Netgear Prosafe Gsm7228Ps Gigabit Stackable Ethernet Switch 100Nas Users Manual Managed Command Line Interface (CLI) User
ProSafe GSM7328Sv2 cli
GSM7228PS-100NAS to the manual ab8a6cc8-01e3-4e0f-ba08-c134f5f17be2
2015-01-24
: Netgear Netgear-Prosafe-Gsm7228Ps-Gigabit-Stackable-Ethernet-Switch-Gsm7228Ps-100Nas-Users-Manual-332363 netgear-prosafe-gsm7228ps-gigabit-stackable-ethernet-switch-gsm7228ps-100nas-users-manual-332363 netgear pdf
Open the PDF directly: View PDF 
.
Page Count: 799
| Download | |
| Open PDF In Browser | View PDF |
ProSafe Managed Switch Command Line Interface (CLI) User Manual 10.0 GSM7328Sv2 GSM7352Sv2 GSM7228PS GSM7252PS M5300-28G3 M5300-52G3 M5300-28G-POE+ M5300-52G-POE+ M5300-28GF3 M5300-28G M5300-52G 350 East Plumeria Drive San Jose, CA 95134 USA November 2012 202-11054-02 1.0 ProSafe Managed Switch © 2012 NETGEAR, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NETGEAR, Inc. Technical Support Thank you for choosing NETGEAR. To register your product, get the latest product updates, or get support online, visit us at http://support.netgear.com. Phone (US & Canada only): 1-888-NETGEAR Phone (Other Countries): See Support information card. Trademarks NETGEAR, the NETGEAR logo, ReadyNAS, ProSafe, Smart Wizard, Auto Uplink, X-RAID2, and NeoTV are trademarks or registered trademarks of NETGEAR, Inc. Microsoft, Windows, Windows NT, and Vista are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Statement of Conditions To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use, or application of, the product(s) or circuit layout(s) described herein. Revision History Publication Part Number Version Publish Date Comments 202-11054-02 1.0 November 2012 Added mixed stacking commands. 202-11054-01 1.0 August 2012 Replaced the private group commands with private VLAN commands, replaced the Auto-Voice over IP Commands chapter, and added iSCSI commands. 202-10936-02 1.0 January 2012 Added clear event log, ip local-proxy-arp, and spanning-tree auto-edge. Removed poe reset auto. 202-10936-01 1.0 November 2011 Added PoE and MVR mode features. 202-10515-05 1.1 June 2011 Added DHCPv6 and DHCPv6 mode features. 202-10515-04 1.0 November 2010 New document template. 202-10515-03 v 1.0 June 2010 Move some content to the Software Setup Guide. 202-10515-02 Software release 8.0.2: new firmware with DHCP L3 Relay, color conform policy, DHCP server in dynamic mode, and configuring a stacking port as an Ethernet port. 202-10515-01 Original publication. 2 Contents Chapter 1 Using the Command-Line Interface Licensing and Command Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Command Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Common Parameter Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Unit/Slot/Port Naming Convention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Using a Command’s “No” Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Managed Switch Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Command Completion and Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . 17 CLI Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 CLI Line-Editing Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Using CLI Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Accessing the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Chapter 2 Stacking Commands Dedicated Port Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Stacking Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Non-Stop Forwarding Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Stack Firmware Synchronization Commands. . . . . . . . . . . . . . . . . . . . . . . 35 Chapter 3 Switching Commands Port Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Loopback Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Spanning Tree Protocol (STP) Commands . . . . . . . . . . . . . . . . . . . . . . . . 47 VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Double VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Voice VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Provisioning (IEEE 802.1p) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Protected Ports Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Private Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Private VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 GARP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 GVRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 GMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Port-Based Network Access Control Commands. . . . . . . . . . . . . . . . . . . . 96 802.1X Supplicant Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Storm-Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Flow Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 3 ProSafe Managed Switch Port-Channel/LAG (802.3ad) Commands . . . . . . . . . . . . . . . . . . . . . . . . 123 Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Static MAC Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 DHCP L2 Relay Agent Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 DHCP Client Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 DHCP Snooping Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . 150 Dynamic ARP Inspection Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 IGMP Snooping Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . 166 IGMP Snooping Querier Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 MLD Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 MLD Snooping Querier Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 set mld querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 set mld querier query_interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 set mld querier timer expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 set mld querier election participate. . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 show mldsnooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 LLDP (802.1AB) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 LLDP-MED Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Denial of Service Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 MAC Database Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 ISDP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 Priority-Based Flow Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . 229 Chapter 4 Multicast VLAN Registration (MVR) About MVR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 MVR Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Chapter 5 Routing Commands Address Resolution Protocol (ARP) Commands . . . . . . . . . . . . . . . . . . . 240 IP Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Router Discovery Protocol Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Virtual LAN Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Virtual Router Redundancy Protocol Commands. . . . . . . . . . . . . . . . . . . 267 DHCP and BOOTP Relay Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 IP Helper Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Open Shortest Path First (OSPF) Commands . . . . . . . . . . . . . . . . . . . . . 282 OSPF Graceful Restart Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322 nsf. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 nsf restart-interval. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 nsf helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324 nsf helper disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 nsf [ietf] helper strict-lsa-checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 OSPF Interface Flap Dampening Commands . . . . . . . . . . . . . . . . . . . . . 327 Routing Information Protocol (RIP) Commands . . . . . . . . . . . . . . . . . . . . 329 ICMP Throttling Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336 4 ProSafe Managed Switch Chapter 6 IP Multicast Commands Multicast Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339 DVMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344 PIM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Internet Group Message Protocol (IGMP) Commands. . . . . . . . . . . . . . .360 IGMP Proxy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367 Chapter 7 IPv6 Commands Tunnel Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373 IPv6 Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375 OSPFv3 Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .398 OSPFv3 Graceful Restart Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .429 DHCPv6 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431 Chapter 8 IPv6 Multicast Commands IPv6 Multicast Forwarder Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .439 IPv6 PIM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442 IPv6 MLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .449 IPv6 MLD-Proxy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455 Chapter 9 Quality of Service (QoS) Commands Class of Service (CoS) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461 Differentiated Services (DiffServ) Commands . . . . . . . . . . . . . . . . . . . . .469 DiffServ Class Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470 DiffServ Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479 DiffServ Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484 DiffServ Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485 MAC Access Control List (ACL) Commands . . . . . . . . . . . . . . . . . . . . . .491 IP Access Control List (ACL) Commands. . . . . . . . . . . . . . . . . . . . . . . . .495 IPv6 Access Control List (ACL) Commands. . . . . . . . . . . . . . . . . . . . . . .502 Time Range Commands for Time-Based ACLs . . . . . . . . . . . . . . . . . . . .506 AutoVOIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508 iSCSI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Chapter 10 Power over Ethernet (PoE) Commands About PoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518 PoE Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519 Chapter 11 Utility Commands Auto Install Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530 Dual Image Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .532 System Information and Statistics Commands. . . . . . . . . . . . . . . . . . . . .534 Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .550 Email Alerting and Mail Server Commands . . . . . . . . . . . . . . . . . . . . . . .556 5 ProSafe Managed Switch System Utility and Clear Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562 Simple Network Time Protocol (SNTP) Commands. . . . . . . . . . . . . . . . . 572 DHCP Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579 DNS Client Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591 Packet Capture Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595 Serviceability Packet Tracing Commands . . . . . . . . . . . . . . . . . . . . . . . . 598 Cable Test Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617 sFlow Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617 Software License Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622 IP Address Conflict Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623 Link Local Protocol Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . 624 RMON Stats and History Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . 625 UDLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631 Chapter 12 Management Commands Configuring the Switch Management CPU. . . . . . . . . . . . . . . . . . . . . . . . 636 Network Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638 Console Port Access Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641 Telnet Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643 Secure Shell (SSH) Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648 Management Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651 Hypertext Transfer Protocol (HTTP) Commands . . . . . . . . . . . . . . . . . . . 652 Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659 User Account Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659 SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683 RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 694 TACACS+ Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706 Configuration Scripting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711 Pre-Login Banner and System Prompt Commands . . . . . . . . . . . . . . . . . 713 Switch Database Management (SDM) Templates . . . . . . . . . . . . . . . . . . 714 IPv6 Management Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716 Chapter 13 Log Messages Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722 Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 726 Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 730 QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736 Routing/IPv6 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737 Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740 Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742 Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 743 O/S Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745 Chapter 14 Captive Portal Commands Captive Portal Global Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747 6 ProSafe Managed Switch Captive Portal Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . .751 Captive Portal Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .757 Captive Portal Client Connection Commands . . . . . . . . . . . . . . . . . . . . .761 Captive Portal Interface Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . .765 Captive Portal Local User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .766 Captive Portal User Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . .772 Chapter 15 Command List Index 7 1. Using the Command-Line Interface 1 The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH. This chapter describes the CLI syntax, conventions, and modes. It contains the following sections: • Licensing and Command Support • Command Syntax • Command Conventions • Common Parameter Values • Unit/Slot/Port Naming Convention • Using a Command’s “No” Form • Managed Switch Modules • Command Modes • Command Completion and Abbreviation • CLI Error Messages • CLI Line-Editing Conventions • Using CLI Help • Accessing the CLI Licensing and Command Support As shown in the following table, some command groups or commands require a license and some are supported on particular switch models. For those requiring a license, license keys are available from your VAR or NETGEAR authorized e-commerce portal. License activation is described in the Software Setup Manual. 8 ProSafe Managed Switch Command Group or Command M5300-28G-POE+ M5300-28G M5300-52G-POE+ M5300-52G M5300-28G3 M5300-52G3 M5300-28GF3 GSM7328Sv2 GSM7352Sv2 GSM7228PS GSM7252PS Stacking Commands Supported Supported Supported Supported Supported Non-Stop Forwarding Commands Supported Supported Supported Supported Supported Stack Firmware Synchronization Commands Supported Supported Supported Supported Supported Router Discovery Protocol Commands Require license Require license Supported Supported Require license Virtual Router Redundancy Protocol Commands Require license Require license Supported Supported Require license Open Shortest Path First (OSPF) Commands Require license Require license Supported Supported Require license OSPF Graceful Restart Commands Require license Require license Supported Supported Require license Routing Information Protocol (RIP) Commands Require license Require license Supported Supported Require license Tunnel Interface Commands Require license Require license Supported Supported Require license IPv6 Routing Commands Require license Require license Supported Supported Require license OSPFv3 Commands Require license Require license Supported Supported Require license OSPFv3 Graceful Restart Commands Require license Require license Supported Supported Require license DHCPv6 Commands Require license Require license Supported Supported Require license Multicast Commands Require license Require license Supported Supported Require license DVMRP Commands Require license Require license Supported Supported Require license PIM Commands Require license Require license Supported Supported Require license Internet Group Message Protocol (IGMP) Commands Require license Require license Supported Supported Require license IGMP Proxy Commands Require license Require license Supported Supported Require license IPv6 Multicast Forwarder Commands Require license Require license Supported Supported Require license IPv6 PIM Commands Require license Require license Supported Supported Require license IPv6 MLD Commands Require license Require license Supported Supported Require license Using the Command-Line Interface 9 ProSafe Managed Switch Command Group or Command M5300-28G-POE+ M5300-28G M5300-52G-POE+ M5300-52G M5300-28G3 M5300-52G3 M5300-28GF3 GSM7328Sv2 GSM7352Sv2 GSM7228PS GSM7252PS IPv6 MLD-Proxy Commands Require license Require license Supported Supported Require license PoE Commands Supported Not Supported Not Supported Not Supported Supported MVR Commands Supported Supported Supported Not Supported Not Supported Link Local Protocol Filtering Supported Commands Supported Supported Supported Supported Priority-Based Flow Control Not Supported Commands Not Supported Not Supported Not Supported Not Supported Captive Portal Commands Supported Supported Supported Supported Supported cos-queue random-detect Supported Supported Supported Supported Supported no cos-queue random-detect Supported Supported Supported Supported Supported random-detect exponential weighting-constant Supported Supported Supported Supported Supported no random-detect exponential weighting-constant Supported Supported Supported Supported Supported random-detect queue-parms Supported Supported Supported Supported Supported no random-detect queue-parms Supported Supported Supported Supported Supported Command Syntax A command is one or more words that might be followed by one or more parameters. Parameters can be required or optional values. Some commands, such as show network or clear vlan, do not require parameters. Other commands, such as network parms, require that you supply a value after the command. You must type the parameter values in a specific order, and optional parameters follow required parameters. The following example describes the network parms command syntax: Format network parms[gateway] • network parms is the command name. • and are parameters and represent required values that you must enter after you type the command keywords. Using the Command-Line Interface 10 ProSafe Managed Switch • [gateway] is an optional parameter, so you are not required to enter a value in place of the parameter. The New Template User Manual lists each command by the command name and provides a brief description of the command. Each command reference also contains the following information: • Format shows the command keywords and the required and optional parameters. • Mode identifies the command mode you must be in to access the command. • Default shows the default value, if any, of a configurable setting on the device. The show commands also contain a description of the information that the command shows. Command Conventions In this document, the command name is in bold font. Parameters are in italic font. You must replace the parameter name with an appropriate value, which might be a name or number. Parameters are order dependent. The parameters for a command might include mandatory values, optional values, or keyword choices. Table 1 describes the conventions this document uses to distinguish between value types. Table 1. Parameter Conventions Symbol Example Description <> angle brackets Indicates that you must enter a value in place of the brackets and text inside them. [] square brackets [value] Indicates an optional parameter that you can enter in place of the brackets and text inside them. {} curly braces {choice1 | choice2} Indicates that you must select a parameter from the list of choices. | Vertical bars choice1 | choice2 Separates the mutually exclusive choices. [{}] Braces within square brackets [{choice1 | choice2}] Indicates a choice within an optional element. Common Parameter Values Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System Using the Command-Line Interface 11 ProSafe Managed Switch Name with Spaces” forces the system to accept the spaces. Empty strings (““) are not valid user-defined strings. Table 2 describes common parameter values and value formatting. Table 2. Parameter Descriptions Parameter Description ipaddr This parameter is a valid IP address. You can enter the IP address in the following formats: a (32 bits) a.b (8.24 bits) a.b.c (8.8.16 bits) a.b.c.d (8.8.8.8) In addition to these formats, the CLI accepts decimal, hexadecimal and octal formats through the following input formats (where n is any valid hexadecimal, octal or decimal number): 0xn (CLI assumes hexadecimal format) 0n (CLI assumes octal format with leading zeros) n (CLI assumes decimal format) ipv6-address FE80:0000:0000:0000:020F:24FF:FEBF:DBCB, or FE80:0:0:0:20F:24FF:FEBF:DBCB, or FE80::20F24FF:FEBF:DBCB, or FE80:0:0:0:20F:24FF:128:141:49:32 For additional information, refer to RFC 3513. Interface or unit/slot/port Valid slot and port number separated by forward slashes. For example, 0/1 represents slot number 0 and port number 1. Logical Interface Represents a logical slot and port number. This is applicable in the case of a port-channel (LAG). You can use the logical unit/slot/port to configure the port-channel. Character strings Use double quotation marks to identify character strings, for example, “System Name with Spaces”. An empty string (“”) is not valid. Unit/Slot/Port Naming Convention Managed switch software references physical entities such as cards and ports by using a unit/slot/port naming convention. The software also uses this convention to identify certain logical entities, such as Port-Channel interfaces. The slot number has two uses. In the case of physical ports, it identifies the card containing the ports. In the case of logical and CPU ports it also identifies the type of interface or port. Table 3. Type of Slots Slot Type Description Physical slot numbers Physical slot numbers begin with zero, and are allocated up to the maximum number of physical slots. Logical slot numbers Logical slots immediately follow physical slots and identify port-channel (LAG) or router interfaces. CPU slot numbers The CPU slots immediately follow the logical slots. Using the Command-Line Interface 12 ProSafe Managed Switch The port identifies the specific physical port or logical interface being managed on a given slot. Table 4. Type of Ports Port Type Description Physical Ports The physical ports for each slot are numbered sequentially starting from zero. Logical Interfaces Port-channel or Link Aggregation Group (LAG) interfaces are logical interfaces that are only used for bridging functions. VLAN routing interfaces are only used for routing functions. Loopback interfaces are logical interfaces that are always up. Tunnel interfaces are logical point-to-point links that carry encapsulated packets. CPU ports CPU ports are handled by the driver as one or more physical entities located on physical slots. Note: In the CLI, loopback and tunnel interfaces do not use the unit/slot/port format. To specify a loopback interface, you use the loopback ID. To specify a tunnel interface, you use the tunnel ID. Using a Command’s “No” Form The no keyword is a specific form of an existing command and does not represent a new or distinct command. Almost every configuration command has a no form. In general, use the no form to reverse the action of a command or reset a value back to the default. For example, the no shutdown configuration command reverses the shutdown of an interface. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default. Only the configuration commands are available in the no form. Managed Switch Modules Managed switch software consists of flexible modules that can be applied in various combinations to develop advanced Layer 2/3/4+ products. The commands and command modes available on your switch depend on the installed modules. Additionally, for some show commands, the output fields might change based on the modules included in the software. The software suite includes the following modules: • Switching (Layer 2) • Routing (Layer 3) • IPv6—IPv6 routing • Multicast Using the Command-Line Interface 13 ProSafe Managed Switch • Quality of Service • Management (CLI, Web UI, and SNMP) • IPv6 Management—Allows management of the device through an IPv6 through an IPv6 address without requiring the IPv6 Routing package in the system. The management address can be associated with the network port (front-panel switch ports) and a routine interface (port or VLAN). • Stacking Not all modules are available for all platforms or software releases. Command Modes The CLI groups commands into modes according to the command function. Each of the command modes supports specific software commands. The commands in one mode are not available until you switch to that particular mode, with the exception of the User EXEC mode commands. You can execute the User EXEC mode commands in the Privileged EXEC mode. The command prompt changes in each command mode to help you identify the current mode. Table 5 describes the command modes and the prompts visible in that mode. Note: The command modes available on your switch depend on the software modules that are installed. For example, a switch that does not support BGPv4 does not have the Router BGPv4 Command Mode. Table 5. CLI Command Modes Command Mode Prompt Mode Description User EXEC Switch> Contains a limited set of commands to view basic system information. Privileged EXEC Switch# Allows you to issue any EXEC command, enter the VLAN mode, or enter the Global Configuration mode. Global Config Switch (Config)# Groups general setup commands and permits you to make modifications to the running configuration. VLAN Config Switch (Vlan)# Groups all the VLAN commands. Using the Command-Line Interface 14 ProSafe Managed Switch Table 5. CLI Command Modes (Continued) Command Mode Prompt Mode Description Interface Config Switch (Interface )# Manages the operation of an interface and provides access to the router interface configuration commands. Use this mode to set up a physical port for a specific logical connection operation. Switch (Interface Loopback )# Switch (Interface Tunnel )# Line Config Switch (line)# Contains commands to configure outbound telnet settings and console interface settings. Policy Map Config Switch (Config-policy-map)# Contains the QoS Policy-Map configuration commands. Policy Class Config Switch (Config-policy-class-map)# Consists of class creation, deletion, and matching commands. The class match commands specify Layer 2, Layer 3, and general match criteria. Class Map Config Switch (Config-class-map)# Contains the QoS class map configuration commands for IPv4. Ipv6_Class-Map Config Switch (Config-class-map)# Contains the QoS class map configuration commands for IPv6. Router OSPF Config Switch (Config-router)# Contains the OSPF configuration commands. Router OSPFv3 Config Switch (Config rtr)# Contains the OSPFv3 configuration commands. Router RIP Config Switch (Config-router)# Contains the RIP configuration commands. MAC Access-list Config Switch (Config-mac-access-list)# Allows you to create a MAC Access-List and to enter the mode containing MAC Access-List configuration commands. TACACS Config Switch (Tacacs)# Contains commands to configure properties for the TACACS servers. DHCP Pool Config Switch (Config dhcp-pool)# Contains the DHCP server IP address pool configuration commands. DHCPv6 Pool Config Switch (Config dhcp6-pool)# Contains the DHCPv6 server IPv6 address pool configuration commands. Stack Global Config Mode Switch (Config stack)# Allows you to access the Stack Global Config Mode. ARP Access-List Config Mode Switch (Config-arp-access-list)# Contains commands to add ARP ACL rules in an ARP Access List. Using the Command-Line Interface 15 ProSafe Managed Switch Table 6 explains how to enter or exit each mode. Table 6. CLI Mode Access and Exit Command Mode Access Method Exit or Access Previous Mode User EXEC This is the first level of access. To exit, enter logout. Privileged EXEC From the User EXEC mode, enter enable. To exit to the User EXEC mode, enter exit or press Ctrl-Z. Global Config From the Privileged EXEC mode, enter configure. To exit to the Privileged EXEC mode, enter exit, or press Ctrl-Z. VLAN Config From the Privileged EXEC mode, enter vlan database. To exit to the Privileged EXEC mode, enter exit, or press Ctrl-Z. Interface Config To exit to the Global Config mode, enter exit. To From the Global Config mode, return to the Privileged EXEC mode, enter enter interface Ctrl-Z. or interface loopback or interface tunnel Line Config From the Global Config mode, enter lineconfig. To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. Policy-Map Config From the Global Config mode, enter policy-map in. To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. Policy-Class-Map Config From the Policy Map mode enter class. To exit to the Policy Map mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. Class-Map Config From the Global Config mode, enter class-map, and specify the optional keyword ipv4 to specify the Layer 3 protocol for this class. See class-map on page 470 for more information. To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. Ipv6-Class-Map Config From the Global Config mode, enter class-map and specify the optional keyword ipv6 to specify the Layer 3 protocol for this class. See class-map on page 470 for more information. To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. Router OSPF Config From the Global Config mode, enter router ospf. To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. Router OSPFv3 Config From the Global Config mode, enter ipv6 router ospf. To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. Using the Command-Line Interface 16 ProSafe Managed Switch Table 6. CLI Mode Access and Exit (Continued) Command Mode Access Method Exit or Access Previous Mode Router RIP Config From the Global Config mode, enter router rip. To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. MAC Access-list Config From the Global Config mode, enter mac access-list extended . To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. TACACS Config To exit to the Global Config mode, enter exit. To From the Global Config mode, return to the Privileged EXEC mode, enter enter tacacs-server host , where is Ctrl-Z. the IP address of the TACACS server on your network. DHCP Pool Config From the Global Config mode, enter ip dhcp pool . DHCPv6 Pool Config To exit to the Global Config mode, enter exit. To From the Global Config mode, return to the Privileged EXEC mode, enter enter ip dhcpv6 pool . Ctrl-Z. Stack Global Config Mode From the Global Config mode, enter the stack command. To exit to the Global Config mode, enter the exit command. To return to the Privileged EXEC mode, enter Ctrl-Z. ARP Access-List Config Mode From the Global Config mode, enter the arp access-list command. To exit to the Global Config mode, enter the exit command. To return to the Privileged EXEC mode, enter Ctrl-Z. To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. Command Completion and Abbreviation Command completion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. Once you have entered enough letters, press the SPACEBAR or TAB key to complete the word. Command abbreviation allows you to execute a command when you have entered there are enough letters to uniquely identify the command. You must enter all of the required keywords and parameters before you enter the command. Using the Command-Line Interface 17 ProSafe Managed Switch CLI Error Messages If you enter a command and the system is unable to execute it, an error message appears. Table 7 describes the most common CLI error messages. Table 7. CLI Error Messages Message Text Description % Invalid input detected at '^' marker. Indicates that you entered an incorrect or unavailable command. The carat (^) shows where the invalid text is detected. This message also appears if any of the parameters or values are not recognized. Command not found / Incomplete command. Use ? to list commands. Indicates that you did not enter the required keywords or values. Ambiguous command Indicates that you did not enter enough letters to uniquely identify the command. CLI Line-Editing Conventions Table 8 describes the key combinations you can use to edit commands or increase the speed of command entry. You can access this list from the CLI by entering help from the User or Privileged EXEC modes. Table 8. CLI Editing Conventions Key Sequence Description DEL or Backspace Delete previous character Ctrl-A Go to beginning of line Ctrl-E Go to end of line Ctrl-F Go forward one character Ctrl-B Go backward one character Ctrl-D Delete current character Ctrl-U, X Delete to beginning of line Ctrl-K Delete to end of line Ctrl-W Delete previous word Ctrl-T Transpose previous character Ctrl-P Go to previous line in history buffer Ctrl-R Rewrites or pastes the line Ctrl-N Go to next line in history buffer Using the Command-Line Interface 18 ProSafe Managed Switch Table 8. CLI Editing Conventions (Continued) Key Sequence Description Ctrl-Y Prints last deleted character Ctrl-Q Enables serial flow Ctrl-S Disables serial flow Ctrl-Z Return to root command prompt Tab, Command-line completion Exit Go to next lower command prompt ? List available commands, keywords, or parameters Using CLI Help Enter a question mark (?) at the command prompt to display the commands available in the current mode. (switch) >? enable help logout ping quit show telnet Enter into user privilege mode. Display help for various special keys. Exit this session. Any unsaved changes are lost. Send ICMP echo packets to a specified IP address. Exit this session. Any unsaved changes are lost. Display Switch Options and Settings. Telnet to a remote host. Enter a question mark (?) after each word you enter to display available command keywords or parameters. (switch) #network ? javamode mgmt_vlan parms protocol Enable/Disable. Configure the Management VLAN ID of the switch. Configure Network Parameters of the router. Select DHCP, BootP, or None as the network config protocol. If the help output shows a parameter in angle brackets, you must replace the parameter with a value. (switch) #network parms ? Enter the IP address. If there are no additional command keywords or parameters, or if additional parameters are optional, the following message appears in the output: Press Enter to execute the command Using the Command-Line Interface 19 ProSafe Managed Switch You can also enter a question mark (?) after typing one or more characters of a word to list the available command or parameters that begin with the letters, as shown in the following example: (switch) #show m? mac-addr-table mac-address-table monitor Accessing the CLI You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote management host. For the initial connection, you must use a direct connection to the console port. You cannot access the system remotely until the system has an IP address, subnet mask, and default gateway. You can set the network configuration information manually, or you can configure the system to accept these settings from a BOOTP or DHCP server on your network. For more information, see Network Interface Commands on page 638. Using the Command-Line Interface 20 2. Stacking Commands 2 This chapter contains the following sections: • Dedicated Port Stacking • Stacking Commands • Non-Stop Forwarding Commands • Stack Firmware Synchronization Commands The commands in this chapter are in two functional groups: • Show commands display switch settings, statistics, and other information. • Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting. The Primary Management Unit is the unit that controls the stack. Note: When configuring a stack using M5300 Series switches and GSM7328S V2H1, GSM7352S V2H1, GSM7228PS V1H1, or GSM7228PS V1H1switches, refer to sdm prefer (Mixed Stacking) on page 715. Dedicated Port Stacking This section describes the commands you use to configure dedicated port stacking. stack This command sets the mode to Stack Global Config. Format stack Mode Global Config member This command configures a switch. The is the switch identifier of the switch to be added/removed from the stack. The is the index into the database of the 21 ProSafe Managed Switch supported switch types, indicating the type of the switch being preconfigured. The switch index is a 32-bit integer. This command is executed on the Primary Management Unit. Format member Mode Stack Global Config Note: Switch index can be obtained by executing the show supported switchtype command in User EXEC mode. no member This command removes a switch from the stack. The is the switch identifier of the switch to be removed from the stack. This command is executed on the Primary Management Unit. Format no member Mode Stack Global Config switch priority This command configures the ability of a switch to become the Primary Management Unit. The is the switch identifier. The is the preference parameter that allows the user to specify, priority of one backup switch over another. The range for priority is 1 to 15. The switch with the highest priority value will be chosen to become the Primary Management Unit if the active Primary Management Unit fails. The switch priority defaults to the hardware management preference value 1. Switches that do not have the hardware capability to become the Primary Management Unit are not eligible for management. Default enabled Format switch priority Mode Global Config switch renumber This command changes the switch identifier for a switch in the stack. The is the current switch identifier on the switch whose identifier is to be changed. The is the updated value of the switch identifier. Upon execution, the switch will be configured with the configuration information for the new switch, if any. The old switch configuration information will be retained, however the old switch will be operationally unplugged. This command is executed on the Primary Management Unit. Stacking Commands 22 ProSafe Managed Switch Note: If the management unit is renumbered, then the running configuration is no longer applied (that is, the stack acts as if the configuration had been cleared). Format switch renumber Mode Global Config movemanagement This command moves the Primary Management Unit functionality from one switch to another. The is the switch identifier on the current Primary Management Unit. The is the switch identifier on the new Primary Management Unit. Upon execution, the entire stack (including all interfaces in the stack) is unconfigured and reconfigured with the configuration on the new Primary Management Unit. After the reload is complete, all stack management capability must be performed on the new Primary Management Unit. To preserve the current configuration across a stack move, execute the copy system:running-config nvram:startup-config (in Privileged EXEC) command before performing the stack move. A stack move causes all routes and layer 2 addresses to be lost. This command is executed on the Primary Management Unit. The system prompts you to confirm the management move. Note: The movemanagement command does not NSF (non-stop forwarding). To move the management unit to the backup unit, use initiate failover instead. For more information, see initiate failover on page 33. Format movemanagement Mode Stack Global Config standby Use this command to configure a unit as a Standby Management Unit (STBY). Format standby Mode Stack Global Config Stacking Commands 23 ProSafe Managed Switch Note: The Standby Management Unit cannot be the current Management Unit. The Standby unit should be a management-capable unit. slot This command configures a slot in the system. The is the slot identifier of the slot. The is the index into the database of the supported card types, indicating the type of the card being preconfigured in the specified slot. The card index is a 32-bit integer. If a card is currently present in the slot that is unconfigured, the configured information will be deleted and the slot will be re-configured with default information for the card. Format slot Mode Global Config Note: Card index can be obtained by executing show supported cardtype command in User EXEC mode. no slot This command removes configured information from an existing slot in the system. Format no slot Mode Global Config Note: Card index can be obtained by executing show supported cardtype command in User EXEC mode. set slot disable This command configures the administrative mode of the slot(s). If you specify [all], the command is applied to all slots, otherwise the command is applied to the slot identified by . If a card or other module is present in the slot, this administrative mode will effectively be applied to the contents of the slot. If the slot is empty, this administrative mode will be applied Stacking Commands 24 ProSafe Managed Switch to any module that is inserted into the slot. If a card is disabled, all the ports on the device are operationally disabled and shown as “unplugged” on management screens. Format set slot disable [ | all] Mode Global Config no set slot disable This command unconfigures the administrative mode of the slot(s). If you specify [all], the command removes the configuration from all slots, otherwise the configuration is removed from the slot identified by . If a card or other module is present in the slot, this administrative mode removes the configuration from the contents of the slot. If the slot is empty, this administrative mode removes the configuration from any module inserted into the slot. If a card is disabled, all the ports on the device are operationally disabled and shown as “unplugged” on management screens. Format no set slot disable [ | all] Mode Global Config set slot power This command configures the power mode of the slot(s) and allows power to be supplied to a card located in the slot. If you specify [all], the command is applied to all slots, otherwise the command is applied to the slot identified by . Use this command when installing or removing cards. If a card or other module is present in this slot, the power mode is applied to the contents of the slot. If the slot is empty, the power mode is applied to any card inserted into the slot. Format set slot power [ | all] Mode Global Config no set slot power This command unconfigures the power mode of the slot(s) and prohibits power from being supplied to a card located in the slot. If you specify [all], the command prohibits power to all slots, otherwise the command prohibits power to the slot identified by . Use this command when installing or removing cards. If a card or other module is present in this slot, power is prohibited to the contents of the slot. If the slot is empty, power is prohibited to any card inserted into the slot. Format no set slot power [ | all] Mode Global Config Stacking Commands 25 ProSafe Managed Switch reload (Stack) This command resets the entire stack or the identified . The is the switch identifier. The system prompts you to confirm that you want to reset the switch. Format reload [ ] Mode User EXEC show slot This command displays information about all the slots in the system or for a specific slot. Format show slot [ ] Mode User EXEC Term Definition Slot The slot identifier in a format. Slot Status The slot is empty, full, or has encountered an error Admin State The slot administrative mode is enabled or disabled. Power State The slot power mode is enabled or disabled. Configured Card Model Identifier The model identifier of the card preconfigured in the slot. Model Identifier is a 32-character field used to identify a card. Pluggable Cards are pluggable or non-pluggable in the slot. Power Down Indicates whether the slot can be powered down. If you supply a value for , the following additional information appears: Term Definition Inserted Card Model Identifier The model identifier of the card inserted in the slot. Model Identifier is a 32-character field used to identify a card. This field is displayed only if the slot is full. Inserted Card Description The card description. This field is displayed only if the slot is full. Configured Card Description The card description of the card preconfigured in the slot. Stacking Commands 26 ProSafe Managed Switch show supported cardtype This commands displays information about all card types or specific card types supported in the system. Format show supported cardtype [ ] Mode User EXEC If you do not supply a value for , the following output appears: Term Definition Card Index (CID) The index into the database of the supported card types. This index is used when preconfiguring a slot. Card Model Identifier The model identifier for the supported card type. If you supply a value for , the following output appears: Term Definition Card Type The 32-bit numeric card type for the supported card. Model Identifier The model identifier for the supported card