoming the root port of the device Use the no form of this command to disable the root gua...

Page 466: ...config if spanning tree guard root spanning tree bpduguard Use the spanning tree bpduguard Interface Configuration Ethernet port channel mode command to shut down an interface when it receives a bridge protocol data unit BPDU Use the no form of this command to restore the default configuration Syntax spanning tree bpduguard enable disable no spanning tree bpduguard Parameters enable Enables BPDU G...

Page 467: ...ss force the renegotiation with neighboring switches on all interfaces or on the specified interface Syntax clear spanning tree detected protocols interface interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode User Guidelines This feature should be used only when working in ...

Page 468: ...s selected as the root switch Range 0 61440 Default Configuration The default bridge priority for IEEE Spanning Tree Protocol STP is 32768 Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096 The switch with the lowest priority is the root of the spanning tree Example The following example configures the spanning tree priority of instance 1 to 4096 C...

Page 469: ... a packet travels in an MST region before it is discarded to 10 Console config spanning tree mst max hops 10 spanning tree mst port priority Use the spanning tree mst port priority Interface Configuration Ethernet port channel mode command to configure the priority of a port Use the no form of this command to restore the default configuration Syntax spanning tree mst instance id port priority prio...

Page 470: ... mst cost Interface Configuration Ethernet Port channel mode command to configure the path cost for multiple spanning tree MST calculations If a loop occurs the spanning tree considers path cost when selecting an interface to put in the forwarding state Use the no form of this command to restore the default configuration Syntax spanning tree mst instance id cost cost no spanning tree mst instance ...

Page 471: ... configuration Use the spanning tree mst configuration Global Configuration mode command to enable configuring an MST region by entering the Multiple Spanning Tree MST mode Syntax spanning tree mst configuration Command Mode Global Configuration mode User Guidelines For two or more switches to be in the same MST region they need to contain the same VLAN mapping the same configuration revision numb...

Page 472: ...range of VLANs is added to the existing ones To specify a range use a hyphen To specify a series use a comma Range 1 4094 Default Configuration All VLANs are mapped to the common and internal spanning tree CIST instance instance 0 Command Mode MST Configuration mode User Guidelines All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree CIST ...

Page 473: ...ting Syntax name string no name Parameters string Specifies the MST configuration name Length 1 32 characters Default Configuration The default name is the bridge address Command Mode MST Configuration mode Example The following example defines the configuration name as Region1 Console config spanning tree mst configuration Console config mst name region1 revision MST Use the revision MST Configur...

Page 474: ...ation revision number is 0 Command Mode MST Configuration mode Example The following example sets the configuration revision to 1 Console config spanning tree mst configuration Console config mst revision 1 show MST Use the show MST Configuration mode command to displays the current or pending MST region configuration Syntax show current pending Parameters current Displays the current MST region c...

Page 475: ...it MST Configuration mode command to exit the MST region Configuration mode and appy all configuration changes Syntax exit Command Mode MST Configuration mode Example The following example exits the MST Configuration mode and saves changes Console config spanning tree mst configuration Console config mst exit Console config Console config mst show pending Pending MST configuration Name Region1 Rev...

Page 476: ...the MST Configuration mode without saving changes Console config spanning tree mst configuration Console config mst abort show spanning tree Use the show spanning tree Privileged EXEC mode command to display the spanning tree configuration Syntax show spanning tree interface id instance instance id show spanning tree detail active blockedports instance instance id show spanning tree mst configurat...

Page 477: ...e of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Example The following examples display spanning tree information Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Loopback guard Disabled Root ID Priority Address Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 s...

Page 478: ...ate Enabled Enabled Disabled Enabled Enabled Prio Nbr 128 1 128 2 128 3 128 4 128 5 Cost 20000 20000 20000 20000 20000 Sts FWD FWD BLK DIS Role Root Desg Altn PortFast No No No Type P2p RSTP Shared STP Shared STP Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Root ID Priority Address 36864 00 02 4b 29 7a 00 This switch is the Root Hello Time 2 sec Max Age ...

Page 479: ...28 1 128 2 128 3 128 4 128 5 Cost 20000 20000 20000 20000 20000 Sts FWD FWD FWD DIS Role Desg Desg Desg PortFast No No No Type P2p RSTP Shared STP Shared STP Console show spanning tree Spanning tree disabled BPDU filtering mode RSTP Default port cost method long Root ID Priority Address Path Cost Root Port Hello Time N A N A N A N A N A Max Age N A Forward Delay N A Bridge ID Priority Address 3686...

Page 480: ...nabled Enabled Prio Nbr 128 1 128 2 128 3 128 4 128 5 Cost 20000 20000 20000 20000 20000 Sts Role PortFast Type Console show spanning tree active Spanning tree enabled mode RSTP Default port cost method long Root ID Priority Address Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 0 1 Hello Time 2 sec Max Age 20 secForward Delay 15 sec Bridge ID Priority Address 36864 00 02 4b 29 7a 00 Hello ...

Page 481: ... Cost 20000 20000 20000 Sts FWD FWD BLK Role Root Desg Altn PortFast No No No Type P2p RSTP Shared STP Shared STP Console show spanning tree blockedports Spanning tree enabled mode RSTP Default port cost method long Root ID Priority Address Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a ...

Page 482: ...Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 36864 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 2 last change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 Port 1 gi1 0 1 enabled State Forwarding Port id 128 1 Type P2p configured auto RSTP Designated bridg...

Page 483: ...Designated port id N A Guard root Disabled Role N A Port cost 20000 Port Fast N A configured no Address N A Designated path cost N A BPDU guard Disabled Number of transitions to forwarding state N A BPDU sent N A received N A Port 4 gi1 0 4 enabled State Blocking Port id 128 4 Type Shared configured auto STP Designated bridge Priority 28672 Designated port id 128 25 Guard root Disabled Role Altern...

Page 484: ... 1 Port 1 gi1 0 1 enabled State Forwarding Port id 128 1 Type P2p configured auto RSTP Designated bridge Priority 32768 Designated port id 128 25 Guard root Disabled Role Root Port cost 20000 Port Fast No configured no Address 00 01 42 97 e0 00 Designated path cost 0 BPDU guard Disabled Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Console show spanning tree mst configura...

Page 485: ... Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority Address 32768 00 02 4b 29 7a 00 This switch is the IST master Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Interfaces Name gi1 0 1 gi1 0 2 gi1 0 3 gi1 0 4 State Enabled Enabled Enabled Enabled Prio Nbr 128 1 128 2 128 3 128 4 Cost 20000 20000 20...

Page 486: ...0 02 4b 29 7a 00 Interfaces Name gi1 0 1 gi1 0 2 gi1 0 3 gi1 0 4 State Enabled Enabled Enabled Enabled Prio Nbr 128 1 128 2 128 3 128 4 Cost 20000 20000 20000 20000 Sts FWD FWD BLK FWD Role Boun Boun Altn Root PortFast No No No No Type P2p Bound RSTP Shared Bound STP P2p P2p Console show spanning tree detail Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST R...

Page 487: ...ay 15 Port 1 gi1 0 1 enabled State Forwarding Port id 128 1 Type P2p configured auto Boundary RSTP Designated bridge Priority 32768 Designated port id 128 25 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Role Root Port cost 20000 Port Fast No configured no Address 00 01 42 97 e0 00 Designated path cost 0 Port 2 gi1 0 2 enabled State Forwarding Port id 128 2 Type Shared co...

Page 488: ...9 7a 00 Designated path cost 20000 Port 4 gi1 0 4 enabled State Forwarding Port id 128 4 Type Shared configured auto Internal Designated bridge Priority 32768 Designated port id 128 2 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Role Designated Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 MST 1 Vlans Mapped 10 20 Root ID...

Page 489: ...id 128 2 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Role Designated Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 Port 3 gi1 0 3 disabled State Blocking Port id 128 3 Type Shared configured auto Internal Designated bridge Priority 32768 Designated port id 128 78 Number of transitions to forwarding state 1 BPDU sent 2 re...

Page 490: ...s Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority Address Path Cost Rem hops 32768 00 02 4b 19 7a 00 10000 19 Bridge ID Priority Address 32768 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long...

Page 491: ... is disabled Syntax show spanning tree bpdu interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following examples display spanning tree information Root Port gi1 0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Console show spanning tree bpdu Global Fl...

Page 492: ...492 Spanning Tree Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files Spanning Tree fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 493: ...to enter the VLAN Configuration mode Syntax vlan database Command Mode Global Configuration mode Example The following example enters the VLAN database mode Console config vlan database Console config vlan vlan Use the vlan VLAN Configuration mode command to create a VLAN Use the no form of this command to restore the default configuration or delete a VLAN Syntax vlan vlan range name vlan name no ...

Page 494: ...nate a range of IDs name Specifies the VLAN name The option is only valid in cass where only one VLAN is configured by the command Range 1 32 characters Command Mode VLAN Configuration mode Example The following example creates VLAN number 1972 Console config vlan database Console config vlan vlan 1972 interface vlan Use the interface vlan Global Configuration mode command to enter the Interface C...

Page 495: ...255 255 255 0 Console config interface vlan 1 Console config if ip address 131 108 1 27 255 255 255 0 interface range vlan Use the interface range vlan Global Configuration mode command to enable configuring multiple VLANs simultaneously Syntax interface range vlan vlan range Parameters vlan range Specifies a list of VLAN IDs Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen...

Page 496: ...ce Configuration VLAN mode command to add a name to a VLAN Use the no form of this command to remove the VLAN name Syntax name string no name Parameters string Specifies a unique name associated with this VLAN Length 1 32 characters Default Configuration No name is defined Command Mode Interface Configuration VLAN mode It cannot be configured for a range of interfaces range context User Guidelines...

Page 497: ... port no switchport protected port Parameters This command has no arguments or keywords Default Configuration Unprotected Command Mode Interface configuration Ethernet port channel User Guidelines Use this command to isolate unicast multicast and broadcast traffic at Layer 2 from other protected ports that are not associated with the same community as the ingress interface on the same switch Pleas...

Page 498: ... Specifies the community number Range 1 30 Default Configuration The port is not associated with any community Command Mode Interface Configuration Ethernet port channel mode User Guidelines The command is relevant only when the port is defined as a protected port Use the switchport protected port Interface Configuration command to define a port as a protected port Example console config interface...

Page 499: ... protected ports Interface State Community gi1 0 1 Protected 1 gi1 0 2 Protected Isolated gi1 0 3 Unprotected 20 gi1 0 4 Unprotected Isolated Note The Community column for unprotected ports is relevant only when the port state is changed to Protected switchport Use the switchport Interface Configuration mode command with no keywords to put an interface that is in Layer 3 mode into Layer 2 mode for...

Page 500: ...promiscuous host customer no switchport mode Parameters access Specifies an untagged layer 2 VLAN port trunk Specifies a trunking layer 2 VLAN port general Specifies a full 802 1q supported VLAN port customer Specifies that the port is connected to customer equipment Used when the switch is in a provider network private vlan promiscous Private VLAN promiscous port private vlan host Private VLAN ho...

Page 501: ...rnet port channel mode command to configure the VLAN ID when the interface is in access mode Use the no form of this command to restore the default configuration Syntax switchport access vlan vlan id none no switchport access vlan Parameters vlan id Specifies the VLAN ID to which the port is configured none Specifies the access port cannot belong to any VLAN Default Configuration If the default VL...

Page 502: ...de command to enable receiving multicast transmissions from a VLAN that is not the Access port VLAN while keeping the L2 segregation with subscribers on different Access port VLANs Use the no form of this command to disable receiving multicast transmissions Syntax switchport access multicast tv vlan vlan id no switchport access multicast tv vlan Parameters vlan id Specifies the Multicast TV VLAN I...

Page 503: ...haracteristic to the default Syntax switchport trunk allowed vlan all none add vlan list remove vlan list except vlan list no switchport trunk allowed vlan Parameters all Specifies all VLANs from 1 to 4094 At any time the port belongs to all VLANs exiting at the time Range 1 4094 none Specifies an empty VLAN list The port does not belong to any VLAN add vlan list List of VLAN IDs to add Separate n...

Page 504: ...ist is a list of all VLANs from 1 to 4094 minus the VLANs from vlan list Command show running startup always uses the latter format The port must be in trunk mode before the command can take effect Example console config interface gigabitethernet 1 0 1 console config if switchport mode trunk console config if switchport trunk allowed vlan all switchport trunk native vlan Use the switchport trunk n...

Page 505: ...e following example configures VLAN number 123 as the native VLAN when the port is in trunk mode Console interface gi1 0 1 Console config if switchport trunk native vlan 123 switchport general allowed vlan Use the switchport general allowed vlan Interface Configuration mode command to set the general characteristics when the interface is in general mode Use the no form of this command to reset a g...

Page 506: ...ult Default Configuration The port s PVID equals to the Default VLAN ID and belongs to the Default VLAN as untagged one Command Mode Interface Configuration mode Example console config if interface gigabitethernet 1 0 1 console config if switchport mode general console config if switchport general allowed vlan add 2 3 tagged switchport general pvid Use the switchport general pvid Interface Configu...

Page 507: ...t mode general Console config if switchport general pvid 234 switchport general ingress filtering disable Use the switchport general ingress filtering disable Interface Configuration Ethernet Port channel mode command to disable port ingress filtering Use the no form of this command to restore the default configuration Syntax switchport general ingress filtering disable no switchport general ingre...

Page 508: ...table frame type tagged only untagged only all no switchport general acceptable frame type Parameters tagged only Discard untagged packets and priority tagged packets untagged only Discard VLAN tagged packets not including Priority tagged packets all Do not discard packets based on whether the packet is VLAN tagged or not Default Configuration All frame types are accepted at ingress Command Mode I...

Page 509: ...customer vlan Parameters vlan id Specifies the customer VLAN ID Default Configuration No VLAN is configured Command Mode Interface Configuration Ethernet Port channel mode Example The following example defines gigabitethernet port 1 0 5 as a member of customer VLAN 5 Console config interface gigabitethernet 1 0 5 Console config if switchport mode custmer Console config if switchport customer vlan ...

Page 510: ...ecutive VLAN IDs with a comma and no spaces Use a hyphen designate a range of IDs Default Configuration All VLANs are allowed Command Mode Interface Configuration Ethernet Port channel mode Example The following example forbids adding VLAN IDs 234 to 256 to gigabitethernet port 1 0 7 Console config interface gigabitethernet 1 0 7 Console config if switchport mode general Console config if switchpo...

Page 511: ...ogether Range 1 2147483647 Default Configuration The default encapsulation is Ethernet Command Mode VLAN Configuration mode User Guidelines The value 0x8100 is not valid as the protocol number for Ethernet encapsulation The following protocol names are reserved for Ethernet Encapsulation ip arp ipv6 ipx Example The following example maps protocol ip to protocol group number 213 Console config vlan...

Page 512: ... classifying rule Command Mode Interface Configuration Ethernet port channel mode Default Configuration No classification is defined User Guidelines The VLAN classification rule priorities are 1 MAC based VLAN Best match among the rules 2 Subnet based VLAN Best match among the rules 3 Protocol based VLAN 4 PVID Example The following example sets a protocol based classification rule Console config ...

Page 513: ...AN type cannot be changed if there is a private VLAN port that is a member in the VLAN The VLAN type cannot be changed if it is associated with other private VLANs The VLAN type is not kept as a property of the VLAN when it is deleted private vlan association Use the private vlan association Interface VLAN Configuration mode command to configure the association between the primary VLAN and the sec...

Page 514: ...r change its type if it is associated with other private VLANs Primary VLAN can be associated with only single isolated VLAN A secondary VLAN can be associated with only one primary VLAN The association of secondary VLANs with a primary VLAN cannot be removed if there are private VLAN ports that are members in the secondary VLAN In MSTP mode all the VLANs that are associated with a private VLAN sh...

Page 515: ...the configuration is not accepted See the command private vlan association switchport private vlan host association Use the switchport private vlan host association Interface Configuration mode command to configure the VLANs of the private vlan host port Use the no form of this command to reset to default Syntax switchport private vlan host association primary vlan id secondary vlan id no switchpo...

Page 516: ...Use the show vlan private vlan EXEC mode command to show the private VLANs information Syntax show vlan private vlan tag vlan id Parameters vlan id VLAN ID Command Mode EXEC mode User Guidelines The show command does not include non private vlan ports that are members in private VLANs Example Console show vlan private vlan Primary Secondary Type Ports 150 primary gi1 0 15 150 151 isolated gi1 0 15...

Page 517: ... is required when an IP interface is defined on an Ethernet port or Port channel Use this command to define the internal usage VLAN of a port If an internal usage VLAN is not defined for a port the software chooses one of the unused VLANs If a VLAN ID was chosen by the software for internal usage but it is desired to use that VLAN ID for a static or dynamic VLAN do one of the following Remove the ...

Page 518: ...n id Specifies a VLAN ID name vlan name Specifies a VLAN name string Length 1 32 characters Command Mode Privileged EXEC mode Example The following example displays information for all VLANs Console show vlan VLAN 1 10 11 20 21 30 31 91 3978 Name default VLAN0010 VLAN0011 VLAN0020 VLAN0021 VLAN0030 VLAN0031 VLAN0091 Guest VLAN Ports gi1 0 1 2 gi1 0 3 4 gi1 0 1 2 gi1 0 3 4 gi1 0 1 2 gi1 0 17 Type O...

Page 519: ...D Command Mode EXEC mode Example The following example displays information on the source and receiver ports of multicast TV VLAN ID 1000 The following table describes the significant fields shown in the display show vlan protocols groups Use the show vlan protocols groups EXEC mode command to display protocols groups information Console show vlan multicast tv vlan 1000 Source ports gi1 0 8 gi1 0 ...

Page 520: ...ode Example The following example displays protocols groups information show vlan internal usage Use the show vlan internal usage Privileged EXEC mode command to display a list of VLANs used internally by the device Syntax show vlan internal usage Command Mode Privileged EXEC mode Console show vlan protocols groups Protocol 0x800 IP 0x806 ARP 0x86dd IPv6 0x8898 Encapsulation Ethernet Ethernet Ethe...

Page 521: ...tional status of all interfaces or a specific interface Syntax show interfaces switchport interface id Parameters Interface id Specifies an interface ID The interface ID can be one of the following types Ehernet port or Port channel Example console show interfaces switchport gi2 0 1 Gathering information Name gi1 0 1 Switchport enable Administrative Mode access Operational Mode down Access Mode VL...

Page 522: ...s none General Ingress Filtering enabled General Acceptable Frame Type all General GVRP status disabled General GVRP VLANs none Customer Mode VLAN none Private vlan promiscuous association primary VLAN none Private vlan promiscuous association Secondary VLANs Enabled none Private vlan host association primary VLAN none Private vlan host association Secondary VLAN Enabled none DVA disable Protected...

Page 523: ...col IGMP snooping Use the no form of this command to disable IGMP snooping Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled Command Mode Global Configuration mode Example The following example enables IGMP snooping Console config ip igmp snooping ip igmp snooping vlan Use the ip igmp snooping vlan Global Configuration mode command to enable Internet Group...

Page 524: ...te IGMP snooping the bridge multicast filtering should be enabled The User Guidelines of the bridge multicast mode Interface VLAN Configuration command describes the configuration that is written into the FDB as a function of the FDB mode and the IGMP version that is used in the network Example console config ip igmp snooping vlan 2 ip igmp snooping mrouter Use the ip igmp snooping mrouter Global ...

Page 525: ...DVMRP received on the port MRDISC received on the port MOSPF received on the port You can execute the command before the VLAN is created Example console config ip igmp snooping vlan 1 mrouter learn pim dvmrp ip igmp snooping mrouter interface Use the ip igmp snooping mrouter interface Global Configuration mode command to define a port that is connected to a multicast router port Use the no form of...

Page 526: ...e the VLAN is created Example console config ip igmp snooping vlan 1 mrouter interface gi1 0 1 ip igmp snooping forbidden mrouter interface Use the ip igmp snooping forbidden mrouter interface Global Configuration mode command to forbid a port from being defined as a multicast router port by static configuration or by automatic learning Use the no form of this command to remove the configuration S...

Page 527: ...se the ip igmp snooping static Global Configuration mode command to register an IP layer multicast address to the bridge table and to add statically ports to the group Use the no form of this command to remove ports specified as members of a static multicast group Syntax ip igmp snooping vlan vlan id static ip address interface interface list no ip igmp snooping vlan vlan id static ip address inte...

Page 528: ...ng vlan 1 static 239 2 2 2 gi1 0 ip igmp snooping multicast tv Use the ip igmp snooping multicast tv Global Configuration mode command to define the multicast ip addresses that are associated with a multicast tv VLAN Use the no form of this command to remove all associations Syntax ip igmp snooping vlan vlan id multicast tv ip multicast address count number no ip igmp snooping vlan vlan id multica...

Page 529: ...AN Up to 256 VLANs can be configured ip igmp snooping querier Use the ip igmp snooping querier Global Configuration mode command to enable the Internet Group Management Protocol IGMP querier on a specific VLAN Use the no form of this command to disable the IGMP querier on a VLAN interface Syntax ip igmp snooping vlan vlan id querier no ip igmp snooping vlan vlan id querier Parameters vlan id Speci...

Page 530: ...vlan 1 querier ip igmp snooping querier address Use the ip igmp snooping querier address Global Configuration mode command to define the source IP address that the IGMP snooping querier would use Use the no form of this command to return to default Syntax ip igmp snooping vlan vlan id querier address ip address no ip igmp snooping vlan vlan id querier address Parameters vlan id Specifies the VLAN ...

Page 531: ...riable Use the no format of the command to return to default Syntax ip igmp robustness count no ip igmp robustness Parameters count The number of expected packet loss on a link Parameter range Range 1 7 Default 2 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created console config interface vlan 1 console config if ip igmp robustness ...

Page 532: ...nge 30 18000 Default 125 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example ip igmp query max response time Use the ip igmp query max response time Interface Configuration mode command to configure the Query Maximum Response time Use the no format of the command to return to default Syntax ip igmp query max response time se...

Page 533: ...gmp last member query count Interface Configuration mode command to configure the Last Member Query Counter Use the no format of the command to return to default Syntax ip igmp last member query count count no ip igmp last member query count Parameter count The number of times that group or group source specific queries are sent upon receipt of a message indicating a leave Range 1 7 Default A valu...

Page 534: ...ber query interval Parameters milliseconds Interval in milliseconds at which IGMP group specific host query messages are sent on the interface Range 100 25500 Default 1000 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example ip igmp snooping vlan immediate leave Use the ip igmp snooping vlan immediate leave Global Configurati...

Page 535: ... Disabled Command Mode Global Configuration mode User Guidelines You can execute the command before the VLAN is created Example show ip igmp snooping mrouter The show ip igmp snooping mrouter EXEC mode command displays information on dynamically learned multicast router interfaces for all VLANs or for a specific VLAN Syntax show ip igmp snooping mrouter interface vlan id Parameters interface vlan ...

Page 536: ...n for a specific VLAN Syntax show ip igmp snooping interface vlan id Parameters vlan id Specifies the VLAN ID Command Mode EXEC mode Example The following example displays the IGMP snooping configuration for VLAN 1000 Console show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IGMP Snooping admin Enabled IGMP Snooping oper Enabled Routers IGMP version 3 Groups that are in IGMP v...

Page 537: ...y maximum response admin 10 sec oper 10 sec IGMP snooping last member query counter admin 2 oper 2 IGMP snooping last member query interval admin 1000 msec oper 500 msec IGMP snooping last immediate leave enable Automatic learning of multicast router ports is enabled show ip igmp snooping groups The show ip igmp snooping groups EXEC mode command displays the multicast groups learned by the IGMP sn...

Page 538: ...sked to receive a multicast flow but were defined as forbidden for that multicast group in multicast bridge Note under certain circumstances the Exclude list may not contain accurate information For example in the case when two Exclude reports were received on the same port for the same group but for different sources the port will not be in the Exclude list but rather in the Include list Example ...

Page 539: ...RELIMINARY 5 15 12 FOR PROOF ONLY Command Mode EXEC mode Example The following example displays the IP addresses associated with all Multicast TV VLANs Console show ip igmp snooping multicast tv VLAN IP Address 1000 239 255 0 0 1000 239 255 0 1 1000 239 255 0 2 1000 239 255 0 3 1000 239 255 0 4 1000 239 255 0 5 1000 239 255 0 6 1000 239 255 0 7 ...

Page 540: ...540 IGMP Snooping Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files IGMP_Snooping fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 541: ...figuration mode command to set the system priority Use the no form of this command to restore the default configuration Syntax lacp system priority value no lacp system priority Parameters value Specifies the system priority value Range 1 65535 Default Configuration The default system priority is 1 Command Mode Global Configuration mode Example The following example sets the system priority to 120...

Page 542: ...iority Parameters value Specifies the port priority Range 1use the no form of this command65535 Default Configuration The default port priority is 1 Command Mode Interface Configuration Ethernet mode Example The following example sets the priority of gigabitethernet port 1 0 6 console config interface gi1 0 6 console config if lacp port priority 247 lacp timeout Use the lacp timeout Interface Conf...