type. Card Description The description for the supported card type. show switch This command displays information about all units in the stack or a single unit when you specify the unit value. For units that would normally be allowed to join the stack but do not have a matching stack template ID, their switch status is shown as “STM Mismatch.” Format show switch [ ] Mode Privileged EXEC Term Definition Switch The unit identifier assigned to the switch. When you do not specify a value for , the following information appears: Term Definition Management Status Indicates whether the switch is the Primary Management Unit, a stack member, or the status is unassigned. Preconfigured Model Identifier The model identifier of a preconfigured switch ready to join the stack. The Model Identifier is a 32-character field assigned by the device manufacturer to identify the device. Stacking Commands 27 ProSafe Managed Switch Term Definition Plugged-In Model Identifier The model identifier of the switch in the stack. Model Identifier is a 32-character field assigned by the device manufacturer to identify the device. Switch Status The switch status. Possible values for this state are: OK, Unsup ported, Code Mismatch, Config Mismatch, or Not Present. Code Version The detected version of code on this switch. When you specify a value for , the following information appears: Term Definition Management Status Indicates whether the switch is the Primary Management Unit, a stack member, or the status is unassigned. Hardware Management Preference The hardware management preference of the switch. The hardware management preference can be disabled or unassigned. Admin Management Preference The administrative management preference value assigned to the switch. This preference value indicates how likely the switch is to be chosen as the Primary Management Unit. Switch Type The 32-bit numeric switch type. Model Identifier The model identifier for this switch. Model Identifier is a 32-character field assigned by the device manufacturer to identify the device. Switch Status The switch status. Possible values are OK, Unsupported, Code Mismatch, Config Mismatch, or Not Present. Switch Description The switch description. Expected Code Version The expected code version. Detected Code Version The version of code running on this switch. If the switch is not present and the data is from pre-configuration, then the code version is “None”. Detected Code in Flash The version of code that is currently stored in FLASH memory on the switch. This code executes after the switch is reset. If the switch is not present and the data is from pre-configuration, then the code version is “None”. Stack Template ID The ID of the stack template currently in use. For example: 3. Stack Template Description The stack template description. For example: v1 and v2 Mix. Up Time The system up time. Stacking Commands 28 ProSafe Managed Switch show supported switchtype This commands displays information about all supported switch types or a specific switch type. Format show supported switchtype [ ] Modes • User EXEC • Privileged EXEC If you do not supply a value for , the following output appears: Term Definition Switch Index (SID) The index into the database of supported switch types. This index is used when preconfiguring a member to be added to the stack. Model Identifier The model identifier for the supported switch type. Management Preference The management preference value of the switch type. Code Version The code load target identifier of the switch type. If you supply a value for , the following output appears: Term Definition Switch Type The 32-bit numeric switch type for the supported switch. Model Identifier The model identifier for the supported switch type. Switch Description The description for the supported switch type. Stacking Commands This section describes the commands you use to view and configure stacking information. stack-port This command sets stacking per port to either stack or ethernet mode. Default stack Format stack-port [{ethernet | stack}] Mode Stack Global Config Stacking Commands 29 ProSafe Managed Switch show stack-port This command displays summary stack-port information for all interfaces. Format show stack-port Mode Privileged EXEC Term Definition QOS Mode Stacking QOS Mode for all Interfaces. For Each Interface: Term Definition Unit The unit number. Interface The slot and port numbers. Configured Stack Mode Stack or Ethernet. Running Stack Mode Stack or Ethernet. Link Status Status of the link. Link Speed Speed (Gbps) of the stack port link. show stack-port counters This command displays summary data counter information for all interfaces. Format show stack-port counters Mode Privileged EXEC Term Definition Unit The unit number. Interface The slot and port numbers. Tx Data Rate Trashing data rate in megabits per second on the stacking port. Tx Error Rate Platform-specific number of transmit errors per second. Tx Total Error Platform-specific number of total transmit errors since power-up. Rx Data Rate Receive data rate in megabits per second on the stacking port. Stacking Commands 30 ProSafe Managed Switch Term Definition Rx Error Rate Platform-specific number of receive errors per second. Rx Total Errors Platform-specific number of total receive errors since power-up. show stack-port diag This command shows stacking diagnostics for each port and is only intended for Field Application Engineers (FAEs) and developers. An FAE will advise on the necessity to run this command and capture this information. Format show stack-port diag Mode Privileged EXEC Term Definition Unit The unit number. Interface The slot and port numbers. Diagnostic Entry1 80 character string used for diagnostics. Diagnostic Entry2 80 character string used for diagnostics. Diagnostic Entry3 80 character string used for diagnostics. Non-Stop Forwarding Commands Non-stop forwarding allows the stack units to continue to forward packets if the stack management unit restarts because of a power failure, hardware failure, or software fault. nsf Use this command to enable nonstop forwarding feature on the stack. When nonstop forwarding is enabled, if the management unit of a stack fails, the backup unit takes over as the master without clearing the hardware tables of any of the surviving units. Data traffic continues to be forwarded in hardware while the management functions initialize on the backup unit. NSF is enabled by default on platforms that support it. The administrator can disable NSF to redirect the CPU resources consumed by data checkpointing. If a unit that does not support NSF is connected to the stack, then NSF is disabled on all stack members. If a unit that does not support NSF is disconnected from the stack and all other units support NSF, and NSF is administratively enabled, then NSF operation resumes. Default Enabled Stacking Commands 31 ProSafe Managed Switch Format nsf Mode Stack Global Config no nsf This command disables non-stop forwarding on the stack. Format no nsf Mode Stack Global Config show nsf This command displays global and per-unit information on NSF configuration on the stack. Format show nsf Mode Privileged EXEC Term Definition NSF Administrative Status Whether nonstop forwarding is administratively enabled or disabled. Default: Enabled NSF Operational Status Indicates whether NSF is enabled on the stack. Last Startup Reason The type of activation that caused the software to start the last time: • “Power-On” means that the switch rebooted. This could have been caused by a power cycle or an administrative “Reload” command. • “Administrative Move” means that the administrator issued the movemanagement command for the stand-by manager to take over. • “Warm-Auto-Restart” means that the primary management card restarted due to a failure, and the system executed a nonstop forwarding failover. • “Cold-Auto-Restart” means that the system switched from the active manager to the backup manager and was unable to maintain user data traffic. This is usually caused by multiple failures occurring close together. Time Since Last Restart Time The time since the current management unit became the active management unit. Restart in progress Whether a restart is in progress. Warm Restart Ready Whether the system is ready to perform a nonstop forwarding failover from the management unit to the backup unit. Copy of Running Configuration to Backup Unit: Status Whether the running configuration on the backup unit includes all changes made on the management unit. Displays as Current or Stale. Stacking Commands 32 ProSafe Managed Switch Term Definition Time Since Last Copy When the running configuration was last copied from the management unit to the backup unit. Time Until Next Copy The number of seconds until the running configuration will be copied to the backup unit. This line only appears when the running configuration on the backup unit is Stale. NSF Support (Per Unit Whether a unit supports NSF. Status Parameters) Example: (Switch)#show nsf Administrative Status.......................... Enable Operational Status............................. Enable Last Startup Reason............................ Warm Auto-Restart Time Since Last Restart........................ 0 days 16 hrs 52 mins 55 secs Restart In Progress............................ No Warm Restart Ready............................. Yes Copy of Running Configuration to Backup Unit: Status...................................... Stale Time Since Last Copy........................ 0 days 4 hrs 53 mins 22 secs Time Until Next Copy........................ 28 seconds Unit NSF Support ---- ----------1 Yes 2 Yes 3 Yes initiate failover Use this command to force the backup unit to take over as the management unit and perform a “warm restart” of the stack. On a warm restart, the backup unit becomes the management unit without clearing its hardware tables (on a cold restart, hardware tables are cleared). Applications apply checkpointed data from the former management unit. The original management unit reboots. If the system is not ready for a warm restart, for example because no backup unit has been elected or one or more members of the stack do not support nonstop forwarding, the command fails with a warning message. The movemanagement command also transfers control from the current management unit; however, the hardware is cleared and all units reinitialize. Note: Use this command instead of movemanagement if you expect nsf during management unit changes. Format initiate failover Mode Stack Global Config Mode Stacking Commands 33 ProSafe Managed Switch show checkpoint statistics Use this command to display general information about the checkpoint service operation. Format show checkpoint statistics Mode Privileged EXEC Term Description Messages Checkpointed Number of checkpoint messages transmitted to the backup unit. Range: Integer. Def ault:0 Bytes Checkpointed Number of bytes transmitted to the backup unit. Range: Integer. Default:0 Time Since Counters Cleared Number of days, hours, minutes and seconds since the counters were reset to zero. The counters are cleared when a unit becomes manager and with a support command. Range: Time Stamp. Default: 0d00:00:00 Checkpoint Message Rate Average Number of checkpoint messages per second. The average is computed over the time period since the counters were cleared. Range: Integer. Default:0 Last 10-second Message Rate Average Number of checkpoint messages per second in the last 10-second interval. This average is updated once every 10 seconds. Range: Integer. Default:0 Highest 10-second Message Rate The highest rate recorded over a 10-second interval since the counters were cleared. Range: Integer. Default:0 Example: (Switch)#show checkpoint statistics Messages Checkpointed.....................6708 Bytes Checkpointed........................894305 Time Since Counters Cleared...............3d 01:05:09 Checkpoint Message Rate...................0.025 msg/sec Last 10-second Message Rate...............0 msg/sec Highest 10-second Message Rate............8 msg/sec clear checkpoint statistics This command clears the statistics for the checkpointing process. Format clear checkpoint statistics Mode Privileged EXEC Stacking Commands 34 ProSafe Managed Switch Stack Firmware Synchronization Commands Stack firmware synchronization provides an automatic mechanism to synchronize the firmware on stack members whose firmware version differs from the version running on the stack manager. This operation can result in either an upgrade or downgrade of firmware on the mismatched stack member. However, this operation does not attempt to synchronize the stack to the latest firmware in the stack. During firmware transfer and upgrade, operations such as code download and move management can result in undesirable behavior, such as firmware corruption on a code mismatched stack member. As a result, you receive an error if you try to access the following operations from the user interface during stack firmware synchronization: • Move management • Unit renumbering • Code download • Delete image • Update bootcode • Clear config A reboot operation is allowed during stack firmware synchronization. If the firmware is corrupted during stack firmware synchronization, manual intervention by the administrator is required to restore the switch to working condition. During stack firmware synchronization, traps are generated on start, completion, or failure. • Non-deterministic upgrade behavior On bootup, the image that gets synchronized depends on the one that becomes the manager. Which code version the new stack synchronizes to is fully deterministic, but might not be obvious to the user as it depends entirely on which unit becomes the manager. This might be decided by a MAC address comparison. If the administrator wants a particular version to be used by the stack, he should first ensure that this particular unit becomes stack manager. • Bootcode Upgrades Bootcode upgrades are not initiated by the stack firmware synchronization. boot auto-copy-sw This command enables or disables stack firmware synchronization. Default Disabled Format boot auto-copy-sw Mode Privileged EXEC Stacking Commands 35 ProSafe Managed Switch no boot auto-copy-sw This command disables stack firmware synchronization. Format no boot auto-copy-sw Mode Privileged EXEC boot auto-copy-sw trap This command sends SNMP traps related to stack firmware synchronization. Default Enabled Format boot auto-copy-sw trap Mode Privileged EXEC no boot auto-copy-sw trap This command disables sending SNMP traps related to stack firmware synchronization. Format no boot auto-copy-sw trap Mode Privileged EXEC boot auto-copy-sw allow-downgrade This command enables downgrading the firmware version on the stack member if the firmware version on the manager is older than the firmware version on the member. Default Enabled Format boot auto-copy-sw allow-downgrade Mode Privileged EXEC no boot auto-copy-sw allow-downgrade This command disables downgrading the image. Format no boot auto-copy-sw allow-downgrade Mode Privileged EXEC Stacking Commands 36 ProSafe Managed Switch show auto-copy-sw This command displays the stack firmware synchronization configuration status. Format show auto-copy-sw Mode Privileged EXEC Example: (Switch)#show auto-copy-sw Stack Firmware Synchronization Synchronization: Enabled SNMP Trap status: Enabled Allow Downgrade: Enabled Stacking Commands 37 3. Switching Commands 3 This chapter describes the switching commands available in the managed switch CLI. This chapter contains the following sections: • Port Configuration Commands • Loopback Interface Commands • Spanning Tree Protocol (STP) Commands • VLAN Commands • Double VLAN Commands • Voice VLAN Commands • Provisioning (IEEE 802.1p) Commands • Protected Ports Commands • Private Group Commands • Private VLAN • GARP Commands • GVRP Commands • GMRP Commands • Port-Based Network Access Control Commands • 802.1X Supplicant Commands • Storm-Control Commands • Flow Control Commands • Port Mirroring • Static MAC Filtering • DHCP L2 Relay Agent Commands • DHCP Client Commands • DHCP Snooping Configuration Commands • Dynamic ARP Inspection Commands • IGMP Snooping Configuration Commands • IGMP Snooping Querier Commands • MLD Snooping Commands 38 ProSafe Managed Switch • MLD Snooping Querier Commands • Port Security Commands • LLDP (802.1AB) Commands • LLDP-MED Commands • Denial of Service Commands • MAC Database Commands • ISDP Commands • Priority-Based Flow Control Commands The commands in this chapter are in three functional groups: • Show commands display switch settings, statistics, and other information. • Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting. • Clear commands clear some or all of the settings to factory defaults. Port Configuration Commands This section describes the commands you use to view and configure port settings. interface This command gives you access to the Interface Config mode, which allows you to enable or modify the operation of an interface (port). Format interface Mode Global Config interface vlan This command gives you access to the vlan virtual interface mode, which allows certain port configurations (for example, the IP address) to be applied to the VLAN interface. Type a question mark (?) after entering the interface configuration mode to see the available options. Format interface vlan Mode Global Config interface lag This command gives you access to the LAG (link aggregation, or port channel) virtual interface, which allows certain port configurations to be applied to the LAG interface. Type a question mark (?) after entering the interface configuration mode to see the available options. Switching Commands 39 ProSafe Managed Switch Note: The IP address cannot be assigned to a LAG virtual interface. The interface must be put under a VLAN group and an IP address assigned to the VLAN group. Format interface lag Mode Global Config auto-negotiate This command enables automatic negotiation on a port. Default enabled Format auto-negotiate Mode Interface Config no auto-negotiate This command disables automatic negotiation on a port. Note: Automatic sensing is disabled when automatic negotiation is disabled. auto-negotiate all This command enables automatic negotiation on all ports. Default enabled Format auto-negotiate all Mode Global Config no auto-negotiate all This command disables automatic negotiation on all ports. Format no auto-negotiate all Mode Global Config Switching Commands 40 ProSafe Managed Switch description Use this command to create an alpha-numeric description of the port. Format description Mode Interface Config mtu Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or egress the interface. You can use the mtu command to configure jumbo frame support for physical and port-channel (LAG) interfaces. For the standard 7000 series implementation, the MTU size is a valid integer between 1522 - 9216 for tagged packets and a valid integer between 1518 - 9216 for untagged packets. Note: To receive and process packets, the Ethernet MTU must include any extra bytes that Layer-2 headers might require. To configure the IP MTU size, which is the maximum size of the IP packet (IP Header + IP payload), see ip mtu on page 252. Default 1518 (untagged) Format mtu <1518-9216> Mode Interface Config no mtu This command sets the default MTU size (in bytes) for the interface. Format no mtu Mode Interface Config shutdown This command disables a port. Note: You can use the shutdown command on physical and port-channel (LAG) interfaces, but not on VLAN routing interfaces. Switching Commands 41 ProSafe Managed Switch Format shutdown Mode Interface Config no shutdown This command enables a port. Format no shutdown Mode Interface Config shutdown all This command disables all ports. Note: You can use the shutdown all command on physical and port-channel (LAG) interfaces, but not on VLAN routing interfaces. Format shutdown all Mode Global Config no shutdown all This command enables all ports. Format no shutdown all Mode Global Config speed This command sets the speed and duplex setting for the interface. Format speed [{auto}] [{<100 | 10 | 10G> { }}] Mode Interface Config Acceptable Values Definition 100h 100BASE-T half duplex 100f 100BASE-T full duplex 10h 10BASE-T half duplex Switching Commands 42 ProSafe Managed Switch Acceptable Values Definition 10f 10BASE-T full duplex 10Gh 10GBase-T full duplex 10Gf 10Gbase-T half duplex speed all This command sets the speed and duplex setting for all interfaces. Format speed all [{auto}] [{<100 | 10 | 10G> { }}] Mode Global Config Acceptable Values Definition 100h 100BASE-T half duplex 100f 100BASE-T full duplex 10h 10BASE-T half duplex 10f 10BASE-T full duplex 10Gh 10GBase-T full duplex 10Gf 10Gbase-T half duplex show port This command displays port information. Format show port { | all} Mode Privileged EXEC Term Definition Interface Valid slot and port number separated by forward slashes. Type If not blank, this field indicates that this port is a special type of port. The possible values are: • Mirror - this port is a monitoring port. For more information, see Port Mirroring on page 139. • PC Mbr- this port is a member of a port-channel (LAG). • Probe - this port is a probe port. Admin Mode The Port control administration state. The port must be enabled in order for it to be allowed into the network. - May be enabled or disabled. The factory default is enabled. Switching Commands 43 ProSafe Managed Switch Term Definition Physical Mode The desired port speed and duplex mode. If auto-negotiation support is selected, then the duplex mode and speed is set from the auto-negotiation process. Note that the maximum capability of the port (full duplex -100M) is advertised. Otherwise, this object determines the port's duplex mode and transmission rate. The factory default is Auto. Physical Status The port speed and duplex mode. Link Status The Link is up or down. Link Trap This object determines whether or not to send a trap when link status changes. The factory default is enabled. LACP Mode LACP is enabled or disabled on this port. show port protocol This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group. Format show port protocol { | all} Mode Privileged EXEC Term Definition Group Name The group name of an entry in the Protocol-based VLAN table. Group ID The group identifier of the protocol group. Protocol(s) The type of protocol(s) for this group. VLAN The VLAN associated with this Protocol Group. Interface(s) Lists the unit/slot/port interface(s) that are associated with this Protocol Group. show port description This command