Page 543: ...n Ethernet mode Example The following example assigns a long administrative LACP timeout to gigabitethernet port 1 0 6 Console config interface gigabitethernet 1 0 6 Console config if lacp timeout long show lacp Use the show lacp EXEC mode command to display LACP information for all Ethernet ports or for a specific Ethernet port Syntax show lacp interface id parameters statistics protocol state Pa...

Page 544: ...r gigabitethernet port 1 0 1 Console show lacp ethernet gi1 0 1 Port gi1 0 1 LACP parameters Actor system priority system mac addr port Admin key port Oper key port Oper number port Admin priority port Oper priority port Admin timeout port Oper timeout LACP Activity Aggregation synchronization collecting distributing expired 1 00 00 12 34 56 78 30 30 21 1 1 LONG LONG ACTIVE AGGREGATABLE FALSE FALS...

Page 545: ...ity Aggregation synchronization collecting distributing expired 0 00 00 00 00 00 00 0 0 0 0 0 LONG LONG PASSIVE AGGREGATABLE FALSE FALSE FALSE FALSE Port gi1 0 1 LACP Statistics LACP PDUs sent LACP PDUs received 2 2 Port gi1 0 1 LACP Protocol State LACP State Machines Receive FSM Mux FSM Port Disabled State Detached State Control Variables BEGIN LACP_Enabled Ready_N Selected Port_moved NNT Port_en...

Page 546: ...mation for a port channel Syntax show lacp port channel port_channel_number Parameters port_channel_number Specifies the port channel number Command Mode EXEC mode Example The following example displays LACP information about port channel 1 Console show lacp port channel 1 Port Channel 1 Port Type 1000 Ethernet Actor System Priority MAC Address Admin Key Oper Key 1 000285 0E1C00 29 29 Partner Syst...

Page 547: ...VLAN Registration Protocol GVRP globally Use the no form of this command to disable GVRP on the device Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled Command Mode Global Configuration mode Example The following example enables GVRP globally on the device Console config gvrp enable gvrp enable Interface Use the gvrp enable Interface Configuration Ethernet Port cha...

Page 548: ...ame way as in a tagged VLAN That is the PVID must be manually defined as the untagged VLAN VID Example The following example enables GVRP on gigabitethernet port 1 0 6 Console config interface gigabitethernet 1 0 6 Console config if gvrp enable garp timer Use the garp timer Interface Configuration Ethernet port channel mode command to adjust the values of the join leave and leaveall timers of GARP...

Page 549: ... time interval between leaveall messages for a GARP entity which prompt other GARP entities to re reregister all attribute information on this entity timer value Specifies the timer value in milliseconds in multiples of 10 Range 10 2147483640 Default Configuration The following are the default timer values Join timer 200 milliseconds Leave timer 600 milliseconds Leaveall timer 10000 milliseconds C...

Page 550: ...to disable dynamic VLAN creation or modification Use the no form of this command to enable dynamic VLAN creation or modification Syntax gvrp vlan creation forbid no gvrp vlan creation forbid Default Configuration Dynamic VLAN creation or modification is enabled Command Mode Interface Configuration Ethernet Port channel mode Example The following example disables dynamic VLAN creation on gigabiteth...

Page 551: ...d Command Mode Interface Configuration Ethernet Port channel mode Example The following example forbids dynamic registration of VLANs on gigabitethernet port 1 0 2 Console config interface gigabitethernet 1 0 2 Console config if gvrp registration forbid clear gvrp statistics Use the clear gvrp statistics Privileged EXEC mode command to clear GVRP statistical information for all interfaces or for a...

Page 552: ...values whether GVRP and dynamic VLAN creation are enabled and which ports are running GVRP Syntax show gvrp configuration interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays GVRP configuration information console show gvrp configuration GVRP Feat...

Page 553: ...terface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays GVRP statistical information Console show gvrp statistics GVRP statistics Legend rJE rEmp rLE sJE sEmp sLE Join Empty Received Empty Received Leave Empty Received Join Empty Sent Empty Sent Leave ...

Page 554: ...n be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays GVRP error statistics console show gvrp error statistics GVRP Error Statistics Legend INVPROT Invalid Protocol Id INVATYP Invalid Attribute Type INVALEN Invalid Attribute Length INVAVAL Invalid Attribute Value INVEVENT Invalid Event Port 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 rJE 0 ...

Page 555: ...s Dell Contax CLI files GVRP fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Port INVPROT INVATYP INVAVAL INVALEN INVEVENT gi1 0 1 0 0 0 0 0 gi1 0 2 0 0 0 0 0 gi1 0 3 0 0 0 0 0 gi1 0 4 0 0 0 0 0 gi1 0 5 0 0 0 0 0 gi1 0 6 0 0 0 0 0 gi1 0 0 7 0 0 0 0 0 gi1 0 0 8 0 0 0 0 0 ...

Page 556: ...556 GVRP Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files GVRP fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 557: ...e no format of the command returns the value to default Syntax voice vlan id vlan id no voice vlan id Parameters vlan id Specifies the voice VLAN ID Parameters Range vlan id 1 4094 Default Configuration Default VLAN s Identifier Command Mode Global Configuration mode User Guidelines If the Voice VLAN does not exist it is created automatically It will not removed automatically Example The following...

Page 558: ...oui table Parameters add mac address prefix Adds the specified MAC address to the voice VLAN OUI table Length 3 bytes text Adds the specified text as a description of the specified MAC address to the voice VLAN OUI table Length 1 32 characters remove mac address prefix Removes the specified MAC address from the voice VLAN OUI table Length 3 bytes Default Configuration The default voice VLAN OUI ta...

Page 559: ...nates the market is limited and well known the known OUI values can be configured as a default and user configurable to the switch Example The following example adds an entry to the voice VLAN OUI table Console config voice vlan oui table add 00 AA BB description experimental voice vlan cos mode Use the voice vlan cos mode Interface Configuration mode command to select the OUI Voice VLAN Class Of ...

Page 560: ...emark no voice vlan cos Parameters cos Specifies the voice VLAN Class of Service Range 0 7 remark Specifies that the L2 User Priority is remarked Default Configuration The default CoS value is 6 The L2 User Priority is not remarked Command Mode Global Configuration mode User Guidelines Example The following example sets the OUI Voice VLAN CoS to 6 Console config voice vlan cos 7 voice vlan aging t...

Page 561: ...440 minutes Command Mode Global Configuration mode Example The following example sets the OUI Voice VLAN aging timeout interval to 12 hours Console config voice vlan aging timeout 720 voice vlan enable Use the voice vlan enable Interface Configuration Ethernet Port channel mode command to enable OUI Voice VLAN configuration on a port Use the no form of this command to disable OUI Voice VLAN config...

Page 562: ...s with a telephony MAC address aged out exceeds the timeout limit configured by the voice vlan aging timeout Global Configuration mode command the port is removed from the voice VLAN Example The following example enables OUI Voice VLAN configuration on gigabitethernet port 1 0 2 Console config interface gigabitethernet 1 0 2 Console config if voice vlan enable voice vlan secure Use the voice vlan ...

Page 563: ...VLAN on gigabitethernet port 1 0 8 Console config interface gigabitethernet 1 0 8 Console config if voice vlan secure show voice vlan Use the show voice vlan EXEC mode command to display the voice VLAN status for all interfaces or for a specific interface Syntax show voice vlan type oui auto interface id Parameters type oui auto Specifies which information is printed oui common and the OUI Voice V...

Page 564: ...Agreed Voice VLAN priority is 0 active UC device Agreed Voice VLAN ID is 100 Agreed VPT is 0 Agreed DSCP is 0 Agreed VLAN Last Change is 10 Apr 10 20 01 00 Example 2 Administrate Voice VLAN state is auto enabled Operational Voice VLAN state is auto enabled Best Local Voice VLAN ID is 1 default Best Local VPT is 0 default Best Local DSCP is 0 default Agreed Voice VLAN is received from switch 00 01 ...

Page 565: ...fault Best Local DSCP is 0 default Aging timeout 1440 minutes CoS 6 Remark Yes Example 5 Administrate Voice VLAN state is oui enabled Operational Voice VLAN state is oui enabled Best Local Voice VLAN ID is 1 default Best Local VPT is 4 Best Local DSCP is 1 Aging timeout 1440 minutes CoS 6 Remark Yes OUI table MAC Address Prefix Description 00 E0 BB 3COM 00 03 6B Cisco 00 E0 75 Veritel 00 D0 1E Pin...

Page 566: ...mands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files Voice_VLAN fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY gi1 0 1 Yes Yes Yes all gi1 0 2 Yes Yes No src gi1 0 3 No No src ...

Page 567: ... Snooping globally Use the no form of this command to restore the default configuration Syntax ip dhcp snooping no ip dhcp snooping Default Configuration DHCP snooping is disabled Command Mode Global Configuration mode User Guidelines For any DHCP Snooping configuration to take effect DHCP Snooping must be enabled globally DHCP Snooping on a VLAN is not active until DHCP Snooping on a VLAN is enab...

Page 568: ...n vlan id no ip dhcp snooping vlan id Parameters vlan id Specifies the VLAN ID Default Configuration DHCP Snooping on a VLAN is disabled Command Mode Global Configuration mode User Guidelines DHCP Snooping must be enabled globally before enabling DHCP Snooping on a VLAN Example The following example enables DHCP Snooping on VLAN 21 Console config ip dhcp snooping vlan 21 ip dhcp snooping trust Use...

Page 569: ...nfigure the ports that are connected to DHCP clients as untrusted Example The following example configures gigabitethernet port 1 0 5 as trusted for DHCP Snooping Console config interface gigabitethernet 1 0 5 Console config if ip dhcp snooping trust ip dhcp snooping information option allowed untrusted Use the ip dhcp snooping information option allowed untrusted Global Configuration mode command...

Page 570: ...ig ip dhcp snooping information option allowed untrusted ip dhcp snooping verify Use the ip dhcp snooping verify Global Configuration mode command to configure a device to verify that the source MAC address in a DHCP packet received on an untrusted port matches the client hardware address Use the no form of this command to disable MAC address verification in a DHCP packet received on an untrusted ...

Page 571: ...ping binding database file Use the no form of this command to delete the DHCP Snooping binding database file Syntax ip dhcp snooping database no ip dhcp snooping database Default Configuration The DHCP Snooping binding database file is not defined Command Mode Global Configuration mode User Guidelines The DHCP Snooping binding database file resides on Flash To ensure that the lease time in the dat...

Page 572: ...ping database update freq Parameters seconds Specifies the update frequency in seconds Range 600 86400 Default Configuration The default update frequency value is 1200 seconds Command Mode Global Configuration mode Example The following example sets the DHCP Snooping binding database file update frequency to 1 hour Console config ip dhcp snooping database update freq 3600 ip dhcp snooping binding ...

Page 573: ...interval in seconds after which the binding entry is no longer valid Range 10 4294967295 expiry infinite Specifies infinite lease time Default Configuration No static binding exists Command Mode Privileged EXEC mode User Guidelines After entering this command an entry is added to the DHCP Snooping database If the DHCP Snooping binding file exists the entry is also added to that file The entry is d...

Page 574: ...d EXEC mode Example The following example clears the DHCP Snooping binding database Console clear ip dhcp snooping database show ip dhcp snooping Use the show ip dhcp snooping EXEC mode command to display the DHCP snooping configuration for all interfaces or for a specific interface Syntax show ip dhcp snooping interface id Parameters interface id Specifies an interface ID The interface ID can be ...

Page 575: ...666 seconds Interface Trusted gi1 0 1 Yes gi1 0 2 Yes show ip dhcp snooping binding Use the show ip dhcp snooping binding User EXEC mode command to display the DHCP Snooping binding database and configuration information for all interfaces or for a specific interface Syntax show ip dhcp snooping binding mac address mac address ip address ip address vlan vlan id interface id Parameters mac address ...

Page 576: ...command to disable ARP inspection Syntax ip arp inspection no ip arp inspection Default Configuration ARP inspection is disabled Command Mode Global Configuration mode User Guidelines Note that if a port is configured as an untrusted port then it should also be configured as an untrusted port for DHCP Snooping or the IP address MAC address binding for this port should be configured statically Othe...

Page 577: ...nooping database Use the no form of this command to disable ARP inspection on a VLAN Syntax ip arp inspection vlan vlan id no ip arp inspection vlan vlan id Parameters vlan id Specifies the VLAN ID Default Configuration DHCP Snooping based ARP inspection on a VLAN is disabled Command Mode Global Configuration mode User Guidelines This command enables ARP inspection on a VLAN based on the DHCP snoo...

Page 578: ...ommand Mode Interface Configuration Ethernet Port channel mode User Guidelines The device does not check ARP packets that are received on the trusted interface it only forwards the packets For untrusted interfaces the device intercepts all ARP requests and responses It verifies that the intercepted packets have valid IP to MAC address bindings before updating the local cache and before forwarding ...

Page 579: ...RP inspection validation is disabled Command Mode Global Configuration mode User Guidelines The following checks are performed Source MAC address Compares the source MAC address in the Ethernet header against the sender MAC address in the ARP body This check is performed on both ARP requests and responses Destination MAC address Compares the destination MAC address in the Ethernet header against t...

Page 580: ...rp inspection list create name Parameters name Specifies the static ARP binding list name Length 1 32 characters Default Configuration No static ARP binding list exists Command Mode Global Configuration mode User Guidelines Use the ip arp inspection list assign command to assign the list to a VLAN Example The following example creates the static ARP binding list servers and enters the ARP list con...

Page 581: ...ample The following example creates a static ARP binding Console config ip arp inspection list create servers Console config ARP list ip 172 16 1 1 mac 0060 704C 7321 Console config ARP list ip 172 16 1 2 mac 0060 704C 7322 ip arp inspection list assign Use the ip arp inspection list assign Global Configuration mode command to assign a static ARP binding list to a VLAN Use the no form of this comm...

Page 582: ...g interval Global Configuration mode command to set the minimum time interval between successive ARP SYSLOG messages Use the no form of this command to restore the default configuration Syntax ip arp inspection logging interval seconds infinite no ip arp inspection logging interval Parameters seconds Specifies the minimum time interval between successive ARP SYSLOG messages A 0 value means that a ...

Page 583: ...de command to display the ARP inspection configuration for all interfaces or for a specific interface Syntax show ip arp inspection interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays the ARP inspection configuration console show ip arp inspectio...

Page 584: ...list Command Mode Privileged EXEC mode Example The following example displays the static ARP binding list show ip arp inspection statistics Use the show ip arp inspection statistics EXEC command to display Statistics For The Following Types Of Packets That Have Been Processed By This Feature Forwarded Dropped IP MAC Validation Failure Syntax show ip arp inspection statistics vlan vlan id Parameter...

Page 585: ...d Counters values are kept when disabling the ARP Inspection feature Example console show ip arp inspection statistics Vlan Forwarded Packets Dropped Packets IP MAC Failures 2 1500100 80 clear ip arp inspection statistics Use the clear ip arp inspection statistics Privileged EXEC mode command to clear statistics ARP Inspection statistics globally Syntax clear ip arp inspection statistics vlan vlan...

Page 586: ...sable DHCP option 82 data insertion Syntax ip dhcp information option no ip dhcp information option Parameters This command has no arguments or keywords Default Configuration DHCP option 82 data insertion is disabled Command Mode Global Configuration mode User Guidelines DHCP option 82 would be enabled only if DHCP snooping or DHCP relay are enabled Example console config ip dhcp information optio...

Page 587: ...out_new CLI Folders Dell Contax CLI files DHCP_Snooping fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Command Mode EXEC mode Example The following example displays the DHCP Option 82 configuration console show ip dhcp information option Relay agent Information option is Enabled ...

Page 588: ...588 DHCP Snooping and ARP Inspection Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files DHCP_Snooping fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 589: ...low Control on all interfaces and enables jumbo frames Use the no form of this command to globally disable iSCSI awareness This version of the command does not affect the Flow Control global mode does not disable Flow Control on all interfaces and does not disable jumbo frames Syntax iscsi enable no iscsi enable Default Configuration Disabled Command Mode Global Configuration mode User Guidelines ...

Page 590: ... listen to requests Up to 8 TCP ports can be defined in the system in one command or by using multiple commands Range 1 65536 address ip address Specifies the iSCSI target IP address If the no form is used and the TCP port to be deleted is one that was bound to a specific IP address the IP address field must be present name targetname Specifies the iSCSI target name The name can be statically conf...

Page 591: ...elnet SSH HTTP HTTPS SNMP or DHCP To bind a port to an IP address and the port is already defined but not bound to an IP address first remove the port by using the no form of the command and then add it again with the relevant IP address Target names are displayed only when using the show iscsi command These names are not used to match or to perform any sanity check on the iSCSI session informatio...

Page 592: ...VPT 5 Command Mode Global Configuration mode User Guidelines The iscsi cos enable command is used to enable an iSCSI CoS profile whether the default profile or one configured by using the iscsi cos vpt dscp command When executing the iscsi cos disable command iSCSI CoS configuration is not deleted Use the Remark option to prioritize iSCSI traffic in the next hop switch which might be iSCSI unaware...

Page 593: ... the QoS profile to apply to iSCSI flows by assigning iSCSI frames with DSCP 31 Console config iscsi cos enable Console config iscsi cos dscp 31 iscsi aging time Use the iscsi aging time Global Configuration mode command to set the idle time interval for iSCSI sessions Use the no form of this command to cancel iSCSI session aging Syntax iscsi aging time minutes no iscsi aging time Parameters minut...

Page 594: ...t aging time If after recalculation it is determined that the current session idle time is greater than the new aging time the session is immediately terminated Example The following example sets the aging time for iSCSI sessions to 10 minutes Console config iscsi aging time 10 iscsi max tcp connections To set the maximum number of iSCSI sessions that can be supported use the iscsi max tcp connect...

Page 595: ...ion is 500 bytes per session and 20 bytes per connection 256 sessions each with 4 connections consumes 145KB In the current implementation if more than 1024 connections exist you will still get QoS but only 1024 connections will be displayed show iscsi Use the show iscsi Privileged EXEC mode command to display the iSCSI configuration Syntax show iscsi Command Mode Privileged EXEC mode User Guideli...

Page 596: ...ons Privileged EXEC mode command to display the iSCSI sessions Syntax show iscsi sessions detailed Parameters detailed Specifies that the displayed list is detailed Command Mode Privileged EXEC mode Console show iscsi iSCSI disabled iSCSI COS disabled iSCSI vpt is 5 Remark iSCSI aging time 5 min Maximum number of connections 256 iSCSI targets and TCP ports TCP Target IP Name Port Address 860 0 0 0...

Page 597: ...ut after 256 N aging time In general the higher the number of ungraceful terminated iSCSI TCP connections the higher the aging time inaccuracy Example The following example displays the iSCSI sessions Console show iscsi sessions Target iqn 1993 11 com disk vendor diskarrays sn 45678 Initiator iqn 1992 04 com os vendor plan9 cdrom 12 ISID 11 Initiator iqn 1995 05 com os vendor plan9 cdrom 10 ISID 2...

Page 598: ...ut 10 min ISID 11 Initiator IP Address 172 16 1 3 172 16 1 4 172 16 1 5 Initiator TCP Port 49154 49155 49156 Target IP Address 172 16 1 20 172 16 1 21 172 16 1 22 Target IP Port 30001 30001 30001 Session 2 Initiator iqn 1995 05 com os vendor plan9 cdrom 10 Status Active UP Time 00 04 50 DD HH MM Time for aging out 2 min ISID 22 Initiator IP Address 172 16 1 30 172 16 1 40 Initiator TCP Port 49200 ...

Page 599: ... ip address ip address mask prefix length no ip address ip address If the product is a switch only ip address ip address mask prefix length default gateway ip address no ip address ip address If the product is switch only and supports a single IP address ip address ip address mask prefix length default gateway ip address no ip address Parameters ip address Specifies the IP address mask Specifies t...

Page 600: ... is switch only and supports a single IP address If the IP address configured in global context then it would be bound to the currently defined management interface If the management interface is Default VLAN and the VID of the default VLAN is changed then when new setting is applied the IP address will be automatically redefined on the new Default VLAN If the IP address is configured in Interface...

Page 601: ...mode It cannot be configured for a range of interfaces range context User Guidelines The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol DHCP client configuration on an interface implicitly removes the static IP address configuration on the interface If the device is configured to obtain its IP address from a DHCP server it sends a DHCPDI...

Page 602: ...utoconfig Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port Port channel or VLAN force autoconfig In the case the DHCP server holds a DHCP option 67 record for the assigned IP address the file would overwrite the existing device configuration Command Mode Privileged EXEC mode User Guidelines Note that this command does not enable DHC...

Page 603: ...tion mode command defines a default gateway device Use the no form of this command to restore the default configuration Syntax ip default gateway ip address no ip default gateway Parameters ip address Specifies the default gateway IP address Command Mode Global Configuration mode Default Configuration No default gateway is defined Example The following example defines default gateway 192 168 1 1 C...

Page 604: ...P interfaces and their types console show ip interface IP Address I F Type Directed Precedence Status Broadcast 10 5 234 232 24 vlan 1 Static disable No Valid arp Use the arp Global Configuration mode command to add a permanent entry to the Address Resolution Protocol ARP cache Use the no form of this command to remove an entry from the ARP cache Syntax arp ip address mac address interface id no a...

Page 605: ... need to be specified Example The following example adds IP address 198 133 219 232 and MAC address 00 00 0c 40 0f bc to the ARP table Console config arp 198 133 219 232 00 00 0c 40 0f bc ethernet 1 6 arp timeout Global Use the arp timeout Global Configuration mode command to set the time interval during which an entry remains in the ARP cache Use the no form of this command to restore the default...

Page 606: ...or specific interface Use the no form of this command restore the default value Syntax arp timeout seconds no arp timeout Parameters seconds Time in seconds that an entry remains in the ARP cache It is recommended not to set it to less than 3600 Range 1 40000000 Default Defined by the arp timeout Global Configuration command Command Mode Interface Configuration Ethernet VLAN Port channel mode It c...

Page 607: ... this command reenable proxy ARP Syntax ip arp proxy disable no ip arp proxy disable Parameters This command has no arguments or key words Default Enabled by default Command Mode Global Configuration mode User Guidelines The ip arp proxy disable command overrides any proxy ARP interface configuration ip proxy arp Use the ip proxy arp Interface Configuration mode command to enable an ARP proxy on s...

Page 608: ...st one IP address is defined on a specific interface Example The following example enables the ARP proxy Console config if ip proxy arp clear arp cache Use the clear arp cache Privileged EXEC mode command to delete all dynamic entries from the ARP cache Syntax clear arp cache Command Mode Privileged EXEC mode Example The following example deletes all dynamic entries from the ARP cache Console clea...

Page 609: ...ce the associated interface of a MAC address can be aged out from the FDB table the Interface field can be empty If an ARP entry is associated with an IP interface that is defined on a port or port channel the VLAN field is empty Example The following example displays entries in the ARP table show arp configuration Use the show arp configuration privileged EXEC command to display the global and in...

Page 610: ...e show arp configuration Global configuration ARP Proxy enabled ARP timeout 80000 Seconds Interface configuration g2 ARP Proxy disabled ARP timeout 60000 Seconds VLAN 1 ARP Proxy enabled ARP timeout 70000 Seconds VLAN 2 ARP Proxy enabled ARP timeout 80000 Second Global interface ip Use the interface ip Global Configuration mode command to enter the IP Interface Configuration mode Syntax interface ...

Page 611: ...d broadcast IP Interface Configuration mode command to enable the translation of a directed broadcast to physical broadcasts Use the no form of this command to disable this function Syntax directed broadcast no directed broadcast Default Configuration Translation of a directed broadcast to physical broadcasts is disabled All IP directed broadcasts are dropped Command Mode IP Interface Configuratio...

Page 612: ...55 255 as the broadcast address 0 0 0 0 Specifies 0 0 0 0 as the broadcast address Default Configuration The default broadcast address is 255 255 255 255 Command Mode IP Interface Configuration mode Example The following example enables the translation of a directed broadcast to physical broadcasts Console config interface ip 192 168 1 1 Console config ip broadcast address 255 255 255 255 ip helpe...

Page 613: ...arding of User Datagram Protocol UDP broadcast packets received on an interface to a specific helper address is disabled If udp port list is not specified packets for the default services are forwarded to the helper address Command Mode Global Configuration mode User Guidelines The ip helper address command forwards specific UDP broadcast packets from one interface to another Many helper addresses...

Page 614: ... NetBIOS Datagram Server port 138 TACACS Server port 49 Time Service port 37 Example The following example enables the forwarding of User Datagram Protocol UDP broadcasts received on all interfaces to specific UDP ports of a destination IP address Console config ip helper address all 172 16 9 9 49 53 show ip helper address Use the show ip helper address Privileged EXEC mode command to display the ...

Page 615: ...layed messages on an interface Use the no form of this command to restore the default configuration Syntax source precedence no source precedence Default Configuration Source precedence is not defined for the address Command Mode IP Interface Configuration mode User Guidelines For relayed DHCP messages the source IP address selected is 1 The lowest of the IP addresses defined as source precedence ...

Page 616: ...dress translation Use the no form of this command to disable DNS based host name to address translation Syntax ip domain lookup no ip domain lookup Default Configuration IP Domain Name System DNS based host name to address translation is enabled Command Mode Global Configuration mode Example The following example enables IP Domain Name System DNS based host name to address translation Console conf...