displays the port description for every port. Format show port description Mode Privileged EXEC Term Definition Interface Valid slot and port number separated by forward slashes Description Shows the port description configured via the “description” command Switching Commands 44 ProSafe Managed Switch show port status This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group. Format show port status { | all} Mode Privileged EXEC Term Definition Interface Valid slot and port number separated by forward slashes. Media Type “Copper” or “Fiber” for combo port. STP Mode Indicate the spanning tree mode of the port. Physical Mode Either “Auto” or fixed speed and duplex mode. Physical Status The actual speed and duplex mode. Link Status Whether the link is Up or Down. Loop Status Whether the port is in loop state or not. Partner Flow Control Whether the remote side is using flow control or not. Loopback Interface Commands The commands in this section describe how to create, delete, and manage loopback interfaces. A loopback interface is always expected to be up. This interface can provide the source address for sent packets and can receive both local and remote packets. The loopback interface is typically used by routing protocols. To assign an IP address to the loopback interface, see ip address on page 247. To assign an IPv6 address to the loopback interface, see ipv6 address on page 377. interface loopback Use this command to enter the Interface Config mode for a loopback interface. The range of the loopback ID is 0 to 7. Format interface loopback Mode Global Config Switching Commands 45 ProSafe Managed Switch no interface loopback This command removes the loopback interface and associated configuration parameters for the specified loopback interface. Format no interface loopback Mode Global Config show interface loopback This command displays information about configured loopback interfaces. Format show interface loopback [ ] Mode Privileged EXEC If you do not specify a loopback ID, the following information appears for each loopback interface on the system: Term Definition Loopback ID The loopback ID associated with the rest of the information in the row. Interface The interface name. IP Address The IPv4 address of the interface. Received Packets The number of packets received on this interface. Sent Packets The number of packets transmitted from this interface. IPv6 Address The IPv6 address of this interface. If you specify a loopback ID, the following information appears: Term Definition Interface Link Status Shows whether the link is up or down. IP Address The IPv4 address of the interface. IPv6 is enabled (disabled) Shows whether IPv6 is enabled on the interface. IPv6 Prefix is The IPv6 address of the interface. MTU size The maximum transmission size for packets on this interface, in bytes. Switching Commands 46 ProSafe Managed Switch Spanning Tree Protocol (STP) Commands This section describes the commands you use to configure Spanning Tree Protocol (STP). STP helps prevent network loops, duplicate messages, and network instability. spanning-tree This command sets the spanning-tree operational mode to enabled. Default enabled Format spanning-tree Mode Global Config no spanning-tree This command sets the spanning-tree operational mode to disabled. While disabled, the spanning-tree configuration is retained and can be changed, but is not activated. Format no spanning-tree Mode Global Config spanning-tree auto-edge This command enables auto-edge on the interface or range of interfaces. When enabled, the interface becomes an edge port if it does not see BPDUs for edge delay time. Default enabled Format spanning-tree auto-edge Mode Interface Config no spanning-tree auto-edge This command disables auto-edge on the interface or range of interfaces. Format no spanning-tree auto-edge Mode Interface Config spanning-tree bpdufilter Use this command to enable BPDU Filter on an interface or range of interfaces. Default disabled Format spanning-tree bpdufilter Mode Interface Config Switching Commands 47 ProSafe Managed Switch no spanning-tree bpdufilter Use this command to disable BPDU Filter on the interface or range of interfaces. Default disabled Format no spanning-tree bpdufilter Mode Interface Config spanning-tree bpdufilter default Use this command to enable BPDU Filter on all the edge port interfaces. Default disabled Format spanning-tree bpdufilter Mode Global Config no spanning-tree bpdufilter default Use this command to disable BPDU Filter on all the edge port interfaces. Default enabled Format no spanning-tree bpdufilter default Mode Global Config spanning-tree bpduflood Use this command to enable BPDU Flood on the interface. Default disabled Format spanning-tree bpduflood Mode Interface Config no spanning-tree bpduflood Use this command to disable BPDU Flood on the interface. Format no spanning-tree bpduflood Mode Interface Config Switching Commands 48 ProSafe Managed Switch spanning-tree bpduguard Use this command to enable BPDU Guard on the switch. Default disabled Format spanning-tree bpduguard Mode Global Config no spanning-tree bpduguard Use this command to disable BPDU Guard on the switch. Format no spanning-tree bpduguard Mode Global Config spanning-tree bpdumigrationcheck Use this command to force a transmission of rapid spanning tree (RSTP) and multiple spanning tree (MSTP) BPDUs. Use the parameter to transmit a BPDU from a specified interface, or use the all keyword to transmit BPDUs from all interfaces. This command forces the BPDU transmission when you execute it, so the command does not change the system configuration or have a “no” version. Format spanning-tree bpdumigrationcheck { | all} Mode Global Config spanning-tree configuration name This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using. The is a string of up to 32 characters. Default base MAC address in hexadecimal notation Format spanning-tree configuration name Mode Global Config no spanning-tree configuration name This command resets the Configuration Identifier Name to its default. Format no spanning-tree configuration name Mode Global Config Switching Commands 49 ProSafe Managed Switch spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535. Default 0 Format spanning-tree configuration revision <0-65535> Mode Global Config no spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value. Format no spanning-tree configuration revision Mode Global Config spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree. This allows this port to transition to Forwarding State without delay. Default enabled Format spanning-tree edgeport Mode Interface Config no spanning-tree edgeport This command specifies that this port is not an Edge Port within the common and internal spanning tree. Format no spanning-tree edgeport Mode Interface Config spanning-tree forceversion This command sets the Force Protocol Version parameter to a new value. Default 802.1s Format spanning-tree forceversion <802.1d | 802.1s | 802.1w> Mode Global Config • Use 802.1d to specify that the switch transmits ST BPDUs rather than MST BPDUs (IEEE 802.1d functionality supported). Switching Commands 50 ProSafe Managed Switch • Use 802.1s to specify that the switch transmits MST BPDUs (IEEE 802.1s functionality supported). • Use 802.1w to specify that the switch transmits RST BPDUs rather than MST BPDUs (IEEE 802.1w functionality supported). no spanning-tree forceversion This command sets the Force Protocol Version parameter to the default value. Format no spanning-tree forceversion Mode Global Config spanning-tree forward-time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to “(Bridge Max Age / 2) + 1”. Default 15 Format spanning-tree forward-time <4-30> Mode Global Config no spanning-tree forward-time This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to the default value. Format no spanning-tree forward-time Mode Global Config spanning-tree guard This command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, then the port operates in accordance with the multiple spanning tree protocol. Default none Format spanning-tree guard { none | root | loop } Mode Interface Config no spanning-tree guard This command disables loop guard or root guard on the interface. Format no spanning-tree guard Mode Interface Config Switching Commands 51 ProSafe Managed Switch spanning-tree tcnguard This command enables the propagation of received topology change notifications and topology changes to other ports. Default disable Format spanning-tree tcnguard Mode Interface Config no spanning-tree tcnguard This command disables the propagation of received topology change notifications and topology changes to other ports. Format no spanning-tree tcnguard Mode Interface Config spanning-tree max-age This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree. The max-age value is in seconds within a range of 6 to 40, with the value being less than or equal to 2 x (Bridge Forward Delay - 1). Default 20 Format spanning-tree max-age <6-40> Mode Global Config no spanning-tree max-age This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value. Format no spanning-tree max-age Mode Global Config spanning-tree max-hops This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. The max-hops value is a range from 6 to 40. Default 20 Format spanning-tree max-hops <1-127> Mode Global Config Switching Commands 52 ProSafe Managed Switch no spanning-tree max-hops This command sets the Bridge Max Hops parameter for the common and internal spanning tree to the default value. Format no spanning-tree max-hops Mode Global Config spanning-tree mst This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree. If you specify an parameter that corresponds to an existing multiple spanning tree instance, the configurations are done for that multiple spanning tree instance. If you specify 0 (defined as the default CIST ID) as the , the configurations are done for the common and internal spanning tree instance. If you specify the cost option, the command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance, depending on the parameter. You can set the path cost as a number in the range of 1 to 200000000 or auto. If you select auto the path cost value is set based on Link Speed. If you specify the external-cost option, this command sets the external-path cost for MST instance ‘0’ i.e. CIST instance. You can set the external cost as a number in the range of 1 to 200000000 or auto. If you specify auto, the external path cost value is set based on Link Speed. If you specify the port-priority option, this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance, depending on the parameter. The port-priority value is a number in the range of 0 to 240 in increments of 16. Default • cost—auto • external-cost—auto • port-priority—128 Format spanning-tree mst {{cost <1-200000000> | auto} | {external-cost <1-200000000> | auto} | port-priority <0-240>} Mode Interface Config no spanning-tree mst This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance, or in the common and internal spanning tree to the respective default values. If you specify an parameter that corresponds to an existing multiple spanning tree instance, you are configuring that multiple spanning tree instance. If you specify 0 (defined as the default CIST ID) as the , you are configuring the common and internal spanning tree instance. Switching Commands 53 ProSafe Managed Switch If the you specify cost, this command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance, depending on the parameter, to the default value, i.e. a path cost value based on the Link Speed. If you specify external-cost, this command sets the external path cost for this port for mst ‘0’ instance, to the default value, i.e. a path cost value based on the Link Speed. If you specify port-priority, this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance, depending on the parameter, to the default value. Format no spanning-tree mst Mode Interface Config spanning-tree mst instance This command adds a multiple spanning tree instance to the switch. The parameter is a number within a range of 1 to 4094, that corresponds to the new instance ID to be added. The maximum number of multiple instances supported by the switch is 4. Default none Format spanning-tree mst instance Mode Global Config no spanning-tree mst instance This command removes a multiple spanning tree instance from the switch and reallocates all VLANs allocated to the deleted instance to the common and internal spanning tree. The parameter is a number that corresponds to the desired existing multiple spanning tree instance to be removed. Format no spanning-tree mst instance Mode Global Config spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance. The parameter is a number that corresponds to the desired existing multiple spanning tree instance. The priority value is a number within a range of 0 to 61440 in increments of 4096. If you specify 0 (defined as the default CIST ID) as the , this command sets the Bridge Priority parameter to a new value for the common and internal spanning tree. The bridge priority value is a number within a range of 0 to 61440. The twelve least significant bits Switching Commands 54 ProSafe Managed Switch are masked according to the 802.1s specification. This causes the priority to be rounded down to the next lower valid priority. Default 32768 Format spanning-tree mst priority <0-61440> Mode Global Config no spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance to the default value. The parameter is a number that corresponds to the desired existing multiple spanning tree instance. If 0 (defined as the default CIST ID) is passed as the , this command sets the Bridge Priority parameter for the common and internal spanning tree to the default value. Format no spanning-tree mst priority Mode Global Config spanning-tree mst vlan This command adds an association between a multiple spanning tree instance and one or more VLANs so that the VLAN(s) are no longer associated with the common and internal spanning tree. The parameter is a number that corresponds to the desired existing multiple spanning tree instance. The vlan range can be specified as a list or as a range of values. To specify a list of VLANs, enter a list of VLAN IDs, each separated by a comma with no spaces in between. To specify a range of VLANs, separate the beginning and ending VLAN ID with a dash ("-"). Format spanning-tree mst vlan Mode Global Config no spanning-tree mst vlan This command removes an association between a multiple spanning tree instance and one or more VLANs so that the VLAN(s) are again associated with the common and internal spanning tree. Format no spanning-tree mst vlan Mode Global Config Switching Commands 55 ProSafe Managed Switch spanning-tree port mode This command sets the Administrative Switch Port State for this port to enabled. Default enabled Format spanning-tree port mode Mode Interface Config no spanning-tree port mode This command sets the Administrative Switch Port State for this port to disabled. Format no spanning-tree port mode Mode Interface Config spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to enabled. Default enabled Format spanning-tree port mode all Mode Global Config no spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to disabled. Format no spanning-tree port mode all Mode Global Config spanning-tree edgeport all This command specifies that every port is an Edge Port within the common and internal spanning tree. This allows all ports to transition to Forwarding State without delay. Format spanning-tree edgeport all Mode Global Config no spanning-tree edgeport all This command disables Edge Port mode for all ports within the common and internal spanning tree. Format no spanning-tree edgeport all Mode Global Config Switching Commands 56 ProSafe Managed Switch spanning-tree bpduforwarding Normally a switch will not forward Spanning Tree Protocol (STP) BPDU packets if STP is disabled. However, if in some network setup, the user wishes to forward BDPU packets received from other network devices, this command can be used to enable the forwarding. Default disabled Format spanning-tree bpduforwarding Mode Global Config no spanning-tree bpduforwarding This command will cause the STP BPDU packets received from the network to be dropped if STP is disabled. Format no spanning-tree bpduforwarding Mode Global Config show spanning-tree This command displays spanning tree settings for the common and internal spanning tree. The following details are displayed. Format show spanning-tree Mode • Privileged EXEC • User EXEC Term Definition Bridge Priority Specifies the bridge priority for the Common and Internal Spanning tree (CST). The value lies between 0 and 61440. It is displayed in multiples of 4096. Bridge Identifier The bridge identifier for the CST. It is made up using the bridge priority and the base MAC address of the bridge. Time Since Topology Change Time in seconds. Topology Change Count Number of times changed. Topology Change Boolean value of the Topology Change parameter for the switch indicating if a topology change is in progress on any port assigned to the common and internal spanning tree. Designated Root The bridge identifier of the root bridge. It is made up from the bridge priority and the base MAC address of the bridge. Root Path Cost Value of the Root Path Cost parameter for the common and internal spanning tree. Switching Commands 57 ProSafe Managed Switch Term Definition Root Port Identifier Identifier of the port to access the Designated Root for the CST Root Port Max Age Derived value. Root Port Derived value. Bridge Forward Delay Hello Time Configured value of the parameter for the CST. Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs). Bridge Max Hops Bridge max-hops count for the device. CST Regional Root Bridge Identifier of the CST Regional Root. It is made up using the bridge priority and the base MAC address of the bridge. Regional Root Path Cost Path Cost to the CST Regional Root. Associated FIDs List of forwarding database identifiers currently associated with this instance. Associated VLANs List of VLAN IDs currently associated with this instance. show spanning-tree brief This command displays spanning tree settings for the bridge. The following information appears. Format show spanning-tree brief Mode • Privileged EXEC • User EXEC Term Definition Bridge Priority Configured value. Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority and the base MAC address of the bridge. Bridge Max Age Configured value. Bridge Max Hops Bridge max-hops count for the device. Bridge Hello Time Configured value. Bridge Forward Delay Configured value. Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs). Switching Commands 58 ProSafe Managed Switch show spanning-tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree. The is the desired switch port. The following details are displayed on execution of the command. Format show spanning-tree interface Mode • Privileged EXEC • User EXEC Term Definition Hello Time Admin hello time for this port. Port Mode Enabled or disabled. BPDU Guard Effect Enabled or disabled. Root Guard Enabled or disabled. Loop Guard Enabled or disabled. TCN Guard Enable or disable the propagation of received topology change notifications and topology changes to other ports. BPDU Filter Mode Enabled or disabled. BPDU Flood Mode Enabled or disabled. Auto Edge To enable or disable the feature that causes a port that has not seen a BPDU for ‘edge delay’ time, to become an edge port and transition to forwarding faster. Port Up Time Since Counters Last Cleared Time since port was reset, displayed in days, hours, minutes, and seconds. STP BPDUs Transmitted Spanning Tree Protocol Bridge Protocol Data Units sent. STP BPDUs Received Spanning Tree Protocol Bridge Protocol Data Units received. RSTP BPDUs Transmitted Rapid Spanning Tree Protocol Bridge Protocol Data Units sent. RSTP BPDUs Received Rapid Spanning Tree Protocol Bridge Protocol Data Units received. MSTP BPDUs Transmitted Multiple Spanning Tree Protocol Bridge Protocol Data Units sent. MSTP BPDUs Received Multiple Spanning Tree Protocol Bridge Protocol Data Units received. show spanning-tree mst port detailed This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. The parameter is a number that Switching Commands 59 ProSafe Managed Switch corresponds to the desired existing multiple spanning tree instance. The is the desired switch port. Format show spanning-tree mst port detailed Mode • Privileged EXEC • User EXEC Term Definition MST Instance ID The ID of the existing MST instance. Port Identifier The port identifier for the specified port within the selected MST instance. It is made up from the port priority and the interface number of the port. Port Priority The priority for a particular port within the selected MST instance. The port priority is displayed in multiples of 16. Port Forwarding Current spanning tree state of this port. State Port Role Each enabled MST Bridge Port receives a Port Role for each spanning tree. The port role is one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master Port or Disabled Port Auto-Calculate Port Path Cost Indicates whether auto calculation for port path cost is enabled. Port Path Cost Configured value of the Internal Port Path Cost parameter. Designated Root The Identifier of the designated root for this port. Root Path Cost The path cost to get to the root bridge for this instance. The root path cost is zero if the bridge is the root bridge for that instance. Designated Bridge Bridge Identifier of the bridge with the Designated Port. Designated Port Port on the Designated Bridge that offers the lowest cost to the LAN. Identifier Loop Inconsistent State The current loop inconsistent state of this port in this MST instance. When in loop inconsistent state, the port has failed to receive BPDUs while configured with loop guard enabled. Loop inconsistent state maintains the port in a "blocking" state until a subsequent BPDU is received. Transitions Into The number of times this interface has transitioned into loop inconsistent state. Loop Inconsistent State Transitions Out The number of times this interface has transitioned out of loop inconsistent state. of Loop Inconsistent State If you specify 0 (defined as the default CIST ID) as the , this command displays the settings and parameters for a specific switch port within the common and internal spanning Switching Commands 60 ProSafe Managed Switch tree. The is the desired switch port. In this case, the following are displayed. Term Definition Port Identifier