Page 617: ...efault Configuration A default domain name is not defined Command Mode Global Configuration mode User Guidelines Domain names and host names are restricted to the ASCII letters A through Z case insensitive the digits 0 through 9 the underscore and the hyphen A period is used to separate labels The maximum size of a label is 63 characters The maximum name size is 158 bytes Example The following exa...

Page 618: ...ame must be specified Refer to the User Guidelines for the interface name syntax Default Configuration No name server IP addresses are defined Command Mode Global Configuration mode User Guidelines The preference of the servers is determined by the order in which they were entered Up to 8 servers can be defined using one command or using multiple commands The format of an IPv6Z address is ipv6 lin...

Page 619: ...remove the static host name to address mapping Syntax ip host name address address2 address3 address4 no ip host name Parameters name Specifies the host name Length 1 158 characters Maximum label length 63 characters address Specifies the associated IP address Up to 4 addresses can be defined Default Configuration No host is defined Command Mode Global Configuration mode User Guidelines Host names...

Page 620: ...ters name Specifies the host entry to remove Length 1 158 characters Maximum label length 63 characters Removes all entries Command Mode Privileged EXEC mode Example The following example deletes all entries from the host name to address cache Console clear host clear host dhcp Use the clear host dhcp Privileged EXEC mode command to delete entries from the host name to address mapping received fro...

Page 621: ... temporarily until the next refresh of the IP addresses Example The following example deletes all entries from the host name to address mapping received from DHCP Console clear host dhcp show hosts Use the show hosts EXEC mode command to display the default domain name the list of name server hosts the static and the cached list of host names and addresses Syntax show hosts name Parameters name Sp...

Page 622: ... displays host information Console show hosts System name Device Default domain is gm com sales gm com usa sales gm com DHCP Name address lookup is enabled Name servers Preference order 176 16 1 18 176 16 1 19 Configured host name to address mapping Host accounting gm com Addresses 176 16 8 8 176 16 8 9 DHCP 2002 0 130F 0A0 1504 0BB4 Host www stanford edu Tota l 72 Elapse d 3 Type IP Addresses 171...

Page 623: ...ntax ipv6 enable no autoconfig no ipv6 enable Parameters no autoconfig EnableS processing of IPv6 on an interface without stateless address autoconfiguration procedure Default Configuration IPv6 addressing is disabled Unless you are using the no autoconfig parameter when the interface is enabled stateless address autoconfiguration procedure is enabled Command Mode Interface Configuration Ethernet ...

Page 624: ...sole config if ipv6 enable ipv6 address autoconfig Use the ipv6 address autoconfig Interface Configuration mode command to enable automatic configuration of IPv6 addresses using stateless autoconfiguration on an interface Addresses are configured depending on the prefixes received in Router Advertisement messages Use the no form of this command to disable address autoconfiguration on the interface...

Page 625: ...sole config interface vlan 1 console config if ipv6 address autoconfig ipv6 icmp error interval Use the ipv6 icmp error interval Global Configuration mode command to configure the rate limit interval and bucket size parameters for IPv6 Internet Control Message Protocol ICMP error messages Use the no form of this command to return the interval to its default setting Syntax ipv6 icmp error interval ...

Page 626: ... Global Configuration mode User Guidelines To set the average ICMP error rate limit calculate the interval with the following formula Average Packets Per Second 1 interval bucket size Example console config ipv6 icmp error interval 123 45 show ipv6 icmp error interval Use the show ipv6 error interval command in the EXEC mode to display the IPv6 ICMP error interval Syntax show ipv6 icmp error inter...

Page 627: ...mal using 16 bit values between colons prefix length Specifies the length of the IPv6 prefix A decimal value that indicates how many of the high order contiguous bits of the address comprise the prefix the network portion of the address A slash mark must precede the decimal eui 64 Optional Builds an interface ID in the low order 64 bits of the IPv6 address based on the interface MAC address anycas...

Page 628: ...ipv6 address prefix length link local no ipv6 address ipv6 address prefix length link local Parameters ipv6 address Specifies the IPv6 network assigned to the interface This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimals using 16 bit values between colons prefix length Specifies the length of the IPv6 prefix A decimal value indicates how many of ...

Page 629: ...an interface when IPv6 processing is enabled on the interface To manually specify a link local address to be used by an interface use the ipv6 link local address command The system supports only 64 bits prefix length for link local addresses Example console config interface vlan 1 console config if ipv6 address fe80 123 64 link local ipv6 unreachables Use the ipv6 unreachables Interface Configurat...

Page 630: ...onsole config if ipv6 unreachables ipv6 default gateway Use the ipv6 default gateway Global Configuration mode command to define an IPv6 default gateway Use the no form of this command To remove the default gateway Syntax ipv6 default gateway ipv6 address no ipv6 default gateway Parameters ipv6 address Specifies the IPv6 address of the next hop that can be used to reach that network When the IPv6 ...

Page 631: ...ically by the neighbor discovery protocol Router reachability can be confirmed by either receiving Router Advertisement message containing router s MAC address or manually configured by user using the IPv6 neighbor CLI command Another option to force reachability confirmation is to ping the router link local address this will initiate the neighbor discovery process If the egress interface is not s...

Page 632: ...sses Type VLAN 1 4004 55 64 ANY manual VLAN 1 fe80 200 b0ff fe00 0 linklayer VLAN 1 ff02 1 linklayer VLAN 1 ff02 77 manual VLAN 1 ff02 1 ff00 0 manual VLAN 1 ff02 1 ff00 1 manual VLAN 1 ff02 1 ff00 55 manual Default Gateway IP address Type Interface State fe80 77 Static VLAN 1 unreachable fe80 200 cff fe4a dfa8 Dynamic VLAN 1 stale Console show ipv6 interface Vlan 15 IPv6 is disabled Console show ...

Page 633: ...y the current state of the IPv6 routing table Syntax show ipv6 route Command Mode EXEC mode Example Console show ipv6 route Codes L Local S Static I ICMP ND Router Advertisment The number in the brackets is the metric S 0 via fe80 77 0 VLAN 1 Lifetime Infinite ND 0 via fe80 200 cff fe4a dfa8 0 VLAN 1 Lifetime 1784 sec L 2001 64 is directly connected g2 Lifetime Infinite L 2002 1 1 1 64 is directly...

Page 634: ...e transmission without follow up transmissions Range 0 600 Default Configuration Duplicate Address Detection on unicast IPv6 addresses with the sending of one neighbor solicitation message is enabled Command Mode Interface Configuration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context User Guidelines Duplicate Address Detection DAD verifies the unique...

Page 635: ...ew Link Local address Configuring a value of 0 with the ipv6 nd dad attempts Interface Configuration mode command disables duplicate address detection processing on the specified interface A value of 1 configures a single transmission without follow up transmissions The default is 1 message Until the DAD process is completed an IPv6 address is in the tentative state and cannot be used for data tra...

Page 636: ...nterface name syntax ipv6 address2 4 Optional Additional IPv6 addresses that may be associated with the host s name Default Configuration No host is defined Command Mode Global Configuration mode User Guidelines The format of an IPv6Z address is ipv6 link local address interface name interface name vlan integer ch integer isatap integer physical port name integer decimal number integer decimal num...

Page 637: ...he IPv6 neighbor command is similar to the ARP global command If an entry for the specified IPv6 address already exists in the neighbor discovery cache learned through the IPv6 neighbor discovery process the entry is automatically converted to a static entry A new static neighbor entry with a global address can be configured only if a manually configured subnet already exists in the device Use the...

Page 638: ...ault MTU size 1500 bytes Minimum is 1280 bytes Default Configuration 1500 bytes Command Mode Privileged EXEC mode User Guidelines This command is intended for debugging and testing purposes and should be used only by technical support personnel Example console ipv6 set mtu gi1 0 1 default ipv6 mld version Use the ipv6 mld version Interface Configuration mode command to change the version of the Mu...

Page 639: ...uration mode command to configure Multicast Listener Discovery MLD reporting for a specified group Use the no form of this command to cancel reporting and leave the group Syntax ipv6 mld join group group address no ipv6 mld join group group address Parameters group address Specifies the IPv6 address of the multicast group Default Configuration Command Mode Interface Configuration Ethernet VLAN Por...

Page 640: ...atic Shows static neighbor discovery cash entries dynamic Shows dynamic neighbor discovery cash entries ipv6 address Shows the neighbor discovery cache information entry of a specific IPv6 address mac address Shows the neighbor discovery cache information entry of a specific MAC address interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port Port cha...

Page 641: ...operly While stale no action takes place until a packet is sent DELAY More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly and a packet was sent within the last DELAY_FIRST_PROBE_TIME seconds If no reachability confirmation is received within DELAY_FIRST_PROBE_TIME seconds of entering the DELAY state send...

Page 642: ...eckout_new CLI Folders Dell Contax CLI files IPv6_Addressing fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Syntax clear ipv6 neighbors Parameters This command has no keywords or arguments Command Mode Privileged EXEC mode Example console clear ipv6 neighbors ...

Page 643: ...ode Syntax interface tunnel number Parameters number Specifies the tunnel index Command Mode Global Configuration mode Example The following example enters the Interface Configuration Tunnel mode Console config interface tunnel 1 Console config tunnel tunnel mode ipv6ip Use the tunnel mode ipv6ip Interface Configuration Tunnel mode command to configure an IPv6 transition mechanism global support m...

Page 644: ...Pv4 address Note that on a specific interface for example port or VLAN both native IPV6 and transition mechanisms can coexist The host implementation chooses the egress interface according to the scope of the destination IP address such as ISATAP or native IPv6 Example The following example configures an IPv6 transition mechanism global support mode Console config interface tunnel 1 Console config...

Page 645: ...tunnel router lookup in the IPv4 DNS procedure By default the string ISATAP is used for the corresponding automatic tunnel types Only one string can represent the automatic tunnel router name per tunnel Using this command therefore overwrites the existing entry Example The following example configures the global string ISATAP2 as the automatic tunnel router domain name Console config tunnel 1 Cons...

Page 646: ...Table is changed Default No source address is defined Command Mode Interface Configuration Tunnel mode User Guidelines The configured source IPv4 address is used for forming the tunnel interface identifier The interface identifier is set to the 8 least significant bytes of the SIP field of the encapsulated IPv6 tunneled packets Example console config interface tunnel 1 console config tunnel tunnel...

Page 647: ...known the robustness level that is set by the tunnel isatap robustness Global Configuration mode command determines the refresh rate Example The following example sets the time interval between DNS queries to 30 seconds Console config tunnel isatap query interval 30 tunnel isatap solicitation interval Use the tunnel isatap solicitation interval Global Configuration mode command to set the time int...

Page 648: ...mand determines the refresh rate Example The following example sets the time interval between ISATAP router solicitation messages to 30 seconds Console config tunnel isatap solicitation interval 30 tunnel isatap robustness Use the tunnel isatap robustness Global Configuration mode command to configure the number of DNS query router solicitation refresh messages that the device sends Use the no for...

Page 649: ...ion interval when there is an active ISATAP router is the minimum router lifetime that is received from the ISATAP router divided by Robustness 1 Example The following example sets the number of DNS query router solicitation refresh messages that the device sends to 5 Console config tunnel isatap robustness 5 show ipv6 tunnel Use the show ïpv6 tunnel EXEC mode command to display information on the...

Page 650: ...PRELIMINARY 5 15 12 FOR PROOF ONLY Tunnel protocol NONE Tunnel Local address type auto Tunnel Local Ipv4 address 0 0 0 0 Router DNS name ISATAP Router IPv4 address 0 0 0 0 DNS Query interval 300 seconds Min DNS Query interval 0 seconds Router Solicitation interval 10 seconds Min Router Solicitation interval 0 seconds Robustness 2 ...

Page 651: ... form of this command to disable the DHCP relay agent Syntax ip dhcp relay enable no ip dhcp relay enable Default Configuration DHCP relay features are disabled Command Mode Global Configuration mode Example The following example enables DHCP features on the device Console config ip dhcp relay enable ip dhcp relay enable Interface Use the ip dhcp relay enable Interface Configuration VLAN Ethernet ...

Page 652: ...y before enabling DHCP relay on an interface Example The following example enables DHCP features on VLAN 21 Console config interface vlan 21 Console config if ip dhcp relay enable ip dhcp relay address Global Use the ip dhcp relay address Global Configuration mode command to define the DHCP servers available for the DHCP relay Use the no form of this command to remove servers from the list Syntax ...

Page 653: ...nected to the interface Use the no form of this command to remove the server from the list Syntax ip dhcp relay address ip address no ip dhcp relay address ip address Parameters ip address Specifies the DHCP server IP address Up to 8 servers can be defined Default Configuration No server is defined Command Mode Interface Configuration VLAN Ethernet Port channel mode User Guidelines Use the ip dhcp...

Page 654: ...terface vlan 21 Console config if ip dhcp relay address 176 16 1 1 show ip dhcp relay Use the show ip dhcp relay EXEC mode command to display the server addresses on the DHCP relay Syntax show ip dhcp relay Command Mode EXEC mode Example The following example displays the server addresses on the DHCP relay Console show ip dhcp relay DHCP relay is globally enabled DHCP relay is enabled on VLANs 1 2...

Page 655: ...on Global Configuration command to enable DHCP option 82 data insertion Use the no form of this command to disable DHCP option 82 data insertion Syntax ip dhcp information option no ip dhcp information option Parameters N A Default Configuration DHCP option 82 data insertion is disabled Command Mode Global Configuration mode User Guidelines DHCP option 82 would be enabled only if DHCP snooping or ...

Page 656: ... FOR PROOF ONLY show ip dhcp information option The show ip dhcp information option EXEC mode command displays the DHCP Option 82 configuration Syntax show ip dhcp information option Command Mode EXEC mode Example The following example displays the DHCP Option 82 configuration Console show ip dhcp information option Relay agent Information option is Enabled ...

Page 657: ...Use the no form of this command to disable the DHCP server Syntax ip dhcp server no ip dhcp server Default Configuration The DHCP server is disabled Command Mode Global Configuration mode Example The following example enables the DHCP server on the device Console config ip dhcp server ip dhcp pool host Use the ip dhcp pool host Global Configuration mode command to configure a Dynamic Host Configur...

Page 658: ...During execution of this command the configuration mode changes to the DHCP Pool Configuration mode which is identified by the config dhcp prompt In this mode the administrator can configure host parameters such as the IP subnet number and default router list Example The following example configures Station as the DHCP address pool Console config ip dhcp pool host station Console config dhcp ip dh...

Page 659: ...iguration mode changes to DHCP Pool Network Configuration mode which is identified by the config dhcp prompt In this mode the administrator can configure pool parameters such as the IP subnet number and default router list Example The following example configures Pool1 as the DHCP address pool Console config ip dhcp pool network pool1 Console config dhcp address DHCP Host Use the address DHCP Pool...

Page 660: ...cter string is two hexadecimal digits Bytes are separated by a period or colon For example 01b7 0813 8811 66 hardware address Specifies the MAC address Default Configuration DHCP hosts are not configured Command Mode DHCP Pool Host Configuration mode Example The following example manually binds an IP address to a Dynamic Host Configuration Protocol DHCP client Console config dhcp address 10 12 1 9...

Page 661: ...ast IP address to use in the address range Default Configuration DHCP address pools are not configured If the low address is not specified it defaults to the first IP address in the network If the high address is not specified it defaults to the last IP address in the network Command Mode DHCP Pool Network Configuration mode Example The following example configures the subnet number and mask for a...

Page 662: ... the number of minutes in the lease A days value and an hours value must be supplied before configuring a minutes value infinite Specifies that the duration of the lease is unlimited Default Configuration The default lease duration is 1 day Command Mode DHCP Pool Network Configuration mode Examples The following example shows a 1 day lease Console config dhcp lease 1 The following example shows a ...

Page 663: ...tandard ASCII characters The client name should not include the domain name For example the name Mars should not be specified as mars yahoo com Length 1 32 characters Command Mode DHCP Pool Host Configuration mode Default Coniguration No client name is defined Example The following example defines the string Client1 as the client name Console config dhcp client name client1 default router Use the ...

Page 664: ...address should be on the same subnet as the client subnet Example The following example specifies 10 12 1 99 as the default router IP address Console config dhcp default router 10 12 1 99 dns server Use the dns server DHCP Pool Configuration mode command to configure the Domain Name System DNS IP servers available to a Dynamic Host Configuration Protocol DHCP client Use the no form of this command...

Page 665: ...The following example specifies 10 12 1 99 as the client domain name server IP address Console config dhcp dns server 10 12 1 99 domain name Use the domain name DHCP Pool Configuration mode command to specify the domain name for a Dynamic Host Configuration Protocol DHCP client Use the no form of this command to remove the domain name Syntax domain name domain no domain name Parameters domain Spec...

Page 666: ...e to Microsoft Dynamic Host Configuration Protocol DHCP clients Use the no form of this command to remove the NetBIOS name server list Syntax netbios name server ip address ip address2 ip address8 no netbios name server Parameters ip address Specifies the NetBIOS WINS name server IP address One IP address is required although up to eight addresses can be specified in one command line Command Mode ...

Page 667: ...pe Parameters b node Specifies the Broadcast NetBIOS node type p node Specifies the Peer to peer NetBIOS node type m node Specifies the Mixed NetBIOS node type h node Specifies the Hybrid NetBIOS node type Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode Default Configuration No bios node type is defined Example The following example specifies the client s NetBIO...

Page 668: ...es inbound interface helper addresses as boot servers Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode Example The following example specifies 10 12 1 99 as the IP address of the next server in the boot process Console config dhcp next server 10 12 1 99 next server name Use the next server name DHCP Pool Configuration mode command to configure the next server nam...

Page 669: ...ver com as the name of the next server in the boot process of a DHCP client Console config dhcp next server www bootserver com bootfile Use the bootfile DHCP Pool Configuration mode command to specify the default boot image file name for a Dynamic Host Configuration Protocol DHCP client Use the no form of this command to delete the boot image file name Syntax bootfile filename no bootfile Paramete...

Page 670: ...on Protocol DHCP client Use the no form of this command to remove the time servers list Syntax time server ip address ip address2 ip address8 no time server Parameters ip address Specifies the IP address of a time server One IP address is required although up to eight addresses can be specified in one command line Command Mode DHCP Pool Host Configuration mode DHCP Pool Network Configuration mode ...

Page 671: ...ter strings which contain white space must be delimited by quotation marks hex hex string Specifies dotted hexadecimal data Each byte in hexadecimal character strings is two hexadecimal digits Bytes are separated by a period or colon ip ip address Specifies an IP address ip list Specifies that a list of IP addresses immediately follows the option code ip address1 ip address2 Specifies a list of on...

Page 672: ...ing example configures DHCP option 2 which specifies the offset of the client s subnet in seconds from Coordinated Universal Time UTC A value of 0xE10 in the following example indicates a location 1 hour east of the meridian Console config dhcp option 2 hex 00000E10 The following example configures DHCP option 72 which specifies the World Wide Web servers for DHCP clients World Wide Web servers 17...

Page 673: ...hat all pool addresses can be assigned to clients Use this command to exclude a single IP address or a range of IP addresses Example The following example configures an excluded IP address range from 172 16 1 100 through 172 16 1 199 Console config ip dhcp excluded address 172 16 1 100 172 16 1 199 ip dhcp ping enable Use the ip dhcp ping enable Global Configuration mode command to enable the Dyna...

Page 674: ...e address to a requesting client Console config ip dhcp ping enable ping enable Use the ping enable DHCP Pool Network Configuration mode command to enable the Dynamic Host Configuration Protocol DHCP Server to send ping packets before assigning the address to a requesting client Use the no form of this command to prevent the server from pinging pool addresses Syntax ping enable no ping enable Defa...

Page 675: ...ration Protocol DHCP Server sends to a pool address as part of a ping operation Use the no form of this command to restore the default configuration Syntax ip dhcp ping count number no ip dhcp ping count Parameters number Specifies the number of ping packets that are sent before assigning the address to a requesting client Range 1 10 Default Configuration A Dynamic Host Configuration Protocol DHCP...

Page 676: ...milliseconds no ip dhcp ping timeout Parameters milliseconds Specifies the amount of time in milliseconds that the DHCP server waits for a ping reply before it stops attempting to reach a pool address for client assignment The timeout range is 300 10000 milliseconds Default Configuration The default timeout is 500 milliseconds Command Mode Global Configuration mode User Guidelines This command spe...

Page 677: ...pecifies the binding address to delete from the DHCP database Clears all automatic bindings Command Mode Privileged EXEC mode User Guidelines Typically the address denotes the client IP address If the asterisk character is specified as the address parameter DHCP clears all dynamic bindings Use the no ip dhcp pool Global Configuration mode command to delete a manual binding Example The following ex...

Page 678: ...with 2 retries and 500 milliseconds show ip dhcp excluded addresses The show ip dhcp excluded addresses EXEC mode command displays the excluded addresses Syntax show ip dhcp excluded addresses Command Mode EXEC mode Example The following example displays the excluded addresses Console show ip dhcp excluded addresses The number of excluded addresses ranges is 2 Excluded addresses 10 1 1 212 10 1 1 ...

Page 679: ...he client IP address name Specifies the DHCP pool name Length 1 32 characters Command Mode EXEC mode Example The following example displays the DHCP pool host configuration Console show ip dhcp pool host The number of host pools is 1 Name Station IP Address 172 16 1 11 Hardware Address Client Identifier 01b7 0813 8811 66 Console show ip dhcp pool host station Name Station IP Address 172 16 1 11 Ha...

Page 680: ...ip dhcp pool network name Parameters name Specifies the DHCP pool name Length 1 32 characters Command Mode EXEC mode Example Router show ip dhcp pool network The number of network pools is 2 Name Address range mask Lease Mask 255 255 0 0 Default router 172 16 1 1 Client name client1 DNS server 10 12 1 99 Domain name yahoo com NetBIOS name server 10 12 1 90 NetBIOS node type h node Next server 10 1...

Page 681: ...cs All range Available Free Pre allocated Allocated Expired Declined 162 150 68 50 20 3 9 Default router 10 1 1 1 Ping packets enabled DNS server 10 12 1 99 Domain name yahoo com NetBIOS name server 10 12 1 90 NetBIOS node type h node Next server 10 12 1 99 Next server name 10 12 1 100 Bootfile Bootfile Time server 10 12 1 99 Options Code Value 19 Ox01 show ip dhcp binding Use the show ip dhcp bin...

Page 682: ...ntries is 2 IP address Hardware Address Lease Expiration Type State 1 16 1 11 00a0 9802 32de Feb 01 1998 dynamic allocated 1 16 3 23 02c7 f801 0422 12 00AM dynamic expired 1 16 3 24 02c7 f802 0422 dynamic declined 1 16 3 25 02c7 f803 0422 dynamic pre allocated 1 16 3 26 02c7 f804 0422 dynamic declined Router show ip dhcp binding 1 16 1 11 DHCP server enabled The number of used all types entries is...

Page 683: ...02c7 f802 0422 dynamic declined The following table describes the significant fields shown in the display show ip dhcp server statistics Use the show ip dhcp server statistics EXEC command to display Dynamic Host Configuration Protocol DHCP Server statistics Syntax show ip dhcp server statistics Command Mode EXEC mode Field Description IP address The host IP address as recorded on the DHCP Server ...

Page 684: ...allocated entries is 3 The number of static entries is 1 The number of dynamic entries is 1 The number of automatic entries is 1 The number of expired entries is 1 The number of declined entries is 2 show ip dhcp allocated Use the show ip dhcp allocated EXEC mode command to display the specific one or all the allocated address on the Dynamic Host Configuration Protocol DHCP Server Syntax show ip d...

Page 685: ...72 16 3 253 02c7 f800 0422 Infinite Automatic 172 16 3 254 02c7 f800 0422 Infinite Static Router show ip dhcp allocated 172 16 1 11 DHCP server enabled The number of allocated entries is 2 The number of static entries is 0 The number of dynamic entries is 2 IP address Hardware address Lease expiration Type 172 16 1 11 00a0 9802 32de Feb 01 1998 12 00 AM Dynamic Router show ip dhcp allocated 172 16...

Page 686: ...rver Syntax show ip dhcp declined ip address Parameters ip address Specifies the IP address Command Mode EXEC mode Example Router show ip dhcp declined DHCP server enabled IP address Hardware address 172 16 1 11 00a0 9802 32de 172 16 3 254 02c7 f800 0422 Router show ip dhcp declined 172 16 1 11 DHCP server enabled Field Description IP address The host IP address as recorded on the DHCP Server Hard...

Page 687: ...address The MAC address or client identifier of the host as recorded on the DHCP Server show ip dhcp expired Use the show ip dhcp expired EXEC command to display the specific one or all the expired addresses on the Dynamic Host Configuration Protocol DHCP server Syntax show ip dhcp expired ip address Parameters ip address Specifies the IP Command Mode EXEC mode Example Router show ip dhcp expired ...

Page 688: ...ress or client identifier of the host as recorded on the DHCP Server show ip dhcp pre allocated Use the show ip dhcp pre allocated EXEC command to display the specific one or all the pre allocated addresses on the Dynamic Host Configuration Protocol DHCP server Syntax show ip dhcp pre allocated ip address Parameters ip address Specifies the IP Command Mode EXEC mode Examples Router show ip dhcp pr...