The port identifier for this port within the CST. Port Priority The priority of the port within the CST. Port Forwarding The forwarding state of the port within the CST. State Port Role The role of the specified interface within the CST. Auto-Calculate Port Path Cost Indicates whether auto calculation for port path cost is enabled or not (disabled). Port Path Cost The configured path cost for the specified interface. Auto-Calculate External Port Path Cost Indicates whether auto calculation for external port path cost is enabled. External Port Path Cost The cost to get to the root bridge of the CIST across the boundary of the region. This means that if the port is a boundary port for an MSTP region, then the external path cost is used. Designated Root Identifier of the designated root for this port within the CST. Root Path Cost The root path cost to the LAN by the port. Designated Bridge The bridge containing the designated port. Designated Port Port on the Designated Bridge that offers the lowest cost to the LAN. Identifier Topology Value of flag in next Configuration Bridge Protocol Data Unit (BPDU) transmission Change indicating if a topology change is in progress for this port. Acknowledgem ent Hello Time The hello time in use for this port. Edge Port The configured value indicating if this port is an edge port. Edge Port Status The derived value of the edge port status. True if operating as an edge port; false otherwise. Point To Point MAC Status Derived value indicating if this port is part of a point to point link. CST Regional Root The regional root identifier in use for this port. CST Internal Root Path Cost The internal root path cost to the LAN by the designated external port. Loop Inconsistent State The current loop inconsistent state of this port in this MST instance. When in loop inconsistent state, the port has failed to receive BPDUs while configured with loop guard enabled. Loop inconsistent state maintains the port in a "blocking" state until a subsequent BPDU is received. Switching Commands 61 ProSafe Managed Switch Term Definition Transitions Into The number of times this interface has transitioned into loop inconsistent state. Loop Inconsistent State Transitions Out The number of times this interface has transitioned out of loop inconsistent state. of Loop Inconsistent State show spanning-tree mst port summary This command displays the settings of one or all ports within the specified multiple spanning tree instance. The parameter indicates a particular MST instance. The parameter { | all} indicates the desired switch port or all ports. If you specify 0 (defined as the default CIST ID) as the , the status summary displays for one or all ports within the common and internal spanning tree. Format show spanning-tree mst port summary { | all} Mode • Privileged EXEC • User EXEC Term Definition MST Instance ID The MST instance associated with this port. Interface Valid slot and port number separated by forward slashes. STP Mode Indicates whether spanning tree is enabled or disabled on the port. Type Currently not used. STP State The forwarding state of the port in the specified spanning tree instance. Port Role The role of the specified port within the spanning tree. Desc Indicates whether the port is in loop inconsistent state or not. This field is blank if the loop guard feature is not available. show spanning-tree mst port summary active This command displays settings for the ports within the specified multiple spanning tree instance that are active links. Format show spanning-tree mst port summary Mode • Privileged EXEC • User EXEC active Switching Commands 62 ProSafe Managed Switch Term Definition mstid The ID of the existing MST instance. Interface unit/slot/port STP Mode Indicates whether spanning tree is enabled or disabled on the port. Type Currently not used. STP State The forwarding state of the port in the specified spanning tree instance. Port Role The role of the specified port within the spanning tree. Desc Indicates whether the port is in loop inconsistent state or not. This field is blank if the loop guard feature is not available. show spanning-tree mst summary This command displays summary information about all multiple spanning tree instances in the switch. On execution, the following details are displayed. Format show spanning-tree mst summary Mode • Privileged EXEC • User EXEC Term Definition MST Instance ID List of multiple spanning trees IDs currently configured. List For each MSTID: • Associated FIDs • Associated VLANs • List of forwarding database identifiers associated with this instance. • List of VLAN IDs associated with this instance. show spanning-tree summary This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command. Format show spanning-tree summary Mode • Privileged EXEC • User EXEC Switching Commands 63 ProSafe Managed Switch Term Definition Spanning Tree Adminmode Enabled or disabled. Spanning Tree Version Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based upon the Force Protocol Version parameter. BPDU Guard Mode Enabled or disabled. BPDU Filter Mode Enabled or disabled. Configuration Name Identifier used to identify the configuration currently being used. Configuration Revision Level Identifier used to identify the configuration currently being used. Configuration Digest Key A generated Key used in the exchange of the BPDUs. Configuration Specifies the version of the configuration format being used in the exchange of BPDUs. Format Selector The default value is zero. MST Instances List of all multiple spanning tree instances configured on the switch. show spanning-tree vlan This command displays the association between a VLAN and a multiple spanning tree instance. The corresponds to an existing VLAN ID. Format show spanning-tree vlan Mode • Privileged EXEC • User EXEC Term Definition VLAN Identifier The VLANs associated with the selected MST instance. Associated Instance Identifier for the associated multiple spanning tree instance or “CST” if associated with the common and internal spanning tree. VLAN Commands This section describes the commands you use to configure VLAN settings. Switching Commands 64 ProSafe Managed Switch vlan database This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics. Format vlan database Mode Privileged EXEC network mgmt_vlan This command configures the Management VLAN ID. Default 1 Format network mgmt_vlan <1-4093> Mode Privileged EXEC no network mgmt_vlan This command sets the Management VLAN ID to the default. Format no network mgmt_vlan Mode Privileged EXEC vlan This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). The vlan-list contains VlanId's in range <1-4093>. Separate non-consecutive IDs with ',' and no spaces and no zeros in between the range; Use '-' for range. Format vlan Mode VLAN Config no vlan This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). The vlan-list contains VlanId's in range <1-4093>. Separate non-consecutive IDs with ',' and no spaces and no zeros in between the range; Use '-' for range. Format no vlan Mode VLAN Config Switching Commands 65 ProSafe Managed Switch vlan acceptframe This command sets the frame acceptance mode per interface. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification. Default all Format vlan acceptframe {untaggedonly | vlanonly | all} Mode Interface Config no vlan acceptframe This command resets the frame acceptance mode for the interface to the default value. Format no vlan acceptframe Mode Interface Config vlan ingressfilter This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. Default disabled Format vlan ingressfilter Mode Interface Config no vlan ingressfilter This command disables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. Format no vlan ingressfilter Mode Interface Config Switching Commands 66 ProSafe Managed Switch vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-4093. Format vlan makestatic <2-4093> Mode VLAN Config vlan name This command changes the name of a VLAN. The name is an alphanumeric string of up to 32 characters, and the ID is a valid VLAN identification number. ID range is 1-4093. Default • VLAN ID 1 - default • other VLANS - blank string Format vlan name <1-4093> Mode VLAN Config no vlan name This command sets the name of a VLAN to a blank string. Format no vlan name <1-4093> Mode VLAN Config vlan participation This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number. Format vlan participation {exclude | include | auto} <1-4093> Mode Interface Config Participation options are: Participation Options Definition include The interface is always a member of this VLAN. This is equivalent to registration fixed. exclude The interface is never a member of this VLAN. This is equivalent to registration forbidden. auto The interface is dynamically registered in this VLAN by GVRP. The interface will not participate in this VLAN unless a join request is received on this interface. This is equivalent to registration normal. Switching Commands 67 ProSafe Managed Switch vlan participation all This command configures the degree of participation for all interfaces in a VLAN. The ID is a valid VLAN identification number. Format vlan participation all {exclude | include | auto} <1-4093> Mode Global Config You can use the following participation options: Participation Options Definition include The interface is always a member of this VLAN. This is equivalent to registration fixed. exclude The interface is never a member of this VLAN. This is equivalent to registration forbidden. auto The interface is dynamically registered in this VLAN by GVRP. The interface will not participate in this VLAN unless a join request is received on this interface. This is equivalent to registration normal. vlan port acceptframe all This command sets the frame acceptance mode for all interfaces. Default all Format vlan port acceptframe all {vlanonly | all} Mode Global Config The modes defined as follows: Mode Definition VLAN Only mode Untagged frames or priority frames received on this interface are discarded. Admit All mode Untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification. no vlan port acceptframe all This command sets the frame acceptance mode for all interfaces to Admit All. For Admit All mode, untagged frames or priority frames received on this interface are accepted and Switching Commands 68 ProSafe Managed Switch assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification. Format no vlan port acceptframe all Mode Global Config vlan port ingressfilter all This command enables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. Default disabled Format vlan port ingressfilter all Mode Global Config no vlan port ingressfilter all This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. Format no vlan port ingressfilter all Mode Global Config vlan port pvid all This command changes the VLAN ID for all interface. Default 1 Format vlan port pvid all <1-4093> Mode Global Config no vlan port pvid all This command sets the VLAN ID for all interfaces to 1. Format no vlan port pvid all Mode Global Config Switching Commands 69 ProSafe Managed Switch vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Format vlan port tagging all <1-4093> Mode Global Config no vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Format no vlan port tagging all Mode Global Config vlan protocol group This command adds protocol-based VLAN groups to the system. When it is created, the protocol group will be assigned a unique number (1-128) that will be used to identify the group in subsequent commands. Format vlan protocol group <1-128> Mode Global Config no vlan protocol group This command removes a protocol group. Format no vlan protocol group <1-128> Mode Global Config vlan protocol group name This command assigns a name to a protocol-based VLAN groups. The groupname variable can be a character string of 0 to 16 characters. Format vlan protocol group name <1-128> Mode Global Config Switching Commands 70 ProSafe Managed Switch no vlan protocol group name This command removes the name from a protocol-based VLAN groups. Format no vlan protocol group name <1-128> Mode Global Config vlan protocol group add protocol This command adds the protocol to the protocol-based VLAN identified by groupid. A group may have more than one protocol associated with it. Each interface and protocol combination can only be associated with one group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this command fails and the protocol is not added to the group. The possible values for protocol-list includes the keywords ip, arp, and ipx and hexadecimal or decimal values ranging from 0x0600 (1536) to 0xFFFF (65535). The protocol list can accept up to 16 protocols separated by a comma. Default none Format vlan protocol group add protocol ethertype { |arp|ip|ipx} Mode Global Config no vlan protocol group add protocol This command removes the from this protocol-based VLAN group that is identified by this . The possible values for protocol are ip, arp, and ipx. Format no vlan protocol group add protocol ethertype { |arp|ip|ipx} Mode Global Config protocol group This command attaches a to the protocol-based VLAN identified by . A group may only be associated with one VLAN at a time, however the VLAN association can be changed. Default none Format protocol group Mode VLAN Config Switching Commands 71 ProSafe Managed Switch no protocol group This command removes the from this protocol-based VLAN group that is identified by this . Format no protocol group Mode VLAN Config protocol vlan group This command adds the physical interface to the protocol-based VLAN identified by . You can associate multiple interfaces with a group, but you can only associate each interface and protocol combination with one group. If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command fails and the interface(s) are not added to the group. Default none Format protocol vlan group Mode Interface Config no protocol vlan group This command removes the interface from this protocol-based VLAN group that is identified by this . Format no protocol vlan group Mode Interface Config protocol vlan group all This command adds all physical interfaces to the protocol-based VLAN identified by . You can associate multiple interfaces with a group, but you can only associate each interface and protocol combination with one group. If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command will fail and the interface(s) will not be added to the group. Default none Format protocol vlan group all Mode Global Config Switching Commands 72 ProSafe Managed Switch no protocol vlan group all This command removes all interfaces from this protocol-based VLAN group that is identified by this . Format no protocol vlan group all Mode Global Config vlan pvid This command changes the VLAN ID per interface. Default 1 Format vlan pvid <1-4093> Mode Interface Config no vlan pvid This command sets the VLAN ID per interface to 1. Format no vlan pvid Mode Interface Config vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The vlan-list contains VlanId's in range <1-4093>. Separate non-consecutive IDs with ',' and no spaces and no zeros in between the range; Use '-' for range. Format vlan tagging Mode Interface Config no vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The vlan-list contains VlanId's in range <1-4093>. Separate non-consecutive IDs with ',' and no spaces and no zeros in between the range; Use '-' for range. Format no vlan tagging Mode Interface Config Switching Commands 73 ProSafe Managed Switch vlan association subnet This command associates a VLAN to a specific IP-subnet. Format vlan association subnet <1-4093> Mode VLAN Config no vlan association subnet This command removes association of a specific IP-subnet to a VLAN. Format no vlan association subnet Mode VLAN Config vlan association mac This command associates a MAC address to a VLAN. Format vlan association mac <1-4093> Mode VLAN database no vlan association mac This command removes the association of a MAC address to a VLAN. Format no vlan association mac Mode VLAN database show vlan This command displays a list of all configured VLAN. Format show vlan Mode • Privileged EXEC • User EXEC Term Definition VLAN ID There is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID is 1 to 4093. VLAN Name A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. VLAN ID 1 always has a name of “Default.” This field is optional. VLAN Type Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and permanently defined), or Dynamic (one that is created by GVRP registration). Switching Commands 74 ProSafe Managed Switch show vlan This command displays detailed information, including interface information, for a specific VLAN. The ID is a valid VLAN identification number. Format show vlan Mode • Privileged EXEC • User EXEC Term Definition VLAN ID There is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID is 1 to 4093. VLAN Name A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. VLAN ID 1 always has a name of “Default.” This field is optional. VLAN Type Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and permanently defined), or Dynamic (one that is created by GVRP registration). Interface Valid slot and port number separated by forward slashes. It is possible to set the parameters for all ports by using the selectors on the top line. Current The degree of participation of this port in this VLAN. The permissible values are: • Include - This port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE 802.1Q standard. • Exclude - This port is never a member of this VLAN. This is equivalent to registration forbidden in the IEEE 802.1Q standard. • Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard. Configured The configured degree of participation of this port in this VLAN. The permissible values are: • Include - This port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE 802.1Q standard. • Exclude - This port is never a member of this VLAN. This is equivalent to registration forbidden in the IEEE 802.1Q standard. • Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard. Tagging The tagging behavior for this port in this VLAN. • Tagged - Transmit traffic for this VLAN as tagged frames. • Untagged - Transmit traffic for this VLAN as untagged frames. Switching Commands 75 ProSafe Managed Switch show vlan brief This command displays a list of all configured VLANs. Format show vlan brief Mode • Privileged EXEC • User EXEC Term Definition VLAN ID There is a VLAN Identifier (vlanid) associated with each VLAN. The range of the VLAN ID is 1 to 3965. VLAN Name A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. VLAN ID 1 always has a name of “Default.” This field is optional. VLAN Type Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and permanently defined), or a Dynamic (one that is created by GVRP registration). show vlan port This command displays VLAN port information. Format show vlan port { | all} Mode • Privileged EXEC • User EXEC Term Definition Interface Valid slot and port number separated by forward slashes. It is possible to set the parameters for all ports by using the selectors on the top line. Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. The value must be for an existing VLAN. The factory default is 1. Acceptable Frame Types The types of frames that may be received on this port. The options are 'VLAN only' and 'Admit All'. When set to 'VLAN only', untagged frames or priority tagged frames received on this port are discarded. When set to 'Admit All', untagged frames or priority tagged frames received on this port are accepted and assigned the value of the Port VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance to the 802.1Q VLAN specification. Ingress Filtering May be enabled or disabled. When enabled, the frame is discarded if this port is not a member of the VLAN with which this frame is associated. In a tagged frame, the VLAN is identified by the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID specified for the port that received this frame. When disabled, all frames are forwarded in accordance with the 802.1Q VLAN bridge specification. The factory default is disabled. GVRP May be enabled or disabled. Default Priority The 802.1p priority assigned to tagged packets arriving on the port. Switching Commands 76 ProSafe Managed Switch show vlan association subnet This command displays the VLAN associated with a specific configured IP-Address and net mask. If no IP address and net mask are specified, the VLAN associations of all the configured IP-subnets are displayed. Format show vlan association subnet [ ] Mode Privileged EXEC Term Definition IP Subnet The IP address assigned to each interface. IP Mask The subnet mask. VLAN ID There is a VLAN Identifier (VID) associated with each VLAN. show vlan association mac This command displays the VLAN associated with a specific configured MAC address. If no MAC address is specified, the VLAN associations of all the configured MAC addresses are displayed. Format show vlan association mac [ ] Mode Privileged EXEC Term Definition MAC Address A MAC address for which the switch has forwarding and or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes. VLAN ID There is a VLAN Identifier (VID) associated with each VLAN. Double VLAN Commands This section describes the commands you use to configure double VLAN (DVLAN). Double VLAN tagging is a way to pass VLAN traffic from one customer domain to another through a Metro Core in a simple and cost effective manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving the VLAN identification of the individual customers when they enter their own 802.1Q domain. Switching Commands 77 ProSafe Managed Switch dvlan-tunnel ethertype This command configures the ether-type for all interfaces. The ether-type may have the values of 802.1Q, vMAN, or custom. If the ether-type has a value of custom, the optional value of the custom ether type must be set to a value from 0 to 65535. Default vman Format dvlan-tunnel ethertype {802.1Q | vman | custom} [0-65535] Mode Global Config mode dot1q-tunnel This command is used to enable Double VLAN Tunneling on the specified interface. Default disabled Format mode dot1q-tunnel Mode Interface Config no mode dot1q-tunnel This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled. Format no mode dot1q-tunnel Mode Interface Config mode dvlan-tunnel Use this command to enable Double VLAN Tunneling on the specified interface. Note: When you use the mode dvlan-tunnel command on an interface, it becomes a service provider port. Ports that do not have double VLAN tunneling enabled are customer