Page 689: ...ELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY IP address Hardware address 172 16 1 1500a0 9802 32de 172 16 1 16 show ip dhcp declined Field Descriptions IP address The IP address of the host as recorded on the DHCP Server Hardware address The MAC address or client identifier of the host as recorded on the DHCP Server ...

Page 690: ...690 DHCP Server Commands FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files DCHP_Server fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY ...

Page 691: ... route no ip route prefix mask prefix length ip address Parameters prefix Specifies the IP address that is the IP route prefix for the destination IP mask Specifies the network subnet mask of the IP address prefix prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 0 32 ip address Specifies the IP address or IP ...

Page 692: ...31 16 1 1 Console config ip route 172 16 0 0 16 131 16 1 1 ip routing Use the ip routing Global Configuration mode command to enable IPv4 Routing Use the no format of the command to disable IPv4 Routing Syntax ip routing no ip routing Default Configuration Enabled by default Command Mode Global Configuration mode Default Configuration No routing is defined show ip route Use the show ip route EXEC ...

Page 693: ...P address prefix The prefix length must be preceded by a forward slash Range 1 32 longer prefixes Specifies that the address and mask pair becomes a prefix and any routes that match that prefix are displayed Command Mode EXEC mode Example The following example displays the current routing table state Console show ip route console show ip route Maximum Parallel Paths 1 1 after reset IP Forwarding e...

Page 694: ...1 1 32 5 3 via 10 0 3 1 19 51 18 Ethernet1 The following table describes the significant fields shown in the display Field Description O The protocol that derived the route 10 8 1 0 24 The remote network address 30 2000 The first number in the brackets is the administrative distance of the information source the second number is the metric for the route via 10 0 1 2 The address of the next router ...

Page 695: ...Use the no form of this command to remove the access list Syntax ip access list extended access list name no ip access list extended access list name Parameters access list name Name of the IPv4 access list access list name 0 32 characters Use for empty string Default No IPv4 access list is defined Command Mode Global Configuration mode User Guidelines IPv4 ACL is defined by a unique name IPv4 ACL...

Page 696: ...tination destination wildcard any destination port port range dscp number precedence number match all list of flags time range time range name permit udp any source source wildcard any source port port range any destination destination wildcard any destination port port range dscp number precedence number match all time range name time range time range name Parameters protocol The name or the numb...

Page 697: ...ery host report dvmrp pim cisco trace host report v2 host leave v2 host report v3 Range 0 255 destination port Specifies the UDP TCP destination port You can enter range of ports by using hyphen E g 20 21 For TCP enter a number or one of the following values bgp 179 chargen 19 daytime 13 discard 9 domain 53 drip 3949 echo 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 irc 194 klogin 543 kshe...

Page 698: ...re no matches the packets are denied However before the first ACE is added the list permits all packets The number of TCP UDP ranges that can be defined in ACLs is limited You can define up to ASIC specific ranges for TCP and up to ASIC specific ranges for UDP If a range of ports is used for source port in ACE it would be not be counted again if it is also used for source port in another ACE If a ...

Page 699: ... range any destination destination wildcard any destination port port range dscp number precedence number match all time range name time range time range name disable port log input Parameters protocol The name or the number of an IP protocol Available protocol names icmp igmp ip tcp egp igp udp hmp rdp idpr ipv6 ipv6 rout ipv6 frag idrp rsvp gre esp ah ipv6 icmp eigrp ospf ipinip pim l2tp isis To...

Page 700: ...ain 53 drip 3949 echo 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 irc 194 klogin 543 kshell 544 lpd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpc 1110 syslog 514 tacacs ds 49 talk 517 telnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpc 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 nameserver 42 netbios dgm 138 n...

Page 701: ... access control entry ACE is added to an access control list an implied deny any any condition exists at the end of the list That is if there are no matches the packets are denied However before the first ACE is added the list permits all packets The number of TCP UDP ranges that can be defined in ACLs is limited You can define up to ASIC specific ranges for TCP and up to ASIC specific ranges for ...

Page 702: ...l Configuration mode User Guidelines IPv6 ACL is defined by a unique name IPv4 ACL IPv6 ACL MAC ACL or Policy Map cannot have the same name Every IPv6 ACL has implicit permit icmp any any nd ns any permit icmp any any nd na any and deny ipv6 any any statements as its last match conditions The former two match conditions allow for ICMPv6 neighbor discovery The IPv6 neighbor discovery process makes ...

Page 703: ...nge dscp number precedence number match all list of flags time range time range name permit udp any source prefix length any source port port range any destination prefix length any destination port port range dscp number precedence number time range time range name Parameters protocol The name or the number of an IP protocol Available protocol names are icmp 58 tcp 6 and udp 17 To match any proto...

Page 704: ... 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 irc 194 klogin 543 kshell 544 lpd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpc 1110 syslog 514 tacacs ds 49 talk 517 telnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpc 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 nameserver 42 netbios dgm 138 netbios ns 137 non500 ...

Page 705: ...ts is used for source port it would be counted again if it is also used for destination port Example console config ipv6 access list server console config ipv6 al permit tcp 3001 2 64 any any 80 deny IPv6 Use the deny command in IPv6 access list configuration mode to set permit conditions for IPv6 access list Syntax deny protocol any source prefix length any destination prefix length dscp number p...

Page 706: ...using 16 bit values between colons dscp number Specifies the DSCP value Range 0 63 precedence number Specifies the IP precedence value icmp type Specifies an ICMP message type for filtering ICMP packets Enter a number or one of the following values destination unreachable 1 packet too big 2 time exceeded 3 parameter problem 4 echo request 128 echo reply 129 mld query 130 mld report 131 mldv2 repor...

Page 707: ...ce would be disabled if the condition is matched log input Specifies to send an informational syslog message about the packet that matches the entry Because forwarding is done in hardware and logging is done in software if a large number of packets match a deny ACE containing a log input keyword the software might not be able to match the hardware processing rate and not all packets will be logged...

Page 708: ...this command to remove the access list Syntax mac access list extended access list name no mac access list extended access list name Parameters access list name Specifies the name of the MAC access list Range access list name0 32 characters use for empty string Default No MAC access list is defined Command Mode Global Configuration mode User Guidelines MAC ACL is defined by a unique name IPv4 ACL ...

Page 709: ...1s in the bit position that you want to be ignored eth type The Ethernet type in hexadecimal format of the packet vlan id The VLAN ID of the packet Range 1 4094 cos The Class of Service of the packet Range 0 7 cos wildcard Wildcard bits to be applied to the CoS time range name Name of the time range that applies to this permit statement Range 1 32 Default No MAC access list is defined Command Mode...

Page 710: ...uidelines Range acl name0 32 characters Use for empty string Default No ACL is assigned Command Mode Interface Configuration Ethernet Port Channel mode Interface Configuration Ethernet VLAN Port Channel mode User Guidelines IPv4 ACL and IPv6 ACL can be bound together to an interface MAC ACL cannot be bound on an interface with IPv4 ACL or IPv6 ACL Two ACLs of the same type can t be added to a port...

Page 711: ...o the interface See the Usage Guidelines Range acl name 32 characters Use for empty string Default No ACL is assigned Command Mode Interface Configuration Ethernet Port Channel mode Interface Configuration Ethernet VLAN Port Channel mode User Guidelines The deny rule actions log input and disable port are not supported Trying to use these actions will result in an error IPv4 ACLs and IPv6 ACLs can...

Page 712: ...protocol6 no service acl input Parameters protocol Specifies a protocol to filter Available values are blockcdp blockvtp blockdtp blockudld blockpagp blocksstp and blockall Default Configuration No protocol is defined Command Mode Interface Configuration Ethernet Port Channel mode User Guidelines If you want to define multiple protocols on the same interface those protocols should be defined in th...

Page 713: ...ervice acl input blockcdp blockvtp time range use the time range global configuration mode command to enable time range configuration mode and define time ranges for functions such as access lists Use the no form of this command To remove the time range configuration Syntax time range time range name no time range time range name Parameters time range name Specifies the name for the time range Ran...

Page 714: ...All time specifications are interpreted as local time To ensure that the time range entries take effect at the desired times the software clock should be set by the user or by SNTP If the software clock is not set by the user or by SNTP the time range ACEs are not activated The user cannot delete a time range that is bounded to an ACE or to any other feature Example Console config time range http ...

Page 715: ...23 mm 0 5 day Day by date in the month Range 1 31 month Month first three letters by name Range Jan Dec year Year no abbreviation Range 2000 2097 Default There is no absolute time when the time range is in effect Command Mode Time range Configuration mode periodic Use the periodic Time range Configuration mode command to specify a recurring weekly time range for functions that support the time ran...

Page 716: ...in effect The second occurrence is the ending hours minutes military format the associated statement is in effect The second occurrence can be at the following day see description in the User Guidelines Range 0 23 mm 0 59 list day of the week1 Specifies a list of days that the time range is in effect Default There is no periodic time when the time range is in effect Command Mode Time range Configu...

Page 717: ...riday 20 00 show access lists Use the show access lists Privileged EXEC mode command to display access control lists ACLs configured on the switch Syntax show access lists name access list number show access lists time range active name Parameters name Specifies the name of the ACL access list number Specifies the number of the IP standard ACL list time range active Shows only the Access Control E...

Page 718: ...tandard IP access list 4 permit 0 0 0 0 permit 192 168 0 2 wildcard bits 0 0 0 255 Extended IP access list ACL1 permit 234 172 30 40 1 0 0 0 0 any permit 234 172 30 8 8 0 0 0 0 any Extended IP access list ACL2 permit 234 172 30 19 1 0 0 0 255 any time range weekdays permit 234 172 30 23 8 0 0 0 255 any time range weekends Switch show access lists time range active Extended IP access list ACL1 perm...

Page 719: ...n interface ID The interface ID can be one of the following types Ethernet port Port channel or VLAN Command Mode Privileged EXEC mode Example Console show interfaces access lists Interface ACL gi1 0 1 Ingress ip ipv6 Egress mac gi1 0 4 Egress mac gi1 0 5 Ingress ip clear access lists counters Use The Clear Access lists Counters Privileged EXEC mode command to clear access lists counters Syntax cl...

Page 720: ...nterface port channel port channel number Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode User Guidelines The counter of deny ACE hits counts only ACEs with the log input keyword Because forwarding is done in hardware and counting is done in software if a large number of packets mat...

Page 721: ...ON C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files ACL fm DELL CONFIDENTIAL PRELIMINARY 2012 FOR PROOF ONLY gi1 0 3 0 Number of hits that were counted in global counter due to lack of resources 19 ...

Page 722: ...722 FILE LOCATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files ACL fm DELL CONFIDENTIAL PRELIMINARY 2012 FOR PROOF ONLY ...

Page 723: ...he no form of this command to disable QoS on the device Syntax qos basic advanced no qos Parameters basic QoS basic mode If no option is specified the QoS mode defaults to the basic mode advanced Specifies the QoS advanced mode which enables the full range of QoS configuration Default Configuration If the qos command is entered without any parameters the QoS basic mode is enabled Command Mode Glob...

Page 724: ...tax show qos Parameters This command has no arguments or keywords Default Configuration Disabled Command Mode Command Mode EXEC mode User Guidelines Trust mode is displayed if QoS is enabled in basic mode Example The following example displays QoS attributes when QoS is enabled in basic mode on the device and the advanced mode is supported Console show qos Qos basic Basic trust dscp The following ...

Page 725: ... map All match criteria in this class map must be matched match any Performs a logical OR of all the matching statements under this class map One or more match criteria in this class map must be matched Default Configuration If neither match all nor match any is specified the match all parameter is selected by default Command Mode Global Configuration mode User Guidelines The class map Global Conf...

Page 726: ...er entering the Quality of Service QoS Class map Configuration mode the following configuration commands are available exit Exits the QoS Class map Configuration mode match Configures classification criteria no Removes a match statement from a class map Example The following example creates a class map called Class1 and configures it to check that packets match all classification criteria in the c...

Page 727: ...ch access group acl name no match access group acl name Parameters acl name Specifies the MAC or IP Access Control List ACL name Default Configuration No match criterion is supported Command Mode Class map Configuration mode Example The following example defines the match criterion for classifying traffic as an access group called Enterprise in a class map called Class1 Console config class map cl...

Page 728: ... created added to or modified before configuring policies for classes whose match criteria are defined in a class map Entering the policy map Global Configuration mode command also enables configuring or modifying the class policies for that policy map Class policies in a policy map can be configured only if the classes have match criteria defined for them Use the class map Global Configuration mo...