ports. Default disabled Format mode dvlan-tunnel Mode Interface Config Switching Commands 78 ProSafe Managed Switch no mode dvlan-tunnel This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled. Format no mode dvlan-tunnel Mode Interface Config show dot1q-tunnel Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling. Use the optional parameters to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces. Format show dot1q-tunnel [interface { | all}] Mode • Privileged EXEC • User EXEC Term Definition Interface Valid slot and port number separated by forward slashes. Mode The administrative mode through which Double VLAN Tunneling can be enabled or disabled. The default value for this field is disabled. EtherType A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three different EtherType tags. The first is 802.1Q, which represents the commonly used value of 0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If EtherType is not one of these two values, then it is a custom tunnel value, representing any value in the range of 0 to 65535. show dvlan-tunnel Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling. Use the optional parameters to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces. Format show dvlan-tunnel [interface { | all}] Mode • Privileged EXEC • User EXEC Term Definition Interface Valid slot and port number separated by forward slashes. Switching Commands 79 ProSafe Managed Switch Term Definition Mode The administrative mode through which Double VLAN Tunneling can be enabled or disabled. The default value for this field is disabled. EtherType A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three different EtherType tags. The first is 802.1Q, which represents the commonly used value of 0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If EtherType is not one of these two values, then it is a custom tunnel value, representing any value in the range of 0 to 65535. Voice VLAN Commands This section describes the commands you use for Voice VLAN. Voice VLAN enables switch ports to carry voice traffic with defined priority so as to enable separation of voice and data traffic coming onto the port. The benefits of using Voice VLAN is to ensure that the sound quality of an IP phone could be safeguarded from deteriorating when the data traffic on the port is high. Also the inherent isolation provided by VLANs ensures that inter-VLAN traffic is under management control and that network- attached clients cannot initiate a direct attack on voice components. QoS-based on IEEE 802.1P class of service (CoS) uses classification and scheduling to sent network traffic from the switch in a predictable manner. The system uses the source MAC of the traffic traveling through the port to identify the IP phone data flow. voice vlan (Global Config) Use this command to enable the Voice VLAN capability on the switch. Default disabled Format voice vlan Mode Global Config no voice vlan (Global Config) Use this command to disable the Voice VLAN capability on the switch. Format no voice vlan Mode Global Config voice vlan (Interface Config) Use this command to enable the Voice VLAN capability on the interface. Default disabled Switching Commands 80 ProSafe Managed Switch Format voice vlan { | dot1p | none | untagged} Mode Interface Config You can configure Voice VLAN in any of the following ways: Parameter Description vlan-id Configure the IP phone to forward all voice traffic through the specified VLAN. Valid VLAN IDs are from 1 to 4093 (the maximum supported by the platform). dot1p Configure the IP phone to use 802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. Valid range is 0 to 7. none Allow the IP phone to use its own configuration to send untagged voice traffic. untagged Configure the phone to send untagged voice traffic. no voice vlan (Interface Config) Use this command to disable the Voice VLAN capability on the interface. Format no voice vlan Mode Interface Config voice vlan data priority Use this command to either trust or untrust the data traffic arriving on the Voice VLAN port. Default trust Format voice vlan data priority {untrust | trust} Mode Interface Config show voice vlan Format show voice vlan [interface { | all}] Mode Privileged EXEC When the interface parameter is not specified, only the global mode of the Voice VLAN is displayed. Term Definition Administrative Mode The Global Voice VLAN mode. Switching Commands 81 ProSafe Managed Switch When the interface is specified:. Term Definition Voice VLAN Interface Mode The admin mode of the Voice VLAN on the interface. Voice VLAN ID The Voice VLAN ID Voice VLAN Priority The do1p priority for the Voice VLAN on the port. Voice VLAN Untagged The tagging option for the Voice VLAN traffic. Voice VLAN CoS Override The Override option for the voice traffic arriving on the port. Voice VLAN Status The operational status of Voice VLAN on the port. Provisioning (IEEE 802.1p) Commands This section describes the commands you use to configure provisioning, which allows you to prioritize ports. vlan port priority all This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. The range for the priority is 0-7. Any subsequent per port configuration will override this configuration setting. Format vlan port priority all Mode Global Config vlan priority This command configures the default 802.1p port priority assigned for untagged packets for a specific interface. The range for the priority is 0–7. Default 0 Format vlan priority Mode Interface Config Protected Ports Commands This section describes commands you use to configure and view protected ports on a switch. Protected ports do not forward traffic to each other, even if they are on the same VLAN. However, protected ports can forward traffic to all unprotected ports in their group. Unprotected ports can forward traffic to both protected and unprotected ports. Ports are unprotected by default. Switching Commands 82 ProSafe Managed Switch If an interface is configured as a protected port, and you add that interface to a Port Channel or Link Aggregation Group (LAG), the protected port status becomes operationally disabled on the interface, and the interface follows the configuration of the LAG port. However, the protected port configuration for the interface remains unchanged. Once the interface is no longer a member of a LAG, the current configuration for that interface automatically becomes effective. switchport protected (Global Config) Use this command to create a protected port group. The parameter identifies the set of protected ports. Use the name pair to assign a name to the protected port group. The name can be up to 32 alphanumeric characters long, including blanks. The default is blank. Note: Port protection occurs within a single switch. Protected port configuration does not affect traffic between ports on two different switches. No traffic forwarding is possible between two protected ports. Format switchport protected name Mode Global Config no switchport protected (Global Config) Use this command to remove a protected port group. The groupid parameter identifies the set of protected ports. Use the name keyword to remove the name from the group. Format NO switchport protected name Mode Global Config switchport protected (Interface Config) Use this command to add an interface to a protected port group. The parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group. Note: Port protection occurs within a single switch. Protected port configuration does not affect traffic between ports on two different switches. No traffic forwarding is possible between two protected ports. Switching Commands 83 ProSafe Managed Switch Default unprotected Format switchport protected Mode Interface Config no switchport protected (Interface Config) Use this command to configure a port as unprotected. The groupid parameter identifies the set of protected ports to which this interface is assigned. Format no switchport protected Mode Interface Config show switchport protected This command displays the status of all the interfaces, including protected and unprotected interfaces. Format show switchport protected Mode • Privileged EXEC • User EXEC Term Definition Group ID The number that identifies the protected port group. Name An optional name of the protected port group. The name can be up to 32 alphanumeric characters long, including blanks. The default is blank. List of Physical List of ports, which are configured as protected for the group identified with . If Ports no port is configured as protected for this group, this field is blank. show interfaces switchport This command displays the status of the interface (protected/unprotected) under the groupid. Format show interfaces switchport Mode • Privileged EXEC • User EXEC Term Definition Name A string associated with this group as a convenience. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. This field is optional. Protected port Indicates whether the interface is protected or not. It shows TRUE or FALSE. If the group is a multiple groups then it shows TRUE in Group . Switching Commands 84 ProSafe Managed Switch Private Group Commands This section describes commands used to configure private group and view private group configuration information. Private group can be used to create a group of ports that can or can not share traffic to each others in the same VLAN group. The main application is to isolate a group of users from another without using VLAN. switchport private-group This command is used to assign one port or a range of ports to private group (or ). The ingress traffic from a port in private group can be forwarded to other ports either in the same private group or anyone in the same VLAN that are not in a private group. By default, a port does not belong to any private group. A port cannot be in more than one private group. An error message should return when that occurred. To change a port’s private group, first the port must be removed from its private group. Default port not associated with any group. Format switchport private-group [ | ] Mode Interface Config no switchport private group This command is used to remove the specified port from the given private group. Format no switchport private-group [ | ] Mode Interface Config private-group name This command is used to create a private group with name . The name string can be up to 24 bytes of non-blank characters. The total number of private groups is 192 such that the valid range for the ID is <1-192>. The field is optional. If not specified, a group id not used will be assigned automatically. The mode can be either “isolated” or “community”. When in “isolated” mode, the member port in the group cannot forward its egress traffic to any other members in the same group. By default, the mode is “community” mode that each member port can forward traffic to other members in the same group, but not to members in other groups. Switching Commands 85 ProSafe Managed Switch Format private-group name [ ] [mode {community|isolated}] Mode Global Config no private-group name This command is used to remove the specified private group. Format private-group name Mode Global Config show private-group This command displays the private groups’ information. Format show private-groupname [ | |port ] Mode Privileged EXEC Term Definition Interface Valid slot and port number separated by forward slashes. Port VLANID The VLAN ID associated with the port. Private Group ID Total number of private groups is 192. Private Group Name The name string can be up to 24 bytes of non-blank characters Private Group The mode can be either “isolated” or “community”. Private VLAN The Private VLANs feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each other and provides Layer 2 isolation between ports of the same private VLAN. The types of VLANs within a private VLAN are as follows: • Primary VLAN—Forwards the traffic from the promiscuous ports to isolated ports, community ports and other promiscuous ports in the same private VLAN. Only one Switching Commands 86 ProSafe Managed Switch primary VLAN can be configured per private VLAN. All ports within a private VLAN share the same primary VLAN. • Isolated VLAN—A secondary VLAN that carries traffic from isolated ports to promiscuous ports. Only one isolated VLAN can be configured per private VLAN. • Community VLAN—A secondary VLAN that forwards traffic between ports that belong to the same community and the promiscuous ports. There can be multiple community VLANs per private VLAN. Three types of port designations exist within a private VLAN: • Promiscuous Ports—An endpoint connected to a promiscuous port is allowed to communicate with any endpoint within the private VLAN. Multiple promiscuous ports can be defined for a single private VLAN domain. • Isolated Ports—An endpoint connected to an isolated port is allowed to communicate with endpoints connected to promiscuous ports only. Endpoints connected to adjacent isolated ports cannot communicate with each other. • Community Ports—An endpoint connected to a community port is allowed to communicate with the endpoints within a community and with any configured promiscuous port. The endpoints that belong to one community cannot communicate with endpoints that belong to a different community or with endpoints connected to isolated ports. The Private VLANs can be extended across multiple switches through inter-switch/stack links that transport primary, community and isolated VLANs between devices. switchport private-vlan This command is used to define a private-VLAN association for an isolated or community port or a mapping for a promiscuous port. Format switchport private-vlan {host-association | mapping {add | remove} } Mode Interface Config Term Definition host-association Defines VLAN association for community or host ports. mapping Defines the private VLAN mapping for promiscuous ports. primary-vlan-id Primary VLAN ID of a private VLAN. secondary-vlan-id Secondary (isolated or community) VLAN ID of a private VLAN. add Associates the secondary VLAN with the primary one. remove Deletes the secondary VLANs from the primary VLAN association. secondary-vlan-list A list of secondary VLANs to be mapped to a primary VLAN. Switching Commands 87 ProSafe Managed Switch no switchport private-vlan This command is used to remove the private-VLAN association or mapping from the port. Format no switchport private-vlan {host-association | mapping} Mode Interface Config switchport mode private-vlan This command is used to configure a port as a promiscuous or host private VLAN port. Note that the properties of each mode can be configured even when the switch is not in that mode. However, they will only be applicable once the switch is in that particular mode. Format switchport mode private-vlan {host | promiscuous} Mode Interface Config Default General Term Definition host Configures an interface as a private VLAN host port. It can be either isolated or community port depending on the secondary VLAN it is associated with. promiscuous Configures an interface as a private VLAN promiscuous port. The promiscuous ports are members of the primary VLAN. no switchport mode This command is used to remove the private-VLAN association or mapping from the port. Format no switchport mode private-vlan Mode Interface Config private-vlan This command is used to configure the private VLANs and to configure the association between the primary private VLAN and secondary VLANs. Format private-vlan {association [add | remove] | community | isolated | primary} Mode VLAN Config Term Definition association Associates the primary and secondary VLAN. secondary-vlan-list A list of secondary VLANs to be mapped to a primary VLAN. community Designates a VLAN as a community VLAN. Switching Commands 88 ProSafe Managed Switch Term Definition isolated Designates a VLAN as the isolated VLAN. primary Designates a VLAN as the primary VLAN. no private-vlan This command is used to restore normal VLAN configuration. Format no private-vlan {association} Mode VLAN Config vlan Use this command to enter the private vlan configuration. The VLAN range is 1-4094. Format vlan Mode Global Config show vlan This command displays information about the configured private VLANs including primary and secondary VLAN IDs, type (community, isolated, or primary) and the ports that belong to a private VLAN. Format show vlan private-vlan [type] Mode • Priviliged EXEC • User EXEC Term Definition Private -vlan Displays information about the configured private VLANs type Displays only private VLAN ID and its type. Primary Displays primary VLAN ID Secondary Displays secondary VLAN ID Type Displays secondary VLAN type Ports Displays ports which are associated with a private VLAN Switching Commands 89 ProSafe Managed Switch show interface ethernet switchport This command displays the private-VLAN mapping information for the switch interfaces. Format show interface ethernet switchport Mode • Privileged EXEC • User EXEC Term Definition Private-vlan host-association Displays VLAN association for the private-VLAN host ports. Private-vlan mapping Displays VLAN mapping for the private-VLAN promiscuous ports GARP Commands This section describes the commands you use to configure Generic Attribute Registration Protocol (GARP) and view GARP status. The commands in this section affect both GARP VLAN Registration Protocol (GVRP) and Garp Multicast Registration Protocol (GMRP). GARP is a protocol that allows client stations to register with the switch for membership in VLANS (by using GVMP) or multicast groups (by using GVMP). set garp timer join This command sets the GVRP join time for one port (Interface Config mode) or all (Global Config mode) and per GARP. Join time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering) membership for a VLAN or multicast group. This command has an effect only when GVRP is enabled. The time is from 10 to 100 (centiseconds). The value 20 centiseconds is 0.2 seconds. Default 20 Format set garp timer join <10-100> Mode • Interface Config • Global Config no set garp timer join This command sets the GVRP join time (for one or all ports and per GARP) to the default and only has an effect when GVRP is enabled. Format no set garp timer join Mode • Interface Config • Global Config Switching Commands 90 ProSafe Managed Switch set garp timer leave This command sets the GVRP leave time for one port (Interface Config mode) or all ports (Global Config mode) and only has an effect when GVRP is enabled. Leave time is the time to wait after receiving an unregister request for a VLAN or a multicast group before deleting the VLAN entry. This can be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. The leave time is 20 to 600 (centiseconds). The value 60 centiseconds is 0.6 seconds. Default 60 Format set garp timer leave <20-600> Mode • Interface Config • Global Config no set garp timer leave This command sets the GVRP leave time on all ports or a single port to the default and only has an effect when GVRP is enabled. Format no set garp timer leave Mode • Interface Config • Global Config set garp timer leaveall This command sets how frequently Leave All PDUs are generated. A Leave All PDU indicates that all registrations will be unregistered. Participants would need to rejoin in order to maintain registration. The value applies per port and per GARP participation. The time may range from 200 to 6000 (centiseconds). The value 1000 centiseconds is 10 seconds. You can use this command on all ports (Global Config mode) or a single port (Interface Config mode), and it only has an effect only when GVRP is enabled. Default 1000 Format set garp timer leaveall <200-6000> Mode • Interface Config • Global Config no set garp timer leaveall This command sets how frequently Leave All PDUs are generated the default and only has an effect when GVRP is enabled. Format no set garp timer leaveall Mode • Interface Config • Global Config Switching Commands 91 ProSafe Managed Switch show garp This command displays GARP information. Format show garp Mode • Privileged EXEC • User EXEC Term Definition GMRP Admin Mode The administrative mode of GARP Multicast Registration Protocol (GMRP) for the system. GVRP Admin Mode The administrative mode of GARP VLAN Registration Protocol (GVRP) for the system. GVRP Commands This section describes the commands you use to configure and view GARP VLAN Registration Protocol (GVRP) information. GVRP-enabled switches exchange VLAN configuration information, which allows GVRP to provide dynamic VLAN creation on trunk ports and automatic VLAN pruning. Note: If GVRP is disabled, the system does not forward GVRP messages. set gvrp adminmode This command enables GVRP on the system. Default disabled Format set gvrp adminmode Mode Privileged EXEC no set gvrp adminmode This command disables GVRP. Format no set gvrp adminmode Mode Privileged EXEC Switching Commands 92 ProSafe Managed Switch set gvrp interfacemode This command enables GVRP on a single port (Interface Config mode) or all ports (Global Config mode). Default disabled Format set gvrp interfacemode Mode • Interface Config • Global Config no set gvrp interfacemode This command disables GVRP on a single port (Interface Config mode) or all ports (Global Config mode). If GVRP is disabled, Join Time, Leave Time and Leave All Time have no effect. Format no set gvrp interfacemode Mode • Interface Config • Global Config show gvrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces. Format show gvrp configuration { | all} Mode • Privileged EXEC • User EXEC Term Definition Interface Valid slot and port number separated by forward slashes. Join Timer The interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2 seconds). The finest granularity of specification is one centisecond (0.01 seconds). Leave Timer The period of time to wait after receiving an unregister request for an attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds). The factory default is 60 centiseconds (0.6 seconds). Switching Commands 93 ProSafe Managed Switch Term Definition LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. There is an instance of this timer on a per-Port, per-GARP participant basis. The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60 seconds). The factory default is 1000 centiseconds (10 seconds). Port GVMRP Mode The GVRP administrative mode for the port, which is enabled or disabled (default). If this parameter is disabled, Join Time, Leave Time and Leave All Time have no effect. GMRP Commands This section describes the commands you use to configure and view GARP Multicast Registration Protocol (GMRP) information. Like IGMP snooping, GMRP helps control the flooding of multicast packets. GMRP-enabled switches dynamically register and de-register group membership information with the MAC networking devices attached to the same segment. GMRP also allows group membership information to propagate across all networking devices in the bridged LAN that support Extended Filtering Services. Note: If GMRP is disabled, the system does not forward GMRP messages. set gmrp adminmode This command enables GARP Multicast Registration Protocol (GMRP) on the system. Default disabled Format set gmrp adminmode Mode Privileged EXEC no set gmrp adminmode This command disables GARP Multicast Registration Protocol (GMRP) on the system. Format no set gmrp adminmode Mode Privileged EXEC set gmrp interfacemode This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode) or all interfaces (Global Config mode). If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality Switching Commands 94 ProSafe Managed Switch is disabled on that interface. GARP functionality is subsequently re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled. Default disabled Format set gmrp interfacemode Mode • Interface Config • Global Config no set gmrp interfacemode This command disables GARP Multicast Registration Protocol on a single interface or all interfaces. If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality is disabled. GARP functionality is subsequently re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled. Format no set gmrp interfacemode Mode • Interface Config • Global Config show gmrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces. Format show gmrp configuration { | all} Mode • Privileged EXEC • User EXEC Term Definition Interface The unit/slot/port of the interface that this row in the table describes. Join Timer The interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a per-port, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds). Leave Timer The period of time to wait after receiving an unregister request for an attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds). The factory default is 60 centiseconds (0.6 seconds). Switching Commands 95 ProSafe Managed Switch Term Definition LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. There is an instance of this timer on a per-Port, per-GARP participant basis. The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60 seconds). The factory default is 1000 centiseconds (10 seconds). Port GMRP Mode The GMRP administrative mode for the port. It may be enabled or disabled. If this parameter is disabled, Join Time, Leave Time and Leave All Time have no effect. show mac-address-table gmrp This command displays the GMRP entries in the Multicast Forwarding Database (MFDB) table. Format show mac-address-table gmrp Mode Privileged EXEC Term Definition Mac Address A unicast MAC address for which the switch has forwarding and or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address is displayed as 8 bytes. Type The type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol. Description The text description of this multicast table entry. Interfaces The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). Port-Based Network Access Control Commands This section describes the commands you use to configure port-based network access control (802.1x). Port-based network access control allows you to permit access to network services only to and devices that are authorized and authenticated. clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all ports. Format clear dot1x statistics { | all} Mode Privileged EXEC Switching Commands 96 ProSafe Managed Switch clear radius statistics This command is used to clear all RADIUS statistics. Format clear radius statistics Mode Privileged EXEC dot1x guest-vlan This command configures VLAN as guest vlan on a per port basis. The command specifies an active VLAN as an IEEE 802.1x guest VLAN. The range is 1 to the maximum VLAN ID supported by the platform. Default disabled Format dot1x guest-vlan Mode Interface Config no dot1x guest-vlan This command disables Guest VLAN on the interface. Default disabled Format no dot1x guest-vlan Mode Interface Config dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is “auto” or “mac-based”. If the control mode is not 'auto' or “mac-based”, an error will be returned. Format dot1x initialize Mode Privileged EXEC dot1x mac-auth-bypass This command enables MAC-Based Authentication Bypass (MAB) for 802.1x-unaware clients. MAB provides 802.1x-unaware clients controlled access to the network using the devices’ MAC address as an identifier. This requires that the known and allowable MAC address and corresponding access rights be pre-populated in the authentication server. MAB works only when the port control mode of the port is MAC-based. Format dot1x mac-auth-bypass Mode Interface Config Switching Commands 97 ProSafe Managed Switch no dot1x mac-auth-bypass This command disables MAB for 802.1x-unaware clients. Format no dot1x mac-auth-bypass Mode Interface Config dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The value must be in the range 1 - 10. Default 2 Format dot1x max-req Mode Interface Config no dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. Format no dot1x max-req Mode Interface Config dot1x max-users Use this command to set the maximum number of clients supported on the port when MAC-based dot1x authentication is enabled on the port. The maximum users supported per port is dependent on the product. The value is in the range 1 - 48. Default 48 Format dot1x max-users Mode Interface Config no dot1x max-users This command resets the maximum number of clients allowed per port to its default value. Format no dot1x max-req Mode Interface Config Switching Commands 98 ProSafe Managed Switch dot1x port-control This command sets the authentication mode to use on the specified port. Select force-unauthorized to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized. Select force-authorized to specify that the authenticator PAE unconditionally sets the controlled port to authorized. Select auto to specify that the authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator and the authentication server. If the mac-based option is specified, then MAC-based dot1x authentication is enabled on the port. Default auto Format dot1x port-control {force-unauthorized | force-authorized | auto | mac-based} Mode Interface Config no dot1x port-control This command sets the 802.1x port control mode on the specified port to the default value. Format no dot1x port-control Mode Interface Config dot1x port-control all This command sets the authentication mode to use on all ports. Select force-unauthorized to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized. Select force-authorized to specify that the authenticator PAE unconditionally sets the controlled port to authorized. Select auto to specify that the authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator and the authentication server. If the mac-based option is specified, then MAC-based dot1x authentication is enabled on the port. Default auto Format dot1x port-control all {force-unauthorized | force-authorized | auto | mac-based} Mode Global Config no dot1x port-control all This command sets the authentication mode on all ports to the default value. Format no dot1x port-control all Mode Global Config Switching Commands 99 ProSafe Managed Switch dot1x re-authenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is “auto” or “mac-based”. If the control mode is not “auto” or “mac-based”, an error will be returned. Format dot1x re-authenticate Mode Privileged EXEC dot1x re-authentication This command enables re-authentication of the supplicant for the specified port. Default disabled Format dot1x re-authentication Mode Interface Config no dot1x re-authentication This command disables re-authentication of the supplicant for the specified port. Format no dot1x re-authentication Mode Interface Config dot1x system-auth-control Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x configuration is retained and can be changed, but is not activated. Default disabled Format dot1x system-auth-control Mode Global Config no dot1x system-auth-control This command is used to disable the dot1x authentication support on the switch. Format no dot1x system-auth-control Mode Global Config Switching Commands 100 ProSafe Managed Switch dot1x timeout This command sets the value, in seconds, of the timer used by the authenticator state machine on this port. Depending on the token used and the value (in seconds) passed, various timeout configurable parameters are set. The following tokens are supported: Tokens Definition guest-vlan-period The time, in seconds, for which the authenticator waits to see if any EAPOL packets are received on a port before authorizing the port and placing the port in the guest vlan (if configured). The guest vlan timer is only relevant when guest vlan has been configured on that specific port. reauth-period The value, in seconds, of the timer used by the authenticator state machine on this port to determine when re-authentication of the supplicant takes place. The reauth-period must be a value in the range 1 - 65535. quiet-period The value, in seconds, of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant. The quiet-period must be a value in the range 0 - 65535. tx-period The value, in seconds, of the timer used by the authenticator state machine on this port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The quiet-period must be a value in the range 1 - 65535. supp-timeout The value, in seconds, of the timer used by the authenticator state machine on this port to timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535. server-timeout The value, in seconds, of the timer used by the authenticator state machine on this port to timeout the authentication server. The supp-timeout must be a value in the range 1 65535. Default • • • • • • Format dot1x timeout {{guest-vlan-period } |{reauth-period } | {quiet-period } | {tx-period } | {supp-timeout } | {server-timeout }} Mode Interface Config guest-vlan-period: 90 seconds reauth-period: 3600 seconds quiet-period: 60 seconds tx-period: 30 seconds supp-timeout: 30 seconds server-timeout: 30 seconds no dot1x timeout This command sets the value, in seconds, of the timer used by the authenticator state machine on this port to the default values. Depending on the token used, the corresponding default values are set. Format no dot1x timeout {guest-vlan-period | reauth-period | quiet-period | tx-period | supp-timeout | server-timeout} Mode Interface Config Switching Commands 101 ProSafe Managed Switch dot1x unauthenticated-vlan Use this command to configure the unauthenticated VLAN associated with that port. The unauthenticated VLAN ID can be a valid VLAN ID from 0-Maximum supported VLAN ID (4093 for 7000 series). The unauthenticated VLAN must be statically configured in the VLAN database to be operational. By default, the unauthenticated VLAN is 0, i.e. invalid and not operational. Default 0 Format dot1x unauthenticated-vlan Mode Interface Config no dot1x unauthenticated-vlan This command resets the unauthenticated-vlan associated with the port to its default value. Format no dot1x unauthenticated-vlan Mode Interface Config dot1x user This command adds the specified user to the list of users with access to the specified port or all ports. The parameter must be a configured user. Format dot1x user { | all} Mode Global Config no dot1x user This command removes the user from the list of users with access to the specified port or all ports. Format no dot1x user { | all} Mode Global Config clear dot1x authentication-history This command clears the authentication history table captured during successful and unsuccessful authentication on all interface or the specified interface. Format clear dot1x authentication-history [unit/slot/port] Mode Global Config Switching Commands 102 ProSafe Managed Switch dot1x dynamic-vlan enable Use this command to enable the switch to create VLANs dynamically when a RADIUS assigned VLAN does not exist in the switch. Format dot1x dynamic-vlan enable Mode Global Config Default Disabled no dot1x dynamic-vlan enable Use this command to disable the switch from creating VLANs dynamically when a RADIUS assigned VLAN does not exist in the switch. Format no dot1x dynamic-vlan enable Mode Global Config dot1x system-auth-control monitor Use this command to enable the 802.1X monitor mode on the switch. The purpose of Monitor mode is to help troubleshoot port-based authentication configuration issues without disrupting network access for hosts connected to the switch. In Monitor mode, a host is granted network access to an 802.1X-enabled port even if it fails the authentication process. The results of the process are logged for diagnostic purposes. Format dot1x system-auth-control monitor Mode Global Config Default Disabled no dot1x system-auth-control monitor Use this command to disable the 802.1X monitor on the switch. Format no dot1x system-auth-control monitor Mode Global Config show dot1x authentication-history This command displays 802.1X authentication events and information during successful and unsuccessful Dot1x authentication process for all interfaces or the specified interface. Use the optional keywords to display only failure authentication events in summary or in detail. Format show dot1x authentication-history {unit/slot/port | all} [failedauth-only] [detail] Mode Privileged EXEC Switching Commands 103 ProSafe Managed Switch Term Definition Time Stamp The exact time at which the event occurs. Interface Physical Port on which the event occurs. Mac-Address The supplicant/client MAC address. VLAN assigned The VLAN assigned to the client/port on authentication. VLAN assigned The type of VLAN ID assigned, which can be Guest VLAN, Unauth, Default, RADIUS Reason Assigned, or Monitor Mode VLAN ID. Auth Status The authentication status. Reason The actual reason behind the successful or failed authentication. show authentication methods This command displays information about the authentication methods. Format show authentication methods Mode Privileged EXEC The following is an example of this command: Login Authentication Method Lists ________________________________ Console_Default: None Network_Default:Local Enable Authentication Lists _____________________ Console_Default: Enable None Network_Default:Enable Line Login Method List Enable Method Lists _____________________ Console Console_Default Console_Default Telnet Network_Default Network_Default SSH Network_Default Network_Default http : Local https : Local dot1x : show dot1x This command is used to show a summary of the global dot1x configuration, summary information of the dot1x configuration for a specified port or all ports, the detailed dot1x Switching Commands 104 ProSafe Managed Switch configuration for a specified port and the dot1x statistics for a specified port - depending on the tokens used. Format show dot1x [{summary { | all} | detail | statistics ] Mode Privileged EXEC If you do not use the optional parameters or , the command displays the global dot1x mode, the VLAN Assignment mode, and the Dynamic VLAN Creation mode. Term Definition Administrative Mode Indicates whether authentication control on the switch is enabled or disabled. VLAN Assignment Mode Indicates whether assignment of an authorized port to a RADIUS assigned VLAN is allowed (enabled) or not (disabled). Dynamic VLAN Creation Mode Indicates whether the switch can dynamically create a RADIUS-assigned VLAN if it does not currently exist on the switch. Monitor Mode Indicates whether the Dot1x Monitor mode on the switch is enabled or disabled. If you use the optional parameter summary { | all}, the dot1x configuration for the specified port or all ports are displayed. Term Definition Interface The interface whose configuration is displayed. Control Mode The configured control mode for this port. Possible values are force-unauthorized | force-authorized | auto | mac-based | authorized | unauthorized. Operating Control Mode The control mode under which this port is operating. Possible values are authorized | unauthorized. Reauthenticatio Indicates whether re-authentication is enabled on this port. n Enabled Port Status Indicates whether the port is authorized or unauthorized. Possible values are authorized | unauthorized. If you use the optional parameter 'detail ', the detailed dot1x configuration for the specified port is displayed. Term Definition Port The interface whose configuration is displayed. Protocol Version The protocol version associated with this port. The only possible value is 1, corresponding to the first version of the dot1x specification. PAE Capabilities The port access entity (PAE) functionality of this port. Possible values are Authenticator or Supplicant. Switching Commands 105 ProSafe Managed Switch Term Definition Control Mode The configured control mode for this port. Possible values are force-unauthorized | force-authorized | auto | mac-based. Authenticator PAE State Current state of the authenticator PAE state machine. Possible values are Initialize, Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held, ForceAuthorized, and ForceUnauthorized. When MAC-based authentication is enabled on the port, this parameter is deprecated. Backend Authentication State Current state of the backend authentication state machine. Possible values are Request, Response, Success, Fail, Timeout, Idle, and Initialize. When MAC-based authentication is enabled on the port, this parameter is deprecated. Quiet Period The timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant. The value is expressed in seconds and will be in the range 0 and 65535. Transmit Period The timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The value is expressed in seconds and will be in the range of 1 and 65535. Guest-VLAN ID The guest VLAN identifier configured on the interface. Guest VLAN Period The time in seconds for which the authenticator waits before authorizing and placing the port in the Guest VLAN, if no EAPOL packets are detected on that port. Supplicant Timeout The timer used by the authenticator state machine on this port to timeout the supplicant. The value is expressed in seconds and will be in the range of 1 and 65535. Server Timeout The timer used by the authenticator on this port to timeout the authentication server. The value is expressed in seconds and will be in the range of 1 and 65535. Maximum Requests The maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request/Identity before timing out the supplicant. The value will be in the range of 1 and 10. VLAN Id The VLAN assigned to the port by the radius server. This is only valid when the port control mode is not Mac-based. VLAN Assigned Reason The reason the VLAN identified in the VLAN Idfield has been assigned to the port. Possible values are RADIUS, Unauthenticated VLAN, Guest VLAN, default, and Not Assigned. When the VLAN Assigned Reason is ‘Not Assigned’, it means that the port has not been assigned to any VLAN by dot1x. This only valid when the port control mode is not MAC-based. Reauthentication The timer used by the authenticator state machine on this port to determine when Period reauthentication of the supplicant takes place. The value is expressed in seconds and will be in the range of 1 and 65535. Reauthentication Indicates if reauthentication is enabled on this port. Possible values are ‘True” or Enabled “False”. Key Transmission Enabled Indicates if the key is transmitted to the supplicant for the specified port. Possible values are True or False. Control Direction The control direction for the specified port or ports. Possible values are both or in. Switching Commands 106 ProSafe Managed Switch Term Definition Maximum Users The maximum number of clients that can get authenticated on the port in the MAC-based dot1x authentication mode. This value is used only when the port control mode is not MAC-based. Unauthenticated Indicates the unauthenticated VLAN configured for this port. This value is valid for the VLAN ID port only when the port control mode is not MAC-based. Session Timeout Indicates the time for which the given session is valid. The time period in seconds is returned by the RADIUS server on authentication of the port. This value is valid for the port only when the port control mode is not MAC-based. Session Termination Action This value indicates the action to be taken once the session timeout expires. Possible values are Default, Radius-Request. If the value is Default, the session is terminated the port goes into unauthorized state. If the value is Radius-Request, then a reauthentication of the client authenticated on the port is performed. This value is valid for the port only when the port control mode is not MAC-based. The show dot1x detail command will display the following MAC-based dot1x fields if the port-control mode for that specific port is MAC-based. For each client authenticated on the port, the show dot1x detail command will display the following MAC-based dot1x parameters if the port-control mode for that specific port is MAC-based. Term Definition Supplicant MAC-Address The MAC-address of the supplicant. Authenticator PAE State Current state of the authenticator PAE state machine. Possible values are Initialize, Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held, ForceAuthorized, and ForceUnauthorized. Backend Authentication State Current state of the backend authentication state machine. Possible values are Request, Response, Success, Fail, Timeout, Idle, and Initialize. VLAN-Assigned The VLAN assigned to the client by the radius server. Logical Port The logical port number associated with the client. If you use the optional parameter statistics , the following dot1x statistics for the specified port appear. Term Definition Port The interface whose statistics are displayed. EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this authenticator. EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this authenticator. EAPOL Start Frames Received The number of EAPOL start frames that have been received by this authenticator. Switching Commands 107 ProSafe Managed Switch Term Definition EAPOL Logoff Frames Received The number of EAPOL logoff frames that have been received by this authenticator. Last EAPOL Frame Version The protocol version number carried in the most recently received EAPOL frame. Last EAPOL Frame Source The source MAC address carried in the most recently received EAPOL frame. EAP Response/Id Frames Received The number of