Page 729: ...trol List ACL Default Configuration No class map is defined for the policy map Command Mode Policy map Configuration mode User Guidelines Use the policy map Global Configuration mode command to identify the policy map and to enter the Policy map Configuration mode before using the class command After specifying a policy map a policy for new classes can be configured or a policy for any existing cl...

Page 730: ...map policy1 Console config pmap class class1 access group enterprise show policy map Use the show policy map EXEC mode command to display all policy maps or a specific policy map Syntax show policy map policy map name Parameters policy map name Specifies the policy map name Command Mode EXEC mode Example The following example displays all policy maps Console show policy map Policy Map policy1 clas...

Page 731: ...ers the default mode is dscp Command Mode Policy map Class Configuration mode User Guidelines Use this command to distinguish the Quality of Service QoS trust behavior for certain traffic from others For example incoming traffic with certain DSCP values can be trusted A class map can be configured to match and trust the DSCP values in the incoming traffic Trust values set with this command superse...

Page 732: ...p Example The following example creates an ACL places it into a class map places the class map into a policy map and configures the trust state using the DSCP value in the ingress packet console config mac access list extended m1 console config mac al permit any any console config mac al exit console config class map c1 console config cmap match access group m1 console config cmap exit console con...

Page 733: ...an egress interface using the Service policy Interface Configuration mode command To return to the Policy map Configuration mode use the exit command To return to the Privileged EXEC mode use the end command Example The following example creates an ACL places it into a class map places the class map into a policy map and sets the DSCP value in the packet to 56 for classes in policy map called p1 c...

Page 734: ...ssible values are drop Drops the packet policed dscp transmit Remarks the packet DSCP according to the policed DSCP map as configured by the qos map policed dscp Global Configuration mode command Command Mode Policy map Class Configuration mode User Guidelines Policing uses a token bucket algorithm CIR represents the speed with which the token is removed from the bucket CBS represents the depth of...

Page 735: ... policy map name to apply to the input interface Length 1 32 characters Command Mode Interface Configuration Ethernet VLAN Port channel mode User Guidelines Only one policy map per interface per direction is supported Example The following example attaches a policy map called Policy1 to the input interface Console config if service policy input policy1 qos aggregate policer Use the qos aggregate p...

Page 736: ...ration No aggregate policer is defined Command Mode Global Configuration mode User Guidelines Define an aggregate policer if the policer is shared with multiple classes Policers in one port cannot be shared with other policers in another device Traffic from two different ports can be aggregated for policing purposes An aggregate policer can be applied to multiple classes in the same policy map An ...

Page 737: ...000 9600 exceed action drop show qos aggregate policer Use the show qos aggregate policer EXEC mode command to display the aggregate policer parameter Syntax show qos aggregate policer aggregate policer name Parameters aggregate policer name Specifies the aggregate policer name Command Mode EXEC mode Example The following example displays the parameters of the aggregate policer called Policer1 Con...

Page 738: ...e classes in the same policy map An aggregate policer cannot be applied across multiple policy maps or interfaces Use the exit command to return to the Policy map Configuration mode Use the end command to return to the Privileged EXEC mode Example The following example applies the aggregate policer called Policer1 to a class called Class1 in a policy map called Policy1 Console config policy map po...

Page 739: ...ed to queue 3 CoS value 1 is mapped to queue 1 CoS value 2 is mapped to queue 2 CoS value 3 is mapped to queue 4 CoS value 4 is mapped to queue 5 CoS value 5 is mapped to queue 6 CoS value 6 is mapped to queue 7 CoS value 7 is mapped to queue 8 Command Mode Global Configuration mode User Guidelines Use this command to distribute traffic to different queues where each queue is configured with diffe...

Page 740: ... Configuration wrr is disabled by default The default wrr weight is 1 for all queues Command Mode Global Configuration mode User Guidelines The ratio for each queue is defined as the queue weight divided by the sum of all queue weights the normalized weight This sets the bandwidth allocation of each queue A weight of 0 indicates that no bandwidth is allocated for the same queue and the shared band...

Page 741: ...um of queues number of queues no priority queue out num of queues Parameters number of queues Specifies the number of expedite queues Expedite queues have higher indexes Range 0 8 If number of queues 0 all queues are assured forwarding If number of queues 8 all queues are expedited Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines While con...

Page 742: ... the shaper Syntax traffic shape committed rate committed burst no traffic shape Parameters committed rate Specifies the average traffic rate CIR in kbits per second kbps Range GE 64kbps maximum port speed 10GE 64Kbps maximum port speed committed burst Specifies the excess burst size CBS in bytes Range 4KB 16MB Default Configuration The shaper is disabled Command Mode Interface Configuration Ether...

Page 743: ...affic shape queue queue id Parameters queue id Specifies the queue number to which the shaper is assigned committed rate Specifies the average traffic rate CIR in kbits per second kbps Range 64 kbps maximum port speed committed burst Specifies the excess burst size CBS in bytes Range 4 KB 16 MB Default Configuration The shaper is disabled Command Mode Interface Configuration Ethernet Port channel ...

Page 744: ...s rate Specifies the maximum number of kilobits per second of ingress traffic on a port The range is 3 10000000 burst bytes The burst size in bytes 3000 19173960 If unspecified defaults to 128K Default Configuration Rate limiting is disabled Command Mode Interface Configuration Ethernet mode User Guidelines Example The following example limits the incoming traffic rate on gigabitethernet port 1 0 ...

Page 745: ...ity of Service QoS information on the interface Syntax show qos interface buffers queueing policers shapers rate limit interface id Parameters buffers Displays the buffer settings for the interface s queues For GE ports displays the queue depth for each of the 8 queues queueing Displays the queue s strategy WRR or EF the weight for WRR queues the CoS to queue map and the EF priority policers Displ...

Page 746: ...If no parameter is specified with the show qos interface command the port QoS mode DSCP trusted CoS trusted untrusted and so on default CoS value DSCP to DSCP map if any attached to the port and policy map if any attached to the interface are displayed If a specific interface is not specified the information for all interfaces is displayed Example This is an example of the output from the show qos...

Page 747: ...om the show qos interface shapers command for 8 queues Console show qos interface shapers gi1 0 1 gigabitethernet 1 0 1 Port shaper enable Committed rate 192000 bps Committed burst 9600 bytes QID 1 2 3 4 5 6 7 8 Status Enable Disable Enable Disable Disable Disable Enable Enable Target Committed Rate bps 100000 N A 200000 N A N A N A 178000 23000 Target Committed Burst bytes 17000 N A 19000 N A N A...

Page 748: ... Configuration mode command to assign queue thresholds globally Use the no form of this command to restore the default configuration Console show qos interface policer gi1 0 1 Ethernet gi1 0 1 Class map A Policer type aggregate Commited rate 192000 bps Commited burst 9600 bytes Exceed action policed dscp transmit Class map B Policer type single Commited rate 192000 bps Commited burst 9600 bytes Ex...

Page 749: ...ecifies the queue threshold percentage value Default Configuration The default threshold is 80 percent Command Mode Global Configuration mode User Guidelines If the threshold is exceeded packets with the corresponding DP are dropped until the threshold is no longer exceeded Example The following example assigns a threshold of 80 percent to WRR queue 1 Console config qos wrr queue threshold gigabit...

Page 750: ...CP value Command Mode Global Configuration mode Example The following example marks incoming DSCP value 3 as DSCP value 43 on the policed DSCP map Console config qos map policed dscp 3 to 43 Reserved DSCP DSCP 3 was not configured qos map dscp queue Use the qos map dscp queue Global Configuration mode command to configure the DSCP to CoS map Use the no form of this command to restore the default c...

Page 751: ...p dscp dp Use the qos map dscp dp Global Configuration mode command to map the DSCP to Drop Precedence Use the no form of this command to restore the default configuration Syntax qos map dscp dp dscp list to dp no qos map dscp dp dscp list Parameters dscp list Specifies up to 8 DSCP values with values separated by a space Range 0 63 dp Specifies the Drop Precedence value to which the DSCP values a...

Page 752: ...this command to return to the default configuration Syntax qos trust cos dscp no qos trust Parameters cos Specifies that ingress packets are classified with packet CoS values Untagged packets are classified with the default port CoS value dscp Specifies that ingress packets are classified with packet DSCP values Default Configuration CoS is the default trust mode Command Mode Global Configuration ...

Page 753: ... configured with trust CoS the traffic is mapped to the queue by the CoS queue map Example The following example configures the system to the DSCP trust state Console config qos trust dscp qos trust Interface Use the qos trust Interface Configuration Ethernet Port channel mode command to enable each port trust state while the system is in the basic QoS mode Use the no form of this command to disab...

Page 754: ...default cos no qos cos Parameters default cos Specifies the default CoS value of the port If the port is trusted and the packet is untagged then the default CoS value become the CoS value Range 0 7 Default Configuration The default CoS value of a port is 0 Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Use the default CoS value to assign a CoS value to all untagged...

Page 755: ...mains have different DSCP definitions use the DSCP to DSCP mutation map to translate a set of DSCP values to match the definition of another domain Apply the map to ingress and to DSCP trusted ports only Applying this map to a port causes IP packets to be rewritten with newly mapped DSCP values at the ingress ports If applying the DSCP mutation map to an untrusted port to class of service CoS or t...

Page 756: ...0 63 Default Configuration The default map is the Null map which means that each incoming DSCP value is mapped to the same DSCP value Command Mode Global Configuration mode User Guidelines This is the only map that is not globally configured It is possible to have several maps and assign each one to a different port Example The following example changes DSCP values 1 2 4 5 and 6 to DSCP Mutation M...

Page 757: ...The following example displays the QoS mapping information The following table appears Console show qos map Dscp queue map d1 0 1 2 3 4 5 6 d2 0 01 02 03 04 06 07 08 1 01 02 03 04 06 07 08 2 01 02 03 05 06 07 08 3 01 02 03 05 06 07 08 4 01 02 04 05 06 07 5 01 02 04 05 06 07 6 01 03 04 05 06 08 7 01 03 04 05 06 08 8 02 03 04 05 07 08 9 02 03 04 05 07 08 Dscp DP map d1 0 1 2 3 4 5 6 d2 00 00 00 00 0...

Page 758: ...clear qos statistics Command Mode EXEC mode Policed dscp map d1 0 1 2 3 4 5 6 d2 0 00 10 20 30 40 50 60 1 01 11 21 31 41 51 61 2 02 12 22 32 42 52 62 3 03 13 23 33 43 53 63 4 04 14 24 34 44 54 5 05 15 25 35 45 55 6 06 16 26 36 46 56 7 07 17 27 37 47 57 8 08 18 28 38 48 58 9 09 19 29 39 49 59 Dscp dscp mutation map d1 0 1 2 3 4 5 6 d2 0 00 10 20 30 40 50 60 1 01 11 21 31 41 51 61 2 02 12 22 32 42 5...

Page 759: ...counting in profile and out of profile Use the no form of this command to disable counting Syntax qos statistics policer policy map name class map name no qos statistics policer policy map name class map name Parameters policy map name Specifies the policy map name class map name Specifies the class map name Default Configuration Counting in profile and out of profile is disabled Command Mode Inte...

Page 760: ...ggregate policer aggregate policer name Parameters aggregate policer name Specifies the aggregate policer name Default Configuration Counting in profile and out of profile is disabled Command Mode Global Configuration mode Example The following example enables counting in profile and out of profile on the interface Console config qos statistics aggregate policer policer1 qos statistics queues Use ...

Page 761: ... available values are high low Default Configuration Set 1 All interfaces all queues high DP Set 2 All interfaces all queues low DP Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables QoS statistics for output queues for counter set 1 Console config qos statistics queues 1 all all all show qos statistics Use the...

Page 762: ... the qos statistics queues Global Configuration mode command to enable QoS statistics for output queues Example The following example displays Quality of Service statistical information Console show qos statistics Policers Interface gi1 0 1 gi1 0 1 gi1 0 2 gi1 0 2 Policy map Policy1 Policy1 Policy1 Policy1 Class Map Class1 Class2 Class1 Class2 In profile bytes 7564575 8759 746587458 5326 Out of pr...

Page 763: ...ATION C Users gina Desktop Checkout_new CLI Folders Dell Contax CLI files QoS fm DELL CONFIDENTIAL PRELIMINARY 5 15 12 FOR PROOF ONLY Output Queues Interface gi1 0 1 gi1 0 2 Queue 2 All DP High High Total packets 799921 5387326 TD packets 1 2 0 2 ...

Search results

Summary of Contents for PowerConnect PC5524

Reviews:

Related manuals for PowerConnect PC5524

Brands by name

Popular brands

Dell PowerConnect PC5524, Reference Manual

Search results

Summary of Contents for PowerConnect PC5524

Reviews:

Related manuals for PowerConnect PC5524

Brands by name

Popular brands