EAP response/identity frames that have been received by this authenticator. EAP Response Frames Received The number of valid EAP response frames (other than resp/id frames) that have been received by this authenticator. EAP Request/Id The number of EAP request/identity frames that have been transmitted by this Frames authenticator. Transmitted EAP Request Frames Transmitted The number of EAP request frames (other than request/identity frames) that have been transmitted by this authenticator. Invalid EAPOL Frames Received The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized. EAP Length Error Frames Received The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized. show dot1x clients This command displays 802.1x client information. This command also displays information about the number of clients that are authenticated using Monitor mode and using 802.1X. Format show dot1x clients { | all} Mode Privileged EXEC Term Definition Clients Authenticated using Monitor Mode Indicates the number of the Dot1x clients authenticated using Monitor mode. Clients Authenticated using Dot1x Indicates the number of Dot1x clients authenticated using 802.1x authentication process. Logical Interface The logical port number associated with a client. Interface The physical port to which the supplicant is associated. Switching Commands 108 ProSafe Managed Switch Term Definition User Name The user name used by the client to authenticate to the server. Supplicant MAC The supplicant device MAC address. Address Session Time The time since the supplicant is logged on. Filter ID Identifies the Filter ID returned by the RADIUS server when the client was authenticated. This is a configured DiffServ policy name on the switch. VLAN ID The VLAN assigned to the port. VLAN Assigned The reason the VLAN identified in the VLAN ID field has been assigned to the port. Possible values are RADIUS, Unauthenticated VLAN, or Default. When the VLAN Assigned reason is Default, it means that the VLAN was assigned to the port because the PVID of the port was that VLAN ID. Session Timeout This value indicates the time for which the given session is valid. The time period in seconds is returned by the RADIUS server on authentication of the port. This value is valid for the port only when the port-control mode is not MAC-based. Session Termination Action This value indicates the action to be taken once the session timeout expires. Possible values are Default and Radius-Request. If the value is Default, the session is terminated and client details are cleared. If the value is Radius-Request, then a reauthentication of the client is performed. show dot1x users This command displays 802.1x port security user information for locally configured users. Format show dot1x users Mode Privileged EXEC Term Definition Users Users configured locally to have access to the specified port. 802.1X Supplicant Commands 802.1X (“dot1x”) supplicant functionality is on point-to-point ports. The administrator can configure the user name and password used in authentication and capabilities of the supplicant port. Switching Commands 109 ProSafe Managed Switch dot1x pae Use this command to set the port’s dot1x role. The port can serve as either a supplicant or an authenticator. Format dot1x pae {supplicant | authenticator} Mode Interface Config dot1x supplicant port-control Use this command to set the ports authorization state (Authorized or Unauthorized) either manually or by setting the port to auto-authorize upon startup. By default all the ports are authenticators. If the port’s attribute needs to be moved from or , use this command. Format dot1x supplicant port-control {auto | force-authorized | force_unauthorized} Mode Interface Config Term Description auto The port is in the Unauthorized state until it presents its user name and password credentials to an authenticator. If the authenticator authorizes the port, then it is placed in the Authorized state. force-authorized Sets the authorization state of the port to Authorized, bypassing the authentication process. forceunauthorized Sets the authorization state of the port to Unauthorized, bypassing the authentication process. no dot1x supplicant port-control Use this command to set the port-control mode to the default, auto. Default Auto Format no dot1x supplicant port-control Mode Interface Config dot1x supplicant max-start Use this command to configure the number of attempts that the supplicant makes to find the authenticator before the supplicant assumes that there is no authenticator. Default 3 Format dot1x supplicant max-start <1-10> Mode Interface Config Switching Commands 110 ProSafe Managed Switch no dot1x supplicant max-start Use this command to set the max-start value to the default. Format no dot1x supplicant max-start Mode Interface Config dot1x supplicant timeout start-period Use this command to configure the start period timer interval to wait for the EAP identity request from the authenticator. Default 30 seconds Format dot1x supplicant timeout start-period <1-65535 seconds> Mode Interface Config no dot1x supplicant timeout start-period Use this command to set the start-period value to the default. Format no dot1x supplicant timeout start-period Mode Interface Config dot1x supplicant timeout held-period Use this command to configure the held period timer interval to wait for the next authentication on previous authentication fail. Default 30 seconds Format dot1x supplicant timeout held-period <1-65535 seconds> Mode Interface Config no dot1x supplicant timeout held-period Use this command to set the held-period value to the default value. Format no dot1x supplicant timeout held-period Mode Interface Config Switching Commands 111 ProSafe Managed Switch dot1x supplicant timeout auth-period Use this command to configure the authentication period timer interval to wait for the next EAP request challenge from the authenticator. Default 30 seconds Format dot1x supplicant timeout auth-period <1-65535 seconds> Mode Interface Config no dot1x supplicant timeout auth-period Use this command to set the auth-period value to the default value. Format no dot1x supplicant timeout auth-period Mode Interface Config dot1x supplicant user Use this command to map the given user to the port. Format dot1x supplicant user Mode Interface Config Storm-Control Commands This section describes commands you use to configure storm-control and view storm-control configuration information. A traffic storm is a condition that occurs when incoming packets flood the LAN, which creates performance degradation in the network. The Storm-Control feature protects against this condition. The 7000 series provides broadcast, multicast, and unicast story recovery for individual interfaces. Unicast Storm-Control protects against traffic whose MAC addresses are not known by the system. For broadcast, multicast, and unicast storm-control, if the rate of traffic ingressing on an interface increases beyond the configured threshold for that type, the traffic is dropped. To configure storm-control, you will enable the feature for all interfaces or for individual interfaces, and you will set the threshold (storm-control level) beyond which the broadcast, multicast, or unicast traffic will be dropped. The Storm-Control feature allows you to limit the rate of specific types of packets through the switch on a per-port, per-type, basis. Configuring a storm-control level also enables that form of storm-control. Disabling a storm-control level (using the “no” version of the command) sets the storm-control level back to the default value and disables that form of storm-control. Using the “no” version of the “storm-control” command (not stating a “level”) disables that form of storm-control but Switching Commands 112 ProSafe Managed Switch maintains the configured “level” (to be active the next time that form of storm-control is enabled.) Note: The actual rate of ingress traffic required to activate storm-control is based on the size of incoming packets and the hard-coded average packet size of 512 bytes - used to calculate a packet-per-second (pps) rate - as the forwarding-plane requires pps versus an absolute rate kbps. For example, if the configured limit is 10%, this is converted to ~25000 pps, and this pps limit is set in forwarding plane (hardware). You get the approximate desired output when 512bytes packets are used. storm-control broadcast Use this command to enable broadcast storm recovery mode for a specific interface. If the mode is enabled, broadcast storm recovery is active and, if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold. Default enabled Format storm-control broadcast Mode Interface Config no storm-control broadcast Use this command to disable broadcast storm recovery mode for a specific interface. Format no storm-control broadcast Mode Interface Config storm-control broadcast level Use this command to configure the broadcast storm recovery threshold for an interface as a percentage of link speed and enable broadcast storm recovery. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the configured threshold. Default 5 Format storm-control broadcast level <0-100> Mode Interface Config Switching Commands 113 ProSafe Managed Switch no storm-control broadcast level This command sets the broadcast storm recovery threshold to the default value for an interface and disables broadcast storm recovery. Format no storm-control broadcast level Mode Interface Config storm-control broadcast rate Use this command to configure the broadcast storm recovery threshold for an interface in packets per second. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the configured threshold. Default 0 Format storm-control broadcast rate <0-14880000> Mode Interface Config no storm-control broadcast rate This command sets the broadcast storm recovery threshold to the default value for an interface and disables broadcast storm recovery. Format no storm-control broadcast rate Mode Interface Config storm-control broadcast (Global) This command enables broadcast storm recovery mode for all interfaces. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold. Default disabled Format storm-control broadcast Mode Global Config no storm-control broadcast This command disables broadcast storm recovery mode for all interfaces. Format no storm-control broadcast Mode Global Config Switching Commands 114 ProSafe Managed Switch storm-control broadcast level (Global) This command configures the broadcast storm recovery threshold for all interfaces as a percentage of link speed and enables broadcast storm recovery. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold. This command also enables broadcast storm recovery mode for all interfaces. Default 5 Format storm-control broadcast level <0-100> Mode Global Config no storm-control broadcast level This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery. Format no storm-control broadcast level Mode Global Config storm-control broadcast rate (Global) Use this command to configure the broadcast storm recovery threshold for all interfaces in packets per second. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the configured threshold. Default 0 Format storm-control broadcast rate <0-14880000> Mode Global Config no storm-control broadcast rate This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery. Format no storm-control broadcast rate Mode Global Config storm-control multicast This command enables multicast storm recovery mode for an interface. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on Switching Commands 115 ProSafe Managed Switch an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold. Default disabled Format storm-control multicast Mode Interface Config no storm-control multicast This command disables multicast storm recovery mode for an interface. Format no storm-control multicast Mode Interface Config storm-control multicast level This command configures the multicast storm recovery threshold for an interface as a percentage of link speed and enables multicast storm recovery mode. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold. Default 5 Format storm-control multicast level <0-100> Mode Interface Config no storm-control multicast level This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast storm recovery. Format no storm-control multicast level <0-100> Mode Interface Config storm-control multicast rate Use this command to configure the multicast storm recovery threshold for an interface in packets per second. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of multicast traffic is limited to the configured threshold. Default 0 Switching Commands 116 ProSafe Managed Switch Format storm-control multicast rate <0-14880000> Mode Interface Config no storm-control multicast rate This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast storm recovery. Format no storm-control multicast rate Mode Interface Config storm-control multicast (Global) This command enables multicast storm recovery mode for all interfaces. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold. Default disabled Format storm-control multicast Mode Global Config no storm-control multicast This command disables multicast storm recovery mode for all interfaces. Format no storm-control multicast Mode Global Config storm-control multicast level (Global) This command configures the multicast storm recovery threshold for all interfaces as a percentage of link speed and enables multicast storm recovery mode. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold. Default 5 Format storm-control multicast level <0-100> Mode Global Config Switching Commands 117 ProSafe Managed Switch no storm-control multicast level This command sets the multicast storm recovery threshold to the default value for all interfaces and disables multicast storm recovery. Format no storm-control multicast level Mode Global Config storm-control multicast rate (Global) Use this command to configure the multicast storm recovery threshold for all interfaces in packets per second. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of multicast traffic is limited to the configured threshold. Default 0 Format storm-control multicast rate <0-14880000> Mode Global Config no storm-control broadcast rate This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery. Format no storm-control broadcast rate Mode Global Config storm-control unicast This command enables unicast storm recovery mode for an interface. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold. Default disabled Format storm-control unicast Mode Interface Config Switching Commands 118 ProSafe Managed Switch no storm-control unicast This command disables unicast storm recovery mode for an interface. Format no storm-control unicast Mode Interface Config storm-control unicast level This command configures the unicast storm recovery threshold for an interface as a percentage of link speed, and enables unicast storm recovery. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold. This command also enables unicast storm recovery mode for an interface. Default 5 Format storm-control unicast level <0-100> Mode Interface Config no storm-control unicast level This command sets the unicast storm recovery threshold to the default value for an interface and disables unicast storm recovery. Format no storm-control unicast level Mode Interface Config storm-control unicast rate Use this command to configure the unicast storm recovery threshold for an interface in packets per second. If the mode is enabled, unicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of unicast traffic is limited to the configured threshold. Default 0 Format storm-control unicast rate <0-14880000> Mode Interface Config Switching Commands 119 ProSafe Managed Switch no storm-control unicast rate This command sets the unicast storm recovery threshold to the default value for an interface and disables unicast storm recovery. Format no storm-control unicast rate Mode Interface Config storm-control unicast (Global) This command enables unicast storm recovery mode for all interfaces. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold. Default disabled Format storm-control unicast Mode Global Config no storm-control unicast This command disables unicast storm recovery mode for all interfaces. Format no storm-control unicast Mode Global Config storm-control unicast level (Global) This command configures the unicast storm recovery threshold for all interfaces as a percentage of link speed, and enables unicast storm recovery. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold. Default 5 Format storm-control unicast level <0-100> Mode Global Config Switching Commands 120 ProSafe Managed Switch no storm-control unicast level This command sets the unicast storm recovery threshold to the default value and disables unicast storm recovery for all interfaces. Format no storm-control unicast level Mode Global Config storm-control unicast rate (Global) Use this command to configure the unicast storm recovery threshold for all interfaces in packets per second. If the mode is enabled, unicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of unicast traffic is limited to the configured threshold. Default 0 Format storm-control unicast rate <0-14880000> Mode Global Config no storm-control unicast rate This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast storm recovery. Format no storm-control unicast rate Mode Global Config show storm-control This command displays switch configuration information. If you do not use any of the optional parameters, this command displays global storm control configuration parameters: • Broadcast Storm Control Mode may be enabled or disabled. The factory default is disabled. • Broadcast Storm Control Level The broadcast storm control level. The factory default is 5%. • Multicast Storm Control Mode may be enabled or disabled. The factory default is disabled. • Multicast Storm Control Level The multicast storm control level. The factory default is 5%. • Unicast Storm Control Mode may be enabled or disabled. The factory default is disabled. • Unicast Storm Control Level The unicast storm control level. The factory default is 5%. Switching Commands 121 ProSafe Managed Switch Use the all keyword to display the per-port configuration parameters for all interfaces, or specify the unit/slot/port to display information about a specific interface. Format show storm-control [all | ] Mode Privileged EXEC Term Definition Bcast Mode Shows whether the broadcast storm control mode is enabled or disabled. The factory default is disabled. Bcast Level The broadcast storm control level. Mcast Mode Shows whether the multicast storm control mode is enabled or disabled. Mcast Level The multicast storm control level. Ucast Mode Shows whether the Unknown Unicast or DLF (Destination Lookup Failure) storm control mode is enabled or disabled. Ucast Level The Unknown Unicast or DLF (Destination Lookup Failure) storm control level. Flow Control Commands In 802.3x flow control, the MAC control PAUSE operation is specified in IEEE 802.3 Annex 31 B. It allows traffic from one device to be throttled for a specified period of time and is defined for devices that are directly connected. A device that needs to inhibit transmission of data frames from another device on the LAN transmits a PAUSE frame as defined in the IEEE specification. This feature allows the user to configure the switch to use symmetric, asymmetric, or no flow control. Asymmetric flow control allows the switch to respond to received PAUSE frames, but the port cannot generate PAUSE frames. Symmetric flow control allows the switch to both respond to and generate MAC control PAUSE frames. flowcontrol {symmetric|asymmetric} Use this command to enable or disable the symmetric or asymmetric flow control on the switch. Use the no form of command to disable the symmetric or asymmetric flow control. Asymmetric here means that Tx Pause can never be enabled. Only Rx Pause can be enabled. Default Disabled Format flowcontrol {symmetric|asymmetric} Mode • Global Config • Interface Config Switching Commands 122 ProSafe Managed Switch no flowcontrol Format no flowcontrol Mode • Global Config • Interface Config show flowcontrol Use this command to display the IEEE 802.3 Annex 31B flow control settings and status for a specific interface or all interfaces. It also displays 802.3 Tx and Rx pause counts. Priority Flow Control frames counts are not displayed. If the port is enabled for priority flow control, operational flow control status is displayed as “Inactive”. Operational flow control status for stacking ports is always displayed as “N/A”. Format show flowcontrol [unit/slot/port] Mode Privileged Exec Examples: (switch)#show flowcontrol Admin Flow Control: Symmetric Port -----0/1 0/2 Flow Control Oper -----------Active Inactive RxPause TxPause -------310 0 --------611 0 (switch)#show flowcontrol interface 0/1 Admin Flow Control: Symmetric Port --------0/1 Flow Control Oper ------Active RxPause TxPause -------310 ------611 Port-Channel/LAG (802.3ad) Commands This section describes the commands you use to configure port-channels, which are also known as link aggregation groups (LAGs). Link aggregation allows you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing. The LAG feature initially load shares traffic based upon the source and destination MAC address.Assign the port-channel (LAG) VLAN membership after you create a port-channel. If you do not assign VLAN membership, the port-channel might become a member of the management VLAN which can result in learning and switching issues. Switching Commands 123 ProSafe Managed Switch A port-channel (LAG) interface can be either static or dynamic, but not both. All members of a port channel must participate in the same protocols.) A static port-channel interface does not require a partner system to be able to aggregate its member ports. Note: If you configure the maximum number of dynamic port-channels (LAGs) that your platform supports, additional port-channels that you configure are automatically static. addport This command adds one port to the port-channel (LAG). The interface is a logical unit/slot/port number or a group ID of a configured port-channel. Note: Before adding a port to a port-channel, set the physical mode of the port. For more information, see speed on page 42. Format addport { |lag } Mode Interface Config deleteport (Interface Config) This command deletes the port from the port-channel (LAG). The interface is a logical unit/slot/port number or a group ID of a configured port-channel. Format deleteport {